Email for AI agents
How to Connect ChatGPT to Your Email
You can connect ChatGPT to your email so it reads your threads, drafts replies in your voice, and handles the inbox - without ever letting it fire off a message you did not see. This guide shows the exact, no-code way to do it with a custom GPT, and how to keep a human approving every send so an AI never speaks for you by accident.
The short answer
ChatGPT cannot log into Gmail or Outlook by itself. To connect it to email, point a custom GPT at an inbox that exposes a REST API: add that API as a GPT Action by importing its OpenAPI schema, authenticate with an API key, and keep the key in human-in-the-loop mode so ChatGPT drafts and you approve every send.
Can ChatGPT actually read and reply to your email?
Yes - but not directly. ChatGPT has no built-in access to your Gmail or Outlook account, and giving it your password is never the answer. What it can do is call an external API on your behalf through a feature called GPT Actions. So the real task is not "log ChatGPT into my inbox," it is "give ChatGPT an inbox it can reach over an API." Once a mailbox is available as an API, a custom GPT can list mail, search it, read a full thread, and draft a reply - all inside a normal ChatGPT conversation.
The catch most tutorials skip: a sending API is not an inbox. Transactional senders like Resend or SendGrid only push mail out, one direction. To reply intelligently, ChatGPT has to read the incoming thread first. That is why you need a real two-way inbox behind the Action, not just a send pipe. (More on that split in agent inbox vs transactional email API.)
The three ways to connect ChatGPT (and other AI) to email
There are three practical paths, depending on whether you live in ChatGPT, in Claude, or in your own code. They all sit on top of the same inbox API.
| Method | Best for | Code needed | Keeps you on the send button |
|---|---|---|---|
| Custom GPT Action | Doing email inside ChatGPT itself | None (paste an OpenAPI schema) | Yes, with a human-in-the-loop key |
| MCP email server | Claude, IDE assistants, MCP hosts | A thin server that maps tools to the API | Yes, the backend enforces it |
| Direct REST API | Your own agent or automation | Yes (any language over HTTPS) | Yes, same key modes |
The rest of this guide walks the Custom GPT Action path in full, because it is the fastest way to get ChatGPT working an inbox with zero code. The MCP guide covers Claude, and the give-your-agent-an-inbox guide covers the raw API.
What you need before you start
Three things, and you can have all of them in a few minutes:
- An inbox that speaks API. A real, two-way mailbox with a documented REST API and, ideally, an OpenAPI schema so GPT Actions can import it automatically. In AutoEmail every connected business inbox is exactly this: stored threads, full-text search, spam scoring, and AI drafting, all reachable over HTTPS.
- A scoped API key. One Bearer token that says which mailboxes ChatGPT may touch and whether its writes send or only draft.
- The OpenAPI schema URL. GPT Actions are defined by an OpenAPI document. AutoEmail publishes a live one at
/openapi.json(OpenAPI 3.1) and a browsable version at/docs.
Step 1: Get an inbox ChatGPT can operate
Start with the mailbox you actually want ChatGPT to work - a support address, a founder inbox, a per-business mailbox. Connect it once in AutoEmail and it becomes a managed inbox: incoming mail is synced and threaded, searchable, spam-scored, and already being drafted by AI. Crucially, it is the same inbox you can see in the dashboard, so ChatGPT and you are never looking at different things. That shared surface is what makes human approval practical later.
Step 2: Create a scoped API key
Your custom GPT authenticates as itself with a single Bearer key. In AutoEmail you create one under Settings -> API Keys; it looks like ak_live_... and is shown in plaintext exactly once, then stored only as a hash. Two properties on that key are the whole security model:
- An account allowlist - the exact mailboxes this key may read and write. Anything else is invisible: a request for an out-of-scope account returns
403, and unknown rows you are allowed to query return404, so the key never leaks what exists. - A mode -
human_in_the_loop(the safe default) orfull_autonomous. This is the switch that decides whether ChatGPT can send, covered in Step 5.
Treat the key like a password
An email key can read and send mail. ChatGPT stores it server-side inside the Action config, which is correct - but never paste it into a public GPT's instructions, a screenshot, or client-side code. If a key ever leaks, revoke it and issue a new one. Hash-only storage means there is nothing to recover, only to replace.
