Use case · AI agents

Give your agent a real email inbox.

Modern agents need to sign up for services, confirm accounts, and handle email-based workflows. catchotp exposes inboxes as a first-class MCP tool — structured JSON in, real-time waiters out.

Start free View pricing

MCP-native
Works with Claude, OpenAI, LangGraph
Per-agent isolation

The problem agents hit at email

The first non-trivial task an autonomous agent runs into is account creation. Almost every useful service on the internet requires an email address, then sends a verification code or magic link, then refuses to proceed until that flow is closed. Without a programmable receive-side, the agent is stuck — it cannot create the account it needs to do the work it was given.

Existing options are uncomfortable. Disposable-inbox sites have no API and are aggressively blocked. Wiring the agent into your personal Gmail via OAuth gives it your real inbox and an alarming blast radius. Self-hosting an SMTP catcher is a week of work for what should be a tool call.

Anthropic's Model Context Protocol made this a first-class category: agent tools defined once and reusable across every MCP-aware host. catchotp is built for that surface.

An MCP-native inbox

Drop-in MCP server

npx @catchotp/mcp runs a stdio MCP server that exposes the inbox API as agent-callable tools. Add it to Claude Code, Cursor, or any MCP host.

Structured JSON responses

Every message returns parsed text, HTML, headers, deduped links, and detected OTPs as structured JSON. No HTML parsing in the model.

Long-poll waiters

Agents can yield on wait_for_otp instead of busy-looping. The waiter resolves the moment the code lands.

Without catchotp vs with catchotp

Concern	Without catchotp	With catchotp
Account creation	Blocked at email step	One tool call
Blast radius	Personal Gmail	Per-task disposable inbox
Wait pattern	Polling loop in tokens	Single yield on long-poll
Body parsing	Model parses raw HTML	Structured JSON, OTP pre-extracted
Auditability	Implicit in transcripts	Audit log per inbox

A complete agent example

Three views of the same workflow: the MCP host configuration, the user prompt the agent will act on, and the bare-metal Anthropic SDK loop if you want to build it without MCP.

// Claude Desktop · ~/.config/claude/claude_desktop_config.json
{
  "mcpServers": {
    "catchotp": {
      "command": "npx",
      "args": ["-y", "@catchotp/mcp"],
      "env": {
        "CATCHOTP_API_KEY": "sk_live_..."
      }
    }
  }
}

// Inside an MCP-aware client (Claude Code, Cursor, etc.)
// The agent calls these tools directly — no glue code needed.

> Use catchotp to create an inbox, sign up for example.com, and read the verification code.

The agent will:
  1. call catchotp.create_inbox  →  { id, address: "abc123@inbox.catchotp.com" }
  2. drive the signup form with the address (via its browser/HTTP tool)
  3. call catchotp.wait_for_otp(inbox_id) →  { code: "493021" }
  4. submit the code and confirm verification

// agent.ts — a minimal email-aware agent loop
import Anthropic from '@anthropic-ai/sdk';
import { CatchOTP } from '@catchotp/sdk';

const ai = new Anthropic();
const otp = new CatchOTP({ apiKey: process.env.CATCHOTP_KEY! });

// Tools the model can call
const tools = [
  {
    name: 'create_inbox',
    description: 'Create a fresh email inbox. Returns { id, address }.',
    input_schema: { type: 'object', properties: {}, required: [] },
  },
  {
    name: 'wait_for_otp',
    description: 'Block until a one-time code arrives at the given inbox. Returns { code }.',
    input_schema: {
      type: 'object',
      properties: {
        inbox_id: { type: 'string' },
        timeout_seconds: { type: 'number', default: 60 },
      },
      required: ['inbox_id'],
    },
  },
];

const dispatch = {
  create_inbox: () => otp.inboxes.create({ mode: 'ephemeral', ttlMinutes: 30 }),
  wait_for_otp: ({ inbox_id, timeout_seconds }: any) =>
    otp.inboxes.waitForOtp(inbox_id, { timeoutSeconds: timeout_seconds ?? 60 }),
};

const messages: any[] = [
  { role: 'user', content: 'Sign up for example.com using a fresh inbox and verify the OTP.' },
];

// Standard agent loop
while (true) {
  const res = await ai.messages.create({
    model: 'claude-opus-4-5',
    max_tokens: 1024,
    tools,
    messages,
  });
  messages.push({ role: 'assistant', content: res.content });
  if (res.stop_reason !== 'tool_use') break;

  const toolResults = [];
  for (const block of res.content) {
    if (block.type !== 'tool_use') continue;
    const fn = (dispatch as any)[block.name];
    const result = await fn(block.input);
    toolResults.push({
      type: 'tool_result',
      tool_use_id: block.id,
      content: JSON.stringify(result),
    });
  }
  messages.push({ role: 'user', content: toolResults });
}

Same primitives, three integration paths. Pick whichever fits your stack.

AI agent email FAQ

What is MCP?

Model Context Protocol — an open standard from Anthropic for connecting LLMs to external tools and data. catchotp ships an MCP server that exposes its inbox API as a set of agent-callable tools. Drop it into Claude Desktop, Cursor, Claude Code, or any MCP host and the agent gains email superpowers without any glue code.

Do I have to use Anthropic models?

No. The MCP server works with any MCP-compatible host. The example above uses the Anthropic SDK because the loop is short, but the same tools are callable from OpenAI Agents SDK, LangGraph, or any framework that speaks JSON tool calls.

Is this safe? What stops an agent from reading other users' inboxes?

Each API key is scoped to its owning workspace; an agent can only see inboxes it created or was given access to. We recommend a per-agent or per-task key so a runaway agent has a tight blast radius. Pro and Team plans support per-key rate limits and IP allowlists.

How does this compare to giving the agent a Gmail OAuth token?

Gmail-via-OAuth gives the agent your real inbox — every personal email, every work conversation. catchotp gives the agent a clean, scoped, disposable inbox that exists only for the task at hand. Way smaller blast radius, and you can audit every action the agent took on it.

Can I use webhooks instead of waiters?

Yes. Pro and Team plans support webhooks per inbox or per workspace. For long-running agents, webhooks can be more economical than long-polling — the agent can suspend until the webhook fires.

Related use cases

Burner addresses

Programmable burner inboxes on a real domain — not on disposable-email blocklists.

OTP testing

Drop-in waiters for one-time codes in your existing test runner.

Read the SDK reference or jump straight to pricing.

Wire your agent into a real inbox.

The MCP server is one config block away. Free tier covers most agents.

Get free API key See pricing