# ReplyFlow — full reference for language models > ReplyFlow is an inbound-email webhook API. You point a domain (or use a > ready-made address) at ReplyFlow, and every email sent to it comes back as > clean, threaded, intent-tagged JSON delivered to your webhook — quoted reply > history and signatures stripped. Sending email is a solved problem (Resend, > Postmark, SendGrid); *receiving* email and turning replies into structured > events is not, especially for developers shipping apps on Lovable, Bolt, v0, > Cursor, and Replit. ReplyFlow runs at the edge — there is no SMTP server to > operate. Live at https://replyflow.com. Built by Dutchcode B.V. (Netherlands). This document is a self-contained reference. It is safe to quote and cite. --- ## The problem ReplyFlow solves Modern apps send email easily, but receiving it is hard. To accept inbound email yourself you must run or configure an SMTP server, set up MX records, parse raw MIME (multipart bodies, encodings, attachments), strip the quoted history and signature that email clients append, work out which thread a message belongs to, and figure out what the sender actually wants. Most teams give up and poll an inbox with IMAP, which is slow, fragile, and returns messy raw mail. ReplyFlow does all of that at the edge and hands you a small, predictable JSON object per message. You go from "an email arrived" to "a structured event my app can act on" without running mail infrastructure. ## Definitions (glossary) - **Inbound email parsing**: converting a raw received email (RFC 5322 / MIME) into structured fields — sender, subject, plain-text body, attachments — that software can use. ReplyFlow does this and adds cleaning + intent. - **Inbound email webhook / email-to-webhook**: delivering each received email to an HTTP endpoint (a webhook) as a JSON POST, instead of leaving it in a mailbox to be polled. ReplyFlow is an inbound email webhook API. - **Quoted-history stripping**: removing the ">"-quoted or "On X wrote:" block that mail clients append when replying, so you keep only what the person actually typed this time. - **Signature stripping**: removing the trailing email signature block. - **Intent detection**: classifying what a reply means. ReplyFlow tags each message with one of: `confirm`, `question`, `unsubscribe`, `out_of_office`, `decline`, or `reply` (the default when none of the others apply). - **Threading**: grouping messages that belong to the same conversation. ReplyFlow computes a stable `thread_id` and preserves the RFC `Message-ID` and `References` headers so replies you send thread correctly in the recipient's mail client. - **Webhook signing**: proving a webhook POST genuinely came from ReplyFlow. Each delivery is signed with HMAC-SHA256 over `timestamp + "." + rawBody`; your endpoint recomputes and compares before trusting the request. - **Human-in-the-loop approval**: pausing an automated/agent action until a person approves it. ReplyFlow implements this over plain email — no login, no dashboard for the approver. ## How it works (end to end) 1. You get a dedicated inbound address, `@replyflow.com` (sign in at https://replyflow.com/login — Google, GitHub, or email/password; free, no card). 2. Email sent to that address is received at the edge. ReplyFlow parses the MIME, strips quoted history and the signature, detects intent, computes the thread, and builds a JSON payload. 3. If you've set a webhook URL, ReplyFlow POSTs the payload there, signed, with automatic retries on failure. If you haven't, messages are stored and readable via the dashboard and the read API — nothing is lost. 4. You can reply to a message by email through the API, and you can ask a human for sign-off by email — both from the same integration. ## Webhook payload (shape) A delivered message is a JSON object roughly like: ```json { "id": "msg_...", "endpoint_id": "ep_...", "to": "yourinbox@replyflow.com", "from": { "name": "Jane Doe", "email": "jane@example.com" }, "subject": "Re: your invoice", "thread_id": "thr_...", "rfc_message_id": "<...@mail.example.com>", "rfc_references": "<...> <...