Build Now

Send Email API: Gmail, Outlook & IMAP from User Accounts (2026)

Table of Contents
Table of Contents 8 sections
Foundations
01What Is It?
02Use Cases
Providers
03Gmail, Outlook, IMAP
04How to Send (Step by Step)Guide
Integration
05Unified API Endpoint
06All API Endpoints
07Auth & Security
Reference
08Common Pitfalls
09FAQ
User-Account Email API

Send Email API: Send from User Gmail, Outlook & IMAP Accounts

Most email APIs send from a shared domain you own. Unipile's send email API is different: it sends from your users' own Gmail, Outlook, and IMAP accounts, with full OAuth2, no credential storage, and a single unified endpoint for every provider. When your SaaS needs to send email programmatically on behalf of real people, this is the integration that makes it work.

OAuth2 connect, no password storage
One unified endpoint, all providers
Gmail, Outlook & IMAP supported
SOC2 compliant infrastructure
GmailGmail
OutlookOutlook
IMAPIMAP
Start Building View Docs
send email api - user accounts
Sent from linked accounts
Gmail
sarah@acme.com (Gmail)
Following up on our conversation
Sent
Outlook
mark@corp.io (Outlook)
Your onboarding summary
Sent
IMAP
lisa@startup.co (IMAP)
Welcome to the platform
Sent
POST /api/v1/emails
"account_id": "acc_gmail_xyz",
"to": [{ "identifier": "sarah@acme.com" }],
"subject": "Following up..."
200 OK - email queued
What Is a User-Account Send Email API?

A Send Email API That Acts on Behalf of Your Users

Most "send email API" searches lead to transactional providers. That is not this. Unipile is a user-account email API: it connects to your users' real Gmail or Outlook accounts and sends on their behalf, with their identity and their deliverability.

Key Use Cases

Why Developers Build on a User-Account Email API

When your product needs to send email programmatically from real people (not a noreply@ address), these are the scenarios that drive adoption.

CRM and Sales Automation

Send follow-up emails from each sales rep's own Gmail or Outlook account. Higher reply rates, authentic sender identity, no domain warming required. Prospects see a real name, not a generic alias.

Customer Support Platforms

Let support agents reply directly from their own mailbox. Customers see a real person's name and email address, not a support@ alias. Builds trust, increases resolution speed.

ATS and Recruitment Tools

Reach candidates with personalized emails from the recruiter's actual account. No cold domain, no spam filter risk, no warmup period. The email arrives in the inbox like a personal message, because it is one.

Supported Providers

Send Email from Gmail, Outlook, and IMAP: One API

Unipile's send email API abstracts the provider layer completely. Whether your user's account is Gmail, Outlook, Microsoft 365, Exchange Online, or any IMAP-compatible mailbox, the API call is identical. You write the integration once and every provider just works.

Gmail
Google Workspace included
OAuth2 authentication, no password required
Scope: gmail.send: minimal permission footprint
Up to 500 emails/day per personal account, higher limits for Workspace
Excellent deliverability: Google's infrastructure, user's reputation
OAuth2 ready
Gmail API integration guide
Outlook
Covers Microsoft 365 and Exchange Online
OAuth2 via Microsoft Identity Platform
Permission: Mail.Send: delegated or app-level
Works for personal Outlook, Microsoft 365, and Exchange Online accounts
Up to 10,000 recipients/day for M365 accounts
OAuth2 ready
Microsoft Graph API guide
IMAP
Universal fallback for any provider
Supports IMAP/SMTP with credentials or OAuth2 where available
Works with Yahoo, Zoho, Fastmail, custom corporate mail servers
Same Unipile API endpoint, no extra integration work
Ideal for B2B users with custom domains and corporate email
Universal
IMAP API integration guide
Step-by-Step Guide

How to Send Email via API: Step by Step Integration

From account linking to sending your first email programmatically, here is the complete flow. This guide covers Gmail and Outlook; the steps for IMAP are identical, only the account type differs.

