Temp mail
in PHP.
Disposable inboxes and OTP extraction in PHP — plain curl, no SDK.
<?php
// Create a disposable EvilMail inbox and print the address.
$key = getenv('EVILMAIL_KEY'); // never hard-code the key
$ch = curl_init('https://evilmail.pro/api/temp-email');
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => [
"X-API-Key: $key",
'Content-Type: application/json',
],
CURLOPT_POSTFIELDS => json_encode(['ttlMinutes' => 30]),
]);
$res = json_decode(curl_exec($ch), true);
curl_close($ch);
echo $res['data']['email'] . "\n"; // e.g. [email protected]Spin up temp mail in PHP in a few lines of curl: the EvilMail API lets you create a disposable inbox, poll it until a message lands, and pull a 6-digit code straight out of the body. It is built for developers who need to test signup flows, verify OTP emails, or run email checks in CI without wiring up a real mailbox. Everything is plain HTTP with an X-API-Key header, so PHP temp mail drops into any script, test suite, or worker with zero extra dependencies.
Why use temp mail in PHP
Automated signup & OTP testing
Register a fresh disposable inbox per test run, then read back the verification email and extract the 6-digit code. No shared mailbox, no cross-test pollution.
CI/CD email verification
Run end-to-end email checks inside your pipeline. Because it is just curl over HTTPS, PHP temp mail works the same on your laptop and on a CI runner.
Scraping-free QA of transactional mail
Trigger a password reset or welcome email and assert on its subject, sender, and body text directly from PHP — no IMAP setup or manual inbox checking.
One-off disposable email in PHP
Need a throwaway address for a form or a demo account? Create an inbox with a TTL, use it, and let it expire on its own. Nothing to clean up.
The flow — PHP temp mail in 3 calls
Create a disposable inbox
<?php
// POST /api/temp-email -> returns email + sessionToken.
$key = getenv('EVILMAIL_KEY');
$ch = curl_init('https://evilmail.pro/api/temp-email');
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => [
"X-API-Key: $key",
'Content-Type: application/json',
],
CURLOPT_POSTFIELDS => json_encode(['ttlMinutes' => 30]),
]);
$res = json_decode(curl_exec($ch), true);
curl_close($ch);
$email = $res['data']['email'];
$token = $res['data']['sessionToken']; // keep this for polling
echo "Inbox: $email (token $token)\n";Poll until the email arrives
<?php
// GET /api/temp-email/{token} until messages is non-empty.
$key = getenv('EVILMAIL_KEY');
$token = $token ?? $argv[1]; // sessionToken from step 1
$url = "https://evilmail.pro/api/temp-email/$token";
$messages = [];
for ($i = 0; $i < 20; $i++) { // ~20 tries, 3s apart
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ["X-API-Key: $key"],
]);
$res = json_decode(curl_exec($ch), true);
curl_close($ch);
$messages = $res['data']['messages'] ?? [];
if (!empty($messages)) {
break; // got at least one email
}
sleep(3);
}
if (empty($messages)) {
exit("No email arrived in time\n");
}
$uid = $messages[0]['uid']; // newest message uid
echo "Got message uid=$uid\n";Read the message & extract the code
<?php
// GET /api/message/{uid}?token=... then regex the OTP.
$key = getenv('EVILMAIL_KEY');
$token = $token ?? $argv[1]; // sessionToken
$uid = $uid ?? $argv[2]; // uid from the poll step
$url = "https://evilmail.pro/api/message/$uid?token=$token";
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ["X-API-Key: $key"],
]);
$res = json_decode(curl_exec($ch), true);
curl_close($ch);
$body = $res['data']['text'] ?? '';
// A 6-digit OTP, e.g. "Your code is 123456".
if (preg_match('/\b(\d{6})\b/', $body, $m)) {
echo "OTP: {$m[1]}\n";
} else {
echo "No 6-digit code found\n";
}PHP temp mail — FAQ
Q1How do I get a temp mail address in PHP?−
Send a POST request to https://evilmail.pro/api/temp-email with your X-API-Key header and a JSON body like {"ttlMinutes": 30}. The response contains data.email (the disposable address) and data.sessionToken, which you use to poll for incoming messages. The hero snippet above does exactly this in about ten lines of curl.
Q2Can I use this for automated testing?+
Yes — that is the primary use case. Because every call is plain HTTPS with an API key, you can create an inbox, poll it, and assert on the received email from PHPUnit, a Behat suite, or a CI job. Create a fresh inbox per test to keep runs isolated and avoid leftover messages between tests.
Q3How do I extract the OTP from the email?+
Fetch the message with GET /api/message/{uid}?token={sessionToken}, read data.text (or data.html), and run a regex over it. For a standard 6-digit one-time code, preg_match('/\b(\d{6})\b/', $body, $m) returns the code in $m[1]. Adjust the pattern if your codes use a different length or format.
Q4Do I need an API key, and are there rate limits?+
Yes, every request must include the X-API-Key header — read it from an environment variable such as EVILMAIL_KEY rather than hard-coding it. Requests are rate limited per key; the poll loop in step 2 (about 20 tries, 3 seconds apart) stays comfortably within normal limits. If you hit a 429, back off and retry.
Q5How long does the inbox live?+
You control it with the ttlMinutes field when creating the inbox — in the examples it is 30 minutes. Once the TTL expires the address and its messages are discarded automatically, so there is nothing to clean up. Set a longer TTL for slower flows or a short one for quick throwaway checks.
Temp mail in other languages
One API key. Disposable inboxes at scale.
Create unlimited throwaway addresses, poll them over HTTP, and pull verification codes straight into your tests and CI. Free to start; custom domains and higher limits on paid plans.