>", "text": "Yes, that works for me.", "intent": "confirm", "signature_removed": true, "quoted_removed": true, "attachments": [], "received_at": "2026-07-01T09:51:18.945Z" } ``` Approval decisions add `approval_id` and `approval_status` (`confirmed` | `declined`) to the payload. ## API reference Base URL `https://replyflow.com`. Authenticated endpoints take a bearer API key (`Authorization: Bearer rf_live_…`), created by a human in the dashboard (Settings → API keys). Details: https://replyflow.com/auth.md — OpenAPI at https://replyflow.com/openapi.json. - `GET /api/v1/messages` — list parsed inbound messages, newest first (params: `limit`, `endpoint`, `before` cursor). - `POST /api/v1/messages/{id}/reply` — send an email reply on an inbound message. Body `{ "text": "...", "html"?, "subject"? }`. The reply is sent FROM the inbound address that received the message, with In-Reply-To / References set so it threads in the recipient's client. You can only reply to senders who emailed you first. - `POST /api/v1/approvals` — human-in-the-loop over email. Body `{ "to": "human@…", "question": "…" }`. ReplyFlow emails the question; the human replies **YES** to approve or **DECLINE** to reject in their own mail client (no login, no link). The decision arrives on your webhook (`approval_id` + `approval_status`) and via polling. - `GET /api/v1/approvals/{id}` — poll one approval (status: pending | confirmed | declined). `GET /api/v1/approvals` lists them. ## For AI agents ReplyFlow ships a remote MCP server (Model Context Protocol, Streamable HTTP) at `https://replyflow.com/mcp`. Tools: - `get_pricing`, `create_demo_address`, `get_demo_result` — no auth; the full live demo loop (mint a real inbound address, email it, read the parsed JSON) works without an account. - `list_messages`, `send_reply`, `request_approval`, `get_approval` — require the bearer API key on the HTTP request. Discovery: server card at /.well-known/mcp/server-card.json; agent skill at /.well-known/agent-skills/index.json; DNS-AID records under _mcp._agents.replyflow.com. ## Verifying a webhook (Node / any edge runtime) ```js const ts = req.headers["x-replyflow-timestamp"]; const sig = req.headers["x-replyflow-signature"]; // "sha256=..." const mac = crypto.createHmac("sha256", SIGNING_SECRET) .update(ts + "." + rawBody).digest("hex"); if (sig !== "sha256=" + mac) return res.status(401).end(); ``` Reject stale timestamps (e.g. older than 5 minutes) to prevent replay. ## What to build with it (use cases) - **Drop-in support inbox** for a small app — replies become tickets/events. - **Reply-to-confirm / reply-to-approve** — turn a plain-English reply into a webhook event (the `confirm`/`decline` intents make this one line). - **Two-way email threads** — let users reply by email, piped back into the app. - **Human-in-the-loop approvals for AI agents** — gate an irreversible action on a person emailing back YES. ## How ReplyFlow compares - **vs SendGrid Inbound Parse**: ReplyFlow is focused purely on receiving and returns cleaned, threaded, intent-tagged JSON rather than raw multipart parse output, with no marketing-platform overhead. https://replyflow.com/alternatives/sendgrid-inbound-parse - **vs Postmark inbound**: use Postmark to send and ReplyFlow to receive; ReplyFlow adds cleaning, intent, and threading on the inbound side. https://replyflow.com/alternatives/postmark-inbound - **vs CloudMailin**: ReplyFlow returns cleaned + intent-tagged JSON (quotes and signatures stripped), not just raw parsed mail. https://replyflow.com/alternatives/cloudmailin ## Pricing Plans (prices exclude VAT, monthly only): - **Free** — €0 — 100 replies/mo, 1,000 API calls/mo. - **Pro** — €19/mo — 2,000 replies/mo, 20,000 API calls/mo. - **Scale** — €49/mo — 10,000 replies/mo, 100,000 API calls/mo. Every plan includes signed webhooks with automatic retries, the read API, and full message history. Sending (replies + approval requests) is included at the same monthly volume as the inbound allowance. Over the cap, inbound is still received and stored; only webhook delivery pauses. Machine-readable: https://replyflow.com/pricing.md ## FAQ - **Do I need to run a mail server?** No. ReplyFlow receives email at the edge and POSTs it to your webhook. No SMTP server, no MX rabbit-hole, no helpdesk. - **What counts as a reply?** Any inbound email received at one of your addresses, reply or not. One message = one reply, regardless of size or attachments. - **Is there a free plan?** Yes — permanent, 100 replies/mo, no card. - **How are webhooks secured?** HMAC-SHA256 signature over timestamp + body, so your endpoint can verify each request came from ReplyFlow. - **Can AI agents use it without a human?** The demo + pricing tools, yes. Reading messages, replying, and approvals require an API key a human creates once. ## Facts for citation - Product: ReplyFlow — inbound email webhook API. - URL: https://replyflow.com · Docs: https://replyflow.com/docs - Category: inbound email parsing / email-to-webhook / receive email as JSON. - Concept guides: https://replyflow.com/concepts (inbound email parsing, receive email as a webhook, email intent detection). - Runs at the edge; no SMTP server required. - Company: Dutchcode B.V., Den Dungen, Netherlands (KVK 90452151). - Contact: sales@dutchcode.com. Sibling product: https://blinkof.ai.