Resources/The Agent API Atlas/Marketing/Brevo

Everything an AI agent can do with the Brevo API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints27

API versionv3

Last updated23 June 2026

Orientation

How the Brevo API works.

The Brevo API is how an app or AI agent works with a Brevo account: managing contacts and lists, sending a transactional email, running an email or SMS campaign, and reading delivery and engagement reports. Access is granted through an account-level API key sent in a header, and that key carries full access with no granular scopes, so every read and write across the account runs under the same credential. Brevo can also push transactional and marketing events to a registered URL when something happens, like an email being delivered or a contact being added to a list.

27Endpoints

8Capability groups

12Read

15Write

0Permissions

Authentication

Brevo authenticates every request with an account-level API key sent in the api-key header. The key is created in the account's API keys settings and is tied to the whole account, not to a single user or app. There is no Bearer or OAuth flow for standard API access; the same key is sent on each call. A separate Bearer MCP key is used for the Brevo MCP server.

Permissions

A Brevo API key carries full access to every endpoint the account's plan allows. There are no granular per-resource scopes or read-only keys, so a single key can read contacts, send email and SMS, run campaigns, and change account settings. Limiting an agent to read-only access or to specific areas has to be enforced outside Brevo, which is the boundary Bollard applies.

Versioning

The API is version 3, a single continuously updated line carried over from the Sendinblue era. Brevo does not mint new version numbers for changes; it ships dated updates through release notes and SDK releases instead. The company rebranded from Sendinblue to Brevo in May 2023, and the base host moved to api.brevo.com while the v3 path stayed the same.

Data model

Brevo is resource-oriented JSON over HTTPS at api.brevo.com/v3. Contacts are organized into lists, and lists into folders. Email goes out two ways: transactional email for per-recipient messages under the smtp path, and email campaigns for audience sends. SMS mirrors this with transactional and campaign sends. Senders, templates, and webhooks support those flows, and a webhook delivers transactional or marketing events to a URL.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Brevo determines what it can reach. There is a route for making calls, a route for receiving events, and a hosted server that exposes Brevo tools to agents, and each is governed by the key behind it.

Ways to connect

REST API

The REST API answers at https://api.brevo.com/v3. It takes JSON request bodies, returns JSON, and pages through lists with limit and offset query parameters. A call authenticates with an account API key sent in the api-key header.

Best forConnecting an app or AI agent to Brevo.

Governed byThe account API key, which carries full access.

Docs ↗

Webhooks

Brevo POSTs a JSON payload to a registered URL when an event fires. There are two webhook types: transactional, for per-message email and SMS events like delivered, opened, and hard_bounce, and marketing, for events like list_addition, contact_updated, and unsubscribe.

Best forReceiving Brevo events at an app or AI agent.

Governed byThe webhook registration and its chosen event types.

Docs ↗

MCP server

Brevo publishes a first-party hosted Model Context Protocol server at https://mcp.brevo.com/v1/brevo/mcp that exposes Brevo tools to AI agents, with all features combined across modules and individual per-domain servers for areas like contacts, campaigns, and SMS. It authenticates with a Bearer token generated as an MCP API key in the account's API keys settings.

Best forConnecting an AI agent to Brevo through MCP.

Governed byThe Bearer MCP key, which carries account access.

Docs ↗

Authentication

API key

Brevo authenticates each request with an account-level API key sent in the api-key header. The key carries full access to every endpoint the account's plan allows, with no granular per-resource scopes, so any holder of the key can read and write across the whole account. Read-only versus write access and which areas an agent may touch have to be enforced outside Brevo.

TokenAPI key (api-key header)

Best forServer-side calls to the Brevo API.

Docs ↗

MCP API key

The Brevo MCP server uses a dedicated MCP API key, generated in the account's API keys settings and sent as a Bearer token in the Authorization header. It grants the agent access through the MCP server rather than through direct REST calls.

TokenBearer token (MCP API key)

Best forConnecting an AI agent through the Brevo MCP server.

Docs ↗

Capability map

What an AI agent can do in Brevo.

