Remediation and Reclassification API
The Remediation and Reclassification API allows customers to remediate and reclassify large batches of messages to respond to threats. Customers can remediate and reclassify 100 messages at a time, allowing them to move messages quickly during a large-scale attack that can come in 1000 or more messages across their environment.
Available Remediation and Reclassification API endpoints are:
Americas API endpoint:
https://api.us.etd.cisco.com/v1/messages/move
Europe API endpoint:
https://api.de.etd.cisco.com/v1/messages/move
Australia API endpoint:
https://api.au.etd.cisco.com/v1/messages/move
India API endpoint:
https://api.in.etd.cisco.com/v1/messages/move
UAE API endpoint:
https://api.ae.etd.cisco.com/v1/messages/move
Example of a Remediation and Reclassification API request using CURL:
curl --location --request POST 'https://api.beta.etd.cisco.com/v1/messages/move' \
--header 'Authorization: Bearer eyJhbGciOMxNTQ5In0.fx1ceRhRbOfrky609JQCVpU_f_RACjdADMAOn4aSQGg' \
--header 'x-api-key: apikeyTest’ \
--header 'Content-Type: application/json' \
--data-raw '{"folder":"trash", "verdict":"spam", "ids":["c99f1f30-89ea-4306-bc44-1f9475ffaa1a"]}'
Note:
- The user needs to pass the message IDs as a list separated by commas. They can get the message IDs from the "id" field in the Message Search public API.
- Both "folder" and "verdict" are compulsory in the request body.
- A maximum of 100 message IDs at once can be remediated and reclassified using the API.
Sample Response:
{
"data": {
"messageMoveStatus": [
{
"id": "2",
"queueSuccess": false,
"reason": "message not found"
},
{
"id": "cbfeefa7-f738-4bdd-999a-3993ad92caa9",
"queueSuccess": true
}
],
"messageVerdictStatus": [
{
"id": "2",
"queueSuccess": false,
"reason": "message not found"
},
{
"id": "cbfeefa7-f738-4bdd-999a-3993ad92caa9",
"queueSuccess": true
}
]
}
}
Common error response:
| Case | Error Code |
|---|---|
| All message ids not found | 404 |
| Tenant does not have Microsoft 365 write permission | 403 |