# Email Security # Investigate ## Search email messages `client.emailSecurity.investigate.list(InvestigateListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/investigate` Returns information for each email that matches the search parameter(s). If the search takes too long, the endpoint returns 202 with a Location header pointing to a polling endpoint where results can be retrieved once ready. ### Parameters - `params: InvestigateListParams` - `account_id: string` Path param: Account Identifier - `action_log?: boolean` Query param: Determines if the message action log is included in the response. - `alert_id?: string` Query param - `cursor?: string` Query param - `detections_only?: boolean` Query param: Determines if the search results will include detections or not. - `domain?: string` Query param: Filter by a domain found in the email: sender domain, recipient domain, or a domain in a link. - `end?: string` Query param: The end of the search date range. Defaults to `now` if not provided. - `exact_subject?: string` Query param: Search for messages with an exact subject match. - `final_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param: The dispositions the search filters by. - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | "SUBMITTED"` Query param: The message actions the search filters by. - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `"SUBMITTED"` - `message_id?: string` Query param - `metric?: string` Query param - `page?: number | null` Query param: Deprecated: Use cursor pagination instead. - `per_page?: number` Query param: The number of results per page. - `query?: string` Query param: The space-delimited term used in the query. The search is case-insensitive. The content of the following email metadata fields are searched: * alert_id * CC * From (envelope_from) * From Name * final_disposition * md5 hash (of any attachment) * sha1 hash (of any attachment) * sha256 hash (of any attachment) * name (of any attachment) * Reason * Received DateTime (yyyy-mm-ddThh:mm:ss) * Sent DateTime (yyyy-mm-ddThh:mm:ss) * ReplyTo * To (envelope_to) * To Name * Message-ID * smtp_helo_server_ip * smtp_previous_hop_ip * x_originating_ip * Subject - `recipient?: string` Query param: Filter by recipient. Matches either an email address or a domain. - `sender?: string` Query param: Filter by sender. Matches either an email address or a domain. - `start?: string` Query param: The beginning of the search date range. Defaults to `now - 30 days` if not provided. - `subject?: string` Query param: Search for messages containing individual keywords in any order within the subject. - `submissions?: boolean` Query param: Search for submissions instead of original messages ### Returns - `InvestigateListResponse` - `id: string` - `action_log: unknown` - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const investigateListResponse of client.emailSecurity.investigate.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(investigateListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65", "action_log": [], "client_recipients": [ "email@example.com" ], "detection_reasons": [ "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=127.0.0[dot]186" ], "is_phish_submission": false, "is_quarantined": false, "postfix_id": "47JJcT1w6GztQV7", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "2019-11-20T23:22:01", "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49", "delivery_mode": "DIRECT", "edf_hash": null, "envelope_from": "d1994@example.com", "envelope_to": [ "email@example.com" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "d1994@example.com", "from_name": "Sender Name", "htmltext_structure_hash": null, "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": null, "replyto": "email@example.com", "scanned_at": "2019-11-20T23:22:01Z", "sent_at": "2019-11-21T00:22:01Z", "sent_date": "2019-11-21T00:22:01", "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place", "threat_categories": [ "IPReputation", "ASNReputation" ], "to": [ "email@example.com" ], "to_name": [ "Recipient Name" ], "validation": { "comment": null, "dkim": "pass", "dmarc": "none", "spf": "fail" } } ], "result_info": { "count": 0, "page": 0, "per_page": 0, "total_count": 0, "next": "next", "previous": "previous" }, "success": true } ``` ## Get message details `client.emailSecurity.investigate.get(stringpostfixId, InvestigateGetParamsparams, RequestOptionsoptions?): InvestigateGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}` Retrieves detailed information about a specific email message, including headers, metadata, and security scan results. ### Parameters - `postfixId: string` The identifier of the message. - `params: InvestigateGetParams` - `account_id: string` Account Identifier ### Returns - `InvestigateGetResponse` - `id: string` - `action_log: unknown` - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const investigate = await client.emailSecurity.investigate.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(investigate.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65", "action_log": [], "client_recipients": [ "email@example.com" ], "detection_reasons": [ "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=127.0.0[dot]186" ], "is_phish_submission": false, "is_quarantined": false, "postfix_id": "47JJcT1w6GztQV7", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "2019-11-20T23:22:01", "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49", "delivery_mode": "DIRECT", "edf_hash": null, "envelope_from": "d1994@example.com", "envelope_to": [ "email@example.com" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "d1994@example.com", "from_name": "Sender Name", "htmltext_structure_hash": null, "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": null, "replyto": "email@example.com", "scanned_at": "2019-11-20T23:22:01Z", "sent_at": "2019-11-21T00:22:01Z", "sent_date": "2019-11-21T00:22:01", "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place", "threat_categories": [ "IPReputation", "ASNReputation" ], "to": [ "email@example.com" ], "to_name": [ "Recipient Name" ], "validation": { "comment": null, "dkim": "pass", "dmarc": "none", "spf": "fail" } }, "success": true } ``` ## Domain Types ### Investigate List Response - `InvestigateListResponse` - `id: string` - `action_log: unknown` - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` ### Investigate Get Response - `InvestigateGetResponse` - `id: string` - `action_log: unknown` - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` # Detections ## Get message detection details `client.emailSecurity.investigate.detections.get(stringpostfixId, DetectionGetParamsparams, RequestOptionsoptions?): DetectionGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/detections` Returns detection details such as threat categories and sender information for non-benign messages. ### Parameters - `postfixId: string` The identifier of the message. - `params: DetectionGetParams` - `account_id: string` Account Identifier ### Returns - `DetectionGetResponse` - `action: string` - `attachments: Array` - `size: number` - `content_type?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `encrypted?: boolean | null` - `name?: string | null` - `headers: Array
` - `name: string` - `value: string` - `links: Array` - `href: string` - `text?: string | null` - `sender_info: SenderInfo` - `as_name?: string | null` The name of the autonomous system. - `as_number?: number | null` The number of the autonomous system. - `geo?: string | null` - `ip?: string | null` - `pld?: string | null` - `threat_categories: Array` - `id: number` - `description?: string | null` - `name?: string | null` - `validation: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const detection = await client.emailSecurity.investigate.detections.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(detection.validation); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "QUARANTINED", "attachments": [ { "size": 0, "content_type": "content_type", "detection": "MALICIOUS", "encrypted": true, "name": "name" } ], "headers": [ { "name": "From", "value": "Sender Name " }, { "name": "Subject", "value": "listen, I highly recommend u to read that email, just to ensure not a thing will take place" } ], "links": [ { "href": "https://example.com", "text": "Click here!" } ], "sender_info": { "as_name": "AS0", "as_number": 0, "geo": "US/-/-", "ip": "127.0.0.1", "pld": "example.com" }, "threat_categories": [ { "id": 1234, "description": null, "name": "IP Reputation" } ], "validation": { "comment": null, "dkim": "pass", "dmarc": "none", "spf": "fail" }, "final_disposition": "MALICIOUS" }, "success": true } ``` ## Domain Types ### Detection Get Response - `DetectionGetResponse` - `action: string` - `attachments: Array` - `size: number` - `content_type?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `encrypted?: boolean | null` - `name?: string | null` - `headers: Array