The Brevo API is split into areas an agent can act on, like contacts, lists, transactional email, email campaigns, SMS, templates, and senders. Each area has its own methods, and writes in some areas send real messages to real people.

Contacts

6 endpoints

Create, read, update, and delete contacts, list every contact, and import contacts in bulk.

Writes here change real contact data, and a bulk import can touch many records at once.

View endpoints →

Contact lists

5 endpoints

List and create contact lists, read the contacts in a list, and add or remove contacts from a list.

Writes here change which contacts belong to a list.

View endpoints →

Folders

2 endpoints

List the folders that organize contact lists and create a new folder.

Writes here change real folder data.

View endpoints →

Transactional email

3 endpoints

Send a transactional email, read the per-message event report, and fetch a sent email's content.

Sending an email delivers a real message to a real inbox.

View endpoints →

Email campaigns

3 endpoints

List and create email campaigns, read a campaign's report, and send a campaign immediately.

Sending a campaign delivers to its whole audience and cannot be recalled.

View endpoints →

SMS

2 endpoints

Send a transactional SMS to a mobile number and send an SMS campaign to its audience.

Sending an SMS delivers a real text message and consumes SMS credits.

View endpoints →

Templates

2 endpoints

List the transactional email templates and create a new one.

Writes here change the templates used by transactional email.

View endpoints →

Senders, webhooks & account

4 endpoints

List senders, list and create webhooks, and read the account's plan and credit balance.

Writes here register new event receivers and change account configuration.

