Connect any app or script to NoxTemp to spin up disposable email addresses, poll the inbox, and read messages — one key, one clear rate limit.
Every request hits the same endpoint — only the action value changes.
curl -X POST https://noxtemp.xyz/api/index.php \
-H "X-API-Key: tm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
-d "action=generate"
Every response is JSON and always includes ok: true/false. All endpoints below require an X-API-Key header and count against that key's rate limit. Most failures (invalid input, expired address, not found…) still return HTTP 200 with ok: false — see the Errors section for which status codes are used instead.
Every response to a request with an API key includes headers showing your remaining quota.
X-RateLimit-LimitMax requests / hourX-RateLimit-RemainingLeft in the current hourX-RateLimit-ResetUnix timestamp of the resetCopy the class, drop in your key, and start calling any endpoint.
// requires the php-curl extension (enabled by default on most installs)
class NoxTempClient
{
private string $baseUrl;
private ?string $apiKey;
public function __construct(string $apiKey = null, string $baseUrl = 'https://noxtemp.xyz/api/index.php')
{
$this->apiKey = $apiKey;
$this->baseUrl = $baseUrl;
}
private function call(string $action, array $params = []): array
{
$params['action'] = $action;
$ch = curl_init($this->baseUrl);
$headers = ['Content-Type: application/x-www-form-urlencoded'];
if ($this->apiKey) {
$headers[] = 'X-API-Key: ' . $this->apiKey;
}
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query($params),
CURLOPT_HTTPHEADER => $headers,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 10,
]);
$res = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($code === 429) {
throw new RuntimeException('Rate limit exceeded, try again later.');
}
return json_decode($res, true) ?: [];
}
public function generate(): array { return $this->call('generate'); }
public function inbox(string $email): array { return $this->call('inbox', ['email' => $email]); }
public function read(string $email, string $id): array { return $this->call('read', ['email' => $email, 'id' => $id]); }
}
// usage
$client = new NoxTempClient('tm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
$acc = $client->generate();
echo $acc['email'];
class NoxTempClient {
constructor(apiKey = null, baseUrl = 'https://noxtemp.xyz/api/index.php') {
this.apiKey = apiKey;
this.baseUrl = baseUrl;
}
async call(action, params = {}) {
const body = new URLSearchParams({ action, ...params });
const headers = { 'Content-Type': 'application/x-www-form-urlencoded' };
if (this.apiKey) headers['X-API-Key'] = this.apiKey;
const res = await fetch(this.baseUrl, { method: 'POST', headers, body });
if (res.status === 429) {
throw new Error('Rate limit exceeded, try again later.');
}
return res.json();
}
generate() { return this.call('generate'); }
inbox(email) { return this.call('inbox', { email }); }
read(email, id) { return this.call('read', { email, id }); }
}
// usage
const client = new NoxTempClient('tm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
const acc = await client.generate();
console.log(acc.email);
# pip install requests
import requests
class NoxTempClient:
def __init__(self, api_key=None, base_url='https://noxtemp.xyz/api/index.php'):
self.api_key = api_key
self.base_url = base_url
def _call(self, action, **params):
params['action'] = action
headers = {}
if self.api_key:
headers['X-API-Key'] = self.api_key
res = requests.post(self.base_url, data=params, headers=headers, timeout=10)
if res.status_code == 429:
raise Exception('Rate limit exceeded, try again later.')
