Add missing endpoints

[IgorDobryn]

Motivation

Changes

Webhooks

• GET /api/accounts/{account_id}/webhooks
• POST /api/accounts/{account_id}/webhooks
• GET /api/accounts/{account_id}/webhooks/{webhook_id}
• PATCH /api/accounts/{account_id}/webhooks/{webhook_id}
• DELETE /api/accounts/{account_id}/webhooks/{webhook_id}

API Tokens

• GET /api/accounts/{account_id}/api_tokens
• POST /api/accounts/{account_id}/api_tokens
• GET /api/accounts/{account_id}/api_tokens/{id}
• DELETE /api/accounts/{account_id}/api_tokens/{id}
• POST /api/accounts/{account_id}/api_tokens/{id}/reset

Sub-Accounts

• GET /api/organizations/{organization_id}/sub_accounts
• POST /api/organizations/{organization_id}/sub_accounts

Sandbox Messages

• POST /api/accounts/{account_id}/inboxes/{inbox_id}/messages/{message_id}/forward
• GET /api/accounts/{account_id}/inboxes/{inbox_id}/messages/{message_id}/mail_headers

Summary by CodeRabbit

Release Notes

• New Features
  • API token management: create, list, fetch, reset, and delete account tokens
  • Sub-account management: create and list organization sub-accounts
  • Webhooks API: create, list, fetch, update, and delete webhooks
  • Message operations: retrieve mail headers and forward messages to recipients
  • Stats API endpoints for analytics data

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a multi-feature SDK expansion adding webhook management (list/get/create/update/delete), account API token operations (list/get/create/reset/delete), organization-scoped sub-account management (list/create), and new sandbox message methods (getMailHeaders/forward). Permissions serialization is refactored to enforce validation in the DTO. All changes include comprehensive test coverage and example scripts.

Changes

Mailtrap SDK Feature Expansion

Layer / File(s)	Summary
Webhook Vocabulary & DTOs src/DTO/Request/Webhook/Webhook.php, WebhookInterface.php, CreateWebhook.php, UpdateWebhook.php	Webhook constants for types (email_sending, audit_log), payload formats (json, jsonlines), sending streams (transactional, bulk), and event names; CreateWebhook DTO with type/eventTypes/sendingStream validation; UpdateWebhook DTO for partial updates.
Permissions Refactoring src/DTO/Request/Permission/Permissions.php, src/Api/General/Permission.php	Permissions::toPayload() added to serialize permissions with empty-payload validation; Permission::update() now calls this directly instead of internal helper; validation moved from Permission to Permissions DTO.
Webhook API Client src/Api/Sending/Webhook.php	Webhook CRUD client: getWebhooks(), getWebhook($id), createWebhook(), updateWebhook() (with empty-payload validation), deleteWebhook(); all routed through HTTP helpers with response normalization.
API Token Client src/Api/General/ApiToken.php	ApiToken client scoped to account: getApiTokens(), getApiToken($id), createApiToken($name, Permissions) (uses $permissions->toPayload()), resetApiToken($id), deleteApiToken($id).
Organization Entry Point & Sub-Accounts src/Api/General/Organization.php, src/Api/Organization/OrganizationInterface.php, src/Api/Organization/SubAccount.php	Organization class provides subAccounts() factory and getOrganizationId(); SubAccount client with getSubAccounts() and createSubAccount(string $name) methods.
Message API Extensions src/Api/Sandbox/Message.php	Added getMailHeaders(int $messageId) (GET) and forward(int $messageId, string $email) (POST) methods.
Client Wiring src/MailtrapGeneralClient.php, src/MailtrapSendingClient.php	MailtrapGeneralClient::API_MAPPING registers 'apiTokens' => ApiToken::class; MailtrapSendingClient::API_MAPPING registers 'webhooks' => Webhook::class; both updated with PHPDoc method annotations.
Webhook Tests tests/Api/Sending/WebhookTest.php	WebhookTest validates list/get/create/update/delete operations, HTTP routing, response parsing, DTO validation (webhook type, eventTypes/sendingStream for email_sending), and error handling (404, 422, empty update).
API Token Tests tests/Api/General/ApiTokenTest.php	ApiTokenTest validates token lifecycle with mocked HTTP methods; covers success paths (list, get, create, reset, delete) and error scenarios (unauthorized, not found, missing permissions, already reset).
Sub-Account Tests tests/Api/Organization/SubAccountTest.php	SubAccountTest validates list and create operations with HTTP mocking; covers success (200/201) and error responses (403 forbidden, 422 validation).
Sandbox Message Tests tests/Api/Sandbox/MessageTest.php	Extended MessageTest with getMailHeaders() and forward() coverage, including success paths and unverified-recipient error scenario.
Test Infrastructure tests/MailtrapGeneralClientTest.php, tests/MailtrapSendingClientTest.php, tests/MailtrapTestCase.php	Updated client mapping tests to recognize apiTokens and webhooks as account-scoped constructors; added FAKE_ORGANIZATION_ID constant.
Example Scripts examples/api-tokens/all.php, examples/sub-accounts/all.php, examples/webhooks/all.php, examples/testing/messages.php	Complete examples demonstrating API token operations, webhook CRUD configuration, sub-account list/create, and message header/forward operations using environment variables.
Documentation CHANGELOG.md	Added feature bullets for Stats API endpoints, API Tokens API, organization-scoped Sub-Accounts, Sandbox Message operations (forward/getMailHeaders), and Webhooks API (CRUD).
Environment Config .envrc	New exports for MAILTRAP_ACCOUNT_ID, MAILTRAP_ORGANIZATION_ID, MAILTRAP_SANDBOX_ID, MAILTRAP_API_KEY, MAILTRAP_ORGANIZATION_API_KEY sourced from 1Password op://Mailtrap Dev/....

