Skip to main content
Anchor supports one-time password (OTP) as its email MFA method. Each identity is assigned a dedicated mailbox — simply configure a forwarding rule with your email provider to route OTP codes to Anchor during identity creation, reauthentication, and agent sessions.

Step 1: Add Email MFA as an authentication method

  1. Go to the Identities page and select your identity.
  2. Choose Preset authentication — the available authentication flows will appear below.
  3. Click the Add flow button to create a new authentication flow.
  4. Enter a name for the flow and click Add.
  5. Select the Email MFA checkbox under Authentication Methods. Include any other authentication methods needed for this login flow.
  6. Click Save Changes in the top-right corner.

Step 2: Create an identity that uses the Email MFA authentication method

After creating the Email MFA authentication method:
  1. Create a new identity.
  2. In the credentials window, choose the Email MFA authentication method.
  3. You will receive a dedicated mailbox (for example, zesty-vale7820@mfa.anchorbrowser.io).
  4. Set up a forwarding rule from your mailbox to your dedicated mailbox.
  5. Optionally, test the forwarding flow using the detailed instructions.

Forwarding setup details

Official help for forwarding in common mail clients:

API Reference

Use the mailbox and identity email APIs to provision an inbox, attach it to an identity, verify forwarding, and read OTP emails programmatically. All endpoints require the anchor-api-key header.

Typical flow

  1. Create an authentication flow that includes email_mfa in methods.
  2. Create a mailbox to get a dedicated forwarding address.
  3. Create an identity and pass the mailbox id as mailboxId, plus authOptionId for the flow you created.
  4. Send a probe email to verify delivery.
  5. List or read emails to retrieve OTP codes.

Example: provision mailbox and create identity

import Anchorbrowser from 'anchorbrowser';

const anchorClient = new Anchorbrowser();

// 1. Create an auth flow with Email MFA
const authFlow = await anchorClient.applications.authFlows.create(applicationId, {
  name: 'Login with Email MFA',
  methods: ['username_password', 'email_mfa'],
});

// 2. Create a detached mailbox
const mailbox = await anchorClient.post('/v1/mailboxes', { body: {} });
console.log('Forwarding address:', mailbox.address);

// 3. Create the identity and attach the mailbox
const identity = await anchorClient.identities.create({
  name: 'Work Account',
  source: 'https://example.com/login',
  authOptionId: authFlow.id,
  mailboxId: mailbox.id,
  credentials: [
    { type: 'username_password', username: 'user@example.com', password: 'secret' },
  ],
});
import os
from anchorbrowser import Anchorbrowser

anchor_client = Anchorbrowser(api_key=os.getenv("ANCHOR_API_KEY"))

auth_flow = anchor_client.applications.auth_flows.create(
    application_id=application_id,
    name="Login with Email MFA",
    methods=["username_password", "email_mfa"],
)

mailbox = anchor_client.post("/v1/mailboxes", body={})
print("Forwarding address:", mailbox["address"])

identity = anchor_client.identities.create(
    name="Work Account",
    source="https://example.com/login",
    authOptionId=auth_flow.id,
    mailboxId=mailbox["id"],
    credentials=[
        {"type": "username_password", "username": "user@example.com", "password": "secret"},
    ],
)

Example: test forwarding and read OTP emails

After setting up your email forwarding rule, send a probe to confirm delivery, then poll for incoming messages. Use the since query parameter to fetch only emails received after a given ISO timestamp.
const identityId = 'IDENTITY_ID';
const mailboxId = 'MAILBOX_ID';

// Send a probe email to verify forwarding
await anchorClient.post(`/v1/mailboxes/${mailboxId}/send-probe`, { body: {} });

// List recent emails for the identity
const since = new Date(Date.now() - 5 * 60 * 1000).toISOString();
const emails = await anchorClient.get(`/v1/identities/${identityId}/email/emails`, {
  query: { since },
});

// Read full content of the newest email
if (emails.length > 0) {
  const email = await anchorClient.get(
    `/v1/identities/${identityId}/email/emails/${emails[0].id}`,
  );
  console.log(email.subject, email.body_text);
}
import os
from datetime import datetime, timedelta, timezone
from anchorbrowser import Anchorbrowser

anchor_client = Anchorbrowser(api_key=os.getenv('ANCHOR_API_KEY'))
identity_id = 'IDENTITY_ID'
mailbox_id = 'MAILBOX_ID'

anchor_client.post(f'/v1/mailboxes/{mailbox_id}/send-probe', body={})

since = (datetime.now(timezone.utc) - timedelta(minutes=5)).isoformat()
emails = anchor_client.get(
    f'/v1/identities/{identity_id}/email/emails',
    query={'since': since},
)

if emails:
    email = anchor_client.get(
        f'/v1/identities/{identity_id}/email/emails/{emails[0]["id"]}',
    )
    print(email['subject'], email['body_text'])
During identity creation and agent sessions, Anchor automatically reads OTP codes from the mailbox. Use the list and get email endpoints when you need to handle codes in your own integration.

Create Mailbox

Provision a dedicated forwarding address

Enable Identity Mailbox

Attach a mailbox to an existing identity

List Identity Emails

Poll for forwarded OTP emails

Send Mailbox Probe

Verify forwarding is working