return res.json()
def generate(self):
return self._call('generate')
def inbox(self, email):
return self._call('inbox', email=email)
def read(self, email, id):
return self._call('read', email=email, id=id)
# usage
client = NoxTempClient('tm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx')
acc = client.generate()
print(acc['email'])
// npm install axios
const axios = require('axios');
class NoxTempClient {
constructor(apiKey = null, baseUrl = 'https://noxtemp.xyz/api/index.php') {
this.apiKey = apiKey;
this.baseUrl = baseUrl;
}
async call(action, params = {}) {
const body = new URLSearchParams({ action, ...params });
const headers = { 'Content-Type': 'application/x-www-form-urlencoded' };
if (this.apiKey) headers['X-API-Key'] = this.apiKey;
try {
const res = await axios.post(this.baseUrl, body.toString(), { headers });
return res.data;
} catch (err) {
if (err.response && err.response.status === 429) {
throw new Error('Rate limit exceeded, try again later.');
}
throw err;
}
}
generate() { return this.call('generate'); }
inbox(email) { return this.call('inbox', { email }); }
read(email, id) { return this.call('read', { email, id }); }
}
module.exports = NoxTempClient;
// usage
const client = new NoxTempClient('tm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
client.generate().then(acc => console.log(acc.email));
// standard library only — no go get needed
package main
import (
"encoding/json"
"fmt"
"net/http"
"net/url"
"strings"
)
type NoxTempClient struct {
APIKey string
BaseURL string
}
func NewNoxTempClient(apiKey string) *NoxTempClient {
return &NoxTempClient{APIKey: apiKey, BaseURL: "https://noxtemp.xyz/api/index.php"}
}
func (c *NoxTempClient) call(action string, params url.Values) (map[string]interface{}, error) {
if params == nil {
params = url.Values{}
}
params.Set("action", action)
req, err := http.NewRequest("POST", c.BaseURL, strings.NewReader(params.Encode()))
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
if c.APIKey != "" {
req.Header.Set("X-API-Key", c.APIKey)
}
res, err := http.DefaultClient.Do(req)
if err != nil {
return nil, err
}
defer res.Body.Close()
if res.StatusCode == 429 {
return nil, fmt.Errorf("rate limit exceeded, try again later")
}
var out map[string]interface{}
json.NewDecoder(res.Body).Decode(&out)
return out, nil
}
func (c *NoxTempClient) Generate() (map[string]interface{}, error) {
return c.call("generate", nil)
}
func (c *NoxTempClient) Inbox(email string) (map[string]interface{}, error) {
return c.call("inbox", url.Values{"email": {email}})
}
func (c *NoxTempClient) Read(email, id string) (map[string]interface{}, error) {
return c.call("read", url.Values{"email": {email}, "id": {id}})
}
func main() {
client := NewNoxTempClient("tm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
acc, _ := client.Generate()
fmt.Println(acc["email"])
}
# standard library only — no gem install needed
require 'net/http'
require 'uri'
require 'json'
class NoxTempClient
def initialize(api_key = nil, base_url = 'https://noxtemp.xyz/api/index.php')
@api_key = api_key
@base_url = base_url
end
def call(action, params = {})
params[:action] = action
uri = URI.parse(@base_url)
req = Net::HTTP::Post.new(uri)
req.set_form_data(params)
req['X-API-Key'] = @api_key if @api_key
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |http| http.request(req) }
raise 'Rate limit exceeded, try again later.' if res.code.to_i == 429
JSON.parse(res.body)
end
def generate
call('generate')
end
def inbox(email)
call('inbox', email: email)
end
def read(email, id)
call('read', email: email, id: id)
end
end
# usage
client = NoxTempClient.new('tm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx')
acc = client.generate
puts acc['email']
Nearly all of these come back as HTTP 200 with ok: false — check msg, not the status code, for these.
| msg | Meaning |
|---|---|
Not found | The email or message doesn't exist |
Not logged in | No address resolved — pass email explicitly when calling with an API key |
expired | The email address has expired |
telegram_owned | Address is linked to a Telegram account, so it can't be extended/deleted this way |
already_owned | Address is already linked to a different Telegram account |
دومين غير صالح | The domain in generate_custom doesn't match a valid domain format |
Unknown action | The action value isn't recognized |
Outside the cases below, expect HTTP 200 — even for logical failures — with the outcome in the JSON body.
| Status | Meaning |
|---|---|
200 | Request handled — check ok in the body for success/failure |
204 | CORS preflight (OPTIONS) — no body |
403 | Bad webhook secret on receive/link_telegram |
429 | Rate limit exceeded for this key — wait for the window to reset, don't retry immediately |
Store the key in an environment variable — never hardcode it in published code.
Use a separate key per app so a leak only requires revoking one, not all of them.
Back off on 429s with a delay — don't retry immediately in a loop.