` - `name: string` - `value: string` - `links: Array` - `href: string` - `text?: string | null` - `sender_info: SenderInfo` - `as_name?: string | null` The name of the autonomous system. - `as_number?: number | null` The number of the autonomous system. - `geo?: string | null` - `ip?: string | null` - `pld?: string | null` - `threat_categories: Array` - `id: number` - `description?: string | null` - `name?: string | null` - `validation: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` # Preview ## Get email preview `client.emailSecurity.investigate.preview.get(stringpostfixId, PreviewGetParamsparams, RequestOptionsoptions?): PreviewGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/preview` Returns a preview of the message body as a base64 encoded PNG image for non-benign messages. ### Parameters - `postfixId: string` The identifier of the message. - `params: PreviewGetParams` - `account_id: string` Account Identifier ### Returns - `PreviewGetResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const preview = await client.emailSecurity.investigate.preview.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(preview.screenshot); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg==" }, "success": true } ``` ## Preview for non-detection messages `client.emailSecurity.investigate.preview.create(PreviewCreateParamsparams, RequestOptionsoptions?): PreviewCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/preview` Generates a preview of an email message for safe viewing without executing any embedded content. ### Parameters - `params: PreviewCreateParams` - `account_id: string` Path param: Account Identifier - `postfix_id: string` Body param: The identifier of the message. ### Returns - `PreviewCreateResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const preview = await client.emailSecurity.investigate.preview.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', postfix_id: '4Njp3P0STMz2c02Q', }); console.log(preview.screenshot); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg==" }, "success": true } ``` ## Domain Types ### Preview Get Response - `PreviewGetResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Preview Create Response - `PreviewCreateResponse` - `screenshot: string` A base64 encoded PNG image of the email. # Raw ## Get raw email content `client.emailSecurity.investigate.raw.get(stringpostfixId, RawGetParamsparams, RequestOptionsoptions?): RawGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/raw` Returns the raw eml of any non-benign message. ### Parameters - `postfixId: string` The identifier of the message. - `params: RawGetParams` - `account_id: string` Account Identifier ### Returns - `RawGetResponse` - `raw: string` A UTF-8 encoded eml file of the email. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const raw = await client.emailSecurity.investigate.raw.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(raw.raw); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "raw": "MIME-Version: 1.0\nContent-Type: text/plain; charset=\"utf-8\"\n\nFrom: sender@example.com\nTo: recipient@example.com\nSubject: Test Email\n\nThis is a test email." }, "success": true } ``` ## Domain Types ### Raw Get Response - `RawGetResponse` - `raw: string` A UTF-8 encoded eml file of the email. # Trace ## Get email trace `client.emailSecurity.investigate.trace.get(stringpostfixId, TraceGetParamsparams, RequestOptionsoptions?): TraceGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/trace` Gets the delivery trace for an email message, showing its path through email security processing. ### Parameters - `postfixId: string` The identifier of the message. - `params: TraceGetParams` - `account_id: string` Account Identifier ### Returns - `TraceGetResponse` - `inbound: Inbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` - `outbound: Outbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const trace = await client.emailSecurity.investigate.trace.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(trace.inbound); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "inbound": { "lines": [ { "lineno": 0, "message": "message", "ts": "2019-12-27T18:11:19.117Z" } ], "pending": true }, "outbound": { "lines": [ { "lineno": 0, "message": "message", "ts": "2019-12-27T18:11:19.117Z" } ], "pending": true } }, "success": true } ``` ## Domain Types ### Trace Get Response - `TraceGetResponse` - `inbound: Inbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` - `outbound: Outbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` # Move ## Move a message `client.emailSecurity.investigate.move.create(stringpostfixId, MoveCreateParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/move` Moves a single email message to a different folder or changes its quarantine status. ### Parameters - `postfixId: string` The identifier of the message. - `params: MoveCreateParams` - `account_id: string` Path param: Account Identifier - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` Body param - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` ### Returns - `MoveCreateResponse` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const moveCreateResponse of client.emailSecurity.investigate.move.create( '4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', destination: 'Inbox' }, )) { console.log(moveCreateResponse.message_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "completed_timestamp": "2019-12-27T18:11:19.117Z", "item_count": 0, "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "destination": "destination", "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` ## Move multiple messages `client.emailSecurity.investigate.move.bulk(MoveBulkParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/move` Maximum batch size: 1000 messages per request ### Parameters - `params: MoveBulkParams` - `account_id: string` Path param: Account Identifier - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` Body param - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `ids?: Array` Body param: List of message IDs to move. - `postfix_ids?: Array` Body param: Deprecated: Use `ids` instead. List of message IDs to move. ### Returns - `MoveBulkResponse` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const moveBulkResponse of client.emailSecurity.investigate.move.bulk({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', destination: 'Inbox', })) { console.log(moveBulkResponse.message_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "completed_timestamp": "2019-12-27T18:11:19.117Z", "item_count": 0, "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "destination": "destination", "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` ## Domain Types ### Move Create Response - `MoveCreateResponse` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` ### Move Bulk Response - `MoveBulkResponse` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` # Reclassify ## Change email classification `client.emailSecurity.investigate.reclassify.create(stringpostfixId, ReclassifyCreateParamsparams, RequestOptionsoptions?): ReclassifyCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify` Submits an email message for reclassification, updating its threat assessment based on new analysis. ### Parameters - `postfixId: string` The identifier of the message. - `params: ReclassifyCreateParams` - `account_id: string` Path param: Account Identifier - `expected_disposition: "NONE" | "BULK" | "MALICIOUS" | 3 more` Body param - `"NONE"` - `"BULK"` - `"MALICIOUS"` - `"SPAM"` - `"SPOOF"` - `"SUSPICIOUS"` - `eml_content?: string` Body param: Base64 encoded content of the EML file - `escalated_submission_id?: string` Body param ### Returns - `ReclassifyCreateResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const reclassify = await client.emailSecurity.investigate.reclassify.create('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', expected_disposition: 'NONE', }); console.log(reclassify); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Reclassify Create Response - `ReclassifyCreateResponse = unknown` # Release ## Release messages from quarantine `client.emailSecurity.investigate.release.bulk(ReleaseBulkParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/release` Releases a quarantined email message, allowing it to be delivered to the recipient. ### Parameters - `params: ReleaseBulkParams` - `account_id: string` Path param: Account Identifier - `body: Array` Body param: A list of messages identfied by their `postfix_id`s that should be released. ### Returns - `ReleaseBulkResponse` - `id: string` - `postfix_id: string` The identifier of the message. - `delivered?: Array | null` - `failed?: Array | null` - `undelivered?: Array | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const releaseBulkResponse of client.emailSecurity.investigate.release.bulk({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', body: ['4Njp3P0STMz2c02Q'], })) { console.log(releaseBulkResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "id", "postfix_id": "4Njp3P0STMz2c02Q", "delivered": [ "string" ], "failed": [ "string" ], "undelivered": [ "string" ] } ], "success": true } ``` ## Domain Types ### Release Bulk Response - `ReleaseBulkResponse` - `id: string` - `postfix_id: string` The identifier of the message. - `delivered?: Array | null` - `failed?: Array | null` - `undelivered?: Array | null` # Phishguard # Reports ## Get `PhishGuard` reports `client.emailSecurity.phishguard.reports.list(ReportListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/email-security/phishguard/reports` Retrieves `PhishGuard` reports showing phishing attempts and suspicious email patterns detected. ### Parameters - `params: ReportListParams` - `account_id: string` Path param: Account Identifier - `end?: string` Query param: The end of the search date range (RFC3339 format). - `from_date?: string` Query param - `start?: string` Query param: The beginning of the search date range (RFC3339 format). - `to_date?: string` Query param ### Returns - `ReportListResponse` - `id: number` - `content: string` - `created_at: string` - `disposition: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `fields: Fields` - `to: Array` - `ts: string` - `from?: string | null` - `postfix_id?: string | null` - `priority: string` - `title: string` - `ts: string` - `updated_at: string` - `tags?: Array | null` - `category: string` - `value: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const reportListResponse of client.emailSecurity.phishguard.reports.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(reportListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 0, "content": "content", "created_at": "2019-12-27T18:11:19.117Z", "disposition": "MALICIOUS", "fields": { "to": [ "string" ], "ts": "2019-12-27T18:11:19.117Z", "from": "from", "postfix_id": "postfix_id" }, "priority": "priority", "title": "title", "ts": "2019-12-27T18:11:19.117Z", "updated_at": "2019-12-27T18:11:19.117Z", "tags": [ { "category": "category", "value": "value" } ] } ], "success": true } ``` ## Domain Types ### Report List Response - `ReportListResponse` - `id: number` - `content: string` - `created_at: string` - `disposition: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `fields: Fields` - `to: Array` - `ts: string` - `from?: string | null` - `postfix_id?: string | null` - `priority: string` - `title: string` - `ts: string` - `updated_at: string` - `tags?: Array | null` - `category: string` - `value: string` # Settings # Allow Policies ## List email allow policies `client.emailSecurity.settings.allowPolicies.list(AllowPolicyListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/allow_policies` Lists, searches, and sorts an account’s email allow policies. ### Parameters - `params: AllowPolicyListParams` - `account_id: string` Path param: Account Identifier - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `is_acceptable_sender?: boolean` Query param - `is_exempt_recipient?: boolean` Query param - `is_recipient?: boolean` Query param - `is_sender?: boolean` Query param - `is_spoof?: boolean` Query param - `is_trusted_sender?: boolean` Query param - `order?: "pattern" | "created_at"` Query param: The field to sort by. - `"pattern"` - `"created_at"` - `page?: number` Query param: The page number of paginated results. - `pattern?: string` Query param - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Query param - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `per_page?: number` Query param: The number of results per page. - `search?: string` Query param: Allows searching in multiple properties of a record simultaneously. This parameter is intended for human users, not automation. Its exact behavior is intentionally left unspecified and is subject to change in the future. - `verify_sender?: boolean` Query param ### Returns - `AllowPolicyListResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const allowPolicyListResponse of client.emailSecurity.settings.allowPolicies.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(allowPolicyListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_acceptable_sender": true, "is_exempt_recipient": true, "is_regex": true, "is_trusted_sender": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "verify_sender": true, "comments": "comments", "is_recipient": true, "is_sender": true, "is_spoof": true } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 }, "success": true } ``` ## Get an email allow policy `client.emailSecurity.settings.allowPolicies.get(numberpolicyId, AllowPolicyGetParamsparams, RequestOptionsoptions?): AllowPolicyGetResponse` **get** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Retrieves details for a specific email allow policy, including its matching criteria and scope. ### Parameters - `policyId: number` The unique identifier for the allow policy. - `params: AllowPolicyGetParams` - `account_id: string` Account Identifier ### Returns - `AllowPolicyGetResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const allowPolicy = await client.emailSecurity.settings.allowPolicies.get(2401, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(allowPolicy.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_acceptable_sender": true, "is_exempt_recipient": true, "is_regex": true, "is_trusted_sender": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "verify_sender": true, "comments": "comments", "is_recipient": true, "is_sender": true, "is_spoof": true }, "success": true } ``` ## Create an email allow policy `client.emailSecurity.settings.allowPolicies.create(AllowPolicyCreateParamsparams, RequestOptionsoptions?): AllowPolicyCreateResponse` **post** `/accounts/{account_id}/email-security/settings/allow_policies` Creates a new email allow policy that permits specific senders, domains, or patterns to bypass security scanning. ### Parameters - `params: AllowPolicyCreateParams` - `account_id: string` Path param: Account Identifier - `is_acceptable_sender: boolean` Body param: Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Body param: Messages to this recipient will bypass all detections. - `is_regex: boolean` Body param - `is_trusted_sender: boolean` Body param: Messages from this sender will bypass all detections and link following. - `pattern: string` Body param - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Body param - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Body param: Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` Body param - `is_recipient?: boolean` Body param - `is_sender?: boolean` Body param - `is_spoof?: boolean` Body param ### Returns - `AllowPolicyCreateResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const allowPolicy = await client.emailSecurity.settings.allowPolicies.