Mimecast Security

the mimecast security connector facilitates the automation of email security management tasks, such as message tracking, file retrieval, and policy enforcement, directly within the swimlane platform mimecast security offers a robust email security platform designed to protect against advanced threats and data loss this connector enables seamless integration with swimlane turbine, allowing users to automate the retrieval and management of email security data by leveraging mimecast's capabilities, users can enhance incident response, streamline email archive searches, and enforce security policies directly within the swimlane turbine platform prerequisites to effectively utilize the mimecast security connector with swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials for secure authentication url the endpoint url for api access client id your unique identifier for oauth 2 0 authentication client secret a confidential secret key for oauth 2 0 authentication hmac authentication for enhanced security url the endpoint url for api access access key your specific access key for hmac authentication app id the application identifier used in conjunction with hmac app key a unique key assigned to your application for hmac usage secret key the secret associated with your hmac credentials action api permissions below is the table of required api scopes for the set of credentials used in the asset and broken down by action action required api permissions add or remove group members api permissions https //integrations mimecast com/documentation/endpoint reference/directory/add group member/ archive message search api permissions https //integrations mimecast com/documentation/endpoint reference/archive/search/ create managed url api permissions https //integrations mimecast com/documentation/endpoint reference/targeted threat protection url protect/create managed url/ create remediation incident api permissions https //integrations mimecast com/documentation/endpoint reference/threat intel/create incident/ decode url api permissions https //integrations mimecast com/documentation/endpoint reference/targeted threat protection url protect/get managed url/ get archived file attachment api permissions https //integrations mimecast com/documentation/endpoint reference/archive/get file/ get archived message details api permissions https //integrations mimecast com/documentation/endpoint reference/archive/get message detail/ get archived message part api permissions https //integrations mimecast com/documentation/endpoint reference/archive/get message part/ get archived messages list api permissions https //integrations mimecast com/documentation/endpoint reference/archive/get message list/ get archived search logs api permissions https //integrations mimecast com/documentation/endpoint reference/logs and statistics/get archive search logs/ get group members api permissions https //integrations mimecast com/documentation/endpoint reference/directory/get group members/ get groups api permissions https //integrations mimecast com/documentation/endpoint reference/directory/find groups/ get file api permissions https //integrations mimecast com/documentation/endpoint reference/message queues/get file/ get held messages list api permissions https //integrations mimecast com/documentation/endpoint reference/message queues/get hold message list/ get ttp impersonation protect logs api permissions https //integrations mimecast com/documentation/endpoint reference/logs and statistics/get ttp impersonation protect logs/ get inbound & output message queue hold list api permissions https //integrations mimecast com/documentation/endpoint reference/message queues/inbound outbound queues/ get incident api permissions https //integrations mimecast com/documentation/endpoint reference/threat intel/get incident/ get managed urls api permissions https //integrations mimecast com/documentation/endpoint reference/targeted threat protection url protect/get managed url/ get message detail api permissions https //integrations mimecast com/documentation/endpoint reference/message queues/get message detail/ get message info api permissions https //integrations mimecast com/documentation/endpoint reference/message finder formally tracking/get message info/ get ttp url logs api permissions https //integrations mimecast com/documentation/endpoint reference/logs and statistics/get ttp url logs/ message finder search api permissions https //integrations mimecast com/documentation/endpoint reference/message finder formally tracking/search/ permit or block sender api permissions https //integrations mimecast com/documentation/endpoint reference/managed sender/ reject message from queue api permissions https //integrations mimecast com/documentation/endpoint reference/message queues/reject message/ release message from queue api permissions https //integrations mimecast com/documentation/endpoint reference/message queues/release message/ capabilities the mimecast connector provides the following capabilities add or remove group members archive message search create managed url create remediation incident decode url get archived file attachment get archived message details get archived message part get archived messages list get archived search logs get file get group members get groups get held messages list get ttp impersonation protect logs and so on additional information about capabilities see the building search queries https //www mimecast com/tech connect/documentation/tutorials/building search queries/ guide for more information on building search queries about address alteration policy updates you must define the input required for your use case in the policy update action the policy update action doesn't require any policy input, which is how mimecast defined this endpoint if no policy input is defined, then the action will fail for more information about all the available inputs, see the official api documentation https //integrations mimecast com/documentation/endpoint reference/policies/address alteration/update policy/ additional notes please provide admin access or required premissions to your mimecast account or credentials wherever applicable to make the connector actions working configurations mimecast hmac authenticates using hmac configuration parameters parameter description type required url a url to the target host string required access key access key string required app id app id string required app key app key string required secret key secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional mimecast oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required client id the client id