MailgentMailgent
Get API Key

Give your AI agent

Identity infrastructure for AI agents.
One API, every capability.

Get API KeyRead Docs
The problem[ 1 / 6 ]

Today, agents operate with borrowed identities and hardcoded secrets.

01

No email

Agents use your Gmail or dump messages to a queue. No real address, no threading, no DKIM.

02

No credentials

API keys in .env files. No rotation, no 2FA, no vault. One leaked key breaks everything.

03

No accountability

No delegation chain. No way to trace an agent's action back to the human who authorized it.

The identity stackHuman → Agent

Agents are the new users.
They need identity.

Humans need an email address, a password manager, and a phone for 2FA to do anything meaningful on the internet. AI agents need the same primitives — plus delegation chains and audit trails that trace every action back to the human who authorized it.

Why agents need identity

Human

Email address
Password manager
Phone for 2FA

Agent (Mailgent)

Inbox — DKIM-signed email
Vault — AES-256-GCM encrypted
TOTP — 2FA code generation
Delegation chain
Audit trail on every action
What you get[ 2 / 6 ]

One identity. Six capabilities.

Each identity is a hub — attach the capabilities your agent needs.

Inbox

agent@mailgent.dev

Real email. Send, receive, thread. DKIM-signed outbound. extractedText strips quoted replies for your LLM.

Learn more →

Vault

vault.store({ ... })

Encrypted credential storage. API keys, OAuth tokens, passwords. AES-256-GCM. Scoped per identity, audit-logged.

Learn more →

TOTP

totp.generate("2fa")

Generate 2FA codes from stored seeds. Combined with inbox for email 2FA, your agent handles any auth flow alone.

Learn more →

Voice · soon

Phone calls & SMS

Pay · soon

Payments & wallets

Social · soon

Social accounts

Messaging · soon

WhatsApp, Telegram

Use casesReal-world

What agents build with Mailgent.

Every use case combines email, vault, and 2FA — the full identity stack.

Customer Onboarding

Agent signs up on platforms, verifies email, stores credentials, and confirms setup — fully autonomous.

EmailVaultTOTP

Meeting Scheduling

Agent reads incoming requests, checks availability, sends calendar invites, and follows up with confirmations.

Email

Document Processing

Agent receives documents via email, logs into processing platforms, uploads files, and sends results back.

EmailVaultTOTP

Payment Link Delivery

Agent generates Stripe payment links using stored API keys and emails them directly to clients.

EmailVault

Compliance Monitoring

Agent tracks regulatory deadlines, logs into portals to check status, and alerts before anything lapses.

EmailVaultTOTP

Sales Follow-ups

Agent sends timely, personalized follow-ups from its own inbox so warm leads never slip through the cracks.

Email
ComplianceRegulated verticals

AI agents in regulated industries
need provable identity.

FINRA fined 16 firms $1.1B for communication attribution failures. HIPAA mandates unique identification for every system touching patient data. CMMC blocks DoD contracts without it. The pattern is the same everywhere: if an AI agent acts, someone needs to prove who authorized it.

Finance

FINRA · SEC · SOX

Healthcare

HIPAA · Part 11

Legal

FRCP · FRE 502

Defense

CMMC · NIST 800-171

Insurance

UCSPA · RESPA

See how Mailgent satisfies each regulation
How it works[ 3 / 6 ]

Three steps. Two minutes.

Click each step to see the code.

create-identity.ts
const API = "https://api.mailgent.dev/v0"

// Create an agent identity via the console API
const res = await fetch(`${API}/identities`, {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.MAILGENT_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    name: "Sales Agent",
    emailName: "sales",
    scopes: ["mail:read", "mail:send", "vault:read"],
  }),
})

const { identityId, emailAddress, rawKey } = await res.json()
// identityId:    "id-f3875dadcb174bb2"
// emailAddress:  "sales-x8k2m@mailgent.dev"
// rawKey:        "mgent-..." (shown once, save it!)
MCP NativeBuilt-in

Native MCP server.
Connect any AI client.

Mailgent ships a built-in MCP server with mail.* namespaced tools. Connect Claude Desktop, Cursor, Claude Code, or any MCP-compatible client directly to your agent's capabilities.

Claude DesktopCursorClaude CodeWindsurfAny MCP Client
{
  "mcpServers": {
    "mailgent": {
      "url": "https://api.mailgent.dev/mcp",
      "headers": {
        "MAILGENT_API_KEY": "mgent-your-api-key"
      }
    }
  }
}
15 MCP Tools Available
mail.whoamiGet agent identity info
mail.sendSend email from agent's address
mail.replyReply in existing thread
mail.list_messagesList inbox with filters
mail.get_messageRead a specific email
mail.list_threadsList conversation threads
mail.get_threadGet full thread with messages
mail.update_labelsMark read/unread, add labels
mail.delete_messageDelete a message
mail.delete_threadDelete a thread and its messages
vault.listList stored credentials
vault.getRetrieve a decrypted credential
vault.storeStore encrypted credential
vault.totpGenerate current 2FA code
vault.deleteDelete a credential
Delegation chain[ 4 / 6 ]

Every action traces back
to the human who authorized it.

Human > Org > Agent > Action. Cryptographically verifiable via DKIM. Revoke the human and every agent stops. No orphaned access. No cleanup scripts.

delegation-chain.txt
Human (ops@novaworks.io)
  └─ Org (novaworks)
      └─ Identity (sales-agent-x8k2m)
          └─ Action (email sent, credential accessed, TOTP generated)

Every outbound email carries this chain in DKIM headers.
Every credential access logs it in the audit trail.

Revoke the human?    → Org loses authorization.
Revoke the org?      → All identities shut off.
Revoke the identity? → All capabilities stop.

DKIM-signed identity

Every outbound email is DKIM-signed with agent identity headers. Recipients and regulators can cryptographically verify who sent it.

Instant revocation

Revoke a human, org, or identity — everything downstream stops instantly. No dangling credentials, no orphaned access.

Built on 40-year-old standards

DKIM, SPF, DMARC, OAuth 2.1, MCP. No proprietary protocol. Email's global PKI is already deployed everywhere.

Compliance-ready audit trails

Every email, credential access, and TOTP code is logged with identity, timestamp, and delegation context. The trail regulators ask for.

Integrations[ 5 / 6 ]

Works with every framework.

REST API + native MCP server. Framework-agnostic by design.

LangChain
CrewAI
AutoGen
OpenAI Agents
Claude MCP
Vercel AI SDK
LlamaIndex
Haystack
Cursor
Claude Desktop
n8n
Make
Get started[ 6 / 6 ]

30 seconds to
first email.

Create an identity. Send your first email. No credit card.

Get API KeyQuickstart
getting-started.sh
# 1. Sign up at console.mailgent.dev and get your API key

# 2. Create your first identity
curl -X POST https://api.mailgent.dev/v0/identities \
  -H "Authorization: Bearer mgent-YOUR-KEY" \
  -d '{"name": "My Agent", "emailName": "agent"}'

# 3. Send your first email
curl -X POST https://api.mailgent.dev/v0/inboxes/agent-xxxxx@mailgent.dev/messages/send \
  -H "Authorization: Bearer mgent-YOUR-KEY" \
  -d '{"to": ["hello@world.com"], "subject": "Hello!", "text": "It works!"}'

# ✓ Done. Your agent has an identity.