# List messages sent to one recipient (PII-gated) `GET /v1/recipients/{email}/messages` - Authentication: required (Bearer token) - Required scope: `analytics.search.recipients` Returns one cursor-paginated page of messages addressed to a specific recipient — the same shape as `listMessages`, but with the recipient pinned from the URL path. This route is gated solely on the `analytics.search.recipients` scope (the broader `messages.view` is not required) so you can grant audit-style recipient lookup without exposing the full message index. Match is case-sensitive on the stored recipient address. URL-encode `@` as `%40` (e.g. `user%40example.com`). Unknown recipients return `200` with `data: []` — never `404`. Same 30-day default window and plan-retention behavior as `listMessages`. ## Path parameters - `email` (string, required) — Recipient address. Percent-encode `@` as `%40`. ## Query parameters - `limit` (integer, optional) — Page size (1–200). Default 50. - `cursor` (string, optional) — Opaque cursor returned from the previous page. - `from` (string, optional) — Window start (RFC 3339). Defaults to 30 days ago. - `to` (string, optional) — Window end (RFC 3339). Defaults to now. ## Example request ```bash curl 'https://api.sendops.dev/v1/recipients/user%40example.com/messages' \ -H "Authorization: Bearer $SENDOPS_API_KEY" ``` ## Responses ### 200 — Cursor-paginated list of messages Content type: `application/json` ```json { "data": [ { "id": "string", "channel": "string", "template": "string", "from": "string", "to": "string", "subject": "string", "sent_at": "2026-05-17T20:00:00Z", "status": "string", "last_event_at": "2026-05-17T20:00:00Z" } ], "pagination": { "has_more": true, "next_cursor": "string" } } ``` ### 401 — Missing, malformed, or unknown API key Content type: `application/problem+json` ```json { "type": "https://example.com", "title": "string", "status": 0, "detail": "string", "code": "invalid_key", "request_id": "string", "retry_after": 0, "retention_days": 0, "scope": "string", "resource": "string", "errors": [ { "field": "string", "reason": "string" } ] } ``` ### 403 — Key lacks the required scope or plan limit violated Content type: `application/problem+json` ```json { "type": "https://example.com", "title": "string", "status": 0, "detail": "string", "code": "invalid_key", "request_id": "string", "retry_after": 0, "retention_days": 0, "scope": "string", "resource": "string", "errors": [ { "field": "string", "reason": "string" } ] } ``` ### 422 — Query parameter or path value failed validation Content type: `application/problem+json` ```json { "type": "https://example.com", "title": "string", "status": 0, "detail": "string", "code": "invalid_key", "request_id": "string", "retry_after": 0, "retention_days": 0, "scope": "string", "resource": "string", "errors": [ { "field": "string", "reason": "string" } ] } ``` ### 429 — Per-org rate limit exceeded Content type: `application/problem+json` ```json { "type": "https://example.com", "title": "string", "status": 0, "detail": "string", "code": "invalid_key", "request_id": "string", "retry_after": 0, "retention_days": 0, "scope": "string", "resource": "string", "errors": [ { "field": "string", "reason": "string" } ] } ``` ### 500 — Unexpected server-side failure. The `code` is `internal_error`. The `request_id` field can be quoted to SendOps support to investigate. Content type: `application/problem+json` ```json { "type": "https://example.com", "title": "string", "status": 0, "detail": "string", "code": "invalid_key", "request_id": "string", "retry_after": 0, "retention_days": 0, "scope": "string", "resource": "string", "errors": [ { "field": "string", "reason": "string" } ] } ```