API
When you choose an API deployment for your Email Security (formerly Area 1) setup, email messages only reach Email Security after they have already reached a user's inbox.
Then, through on integrations with your email provider, Email Security can retract messages based on your organization's policies.
When you choose API deployment, you get the following benefits:
- Easy protection for complex email architectures, without requiring any change to mailflow operations.
- Agentless deployment for Microsoft 365 and Gmail.
- The initial email protection measures offered by your current email provider.
However, API deployment also has the following disadvantages:
- Email Security is dependent on your email provider's API infrastructure and outages will increase the message dwell time in the inbox.
- Email Security requires read and write access to mailboxes.
- Requires API support from your email provider (does not typically support on-premise providers).
- Your email provider may throttle API requests from Email Security.
- Detection rates may be lower if multiple solutions exist.
- Messages cannot be modified or quarantined.
- Certain URL rewrite schemes cannot be decoded (for example, Mimecast).
For help getting started, refer to our setup guides.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark