Message Release Logs

In this guide:

Description
Pre-requisites
URI
Request Headers
Request Body
Response
Sample Code

Description

This endpoint can be used to find messages that were either released to the recipient, with details about the user that processed the release. These logs also include messages that expired in the held queue, and were dropped by Mimecast housekeeping services.

Pre-requisites

In order to successfully use this endpoint the logged in user must be a Mimecast administrator with at least the Monitoring | Held | Read permission.

URI

To use this endpoint you send a POST request to:

/api/gateway/get-held-release-logs

Request Headers

The following request headers must be included in your request:

Field	Description
Authorization	Please see the Authorization guide for more information on building the Authorization header.
x-mc-req-id	A randomly generated GUID, for example, `8578FCFC-A305-4D9A-99CB-F4D5ECEFE297`
x-mc-app-id	The Application ID provided with your Registered API Application.
x-mc-date	The current date and time in the following format, for example, `Tue, 24 Nov 2015 12:50:11 UTC`

Request Body

{
  "meta": {
    "pagination": {
      "pageSize": 25,
      "pageToken": "String"
    }
  },
  "data": [
    {
      "searchBy": {
        "fieldName": "heldReason",
        "value": "High-Confidence Impersonation Protection"
      },
      "filterBy": [
        {
          "fieldName": "route",
          "value": "inbound"
        }
      ],
      "start": "2015-11-16T14:49:18+00:00",
      "end": "2015-11-25T14:49:18+00:00"
    }
  ]
}

Field	Type	Required	Description
pagination	Object	Optional	An object defining paging options for the request.

Paginiation Object

Field	Type	Required	Description
pageSize	Number	Optional	The number of results to request.
pageToken	String	Optional	The value of the 'next' or 'previous' fields from an earlier request.

Data

Field	Type	Required	Description
searchBy	Search Object	Optional	Field name and value on which to base search.
filterBy	Array of Filter Objects	Optional	Filters that should be applied to the search results.
start	Date String	Optional	The start date of results to return in ISO 8601 format. Default value is one month before the current date.
end	Date String	Optional	The end date of results to return in ISO 8601 format. Default value is the current date.

Search Object

Field	Type	Required	Description
fieldName	String	Optional	The field on which to be filtered. Possible field names are: all, operator, from, to, subject, info or heldReason
value	String	Optional	The value of which the filter will be applied.

Filter Object

Field	Type	Required	Description
fieldName	String	Optional	The field on which to be filtered. Possible values are: route, status or attachments.
value	String	Optional	The value of which the filter will be applied. Possible values for route are: all, internal, outbound, inbound or external. Possible values for status are: released or rejected. Possible values for attachments are: true or false.

Response

{
  "fail": [],
  "meta": {
    "status": 200,
    "pagination": {
      "pageSize": 25,
      "next": "String",
      "previous": "String"
    }
  },
  "data": [
    {
      "heldReleaseLogs": [
        {
          "spamProcessingDetail": {
            "greyEmail": true,
            "permittedSender": {
              "allow": true,
              "info": "allow"
            },
            "managedSender": {
              "allow": true,
              "info": "allow"
            },
            "dkim": {
              "allow": true,
              "info": "allow"
            },
            "spf": {
              "allow": true,
              "info": "allow"
            },
            "rbl": {
              "allow": true,
              "info": "allow"
            },
            "dmarc": {
              "allow": true,
              "info": "allow"
            },
            "spamVerdict": {
              "decision": "spam",
              "description": "",
              "risk": "low",
              "categories": [
                {
                  "name": "spam",
                  "risk": "low",
                  "subcategories": [
                    {
                      "name": "phishing",
                      "risk": "low",
                      "augmentations": [
                        {
                          "name": "body",
                          "risk": "negligible"
                        }
                      ]
                    }
                  ]
                }
              ]
            }
          },
          "attachments": true,
          "messageInfo": "Expired in queue - rejected by housekeeping",
          "subject": "Exclusive Offer - You don't want to miss this!",
          "detectionLevel": "moderate",
          "heldGroup": "IT Staff Global",
          "operator": "admin@domain.tld",
          "fromEnv": {
            "emailAddress": "user@domain.tld",
            "displayableName": "FirstName LastName"
          },
          "rejectReason": "Message contains undesirable content",
          "route": "inbound",
          "size": 5043,
          "heldReason": "High-Confidence Impersonation Protection",
          "spamScore": 12,
          "id": "eNpVj21LhEAUhf_LfN2VnRl1RpclCN...",
          "to": [
            {
              "emailAddress": "user@domain.tld",
              "displayableName": "FirstName LastName"
            }
          ],
          "released": "2015-11-25T14:49:18+00:00",
          "fromHdr": {
            "emailAddress": "user@domain.tld",
            "displayableName": "FirstName LastName"
          },
          "status": "released",
          "policy": "Moderate Spam Detection"
        }
      ]
    }
  ]
}

