SkillRepo
Sign InSign Up
Catalog
affaan-m/mailtrap-email-integration

affaan-m

mailtrap-email-integration

Guides agents through integrating transactional email sending via Mailtrap's Email API, including sandbox testing, domain verification, and API authentication. Use when implementing email-sending features, debugging delivery issues, or setting up safe dev/staging email testing.

global
New~939
v1.0Saved Jun 30, 2026

Mailtrap Email Integration

Patterns for adding transactional email sending to an application using Mailtrap's Email API and Sandbox, covering authentication, environment separation, and common delivery pitfalls.

When to Activate

  • Implementing a "send email" feature (signup confirmation, password reset, notifications, receipts)
  • Debugging why emails aren't arriving in dev/staging
  • Setting up a project's first email-sending integration
  • Reviewing code that calls an email API directly without sandbox separation

Core Concepts

Sandbox vs. Production separation. Mailtrap provides a Sandbox API that captures emails without delivering them, used for dev/staging so test emails never reach real inboxes. Production sending uses a separate, verified-domain endpoint. Never point a dev environment at the production sending endpoint.

Authentication. Requests use a Bearer token in the Authorization header. Tokens are scoped per project; sandbox and production typically use different tokens.

Domain verification. Production sending requires verifying a sending domain via DNS records (SPF, DKIM, DMARC) before Mailtrap will deliver to real recipients. Skipping this causes silent delivery failures or spam-folder placement.

Code Examples

// Sending via Mailtrap's Email API (production)
async function sendEmail(to: string, subject: string, html: string) {
  const response = await fetch("https://send.api.mailtrap.io/api/send", {
    method: "POST",
    headers: {
      "Authorization": `Bearer ${process.env.MAILTRAP_API_TOKEN}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      from: { email: "no-reply@yourverifieddomain.com", name: "Your App" },
      to: [{ email: to }],
      subject,
      html,
    }),
  });

  if (!response.ok) {
    throw new Error(`Email send failed: ${response.status}`);
  }
  return response.json();
}

// Same call, routed to Sandbox in non-production environments
const MAILTRAP_ENDPOINT = process.env.NODE_ENV === "production"
  ? "https://send.api.mailtrap.io/api/send"
  : `https://sandbox.api.mailtrap.io/api/send/${process.env.MAILTRAP_INBOX_ID}`;

Anti-Patterns

Anti-Pattern Why It's a Problem Instead
Using the production sending endpoint in dev/test Real test emails reach real inboxes, risking spam complaints and leaked test data Route non-production environments to the Sandbox endpoint
Hardcoding API tokens in source Credential leak risk if committed to version control Load tokens from environment variables / secrets manager
Sending before domain verification completes Emails silently fail or land in spam Verify SPF/DKIM/DMARC records before enabling production sending
No retry/error handling on send failures Silent notification failures (e.g., user never gets password reset email) Check response status, log failures, surface actionable errors

Best Practices

  • Keep sandbox and production tokens in separate environment variables, never share one token across environments
  • Verify sending domain DNS records before any production launch involving email
  • Log delivery failures with enough context to debug (recipient, template, timestamp, response code)
  • Treat email sending as a fallible network call: wrap in try/catch, never assume success

Related Skills

api-and-interface-design, security-and-hardening, ci-cd-and-automation

Files1
1 files · 1.0 KB

Select a file to preview

Overall Score

82/100

Grade

B

Good

Safety

85

Quality

82

Clarity

85

Completeness

75

Summary

This skill teaches agents how to integrate Mailtrap's Email API for transactional email sending, covering sandbox testing, domain verification, and API authentication. It provides code examples for secure environment-based routing and documents common anti-patterns like hardcoded tokens and pre-verification sending.

Static Analysis Findings

1 finding

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Credential Exposure
SEC-020Direct .env File Access3x in 1 file

Direct .env file access

SKILL.md.env3x
85% confidenceCWE-538: Sensitive Info in Externally-Accessible File

Detected Capabilities

API documentation referenceenvironment variable usagecode example generationauthentication pattern guidanceerror handling patterns

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

send emailmailtrap integrationemail sandbox testingdomain verificationtransactional emailemail delivery debugging

Risk Signals

INFO

References .env file for storing MAILTRAP_API_TOKEN

SKILL.md | Code example sections
INFO

Mentions loading tokens from environment variables in anti-patterns and best practices

SKILL.md | Best Practices section
INFO

Documentation explicitly warns against hardcoding API tokens and recommends environment variables/secrets managers

SKILL.md | Anti-Patterns table

Referenced Domains

External domains referenced in skill content, detected by static analysis.

sandbox.api.mailtrap.iosend.api.mailtrap.io

Use Cases

  • Implement email sending features (signup confirmations, password resets, notifications)
  • Debug delivery failures in dev/staging environments
  • Set up initial email integration with sandbox-to-production separation
  • Configure domain verification for production sending
  • Review email API code for security anti-patterns

Quality Notes

  • Well-structured with clear sections (Core Concepts, Code Examples, Anti-Patterns, Best Practices)
  • Code examples are production-ready and demonstrate environment-based endpoint routing
  • Anti-Patterns section directly teaches what NOT to do, reinforcing secure practices
  • Explicitly documents sandbox vs. production separation and domain verification requirements
  • Includes retry/error handling guidance and logging recommendations
  • References to two Mailtrap domains are scoped and contextually appropriate
  • No supporting files (scripts, templates) included, but the skill is complete as reference material
Model: claude-haiku-4-5-20251001Analyzed: Jun 30, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Add affaan-m/mailtrap-email-integration to your library

Get Started Free

Command Palette

Search for a command to run...