# Investigate ## Search email messages `client.emailSecurity.investigate.list(InvestigateListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/investigate` Returns information for each email that matches the search parameter(s). If the search takes too long, the endpoint returns 202 with a Location header pointing to a polling endpoint where results can be retrieved once ready. ### Parameters - `params: InvestigateListParams` - `account_id: string` Path param: Account Identifier - `action_log?: boolean` Query param: Determines if the message action log is included in the response. - `alert_id?: string` Query param - `cursor?: string` Query param - `detections_only?: boolean` Query param: Determines if the search results will include detections or not. - `domain?: string` Query param: Filter by a domain found in the email: sender domain, recipient domain, or a domain in a link. - `end?: string` Query param: The end of the search date range. Defaults to `now` if not provided. - `exact_subject?: string` Query param: Search for messages with an exact subject match. - `final_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param: The dispositions the search filters by. - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | "SUBMITTED"` Query param: The message actions the search filters by. - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `"SUBMITTED"` - `message_id?: string` Query param - `metric?: string` Query param - `page?: number | null` Query param: Deprecated: Use cursor pagination instead. - `per_page?: number` Query param: The number of results per page. - `query?: string` Query param: The space-delimited term used in the query. The search is case-insensitive. The content of the following email metadata fields are searched: * alert_id * CC * From (envelope_from) * From Name * final_disposition * md5 hash (of any attachment) * sha1 hash (of any attachment) * sha256 hash (of any attachment) * name (of any attachment) * Reason * Received DateTime (yyyy-mm-ddThh:mm:ss) * Sent DateTime (yyyy-mm-ddThh:mm:ss) * ReplyTo * To (envelope_to) * To Name * Message-ID * smtp_helo_server_ip * smtp_previous_hop_ip * x_originating_ip * Subject - `recipient?: string` Query param: Filter by recipient. Matches either an email address or a domain. - `sender?: string` Query param: Filter by sender. Matches either an email address or a domain. - `start?: string` Query param: The beginning of the search date range. Defaults to `now - 30 days` if not provided. - `subject?: string` Query param: Search for messages containing individual keywords in any order within the subject. - `submissions?: boolean` Query param: Search for submissions instead of original messages ### Returns - `InvestigateListResponse` - `id: string` - `action_log: unknown` Deprecated: use `/investigate/{id}/action_log` instead. - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const investigateListResponse of client.emailSecurity.investigate.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(investigateListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65", "action_log": [], "client_recipients": [ "email@example.com" ], "detection_reasons": [ "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=127.0.0[dot]186" ], "is_phish_submission": false, "is_quarantined": false, "postfix_id": "47JJcT1w6GztQV7", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "2019-11-20T23:22:01", "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49", "delivery_mode": "DIRECT", "edf_hash": null, "envelope_from": "d1994@example.com", "envelope_to": [ "email@example.com" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "d1994@example.com", "from_name": "Sender Name", "htmltext_structure_hash": null, "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": null, "replyto": "email@example.com", "scanned_at": "2019-11-20T23:22:01Z", "sent_at": "2019-11-21T00:22:01Z", "sent_date": "2019-11-21T00:22:01", "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place", "threat_categories": [ "IPReputation", "ASNReputation" ], "to": [ "email@example.com" ], "to_name": [ "Recipient Name" ], "validation": { "comment": null, "dkim": "pass", "dmarc": "none", "spf": "fail" } } ], "result_info": { "count": 0, "page": 0, "per_page": 0, "total_count": 0, "next": "next", "previous": "previous" }, "success": true } ``` ## Get message details `client.emailSecurity.investigate.get(stringpostfixId, InvestigateGetParamsparams, RequestOptionsoptions?): InvestigateGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}` Retrieves detailed information about a specific email message, including headers, metadata, and security scan results. ### Parameters - `postfixId: string` The identifier of the message. - `params: InvestigateGetParams` - `account_id: string` Path param: Account Identifier - `submission?: boolean` Query param: When true, search the submissions datastore only. When false or omitted, search the regular datastore only. ### Returns - `InvestigateGetResponse` - `id: string` - `action_log: unknown` Deprecated: use `/investigate/{id}/action_log` instead. - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const investigate = await client.emailSecurity.investigate.