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', is_acceptable_sender: false, is_exempt_recipient: false, is_regex: false, is_trusted_sender: true, pattern: 'test@example.com', pattern_type: 'EMAIL', verify_sender: true, }); console.log(allowPolicy.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_acceptable_sender": true, "is_exempt_recipient": true, "is_regex": true, "is_trusted_sender": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "verify_sender": true, "comments": "comments", "is_recipient": true, "is_sender": true, "is_spoof": true }, "success": true } ``` ## Update an email allow policy `client.emailSecurity.settings.allowPolicies.edit(numberpolicyId, AllowPolicyEditParamsparams, RequestOptionsoptions?): AllowPolicyEditResponse` **patch** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Updates an existing email allow policy, modifying its matching criteria or scope. ### Parameters - `policyId: number` The unique identifier for the allow policy. - `params: AllowPolicyEditParams` - `account_id: string` Path param: Account Identifier - `comments?: string | null` Body param - `is_acceptable_sender?: boolean | null` Body param: Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean | null` Body param: Messages to this recipient will bypass all detections. - `is_regex?: boolean | null` Body param - `is_trusted_sender?: boolean | null` Body param: Messages from this sender will bypass all detections and link following. - `pattern?: string | null` Body param - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN" | null` Body param - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean | null` Body param: Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Returns - `AllowPolicyEditResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.allowPolicies.edit(2401, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_acceptable_sender": true, "is_exempt_recipient": true, "is_regex": true, "is_trusted_sender": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "verify_sender": true, "comments": "comments", "is_recipient": true, "is_sender": true, "is_spoof": true }, "success": true } ``` ## Delete an email allow policy `client.emailSecurity.settings.allowPolicies.delete(numberpolicyId, AllowPolicyDeleteParamsparams, RequestOptionsoptions?): AllowPolicyDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Removes an email allow policy. Previously allowed senders will be subject to normal security scanning. ### Parameters - `policyId: number` The unique identifier for the allow policy. - `params: AllowPolicyDeleteParams` - `account_id: string` Account Identifier ### Returns - `AllowPolicyDeleteResponse` - `id: number` The unique identifier for the allow policy. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const allowPolicy = await client.emailSecurity.settings.allowPolicies.delete(2401, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(allowPolicy.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401 }, "success": true } ``` ## Domain Types ### Allow Policy List Response - `AllowPolicyListResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Allow Policy Get Response - `AllowPolicyGetResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Allow Policy Create Response - `AllowPolicyCreateResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Allow Policy Edit Response - `AllowPolicyEditResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_acceptable_sender: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Messages to this recipient will bypass all detections. - `is_regex: boolean` - `is_trusted_sender: boolean` Messages from this sender will bypass all detections and link following. - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` - `is_recipient?: boolean` - `is_sender?: boolean` - `is_spoof?: boolean` ### Allow Policy Delete Response - `AllowPolicyDeleteResponse` - `id: number` The unique identifier for the allow policy. # Block Senders ## List blocked email senders `client.emailSecurity.settings.blockSenders.list(BlockSenderListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/block_senders` Lists all blocked sender entries with their patterns and block reasons. ### Parameters - `params: BlockSenderListParams` - `account_id: string` Path param: Account Identifier - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `order?: "pattern" | "created_at"` Query param: The field to sort by. - `"pattern"` - `"created_at"` - `page?: number` Query param: The page number of paginated results. - `pattern?: string` Query param - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Query param - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `per_page?: number` Query param: The number of results per page. - `search?: string` Query param: Allows searching in multiple properties of a record simultaneously. This parameter is intended for human users, not automation. Its exact behavior is intentionally left unspecified and is subject to change in the future. ### Returns - `BlockSenderListResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const blockSenderListResponse of client.emailSecurity.settings.blockSenders.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(blockSenderListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 2402, "created_at": "2019-12-27T18:11:19.117Z", "is_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "comments": "comments" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 }, "success": true } ``` ## Get a blocked email sender `client.emailSecurity.settings.blockSenders.get(numberpatternId, BlockSenderGetParamsparams, RequestOptionsoptions?): BlockSenderGetResponse` **get** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Gets information about a specific blocked sender entry, including the pattern and block reason. ### Parameters - `patternId: number` The unique identifier for the allow policy. - `params: BlockSenderGetParams` - `account_id: string` Account Identifier ### Returns - `BlockSenderGetResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const blockSender = await client.emailSecurity.settings.blockSenders.get(2402, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(blockSender.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2402, "created_at": "2019-12-27T18:11:19.117Z", "is_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "comments": "comments" }, "success": true } ``` ## Create a blocked email sender `client.emailSecurity.settings.blockSenders.create(BlockSenderCreateParamsparams, RequestOptionsoptions?): BlockSenderCreateResponse` **post** `/accounts/{account_id}/email-security/settings/block_senders` Adds a sender pattern to the email block list, preventing messages from matching senders from being delivered. ### Parameters - `params: BlockSenderCreateParams` - `account_id: string` Path param: Account Identifier - `is_regex: boolean` Body param - `pattern: string` Body param - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Body param - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` Body param ### Returns - `BlockSenderCreateResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const blockSender = await client.emailSecurity.settings.blockSenders.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', is_regex: false, pattern: 'test@example.com', pattern_type: 'EMAIL', }); console.log(blockSender.