PMail

If you need a simple way to make your applications talk to you, emails are the way to go. Every software nowadays at least offers you the option to send emails to you if something important or strange happens.


this should be an image

Login view of the admin interface

I thought it would be very handy if you could give any sort of application, no matter if it is a simple script or a full blown enterprise software, the ability to send (or read) emails .

PMail does offer that by providing an easy to use API that can be utilized via simple HTTP requests. The only entry barrier is the ability to send (one or more) HTTP request(s) from your software (which almost all programming languages support from the get go).

Main features/components

There are several (this is a comprehensive overview)

Admin panel

this should be an image

It ain't much but it's honest work

The admin panel is the easiest way to see what happens on the application. It offers:

  • A log: Logs all actions done in the panel and all failed requests.
  • Account management: Create, edit or delete accounts.
  • Footer creation: Create, edit or delete footers, which can be used when sending emails.
this should be an image

Form for creating a new user

The requirements for PMail to work are the login credentials for a SMTP and an IMAP Server (both should be from the same email provider). This makes PMail very similar to email clients like Outlook, Thunderbird or mailbird. The only difference is, that PMail will give you an API key after the setup process of your email account.

A small excourse about security

After providing your email account details, PMail will:

  1. Create a user-id (the first part of the API key ; not encrypted)
  2. Create the the API key itself (not encrypted)
  3. Symmetrical encrypt the provided email account details with the API key and save it into the database
  4. Asymmetrical encrypt the API key itself and save it into the database
  5. Provide the unencrypted API key to the user

After the account creation is finished the user can authenticate against the API. That works like this:

  1. The user provides the unencrypted API key in the request
  2. The user-id will be extracted from the API key and the hashed API key will be looked up in the database
  3. The unencrypted API key gets checked against the encrypted API key in the database
  4. If both keys are identical, the email account details will get unencrypted temporarily and used for the requested action

This way, PMail guarantees, that every attack vector on the application level is avoided:

  • The API keys inside the database are useless because they are encrypted (you can't use the keys of other users)
  • The database itself is secure, because it only contains encrypted data
  • The unencrypted API key the user holds is useless without the database
  • Because every user has a unique API key, they can't access the accounts and data of other users

Sending an email

For sending an email, you only need to provide a JSON object inside your HTTP-POST-request: 

{
    "apikey" : "N7A8UDJNHdNEQgs9hfsgxnuiuC2eDuAkhat7cxJ4GYbNl5lRdh",
    "apimode": "sendmail",

    "recipients": ["john.doe@domain.com","jane.doe@domain.com"],
    "subject"   : "A very important message about your booked flight",
    "body"      : "This is a automatically created email. For more details see the attachments.\n\nKind regards",
    "ishtml"    : false,

    "cc" : [],
    "bcc": ["accountant@travelagency.com"],
    "attachments": [
        {
            "name"     :"caribbean_beach.png",
            "content"  : "__base64-String__",
            "mime_type": "image/png"
        },
        {
            "name"     :"offer_tickets.pdf",
            "content"  : "__base64-String__",
            "mime_type": "application/pdf"
        }
    ],
    "footer": "Name of a footer from the PMail databasase",
    "encryption": "ssl"
}

This is everything you need. The API will give a status code on completion that shows the success/failure of your inquiry.

The newest feature I am very proud of is the ability to send any number of any kind of attachments from within the request.

Reading an email

Again, for reading an email, you only need to provide a JSON object inside your HTTP-POST-request: 

{
    "apikey" : "N7A8UDJNHdNEQgs9hfsgxnuiuC2eDuAkhat7cxJ4GYbNl5lRdh",
    "apimode": "readmail",

    "method": {
        "name"      : "getMessageBody",
        "parameter" : 42,
        "folderpath": "unknown/probably spam"
    },

    "connection": {
        "secure_password": true,
        "encryption": "tls"
    }
}

Again, this is everything you need. The API will give a status code on completion that shows the success/failure of your inquiry.

This time the attribute method defines, what kind of action you want to do. There are a lot of methods available, including reading every attribute of an email (like subject, attachments etc.), deleting emails and finding emails (by date, sender, subject etc.). That gives the users of the API a wide range of possibilities: From creating completely automated procedures to manage their inboxes to simply wait for a specific message.

Live Demo // Source code

There isn't really a possibility to give access to a live demo, because you would need an API key of your own and the admin dashboard is not publicly available (for obvious reasons ).

 View on GitHub