Online Fax API: Send & Receive Faxes From Your App (2026)

An online fax API lets your application send and receive faxes over the internet with a single REST call — no fax machine, no phone line, no on-premise server. This guide covers the full integration: outbound sends, inbound webhooks, receiving PDFs, and real-world patterns for web apps, EHRs, and CRMs.

Frequently Asked Questions

What is an online fax API?
An online fax API is a set of REST endpoints that lets your application send and receive faxes over the internet — no fax machine or phone line required. You authenticate with a Bearer token, POST a document to the send endpoint, and receive delivery confirmations via webhooks. The [mFax API](/blog/fax-api/) at developers.mfax.to is a fully-hosted example: one POST request sends a fax, and a `fax.received` webhook fires when inbound faxes arrive.
How do I receive faxes with an API?
Configure a webhook URL in your API provider's dashboard. When a fax arrives on your virtual fax number, the provider POSTs a `fax.received` event to your endpoint containing the sender number, page count, and a time-limited `media_url` to download the PDF. Download and store the file immediately — most providers expire the URL within 24–72 hours. You can also poll `GET /v1/faxes?direction=inbound` as a backup when webhooks are unavailable.
Can I use an online fax API in a web app?
Yes, but your API key must stay server-side. The correct pattern is: browser sends a form to your backend, your backend calls the fax API with its secret key, and returns a job ID to the browser for status polling. Never embed a fax API key in frontend JavaScript — treat it like a database password.
Do I need a dedicated fax number to use the API?
Yes, for receiving faxes you need a virtual fax number assigned to your account. You can get one through your provider's dashboard (mFax Business assigns one automatically). For outbound-only integrations, sending works without a dedicated number on some providers, but a number is required to receive a delivery confirmation callback that identifies the sender.
Is an online fax API HIPAA compliant?
A fax API can be HIPAA compliant if the provider signs a Business Associate Agreement (BAA) and transmits data with TLS 1.2+ in transit and AES-256 at rest. mFax Business includes a signed BAA on every plan. See our [HIPAA fax API guide](/blog/hipaa-fax-api/) for the full compliance checklist.