Field	Type	Description
status	Number	The function level status of the request.
pagination	Object	An object containing paging information.

Pagination Object

Field	Type	Description
pageSize	Number	The number of results requested.
next	String	A pageToken value that can be used to request the next page of results. Only returned if there are more results to return.
previous	String	A pageToken value that can be used to request the previous page of results. Only returned if there is a previous page.

data

Field	Type	Description
heldReleaseLogs	Array of released Objects	The resulting messages that match the search and filter queries.

Released Object

Field	Type	Description
spamProcessingDetail	Spam Processing Detail Object	Object containing the spam, sender validation and managed sender scan results.
attachments	Boolean	Indicates whether the message contains attachments.
messageInfo	String	Additional information around the release reason.
subject	String	The released message's subject line.
detectionLevel	String	Spam detection level, if held by a spam policy. Possible values are: relaxed, moderate, aggressive, cluster or whitelisted_cluster
heldGroup	String	The recipient group of the held message, if message was sent to a group.
operator	String	Email address of the user that released the message.
fromEnv	Email Address Object	Envelope from address information
rejectReason	String	Detail on the reason a message was rejected, if message was rejected.
route	String	Message direction. Possible values are: inbound or outbound.
size	Number	Total size of the message, in bytes.
heldReason	String	Detail around the reason the message was initially held. If held by a specific policy definition, this will be the name of the policy definition that triggered the message to be held.
spamScore	Number	The message spam score, based on the applied spam scanning policy definition.
id	String	The Mimecast secure ID of the specific message release log.
to	Array of Email Address Objects	Envelope from address information
released	Date String	Timestamp of the message release action in ISO 8601 format.
fromHdr	Email Address Object	Header from address information
status	String	Status of the message. Possible values are released or rejected.
policy	String	Name of the policy definition that triggered the message to be held.

Spam Processing Detail Object

Field	Type	Description
greyEmail	Boolean	Indicates with the spam was classified as graymail or bulk. Note that this API uses graymail and greymail interchangeably.
permittedSender	Information Object	Indicates if the sender has been permitted by policy.
managedSender	Information Object	Indicates if the sender has been permitted by a Managed Sender entry.
dkim	Information Object	Indicates if the message passed DKIM checks.
spf	Information Object	Indicates if the message passed SPF checks.
rbl	Information Object	Indicates if the message passed RBL checks.
dmarc	Information Object	Indicates if the message passed DMARC checks.
spamVerdict	Spam Verdict Object	Information about the spam scanning results.

Email Address Object

Field	Type	Description
emailAddress	String	The routable email address of the user
displayableName	String	Display name of the user address. If none exists, this field will be empty.

Spam Verdict Object

Field	Type	Description
decision	String	Indicating what the ultimate verdict was for the message.
description	String	Description of the spam verdict decision.
risk	String	Identified risk level within the spam detection. Possible values are: negligible, low, high.
categories	Array of Category Objects	Spam detection type categories

Spam Category Object

Field	Type	Description
name	String	Name of the scanning category. Possible values are spam, phishing or graymail. Note that this API uses graymail and greymail interchangeably.
risk	String	Identified risk level within the category detection. Possible values are: negligible, low, high.
subcategories	Array of Spam Subcategory Objects	Additional category information under the high-level category.

