Skip to content
Cloudflare API
Start here
API Reference
Email Security
Submissions

Get reclassify submissions

client.emailSecurity.submissions.list(SubmissionListParams { account_id, end, escalated_from_user, 10 more } params, RequestOptionsoptions?): V4PagePaginationArray<SubmissionListResponse { requested_at, submission_id, customer_status, 15 more } >
GET/accounts/{account_id}/email-security/submissions

Returns information for submissions made to reclassify emails. Shows the status, outcome, and disposition changes for reclassification requests made by users or the security team. Useful for tracking false positive/negative reports.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
params: SubmissionListParams { account_id, end, escalated_from_user, 10 more }
account_id: string

Path param: Identifier.

maxLength32
end?: string

Query param: The end of the search date range. Defaults to now.

formatdate-time
escalated_from_user?: boolean

Query param: When true, return only submissions that were escalated by an end user (vs. by the security team). When false, return only submissions that were not escalated by an end user. When omitted, no filter is applied.

original_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more

Query param

One of the following:
"MALICIOUS"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"NONE"
outcome_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more

Query param

One of the following:
"MALICIOUS"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"NONE"
page?: number

Query param: Current page within paginated list of results.

minimum1
per_page?: number

Query param: The number of results per page. Maximum value is 1000.

maximum1000
minimum1
query?: string | null

Query param

requested_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more

Query param

One of the following:
"MALICIOUS"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"NONE"
start?: string

Query param: The beginning of the search date range. Defaults to now - 30 days.

formatdate-time
status?: string

Query param

submission_id?: string

Query param

type?: "TEAM" | "USER"

Query param

One of the following:
"TEAM"
"USER"
ReturnsExpand Collapse
SubmissionListResponse { requested_at, submission_id, customer_status, 15 more }
requested_at: string

When the submission was requested (UTC).

formatdate-time
submission_id: string
customer_status?: "escalated" | "reviewed" | "unreviewed" | null
One of the following:
"escalated"
"reviewed"
"unreviewed"
escalated_as?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null
One of the following:
"MALICIOUS"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"NONE"
escalated_at?: string | null
formatdate-time
escalated_by?: string | null
escalated_submission_id?: string | null
original_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null
One of the following:
"MALICIOUS"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"NONE"
original_edf_hash?: string | null
original_postfix_id?: string | null

The postfix ID of the original message that was submitted

outcome?: string | null
outcome_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null
One of the following:
"MALICIOUS"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"NONE"
requested_by?: string | null
requested_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null
One of the following:
"MALICIOUS"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"NONE"
Deprecatedrequested_ts?: string

Deprecated, use requested_at instead

status?: string | null
subject?: string | null
type?: "Team" | "User" | null

Whether the submission was created by a team member or an end user.

One of the following:
"Team"
"User"

Get reclassify submissions

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const submissionListResponse of client.emailSecurity.submissions.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(submissionListResponse.submission_id);
}
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "requested_at": "2019-12-27T18:11:19.117Z",
      "submission_id": "submission_id",
      "customer_status": "escalated",
      "escalated_as": "MALICIOUS",
      "escalated_at": "2019-12-27T18:11:19.117Z",
      "escalated_by": "escalated_by",
      "escalated_submission_id": "escalated_submission_id",
      "original_disposition": "MALICIOUS",
      "original_edf_hash": "original_edf_hash",
      "original_postfix_id": "original_postfix_id",
      "outcome": "outcome",
      "outcome_disposition": "MALICIOUS",
      "requested_by": "requested_by",
      "requested_disposition": "MALICIOUS",
      "requested_ts": "requested_ts",
      "status": "status",
      "subject": "subject",
      "type": "Team"
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "requested_at": "2019-12-27T18:11:19.117Z",
      "submission_id": "submission_id",
      "customer_status": "escalated",
      "escalated_as": "MALICIOUS",
      "escalated_at": "2019-12-27T18:11:19.117Z",
      "escalated_by": "escalated_by",
      "escalated_submission_id": "escalated_submission_id",
      "original_disposition": "MALICIOUS",
      "original_edf_hash": "original_edf_hash",
      "original_postfix_id": "original_postfix_id",
      "outcome": "outcome",
      "outcome_disposition": "MALICIOUS",
      "requested_by": "requested_by",
      "requested_disposition": "MALICIOUS",
      "requested_ts": "requested_ts",
      "status": "status",
      "subject": "subject",
      "type": "Team"
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}