REST over HTTPS, JSON request/response. Tokens are workspace-scoped and behave the same as a logged-in session. Issue and revoke them at app.reachlysend.com/settings.
Pass an Authorization: Bearer <token> header on every request.
Workspace-scoped endpoints also need X-Workspace-Id: wsp_….
Base URL: https://api.reachlysend.com
curl https://api.reachlysend.com/api/tests \ -H "Authorization: Bearer rls_live_xxxxxxxxxxxx" \ -H "X-Workspace-Id: wsp_xxxxxxxxxxxx"
List tests (most recent first). Query: limit (1–100, default 50), offset.
Full report — analyzer findings, category scores, placement results, delivery timeline, raw headers.
Returns the parsed body, attachments, and embedded image/tracking-pixel inventory.
Re-runs the analyzer against the stored .eml. Useful while iterating on rules; no fresh send needed.
Streams every test for the workspace as CSV. Columns:
id, received_at, from, subject, status, composite, inbox_rate, spam_rate, promo_rate, spf, dkim, dmarc.
Capped at 5,000 rows. Set ?limit=N to lower.
Sends a sample message through AWS SES to the workspace's active seed inbox. Cloudflare Email Routing receives it and the analyzer runs end to end — useful for smoke-testing the pipeline without hooking up a real ESP.
curl -X POST https://api.reachlysend.com/api/tests/send-test \
-H "Authorization: Bearer rls_live_xxx" \
-H "X-Workspace-Id: wsp_xxx" \
-H "Content-Type: application/json" \
-d '{"subject":"My sample","from":"[email protected]"}'
Returns the same KPIs and trend slices used by the in-app dashboard: deliverability score, inbox/spam/promo rates, recent tests, top issues of the week.
List monitored domains and the latest SPF/DKIM/DMARC/BIMI verdicts.
Body: { domain, dkimSelector? }. Adds a domain to the hourly cron sweep.
Force-recheck on demand (rate-limited).
Slack, Discord, or generic JSON webhooks for three events:
domain.drift, test.low_score, email.bounce_complaint.
{
"label": "#deliverability",
"url": "https://hooks.slack.com/services/...",
"kind": "slack",
"events": ["domain.drift", "test.low_score"],
"thresholdScore": 60
}
Fires a one-off test ping at the configured URL.
Returns all supported providers and which the workspace has connected.
Returns the OAuth authorization URL. Open in a browser; the callback finishes the connection.
Errors return JSON: { "error": "<code>" } with an HTTP status. Common codes:
missing_token · 401 — supply Authorization headerforbidden · 403 — token isn't a member of the workspacenot_found · 404plan_limit · 402 — you've hit a tier ceilinginvalid_email, missing_name, invalid_url · 400billing_not_configured · 503 — Stripe key not set on the APIAuth endpoints are rate-limited to 30 requests / 60 seconds per IP. Other endpoints inherit Cloudflare's per-Worker default; we don't apply additional throttling, but keep concurrency reasonable.