# Email ## Domain Types ### Radar Email Series - `RadarEmailSeries { FAIL, NONE, PASS }` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Radar Email Summary - `RadarEmailSummary { FAIL, NONE, PASS }` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. # Routing ## Get email routing summary by dimension **get** `/radar/email/routing/summary/{dimension}` Retrieves the distribution of email routing metrics by the specified dimension. ### Path Parameters - `dimension: "IP_VERSION" or "ENCRYPTED" or "ARC" or 3 more` Specifies the attribute by which to group the results. - `"IP_VERSION"` - `"ENCRYPTED"` - `"ARC"` - `"DKIM"` - `"DMARC"` - `"SPF"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `limitPerGroup: optional number` Limits the number of objects per group to the top items within the specified time range. When item count exceeds the limit, extra items appear grouped under an "other" category. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: map[string]` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/summary/$DIMENSION \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "25.084366", "PASS": "50.168733" } }, "success": true } ``` ## Get email routing time series grouped by dimension **get** `/radar/email/routing/timeseries_groups/{dimension}` Retrieves the distribution of email routing metrics grouped by dimension over time. ### Path Parameters - `dimension: "IP_VERSION" or "ENCRYPTED" or "ARC" or 3 more` Specifies the attribute by which to group the results. - `"IP_VERSION"` - `"ENCRYPTED"` - `"ARC"` - `"DKIM"` - `"DMARC"` - `"SPF"` ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `limitPerGroup: optional number` Limits the number of objects per group to the top items within the specified time range. When item count exceeds the limit, extra items appear grouped under an "other" category. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { timestamps }` - `timestamps: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/timeseries_groups/$DIMENSION \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "timestamps": [ "2023-08-08T10:15:00Z" ] } }, "success": true } ``` ## Domain Types ### Routing Summary V2 Response - `RoutingSummaryV2Response { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: map[string]` ### Routing Timeseries Groups V2 Response - `RoutingTimeseriesGroupsV2Response { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { timestamps }` - `timestamps: array of string` # Summary ## Get email ARC validation summary **get** `/radar/email/routing/summary/arc` Retrieves the distribution of emails by ARC (Authenticated Received Chain) validation. ### Query Parameters - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/summary/arc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Get email DKIM validation summary **get** `/radar/email/routing/summary/dkim` Retrieves the distribution of emails by DKIM (DomainKeys Identified Mail) validation. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/summary/dkim \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Get email DMARC validation summary **get** `/radar/email/routing/summary/dmarc` Retrieves the distribution of emails by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/summary/dmarc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Get email encryption status summary **get** `/radar/email/routing/summary/encrypted` Retrieves the distribution of emails by encryption status (encrypted vs. not-encrypted). ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { ENCRYPTED, NOT_ENCRYPTED }` - `ENCRYPTED: string` A numeric string. - `NOT_ENCRYPTED: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/summary/encrypted \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "ENCRYPTED": "10", "NOT_ENCRYPTED": "10" } }, "success": true } ``` ## Get email IP version summary **get** `/radar/email/routing/summary/ip_version` Retrieves the distribution of emails by IP version. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { IPv4, IPv6 }` - `IPv4: string` A numeric string. - `IPv6: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/summary/ip_version \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "IPv4": "10", "IPv6": "10" } }, "success": true } ``` ## Get email SPF validation summary **get** `/radar/email/routing/summary/spf` Retrieves the distribution of emails by SPF (Sender Policy Framework) validation. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/summary/spf \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Domain Types ### Summary ARC Response - `SummaryARCResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. ### Summary DKIM Response - `SummaryDKIMResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. ### Summary DMARC Response - `SummaryDMARCResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. ### Summary Encrypted Response - `SummaryEncryptedResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { ENCRYPTED, NOT_ENCRYPTED }` - `ENCRYPTED: string` A numeric string. - `NOT_ENCRYPTED: string` A numeric string. ### Summary IP Version Response - `SummaryIPVersionResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { IPv4, IPv6 }` - `IPv4: string` A numeric string. - `IPv6: string` A numeric string. ### Summary SPF Response - `SummarySPFResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. # Timeseries Groups ## Get email ARC validation time series **get** `/radar/email/routing/timeseries_groups/arc` Retrieves the distribution of emails by ARC (Authenticated Received Chain) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/timeseries_groups/arc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Get email DKIM validation time series **get** `/radar/email/routing/timeseries_groups/dkim` Retrieves the distribution of emails by DKIM (DomainKeys Identified Mail) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/timeseries_groups/dkim \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Get email DMARC validation time series **get** `/radar/email/routing/timeseries_groups/dmarc` Retrieves the distribution of emails by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/timeseries_groups/dmarc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Get email encryption status time series **get** `/radar/email/routing/timeseries_groups/encrypted` Retrieves the distribution of emails by encryption status (encrypted vs. not-encrypted) over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { ENCRYPTED, NOT_ENCRYPTED }` - `ENCRYPTED: array of string` - `NOT_ENCRYPTED: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/timeseries_groups/encrypted \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "ENCRYPTED": [ "10" ], "NOT_ENCRYPTED": [ "10" ] } }, "success": true } ``` ## Get email IP version time series **get** `/radar/email/routing/timeseries_groups/ip_version` Retrieves the distribution of emails by IP version over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { IPv4, IPv6 }` - `IPv4: array of string` - `IPv6: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/timeseries_groups/ip_version \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "IPv4": [ "10" ], "IPv6": [ "10" ] } }, "success": true } ``` ## Get email SPF validation time series **get** `/radar/email/routing/timeseries_groups/spf` Retrieves the distribution of emails by SPF (Sender Policy Framework) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `encrypted: optional array of "ENCRYPTED" or "NOT_ENCRYPTED"` Filters results by encryption status (encrypted vs. not-encrypted). - `"ENCRYPTED"` - `"NOT_ENCRYPTED"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `ipVersion: optional array of "IPv4" or "IPv6"` Filters results by IP version (Ipv4 vs. IPv6). - `"IPv4"` - `"IPv6"` - `name: optional array of string` Array of names used to label the series in the response. ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/routing/timeseries_groups/spf \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Domain Types ### Timeseries Group ARC Response - `TimeseriesGroupARCResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Timeseries Group DKIM Response - `TimeseriesGroupDKIMResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Timeseries Group DMARC Response - `TimeseriesGroupDMARCResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Timeseries Group Encrypted Response - `TimeseriesGroupEncryptedResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { ENCRYPTED, NOT_ENCRYPTED }` - `ENCRYPTED: array of string` - `NOT_ENCRYPTED: array of string` ### Timeseries Group IP Version Response - `TimeseriesGroupIPVersionResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { IPv4, IPv6 }` - `IPv4: array of string` - `IPv6: array of string` ### Timeseries Group SPF Response - `TimeseriesGroupSPFResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` # Security ## Get email security summary by dimension **get** `/radar/email/security/summary/{dimension}` Retrieves the distribution of email security metrics by the specified dimension. ### Path Parameters - `dimension: "SPAM" or "MALICIOUS" or "SPOOF" or 6 more` Specifies the attribute by which to group the results. - `"SPAM"` - `"MALICIOUS"` - `"SPOOF"` - `"THREAT_CATEGORY"` - `"ARC"` - `"DKIM"` - `"DMARC"` - `"SPF"` - `"TLS_VERSION"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limitPerGroup: optional number` Limits the number of objects per group to the top items within the specified time range. When item count exceeds the limit, extra items appear grouped under an "other" category. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: map[string]` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/$DIMENSION \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "25.084366", "PASS": "50.168733" } }, "success": true } ``` ## Get email security time series grouped by dimension **get** `/radar/email/security/timeseries_groups/{dimension}` Retrieves the distribution of email security metrics grouped by dimension over time. ### Path Parameters - `dimension: "SPAM" or "MALICIOUS" or "SPOOF" or 6 more` Specifies the attribute by which to group the results. - `"SPAM"` - `"MALICIOUS"` - `"SPOOF"` - `"THREAT_CATEGORY"` - `"ARC"` - `"DKIM"` - `"DMARC"` - `"SPF"` - `"TLS_VERSION"` ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limitPerGroup: optional number` Limits the number of objects per group to the top items within the specified time range. When item count exceeds the limit, extra items appear grouped under an "other" category. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { timestamps }` - `timestamps: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/$DIMENSION \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "timestamps": [ "2023-08-08T10:15:00Z" ] } }, "success": true } ``` ## Domain Types ### Security Summary V2 Response - `SecuritySummaryV2Response { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: map[string]` ### Security Timeseries Groups V2 Response - `SecurityTimeseriesGroupsV2Response { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { timestamps }` - `timestamps: array of string` # Top # TLDs ## Get top TLDs by email message volume **get** `/radar/email/security/top/tlds` Retrieves the top TLDs by number of email messages. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### TLD Get Response - `TLDGetResponse { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. # Malicious ## Get top TLDs by email malicious classification **get** `/radar/email/security/top/tlds/malicious/{malicious}` Retrieves the top TLDs by emails classified as malicious or not. ### Path Parameters - `malicious: "MALICIOUS" or "NOT_MALICIOUS"` Malicious classification. - `"MALICIOUS"` - `"NOT_MALICIOUS"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds/malicious/$MALICIOUS \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### Malicious Get Response - `MaliciousGetResponse { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. # Spam ## Get top TLDs by email spam classification **get** `/radar/email/security/top/tlds/spam/{spam}` Retrieves the top TLDs by emails classified as spam or not. ### Path Parameters - `spam: "SPAM" or "NOT_SPAM"` Spam classification. - `"SPAM"` - `"NOT_SPAM"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds/spam/$SPAM \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### Spam Get Response - `SpamGetResponse { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. # Spoof ## Get top TLDs by email spoof classification **get** `/radar/email/security/top/tlds/spoof/{spoof}` Retrieves the top TLDs by emails classified as spoof or not. ### Path Parameters - `spoof: "SPOOF" or "NOT_SPOOF"` Spoof classification. - `"SPOOF"` - `"NOT_SPOOF"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds/spoof/$SPOOF \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### Spoof Get Response - `SpoofGetResponse { meta, top_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of { name, value }` - `name: string` - `value: string` A numeric string. # Summary ## Get email ARC validation summary **get** `/radar/email/security/summary/arc` Retrieves the distribution of emails by ARC (Authenticated Received Chain) validation. ### Query Parameters - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/arc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Get email DKIM validation summary **get** `/radar/email/security/summary/dkim` Retrieves the distribution of emails by DKIM (DomainKeys Identified Mail) validation. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/dkim \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Get email DMARC validation summary **get** `/radar/email/security/summary/dmarc` Retrieves the distribution of emails by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/dmarc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Get email malicious classification summary **get** `/radar/email/security/summary/malicious` Retrieves the distribution of emails by malicious classification. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { MALICIOUS, NOT_MALICIOUS }` - `MALICIOUS: string` A numeric string. - `NOT_MALICIOUS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/malicious \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "MALICIOUS": "10", "NOT_MALICIOUS": "10" } }, "success": true } ``` ## Get email spam classification summary **get** `/radar/email/security/summary/spam` Retrieves the proportion of emails by spam classification (spam vs. non-spam). ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { NOT_SPAM, SPAM }` - `NOT_SPAM: string` A numeric string. - `SPAM: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/spam \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "NOT_SPAM": "10", "SPAM": "10" } }, "success": true } ``` ## Get email SPF validation summary **get** `/radar/email/security/summary/spf` Retrieves the distribution of emails by SPF (Sender Policy Framework) validation. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/spf \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "FAIL": "10", "NONE": "10", "PASS": "10" } }, "success": true } ``` ## Get email threat category summary **get** `/radar/email/security/summary/threat_category` Retrieves the distribution of emails by threat categories. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { BrandImpersonation, CredentialHarvester, IdentityDeception, Link }` - `BrandImpersonation: string` A numeric string. - `CredentialHarvester: string` A numeric string. - `IdentityDeception: string` A numeric string. - `Link: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/threat_category \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "BrandImpersonation": "10", "CredentialHarvester": "10", "IdentityDeception": "10", "Link": "10" } }, "success": true } ``` ## Get email spoof classification summary **get** `/radar/email/security/summary/spoof` Retrieves the proportion of emails by spoof classification (spoof vs. non-spoof). ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { NOT_SPOOF, SPOOF }` - `NOT_SPOOF: string` A numeric string. - `SPOOF: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/spoof \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "NOT_SPOOF": "10", "SPOOF": "10" } }, "success": true } ``` ## Get email TLS version summary **get** `/radar/email/security/summary/tls_version` Retrieves the distribution of emails by TLS version. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3" }` - `"TLS 1.0": string` A numeric string. - `"TLS 1.1": string` A numeric string. - `"TLS 1.2": string` A numeric string. - `"TLS 1.3": string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/summary/tls_version \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "summary_0": { "TLS 1.0": "10", "TLS 1.1": "10", "TLS 1.2": "10", "TLS 1.3": "10" } }, "success": true } ``` ## Domain Types ### Summary ARC Response - `SummaryARCResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. ### Summary DKIM Response - `SummaryDKIMResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. ### Summary DMARC Response - `SummaryDMARCResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. ### Summary Malicious Response - `SummaryMaliciousResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { MALICIOUS, NOT_MALICIOUS }` - `MALICIOUS: string` A numeric string. - `NOT_MALICIOUS: string` A numeric string. ### Summary Spam Response - `SummarySpamResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { NOT_SPAM, SPAM }` - `NOT_SPAM: string` A numeric string. - `SPAM: string` A numeric string. ### Summary SPF Response - `SummarySPFResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: RadarEmailSummary` - `FAIL: string` A numeric string. - `NONE: string` A numeric string. - `PASS: string` A numeric string. ### Summary Threat Category Response - `SummaryThreatCategoryResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { BrandImpersonation, CredentialHarvester, IdentityDeception, Link }` - `BrandImpersonation: string` A numeric string. - `CredentialHarvester: string` A numeric string. - `IdentityDeception: string` A numeric string. - `Link: string` A numeric string. ### Summary Spoof Response - `SummarySpoofResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { NOT_SPOOF, SPOOF }` - `NOT_SPOOF: string` A numeric string. - `SPOOF: string` A numeric string. ### Summary TLS Version Response - `SummaryTLSVersionResponse { meta, summary_0 }` - `meta: { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `summary_0: { "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3" }` - `"TLS 1.0": string` A numeric string. - `"TLS 1.1": string` A numeric string. - `"TLS 1.2": string` A numeric string. - `"TLS 1.3": string` A numeric string. # Timeseries Groups ## Get email ARC validation time series **get** `/radar/email/security/timeseries_groups/arc` Retrieves the distribution of emails by ARC (Authenticated Received Chain) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/arc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Get email DKIM validation time series **get** `/radar/email/security/timeseries_groups/dkim` Retrieves the distribution of emails by DKIM (DomainKeys Identified Mail) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/dkim \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Get email DMARC validation time series **get** `/radar/email/security/timeseries_groups/dmarc` Retrieves the distribution of emails by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/dmarc \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Get email malicious classification time series **get** `/radar/email/security/timeseries_groups/malicious` Retrieves the distribution of emails by malicious classification over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { MALICIOUS, NOT_MALICIOUS }` - `MALICIOUS: array of string` - `NOT_MALICIOUS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/malicious \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "MALICIOUS": [ "10" ], "NOT_MALICIOUS": [ "10" ] } }, "success": true } ``` ## Get email spam classification time series **get** `/radar/email/security/timeseries_groups/spam` Retrieves the distribution of emails by spam classification (spam vs. non-spam) over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { NOT_SPAM, SPAM }` - `NOT_SPAM: array of string` - `SPAM: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/spam \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "NOT_SPAM": [ "10" ], "SPAM": [ "10" ] } }, "success": true } ``` ## Get email SPF validation time series **get** `/radar/email/security/timeseries_groups/spf` Retrieves the distribution of emails by SPF (Sender Policy Framework) validation over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/spf \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "FAIL": [ "10" ], "NONE": [ "10" ], "PASS": [ "10" ] } }, "success": true } ``` ## Get email threat category time series **get** `/radar/email/security/timeseries_groups/threat_category` Retrieves the distribution of emails by threat category over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { BrandImpersonation, CredentialHarvester, IdentityDeception, Link }` - `BrandImpersonation: array of string` - `CredentialHarvester: array of string` - `IdentityDeception: array of string` - `Link: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/threat_category \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "BrandImpersonation": [ "10" ], "CredentialHarvester": [ "10" ], "IdentityDeception": [ "10" ], "Link": [ "10" ] } }, "success": true } ``` ## Get email spoof classification time series **get** `/radar/email/security/timeseries_groups/spoof` Retrieves the distribution of emails by spoof classification (spoof vs. non-spoof) over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { NOT_SPOOF, SPOOF }` - `NOT_SPOOF: array of string` - `SPOOF: array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/spoof \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "NOT_SPOOF": [ "10" ], "SPOOF": [ "10" ] } }, "success": true } ``` ## Get email TLS version time series **get** `/radar/email/security/timeseries_groups/tls_version` Retrieves the distribution of emails by TLS version over time. ### Query Parameters - `aggInterval: optional "15m" or "1h" or "1d" or "1w"` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"15m"` - `"1h"` - `"1d"` - `"1w"` - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` ### Returns - `result: { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3" }` - `"TLS 1.0": array of string` - `"TLS 1.1": array of string` - `"TLS 1.2": array of string` - `"TLS 1.3": array of string` - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/timeseries_groups/tls_version \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "aggInterval": "FIFTEEN_MINUTES", "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z" } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "serie_0": { "TLS 1.0": [ "10" ], "TLS 1.1": [ "10" ], "TLS 1.2": [ "10" ], "TLS 1.3": [ "10" ] } }, "success": true } ``` ## Domain Types ### Timeseries Group ARC Response - `TimeseriesGroupARCResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Timeseries Group DKIM Response - `TimeseriesGroupDKIMResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Timeseries Group DMARC Response - `TimeseriesGroupDMARCResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Timeseries Group Malicious Response - `TimeseriesGroupMaliciousResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { MALICIOUS, NOT_MALICIOUS }` - `MALICIOUS: array of string` - `NOT_MALICIOUS: array of string` ### Timeseries Group Spam Response - `TimeseriesGroupSpamResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { NOT_SPAM, SPAM }` - `NOT_SPAM: array of string` - `SPAM: array of string` ### Timeseries Group SPF Response - `TimeseriesGroupSPFResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: RadarEmailSeries` - `FAIL: array of string` - `NONE: array of string` - `PASS: array of string` ### Timeseries Group Threat Category Response - `TimeseriesGroupThreatCategoryResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { BrandImpersonation, CredentialHarvester, IdentityDeception, Link }` - `BrandImpersonation: array of string` - `CredentialHarvester: array of string` - `IdentityDeception: array of string` - `Link: array of string` ### Timeseries Group Spoof Response - `TimeseriesGroupSpoofResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { NOT_SPOOF, SPOOF }` - `NOT_SPOOF: array of string` - `SPOOF: array of string` ### Timeseries Group TLS Version Response - `TimeseriesGroupTLSVersionResponse { meta, serie_0 }` - `meta: { aggInterval, confidenceInfo, dateRange, 3 more }` Metadata for the results. - `aggInterval: "FIFTEEN_MINUTES" or "ONE_HOUR" or "ONE_DAY" or 2 more` Aggregation interval of the results (e.g., in 15 minutes or 1 hour intervals). Refer to [Aggregation intervals](https://developers.cloudflare.com/radar/concepts/aggregation-intervals/). - `"FIFTEEN_MINUTES"` - `"ONE_HOUR"` - `"ONE_DAY"` - `"ONE_WEEK"` - `"ONE_MONTH"` - `confidenceInfo: { annotations, level }` - `annotations: array of { dataSource, description, endDate, 4 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of { name, value }` Measurement units for the results. - `name: string` - `value: string` - `serie_0: { "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3" }` - `"TLS 1.0": array of string` - `"TLS 1.1": array of string` - `"TLS 1.2": array of string` - `"TLS 1.3": array of string`