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• mailtrap/mailtrap-php#56: Adds related examples and documentation updates showing SDK usage patterns.
• mailtrap/mailtrap-php#50: Modifies the same client API mappings (MailtrapGeneralClient and MailtrapSendingClient) for registering account-scoped endpoints.

Suggested reviewers

• leonid-shevtsov
• i7an
• yanchuk
• VladimirTaytor
• mklocek

Poem

🐰 Four APIs hop into the warren,
Webhooks dance, tokens grant pardon,
Sub-accounts multiply with care,
Messages fly through the air—
The SDK grows beyond compare! 🌿

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description lacks the 'Motivation' and 'How to test' sections required by the template, and does not include any test checklist or images/GIFs section, leaving the structure incomplete.	Add a 'Motivation' section explaining why these endpoints are needed, complete the 'How to test' section with test checklist items, and remove or fill the 'Images and GIFs' section if applicable.
Docstring Coverage	⚠️ Warning	Docstring coverage is 27.71% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add missing endpoints' directly reflects the main objective of the PR, which adds multiple API endpoint handlers for Webhooks, API Tokens, Sub-Accounts, and Sandbox Messages.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch MT-21863-php-sdk-add-webhooks-api-tokens-and-sub-accounts-endpoints

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@examples/api-tokens/all.php`:
- Around line 12-14: Add a guard that checks the required environment variables
before using them: validate $_ENV['MAILTRAP_ACCOUNT_ID'] and
$_ENV['MAILTRAP_API_KEY'] and throw/exit with a clear error message if either is
missing so the example fails fast; update the bootstrap around $accountId, the
Config(...) call, and the MailtrapGeneralClient(...)->apiTokens(...) usage to
rely on the validated values (or sanitized variables) rather than accessing
$_ENV directly.

In `@examples/webhooks/all.php`:
- Around line 12-14: The example currently reads $_ENV['MAILTRAP_ACCOUNT_ID']
and $_ENV['MAILTRAP_API_KEY'] directly which can be null and emit notices; add a
small bootstrap guard before creating Config and calling (new
MailtrapSendingClient($config))->webhooks($accountId) that checks required env
vars (MAILTRAP_ACCOUNT_ID and MAILTRAP_API_KEY), optionally MAILTRAP_DOMAIN_ID
if domain-scoped webhooks are intended, and exits with a clear error message
when any are missing so Config is never constructed with null values and the
script fails fast and informatively.