string required client secret the client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get archived file attachment retrieves a file attachment from an archived message in mimecast security using specified data parameters endpoint url /api/archive/get file method post input argument name type required description data array optional response data id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data urls array url endpoint for the request fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "tue, 16 sep 2025 05 37 26 gmt", "content type" "application/json", "cache control" "no store", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "sameorigin", "referrer policy" "same origin", "x request id" "793b7425 5352 48ef 9b2c eb9a5e4aed6a", "via" "1 1 google", "alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000", "transfer encoding" "chunked" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get archived message details retrieve detailed information about a specific message from mimecast's archive using the provided data parameters endpoint url /api/archive/get message detail method post input argument name type required description data array required response data id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get archived messages list retrieves a list of archived messages for a specified user in mimecast security, requiring a data payload endpoint url /api/archive/get message list method post input argument name type required description meta object optional parameter for get archived messages list pagination object optional parameter for get archived messages list pagetoken string optional parameter for get archived messages list data array optional response data view string required parameter for get archived messages list mailbox string optional parameter for get archived messages list start string optional parameter for get archived messages list end string optional parameter for get archived messages list includedelegates boolean optional parameter for get archived messages list includealiases boolean optional parameter for get archived messages list output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get archived message part retrieves a specific part of an archived message from mimecast using the provided data parameters endpoint url /api/archive/get message part method post input argument name type required description data array required response data mailbox string required parameter for get archived message part context string required parameter for get archived message part id string required unique identifier type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get archived search logs retrieves archived search logs from mimecast security based on specified json body parameters endpoint url /api/archive/get search logs method post input argument name type required description meta object optional parameter for get archived search logs pagination object optional parameter for get archived search logs pagesize number optional parameter for get archived search logs pagetoken string optional parameter for get archived search logs data array optional response data start string optional parameter for get archived search logs end string optional parameter for get archived search logs query string optional parameter for get archived search logs output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value pagination object output field pagination pagesize number output field pagesize totalcount number count value data array response data logs array output field logs createtime string time value emailaddr string output field emailaddr source string output field source searchtext string output field searchtext searchpath string output field searchpath searchreason string response reason phrase isadmin boolean output field isadmin musequery string output field musequery description string output field description fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 24 oct 2022 21 18 56 gmt", "content type" "application/json", "content length" "3360", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] archive search conduct a comprehensive search in mimecast security's archive using specified data parameters endpoint url /api/archive/search method post input argument name type required description meta object optional parameter for archive search pagination object optional parameter for archive search pagetoken string optional parameter for archive search data array required response data admin boolean required parameter for archive search query string required parameter for archive search output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] add group member adds a new member to a specified group within mimecast security using the provided json body endpoint url /api/directory/add group member method post input argument name type required description data array optional response data domain string optional parameter for add group member emailaddress string optional parameter for add group member id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data id string unique identifier folderid string unique identifier emailaddress string output field emailaddress internal boolean output field internal fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 10 oct 2022 16 06 44 gmt", "content type" "application/json", "content length" "606", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "100", "x ratelimit remaining" "99", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get groups retrieve groups from mimecast that match the query parameters specified in the provided json body data endpoint url /api/directory/find groups method post input argument name type required description meta object optional parameter for get groups pagination object optional parameter for get groups pagesize number optional parameter for get groups pagetoken string optional parameter for get groups data array required response data query string optional parameter for get groups source string optional parameter for get groups output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value pagination object output field pagination pagesize number output field pagesize totalcount number count value next string output field next data array response data source string output field source folders array output field folders id string unique identifier description string output field description source string output field source parentid string unique identifier usercount number count value foldercount number count value fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 10 oct 2022 20 21 32 gmt", "content type" "application/json", "content