Cloudflare API | Email Security › Investigate

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/email-security/investigate/$POSTFIX_ID \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200Example

{
  "errors": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "result": {
    "id": "47JJcT1w6GztQV7-email@example.com",
    "action_log": [],
    "client_recipients": [
      "email@example.com"
    ],
    "detection_reasons": [
      "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=<b>127.0.0[dot]186</b>"
    ],
    "is_phish_submission": false,
    "is_quarantined": false,
    "postfix_id": "47JJcT1w6GztQV7",
    "ts": "2019-11-20T23:22:01",
    "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49",
    "delivery_mode": "DIRECT",
    "edf_hash": null,
    "final_disposition": "MALICIOUS",
    "from": "d1994@example.com",
    "from_name": "Sender Name",
    "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>",
    "sent_date": "2019-11-21T00:22:01",
    "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place",
    "threat_categories": [
      "IPReputation",
      "ASNReputation"
    ],
    "to": [
      "email@example.com"
    ],
    "to_name": [
      "Recipient Name"
    ],
    "validation": {
      "comment": null,
      "dkim": "pass",
      "dmarc": "pass",
      "spf": "pass"
    }
  },
  "success": true
}

Search Email Messages -> V4PagePaginationArray<{ id, action_log, client_recipients, 18 more... }>

get/accounts/{account_id}/email-security/investigate

Returns information for each email that matches the search parameter(s).

Email Security Investigate

Detections

email_security.investigate.detections

Methods

Get Message Detection Details -> Envelope<{ action, attachments, headers, 5 more... }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/detections

Returns detection details such as threat categories and sender information for non-benign messages.

Email Security Investigate

Move

email_security.investigate.move

Methods

Move Multiple Messages -> Envelope<Array<{ completed_timestamp, destination, item_count, 4 more... }>>

post/accounts/{account_id}/email-security/investigate/move

Move multiple messages

Move A Message -> Envelope<Array<{ completed_timestamp, destination, item_count, 4 more... }>>

post/accounts/{account_id}/email-security/investigate/{postfix_id}/move

Move a message

Email Security Investigate

Preview

email_security.investigate.preview

Methods

Preview For Non Detection Messages -> Envelope<{ screenshot }>

post/accounts/{account_id}/email-security/investigate/preview

Preview for non-detection messages

Get Email Preview -> Envelope<{ screenshot }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/preview

Returns a preview of the message body as a base64 encoded PNG image for non-benign messages.

Email Security Investigate

Raw

email_security.investigate.raw

Methods

Get Raw Email Content -> Envelope<{ raw }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/raw

Returns the raw eml of any non-benign message.

Email Security Investigate

Reclassify

email_security.investigate.reclassify

Methods

Change Email Classfication -> Envelope<unknown>

post/accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify

Change email classfication

Email Security Investigate

Release

email_security.investigate.release

Methods

Release Messages From Quarantine -> Envelope<Array<{ postfix_id, delivered, failed, 1 more... }>>

post/accounts/{account_id}/email-security/investigate/release

Release messages from quarantine

Email Security Investigate

Trace

email_security.investigate.trace

Methods

Get Email Trace -> Envelope<{ inbound, outbound }>

get/accounts/{account_id}/email-security/investigate/{postfix_id}/trace

Get email trace

Email Security

Settings

email_security.settings

Email Security Settings

Allow Policies

email_security.settings.allow_policies

Methods

Create An Email Allow Policy -> Envelope<{ id, created_at, is_acceptable_sender, 11 more... }>

post/accounts/{account_id}/email-security/settings/allow_policies

Create an email allow policy

Delete An Email Allow Policy -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Delete an email allow policy

Update An Email Allow Policy -> Envelope<{ id, created_at, is_acceptable_sender, 11 more... }>

patch/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Update an email allow policy

Get An Email Allow Policy -> Envelope<{ id, created_at, is_acceptable_sender, 11 more... }>

get/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Get an email allow policy

List Email Allow Policies -> V4PagePaginationArray<{ id, created_at, is_acceptable_sender, 11 more... }>

get/accounts/{account_id}/email-security/settings/allow_policies

Lists, searches, and sorts an account’s email allow policies.

