Transcom Group MxGuard Help — Public API

Public API

MxGuard has a token-authenticated public REST API for scripts, integrations and automation.

Not yet generally available

The public API is built and ready but not yet activated for self-service signup. If you'd like early access — for a Plesk / cPanel extension, Zapier integration, MSP automation, or custom scripts — email api@mxguard.uk and we'll issue you a token directly.

What you can do

  • Manage domains — add, list, update, remove
  • Manage sender rules — per-domain allow/block lists
  • Read recent verdicts — filterable, paginated by time/domain/verdict
  • Manage quarantine — list, release, report-as-spam
  • Read account stats — messages scanned, quarantine rate, etc

How it works

# Verify your token + see account info
curl -H "Authorization: Bearer mxg_live_..."      https://app.mxguard.uk/api/v1/me

# List your domains
curl -H "Authorization: Bearer mxg_live_..."      https://app.mxguard.uk/api/v1/domains

# Add a new domain
curl -X POST -H "Authorization: Bearer mxg_live_..."      -H "Content-Type: application/json"      -d '{"domain":"example.com","real_mx_host":"mail.example.com"}'      https://app.mxguard.uk/api/v1/domains

Authentication

Every request needs an Authorization: Bearer <token> header. Tokens are issued to your customer account; one customer can have many tokens (one per integration). Tokens never expire automatically; you revoke them when you want.

Tokens look like mxg_live_X8kJ2pL9... (43 chars after the prefix). Treat them like passwords — don't commit to git, don't paste in chat.

Rate limits

  • 600 requests/hour per token
  • Burst: 60 requests/minute
  • HTTP 429 if exceeded, with Retry-After header
  • Every response includes X-RateLimit-Remaining + X-RateLimit-Reset headers

Higher limits available on request for legitimate use cases (MSP onboarding 100s of domains in one go etc).

Pricing

API access is included on every MxGuard plan at no extra cost. Use it, automate, build cool stuff.

OpenAPI / Swagger spec

When activated, the full machine-readable spec will be at https://app.mxguard.uk/api/v1/openapi.json and a Swagger UI at https://app.mxguard.uk/api/v1/docs.

Roadmap

  • v1 (current): domains, sender rules, verdicts, quarantine, stats
  • v2 (planned): webhooks (push notifications instead of polling), granular token scopes
  • v3 (future): bulk operations, customer management endpoints for MSP integrations

Get in touch

Want early access? Email api@mxguard.uk and tell us what you want to build.