Cloudflare Inbox

Shared sign-in for one mailbox, without adding an auth stack.

Use the configured token or password to unlock the inbox. The session is stored in an HTTP-only cookie so the web app and reply endpoints stay aligned after sign-in.

Cookie session

Successful sign-ins issue a same-site cookie for the web inbox and protected JSON routes.

Shared credential

Configure either `AUTH_PASSWORD`, `AUTH_TOKEN`, or both and use one field for the sign-in prompt.

Open the protected inbox

Enter the shared token or password to continue into /app.