Build Now

Free Email API: Read & Send from User Inboxes (Gmail, Outlook, IMAP) in 2026

Table of Contents
Browse sections
Email API Guide

Free Email API: Read & Send from User Inboxes (Gmail, Outlook, IMAP) in 2026

Scope of this guide: This article covers free APIs to integrate user mailboxes into your SaaS (OAuth-based sync). If you need transactional email (sending from your own domain via SendGrid, Mailgun, Resend, or Postmark), this guide is not for you - those are different tools for a different problem.

A complete 2026 comparison of every free email API option for developers building inbox access into their products: Gmail API, Microsoft Graph API, IMAP, and unified API free trials. Learn real quotas, hidden costs, and when to upgrade.

Start Free Trial Email API Guide
sync-inbox.js
// Unipile: one API, all providers const unipile = new UnipileClient({ apiKey: process.env.UNIPILE_KEY }); // Fetch emails from ANY linked account const emails = await unipile.email .getMessages({ account_id: 'acc_gmail_xyz', limit: 50 }); // Send email via any provider await unipile.email .sendMessage({ account_id: 'acc_outlook_abc', to: 'user@company.com', subject: 'Hello from SaaS' });
Gmail + Outlook + IMAP linked accounts active
Works with: Gmail logo Outlook logo IMAP logo
Definition

What "Free Email API" Means in This Guide

The keyword "free email API" covers two very different markets. Before comparing options, it is essential to know which one you are in - because the tools are completely different.

Definition - Scope of this article

A free email API in this guide means: an API that lets your SaaS application read and send emails from your users' own inboxes (Gmail, Outlook, IMAP) via OAuth, at no monetary cost - either through native provider quotas (Gmail API, Microsoft Graph) or a vendor's free trial. This is the sync / user-side market, not the transactional market.

In scope: Inbox sync APIs

OAuth-based access to user mailboxes. Your users link their email account; your app reads, sends, and syncs on their behalf.

  • Gmail API (Google)
  • Microsoft Graph API (Outlook, M365)
  • IMAP (any provider)
  • Unified APIs: Unipile, Nylas, Aurinko
Out of scope: Transactional email

SMTP relay services that send bulk or automated emails from your domain. Different architecture, different use case.

  • SendGrid
  • Mailgun
  • Resend
  • Postmark, AWS SES
Quick test: Are you trying to let your users see their own Gmail inbox inside your CRM? That is inbox sync - keep reading. Are you trying to send 10,000 marketing emails from noreply@yourapp.com? That is transactional - this guide is not for you.
Free Options

The 3 Truly Free Email APIs for Inbox Sync

These three options give you genuine zero-cost access to user mailboxes - no credit card, no trial expiry. The catch is that each requires separate implementation and has its own constraints.

Gmail API
Google Workspace / Personal Gmail
Free quota

Google's official REST API for Gmail. OAuth 2.0 based - your users grant access and your app reads, sends, searches, and manages their mailbox. Generous default quota for most SaaS products.

Default quota
1 billion units / day
~250 list/get operations per second per user. Read = 5 units, send = 100 units.
Strengths
Full read + send + labels + attachments
Push notifications via Pub/Sub (no polling)
Covers 3 billion Gmail accounts
Limitations
Gmail only - no Outlook or IMAP
Google verification required for production (3+ weeks)
CASA Tier 2 assessment required for sensitive scopes
Gmail API deep dive
Microsoft Graph API
Outlook.com · Microsoft 365 · Exchange Online
Free quota

Microsoft's unified API for Outlook and Microsoft 365 mailboxes. One OAuth integration covers personal Outlook accounts, business M365, and Exchange Online - the dominant email stack in B2B SaaS.

Default quota
10,000 requests / 10 minutes
Per app per tenant. Throttling applies beyond this limit (429 responses).
Strengths
One API covers all Microsoft email types
Delta queries for efficient incremental sync
Change notifications (webhooks) available
Limitations
Microsoft app registration review for production
Does not cover Gmail or IMAP accounts
Throttling per-tenant can surprise at scale
Microsoft Graph API deep dive
IMAP
Universal protocol - any email provider
Free protocol

IMAP is a 30-year-old open protocol supported by every email provider on earth. No quotas, no API keys, no vendor approval - but you build and maintain the entire connection layer yourself.

