API Reference

Email Security

Submissions

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get reclassify submissions

GET/accounts/{account_id}/email-security/submissions

This endpoint returns information for submissions to made to reclassify emails.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Path ParametersExpand Collapse

account_id: string

Account Identifier

maxLength32

minLength32

Query ParametersExpand Collapse

customer_status: optional "escalated" or "reviewed" or "unreviewed"

One of the following:

"escalated"

"reviewed"

"unreviewed"

end: optional string

The end of the search date range. Defaults to now if not provided.

formatdate-time

original_disposition: optional "MALICIOUS" or "SUSPICIOUS" or "SPOOF" or 3 more

One of the following:

"MALICIOUS"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"NONE"

outcome_disposition: optional "MALICIOUS" or "SUSPICIOUS" or "SPOOF" or 3 more

One of the following:

"MALICIOUS"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"NONE"

page: optional number

The page number of paginated results.

formatint32

minimum1

per_page: optional number

The number of results per page.

formatint32

minimum1

query: optional string

requested_disposition: optional "MALICIOUS" or "SUSPICIOUS" or "SPOOF" or 3 more

One of the following:

"MALICIOUS"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"NONE"

start: optional string

The beginning of the search date range. Defaults to now - 30 days if not provided.

formatdate-time

status: optional string

submission_id: optional string

type: optional "TEAM" or "USER"

One of the following:

"TEAM"

"USER"

ReturnsExpand Collapse

errors: array of ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

messages: array of ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

result: array of object { requested_ts, submission_id, customer_status, 15 more }

Deprecatedrequested_ts: string

deprecated as of 2026-04-01, use requested_at instead.

formatdate-time

submission_id: string

customer_status: optional "escalated" or "reviewed" or "unreviewed"

One of the following:

"escalated"

"reviewed"

"unreviewed"

escalated_as: optional "MALICIOUS" or "MALICIOUS-BEC" or "SUSPICIOUS" or 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

escalated_at: optional string

formatdate-time

escalated_by: optional string

escalated_submission_id: optional string

original_disposition: optional "MALICIOUS" or "MALICIOUS-BEC" or "SUSPICIOUS" or 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

original_edf_hash: optional string

original_postfix_id: optional string

outcome: optional string

outcome_disposition: optional "MALICIOUS" or "MALICIOUS-BEC" or "SUSPICIOUS" or 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

requested_at: optional string

formatdate-time

requested_by: optional string

requested_disposition: optional "MALICIOUS" or "MALICIOUS-BEC" or "SUSPICIOUS" or 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

status: optional string

subject: optional string

type: optional string

result_info: object { count, page, per_page, total_count }

count: number

Total number of results for the requested service

formatint32

page: number

Current page within paginated list of results

formatint32

per_page: number

Number of results per page of results

formatint32

total_count: number

Total results available without any search parameters

formatint32

success: boolean

Get reclassify submissions

HTTP

HTTP

TypeScript

Python

Go

Terraform

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/email-security/submissions \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "requested_ts": "2019-12-27T18:11:19.117Z",
      "submission_id": "submission_id",
      "customer_status": "escalated",
      "escalated_as": "MALICIOUS",
      "escalated_at": "2019-12-27T18:11:19.117Z",
      "escalated_by": "escalated_by",
      "escalated_submission_id": "escalated_submission_id",
      "original_disposition": "MALICIOUS",
      "original_edf_hash": "original_edf_hash",
      "original_postfix_id": "original_postfix_id",
      "outcome": "outcome",
      "outcome_disposition": "MALICIOUS",
      "requested_at": "2019-12-27T18:11:19.117Z",
      "requested_by": "requested_by",
      "requested_disposition": "MALICIOUS",
      "status": "status",
      "subject": "subject",
      "type": "type"
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "requested_ts": "2019-12-27T18:11:19.117Z",
      "submission_id": "submission_id",
      "customer_status": "escalated",
      "escalated_as": "MALICIOUS",
      "escalated_at": "2019-12-27T18:11:19.117Z",
      "escalated_by": "escalated_by",
      "escalated_submission_id": "escalated_submission_id",
      "original_disposition": "MALICIOUS",
      "original_edf_hash": "original_edf_hash",
      "original_postfix_id": "original_postfix_id",
      "outcome": "outcome",
      "outcome_disposition": "MALICIOUS",
      "requested_at": "2019-12-27T18:11:19.117Z",
      "requested_by": "requested_by",
      "requested_disposition": "MALICIOUS",
      "status": "status",
      "subject": "subject",
      "type": "type"
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  },
  "success": true
}