View endpoints →

Endpoint reference

Every Brevo API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Contacts Create, read, update, and delete contacts, list every contact, and import contacts in bulk.6
POST	`/v3/contacts`	Create a contact, optionally adding it to lists and setting attributes.	write	—	Current
A Brevo API key carries full account access, so there is no per-endpoint scope. Adding the contact to a list can fire a list_addition marketing webhook. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook event`list_addition` Rate limit10 requests per second, 36,000 per hour (General tier) SourceOfficial documentation ↗
GET	`/v3/contacts`	Get all the contacts in the account.	read	—	Current
Read-only. Returns email addresses and attributes for every contact. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit10 requests per second, 36,000 per hour (General tier) SourceOfficial documentation ↗
GET	`/v3/contacts/{identifier}`	Get a single contact's details by email, ID, or phone identifier.	read	—	Current
Read-only. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit10 requests per second, 36,000 per hour (General tier) SourceOfficial documentation ↗
PUT	`/v3/contacts/{identifier}`	Update a contact's attributes, list membership, or opt-in status.	write	—	Current
Can fire a contact_updated marketing webhook. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook event`contact_updated` Rate limit10 requests per second, 36,000 per hour (General tier) SourceOfficial documentation ↗
DELETE	`/v3/contacts/{identifier}`	Delete a contact permanently.	write	—	Current
Irreversible. Can fire a contact_deleted marketing webhook. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook event`contact_deleted` Rate limit10 requests per second, 36,000 per hour (General tier) SourceOfficial documentation ↗
POST	`/v3/contacts/import`	Import contacts in bulk from a file or inline list, optionally into chosen lists.	write	—	Current
A single call can create or update many contacts at once and add them to lists. Acts oncontact Permission (capability)None required VersionAvailable since the API’s base version Webhook event`list_addition` Rate limit10 requests per second, 36,000 per hour (General tier) SourceOfficial documentation ↗
Contact lists List and create contact lists, read the contacts in a list, and add or remove contacts from a list.5
GET	`/v3/contacts/lists`	Get all the contact lists in the account.	read	—	Current
Read-only. Acts onlist Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/contacts/lists`	Create a contact list inside a folder.	write	—	Current
A list must be created inside an existing folder. Acts onlist Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/contacts/lists/{listId}/contacts`	Get the contacts that belong to a list.	read	—	Current
Read-only. Acts onlist Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/contacts/lists/{listId}/contacts/add`	Add existing contacts to a list.	write	—	Current
Can fire a list_addition marketing webhook for each contact added. Acts onlist Permission (capability)None required VersionAvailable since the API’s base version Webhook event`list_addition` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/contacts/lists/{listId}/contacts/remove`	Remove contacts from a list.	write	—	Current
Removes the contacts from the list without deleting the contacts themselves. Acts onlist Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Folders List the folders that organize contact lists and create a new folder.2
GET	`/v3/contacts/folders`	Get all the folders that organize contact lists.	read	—	Current
Read-only. Acts onfolder Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/contacts/folders`	Create a folder to hold contact lists.	write	—	Current
A folder groups related contact lists. Acts onfolder Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Transactional email Send a transactional email, read the per-message event report, and fetch a sent email's content.3
POST	`/v3/smtp/email`	Send a transactional email to one or more recipients, from raw content or a template.	write	—	Current
Delivers a real email. Brevo emits delivery, open, click, and bounce events for it through transactional webhooks. Acts ontransactional email Permission (capability)None required VersionAvailable since the API’s base version Webhook event`delivered` Rate limit1,000 requests per second, 3,600,000 per hour (General tier) SourceOfficial documentation ↗
GET	`/v3/smtp/statistics/events`	Get the per-message event report for transactional email activity.	read	—	Current
Read-only. Returns the event log of sent, delivered, opened, clicked, and bounced messages. Acts ontransactional email Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/smtp/emails/{uuid}`	Get the content of a sent transactional email by its UUID.	read	—	Current
Read-only. Content is retained for a limited window after sending. Acts ontransactional email Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Email campaigns List and create email campaigns, read a campaign's report, and send a campaign immediately.3
GET	`/v3/emailCampaigns`	Get all the email campaigns in the account.	read	—	Current
Read-only. Acts onemail campaign Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/emailCampaigns`	Create an email campaign in draft, scheduled, or sent state.	write	—	Current
Creating a campaign does not send it unless it is set to send immediately. Acts onemail campaign Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/emailCampaigns/{campaignId}/sendNow`	Send an email campaign immediately to its audience.	write	—	Current
Delivers to the whole campaign audience at once and cannot be recalled. Acts onemail campaign Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
SMS Send a transactional SMS to a mobile number and send an SMS campaign to its audience.2
POST	`/v3/transactionalSMS/send`	Send a transactional SMS to a single mobile number.	write	—	Current
Delivers a real text message and consumes SMS credits. The older POST /v3/transactionalSMS/sms path is deprecated in favor of this one. Acts onSMS Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limit150 requests per second, 540,000 per hour (General tier) SourceOfficial documentation ↗
POST	`/v3/smsCampaigns/{campaignId}/sendNow`	Send an SMS campaign immediately to its audience.	write	—	Current
Delivers to the whole campaign audience and consumes SMS credits per message. Acts onSMS campaign Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Templates List the transactional email templates and create a new one.2
GET	`/v3/smtp/templates`	Get all the transactional email templates.	read	—	Current
Read-only. Acts ontemplate Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/smtp/templates`	Create a transactional email template.	write	—	Current
The template can then be referenced by transactional email sends. Acts ontemplate Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Senders, webhooks & account List senders, list and create webhooks, and read the account's plan and credit balance.4
GET	`/v3/senders`	Get the list of all senders configured in the account.	read	—	Current
Read-only. Acts onsender Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/webhooks`	Create a webhook that posts chosen transactional or marketing events to a URL.	write	—	Current
Registers an event receiver. The webhook type, transactional or marketing, decides which events it can subscribe to. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/webhooks`	Get all the webhooks in the account.	read	—	Current
Read-only. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/account`	Get the account's information, plan, and remaining credits.	read	—	Current
Read-only. Reports the plan type and the email and SMS credit balance. Acts onaccount Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Brevo can notify an app when something happens, like a transactional email being delivered or opened, or a contact being added to a list. It posts a JSON payload to a registered URL, so an integration learns about activity without polling.