Email Security Settings

Block Senders

email_security.settings.block_senders

Methods

Create A Blocked Email Sender -> Envelope<{ id, created_at, is_regex, 4 more... }>

post/accounts/{account_id}/email-security/settings/block_senders

Create a blocked email sender

Delete A Blocked Email Sender -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Delete a blocked email sender

Update A Blocked Email Sender -> Envelope<{ id, created_at, is_regex, 4 more... }>

patch/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Update a blocked email sender

Get A Blocked Email Sender -> Envelope<{ id, created_at, is_regex, 4 more... }>

get/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Get a blocked email sender

List Blocked Email Senders -> V4PagePaginationArray<{ id, created_at, is_regex, 4 more... }>

get/accounts/{account_id}/email-security/settings/block_senders

List blocked email senders

Email Security Settings

Domains

email_security.settings.domains

Methods

Unprotect Multiple Email Domains -> Envelope<Array<{ id }>>

delete/accounts/{account_id}/email-security/settings/domains

Unprotect multiple email domains

Unprotect An Email Domain -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/domains/{domain_id}

Unprotect an email domain

Update An Email Domain -> Envelope<{ id, allowed_delivery_modes, created_at, 12 more... }>

patch/accounts/{account_id}/email-security/settings/domains/{domain_id}

Update an email domain

Get An Email Domain -> Envelope<{ id, allowed_delivery_modes, created_at, 12 more... }>

get/accounts/{account_id}/email-security/settings/domains/{domain_id}

Get an email domain

List Protected Email Domains -> V4PagePaginationArray<{ id, allowed_delivery_modes, created_at, 12 more... }>

get/accounts/{account_id}/email-security/settings/domains

Lists, searches, and sorts an account’s email domains.

Email Security Settings

Impersonation Registry

email_security.settings.impersonation_registry

Methods

Create An Entry In Impersonation Registry -> Envelope<{ id, created_at, is_email_regex, 8 more... } | Array<{ id, created_at, is_email_regex, 8 more... }>>

post/accounts/{account_id}/email-security/settings/impersonation_registry

Create an entry in impersonation registry

Delete An Entry From Impersonation Registry -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Delete an entry from impersonation registry

Update An Entry In Impersonation Registry -> Envelope<{ id, created_at, is_email_regex, 8 more... }>

patch/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Update an entry in impersonation registry

Get An Entry In Impersonation Registry -> Envelope<{ id, created_at, is_email_regex, 8 more... }>

get/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Get an entry in impersonation registry

List Entries In Impersonation Registry -> V4PagePaginationArray<{ id, created_at, is_email_regex, 8 more... }>

get/accounts/{account_id}/email-security/settings/impersonation_registry

Lists, searches, and sorts entries in the impersonation registry.

Email Security Settings

Trusted Domains

email_security.settings.trusted_domains

Methods

Create A Trusted Email Domain -> Envelope<{ id, created_at, is_recent, 5 more... } | Array<{ id, created_at, is_recent, 5 more... }>>

post/accounts/{account_id}/email-security/settings/trusted_domains

Create a trusted email domain

Delete A Trusted Email Domain -> Envelope<{ id }>

delete/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Delete a trusted email domain

Update A Trusted Email Domain -> Envelope<{ id, created_at, is_recent, 5 more... }>

patch/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Update a trusted email domain

Get A Trusted Email Domain -> Envelope<{ id, created_at, is_recent, 5 more... }>

get/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Get a trusted email domain

List Trusted Email Domains -> V4PagePaginationArray<{ id, created_at, is_recent, 5 more... }>

get/accounts/{account_id}/email-security/settings/trusted_domains

Lists, searches, and sorts an account’s trusted email domains.

Email Security

Submissions

email_security.submissions

Methods

Get Reclassify Submissions -> V4PagePaginationArray<{ requested_ts, submission_id, original_disposition, 7 more... }>

get/accounts/{account_id}/email-security/submissions

This endpoint returns information for submissions to made to reclassify emails.