Manage Identities
Agent identities are org-scoped and identified by a unique agent_handle. Handles are normalized — a leading @ is automatically stripped, so @my-agent and my-agent are equivalent.
Create identity POST
POST /identitiesCreate a new agent identity. The handle must be unique within your organization. You can optionally create and link a mailbox, provision and link a phone number, and attach access to existing vault secrets in the same request.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
agent_handle | string | Yes | Unique handle for the identity. Leading @ is stripped automatically. |
mailbox | object | No | Optional nested mailbox-creation payload. If omitted, the identity is created without a mailbox. |
phone_number | object | No | Optional nested phone-number provisioning payload. If omitted, the identity is created without a phone number. |
vault_secret_ids | string or array | No | Optional vault secret attachment request. Provide a single secret ID string, a list of secret IDs, or "all" / "*" to attach all active secrets in the organization's active vault. |
mailbox fields
| Field | Type | Required | Description |
|---|---|---|---|
display_name | string | No | Human-readable mailbox name. Max 255 chars. Defaults to agent_handle if omitted. |
email_local_part | string | No | Requested mailbox local part before @inkboxmail.com. If omitted, the server generates a random unique local part. |
phone_number fields
| Field | Type | Required | Description |
|---|---|---|---|
type | string | No | Number type to provision: toll_free or local. Defaults to toll_free. |
state | string | No | Optional US state abbreviation filter. Only supported when type is local. |
incoming_call_action | string | No | How inbound calls are handled: auto_reject, auto_accept, or webhook. Defaults to auto_reject. |
client_websocket_url | string | Conditionally | Required when incoming_call_action is auto_accept. Must be a wss:// URL. |
incoming_call_webhook_url | string | Conditionally | Required when incoming_call_action is webhook. Must be an https:// URL. |
incoming_text_webhook_url | string | No | Optional https:// webhook URL for inbound SMS/MMS notifications. |
vault_secret_ids
Use this to attach existing vault secret access to the new identity. The organization must already have an active vault. If omitted, no vault secret access is attached.
Accepted forms:
- A single stringified UUID to attach one secret
- A list of UUIDs to attach specific secrets
"all"or"*"to attach all active secrets in the active vault
Request example
JSONResponse (201)
JSONIf mailbox is omitted, the identity is still created successfully and email_address is null. If phone_number is omitted, the identity is created without a linked phone number. If vault_secret_ids is omitted, the identity is created without any vault secret access.
Mailbox local-part validation
When you provide mailbox.email_local_part, it must satisfy these rules:
- Length: 3–64 characters
- Characters: lowercase letters, numbers, hyphens (
-), underscores (_), and dots (.) - Start/end: must begin and end with a letter or number
- No consecutive dots:
my..agentis rejected - No
@: provide the handle only, not a full email address - Reserved names blocked: common system addresses (e.g.
admin,postmaster,noreply,support,billing) and similar restricted names are rejected. Separator variants are normalized before validation.
Error responses
| Status | Description |
|---|---|
| 403 | Organization ID missing from token |
| 404 | No active vault exists for the organization, requested vault secrets were not found, or no phone numbers matched the requested criteria |
| 409 | Handle already taken or requested mailbox address already taken |
| 429 | Phone number limit reached for the organization |
| 422 | Request validation failed |
| 502 | Phone number provisioning failed |
| 503 | Mailbox address generation or final insert collided; retry the request |
Code examples
cURLList identities GET
GET /identitiesList all non-deleted identities for your organization, newest first.
Response (200)
JSONCode examples
cURLGet identity GET
GET /identities/{agent_handle}Get a single identity with its linked communication channels. The detail response includes nested mailbox and phone number objects. Channel assignment endpoints also return this same detail model.
Path parameters
| Parameter | Type | Description |
|---|---|---|
agent_handle | string | Handle of the identity (leading @ is stripped) |
Response (200)
JSONIf no mailbox or phone number is assigned, those fields are null.
Error responses
| Status | Description |
|---|---|
| 403 | Organization ID missing from token |
| 404 | Identity not found or deleted |
Code examples
cURLUpdate identity PATCH
PATCH /identities/{agent_handle}Update an identity's handle or status. Only supplied fields are modified.
Path parameters
| Parameter | Type | Description |
|---|---|---|
agent_handle | string | Current handle of the identity to update |
Request body
| Field | Type | Required | Description |
|---|---|---|---|
agent_handle | string | No | New handle. 1–255 chars. Leading @ is stripped. |
status | string | No | New status: active or paused |
Request example
JSONResponse (200)
JSONError responses
| Status | Description |
|---|---|
| 400 | Invalid status value |
| 403 | Organization ID missing from token |
| 404 | Identity not found or deleted |
| 409 | New handle already taken within the organization |
Code examples
cURLDelete identity DELETE
DELETE /identities/{agent_handle}Delete an identity. Any assigned mailbox or phone number is unlinked (but not deleted — they remain available for reassignment). Returns 204 No Content on success.
Path parameters
| Parameter | Type | Description |
|---|---|---|
agent_handle | string | Handle of the identity to delete |
Code examples
cURLIdentity object
| Field | Type | Description |
|---|---|---|
id | UUID | Unique identity identifier |
organization_id | string | Organization that owns this identity |
agent_handle | string | Unique handle within the organization |
email_address | string | null | Email address of the linked mailbox (e.g. sales.team@inkboxmail.com), or null if no mailbox is linked |
status | string | Lifecycle status: active, paused, deleted |
created_at | string | Creation timestamp (ISO 8601) |
updated_at | string | Last update timestamp (ISO 8601) |
Identity detail object
Extends the identity object with linked channel data. Returned by the get and channel assignment endpoints.
| Field | Type | Description |
|---|---|---|
| ...all identity fields | ||
mailbox | object | null | Linked mailbox object, or null if unassigned |
phone_number | object | null | Linked phone number object, or null if unassigned |