length" "6293", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get group members retrieves a list of members for a specified group in mimecast security using the provided json body endpoint url /api/directory/get group members method post input argument name type required description data array optional response data id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value pagination object output field pagination pagesize number output field pagesize totalcount number count value data array response data groupmembers array output field groupmembers emailaddress string output field emailaddress name string name of the resource internal boolean output field internal domain string output field domain type string type of the resource fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 10 oct 2022 20 37 01 gmt", "content type" "application/json", "content length" "245", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "0" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] remove group member removes specified members from a mimecast security group using the provided json body for configuration endpoint url /api/directory/remove group member method post input argument name type required description data array optional response data domain string optional parameter for remove group member emailaddress string optional parameter for remove group member id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data id string unique identifier folderid string unique identifier emailaddress string output field emailaddress internal boolean output field internal fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 10 oct 2022 16 06 53 gmt", "content type" "application/json", "content length" "606", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get inbound and outbound message queue hold list retrieves inbound and outbound email queue messages from mimecast security using specified data parameters endpoint url /api/email/get email queues method post input argument name type required description data array required response data start string required parameter for get inbound and outbound message queue hold list end string required parameter for get inbound and outbound message queue hold list output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get held messages list retrieve details of messages on hold in mimecast security using specified criteria within the required data payload endpoint url /api/gateway/get hold message list method post input argument name type required description data array required response data admin boolean optional parameter for get held messages list start string optional parameter for get held messages list searchby object optional parameter for get held messages list fieldname string optional name of the resource value string optional value for the parameter end string optional parameter for get held messages list output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value pagination object output field pagination pagesize number output field pagesize totalcount number count value next string output field next data array response data id string unique identifier reason string response reason phrase reasonid string unique identifier reasoncode string response reason phrase from object output field from emailaddress string output field emailaddress displayablename string name of the resource fromheader object output field fromheader emailaddress string output field emailaddress displayablename string name of the resource to object output field to emailaddress string output field emailaddress displayablename string name of the resource subject string output field subject route string output field route hasattachments boolean output field hasattachments example \[ { "status code" 200, "response headers" { "date" "thu, 13 oct 2022 15 33 09 gmt", "content type" "application/json", "content length" "9520", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get message details retrieve detailed information about a specific message from mimecast using the provided data parameters endpoint url /api/gateway/message/get message detail method post input argument name type required description data array required response data viewtype string optional type of the resource id string required unique identifier context string optional parameter for get message details mailbox string optional parameter for get message details output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] reject message from queue rejects a specific message from the mimecast held queue using the provided data parameters endpoint url /api/gateway/hold reject method post input argument name type required description data array required response data message string optional response message ids array required unique identifier reasontype string optional type of the resource notify boolean optional parameter for reject message from queue output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data id string unique identifier reject boolean output field reject fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "thu, 13 oct 2022 19 54 55 gmt", "content type" "application/json", "content length" "317", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] release message from queue releases a message from mimecast's hold queue using specified data parameters endpoint url /api/gateway/hold release method post input argument name type required description data array required response data id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data id string unique identifier release boolean output field release fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "thu, 13 oct 2022 20 07 50 gmt", "content type" "application/json", "content length" "317", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] create remediation incident initiates a new remediation incident in mimecast security with specified data parameters endpoint url /api/ttp/remediation/v2/create method post input argument name type required description data array required response data reason string required the reason for creating the remediation incident searchby string required the message component in which to search by must be one of 'hash', 'message ids' or 'url' messageids array optional one or more message id to create incident the '<' '>' delimiters are required for each message id hash string optional file hash of an email attachment to create incident end string optional timestamp of the most recent message to remediate if none is provided, will default to the current timestamp format is yyyy mm dd't'hh\ mm \ ssz url string optional url present in an email that should be remediated this field is required when setting