AltosMail uses OAuth for API authorization. It supports both OAuth 1a and OAuth 2; however, as of 1.1.2, the administrator of the AltosMail instance must choose one or the other. Of course OAuth 2 is only recommended for servers secured behind SSL.

The AltosMail administrator should enable the API in the Configuration -> API Settings and choose the desired mode for API authentication (OAuth 1a or OAuth 2). This will add the “API Credentials” to the admin menu. A client/consumer ID and secret should then be generated which will be used in the following processes.

All authorization requests should be made to the specific AltosMail instances URL, i.e. https://your-altosmail.altosmail.com.

The OAuth processes can be a pain. If possible, it’s best to use an OAuth library for the language being used.