EmailAPI enables powerful extensions to your Gmail account with features like:
- Extracting data from the email body into a HTTP endpoint
- Automatically unlocking emails with password protected PDFs
EmaiAPI comes with the following features out of the box:
-
Email to JSON
This feature allows easily scraping content inside HTML emails. Data points can be extracted into a JSON endpoint and can easily be pushed to any JSON collection service via webhooks. EmailAPI autosaves this data to an internal database by default and exposes them on unique HTTP endpoints, thanks to jsonbox!
-
Attachment Unlocker
This feature automatically unlocks PDFs within emails (e.g. bank account statements, credit card statements, stock broker's contract notes etc.) and sends you an exact copy of the original email but with the unlocked attachment. Save PDF password uniquely for each sender once and then forget about ever having to unlock PDF attachments again. This can bulk unlock all existing emails in your mailbox and will continue unlocking all future emails as and when they come.
Simply signin with your Gmail account on https://emailapi.io to play around with the service. Here are some key terms of service to be aware of:
-
Your account and data on emailapi.io (including
accessToken
to your Gmail account) will get automatically deleted within 48 hours. -
If you wish to delete your account data before it gets automatically deleted, click the "Delete account" button on your dashboard.
-
If you wish to continue using emailapi.io as a hosted service, you can do so before your account gets auto deleted. Select "I'd like to continue using the hosted service" checkbox on your dashboard to prevent your account from being auto deleted. The button to "Delete account" will always be available on your dashboard.
During signup you'll encounter a popup that says that "This app isn't verified". You'll need to click "Advanced" and then on "Go to emailapi (unsafe)" link to proceed further. Google charges anywhere between $15,000 and $75,000 (or more) to audit and verify the app — not a cost I can afford to incur while running this as an open source project.
I do not recommend using EmailAPI as a long term hosted service in the interest of email privacy and data security. When you give an app (even to a verified one) access to your email account, they can read all your (private) conversations, have access to your shopping history, extract data from financial emails — including your bank account/ credit card statements, and then sell it to 3rd-party advertisers and/or misuse it for any other purpose.
⏬ Follow the steps below to setup EmailAPI for yourself! ⏬
We'd be using a domain name throughout the setup steps, so don't skip this step!
Get a free domain from freenom or buy one from Namecheap.
Alternatively, you can also set this up on a subdomain of a domain you already own.
Fork this repo and then clone it:
git clone https://github.com/<your_name>/emailapi.git
cd
into directory where the repo was cloned and install the dependencies:
yarn
Create a file named .env.local
and supply the following environment variables. Refer to the section below for instructions on getting these variables.
# Setup Part 1
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_OAUTH_REDIRECT_URI=
# Setup Part 2
FIREBASE_PROJECT_ID=
FIREBASE_AUTH_DOMAIN=
FIREBASE_DATABASE_URL=
FIREBASE_PUBLIC_API_KEY=
# Setup Part 3
FIREBASE_CLIENT_EMAIL=
FIREBASE_PRIVATE_KEY=
# Setup Part 4
EMAILAPI_DOMAIN=
EMAILAPI_BASE_URL=
# Setup Part 5
MAILGUN_API_KEY=
MAILGUN_DOMAIN=
MAILGUN_SENDING_EMAIL_ID=
# Setup Part 6
REDISCLOUD_URL=
We'll setup the following environment variables in this step:
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_OAUTH_REDIRECT_URI=
Summary:
Create a new Google Cloud project and enable the Gmail API on it.
Steps:
- Login to https://console.cloud.google.com/
- Click on
Select a project
dropdown and then click onNew Project
from the popup that opens up. - Enter
emailapi
in the project name. - Setup a Billing Account etc.
- Click
Create
and wait for the project to be created. - Select
APIs & Services
from the hamburger menu (top left icon on page) - Click on
Library
from the sidebar. - Enter
Gmail
in the search bar and press Enter. - Select
Gmail API
from the search result. - Click
Enable
and wait for the API to be enabled. - Click on
OAuth consent screen
button from sidebar. - Select
External
User Type from the list and clickCreate
. - Fill the form with following details:
- Enter
emailapi
in theApplication Name
field - Click on
Add scope
button and search forGmail
- Select
../auth/gmail.readonly
scope - Click
Add
button - Ignore everything else and Click
Save
.
- Enter
- Click on
Credentials
from the sidebar. - Click on
+Create Credentials
from the top bar and selectOAuth client ID
from the dropdown.- Select
Application type
asWeb application
- Enter
emailapi auth
inName
field - Under the
Authorized Javascript Origins
section:- Click on
+Add URI
button and enterhttp://localhost:3000
- Again Click on
+Add URI
button and enter your production domain name e.g.https://emailapi.io
- Click on
- Repeat the last 2 steps for
Authorized redirect URIs
section as well. - Click
Create
- Select
- Copy values inside
Your Client ID
andYour Client Secret
fields and paste them in your.env.local
file as mentioned below:- ➡️
GOOGLE_CLIENT_ID=<Your Client ID>
- ➡️
GOOGLE_CLIENT_SECRET=<Your Client Secret>
- ➡️
➡️ GOOGLE_OAUTH_REDIRECT_URI
will be http://localhost:3000
for local environment or your domain name e.g. https://emailapi.io
for the production environment.