searchby field to url should be a decoded, non mimecast rewritten url start string optional timestamp of the earliest messages to remediate if none is provided, will default to last calendar month format is yyyy mm dd't'hh\ mm \ ssz output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get remediation incident retrieve detailed information about a specific remediation incident in mimecast security using the provided data endpoint url /api/ttp/remediation/get incident method post input argument name type required description data array required response data id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] find incidents locate existing remediation incidents in mimecast security with optional search criteria; requires at least one search field endpoint url /api/ttp/remediation/find incidents method post input argument name type required description data array optional response data start string optional parameter for find incidents searchby array optional parameter for find incidents fieldname string optional name of the resource value string optional value for the parameter end string optional parameter for find incidents filterby array optional parameter for find incidents fieldname string optional name of the resource value string optional value for the parameter output parameter type description fail array output field fail file name string name of the resource file string output field file meta object output field meta status number status value data array response data incidents array unique identifier code string output field code successful number whether the operation was successful modified string output field modified reason string response reason phrase id string unique identifier create string output field create identified number unique identifier searchcriteria object output field searchcriteria start string output field start end string output field end filehash string output field filehash failed number output field failed type string type of the resource restored number output field restored example \[ { "json body" { "fail" \[], "meta" {}, "data" \[] } } ] permit or block sender permits or blocks a sender in mimecast security using the specified data endpoint url /api/managedsender/permit or block sender method post input argument name type required description data array required response data action string required parameter for permit or block sender to string required parameter for permit or block sender sender string required parameter for permit or block sender output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data id string unique identifier sender string output field sender to string output field to type string type of the resource fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "thu, 13 oct 2022 18 33 04 gmt", "content type" "application/json", "content length" "370", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] message finder search executes a search within mimecast for messages using specified criteria and returns the matching results endpoint url /api/message finder/search method post input argument name type required description data array required response data advancedtrackandtraceoptions object optional parameter for message finder search from string optional the sending email address or domain of the messages to track senderip string optional the source ip address of messages to track subject string optional the subject of the messages to track to string optional the recipient email address or domain of the messages to track url string optional an url from the email content attachments boolean optional if set to true then searches for emails with attachments end string optional the date and time of the latest message to track, in the following format, 2011 12 03t10 15 30 +0000 messageid string optional the internet message id of the message to track route string optional an array of routes to filter by possible values are internal, outbound and inbound searchreason string optional reason for tracking a email, used for activity tracking purposes start string optional the date and time of the earliest message to track, in the following format, 2011 12 03t10 15 30 +0000 status array optional an array of email status to filter by email status possible values {accepted, processing, bulk processing, delivery, bulk delivery, held, bounced, deferred, rejected and archived} output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get file downloads an email attachment from mimecast's message queue using the provided 'data' parameters endpoint url /api/gateway/message/get file method post input argument name type required description data array required response data id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data urls array url endpoint for the request fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "wed, 11 jun 2025 17 32 48 gmt", "content type" "application/json", "cache control" "no store", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "sameorigin", "referrer policy" "same origin", "x request id" "53346ffa a419 4d9b 957c 33ac460010d9", "via" "1 1 google", "alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000", "transfer encoding" "chunked" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get message info retrieve detailed information about a specific message in mimecast using the provided data parameters endpoint url /api/message finder/get message info method post input argument name type required description data array required response data id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] policy update updates an existing address alteration policy in mimecast security with the provided data parameters endpoint url /api/policy/address alteration/update policy method post input argument name type required description data array required response data policy array optional parameter for policy update frometernal string optional parameter for policy update comment string optional parameter for policy update enforced string optional parameter for policy update description string optional parameter for policy update fromdate string optional date value bidirectional string optional unique identifier toeternal string optional parameter for policy update frompart string optional parameter for policy update todate string optional date value from object optional parameter for policy update attribute object optional parameter for policy update type string optional type of the resource emailaddress string optional parameter for policy update groupid string optional unique identifier emaildomain string optional parameter for policy update enabled string optional parameter for policy update to object