Event	What it signals	Triggered by
`delivered`	A transactional email was accepted and delivered to the recipient's mail server.	`/v3/smtp/email`
`opened`	A delivered transactional email was opened by the recipient. Brevo also emits unique_opened for the first open.	`/v3/smtp/email`
`click`	A link inside a delivered transactional email was clicked.	`/v3/smtp/email`
`hard_bounce`	A transactional email permanently failed, for example because the address does not exist.	`/v3/smtp/email`
`list_addition`	A contact was added to a list. Delivered through marketing webhooks.	`/v3/contacts` `/v3/contacts/import` `/v3/contacts/lists/{listId}/contacts/add`
`contact_updated`	A contact's attributes or list membership changed. Delivered through marketing webhooks.	`/v3/contacts/{identifier}`
`contact_deleted`	A contact was deleted. Delivered through marketing webhooks.	`/v3/contacts/{identifier}`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Brevo limits how fast an app can call each endpoint, measured as requests per second and per hour, with higher ceilings on Professional and Enterprise plans.

Request rate

Brevo sets a separate limit on each endpoint, expressed as both requests per second and requests per hour, and where both apply both must be respected at once. Limits are tiered by plan: a General tier applies to all accounts, an Advanced tier to Professional and Enterprise plans, and an Extended tier to Enterprise. On the General tier, transactional email sending allows 1,000 requests per second and 3,600,000 per hour, transactional SMS allows 150 per second and 540,000 per hour, and contact endpoints allow 10 per second and 36,000 per hour. Higher tiers raise these ceilings. Going over returns HTTP 429, and every response carries the x-sib-ratelimit-limit, x-sib-ratelimit-remaining, and x-sib-ratelimit-reset headers that report the current state.

Pagination

List endpoints page with the limit and offset query parameters, where offset is 0-based, so the second page of 50 results uses offset=50. The default and maximum value of limit are set per endpoint rather than by one global rule, so the exact ceiling is given on each endpoint's reference page.

Request size

Request and response bodies are JSON, and the Content-Type must be application/json. A bulk contact import accepts many contacts in a single call, and the per-endpoint limit caps how large each page of a list response can be.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`invalid_parameter / missing_parameter`	The request was bad: a parameter is missing, out of range, or invalid, with code strings like missing_parameter, invalid_parameter, out_of_range, or duplicate_parameter.	Read the message field, fix the named parameter, and resend.
401	`unauthorized`	The API key is missing or invalid.	Send a valid key in the api-key header, and rotate the key if it is compromised.
402	`not_enough_credits`	The account lacks the credits or activation needed for the request, for example to send email or SMS.	Top up credits or complete account validation, then retry.
403	`permission_denied`	The account is not permitted to perform this request, for example while it is under validation.	Resolve the account restriction, such as account_under_validation, before retrying.
404	`document_not_found`	The requested object does not exist or is not visible to this account.	Verify the identifier and that the object belongs to this account.
405	`method_not_allowed`	The HTTP method is not allowed on this endpoint.	Use the method documented for the endpoint.
406	`not_acceptable`	The Content-Type is not acceptable; Brevo expects application/json.	Set the Content-Type header to application/json.
429	`too_many_requests`	The endpoint's per-second or per-hour rate limit was exceeded.	Back off and retry, reading the x-sib-ratelimit-remaining and x-sib-ratelimit-reset headers.

Versioning & freshness

Version history.

Brevo runs a single, continuously updated version 3 of its API, the line that carried over from the Sendinblue era, and ships dated changes through release notes rather than minting new version numbers.

Version history

What changed, and when

Latest versionv3

v3Current version

Brevo API version 3 (current, continuously updated)

The API has run on version 3 since the Sendinblue era and stays a single continuously updated line. Brevo does not mint new version numbers; it ships dated changes through release notes and SDK releases. The base host is api.brevo.com/v3, and access uses the api-key header.

What changed

Sendinblue rebranded to Brevo in May 2023; the base host moved to api.brevo.com while the v3 path stayed the same.
A first-party hosted MCP server was introduced at mcp.brevo.com, exposing Brevo tools to AI agents.

2026-05-14Requires migration

Major SDK releases

Brevo shipped next-major SDK versions with breaking changes (Node.js v6.0.0, PHP v5.0.0, Python v5.0.0) alongside a rework of the OpenAPI spec to match real API behavior.

What changed

Node.js SDK v6.0.0, PHP SDK v5.0.0, and Python SDK v5.0.0 released with breaking changes.
OpenAPI spec reworked to better match the live API.