Cost model
No quotas or rate limits
Limits are set per-server by each provider. No central authority.
Strengths
Works with any email provider worldwide
No vendor lock-in, no approval process
Full control over connection and parsing
Limitations
You handle parsing, errors, reconnect logic
No push - polling only (not real-time)
Gmail/Outlook also need OAuth on top of IMAP
IMAP API deep dive
Bonus option
Need Gmail, Outlook and IMAP in one API?
Unipile unifies all three providers behind a single OAuth flow and REST API. Try the full platform free for 7 days, no credit card required.
See pricing & start free trial
Code Examples

Free Email API Quickstarts: Gmail, Outlook, and IMAP in Node.js

Each free email API has a different OAuth flow and endpoint structure. Below are the minimal working quickstarts for all three providers - the same read-and-send pattern, each adapted to the provider's native SDK or protocol.

OAuth Quickstart - Pick your provider
Gmail Outlook IMAP
Gmail
Gmail API Google OAuth 2.0
Outlook
Outlook / M365 Microsoft Graph
IMAP
IMAP Universal protocol
gmail-free-api.js
// Free Email API - Gmail API (googleapis npm package) const { google } = require('googleapis'); const oauth2Client = new google.auth.OAuth2( process.env.GMAIL_CLIENT_ID, process.env.GMAIL_CLIENT_SECRET, process.env.REDIRECT_URI ); // Step 1: Generate consent URL for user const authUrl = oauth2Client.generateAuthUrl({ access_type: 'offline', scope: ['https://www.googleapis.com/auth/gmail.modify'] }); // Step 2: Exchange auth code for tokens (in callback handler) async function handleCallback(code) { const { tokens } = await oauth2Client.getToken(code); oauth2Client.setCredentials(tokens); // Store tokens.refresh_token in your DB } // Step 3: Read latest emails async function readEmails() { const gmail = google.gmail({ version: 'v1', auth: oauth2Client }); const { data } = await gmail.users.messages.list({ userId: 'me', maxResults: 10 }); return data.messages; } // Step 4: Send an email async function sendEmail(to, subject, body) { const gmail = google.gmail({ version: 'v1', auth: oauth2Client }); const raw = Buffer.from( `To: ${to}\r\nSubject: ${subject}\r\n\r\n${body}` ).toString('base64url'); await gmail.users.messages.send({ userId: 'me', requestBody: { raw } }); }
Gmail API - free quota 1B units/day - OAuth 2.0 required
1
Google Cloud setup
Enable Gmail API in console.cloud.google.com. Create OAuth 2.0 credentials (Client ID + Secret). Free.
2
OAuth consent screen
Set up consent screen. Testing mode: 100 users immediately. Production: Google verification required (2-4 weeks).
3
Token refresh
Access tokens expire in 1 hour. Store the refresh_token and call setCredentials() on each request with a fresh token.
4
CASA Tier 2 for scopes
Sensitive Gmail scopes (gmail.modify, gmail.readonly) require CASA Tier 2 security assessment for production apps.
outlook-free-api.js
// Free Email API - Microsoft Graph (Outlook + M365) const { ConfidentialClientApplication } = require('@azure/msal-node'); const axios = require('axios'); const msalClient = new ConfidentialClientApplication({ auth: { clientId: process.env.AZURE_CLIENT_ID, clientSecret: process.env.AZURE_CLIENT_SECRET, authority: 'https://login.microsoftonline.com/common' } }); // Step 1: Generate OAuth URL for user consent async function getAuthUrl() { return await msalClient.getAuthCodeUrl({ redirectUri: process.env.REDIRECT_URI, scopes: ['https://graph.microsoft.com/Mail.ReadWrite', 'https://graph.microsoft.com/Mail.Send'] }); } // Step 2: Exchange code for access token async function getToken(code) { const result = await msalClient.acquireTokenByCode({ code, redirectUri: process.env.REDIRECT_URI, scopes: ['https://graph.microsoft.com/Mail.ReadWrite'] }); return result.accessToken; } // Step 3: Read emails via Microsoft Graph async function readEmails(accessToken) { const { data } = await axios.get( 'https://graph.microsoft.com/v1.0/me/messages?$top=10', { headers: { Authorization: `Bearer ${accessToken}` } } ); return data.value; } // Step 4: Send email via Microsoft Graph async function sendEmail(accessToken, to, subject, body) { await axios.post( 'https://graph.microsoft.com/v1.0/me/sendMail', { message: { subject, body: { contentType: 'Text', content: body }, toRecipients: [{ emailAddress: { address: to } }] } }, { headers: { Authorization: `Bearer ${accessToken}` } } ); }
Microsoft Graph API - free - covers Outlook.com + M365 + Exchange Online
1
Azure app registration
Register an app at portal.azure.com. Add redirect URI. Generate client secret. Free operation.
2
Delegated permissions
Add Mail.ReadWrite and Mail.Send as delegated permissions. Admin consent may be required for M365 tenants.
3
Token refresh (MSAL)
MSAL handles token refresh silently via acquireTokenSilent(). Access tokens expire in 1 hour. Store account state in your DB.
4
Throttling: 429 handling
Graph throttles at 10,000 req / 10 min per app per tenant. Implement exponential backoff on 429 responses.
imap-free-api.js
// Free Email API - IMAP (imap npm package) // Works with any provider: Yahoo, Fastmail, corporate servers, etc. const Imap = require('imap'); const { simpleParser } = require('mailparser'); const imap = new Imap({ user: process.env.EMAIL_USER, password: process.env.EMAIL_PASS, // use App Password for Gmail/Outlook host: 'imap.example.com', port: 993, tls: true }); // Read emails from INBOX function readEmails() { return new Promise((resolve, reject) => { imap.once('ready', () => { imap.openBox('INBOX', true, (err, box) => { if (err) throw err; const lastN = `${Math.max(1,box.messages.total-9)}:*`; const f = imap.seq.fetch(lastN, { bodies: '' }); const msgs = []; f.on('message', msg => { msg.on('body', stream => { simpleParser(stream, (e, parsed) => msgs.push(parsed)); }); }); f.once('end', () => { imap.end(); resolve(msgs); }); }); }); imap.once('error', reject); imap.connect(); }); } // Send via SMTP (nodemailer) const nodemailer = require('nodemailer'); const transporter = nodemailer.createTransport({ host: 'smtp.example.com', port: 587, auth: { user: process.env.EMAIL_USER, pass: process.env.EMAIL_PASS } });
IMAP - free protocol - works with any provider worldwide - no quota limits
1
Enable IMAP in provider
IMAP must be enabled in the user's email settings. Gmail and Outlook also require an App Password when 2FA is active.
2
No push - polling only
IMAP has no webhook support. You must poll the server at intervals. For real-time needs, IDLE command is available but complex.
3
Handle reconnects
IMAP connections drop silently. Implement heartbeat + reconnect logic for production. The imap package requires manual connection management.
4
SMTP for sending
IMAP is read-only. Sending requires a separate SMTP connection (nodemailer). Two protocols, two credential sets to manage per user.