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(investigate.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65", "action_log": [], "client_recipients": [ "email@example.com" ], "detection_reasons": [ "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=127.0.0[dot]186" ], "is_phish_submission": false, "is_quarantined": false, "postfix_id": "47JJcT1w6GztQV7", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "2019-11-20T23:22:01", "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49", "delivery_mode": "DIRECT", "edf_hash": null, "envelope_from": "d1994@example.com", "envelope_to": [ "email@example.com" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "d1994@example.com", "from_name": "Sender Name", "htmltext_structure_hash": null, "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": null, "replyto": "email@example.com", "scanned_at": "2019-11-20T23:22:01Z", "sent_at": "2019-11-21T00:22:01Z", "sent_date": "2019-11-21T00:22:01", "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place", "threat_categories": [ "IPReputation", "ASNReputation" ], "to": [ "email@example.com" ], "to_name": [ "Recipient Name" ], "validation": { "comment": null, "dkim": "pass", "dmarc": "none", "spf": "fail" } }, "success": true } ``` ## Domain Types ### Investigate List Response - `InvestigateListResponse` - `id: string` - `action_log: unknown` Deprecated: use `/investigate/{id}/action_log` instead. - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` ### Investigate Get Response - `InvestigateGetResponse` - `id: string` - `action_log: unknown` Deprecated: use `/investigate/{id}/action_log` instead. - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message. - `properties: Properties` - `allowlisted_pattern?: string` - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean` - `blocklisted_pattern?: string` - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more` - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">` - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string` - `sent_at?: string` - `sent_date?: string | null` Deprecated, use `sent_at` instead - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation | null` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` # Detections ## Get message detection details `client.emailSecurity.investigate.detections.get(stringpostfixId, DetectionGetParamsparams, RequestOptionsoptions?): DetectionGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/detections` Returns detection details such as threat categories and sender information for non-benign messages. ### Parameters - `postfixId: string` The identifier of the message. - `params: DetectionGetParams` - `account_id: string` Account Identifier ### Returns - `DetectionGetResponse` - `action: string` - `attachments: Array` - `size: number` - `content_type?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `encrypted?: boolean | null` - `name?: string | null` - `headers: Array
` - `name: string` - `value: string` - `links: Array` - `href: string` - `text?: string | null` - `sender_info: SenderInfo` - `as_name?: string | null` The name of the autonomous system. - `as_number?: number | null` The number of the autonomous system. - `geo?: string | null` - `ip?: string | null` - `pld?: string | null` - `threat_categories: Array` - `id: number` - `description?: string | null` - `name?: string | null` - `validation: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const detection = await client.emailSecurity.investigate.detections.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(detection.validation); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "QUARANTINED", "attachments": [ { "size": 0, "content_type": "content_type", "detection": "MALICIOUS", "encrypted": true, "name": "name" } ], "headers": [ { "name": "From", "value": "Sender Name " }, { "name": "Subject", "value": "listen, I highly recommend u to read that email, just to ensure not a thing will take place" } ], "links": [ { "href": "https://example.com", "text": "Click here!" } ], "sender_info": { "as_name": "AS0", "as_number": 0, "geo": "US/-/-", "ip": "127.0.0.1", "pld": "example.com" }, "threat_categories": [ { "id": 1234, "description": null, "name": "IP Reputation" } ], "validation": { "comment": null, "dkim": "pass", "dmarc": "none", "spf": "fail" }, "final_disposition": "MALICIOUS" }, "success": true } ``` ## Domain Types ### Detection Get Response - `DetectionGetResponse` - `action: string` - `attachments: Array` - `size: number` - `content_type?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `encrypted?: boolean | null` - `name?: string | null` - `headers: Array