1
Get your Unipile API key

Sign up at the Unipile dashboard. Every workspace gets an API key. All requests are authenticated with the X-API-KEY header. No OAuth setup on your side: Unipile handles the provider authentication for you.

curl
# Verify your API key curl -X GET https://api.unipile.com/api/v1/accounts \ -H "X-API-KEY: {YOUR_API_KEY}"
2
Link a user account (Gmail, Outlook, or IMAP)

Generate a hosted auth link via the API. The user clicks it and goes through the standard OAuth2 consent screen for their provider. Unipile stores the tokens securely and returns an account_id. You never touch credentials.

curl JavaScript Python
# Generate a hosted auth link for Gmail curl -X POST https://api.unipile.com/api/v1/hosted/accounts/link \ -H "X-API-KEY: {YOUR_API_KEY}" \ -H "Content-Type: application/json" \ -d '{"type":"GOOGLE","api_url":"https://api.unipile.com","expiresOn":"2026-12-31T00:00:00.000Z"}'
// Generate auth link - Node.js const res = await fetch('https://api.unipile.com/api/v1/hosted/accounts/link', { method: 'POST', headers: { 'X-API-KEY': '{YOUR_API_KEY}', 'Content-Type': 'application/json' }, body: JSON.stringify({ type: 'GOOGLE', api_url: 'https://api.unipile.com', expiresOn: '2026-12-31T00:00:00.000Z' }) }); const { url } = await res.json();
# Generate auth link - Python import requests res = requests.post( 'https://api.unipile.com/api/v1/hosted/accounts/link', headers={'X-API-KEY': '{YOUR_API_KEY}'}, json={ 'type': 'GOOGLE', 'api_url': 'https://api.unipile.com', 'expiresOn': '2026-12-31T00:00:00.000Z' } ) url = res.json()['url']
For Outlook, use "type":"MICROSOFT". For IMAP, use "type":"IMAP". The same hosted flow handles all three providers.
3
Retrieve the account_id from the webhook callback

After the user completes OAuth2, Unipile fires a webhook to your endpoint with the account_id. Store it in your database: it is the key you will use in every send email API call for that user.

JSON payload
// Webhook payload example (account.linked event) { "event": "account.linked", "account_id": "acc_gmail_Abc123XYZ", "provider": "GOOGLE", "email": "sarah@acme.com" }
4
Send email from the linked account

POST to /api/v1/emails with the account_id. The email goes out from the user's actual Gmail or Outlook inbox, same as if they hit send themselves. The endpoint is identical regardless of whether the linked account is Gmail, Outlook, or IMAP.

curl JavaScript Python
# Send email from a linked Gmail account curl -X POST https://api.unipile.com/api/v1/emails \ -H "X-API-KEY: {YOUR_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "account_id": "{ACCOUNT_ID}", "to": [{"display_name": "John Doe", "identifier": "john@example.com"}], "subject": "Following up on our conversation", "body": "

Hi John,

Just wanted to follow up...

" }'
// Send email - Node.js const res = await fetch('https://api.unipile.com/api/v1/emails', { method: 'POST', headers: { 'X-API-KEY': '{YOUR_API_KEY}', 'Content-Type': 'application/json' }, body: JSON.stringify({ account_id: '{ACCOUNT_ID}', to: [{ display_name: 'John Doe', identifier: 'john@example.com' }], subject: 'Following up on our conversation', body: '

Hi John,

Just wanted to follow up...

' }) }); const data = await res.json();
# Send email - Python import requests res = requests.post( 'https://api.unipile.com/api/v1/emails', headers={'X-API-KEY': '{YOUR_API_KEY}'}, json={ 'account_id': '{ACCOUNT_ID}', 'to': [{ 'display_name': 'John Doe', 'identifier': 'john@example.com' }], 'subject': 'Following up on our conversation', 'body': '

Hi John,

Just wanted to follow up...

' } ) print(res.json())
The response includes a message ID and delivery status. You can also add "cc", "bcc", "reply_to", and "attachments" to the same payload.

Ready to send emails from Gmail, Outlook, and IMAP?

Your API key is waiting. Start building in under 10 minutes.

Start Building Now View Docs
Unified API Endpoint

One Unified Endpoint to Send Email Across All Providers

The biggest friction in multi-provider integrations is maintaining separate code paths for each email service. Unipile eliminates that. Whether the linked account is Gmail, Outlook, or IMAP, you always call the same endpoint with the same payload. The abstraction layer handles provider-specific protocols, token refreshes, and rate limit differences behind the scenes.

POST /api/v1/emails - identical for all providers Unified
POST https://api.unipile.com/api/v1/emails X-API-KEY: {YOUR_API_KEY} { "account_id": "{ACCOUNT_ID}", "to": [{ "display_name": "John Doe", "identifier": "john@example.com" }], "subject": "Your project update", "body": "

Hi John...

" } // Works for Gmail, Outlook, and IMAP // account_id tells Unipile which account to use
GmailGmail
+
OutlookOutlook
+
IMAPIMAP
/api/v1/emails
Explore the unified multi-provider email API
Write once, support every provider

No separate code paths for Gmail vs Outlook. One integration covers all three providers today and any future additions Unipile adds.