Spam Subcategory Object

Field	Type	Description
name	String	Name of the scanning subcategory.
risk	String	Identified risk level within the subcategory detection. Possible values are: negligible, low, high.
augmentations	Array of Augmentation Objects	Component of the message where this subcategory was identified.

Augmentation Object

Field	Type	Description
name	String	Name of the message component.
risk	String	Identified risk level within the component scanning. Possible values are: negligible, low, high.

Information Object

Field	Type	Description
allow	Boolean	Indicates if this check was performed.
info	String	Details about the check result.

Sample Code

Sample code is provided to demonstrate how to use the API and is not representative of a production application. To use the sample code; complete the required variables as described, populate the desired values in the request body, and execute in your favorite IDE. Please see the Global Base URL's page to find the correct base URL to use for your account.

POST {base_url}/api/gateway/get-held-release-logs
Authorization: MC {accesskKey}:{Base64 encoded signed Data To Sign}
x-mc-date: {dateTime}
x-mc-req-id: {unique id}
x-mc-app-id: {applicationId}
Content-Type: application/json
Accept: application/json

{
  "meta": {
    "pagination": {
      "pageSize": 25,
      "pageToken": "String"
    }
  },
  "data": [
    {
      "searchBy": {
        "fieldName": "heldReason",
        "value": "High-Confidence Impersonation Protection"
      },
      "filterBy": [
        {
          "fieldName": "route",
          "value": "inbound"
        }
      ],
      "start": "2015-11-16T14:49:18+00:00",
      "end": "2015-11-25T14:49:18+00:00"
    }
  ]
}

import base64
import hashlib
import hmac
import uuid
import datetime
import requests

# Setup required variables
base_url = "https://xx-api.mimecast.com"
uri = "/api/gateway/get-held-release-logs"
url = base_url + uri
access_key = "YOUR ACCESS KEY"
secret_key = "YOUR SECRET KEY"
app_id = "YOUR APPLICATION ID"
app_key = "YOUR APPLICATION KEY"

# Generate request header values
request_id = str(uuid.uuid4())
hdr_date = datetime.datetime.utcnow().strftime("%a, %d %b %Y %H:%M:%S") + " UTC"

# DataToSign is used in hmac_sha1
dataToSign = ':'.join([hdr_date, request_id, uri, app_key])

# Create the HMAC SHA1 of the Base64 decoded secret key for the Authorization header
hmac_sha1 = hmac.new(base64.b64decode(secret_key), dataToSign.encode(), digestmod=hashlib.sha1).digest()

# Use the HMAC SHA1 value to sign the hdrDate + ":" requestId + ":" + URI + ":" + appkey
sig = base64.b64encode(hmac_sha1).rstrip()

# Create request headers
headers = {
    'Authorization': 'MC ' + access_key + ':' + sig.decode(),
    'x-mc-app-id': app_id,
    'x-mc-date': hdr_date,
    'x-mc-req-id': request_id,
    'Content-Type': 'application/json'
}

payload = {
  'meta': {
    'pagination': {
      'pageSize': 25,
      'pageToken': 'String'
    }
  },
  'data': [
    {
      'searchBy': {
        'fieldName': 'heldReason',
        'value': 'High-Confidence Impersonation Protection'
      },
      'filterBy': [
        {
          'fieldName': 'route',
          'value': 'inbound'
        }
      ],
      'start': '2015-11-16T14:49:18+00:00',
      'end': '2015-11-25T14:49:18+00:00'
    }
  ]
}

r = requests.post(url=url, headers=headers, data=str(payload))

print(r.text)

static void Main(string[] args)
        {
            //Setup required variables
            string baseUrl = "https://xx-api.mimecast.com";
            string uri = "/api/gateway/get-held-release-logs";
            string accessKey = "YOUR ACCESS KEY";
            string secretKey = "YOUR SECRET KEY";
            string appId = "YOUR APPLICATION ID";
            string appKey = "YOUR APPLICATION KEY";

