The Sublime Platform API allows you to interact with your Sublime deployment programmatically.
Here are some ways you can use the API:
- Trash malicious messages from your SOAR
- Update a List containing malicious attachment hashes using threat intel
- Enrich alerts (e.g. a JIRA or ServiceNow ticket) with message metadata or screenshots
The API is organized around REST and has predictable resource-oriented URLs, accepts JSON request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
You can find our OpenAPI (previously Swagger) schema here and our multi-tenancy API schema here.
Your Base URL
Your Base URL is the location you send API requests.
In this example, the Base URL is https://platform.sublime.security/, which is the URL for some Sublime Cloud customers. Base URLs depend on deployment type and region, so head to Automate > API on your Dashboard to see your Base URL.
Other Base URL's include:
- NA-East:
https://platform.sublime.security - NA-West:
https://na-west.platform.sublime.security - Canada:
https://ca.platform.sublime.security - UK (London):
https://uk.platform.sublime.security - Europe (Dublin):
https://eu.platform.sublime.security - Australia:
https://au.platform.sublime.security
Using with webhooks
The Sublime API and Sublime's webhooks go together like warm chocolate chip cookies and cold, cold milk. Use webhooks to receive notifications when a message is flagged, and use the API to take actions like adding message details to a Jira ticket and providing the option to trash a message directly from that ticket.
Request IDs
Every Sublime API response includes a header called X-Request-ID. Clients communicating with the Sublime API should log this request ID, so that it can be included in any support requests.