optional parameter for policy update attribute object optional parameter for policy update type string optional type of the resource emailaddress string optional parameter for policy update groupid string optional unique identifier emaildomain string optional parameter for policy update override string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data addressalterationsetid string unique identifier id string unique identifier policy object output field policy description string output field description frompart string output field frompart from object output field from type string type of the resource to object output field to type string type of the resource fromtype string type of the resource totype string type of the resource frometernal boolean output field frometernal toeternal boolean output field toeternal fromdate string date value todate string date value override boolean unique identifier bidirectional boolean unique identifier conditions object output field conditions enabled boolean output field enabled enforced boolean output field enforced example \[ { "status code" 200, "response headers" { "date" "wed, 12 oct 2022 20 52 34 gmt", "content type" "application/json", "content length" "1015", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] create block sender policy establishes new blocked sender policies in mimecast security, managing sender and recipient restrictions endpoint url /api/policy/blockedsenders/create policy method post input argument name type required description data array required response data option string optional parameter for create block sender policy policy object optional parameter for create block sender policy bidirectional boolean optional unique identifier comment string optional parameter for create block sender policy conditions object optional parameter for create block sender policy hostnames array optional name of the resource sourceips array optional parameter for create block sender policy spfdomains array optional parameter for create block sender policy description string optional parameter for create block sender policy from object optional parameter for create block sender policy attribute object optional parameter for create block sender policy emailaddress string optional parameter for create block sender policy emaildomain string optional parameter for create block sender policy groupid string optional unique identifier headerdisplayname string optional name of the resource type string optional type of the resource fromdate string optional date value frometernal boolean optional parameter for create block sender policy frompart string optional parameter for create block sender policy override boolean optional unique identifier to object optional parameter for create block sender policy attribute object optional parameter for create block sender policy emailaddress string optional parameter for create block sender policy emaildomain string optional parameter for create block sender policy output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data option string output field option id string unique identifier policy object output field policy description string output field description frompart string output field frompart from object output field from type string type of the resource emaildomain string output field emaildomain to object output field to type string type of the resource emaildomain string output field emaildomain fromtype string type of the resource fromvalue string value for the parameter totype string type of the resource tovalue string value for the parameter fromdate string date value todate string date value override boolean unique identifier bidirectional boolean unique identifier conditions object output field conditions example \[ { "status code" 200, "response headers" { "date" "wed, 12 oct 2022 20 18 19 gmt", "content type" "application/json", "content length" "865", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "100", "x ratelimit remaining" "99", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] create managed url adds a specified url to mimecast's managed list for enhanced targeted threat protection, utilizing provided data parameters endpoint url /api/ttp/url/create managed url method post input argument name type required description data array required response data matchtype string optional type of the resource disablerewrite boolean optional parameter for create managed url action string required parameter for create managed url comment string optional parameter for create managed url disableuserawareness boolean optional parameter for create managed url url string required url endpoint for the request disablelogclick boolean optional parameter for create managed url output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data id string unique identifier scheme string output field scheme domain string output field domain port number output field port path string output field path querystring string output field querystring matchtype string type of the resource action string output field action comment string output field comment disableuserawareness boolean output field disableuserawareness disablerewrite boolean output field disablerewrite disablelogclick boolean output field disablelogclick fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 10 oct 2022 18 06 32 gmt", "content type" "application/json", "content length" "386", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "100", "x ratelimit remaining" "99", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] decode url decodes mimecast's threat protection (ttp) urls to their original form using the 'data' parameter endpoint url /api/ttp/url/decode url method post input argument name type required description data array required response data url string required url endpoint for the request output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value data array response data url string url endpoint for the request success boolean whether the operation was successful fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 10 oct 2022 18 22 06 gmt", "content type" "application/json", "content length" "79", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get managed urls retrieve all managed urls or domains from mimecast security with a specified query using the 'data' parameter endpoint url /api/ttp/url/get all managed urls method post input argument name type required description data array required response data domainorurl string required url endpoint for the request exactmatch boolean optional parameter for get managed urls output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value pagination