The Sublime Platform API allows you to interact with your Sublime deployment programmatically.
Here are some ways you can use the API:
- Trash malicious messages from your SOAR
- Update a List containing malicious attachment hashes using threat intel
- Enrich alerts (e.g. a JIRA or ServiceNow ticket) with message metadata or screenshots
The API is organized around REST and has predictable resource-oriented URLs, accepts JSON request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
Your Base URL
Your Base URL is the location you send API requests.
In this example, the Base URL is https://platform.sublime.security/, which is the URL for some Sublime Cloud customers. Base URLs depend on deployment type and region, so head to Automate > API on your Dashboard to see your Base URL.
Other Base URL's include:
- NA-East:
https://platform.sublime.security - NA-West:
https://na-west.platform.sublime.security - Canada:
https://ca.platform.sublime.security - UK (London):
https://uk.platform.sublime.security - Europe (Dublin):
https://eu.platform.sublime.security - Australia:
https://au.platform.sublime.security
Using with webhooks
The Sublime API and Sublime's webhooks go together like warm chocolate chip cookies and cold, cold milk. Use webhooks to receive notifications when a message is flagged, and use the API to take actions like adding message details to a Jira ticket and providing the option to trash a message directly from that ticket.
Request IDs
Every Sublime API response includes a header called X-Request-ID. Clients communicating with the Sublime API should log this request ID, so that it can be included in any support requests.