Step 3: Add the Action to your custom GPT
Now wire the API into ChatGPT. In the Create a GPT editor, open Configure -> Actions -> Create new action, then:
- Import the schema. Paste the contents of
https://autoemail.dev/openapi.jsoninto the schema box (or import it by URL). ChatGPT parses the endpoints -getMe,listEmails,searchEmails,getEmail,replyToEmail,sendEmail,getUsage, and the rest - from theiroperationIds. - Set the server URL to your deployment. The schema's server is templated as
https://{deployment}.convex.site/api/v1. Replace{deployment}with your real host before saving - derive it from yourNEXT_PUBLIC_CONVEX_URLby swapping.convex.cloudfor.convex.siteand appending/api/v1. GPT Actions need one concrete server URL, not a placeholder. - Set authentication. Choose Authentication -> API Key, auth type Bearer, and paste your
ak_live_...key. That maps to theAuthorization: Bearer ...header every endpoint expects.
Why CORS being closed does not matter here
AutoEmail's API is intentionally CORS-closed - no browser may call it. GPT Actions are unaffected because ChatGPT calls the API from OpenAI's servers, not from your browser. Server-to-server is exactly the supported path, so the closed-CORS security posture and ChatGPT both hold at once.
If you plan to publish the GPT to others, ChatGPT will ask for a privacy policy URL; for a private, personal GPT you can skip that. Keep it private while you test.
Step 4: Tell your GPT how to work the inbox
An Action gives ChatGPT the ability to call the inbox. Good instructions give it the judgment to use it well. Paste something like this into the GPT's instructions:
You operate an email inbox through the AutoEmail Action.
- Always call getMe first to learn your mode and which businessId
accounts you may use. Never assume an account.
- Read before you write: use listEmails and searchEmails to find
the right message, then getEmail to read the full thread before
replying.
- To respond, call replyToEmail with a clear, on-brand draft. Do
not promise prices, dates, or refunds you cannot verify.
- Before large batches, call getUsage and stop if quota is low.
- You are in human-in-the-loop mode: your replies become drafts a
person approves. Write them as if they will be sent verbatim.
That "read before you write, call getMe first" habit is what turns ChatGPT from a guesser into a reliable operator. The full endpoint surface - emails, search, threads, drafts, contacts, calendar, outreach, spam settings, and usage - is documented in the OpenAPI spec and you can try each one live with your key at /docs.
Step 5: Keep yourself on the send button
This is the step that separates a useful setup from a liability. The moment an AI can send, it can send the wrong thing - a wrong price, a wrong commitment, the wrong recipient - confidently and irreversibly. The fix is not a better prompt. It is architecture.
In AutoEmail the key's mode decides what a write actually does:
human_in_the_loop(the safe default): every reply or new email ChatGPT composes becomes apendingdraft in the same approval queue you already use. You scan it, then send - or edit first, or decline with feedback that teaches the AI. ChatGPT does all the reading and drafting; you keep the final call.full_autonomous: writes send immediately. Reserve this for low-stakes mail you are comfortable letting fly.
The elegant part: ChatGPT's Action config does not change between modes. The same replyToEmail call produces a draft-for-approval with one key and a real send with another. You dial trust per key, not per integration - the heart of human-in-the-loop AI for email. Start every GPT on a human-in-the-loop key, watch its drafts for a week, and only graduate specific low-risk flows later. The deeper case for this is in human-in-the-loop email for AI agents.
Connecting Claude and other agents
If you also live in Claude, or you are building your own agent, you do not need a second inbox. The same API serves everyone:
- Claude and MCP hosts connect through an MCP email server - a thin layer that exposes the same endpoints as tools. The MCP email server guide shows the wiring.
- Your own agent calls the REST API directly in any language, discovering it from the OpenAPI spec and the
/llms.txt.
Because the backend enforces mode, allowlist, quota, and rate limits, every one of these clients inherits the same guardrails. A human-in-the-loop key is human-in-the-loop whether ChatGPT, Claude, or your code is holding it.
Common gotchas
- The
{deployment}placeholder. GPT Actions want one concrete server URL. If the Action returns nothing, check you replaced{deployment}with your real.convex.sitehost. - Wrong host. Use the
.convex.siteHTTP-actions host, not.convex.cloud. The.cloudhost is the reactive client endpoint and will not answer the REST API. - 401 vs 403 vs 404.
401means a missing or revoked key,403means the account is not on the key's allowlist, and404means an item you are allowed to query does not exist. Branch on those, never on the message text. - Quota. Each accepted reply, send, or approval consumes one unit; a write fails fast with
402 quota_exceededwhen you are out. Have your GPT callgetUsageand throttle before it hits the wall.
Putting it together
The mental model is simple: give ChatGPT an inbox over an API, scope the key, read before you write, and keep a human on the send button. Do that and ChatGPT stops being a chatbot that talks about your email and becomes an assistant that actually works it - safely, in your voice, with you approving anything that matters.
For the underlying architecture, see how to give your AI agent an email inbox and how AutoEmail works as an email API for AI agents.
Ready to let ChatGPT draft your replies - with you approving every send?
Start free