In `@src/DTO/Request/Webhook/CreateWebhook.php`:
- Around line 21-37: CreateWebhook currently allows building invalid payloads
for type-specific webhooks; add validation in the CreateWebhook constructor (or
in toArray) to enforce required fields based on $webhookType (e.g., when
$webhookType === 'email_sending' require non-null $sendingStream and non-empty
$eventTypes), throw a clear exception (InvalidArgumentException) on violation,
or alternatively refactor by splitting CreateWebhook into separate DTOs per
webhook kind (e.g., EmailSendingWebhook with required $sendingStream and
EventTypes) and use the appropriate DTO where needed; update
CreateWebhook::toArray to assume validated fields so it cannot serialize invalid
requests.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 60e92d97-9770-4f7f-abc9-d3da6787856a

📥 Commits

Reviewing files that changed from the base of the PR and between 84717fd and 743ef96.

📒 Files selected for processing (24)

• .envrc
• CHANGELOG.md
• examples/api-tokens/all.php
• examples/sub-accounts/all.php
• examples/testing/messages.php
• examples/webhooks/all.php
• src/Api/General/ApiToken.php
• src/Api/Organization/OrganizationInterface.php
• src/Api/Organization/SubAccount.php
• src/Api/Sandbox/Message.php
• src/Api/Sending/Webhook.php
• src/DTO/Request/Webhook/CreateWebhook.php
• src/DTO/Request/Webhook/UpdateWebhook.php
• src/DTO/Request/Webhook/WebhookInterface.php
• src/MailtrapGeneralClient.php
• src/MailtrapOrganizationClient.php
• src/MailtrapSendingClient.php
• tests/Api/General/ApiTokenTest.php
• tests/Api/Organization/SubAccountTest.php
• tests/Api/Sandbox/MessageTest.php
• tests/Api/Sending/WebhookTest.php
• tests/MailtrapGeneralClientTest.php
• tests/MailtrapOrganizationClientTest.php
• tests/MailtrapSendingClientTest.php

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fail fast when required example env vars are missing.

$_ENV['MAILTRAP_ACCOUNT_ID'] and $_ENV['MAILTRAP_API_KEY'] are accessed directly, so a missing environment setup will surface as notices or a later client error instead of a clear bootstrap failure. A small guard here would make the example much easier to run.

♻️ Suggested bootstrap guard

 require __DIR__ . '/../../vendor/autoload.php';
 
+foreach (['MAILTRAP_ACCOUNT_ID', 'MAILTRAP_API_KEY'] as $envVar) {
+    if (empty($_ENV[$envVar])) {
+        throw new RuntimeException(sprintf('%s must be set for this example.', $envVar));
+    }
+}
+
 $accountId = $_ENV['MAILTRAP_ACCOUNT_ID'];
 $config = new Config($_ENV['MAILTRAP_API_KEY']); `#your` API token from here https://mailtrap.io/api-tokens

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@examples/api-tokens/all.php` around lines 12 - 14, Add a guard that checks
the required environment variables before using them: validate
$_ENV['MAILTRAP_ACCOUNT_ID'] and $_ENV['MAILTRAP_API_KEY'] and throw/exit with a
clear error message if either is missing so the example fails fast; update the
bootstrap around $accountId, the Config(...) call, and the
MailtrapGeneralClient(...)->apiTokens(...) usage to rely on the validated values
(or sanitized variables) rather than accessing $_ENV directly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fail fast when required example env vars are missing.

Reading $_ENV['MAILTRAP_ACCOUNT_ID'] / $_ENV['MAILTRAP_API_KEY'] directly will emit notices and hand null to Config when the example is run without setup. A small bootstrap guard would make the script much more robust. If you want this sample to demonstrate domain-scoped webhooks, consider documenting MAILTRAP_DOMAIN_ID alongside the other env vars as well.