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2402, "created_at": "2019-12-27T18:11:19.117Z", "is_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "comments": "comments" }, "success": true } ``` ## Update a blocked email sender `client.emailSecurity.settings.blockSenders.edit(numberpatternId, BlockSenderEditParamsparams, RequestOptionsoptions?): BlockSenderEditResponse` **patch** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Modifies a blocked sender entry, updating its pattern or block reason. ### Parameters - `patternId: number` The unique identifier for the allow policy. - `params: BlockSenderEditParams` - `account_id: string` Path param: Account Identifier - `comments?: string | null` Body param - `is_regex?: boolean | null` Body param - `pattern?: string | null` Body param - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN" | null` Body param - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Returns - `BlockSenderEditResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.blockSenders.edit(2402, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2402, "created_at": "2019-12-27T18:11:19.117Z", "is_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "pattern_type": "EMAIL", "comments": "comments" }, "success": true } ``` ## Delete a blocked email sender `client.emailSecurity.settings.blockSenders.delete(numberpatternId, BlockSenderDeleteParamsparams, RequestOptionsoptions?): BlockSenderDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Removes a sender from the email block list, allowing their messages to be delivered normally. ### Parameters - `patternId: number` The unique identifier for the allow policy. - `params: BlockSenderDeleteParams` - `account_id: string` Account Identifier ### Returns - `BlockSenderDeleteResponse` - `id: number` The unique identifier for the allow policy. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const blockSender = await client.emailSecurity.settings.blockSenders.delete(2402, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(blockSender.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2402 }, "success": true } ``` ## Domain Types ### Block Sender List Response - `BlockSenderListResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Block Sender Get Response - `BlockSenderGetResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Block Sender Create Response - `BlockSenderCreateResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Block Sender Edit Response - `BlockSenderEditResponse` - `id: number` The unique identifier for the allow policy. - `created_at: string` - `is_regex: boolean` - `last_modified: string` - `pattern: string` - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` ### Block Sender Delete Response - `BlockSenderDeleteResponse` - `id: number` The unique identifier for the allow policy. # Domains ## List protected email domains `client.emailSecurity.settings.domains.list(DomainListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/domains` Lists, searches, and sorts an account’s email domains. ### Parameters - `params: DomainListParams` - `account_id: string` Path param: Account Identifier - `active_delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 2 more` Query param: Filters response to domains with the currently active delivery mode. - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `allowed_delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 2 more` Query param: Filters response to domains with the provided delivery mode. - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `domain?: Array` Query param: Filters results by the provided domains, allowing for multiple occurrences. - `integration_id?: string` Query param: Filters response to domains with the provided integration ID. - `order?: "domain" | "created_at"` Query param: The field to sort by. - `"domain"` - `"created_at"` - `page?: number` Query param: The page number of paginated results. - `per_page?: number` Query param: The number of results per page. - `search?: string` Query param: Allows searching in multiple properties of a record simultaneously. This parameter is intended for human users, not automation. Its exact behavior is intentionally left unspecified and is subject to change in the future. ### Returns - `DomainListResponse` - `id: number` The unique identifier for the domain. - `allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `created_at: string` - `domain: string` - `drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `ip_restrictions: Array` - `last_modified: string` - `lookback_hops: number` - `regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `transport: string` - `authorization?: Authorization | null` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `emails_processed?: EmailsProcessed | null` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `o365_tenant_id?: string | null` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const domainListResponse of client.emailSecurity.settings.domains.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(domainListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 2400, "allowed_delivery_modes": [ "API" ], "created_at": "2023-11-14T22:13:20Z", "domain": "example.com", "drop_dispositions": [ "MALICIOUS", "SPAM" ], "ip_restrictions": [ "string" ], "last_modified": "2023-11-14T22:13:20Z", "lookback_hops": 2, "regions": [ "GLOBAL" ], "transport": "example.com", "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "dmarc_status": "good", "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "Inbox", "inbox_provider": "Microsoft", "integration_id": "a5dbb180-60ea-4578-84bb-d01a5d4e50c3", "o365_tenant_id": "c3c3239d-8858-47df-9618-0e2d9bdf6aa8", "require_tls_inbound": false, "require_tls_outbound": true, "spf_status": "good" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 }, "success": true } ``` ## Get an email domain `client.emailSecurity.settings.domains.get(numberdomainId, DomainGetParamsparams, RequestOptionsoptions?): DomainGetResponse` **get** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Gets configuration details for a specific domain in email security. ### Parameters - `domainId: number` The unique identifier for the domain. - `params: DomainGetParams` - `account_id: string` Account Identifier ### Returns - `DomainGetResponse` - `id: number` The unique identifier for the domain. - `allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `created_at: string` - `domain: string` - `drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `ip_restrictions: Array` - `last_modified: string` - `lookback_hops: number` - `regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `transport: string` - `authorization?: Authorization | null` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `emails_processed?: EmailsProcessed | null` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `o365_tenant_id?: string | null` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const domain = await client.emailSecurity.settings.domains.get(2400, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(domain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2400, "allowed_delivery_modes": [ "API" ], "created_at": "2023-11-14T22:13:20Z", "domain": "example.com", "drop_dispositions": [ "MALICIOUS", "SPAM" ], "ip_restrictions": [ "string" ], "last_modified": "2023-11-14T22:13:20Z", "lookback_hops": 2, "regions": [ "GLOBAL" ], "transport": "example.com", "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "dmarc_status": "good", "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "Inbox", "inbox_provider": "Microsoft", "integration_id": "a5dbb180-60ea-4578-84bb-d01a5d4e50c3", "o365_tenant_id": "c3c3239d-8858-47df-9618-0e2d9bdf6aa8", "require_tls_inbound": false, "require_tls_outbound": true, "spf_status": "good" }, "success": true } ``` ## Update an email domain `client.emailSecurity.settings.domains.edit(numberdomainId, DomainEditParamsparams, RequestOptionsoptions?): DomainEditResponse` **patch** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Updates configuration for a domain in email security. ### Parameters - `domainId: number` The unique identifier for the domain. - `params: DomainEditParams` - `account_id: string` Path param: Account Identifier - `ip_restrictions: Array` Body param - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` Body param - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `domain?: string` Body param - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` Body param - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `folder?: "AllItems" | "Inbox"` Body param - `"AllItems"` - `"Inbox"` - `integration_id?: string` Body param - `lookback_hops?: number` Body param - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` Body param - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean` Body param - `require_tls_outbound?: boolean` Body param - `transport?: string` Body param ### Returns - `DomainEditResponse` - `id: number` The unique identifier for the domain. - `allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `created_at: string` - `domain: string` - `drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `ip_restrictions: Array` - `last_modified: string` - `lookback_hops: number` - `regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `transport: string` - `authorization?: Authorization | null` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `emails_processed?: EmailsProcessed | null` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `o365_tenant_id?: string | null` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.domains.edit(2400, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', ip_restrictions: ['192.0.2.0/24', '2001:db8::/32'], }); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2400, "allowed_delivery_modes": [ "API" ], "created_at": "2023-11-14T22:13:20Z", "domain": "example.com", "drop_dispositions": [ "MALICIOUS", "SPAM" ], "ip_restrictions": [ "string" ], "last_modified": "2023-11-14T22:13:20Z", "lookback_hops": 2, "regions": [ "GLOBAL" ], "transport": "example.com", "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "dmarc_status": "good", "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "Inbox", "inbox_provider": "Microsoft", "integration_id": "a5dbb180-60ea-4578-84bb-d01a5d4e50c3", "o365_tenant_id": "c3c3239d-8858-47df-9618-0e2d9bdf6aa8", "require_tls_inbound": false, "require_tls_outbound": true, "spf_status": "good" }, "success": true } ``` ## Unprotect an email domain `client.emailSecurity.settings.domains.delete(numberdomainId, DomainDeleteParamsparams, RequestOptionsoptions?): DomainDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Unprotect an email domain ### Parameters - `domainId: number` The unique identifier for the domain. - `params: DomainDeleteParams` - `account_id: string` Account Identifier ### Returns - `DomainDeleteResponse` - `id: number` The unique identifier for the domain. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const domain = await client.emailSecurity.settings.domains.delete(2400, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(domain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2400 }, "success": true } ``` ## Unprotect multiple email domains `client.emailSecurity.settings.domains.bulkDelete(DomainBulkDeleteParamsparams, RequestOptionsoptions?): SinglePage` **delete** `/accounts/{account_id}/email-security/settings/domains` Bulk removes multiple domains from email security configuration in a single request. ### Parameters - `params: DomainBulkDeleteParams` - `account_id: string` Account Identifier ### Returns - `DomainBulkDeleteResponse` - `id: number` The unique identifier for the domain. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const domainBulkDeleteResponse of client.emailSecurity.settings.domains.bulkDelete({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(domainBulkDeleteResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 2400 } ], "success": true } ``` ## Domain Types ### Domain List Response - `DomainListResponse` - `id: number` The unique identifier for the domain. - `allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `created_at: string` - `domain: string` - `drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `ip_restrictions: Array` - `last_modified: string` - `lookback_hops: number` - `regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `transport: string` - `authorization?: Authorization | null` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `emails_processed?: EmailsProcessed | null` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `o365_tenant_id?: string | null` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` ### Domain Get Response - `DomainGetResponse` - `id: number` The unique identifier for the domain. - `allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `created_at: string` - `domain: string` - `drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `ip_restrictions: Array` - `last_modified: string` - `lookback_hops: number` - `regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `transport: string` - `authorization?: Authorization | null` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `emails_processed?: EmailsProcessed | null` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `o365_tenant_id?: string | null` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` ### Domain Edit Response - `DomainEditResponse` - `id: number` The unique identifier for the domain. - `allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `created_at: string` - `domain: string` - `drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `ip_restrictions: Array` - `last_modified: string` - `lookback_hops: number` - `regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `transport: string` - `authorization?: Authorization | null` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `emails_processed?: EmailsProcessed | null` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `o365_tenant_id?: string | null` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` ### Domain Delete Response - `DomainDeleteResponse` - `id: number` The unique identifier for the domain. ### Domain Bulk Delete Response - `DomainBulkDeleteResponse` - `id: number` The unique identifier for the domain. # Impersonation Registry ## List entries in impersonation registry `client.emailSecurity.settings.impersonationRegistry.list(ImpersonationRegistryListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/impersonation_registry` Lists, searches, and sorts entries in the impersonation registry. ### Parameters - `params: ImpersonationRegistryListParams` - `account_id: string` Path param: Account Identifier - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `order?: "name" | "email" | "created_at"` Query param: The field to sort by. - `"name"` - `"email"` - `"created_at"` - `page?: number` Query param: The page number of paginated results. - `per_page?: number` Query param: The number of results per page. - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` Query param - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` - `search?: string` Query param: Allows searching in multiple properties of a record simultaneously. This parameter is intended for human users, not automation. Its exact behavior is intentionally left unspecified and is subject to change in the future. ### Returns - `ImpersonationRegistryListResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const impersonationRegistryListResponse of client.emailSecurity.settings.impersonationRegistry.list( { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(impersonationRegistryListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 2403, "created_at": "2019-12-27T18:11:19.117Z", "email": "email", "is_email_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "name": "name", "comments": "comments", "directory_id": 0, "directory_node_id": 0, "external_directory_node_id": "external_directory_node_id", "provenance": "provenance" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 }, "success": true } ``` ## Get an entry in impersonation registry `client.emailSecurity.settings.impersonationRegistry.get(numberdisplayNameId, ImpersonationRegistryGetParamsparams, RequestOptionsoptions?): ImpersonationRegistryGetResponse` **get** `/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}` Retrieves a display name entry used for impersonation protection. ### Parameters - `displayNameId: number` - `params: ImpersonationRegistryGetParams` - `account_id: string` Account Identifier ### Returns - `ImpersonationRegistryGetResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const impersonationRegistry = await client.emailSecurity.settings.impersonationRegistry.get(2403, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(impersonationRegistry.