Questions & answers
Quick answers for buyers and integrators. For technical API parameters, see API docs.
Who these accounts are for
Purchased mailboxes are intended for legitimate automation and integration work where you control the application code (scripts, backends, tests). Typical use cases:
- Developers building or testing flows that talk to Microsoft Graph (read/send mail, folders).
- QA and staging environments that need real OAuth refresh tokens and mailbox behavior.
- Teams prototyping email-driven features without using personal primary inboxes.
These accounts are not a substitute for personal email for daily communication, and must not be used for spam, phishing, or anything that violates Microsoft terms or applicable law.
FAQ
What do I get after purchase?
You receive mailbox credentials in the format used by our tools: a connection string that includes
the mailbox address, secrets, and OAuth-related fields (including
client_id) so you can
refresh access tokens and call Microsoft Graph, or use the built-in
Mail reader after signing in.
How does pricing work?
Prices depend on domain and age tier. They are shown in the purchase flow and API responses from our
backend—there are no fixed prices in this help page. Top up your balance, pick domains and tiers,
then complete checkout.
How do I read messages in the browser?
Sign in to your ApiMail account and open Mail reader. Paste your
connection string, connect, and browse messages. Tokens stay on the server session; they are not
exposed to the page as long-lived secrets in the UI beyond what you paste yourself.
Can I send email to another address using Graph?
Yes. After you exchange the refresh token for an access token (same flow as in Mail reader), call
POST https://graph.microsoft.com/v1.0/me/sendMail with a JSON body. See the example
below. Your app registration must allow sending mail for the delegated token you use.
What is the connection string format?
The string is parsed like in
mail_reader.php: mailbox email, then a separator, then
fields split by | or ;—including refresh token and client_id.
Use the exact string from your order export without editing unless you know what you are doing.
What if a token stops working?
Refresh tokens can be revoked by Microsoft (password change, security policy, or abuse). If refresh
fails, obtain a new mailbox through a new purchase or contact support via Telegram
@apimail_me for order-related
questions.
Where is my balance and payment history?
After login, use the dashboard and
Transactions history to see deposits and purchases.
Example: send mail via Microsoft Graph (PHP)
Linear script (same steps as a local test): set $connectionString and $to,
then run with PHP CLI. Success is typically OK sendMail HTTP 202. Same token endpoint and
Graph base as mail_reader.php.
<?php
declare(strict_types=1);
/**
* Standalone script: same flow as a one-off test (token URL + Graph v1.0 sendMail).
* Put your purchased connection string below and set the recipient.
* Do not commit real connection strings to public repositories.
*/
const GRAPH_BASE = 'https://graph.microsoft.com/v1.0';
const GRAPH_TOKEN_URL = 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
// Example shape only — use the full string from your order (email;password|refresh_token|client_id)
$connectionString = 'mailbox@outlook.com;p****word|M.C537_BAY.0.U.-***...***|aa**aa-b*b-c*c-d*d-ee**ee';
$to = 'you***@gmail.com';
$semi = strpos($connectionString, ';');
if ($semi === false) {
fwrite(STDERR, "Invalid connection string\n");
exit(1);
}
$rest = trim(substr($connectionString, $semi + 1));
$parts = preg_split('/[|;]/', $rest);
if (!is_array($parts) || count($parts) < 3) {
fwrite(STDERR, "Could not parse connection string\n");
exit(1);
}
$parts = array_values(array_map('trim', $parts));
$refreshToken = $parts[1];
$clientId = $parts[2];
$ch = curl_init(GRAPH_TOKEN_URL);
if ($ch === false) {
exit(1);
}
$payload = http_build_query([
'grant_type' => 'refresh_token',
'refresh_token' => $refreshToken,
'client_id' => $clientId,
'scope' => 'https://graph.microsoft.com/.default',
], '', '&', PHP_QUERY_RFC3986);
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'Content-Type: application/x-www-form-urlencoded',
'Accept: application/json',
],
CURLOPT_TIMEOUT => 45,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
]);
$raw = curl_exec($ch);
$status = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$decoded = is_string($raw) ? json_decode($raw, true) : null;
if ($status < 200 || $status >= 300 || !is_array($decoded) || !isset($decoded['access_token'])) {
fwrite(STDERR, "Token exchange failed HTTP $status\n");
if (is_array($decoded)) {
fwrite(STDERR, json_encode($decoded, JSON_UNESCAPED_UNICODE) . "\n");
}
exit(1);
}
$accessToken = (string) $decoded['access_token'];
$url = GRAPH_BASE . '/me/sendMail';
$body = [
'message' => [
'subject' => 'ApiMail Graph test',
'body' => [
'contentType' => 'Text',
'content' => 'Test message sent via Microsoft Graph.',
],
'toRecipients' => [
['emailAddress' => ['address' => $to]],
],
],
'saveToSentItems' => true,
];
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode($body, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'Authorization: Bearer ' . $accessToken,
'Content-Type: application/json',
'Accept: application/json',
],
CURLOPT_TIMEOUT => 45,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
]);
$sendRaw = curl_exec($ch);
$sendStatus = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($sendStatus >= 200 && $sendStatus < 300) {
echo "OK sendMail HTTP $sendStatus\n";
exit(0);
}
fwrite(STDERR, "sendMail failed HTTP $sendStatus\n");
if (is_string($sendRaw)) {
fwrite(STDERR, $sendRaw . "\n");
}
exit(1);
Run only in a trusted environment. Never publish your real connection string.