Cloudflare API | Email Security › Investigate

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/email-security/investigate \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200Example

{
  "errors": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "result": [
    {
      "id": "47JJcT1w6GztQV7-email@example.com",
      "action_log": [],
      "client_recipients": [
        "email@example.com"
      ],
      "detection_reasons": [
        "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=<b>127.0.0[dot]186</b>"
      ],
      "is_phish_submission": false,
      "is_quarantined": false,
      "postfix_id": "47JJcT1w6GztQV7",
      "ts": "2019-11-20T23:22:01",
      "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49",
      "delivery_mode": "DIRECT",
      "edf_hash": null,
      "final_disposition": "MALICIOUS",
      "from": "d1994@example.com",
      "from_name": "Sender Name",
      "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>",
      "sent_date": "2019-11-21T00:22:01",
      "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place",
      "threat_categories": [
        "IPReputation",
        "ASNReputation"
      ],
      "to": [
        "email@example.com"
      ],
      "to_name": [
        "Recipient Name"
      ],
      "validation": {
        "comment": null,
        "dkim": "pass",
        "dmarc": "pass",
        "spf": "pass"
      }
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  },
  "success": true
}

Email Security Investigate

Detections

email_security.investigate.detections

Methods

Get Message Detection Details -> Envelope<{ action, attachments, headers, 5 more... }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/detections

Returns detection details such as threat categories and sender information for non-benign messages.

Email Security Investigate

Move

email_security.investigate.move

Methods

Move Multiple Messages -> SinglePage<{ completed_timestamp, destination, item_count, 4 more... }>

post/accounts/{account_id}/email-security/investigate/move

Move multiple messages

Move A Message -> SinglePage<{ completed_timestamp, destination, item_count, 4 more... }>

post/accounts/{account_id}/email-security/investigate/{postfix_id}/move

Move a message

Email Security Investigate

Preview

email_security.investigate.preview

Methods

Preview For Non Detection Messages -> Envelope<{ screenshot }>

post/accounts/{account_id}/email-security/investigate/preview

Preview for non-detection messages

Get Email Preview -> Envelope<{ screenshot }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/preview

Returns a preview of the message body as a base64 encoded PNG image for non-benign messages.

Email Security Investigate

Raw

email_security.investigate.raw

Methods

Get Raw Email Content -> Envelope<{ raw }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/raw

Returns the raw eml of any non-benign message.

Email Security Investigate

Reclassify

email_security.investigate.reclassify

Methods

Change Email Classfication -> Envelope<unknown>

post/accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify

Change email classfication

Email Security Investigate

Release

email_security.investigate.release

Methods

Release Messages From Quarantine -> SinglePage<{ postfix_id, delivered, failed, 1 more... }>

post/accounts/{account_id}/email-security/investigate/release

Release messages from quarantine

Email Security Investigate

Trace

email_security.investigate.trace

Methods

Get Email Trace -> Envelope<{ inbound, outbound }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/trace

Get email trace

Email Security

Settings

email_security.settings

Email Security Settings

Allow Policies

email_security.settings.allow_policies

Methods

Create An Email Allow Policy -> Envelope<{ id, created_at, is_acceptable_sender, 11 more... }>

post/accounts/{account_id}/email-security/settings/allow_policies

Create an email allow policy

Delete An Email Allow Policy -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Delete an email allow policy

Update An Email Allow Policy -> Envelope<{ id, created_at, is_acceptable_sender, 11 more... }>

patch/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Update an email allow policy

Get An Email Allow Policy -> Envelope<{ id, created_at, is_acceptable_sender, 11 more... }>

get/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Get an email allow policy

List Email Allow Policies -> V4PagePaginationArray<{ id, created_at, is_acceptable_sender, 11 more... }>

get/accounts/{account_id}/email-security/settings/allow_policies

Lists, searches, and sorts an account’s email allow policies.

Email Security Settings

Block Senders

email_security.settings.block_senders

Methods

Create A Blocked Email Sender -> Envelope<{ id, created_at, is_regex, 4 more... }>

post/accounts/{account_id}/email-security/settings/block_senders

Create a blocked email sender

Delete A Blocked Email Sender -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Delete a blocked email sender

Update A Blocked Email Sender -> Envelope<{ id, created_at, is_regex, 4 more... }>

patch/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Update a blocked email sender

Get A Blocked Email Sender -> Envelope<{ id, created_at, is_regex, 4 more... }>

get/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Get a blocked email sender

List Blocked Email Senders -> V4PagePaginationArray<{ id, created_at, is_regex, 4 more... }>

get/accounts/{account_id}/email-security/settings/block_senders

List blocked email senders

Email Security Settings

Domains

email_security.settings.domains

Methods

Unprotect Multiple Email Domains -> SinglePage<{ id }>

delete/accounts/{account_id}/email-security/settings/domains

Unprotect multiple email domains

Unprotect An Email Domain -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/domains/{domain_id}

Unprotect an email domain

Update An Email Domain -> Envelope<{ id, allowed_delivery_modes, created_at, 14 more... }>

patch/accounts/{account_id}/email-security/settings/domains/{domain_id}

Update an email domain

Get An Email Domain -> Envelope<{ id, allowed_delivery_modes, created_at, 14 more... }>

get/accounts/{account_id}/email-security/settings/domains/{domain_id}

Get an email domain

List Protected Email Domains -> V4PagePaginationArray<{ id, allowed_delivery_modes, created_at, 14 more... }>

get/accounts/{account_id}/email-security/settings/domains

Lists, searches, and sorts an account’s email domains.

Email Security Settings

Impersonation Registry

email_security.settings.impersonation_registry

Methods

Create An Entry In Impersonation Registry -> Envelope<{ id, created_at, email, 8 more... }>

post/accounts/{account_id}/email-security/settings/impersonation_registry

Create an entry in impersonation registry

Delete An Entry From Impersonation Registry -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Delete an entry from impersonation registry

Update An Entry In Impersonation Registry -> Envelope<{ id, created_at, email, 8 more... }>

patch/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Update an entry in impersonation registry

Get An Entry In Impersonation Registry -> Envelope<{ id, created_at, email, 8 more... }>

get/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Get an entry in impersonation registry

List Entries In Impersonation Registry -> V4PagePaginationArray<{ id, created_at, email, 8 more... }>

get/accounts/{account_id}/email-security/settings/impersonation_registry

Lists, searches, and sorts entries in the impersonation registry.

Email Security Settings

Trusted Domains

email_security.settings.trusted_domains

Methods

Create A Trusted Email Domain -> Envelope<{ id, created_at, is_recent, 5 more... } | Array<{ id, created_at, is_recent, 5 more... }>>

post/accounts/{account_id}/email-security/settings/trusted_domains

Create a trusted email domain

Delete A Trusted Email Domain -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Delete a trusted email domain

Update A Trusted Email Domain -> Envelope<{ id, created_at, is_recent, 5 more... }>

patch/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Update a trusted email domain

Get A Trusted Email Domain -> Envelope<{ id, created_at, is_recent, 5 more... }>

get/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Get a trusted email domain

List Trusted Email Domains -> V4PagePaginationArray<{ id, created_at, is_recent, 5 more... }>

get/accounts/{account_id}/email-security/settings/trusted_domains

Lists, searches, and sorts an account’s trusted email domains.

Email Security

Submissions

email_security.submissions

Methods

Get Reclassify Submissions -> V4PagePaginationArray<{ requested_ts, submission_id, original_disposition, 8 more... }>

get/accounts/{account_id}/email-security/submissions

This endpoint returns information for submissions to made to reclassify emails.