2026-03-25Feature update

SDK updates

New endpoints and fields, including a paginated list of custom events, shipped in Node.js v5.0.3, PHP v4.0.11, and Python v4.0.9.

What changed

Added a paginated custom-events list method to the SDKs.
Various new endpoints and fields.

2026-03-02Feature update

MCP server security and configuration update

The Brevo MCP server's tools are now auto-generated from the OpenAPI spec, with improved security and rate limiting.

What changed

MCP tools auto-generated from the OpenAPI spec.
Improved MCP security and rate limiting.

There is one current version; track the release notes for dated changes.

Brevo API changelog ↗

Questions

Brevo API, answered.

How does authentication work, and is there OAuth?+

Standard API access uses an account-level API key sent in the api-key header on every request. The key is generated in the account's API keys settings. There is no OAuth flow for normal API calls; the getting-started docs mention OAuth 2.0 only for some partner and marketplace use. The Brevo MCP server is the exception, using a dedicated Bearer MCP key.

Does a Brevo API key have scopes or permissions?+

No. A Brevo API key carries full access to every endpoint the account's plan allows, with no granular per-resource scopes and no read-only key type. That means a single leaked key can read contacts and send email, SMS, and campaigns. Restricting an agent to read-only or to specific areas has to be done outside Brevo, in a gateway like Bollard.

What are the rate limits?+

Brevo limits each endpoint separately, in both requests per second and requests per hour, tiered by plan. On the General tier that applies to all accounts, transactional email sending allows 1,000 per second and 3,600,000 per hour, transactional SMS allows 150 per second, and contact endpoints allow 10 per second. Professional and Enterprise plans get higher Advanced and Extended ceilings. Going over returns HTTP 429, and the x-sib-ratelimit headers report the current state.

What's the difference between transactional and marketing webhooks?+

Brevo has two webhook types. A transactional webhook delivers per-message events for individual email and SMS sends, like delivered, opened, click, and hard_bounce. A marketing webhook delivers events about contacts and campaigns, like list_addition, contact_updated, contact_deleted, and unsubscribe. Each webhook is created as one type and can subscribe only to that type's events.

What's the difference between transactional email and an email campaign?+

Transactional email sends an individual message to specific recipients, like a receipt or a password reset, through the smtp path and is triggered by the application. An email campaign is a one-to-many marketing send to a whole audience, created as a campaign and then sent immediately or on a schedule. The two have separate endpoints and separate event reporting.

Does Brevo have an official MCP server for AI agents?+

Yes. Brevo publishes a first-party hosted Model Context Protocol server at mcp.brevo.com that exposes Brevo tools to AI agents, with an all-features endpoint and individual per-domain servers for areas like contacts, campaigns, and SMS. It authenticates with a dedicated Bearer MCP key generated in the account's API keys settings, and its tools are generated from the same API spec.

Is this still the Sendinblue API?+

Yes. Sendinblue rebranded to Brevo in May 2023, and the same version 3 API carried over. The base host moved to api.brevo.com and the api-key header stayed the same, so existing v3 integrations continued to work. Older references to Sendinblue describe the same API.

What is Bollard AI?

Control what every AI agent can do in Brevo.

Bollard AI sits between a team's AI agents and Brevo. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Brevo key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Brevo access in Bollard Browse all APIs →

Brevo

Marketing Agent

Read contacts ResourceOffReadFull use

Send a campaign ActionOffReadFull use

Transactional email ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Brevo

How the Brevo API works.

Connection & authentication methods.

REST API

Webhooks

MCP server

API key

MCP API key

What an AI agent can do in Brevo.

Contacts

Contact lists

Folders

Transactional email

Email campaigns

SMS

Templates

Senders, webhooks & account

Every Brevo API method.

Contacts

Contact lists

Folders

Transactional email

Email campaigns

SMS

Templates

Senders, webhooks & account

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Brevo API, answered.

More marketing API guides for agents

Constant Contact

Campaign Monitor

GetResponse

MailerLite

Mailgun

Braze

Control what every AI agent can do in Brevo.