The Sublime Platform API allows you to interact with your Sublime deployment programmatically.

Here are some ways you can use the API:

Trash malicious messages from your SOAR
Update a List containing malicious attachment hashes using threat intel
Enrich alerts (e.g. a JIRA or ServiceNow ticket) with message metadata or screenshots

The API is organized around REST and has predictable resource-oriented URLs, accepts JSON request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

Your Base URL

Your Base URL is the location you send API requests.

In this example, the Base URL is https://platform.sublime.security/, which is the URL for some Sublime Cloud customers. Base URLs depend on deployment type and region, so head to Automate > API on your Dashboard to see your Base URL.

Other Base URL's include:

NA-East: https://platform.sublime.security
NA-West: https://na-west.platform.sublime.security
Canada: https://ca.platform.sublime.security
UK (London): https://uk.platform.sublime.security
Europe (Dublin): https://eu.platform.sublime.security
Australia: https://au.platform.sublime.security

Using with webhooks

The Sublime API and Sublime's webhooks go together like warm chocolate chip cookies and cold, cold milk. Use webhooks to receive notifications when a message is flagged, and use the API to take actions like adding message details to a Jira ticket and providing the option to trash a message directly from that ticket.

Request IDs

Every Sublime API response includes a header called X-Request-ID. Clients communicating with the Sublime API should log this request ID, so that it can be included in any support requests.