Connection & identity
All callers are Keycloak principals — a user (client principal) or a Keycloak service account (service principal). Permissions are assigned by an authorized user in the management portal and synced here. Each mailer resource sends through its own Postal server (segregated per legal entity).
Mailer info read
—
Consumption read
Your SKU quota usage for the current period — the mailer enforces it per send.
Send mail send_mail
Postal accepts the message (async); the From domain must be DNS-authenticated or it's rejected (422).
—
Credentials create_credential / list_credentials
Mint API/SMTP credentials on this resource's own Postal server. The key is shown once.
—
Webhooks add_webhook / list_webhooks
Register a webhook on this resource's Postal server — Postal POSTs message events (sent/delivered/bounced/held/clicked…) to your URL.
Templates list / add
—
Domains read / add_domain
A domain only sends once its DNS records (SPF / DKIM / return-path) verify.
—
Resource history & logs this resource only
Per-resource isolation: you connect to a mailer resource and see all email sent/received within that resource — nothing from other resources. History is stored in the mailer's Postgres; Postal remains the authoritative message log.
—