♻️ Suggested bootstrap guard

 <?php
 
 use Mailtrap\Config;
@@
 require __DIR__ . '/../../vendor/autoload.php';
 
+foreach (['MAILTRAP_ACCOUNT_ID', 'MAILTRAP_API_KEY'] as $envVar) {
+    if (empty($_ENV[$envVar])) {
+        throw new RuntimeException(sprintf('%s must be set for this example.', $envVar));
+    }
+}
+
 $accountId = $_ENV['MAILTRAP_ACCOUNT_ID'];
 $config = new Config($_ENV['MAILTRAP_API_KEY']); `#your` API token from here https://mailtrap.io/api-tokens

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	$accountId = $_ENV['MAILTRAP_ACCOUNT_ID'];
	$config = new Config($_ENV['MAILTRAP_API_KEY']); #your API token from here https://mailtrap.io/api-tokens
	$webhooks = (new MailtrapSendingClient($config))->webhooks($accountId);
	<?php
	use Mailtrap\Config;
	use Mailtrap\MailtrapSendingClient;
	require __DIR__ . '/../../vendor/autoload.php';
	foreach (['MAILTRAP_ACCOUNT_ID', 'MAILTRAP_API_KEY'] as $envVar) {
	if (empty($_ENV[$envVar])) {
	throw new RuntimeException(sprintf('%s must be set for this example.', $envVar));
	}
	}
	$accountId = $_ENV['MAILTRAP_ACCOUNT_ID'];
	$config = new Config($_ENV['MAILTRAP_API_KEY']); `#your` API token from here https://mailtrap.io/api-tokens
	$webhooks = (new MailtrapSendingClient($config))->webhooks($accountId);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@examples/webhooks/all.php` around lines 12 - 14, The example currently reads
$_ENV['MAILTRAP_ACCOUNT_ID'] and $_ENV['MAILTRAP_API_KEY'] directly which can be
null and emit notices; add a small bootstrap guard before creating Config and
calling (new MailtrapSendingClient($config))->webhooks($accountId) that checks
required env vars (MAILTRAP_ACCOUNT_ID and MAILTRAP_API_KEY), optionally
MAILTRAP_DOMAIN_ID if domain-scoped webhooks are intended, and exits with a
clear error message when any are missing so Config is never constructed with
null values and the script fails fast and informatively.

[gaalferov]

Move SubAccount into MailtrapGeneralClient instead of introducing a new client

Looking at Mailtrap's own UI, Organizations lives in the ACCOUNT MANAGEMENT group alongside Accounts, API Tokens, Permissions, and Billing — all of which are exposed through MailtrapGeneralClient. To keep the SDK aligned with that grouping, and to make ownership explicit (sub-accounts belong to an organization, not directly to the general client), I'd suggest introducing an intermediate organizations layer rather than exposing subAccounts at the top level.

DX would read:

  (new MailtrapGeneralClient($config))
      ->organizations($organizationId)
      ->subAccounts()
      ->getSubAccounts();

// src/MailtrapGeneralClient.php
  public const API_MAPPING = [
      'accounts'        => Api\General\Account::class,
      'users'           => Api\General\User::class,
      'permissions'     => Api\General\Permission::class,
      'contacts'        => Api\General\Contact::class,
      'emailTemplates'  => Api\General\EmailTemplate::class,
      'billing'         => Api\General\Billing::class,
      'apiTokens'       => Api\General\ApiToken::class,
      'organizations'   => Api\General\Organization::class, // <-- new entry point
  ];

[gaalferov]

duplicates Permission::getPayload()

ApiToken::getPermissionsPayload() is essentially identical to Permission::getPayload() — same loop, same count() guard, same RuntimeException. Could we lift the conversion onto the DTO itself so any future caller benefits?

  // src/DTO/Request/Permission/Permissions.php
  public function toPayload(): array
  {
      $payload = array_map(fn($p) => $p->toArray(), $this->getAll());
      if ($payload === []) {
          throw new RuntimeException('At least one "permission" object must be provided');
      }
      return $payload;
  }

Then both Permission::update() and ApiToken::createApiToken() call $permissions->toPayload() and the private duplicates go away.

[gaalferov]

WebhookInterface mixes a DTO marker with domain constants

WebhookInterface extends RequestInterface (a DTO contract) but also carries the entire webhook vocabulary (TYPE_, EVENT_, PAYLOAD_FORMAT_, SENDING_STREAM_). End-user code in examples/webhooks/all.php has to import a DTO marker just to reach WebhookInterface::EVENT_DELIVERY, and adding a new event type becomes an interface change.

Could we keep WebhookInterface as a tiny marker (no constants) and move the constants into a dedicated holder, e.g. a Webhook enum/constants class? Users would then write Webhook::EVENT_DELIVERY which reads more naturally.