Token refresh handled automatically

OAuth2 access tokens expire. Unipile refreshes them transparently. Your code never handles token lifecycle; just call the API and send.

Scale to thousands of linked accounts

Each user links their own account. You manage an account_id per user; Unipile handles the rest. No per-provider SDK juggling.

Consistent response format

The API returns the same JSON structure regardless of provider. Parse one schema, build one error handler, ship faster.

Need to send emails on behalf of your users at scale? Read the full guide on how to send emails on behalf of your users, including the compliance and consent model Unipile uses to keep everything auditable.

API Reference

All Send Email API Endpoints, Organized

Every endpoint available for connecting accounts, sending and replying, managing your mailbox, and listening to events across Gmail, Outlook, and IMAP with a single integration.

Explore All Endpoints
Gmail Outlook IMAP
Send & ReplySend
Account SetupAccount
Manage EmailsManage
Webhooks

Send & Reply

4 endpoints available

GmailGmail
OutlookOutlook
IMAPIMAP
Send an Email
Reply to an Email
Forward an Email
Send with Attachments

Account Setup

3 endpoints available

GmailGmail
OutlookOutlook
IMAPIMAP
Hosted Auth: white-label OAuth flow
Use your own OAuth screen
Connect with credentials (SMTP)

Manage Emails

5 endpoints available

GmailGmail
OutlookOutlook
IMAPIMAP
List Emails
Get Email
Delete Email
Move Email
List Folders

Webhooks

2 events available

GmailGmail
OutlookOutlook
IMAPIMAP
New Email received
Open and click tracking
Explore API Reference
Email API Guide
Want the complete email API integration guide?

Covers authentication flows, webhook setup, reading and sending emails, attachments, and full provider comparison, everything you need to build a production-ready send email API integration.

Read the Email API Guide
Auth & Security

Authentication and Security for Your Send Email API Integration

Handling user email credentials is one of the highest-risk parts of any SaaS integration. Unipile's architecture is designed so you never store or transmit OAuth2 tokens directly; the risk surface stays minimal and compliance stays manageable.

OAuth2: no credential storage on your side

Unipile generates the OAuth2 consent URL, collects the authorization code, and stores the access and refresh tokens in its own encrypted vault. Your backend only ever sees an account_id. No raw token, no password, no credential drift.

Automatic token refresh

Gmail OAuth2 tokens expire after 1 hour. Microsoft tokens expire after 1 hour (access) or 90 days (refresh). Unipile refreshes them automatically before expiry. Your send email API calls never fail due to a stale token.

Minimal OAuth2 scopes

For a send-only integration, Unipile requests only the scopes required: gmail.send for Gmail and Mail.Send for Outlook. This follows the principle of least privilege and reduces the attack surface for your users' data.

Webhook signature verification

Every webhook Unipile sends to your endpoint includes a signature header you can verify against your webhook secret. This ensures event payloads cannot be forged by third parties attempting to trigger actions in your system.

SOC 2 Type II

Unipile's infrastructure is SOC 2 Type II certified. Audited controls cover access management, encryption at rest and in transit, incident response, and availability. This makes it straightforward to pass vendor security reviews when your SaaS customers ask how you handle their email credentials.

Learn about the secure email API
CASA Tier 2

Unipile is CASA Tier 2 assessed, the security standard required by Google for applications accessing sensitive Gmail API scopes. The assessment is conducted by an authorized lab and covers data handling, access controls, and secure development practices. Required to maintain production access to Gmail sending scopes.

API Capabilities

Full Email API Feature Coverage Across All Providers

One integration gives you access to every major email operation across Gmail, Outlook, and IMAP providers. The same endpoint, the same payload structure, the same response format regardless of which account your user has connected.

Feature Gmail Outlook / M365 IMAP / SMTP
Sending
Send email from user account
Send with attachments
Reply in existing thread
CC and BCC recipients
HTML body content
Inline images (CID embedding)
Daily send limit (approx.) ~500 / day ~10,000 / day Server-dependent
Reading & Sync
List and read emails
Thread / conversation view
Real-time webhooks (new email, read, sent)
Incremental delta sync
Label and folder management Labels Folders Folders
Auth & Security
OAuth2 (no password storage) App password
Automatic token refresh
SOC 2 Type II / CASA Tier 2
Common Pitfalls

Common Mistakes When Building a Send Email API Integration

Most issues developers encounter when integrating a user-account send email API fall into a small set of categories. Here are the ones worth knowing before you start building.