            //Generate request header values
            string hdrDate = System.DateTime.Now.ToUniversalTime().ToString("R");
            string requestId = System.Guid.NewGuid().ToString();

            //Create the HMAC SHA1 of the Base64 decoded secret key for the Authorization header
            System.Security.Cryptography.HMAC h = new System.Security.Cryptography.HMACSHA1(System.Convert.FromBase64String(secretKey));

            //Use the HMAC SHA1 value to sign the hdrDate + ":" requestId + ":" + URI + ":" + appkey
            byte[] hash = h.ComputeHash(System.Text.Encoding.Default.GetBytes(hdrDate + ":" + requestId + ":" + uri + ":" + appKey));

            //Build the signature to be included in the Authorization header in your request
            string signature = "MC " + accessKey + ":" + System.Convert.ToBase64String(hash);

            //Build Request
            System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(baseUrl + uri);
            request.Method = "POST";
            request.ContentType = "application/json";

            //Add Headers
            request.Headers[System.Net.HttpRequestHeader.Authorization] = signature;
            request.Headers.Add("x-mc-date", hdrDate);
            request.Headers.Add("x-mc-req-id", requestId);
            request.Headers.Add("x-mc-app-id", appId);

            //Add request body
            //Create and write data to stream
            string postData = @"{
  ""meta"": {
    ""pagination"": {
      ""pageSize"": 25,
      ""pageToken"": ""String""
    }
  },
  ""data"": [
    {
      ""searchBy"": {
        ""fieldName"": ""heldReason"",
        ""value"": ""High-Confidence Impersonation Protection""
      },
      ""filterBy"": [
        {
          ""fieldName"": ""route"",
          ""value"": ""inbound""
        }
      ],
      ""start"": ""2015-11-16T14:49:18+00:00"",
      ""end"": ""2015-11-25T14:49:18+00:00""
    }
  ]
}";

            byte[] payload = System.Text.Encoding.UTF8.GetBytes(postData);

            System.IO.Stream stream = request.GetRequestStream();
            stream.Write(payload, 0, payload.Length);
            stream.Close();

            //Send Request
            System.Net.HttpWebResponse response = (System.Net.HttpWebResponse)request.GetResponse();

            //Output response to console
            System.IO.StreamReader reader = new System.IO.StreamReader(response.GetResponseStream());
            string responseBody = "";
            string temp = null;
            while ((temp = reader.ReadLine()) != null)
            {
                responseBody += temp;
            };
            System.Console.WriteLine(responseBody);
            System.Console.ReadLine();
        }

#Setup required variables
$baseUrl = "https://xx-api.mimecast.com"
$uri = "/api/gateway/get-held-release-logs"
$url = $baseUrl + $uri
$accessKey = "YOUR ACCESS KEY"
$secretKey = "YOUR SECRET KEY"
$appId = "YOUR APPLICATION ID"
$appKey = "YOUR APPLICATION KEY"

#Generate request header values
$hdrDate = (Get-Date).ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss UTC")
$requestId = [guid]::NewGuid().guid

#Create the HMAC SHA1 of the Base64 decoded secret key for the Authorization header
$sha = New-Object System.Security.Cryptography.HMACSHA1
$sha.key = [Convert]::FromBase64String($secretKey)
$sig = $sha.ComputeHash([Text.Encoding]::UTF8.GetBytes($hdrDate + ":" + $requestId + ":" + $uri + ":" + $appKey))
$sig = [Convert]::ToBase64String($sig)

#Create Headers
$headers = @{"Authorization" = "MC " + $accessKey + ":" + $sig;
                "x-mc-date" = $hdrDate;
                "x-mc-app-id" = $appId;
                "x-mc-req-id" = $requestId;
                "Content-Type" = "application/json"}