[gaalferov]

sending_mode and mailsend_domain_id don't appear anywhere in the codebase — CreateWebhook and the API use sending_stream and domain_id.

[gaalferov]

The constructor docblock says eventTypes and sendingStream are required for TYPE_EMAIL_SENDING, but both default to empty/null with no runtime check. Users only learn about the constraint via a 422 from the server — exactly the validation a typed DTO should catch:

  if ($webhookType === WebhookInterface::TYPE_EMAIL_SENDING) {
      if ($eventTypes === []) {
          throw new InvalidArgumentException('"eventTypes" is required for email_sending webhooks');
      }
      if ($sendingStream === null) {
          throw new InvalidArgumentException('"sendingStream" is required for email_sending webhooks');
      }
  }

It would also be worth validating webhookType against TYPE_EMAIL_SENDING / TYPE_AUDIT_LOG.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

examples/webhooks/all.php (1)

12-14: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add fail-fast guards for required env vars before constructing the client.

On Line 12 and Line 13, direct $_ENV[...] access can produce notices and pass null into Config when setup is incomplete. This was already flagged and is still unresolved.

Proposed fix

 require __DIR__ . '/../../vendor/autoload.php';

+foreach (['MAILTRAP_ACCOUNT_ID', 'MAILTRAP_API_KEY'] as $envVar) {
+    if (empty($_ENV[$envVar])) {
+        throw new RuntimeException(sprintf('%s must be set for this example.', $envVar));
+    }
+}
+
 $accountId = $_ENV['MAILTRAP_ACCOUNT_ID'];
 $config = new Config($_ENV['MAILTRAP_API_KEY']); `#your` API token from here https://mailtrap.io/api-tokens

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/webhooks/all.php` around lines 12 - 14, Add fail-fast checks for the
required env vars before constructing Config and MailtrapSendingClient: validate
$_ENV['MAILTRAP_ACCOUNT_ID'] and $_ENV['MAILTRAP_API_KEY'] are set and non-empty
(e.g., using isset() and !== ''), and if not, emit a clear error and exit/throw
so null isn't passed into new Config($apiKey). Update the block around
$accountId, new Config(...), and (new MailtrapSendingClient(...))->webhooks(...)
to perform these guards first and only construct Config and
MailtrapSendingClient when the checks pass.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@examples/sub-accounts/all.php`:
- Around line 9-11: The code reads $_ENV values directly and may fail when vars
are missing; before constructing Config and calling
MailtrapGeneralClient->organization(), validate that MAILTRAP_API_KEY and
MAILTRAP_ORGANIZATION_ID are present, fail fast with a clear error/exception if
they are not, and normalize MAILTRAP_ORGANIZATION_ID to an integer (e.g., via
intval() or (int) cast) when assigning $organizationId so the subsequent call to
MailtrapGeneralClient($config)->organization($organizationId)->subAccounts()
receives a validated integer ID.

---

Duplicate comments:
In `@examples/webhooks/all.php`:
- Around line 12-14: Add fail-fast checks for the required env vars before
constructing Config and MailtrapSendingClient: validate
$_ENV['MAILTRAP_ACCOUNT_ID'] and $_ENV['MAILTRAP_API_KEY'] are set and non-empty
(e.g., using isset() and !== ''), and if not, emit a clear error and exit/throw
so null isn't passed into new Config($apiKey). Update the block around
$accountId, new Config(...), and (new MailtrapSendingClient(...))->webhooks(...)
to perform these guards first and only construct Config and
MailtrapSendingClient when the checks pass.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9264dc17-1ce2-4eee-ae1d-142bac6e15b6

📥 Commits

Reviewing files that changed from the base of the PR and between 743ef96 and 02a42b6.