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2403, "created_at": "2019-12-27T18:11:19.117Z", "email": "email", "is_email_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "name": "name", "comments": "comments", "directory_id": 0, "directory_node_id": 0, "external_directory_node_id": "external_directory_node_id", "provenance": "provenance" }, "success": true } ``` ## Create an entry in impersonation registry `client.emailSecurity.settings.impersonationRegistry.create(ImpersonationRegistryCreateParamsparams, RequestOptionsoptions?): ImpersonationRegistryCreateResponse` **post** `/accounts/{account_id}/email-security/settings/impersonation_registry` Creates a display name entry for email security impersonation protection. ### Parameters - `params: ImpersonationRegistryCreateParams` - `account_id: string` Path param: Account Identifier - `email: string` Body param - `is_email_regex: boolean` Body param - `name: string` Body param ### Returns - `ImpersonationRegistryCreateResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const impersonationRegistry = await client.emailSecurity.settings.impersonationRegistry.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', email: 'email', is_email_regex: true, name: 'name', }); console.log(impersonationRegistry.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2403, "created_at": "2019-12-27T18:11:19.117Z", "email": "email", "is_email_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "name": "name", "comments": "comments", "directory_id": 0, "directory_node_id": 0, "external_directory_node_id": "external_directory_node_id", "provenance": "provenance" }, "success": true } ``` ## Update an entry in impersonation registry `client.emailSecurity.settings.impersonationRegistry.edit(numberdisplayNameId, ImpersonationRegistryEditParamsparams, RequestOptionsoptions?): ImpersonationRegistryEditResponse` **patch** `/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}` Updates a display name entry used for impersonation protection. ### Parameters - `displayNameId: number` - `params: ImpersonationRegistryEditParams` - `account_id: string` Path param: Account Identifier - `email?: string | null` Body param - `is_email_regex?: boolean | null` Body param - `name?: string | null` Body param ### Returns - `ImpersonationRegistryEditResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.impersonationRegistry.edit(2403, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2403, "created_at": "2019-12-27T18:11:19.117Z", "email": "email", "is_email_regex": true, "last_modified": "2019-12-27T18:11:19.117Z", "name": "name", "comments": "comments", "directory_id": 0, "directory_node_id": 0, "external_directory_node_id": "external_directory_node_id", "provenance": "provenance" }, "success": true } ``` ## Delete an entry from impersonation registry `client.emailSecurity.settings.impersonationRegistry.delete(numberdisplayNameId, ImpersonationRegistryDeleteParamsparams, RequestOptionsoptions?): ImpersonationRegistryDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}` Removes a display name from impersonation protection monitoring. ### Parameters - `displayNameId: number` - `params: ImpersonationRegistryDeleteParams` - `account_id: string` Account Identifier ### Returns - `ImpersonationRegistryDeleteResponse` - `id: number` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const impersonationRegistry = await client.emailSecurity.settings.impersonationRegistry.delete( 2403, { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(impersonationRegistry.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2403 }, "success": true } ``` ## Domain Types ### Impersonation Registry List Response - `ImpersonationRegistryListResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Impersonation Registry Get Response - `ImpersonationRegistryGetResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Impersonation Registry Create Response - `ImpersonationRegistryCreateResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Impersonation Registry Edit Response - `ImpersonationRegistryEditResponse` - `id: number` - `created_at: string` - `email: string` - `is_email_regex: boolean` - `last_modified: string` - `name: string` - `comments?: string | null` - `directory_id?: number | null` - `directory_node_id?: number | null` - `external_directory_node_id?: string | null` - `provenance?: string | null` ### Impersonation Registry Delete Response - `ImpersonationRegistryDeleteResponse` - `id: number` # Trusted Domains ## List trusted email domains `client.emailSecurity.settings.trustedDomains.list(TrustedDomainListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/trusted_domains` Lists, searches, and sorts an account’s trusted email domains. ### Parameters - `params: TrustedDomainListParams` - `account_id: string` Path param: Account Identifier - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `is_recent?: boolean` Query param - `is_similarity?: boolean` Query param - `order?: "pattern" | "created_at"` Query param: The field to sort by. - `"pattern"` - `"created_at"` - `page?: number` Query param: The page number of paginated results. - `pattern?: string` Query param - `per_page?: number` Query param: The number of results per page. - `search?: string` Query param: Allows searching in multiple properties of a record simultaneously. This parameter is intended for human users, not automation. Its exact behavior is intentionally left unspecified and is subject to change in the future. ### Returns - `TrustedDomainListResponse` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const trustedDomainListResponse of client.emailSecurity.settings.trustedDomains.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(trustedDomainListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_recent": true, "is_regex": true, "is_similarity": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "comments": "comments" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 }, "success": true } ``` ## Get a trusted email domain `client.emailSecurity.settings.trustedDomains.get(numbertrustedDomainId, TrustedDomainGetParamsparams, RequestOptionsoptions?): TrustedDomainGetResponse` **get** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Gets information about a specific trusted domain entry. ### Parameters - `trustedDomainId: number` The unique identifier for the trusted domain. - `params: TrustedDomainGetParams` - `account_id: string` Account Identifier ### Returns - `TrustedDomainGetResponse` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const trustedDomain = await client.emailSecurity.settings.trustedDomains.get(2401, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(trustedDomain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_recent": true, "is_regex": true, "is_similarity": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "comments": "comments" }, "success": true } ``` ## Create a trusted email domain `client.emailSecurity.settings.trustedDomains.create(TrustedDomainCreateParamsparams, RequestOptionsoptions?): TrustedDomainCreateResponse` **post** `/accounts/{account_id}/email-security/settings/trusted_domains` Adds a domain to the trusted domains list for email security, reducing false positive detections. ### Parameters - `TrustedDomainCreateParams = EmailSecurityCreateTrustedDomain | Variant1` - `TrustedDomainCreateParamsBase` - `EmailSecurityCreateTrustedDomain extends TrustedDomainCreateParamsBase` - `Variant1 extends TrustedDomainCreateParamsBase` ### Returns - `TrustedDomainCreateResponse = EmailSecurityTrustedDomain | Array` - `EmailSecurityTrustedDomain` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` - `Array` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const trustedDomain = await client.emailSecurity.settings.trustedDomains.