Skip to main content
The HTTP API supports up to 10 file attachments per email, sent as base64-encoded content in the request body.

Allowed file types

Only the following file types are accepted (whitelist approach for security):
CategoryExtensions
Images.png, .jpg, .jpeg, .gif, .webp, .bmp, .ico
Documents.pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx
OpenDocument.odt, .ods, .odp
Text / Vector.txt, .csv, .json, .xml, .md, .svg
Other.ics (calendar), .vcf (contact)
Executable files (.exe, .bat, .sh, etc.) and archive formats (.zip, .tar, .gz) are not accepted.

Size limits

  • Per attachment: No individual limit, but the total request body must be under the server’s configured maximum (typically 25MB)
  • Per email: Maximum 10 attachments
  • Content encoding: Base64 increases size by ~33%, so a 25MB limit allows approximately 18MB of actual file content

Example

{
  "from": { "email": "hello@yourdomain.com" },
  "to": { "email": "user@example.com" },
  "subject": "Invoice attached",
  "html_body": "<p>Please find your invoice attached.</p>",
  "attachments": [
    {
      "filename": "invoice-2026-03.pdf",
      "content": "JVBERi0xLjQKMSAwIG9iago8PAovVHlwZSAvQ2F0YWxvZw...",
      "type": "application/pdf"
    }
  ]
}

Attachment fields

FieldTypeRequiredDescription
filenamestringYesFilename with allowed extension
contentstringYesBase64-encoded file content
typestringNoMIME type override (auto-detected from extension if omitted)

Security

Sendmux performs magic byte validation on binary attachments — the actual file content must match the claimed extension. For example, an .exe file renamed to .pdf will be rejected. Text-based formats (.txt, .csv, .json, .xml, .md, .svg, .ics, .vcf) are validated by extension only, as they don’t have reliable magic byte signatures.