📒 Files selected for processing (18)

• CHANGELOG.md
• examples/sub-accounts/all.php
• examples/webhooks/all.php
• src/Api/General/ApiToken.php
• src/Api/General/Organization.php
• src/Api/General/Permission.php
• src/DTO/Request/Permission/Permissions.php
• src/DTO/Request/Webhook/CreateWebhook.php
• src/DTO/Request/Webhook/UpdateWebhook.php
• src/DTO/Request/Webhook/Webhook.php
• src/DTO/Request/Webhook/WebhookInterface.php
• src/MailtrapGeneralClient.php
• tests/Api/General/ApiTokenTest.php
• tests/Api/General/PermissionTest.php
• tests/Api/Organization/SubAccountTest.php
• tests/Api/Sending/WebhookTest.php
• tests/MailtrapGeneralClientTest.php
• tests/MailtrapTestCase.php

✅ Files skipped from review due to trivial changes (2)

• tests/MailtrapGeneralClientTest.php
• CHANGELOG.md

🚧 Files skipped from review as they are similar to previous changes (5)

• tests/Api/Organization/SubAccountTest.php
• src/DTO/Request/Webhook/UpdateWebhook.php
• tests/Api/General/ApiTokenTest.php
• tests/Api/Sending/WebhookTest.php
• src/MailtrapGeneralClient.php

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Guard required env vars before client construction.

Direct $_ENV[...] reads here can fail noisily when vars are missing; add presence checks and normalize MAILTRAP_ORGANIZATION_ID to an integer.

Suggested patch

-$organizationId = $_ENV['MAILTRAP_ORGANIZATION_ID'];
-$config = new Config($_ENV['MAILTRAP_API_KEY']); `#your` API token from here https://mailtrap.io/api-tokens
+$apiKey = $_ENV['MAILTRAP_API_KEY'] ?? null;
+$organizationIdRaw = $_ENV['MAILTRAP_ORGANIZATION_ID'] ?? null;
+if (!$apiKey || !$organizationIdRaw || !ctype_digit((string) $organizationIdRaw)) {
+    throw new RuntimeException('Set MAILTRAP_API_KEY and numeric MAILTRAP_ORGANIZATION_ID in environment.');
+}
+$organizationId = (int) $organizationIdRaw;
+$config = new Config($apiKey); // your API token from https://mailtrap.io/api-tokens

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	$organizationId = $_ENV['MAILTRAP_ORGANIZATION_ID'];
	$config = new Config($_ENV['MAILTRAP_API_KEY']); #your API token from here https://mailtrap.io/api-tokens
	$subAccounts = (new MailtrapGeneralClient($config))->organization($organizationId)->subAccounts();
	$apiKey = $_ENV['MAILTRAP_API_KEY'] ?? null;
	$organizationIdRaw = $_ENV['MAILTRAP_ORGANIZATION_ID'] ?? null;
	if (!$apiKey || !$organizationIdRaw || !ctype_digit((string) $organizationIdRaw)) {
	throw new RuntimeException('Set MAILTRAP_API_KEY and numeric MAILTRAP_ORGANIZATION_ID in environment.');
	}
	$organizationId = (int) $organizationIdRaw;
	$config = new Config($apiKey); // your API token from https://mailtrap.io/api-tokens
	$subAccounts = (new MailtrapGeneralClient($config))->organization($organizationId)->subAccounts();

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/sub-accounts/all.php` around lines 9 - 11, The code reads $_ENV
values directly and may fail when vars are missing; before constructing Config
and calling MailtrapGeneralClient->organization(), validate that
MAILTRAP_API_KEY and MAILTRAP_ORGANIZATION_ID are present, fail fast with a
clear error/exception if they are not, and normalize MAILTRAP_ORGANIZATION_ID to
an integer (e.g., via intval() or (int) cast) when assigning $organizationId so
the subsequent call to
MailtrapGeneralClient($config)->organization($organizationId)->subAccounts()
receives a validated integer ID.

[gaalferov]

Naming convention — singular vs plural

The organization key is the only entry in API_MAPPING that uses singular form — every other entry is plural (accounts, users, permissions, contacts, emailTemplates, billing, apiTokens). Users following the established convention will instinctively write ->organizations($id) and hit BadMethodCallException.

Could we rename for consistency?

* @method Api\General\Organization  organizations(int $organizationId)
...
'organizations' => Api\General\Organization::class,

The tests/MailtrapGeneralClientTest.php:32 match arm needs the same rename.

[IgorDobryn]

My idea was that a token can't have access to multiple organizations, so I kept singular

[gaalferov]

Yeah, makes sense

[gaalferov]

Orphaned Api\Organization\ namespace

SubAccount lives in Mailtrap\Api\Organization\ and implements an empty OrganizationInterface marker, but it's only reachable through Mailtrap\Api\General\Organization::subAccounts() (which itself implements GeneralInterface). We end up with two interface markers for one semantic group and a namespace with no top-level entry point.

