Common REST status codes

  • 400: validation or request parsing error
  • 401: missing or invalid API key
  • 404: object not found
  • 409: conflict, such as a duplicate key or incompatible state
  • 413: request too large
The exact envelope varies a little by endpoint, but the OpenAPI reference shows the response shape for each route.

Transactional email limits

The transactional send endpoint enforces these limits:
  • Up to 3 attachments
  • 10 MB decoded per attachment
  • 20 MB decoded attachment total
  • 25 MB total request body cap

MCP error behavior

MCP uses connection-level auth and tool-level application errors.
  • Missing Bearer token returns 401 with Authorization header with Bearer token required.
  • Invalid keys return 401 with invalid API key.
  • User-facing application errors are returned directly when they are safe to show.
  • Unexpected internal failures are sanitized to An unexpected error occurred.

Rate limiting

The public developer surfaces use an IP-based rate limit.
  • Default limit: 600 requests per minute per IP
  • Applies to both documented REST endpoints and the MCP mount
If you sit behind trusted proxies, configure proxy CIDRs so MailKatana can resolve the real client IP correctly.