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', is_recent: true, is_regex: false, is_similarity: false, pattern: 'example.com', }); console.log(trustedDomain); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_recent": true, "is_regex": true, "is_similarity": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "comments": "comments" }, "success": true } ``` ## Update a trusted email domain `client.emailSecurity.settings.trustedDomains.edit(numbertrustedDomainId, TrustedDomainEditParamsparams, RequestOptionsoptions?): TrustedDomainEditResponse` **patch** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Modifies a trusted domain entry's configuration. ### Parameters - `trustedDomainId: number` The unique identifier for the trusted domain. - `params: TrustedDomainEditParams` - `account_id: string` Path param: Account Identifier - `comments?: string` Body param - `is_recent?: boolean` Body param: Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` Body param - `is_similarity?: boolean` Body param: Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `pattern?: string` Body param ### Returns - `TrustedDomainEditResponse` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.trustedDomains.edit(2401, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401, "created_at": "2019-12-27T18:11:19.117Z", "is_recent": true, "is_regex": true, "is_similarity": true, "last_modified": "2019-12-27T18:11:19.117Z", "pattern": "x", "comments": "comments" }, "success": true } ``` ## Delete a trusted email domain `client.emailSecurity.settings.trustedDomains.delete(numbertrustedDomainId, TrustedDomainDeleteParamsparams, RequestOptionsoptions?): TrustedDomainDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Removes a domain from the trusted domains list, subjecting it to normal security scanning. ### Parameters - `trustedDomainId: number` The unique identifier for the trusted domain. - `params: TrustedDomainDeleteParams` - `account_id: string` Account Identifier ### Returns - `TrustedDomainDeleteResponse` - `id: number` The unique identifier for the trusted domain. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const trustedDomain = await client.emailSecurity.settings.trustedDomains.delete(2401, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(trustedDomain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": 2401 }, "success": true } ``` ## Domain Types ### Trusted Domain List Response - `TrustedDomainListResponse` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Trusted Domain Get Response - `TrustedDomainGetResponse` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Trusted Domain Create Response - `TrustedDomainCreateResponse = EmailSecurityTrustedDomain | Array` - `EmailSecurityTrustedDomain` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` - `Array` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Trusted Domain Edit Response - `TrustedDomainEditResponse` - `id: number` The unique identifier for the trusted domain. - `created_at: string` - `is_recent: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` - `is_similarity: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified: string` - `pattern: string` - `comments?: string | null` ### Trusted Domain Delete Response - `TrustedDomainDeleteResponse` - `id: number` The unique identifier for the trusted domain. # Submissions ## Get reclassify submissions `client.emailSecurity.submissions.list(SubmissionListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/submissions` This endpoint returns information for submissions to made to reclassify emails. ### Parameters - `params: SubmissionListParams` - `account_id: string` Path param: Account Identifier - `customer_status?: "escalated" | "reviewed" | "unreviewed"` Query param - `"escalated"` - `"reviewed"` - `"unreviewed"` - `end?: string` Query param: The end of the search date range. Defaults to `now` if not provided. - `original_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `outcome_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `page?: number` Query param: The page number of paginated results. - `per_page?: number` Query param: The number of results per page. - `query?: string | null` Query param - `requested_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `start?: string` Query param: The beginning of the search date range. Defaults to `now - 30 days` if not provided. - `status?: string` Query param - `submission_id?: string` Query param - `type?: "TEAM" | "USER"` Query param - `"TEAM"` - `"USER"` ### Returns - `SubmissionListResponse` - `requested_ts: string` deprecated as of 2026-04-01, use `requested_at` instead. - `submission_id: string` - `customer_status?: "escalated" | "reviewed" | "unreviewed" | null` - `"escalated"` - `"reviewed"` - `"unreviewed"` - `escalated_as?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `escalated_at?: string | null` - `escalated_by?: string | null` - `escalated_submission_id?: string | null` - `original_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `original_edf_hash?: string | null` - `original_postfix_id?: string | null` - `outcome?: string | null` - `outcome_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `requested_at?: string | null` - `requested_by?: string | null` - `requested_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `status?: string | null` - `subject?: string | null` - `type?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const submissionListResponse of client.emailSecurity.submissions.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(submissionListResponse.submission_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "requested_ts": "2019-12-27T18:11:19.117Z", "submission_id": "submission_id", "customer_status": "escalated", "escalated_as": "MALICIOUS", "escalated_at": "2019-12-27T18:11:19.117Z", "escalated_by": "escalated_by", "escalated_submission_id": "escalated_submission_id", "original_disposition": "MALICIOUS", "original_edf_hash": "original_edf_hash", "original_postfix_id": "original_postfix_id", "outcome": "outcome", "outcome_disposition": "MALICIOUS", "requested_at": "2019-12-27T18:11:19.117Z", "requested_by": "requested_by", "requested_disposition": "MALICIOUS", "status": "status", "subject": "subject", "type": "type" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 }, "success": true } ``` ## Domain Types ### Submission List Response - `SubmissionListResponse` - `requested_ts: string` deprecated as of 2026-04-01, use `requested_at` instead. - `submission_id: string` - `customer_status?: "escalated" | "reviewed" | "unreviewed" | null` - `"escalated"` - `"reviewed"` - `"unreviewed"` - `escalated_as?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `escalated_at?: string | null` - `escalated_by?: string | null` - `escalated_submission_id?: string | null` - `original_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `original_edf_hash?: string | null` - `original_postfix_id?: string | null` - `outcome?: string | null` - `outcome_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `requested_at?: string | null` - `requested_by?: string | null` - `requested_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `status?: string | null` - `subject?: string | null` - `type?: string | null`