Connect TestLab to your automated tests.
Create a scoped key in TestLab, store it as MAILVATOR_API_KEY in your CI secret store, and use a unique inbox alias for every test run.
Keep test data syntheticNever send real customer information, production passwords or live payment details into a QA inbox.
Playwright · wait for a verification code
const alias = `signup-${Date.now()}`;
const address = `YOUR-WORKSPACE--${alias}@qa.mailvator.com`;
await page.getByLabel("Email").fill(address);
await page.getByRole("button", { name: "Create account" }).click();
await expect.poll(async () => {
const response = await request.get(
`https://mailvator.com/api/v1/messages?inbox=${alias}`,
{ headers: { Authorization: `Bearer ${process.env.MAILVATOR_API_KEY}` } }
);
const data = await response.json();
return data.messages[0]?.otp;
}).toMatch(/^\d{6}$/);Cypress · assert a password-reset link
const alias = `reset-${Date.now()}`;
cy.request({
url: `https://mailvator.com/api/v1/messages?inbox=${alias}`,
headers: { Authorization: `Bearer ${Cypress.env("MAILVATOR_API_KEY")}` }
}).its("body.messages.0.links.0").should("include", "/reset");CI checklist
- Create a separate API key for each environment.
- Use read-only scopes where inbox creation is not required.
- Never print API keys or full message bodies in CI logs.
- Revoke unused keys and review workspace audit activity.
- Use signed webhooks when polling is not appropriate.