We'll setup the following environment variables in this step:
FIREBASE_PROJECT_ID=
FIREBASE_AUTH_DOMAIN=
FIREBASE_DATABASE_URL=
FIREBASE_PUBLIC_API_KEY=
Summary:
Enable and add Firebase to Google Cloud project created from the previous step.
Steps:
- Goto https://console.firebase.google.com/
- Click on
Add project
- Select
emailapi
from the dropdown (this adds Firebase to Google Cloud Project we created in previous step). - Click
Continue
. - Click
Confirm Plan
in the popup. - Disable
Enable Google Analytics for this project
. - Click
Add Firebase
and wait for project to be created. - Click
Continue
when ready. - Click on the
</>
(Web) icon. - Enter
emailapi
inApp nickname
field and then click onRegister app
. (Ignore theFirebase Hosting
checkbox) - Copy the values from the code that gets generated and paste them in
.env.local
. Strings need to be copied from JS object namedfirebaseConfig
from the generated code.- ➡️
FIREBASE_PROJECT_ID=<projectId>
- ➡️
FIREBASE_AUTH_DOMAIN=<authDomain>
- ➡️
FIREBASE_DATABASE_URL=<databaseURL>
- ➡️
FIREBASE_PUBLIC_API_KEY=<apiKey>
- ➡️
- Click on
Continue to Console
.
We'll setup the following environment variables in this step:
FIREBASE_CLIENT_EMAIL=
FIREBASE_PRIVATE_KEY=
Summary:
Continuing from the previous step, we'll now configure Firebase to allow signing up via Google accounts and generate private keys to access Firebase.
Take great care in not pushing these private keys to Github or anywhere else publicly.
Steps:
- Click on
Authentication
card. - Click on
Set up sign-in method
. - Click on row that says
Google
and toggle onEnable
. - Click
Save
. - In the
Authorized domains
section click onAdd domain
button.- Enter your production domain name e.g.
emailapi.io
- Click
Add
button.
- Enter your production domain name e.g.
- Click on Gear icon next to
Project Overview
from sidebar and selectProject Settings
from the menu. - Click on
Service Accounts
from the top navigation bar.- Copy email id under
Firebase service account
and paste it in.env.local
file. - ➡️
FIREBASE_CLIENT_EMAIL=<Firebase service account>
- Copy email id under
- Click on
Generate new private key
and then onGenerate Key
button in the confirmation dialogue.- A
.json
file will get downloaded. Open the file with any text editor and copy the value in front ofprivate_key
. It'll look like-----BEGIN PRIVATE KEY-----\n...
. We'll then paste this in.env.local
file. - ➡️
FIREBASE_PRIVATE_KEY=<private_key>
- A
We'll setup the following environment variables in this step:
EMAILAPI_DOMAIN=
EMAILAPI_BASE_URL=
In the interest of data security emailapi.io uses a forked and self-hosted version of jsonbox as the underlying data store. This data store also stores accessToken
which contains readonly
access to the users (your) Gmail account.
You're free to choose between hosted service of jsonbox at jsonbox.io or to fork, clone, configure, and host it yourself with more generous limitations than are currently permitted with the hosted service.
jsonbox internally uses mongodb as the underlying database. You're free to choose between self-managed mongodb instance or a more robust and managed mongodb solution.
In the interest of reliability and ease-of-use emailapi.io uses managed mongodb solution from MongoDB Atlas which comes with a generous free tier of 500MB out of the box.
e.g. if you're using hosted jsonbox service:
- ➡️
EMAILAPI_DOMAIN=https://jsonbox.io
- ➡️
EMAILAPI_BASE_URL=https://jsonbox.io/box_<id>
We'll setup the following environment variables in this step:
MAILGUN_API_KEY=
MAILGUN_DOMAIN=
MAILGUN_SENDING_EMAIL_ID=
emailapi uses Mailgun as the mailing service. Mailgun comes with a generous free monthly tier of 1,250 emails/month.
Follow the Mailgun onboarding process to setup your domain and then enter following credentials in .env.local
file
- ➡️
MAILGUN_API_KEY=<api_key>
- ➡️
MAILGUN_DOMAIN=<verified_mg_domain>
(eg. m.emailapi.io) - ➡️
MAILGUN_SENDING_EMAIL_ID=notifs@verified_mg_domain
(eg. [email protected])
We'll setup the following environment variables in this step:
REDISCLOUD_URL=
emailapi uses bull — a redis based queue for Node to schedule and run jobs.