Skip the 3 separate builds. All three quickstarts above work - but in production you need to maintain three OAuth flows, three token refresh systems, and three error handlers. The Unipile send email API replaces all three with a single POST endpoint: same payload, same response, same error format - regardless of which provider the user has linked.

Real Costs

The Hidden Cost of Building on "Free" Providers

The Gmail API and Microsoft Graph API are genuinely free to call - but building a production-grade multi-provider email integration from scratch is far from free in engineering time. Here is what most developers discover too late.

3-6 months of dev time

Supporting Gmail + Outlook + IMAP in production means building 3 separate OAuth flows, 3 separate token refresh mechanisms, 3 separate webhook/polling setups, and unified error handling across all three. Most teams underestimate this by 4-5x.

Provider lock-in by default

If you build Gmail-only, you immediately lose every Outlook-only user (and B2B SaaS often runs 60-70% on Microsoft 365). Adding a second provider later is not an extension - it is a full rebuild of your auth and sync layer.

Google verification: weeks, not days

Using sensitive Gmail scopes (gmail.readonly, gmail.modify) in production requires Google's OAuth app verification. The process takes 2-4 weeks minimum and requires a security assessment if you use restricted scopes.

Ongoing maintenance burden

Google and Microsoft both change their APIs and OAuth requirements without warning. Basic Auth deprecation (fully removed in 2026), scope requirement changes, and rate limit policy updates require immediate engineering response - that is an ongoing cost, not a one-time build.

Realistic timeline to ship Gmail + Outlook + IMAP in production
1
Gmail API (solo)
2-4 weeks

OAuth flow, token storage, basic send/read, Google verification submission. Waiting for verification adds 2-4 weeks on top.

2
+ Microsoft Graph
+3-6 weeks

Separate OAuth client, different token format, different throttling logic, Microsoft app registration review, delta sync implementation.

3
+ IMAP fallback
+2-4 weeks

IMAP connection pooling, MIME parsing, provider-specific quirks (Yahoo, Fastmail, corporate servers), error/reconnect handling.

The free email API math

3 providers x 6 weeks average build = 18 weeks of senior dev time. At $150/hour that is $108,000+ in labor before a single line of product code. A unified API like Unipile abstracts all three for from $49/month - and gives you the compliance certifications included.

Free trial - no credit card
Skip the multi-provider build.
Try Unipile free for 7 days.

One free email API integration. Gmail, Outlook, and IMAP linked accounts in one API call. SOC 2 Type II + CASA Tier 2 + GDPR compliant out of the box. No 18-week build, no provider verification wait.

Start free trial Read the complete Email API guide
Decision Guide

When a Free Email API Works (and When It Doesn't)

Use this table to match your situation to the right approach. Free is not always the wrong choice - but it has clear limits.

Use case Free API sufficient? Best option Notes
Side project / hobby app
Yes - ideal
Gmail API direct No production verification needed for test mode. Free quota easily sufficient.
Solo SaaS, single provider
Yes - viable
Gmail API or MS Graph Account for Google/Microsoft verification time (2-4 weeks). Plan for token refresh maintenance.
B2B SaaS, users on any provider
No
Unified API (Unipile / Nylas / Aurinko) Building Gmail + Outlook + IMAP separately is 3-6 months of dev. Unified APIs solve this in days.
High scale (>10k linked accounts)
No
Unified API mandatory Rate limit management, token rotation, quota increases, reliability SLAs - all require enterprise tooling.
Compliance-sensitive product (healthcare, finance, legal)
No
SOC 2 / CASA Tier 2 certified vendor Native Gmail/Outlook APIs have no SOC 2 certification on their own. You need a certified layer.
CRM / Sales tool needing Gmail + Outlook + IMAP
No
Unipile (7-day free trial) One free email API integration covers all providers. Start building immediately on the trial - no provider approval wait.
Unipile Option

Unipile's Free Trial: The Unified Free Email API for Multi-Provider SaaS

If you need Gmail + Outlook + IMAP linked accounts under one API, Unipile offers a 7-day free trial with full access to all features - no credit card required. Here is exactly what you get during the trial and what you need to know before committing.

7 days, full access

No feature restrictions during the trial. Link Gmail, Outlook, and IMAP accounts. Send, read, sync. Access all API endpoints. No credit card required to start.

3 providers, one integration

Gmail (OAuth), Outlook / Microsoft 365 (OAuth), and IMAP - all accessible through one unified API. Your users link their accounts; you read and send from any of them with identical code.

Production-grade security

SOC 2 Type II certified (audited October 2025), CASA Tier 2 assessed, and GDPR compliant. All data hosted in the EU. You inherit these certifications when you build on Unipile.

Webhooks + real-time sync

No polling required. Unipile pushes new emails to your webhook endpoint in real time across all linked accounts - Gmail, Outlook, and IMAP simultaneously.

Full API documentation

REST API with SDKs, Postman collection, and full documentation. Read the unified email API integration guide to get started in minutes.

Pricing after trial: from $49/mo

Plans are based on linked accounts (not API calls). 10 accounts minimum at $49/month, then $5/account for 11-50 accounts. See the full pricing page for volume tiers.