Would it make sense to:

• Move this class to src/Api/General/SubAccount.php
• Replace implements OrganizationInterface with implements GeneralInterface
• Delete the src/Api/Organization/ directory entirely (including the empty interface)
• Move tests/Api/Organization/SubAccountTest.php to tests/Api/General/SubAccountTest.php

This collapses everything organization-related under the same Api\General namespace where its entry point lives.

[gaalferov]

Empty-payload guard belongs in the DTO

For CreateWebhook you moved validation into the DTO constructor — could we do the same here for symmetry? Right now UpdateWebhook::toArray() silently returns [] and the API class compensates, which means any future caller constructing the payload via the DTO loses the guarantee.

Suggested:

// UpdateWebhook::toArray()
if ($payload === []) {
    throw new InvalidArgumentException('At least one updatable field must be provided to update a webhook');
}
return $payload;

Note: I'd stick with $payload === [] rather than empty($payload) here — the new Permissions::toPayload() (src/DTO/Request/Permission/Permissions.php:48) already uses this style, so it keeps the PR internally consistent. empty() also has the historical loose-comparison footguns (empty('0'), empty('false')) that make readers pause even when the input is guaranteed to be an array.

Also suggest swapping RuntimeException → InvalidArgumentException — empty input is an argument-validation issue, consistent with EmailLogs::getMessage() (src/Api/Sending/EmailLogs.php:69).

After the move: drop lines 73-75 here and update testUpdateWebhookFailsWithEmptyPayload to call (new UpdateWebhook())->toArray() directly.

[gaalferov]

Document event_types PATCH semantics

Could you confirm whether the Mailtrap PATCH endpoint replaces the event_types list or merges with the existing one? Standard Rails-like PATCH behavior for arrays is full replacement, in which case callers wanting to add click would pass ['click'] and silently narrow the subscription to a single event — a footgun worth surfacing in the docblock.

If replace:

@param string[]|null $eventTypes Replaces the current event_types list entirely
                                 (server-side replacement, not merge). Pass the full desired set.

A unit test asserting the full array round-trips into the request body would also help guard this.

[gaalferov]

Missing getAccountId() getter

ApiToken accepts int $accountId in the constructor but doesn't expose a public getter, breaking the convention used by Permission (src/Api/General/Permission.php:53-56), Stats (src/Api/Sending/Stats.php:151-154), Contact (src/Api/General/Contact.php:356-359). Note that the new Organization class in this PR already exposes getOrganizationId() — so it's inconsistent even within the new files of this PR.

Suggested:

public function getAccountId(): int { return $this->accountId; }

Same thing applies to Webhook (no getAccountId()) and SubAccount (no getOrganizationId()).

[gaalferov]

Missing getAccountId() getter — same point as in ApiToken.php. Please add:

public function getAccountId(): int { return $this->accountId; }

[gaalferov]

Missing getOrganizationId() getter — same convention point. Please add:

public function getOrganizationId(): int { return $this->organizationId; }

[gaalferov]

Inconsistent response envelope vs ApiTokenTest

Webhook fixtures wrap responses in {"data": {...}} (here and lines 69, 118, 207, 233), while tests/Api/General/ApiTokenTest.php fixtures (lines 48, 88, 140, 185) return the object directly with no wrapper. Since both test suites mock httpGet/httpPost, they're green either way — but this is implicitly asserting two different response shapes for two newly added endpoints of the same API.

If the assumed shape is wrong, production parsers in user code will hit KeyError despite green tests — classic mock fail mode. Could we verify against the live Mailtrap API (running examples/webhooks/all.php and examples/api-tokens/all.php against a real account) and align the fixtures?

[gaalferov]

Local email validation in forward()

forward() currently passes any string to the API and lets the server reject it with 422. A lightweight filter_var(..., FILTER_VALIDATE_EMAIL) guard saves a round-trip and gives users a more actionable error:

if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
    throw new InvalidArgumentException(sprintf('Invalid recipient email: "%s"', $email));
}

Minor, but for an action endpoint with side effects it's worth catching locally.