Install redis
on your machine. Grab your redis connection string and enter it in .env.local
file:
➡️ REDISCLOUD_URL=redis://localhost:6379
✅ Now you've setup all environment variables required to have a locally working emailapi instance.
cd
into directory where the repo was cloned and run the following command:
yarn dev
and visit http://localhost:3000 to see emailapi in action! 🚀
Create a new account using my DigitalOcean referral link to receive $100 in DigitalOcean credits valid for 2 months!
- Spin up a new Ubuntu 18.04 instance with atleast 1GB RAM and 1 CPU.
- Copy the IP address of your new machine.
- Create a
A
record in your DNS settings to point to your domain name to this IP address.
If you're using Cloudflare, then setup this A record with "DNS Only" setting to start with. You can enable "Proxy" after we've successfully issued SSL certificate in later steps.
-
Follow the DigitalOcean guide for a one-time initial setup of the instance.
- Ensure you setup SSH as the auth/login mechanism
-
Setup
nginx
by following the guide here. We'll use it as a reverse proxy. -
Serve
emailapi
application on your domain:cd /etc/nginx/sites-enabled
sudo nano emailapi
- Copy paste the following code block to this file and replace
emailapi.io
with the domain name that you're using for this application.
upstream emailapi_upstream { server 127.0.0.1:3000; keepalive 64; } server { listen 80; listen [::]:80; server_name emailapi.io; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://emailapi_upstream/; proxy_redirect off; proxy_read_timeout 240s; } }
-
Generate a free SSL certificate for your domain (thanks to Let's Encrypt) by using
certbot
. Follow the guide here.➡️ Note:
certbot
will update the nginx file with certificate paths and redirection rules.Here's what the final nginx file for emailapi.io looks like after running
certbot
. Yours should look similar.upstream emailapi_upstream { server 127.0.0.1:3000; keepalive 64; } server { server_name emailapi.io; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://emailapi_upstream/; proxy_redirect off; proxy_read_timeout 240s; } listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/emailapi.io/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/emailapi.io/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = emailapi.io) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name emailapi.io; return 404; # managed by Certbot }
-
Setup
redis
using DigitalOcean's Managed Redis in the same region as your DigitalOcean instance and grab the connection string (starts withrediss://
). Alternatively, you can installredis
locally on your DigitalOcean instance.If you install redis directly on DO instance, you'd need to make sure Docker container can access the port redis is running on on the host machine.
-
Create environment file on the server. Follow the steps below:
- Copy content of
.env.local
file from your local codebase. - On remote server, run
cd ~/ && mkdir -p apps/emailapi-pipeline && nano .env
- Paste the copied content in this file, save and exit.
- Update the
REDISCLOUD_URL
variable with the connection string from last step.
- Update the
- Copy content of
-
Visit
https://github.com/<your_username>/emailapi/settings/secrets
and click onNew Secret
button. Add the following secrets one by one:DO_HOST
= IP address of the DigitalOcean instanceDO_USERNAME
= Login username of the DigitalOcean instance.GITBUH_USERNAME
= Your Github username (typo in key is intentional as Github doesn't allow usingGITHUB
in secret name)SSH_ID_RSA
= Copy paste contents ofid_rsa
file. This is from the SSH keypair that you'd be using to login to the DigitalOcean instance.
-
Update
.github/workflows/deploy.yml
and changeaakashlpin
with your Github username. Commit this change to your fork'smaster
. This will run a Github Action that'd deploy publish docker container to Github Packages and then pull and run it on the DigitalOcean instance.
EmailAPI should now be up and running on your domain! 🚀
- EmailAPI uses a free account with UptimeRobot to ping an endpoint that runs all the jobs that you create on EmailAPI at a frequency of every 5mins.
- Signup on UptimeRobot.
- Create a monitor with UptimeRobot.
- In the form enter URL as https://<your_domain>/api/cron
- Toggle open
Advanced Settings
- In the form enter
Username
field with the "id" that you see when you login to EmailAPI. e.g. if you see https://emailapi.io/5f38ed1ba0c54626f12bfff9 in the URL bar when you login, then yourid
would be5f38ed1ba0c54626f12bfff9
. - Leave Password field as empty.
- Select
Authentication Type
as HTTP Basic. - Click
Save Changes
to create monitor.
UptimeRobot will hit this endpoint once every 5mins which'll inturn check for new emails since the service last ran and execute jobs on all new matching emails.
Good hack to both monitor your instances' uptime and run cron jobs, isn't it?
Track the product roadmap of EmailAPI on Trello. Suggestions for improvements and features are welcome (even better if they're accompanied with PRs!).
EmailAPI is MIT licensed.