object output field pagination pagesize number output field pagesize totalcount number count value data array response data id string unique identifier scheme string output field scheme domain string output field domain port number output field port path string output field path querystring string output field querystring matchtype string type of the resource action string output field action comment string output field comment disableuserawareness boolean output field disableuserawareness disablerewrite boolean output field disablerewrite disablelogclick boolean output field disablelogclick fail array output field fail file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "thu, 13 oct 2022 15 46 55 gmt", "content type" "application/json", "content length" "1119", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get ttp url logs fetches log data for urls processed by mimecast's targeted threat protection service using the 'data' parameter endpoint url /api/ttp/url/get logs method post input argument name type required description meta object optional parameter for get ttp url logs pagination object optional parameter for get ttp url logs pagesize number optional parameter for get ttp url logs pagetoken string optional parameter for get ttp url logs data array required response data oldestfirst boolean optional parameter for get ttp url logs from string optional parameter for get ttp url logs route string optional parameter for get ttp url logs to string optional parameter for get ttp url logs scanresult string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta status number status value pagination object output field pagination pagesize number output field pagesize totalcount number count value next string output field next data array response data clicklogs array output field clicklogs useremailaddress string output field useremailaddress fromuseremailaddress string output field fromuseremailaddress url string url endpoint for the request ttpdefinition string output field ttpdefinition subject string output field subject action string output field action adminoverride string unique identifier useroverride string unique identifier scanresult string result of the operation category string output field category sendingip string output field sendingip userawarenessaction string output field userawarenessaction date string date value actions string output field actions route string output field route example \[ { "status code" 200, "response headers" { "date" "thu, 13 oct 2022 17 02 23 gmt", "content type" "application/json; charset=utf 8", "content length" "7778", "connection" "keep alive", "cache control" "no store", "pragma" "no cache", "x robots tag" "noindex, nofollow", "x ratelimit limit" "800", "x ratelimit remaining" "799", "x ratelimit reset" "5000" }, "reason" "ok", "json body" { "meta" {}, "data" \[], "fail" \[] } } ] get ttp impersonation protect logs retrieve logs of impersonation attempts from mimecast security using specified data parameters endpoint url /api/ttp/impersonation/get logs method post input argument name type required description meta object optional parameter for get ttp impersonation protect logs pagination object optional parameter for get ttp impersonation protect logs pagesize number optional parameter for get ttp impersonation protect logs pagetoken string optional parameter for get ttp impersonation protect logs data array required response data oldestfirst boolean optional parameter for get ttp impersonation protect logs taggedmalicious boolean optional parameter for get ttp impersonation protect logs searchfield string optional parameter for get ttp impersonation protect logs identifiers array optional unique identifier query string optional parameter for get ttp impersonation protect logs from string optional parameter for get ttp impersonation protect logs to string optional parameter for get ttp impersonation protect logs actions array optional parameter for get ttp impersonation protect logs output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] response headers header description example alt svc http response header alt svc h3=" 443 "; ma=2592000,h3 29=" 443 "; ma=2592000 cache control directives for caching mechanisms no store connection http response header connection keep alive content length the length of the response body in bytes 865 content type the media type of the resource application/json date the date and time at which the message was originated thu, 13 oct 2022 15 33 09 gmt pragma http response header pragma no cache referrer policy http response header referrer policy same origin strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked via http response header via 1 1 google x frame options http response header x frame options sameorigin x ratelimit limit the number of requests allowed in the current rate limit window 800 x ratelimit remaining the number of requests remaining in the current rate limit window 99 x ratelimit reset the time at which the current rate limit window resets 0 x request id a unique identifier for the request 53346ffa a419 4d9b 957c 33ac460010d9 x robots tag http response header x robots tag noindex, nofollow notes mimecast endpoint reference documentation https //integrations mimecast com/documentation/endpoint reference/mimecast api documentation https //www mimecast com/tech connect/documentation you will need to use a mimecast base url https //community mimecast com/docs/doc 1070 , see the below table to set access/secrets to never expire you must update the authentication cache ttl setting in the service user's effective authentication profile to "never expire " region api endpoint check for update urls australia au api mimecast com https //updates au mimecast com/update/descriptors/mfo/latest https //updates au mimecast com/update/descriptors/mfo/latest europe (excluding germany) eu api mimecast com https //updates uk mimecast com/update/descriptors/mfo/latest https //updates uk mimecast com/update/descriptors/mfo/latest germany de api mimecast com https //updates de mimecast com/update/descriptors/mfo/latest https //updates de mimecast com/update/descriptors/mfo/latest offshore jer api mimecast com https //updates jer mimecast com/update/descriptors/mfo/latest https //updates jer mimecast com/update/descriptors/mfo/latest required api mimecast com n/a used for initial account discovery south africa za api mimecast com https //updates za mimecast com/update/descriptors/mfo/latest https //updates za mimecast com/update/descriptors/mfo/latest united states us api mimecast com https //updates us mimecast com/update/descriptors/mfo/latest https //updates us mimecast com/update/descriptors/mfo/latest