` - `name: string` - `value: string` - `links: Array` - `href: string` - `text?: string | null` - `sender_info: SenderInfo` - `as_name?: string | null` The name of the autonomous system. - `as_number?: number | null` The number of the autonomous system. - `geo?: string | null` - `ip?: string | null` - `pld?: string | null` - `threat_categories: Array` - `id: number` - `description?: string | null` - `name?: string | null` - `validation: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more | null` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` # Preview ## Get email preview `client.emailSecurity.investigate.preview.get(stringpostfixId, PreviewGetParamsparams, RequestOptionsoptions?): PreviewGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/preview` Returns a preview of the message body as a base64 encoded PNG image for non-benign messages. ### Parameters - `postfixId: string` The identifier of the message. - `params: PreviewGetParams` - `account_id: string` Account Identifier ### Returns - `PreviewGetResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const preview = await client.emailSecurity.investigate.preview.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(preview.screenshot); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg==" }, "success": true } ``` ## Preview for non-detection messages `client.emailSecurity.investigate.preview.create(PreviewCreateParamsparams, RequestOptionsoptions?): PreviewCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/preview` Generates a preview of an email message for safe viewing without executing any embedded content. ### Parameters - `params: PreviewCreateParams` - `account_id: string` Path param: Account Identifier - `postfix_id: string` Body param: The identifier of the message. - `submission?: boolean` Query param: When true, search the submissions datastore only. When false or omitted, search the regular datastore only. ### Returns - `PreviewCreateResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const preview = await client.emailSecurity.investigate.preview.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', postfix_id: '4Njp3P0STMz2c02Q', }); console.log(preview.screenshot); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg==" }, "success": true } ``` ## Domain Types ### Preview Get Response - `PreviewGetResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Preview Create Response - `PreviewCreateResponse` - `screenshot: string` A base64 encoded PNG image of the email. # Raw ## Get raw email content `client.emailSecurity.investigate.raw.get(stringpostfixId, RawGetParamsparams, RequestOptionsoptions?): RawGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/raw` Returns the raw eml of any non-benign message. ### Parameters - `postfixId: string` The identifier of the message. - `params: RawGetParams` - `account_id: string` Account Identifier ### Returns - `RawGetResponse` - `raw: string` A UTF-8 encoded eml file of the email. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const raw = await client.emailSecurity.investigate.raw.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(raw.raw); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "raw": "MIME-Version: 1.0\nContent-Type: text/plain; charset=\"utf-8\"\n\nFrom: sender@example.com\nTo: recipient@example.com\nSubject: Test Email\n\nThis is a test email." }, "success": true } ``` ## Domain Types ### Raw Get Response - `RawGetResponse` - `raw: string` A UTF-8 encoded eml file of the email. # Trace ## Get email trace `client.emailSecurity.investigate.trace.get(stringpostfixId, TraceGetParamsparams, RequestOptionsoptions?): TraceGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/trace` Gets the delivery trace for an email message, showing its path through email security processing. ### Parameters - `postfixId: string` The identifier of the message. - `params: TraceGetParams` - `account_id: string` Path param: Account Identifier - `submission?: boolean` Query param: When true, search the submissions datastore only. When false or omitted, search the regular datastore only. ### Returns - `TraceGetResponse` - `inbound: Inbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` - `outbound: Outbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const trace = await client.emailSecurity.investigate.trace.get('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(trace.inbound); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "inbound": { "lines": [ { "lineno": 0, "message": "message", "ts": "2019-12-27T18:11:19.117Z" } ], "pending": true }, "outbound": { "lines": [ { "lineno": 0, "message": "message", "ts": "2019-12-27T18:11:19.117Z" } ], "pending": true } }, "success": true } ``` ## Domain Types ### Trace Get Response - `TraceGetResponse` - `inbound: Inbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` - `outbound: Outbound` - `lines?: Array | null` - `lineno: number` - `message: string` - `ts: string` - `pending?: boolean | null` # Move ## Move a message `client.emailSecurity.investigate.move.create(stringpostfixId, MoveCreateParamsparams, RequestOptionsoptions?): MoveCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/move` Moves a single email message to a different folder or changes its quarantine status. ### Parameters - `postfixId: string` The identifier of the