Compliance certifications included
SOC 2 Type II
Independently audited. Security, availability, confidentiality. Effective Oct 2025.
CASA Tier 2
Google Cloud Application Security Assessment. Required for Gmail OAuth sensitive scopes in production.
GDPR Compliant
EU data hosting. Unipile acts as Data Processor. Full GDPR alignment for EU user data.

Honest answer: Unipile does not have a free tier. The 7-day trial is the only free access. After that, plans start at $49/month. If you are building a side project that will have fewer than 10 linked accounts for the foreseeable future, the Gmail API direct is probably the right free email API for you. If you are building a B2B SaaS that needs to support any email provider your users have, the trial lets you validate the integration before spending a dollar.

FAQ

Free Email API - Frequently Asked Questions

Answers to the most common questions about free email API options, quotas, security, and when to upgrade to a paid solution.

01
Is the Gmail API really free?
Yes, the Gmail API is free to use with a default quota of 1 billion quota units per day. Basic operations like listing emails cost 5 units and sending costs 100 units - this quota is sufficient for virtually all SaaS applications. However, using sensitive Gmail scopes in production requires Google OAuth app verification (2-4 weeks) and potentially a CASA Tier 2 security assessment. The API itself costs nothing; the time investment is the real cost.
02
Is Microsoft Graph email API free?
Yes, Microsoft Graph API for email is free to call. The default throttling limit is 10,000 requests per 10 minutes per app per tenant. It covers Outlook.com personal accounts, Microsoft 365 business accounts, and Exchange Online - all under the same free API. Production use requires registering your app in Azure Active Directory and going through Microsoft's app review. No per-call fees apply.
03
What is the best free email API for developers?
The best free email API depends on your use case. For a side project or single-provider app targeting Gmail users, the Gmail API is the best option - permanent, well-documented, generous quotas. For Microsoft 365 users, Microsoft Graph is the equivalent. If you need to support both Gmail and Outlook in one integration, there is no permanently-free unified option. You either build both separately (3-6 months dev) or use a unified API's free trial. For multi-provider B2B SaaS, Unipile's unified email API is the most complete approach. See our complete email API providers guide.
04
Can I read user emails for free with an API?
Yes. Both the Gmail API and Microsoft Graph API let you read user emails for free via OAuth 2.0. Users grant your app permission; you list, read, search, and download messages without any per-call fees. IMAP is also free and works with any provider. The real cost is engineering time to implement the OAuth flow, token refresh, and error handling - not API usage fees. For reading emails across multiple providers, see the unified send email API guide.
05
Does Unipile have a free tier?
Honest answer: no. Unipile does not have a permanently free tier. The 7-day free trial (no credit card required) is the only free access. After that, plans start at $49/month for up to 10 linked accounts. If you are building a side project needing fewer than 10 linked accounts with no compliance requirements, the Gmail API direct is likely the better free email API for you. If you are building B2B SaaS needing multi-provider support, the trial lets you validate the full integration before committing.
06
Are free email APIs secure for production SaaS?
The Gmail API and Microsoft Graph API are individually secure - both use OAuth 2.0 and are operated by Google and Microsoft. However, security certification is your responsibility. If your SaaS needs SOC 2 Type II, CASA Tier 2, or GDPR documentation to sell to enterprise customers, building on native APIs means obtaining those certifications yourself - a significant audit investment. Using a certified layer like Unipile's secure email API (SOC 2 Type II + CASA Tier 2 + GDPR) lets you inherit those certifications and present them to customers immediately.
07
When should I stop using free email APIs?
Consider upgrading from free email APIs when: (1) your users have accounts across multiple providers and you need to support all of them - building Gmail + Outlook + IMAP separately takes 3-6 months; (2) you are approaching production scale and need reliability SLAs; (3) customers require compliance documentation; (4) provider maintenance is consuming engineering bandwidth; or (5) you need real-time webhooks across all providers. Read the complete Email API guide for a deeper breakdown of the tradeoffs.

Still have questions? Talk to an email API expert - we'll help you choose the right approach for your stack.

Talk to an expert
en_USEN
fr_FRFR es_ESES de_DEDE it_ITIT pt_BRBR nl_NLNL pl_PLPL tr_TRTR en_USEN