The Sublime Platform API allows you to interact with your Sublime deployment programmatically.
Here are some ways you can use the API:
- Trash malicious messages from your SOAR
- Update a List containing malicious attachment hashes using threat intel
- Enrich alerts (e.g. a JIRA or ServiceNow ticket) with message metadata or screenshots
The API is organized around REST and has predictable resource-oriented URLs, accepts JSON request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
Your Base URL
Your Base URL is the location you send API requests. Click Developer in the left-hand navigation to see your Base URL.
In these docs, you'll notice the Base URL is https://platform.sublime.security/v0
, which is the URL for Sublime Cloud customers. Depending on your type of deployment, yours may be different.
Using with webhooks
The Sublime API and Sublime's webhooks go together like warm chocolate chip cookies and cold, cold milk. Use webhooks to receive notifications when a message is flagged, and use the API to take actions like adding message details to a Jira ticket and providing the option to trash a message directly from that ticket.
Request IDs
Every Sublime API response includes a header called X-Request-ID
. Clients communicating with the Sublime API should log this request ID, so that it can be included in any support requests.