01
Ignoring provider rate limits

Gmail personal accounts are limited to approximately 500 emails per day. Outlook accounts have higher limits but can still throttle under burst conditions. Exceeding these limits results in 429 errors or temporary account suspension by the provider.

Fix:Track send counts per linked account, implement exponential backoff on 429 responses, and spread bulk sends across time windows rather than sending in a single burst.
02
Not handling token revocation

Users can revoke access at any time from their Google or Microsoft account settings. When this happens, Unipile will return an error on the next API call for that account. If your application does not handle this gracefully, it results in silent email delivery failures.

Fix:Listen for the account.disconnected webhook event and prompt the user to re-link their account.
03
Sending without explicit user consent

Even with a valid OAuth2 token, sending emails from a user's account without their knowledge violates Google and Microsoft's usage policies and most jurisdictions' spam laws. The OAuth2 consent screen must clearly explain what your application will do.

Fix:Use clear language in your OAuth consent screen and in-app descriptions. Document what triggers an automated send and give users control to disable it.
04
Storing raw OAuth2 tokens in your database

If you store access tokens yourself and they are exposed in a data breach, an attacker has full access to all linked email accounts. This is a critical security and compliance risk, especially under GDPR.

Fix:Use Unipile's hosted auth flow. You store only the account_id; Unipile holds the tokens in its SOC 2 certified vault. Your database never touches a raw OAuth2 token.
05
Treating SMTP and a send email REST API as interchangeable

SMTP requires direct server access, credential management, TLS configuration, and bounce handling. A REST send email API abstracts all of that. Combining both approaches in the same codebase adds complexity without benefit.

Fix:For user-account sending, use the REST API exclusively. SMTP is only relevant if you are operating your own mail infrastructure or have a provider that does not support OAuth2.

Frequently Asked Questions

Everything you need to know about the send email API.

A send email API is a REST interface that lets your application send emails programmatically without opening an email client. Unipile's send email API specifically sends from user-owned accounts (Gmail, Outlook, IMAP), meaning the email arrives from the user's real address rather than a generic noreply@ domain you control.
With Unipile, you generate a hosted auth link for the GOOGLE provider type. The user authenticates through Google's standard OAuth2 consent screen. Once linked, you receive an account_id via webhook. You then POST to /api/v1/emails with that account_id and your message payload. The email sends from their actual Gmail address. No Gmail API key setup required on your side.
Yes. Unipile supports sending emails programmatically from Outlook accounts, including personal Outlook, Microsoft 365, and Exchange Online, all via the same API endpoint. You link the account using the MICROSOFT provider type. Authentication uses OAuth2 with the Mail.Send delegated permission. Unipile handles token refresh automatically.
For a send-only integration, the minimum required scope is https://www.googleapis.com/auth/gmail.send. This allows sending emails but does not grant access to read, modify, or delete messages. When using Unipile, you do not configure this scope yourself; the hosted auth flow handles it. For a pure send email API use case, gmail.send is sufficient.
These are different markets for different problems. Transactional APIs send from a domain you own and control. Unipile is not in that market. Unipile connects to your users' real Gmail or Outlook accounts and sends on their behalf, with their identity, for use cases where the sender address matters: CRM sequences, support replies, outreach.
Rate limits apply at the provider level, not the Unipile level. Gmail personal accounts allow approximately 500 emails per day. Outlook and Microsoft 365 accounts have higher limits but can throttle under heavy burst. Best practice: track send volume per linked account in your own database, implement exponential backoff when you receive 429 responses, and spread bulk sends across time windows. Unipile returns the provider's error code so you can distinguish a rate limit error from an auth failure. For more on this, see our comparison of free email APIs.
Yes: that is exactly what Unipile provides. One POST /api/v1/emails endpoint handles Gmail, Outlook, and IMAP accounts. The provider is determined by the account_id in the payload; you do not need to specify it. Write your sending logic once and it works regardless of which email provider your user has linked. See the detailed breakdown of the 6 main email API providers.
Unipile uses OAuth2 exclusively; no passwords are stored. Users go through the provider's standard consent screen and can revoke access at any time from their Google or Microsoft account settings. Unipile is SOC 2 Type II certified, meaning security controls including access management, encryption, and incident response are independently audited. OAuth2 tokens are stored in an encrypted vault and never exposed to your application.

Still have questions? Our team is here to help.

en_USEN
fr_FRFR es_ESES de_DEDE it_ITIT pt_BRBR nl_NLNL pl_PLPL tr_TRTR en_USEN