message. - `params: MoveCreateParams` - `account_id: string` Path param: Account Identifier - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` Body param - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `submission?: boolean` Query param: When true, search the submissions datastore only. When false or omitted, search the regular datastore only. ### Returns - `MoveCreateResponse = Array` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const moves = await client.emailSecurity.investigate.move.create('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', destination: 'Inbox', }); console.log(moves); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "completed_timestamp": "2019-12-27T18:11:19.117Z", "item_count": 0, "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "destination": "destination", "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` ## Move multiple messages `client.emailSecurity.investigate.move.bulk(MoveBulkParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/move` Maximum batch size: 1000 messages per request ### Parameters - `params: MoveBulkParams` - `account_id: string` Path param: Account Identifier - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` Body param - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `ids?: Array` Body param: List of message IDs to move. - `postfix_ids?: Array` Body param: Deprecated: Use `ids` instead. List of message IDs to move. ### Returns - `MoveBulkResponse` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const moveBulkResponse of client.emailSecurity.investigate.move.bulk({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', destination: 'Inbox', })) { console.log(moveBulkResponse.message_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "completed_timestamp": "2019-12-27T18:11:19.117Z", "item_count": 0, "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "destination": "destination", "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` ## Domain Types ### Move Create Response - `MoveCreateResponse = Array` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` ### Move Bulk Response - `MoveBulkResponse` - `completed_timestamp: string` Deprecated, use `completed_at` instead - `item_count: number` - `success: boolean` - `completed_at?: string` - `destination?: string | null` - `message_id?: string | null` - `operation?: string | null` - `recipient?: string | null` - `status?: string | null` # Reclassify ## Change email classification `client.emailSecurity.investigate.reclassify.create(stringpostfixId, ReclassifyCreateParamsparams, RequestOptionsoptions?): ReclassifyCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify` Submits an email message for reclassification, updating its threat assessment based on new analysis. ### Parameters - `postfixId: string` The identifier of the message. - `params: ReclassifyCreateParams` - `account_id: string` Path param: Account Identifier - `expected_disposition: "NONE" | "BULK" | "MALICIOUS" | 3 more` Body param - `"NONE"` - `"BULK"` - `"MALICIOUS"` - `"SPAM"` - `"SPOOF"` - `"SUSPICIOUS"` - `submission?: boolean` Query param: When true, search the submissions datastore only. When false or omitted, search the regular datastore only. - `eml_content?: string` Body param: Base64 encoded content of the EML file - `escalated_submission_id?: string` Body param ### Returns - `ReclassifyCreateResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const reclassify = await client.emailSecurity.investigate.reclassify.create('4Njp3P0STMz2c02Q', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', expected_disposition: 'NONE', }); console.log(reclassify); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Reclassify Create Response - `ReclassifyCreateResponse = unknown` # Release ## Release messages from quarantine `client.emailSecurity.investigate.release.bulk(ReleaseBulkParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/release` Releases a quarantined email message, allowing it to be delivered to the recipient. ### Parameters - `params: ReleaseBulkParams` - `account_id: string` Path param: Account Identifier - `body: Array` Body param: A list of messages identfied by their `postfix_id`s that should be released. ### Returns - `ReleaseBulkResponse` - `id: string` - `postfix_id: string` The identifier of the message. - `delivered?: Array | null` - `failed?: Array | null` - `undelivered?: Array | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const releaseBulkResponse of client.emailSecurity.investigate.release.bulk({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', body: ['4Njp3P0STMz2c02Q'], })) { console.log(releaseBulkResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "id", "postfix_id": "4Njp3P0STMz2c02Q", "delivered": [ "string" ], "failed": [ "string" ], "undelivered": [ "string" ] } ], "success": true } ``` ## Domain Types ### Release Bulk Response - `ReleaseBulkResponse` - `id: string` - `postfix_id: string` The identifier of the message. - `delivered?: Array | null` - `failed?: Array | null` - `undelivered?: Array | null`