#Create post body
$postBody = "{
  ""meta"": {
    ""pagination"": {
      ""pageSize"": 25,
      ""pageToken"": ""String""
    }
  },
  ""data"": [
    {
      ""searchBy"": {
        ""fieldName"": ""heldReason"",
        ""value"": ""High-Confidence Impersonation Protection""
      },
      ""filterBy"": [
        {
          ""fieldName"": ""route"",
          ""value"": ""inbound""
        }
      ],
      ""start"": ""2015-11-16T14:49:18+00:00"",
      ""end"": ""2015-11-25T14:49:18+00:00""
    }
  ]
}"

#Send Request
$response = Invoke-RestMethod -Method Post -Headers $headers -Body $postBody -Uri $url

#Print the response
$response

public static void main(String[] args) throws java.io.IOException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException {

        //set up variables for request
        String baseUrl = "https://xx-api.mimecast.com";
        String uri = "/api/gateway/get-held-release-logs";
        String url = "https://" + baseUrl + uri;
        String accessKey = "YOUR ACCESS KEY";
        String secretKey = "YOUR SECRET KEY";
        String appId = "YOUR APPLICATION ID";
        String appKey = "YOUR APPLICATION KEY";

        //create URL object
        java.net.URL obj = new java.net.URL(url);

        // set guid for x-mc-req-id header
        String guid = java.util.UUID.randomUUID().toString();

        // set date for x-mc-date header
        java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z");
        sdf.setTimeZone(java.util.TimeZone.getTimeZone("UTC"));
        String date = sdf.format(new java.util.Date());

        //create signature for the Authorization header
        String dataToSign = date + ":" + guid + ":" + uri + ":" + appKey;
        String hmacSHA1 = "HmacSHA1";
        javax.crypto.spec.SecretKeySpec signingKey = new javax.crypto.spec.SecretKeySpec(org.apache.commons.codec.binary.Base64.decodeBase64(secretKey.getBytes()), hmacSHA1);
        javax.crypto.Mac mac = javax.crypto.Mac.getInstance(hmacSHA1);
        mac.init(signingKey);
        String sig = new String(org.apache.commons.codec.binary.Base64.encodeBase64(mac.doFinal(dataToSign.getBytes())));

        // create request object
        javax.net.ssl.HttpsURLConnection con = (javax.net.ssl.HttpsURLConnection) obj.openConnection();

        //set request type to POST
        con.setRequestMethod("POST");
        con.setDoOutput(true);

        //add reuqest headers
        con.setRequestProperty("Authorization", "MC " + accessKey + ":" + sig);
        con.setRequestProperty("x-mc-req-id", guid);
        con.setRequestProperty("x-mc-app-id", appId);
        con.setRequestProperty("x-mc-date", date);
        con.setRequestProperty("Content-Type", "application/json");
        con.setRequestProperty("Accept", "application/json");

        //Add post body to the request
        String postBody = "{\n" +
"  \"meta\": {\n" +
"    \"pagination\": {\n" +
"      \"pageSize\": 25,\n" +
"      \"pageToken\": \"String\"\n" +
"    }\n" +
"  },\n" +
"  \"data\": [\n" +
"    {\n" +
"      \"searchBy\": {\n" +
"        \"fieldName\": \"heldReason\",\n" +
"        \"value\": \"High-Confidence Impersonation Protection\"\n" +
"      },\n" +
"      \"filterBy\": [\n" +
"        {\n" +
"          \"fieldName\": \"route\",\n" +
"          \"value\": \"inbound\"\n" +
"        }\n" +
"      ],\n" +
"      \"start\": \"2015-11-16T14:49:18+00:00\",\n" +
"      \"end\": \"2015-11-25T14:49:18+00:00\"\n" +
"    }\n" +
"  ]\n" +
"}";
        java.io.OutputStream os = con.getOutputStream();
        os.write(postBody.getBytes("UTF-8"));
        os.close();

        //process response
        java.io.BufferedReader in = new java.io.BufferedReader(
                new java.io.InputStreamReader(con.getInputStream()));
        String inputLine;
        StringBuffer response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();

        //return result
        java.lang.System.out.println(response.toString());
    }