Important
This API is only available upon request to OX Cloud partners who are NOT using our fully OX branded tenants (*.appsuite.cloud)!
Version 1.3
Date:
1. Revision History
Version | Changes | Date |
1.0 | Final complete spec | 2016-12-14 |
1.1 | Add endpoint for filter creation | 2019-08-12 |
1.2 | Added missing endpoint documentation | 2020-10-08 |
1.3 | Add new User Permission API and Brand Permission History API | 2021-05-12 |
2. Introduction
To provide customers the means to integrate their applications, Open-Xchange provides a specific API. This API (called "Customer Integration-API") allows synchroneous access to resources residing within the OX product.
This document specifies the available resources and is intended for a technical audience. Its purpose is to enable software developers to integrate their product with the CI-API.
3. Accessing The API
3.1 API Versioning
The API supports API versioning to assure backwards compatibility in the case of major API changes. This is achieved by including a version identifier in the path used to access the API - e.g.:
/v1/mailboxes/..
The version is incremented for any API change that could break the compatibility of existing client applications - e.g. changed paths or structural changes in JSON requests and responses. The addition of fields to existing JSON responses without structural changes in the JSON document are considered minor changes and may not lead to an incremented API version. Client applications are expected to be implemented in a way that is robust with regards to such minor changes.
3.2 Security
Communication with the API endpoint is secured using HTTPS. API consumers are authenticated using SSL client authentication (client certificates).
3.3 URL Encoding
When accessing the API, special characters need to be encoded using percent-encoding as specified in RFC 3986.
4. API concepts
The API component provides a resource oriented API that follows RESTful principles using a simple UTF-8 encoded JSON format for request and response bodies. Logical resources can be addressed using fixed URLs and accessed using the following HTTP verbs:
- GET: Read a resource
- POST: Create a resource
- PUT: Update a resource
- DELETE: Delete a resource
4.1 Status Codes
Standard HTTP status codes are used to denote the outcome of API requests:
4.1.1 Success Codes
200: OK
201: Resource was created
204: Resource was removed
4.1.2 Client Error Codes
These error codes apply to all specified resources. Actual resource specifications may provide specific error code descriptions, if applicable.
400: The request was invalid (e.g. invalid request format, required parameter is missing, invalid parameters)
401: Request was not authorized
403: Resource access was not allowed
404: A requested resource was not found
4.1.3 Server Error Codes
500: A technichal error occurred on the server side
4.2 Response Format
In case of successful requests for writing operations, the returned responses follow some general rules depending on the used HTTP verb.
4.2.1 Success responses
- POST
- response code 201
- the response body will contain the JSON representation of the created resource including its ID
- the HTTP headers will contain a location header containing the URL of the created resource
- PUT
- response code 200
- the response body will contain the JSON representation of the updated resource
- DELETE
- response code 204
- the response body will contain an empty JSON document
4.2.2 Error responses
In case of a failed requests, the JSON response body will contain detailed error information:
{ "errorCode": "SnapshotService.ValidationError.Snapshot", "errorMessage": "The ssh port is not a number.", "errorId": "2735af1e-2856-4437-80ef-70b6e988a59c" }
Error Fields
- errorCode: The specific error code for the inidvidual backend service (if it is available)
- errorMessage: The detailed error message
- errorId: The unique error ID of the individual backend service (if it is available)
5. Resources
This chapter specifies the relevant REST resources and their usage.
5.1.1 General Rules
The following general rules apply for all described REST resources:
Unless noted otherwise, all specified parameters are mandatory. Omitting a mandatory parameter will result in an error response with status 400 (invalid request).
5.1.2 Field Definitions
Basic Data Definitions
Name | Type | Length | Description | Mandatory/ |
userName | string | 128 | federation ID of the user | M |
password | string | 256 | password of the user for direct imap/pop3/smtp access | M |
displayName | string | 320 | Display name used for sending mail | M |
surname | string | 128 | Surname of the user | M |
givenname | string | 128 | Givenname of the user | M |
primaryEmail | string | 256 | Uniqe email address of the account | M |
5.2 Aliases
This resource represents e-mail aliases associated with mailboxes.
5.2.1 Query alias list of a mailbox (ALIASES)
This resource is used to query the list of email aliases associated with the mailbox of the given user.
Request
GET /v1/mailboxes/<userName>/aliases/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "aliases": [ "address1@example.com", "address2@example.com" ] }
Fields
- aliases: list of aliases
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.2.2 Check availability of an alias (ALIASES_AVAILABLE)
This resource is used to check the availability of the given e-mail alias.
Request
GET /v1/mailboxes/<userName>/aliases/available/<aliasAddress>
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- aliasAddress: the alias to check (String, local part or full email address according to RFC 5322)
Success Response
Body
{ "available": true }
Fields
- available: flag indicating, whether the alias is still available
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or alias address are missing/invalid
- 404: User does not exist
5.2.3 Delete a single alias of a mailbox (ALIASES)
This resource is used to delete an e-mail alias from the mailbox of the given user.
Request
DELETE /v1/mailboxes/<userName>/aliases/<aliasAddress>
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- aliasAddress: the alias e-mail address to delete (String, valid email address according to RFC 5322)
Success Response
Status
204
Error Codes
See: API Concepts for general error information
- 400: User name or alias address are missing/invalid
- 404: User does not exist
5.2.4 Add an alias to a mailbox (ALIASES)
This resource is used to add a new e-mail alias to the mailbox of the given user.
Request
POST /v1/mailboxes/<userName>/aliases/
Body
{ "alias": "username3@domain.com" }
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- alias: the alias to add (String, valid email address according to RFC 5322)
Success Response
Body
{ "aliases": [ "address1@example.com", "address2@example.com", ... ] }
Fields
- aliases: the resulting list of aliases
Status
201
Error Codes
See: API Concepts for general error information
- 400: User name or alias address are missing/invalid
- 404: User does not exist
5.3 Antispam / Block-/Allowlist
This resource represents the antispam settings associated with a mailbox.
5.3.1 Query allowlist filter of a mailbox
This resource is used to query the antispam allowlist of the mailbox of a given user.
Request
GET /v1/mailboxes/<userName>/antispam/whitelist/
Fields
All listed parameters are mandatory.
Success Response
Body
{ "whitelist": [ "address1@example.com", "address2@example.com", ... ] }
Fields
- whitelist: list of whitelited addresses/domains
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.3.2 Delete a single allowlist filter
This resource is used to delete an email address or domain from the antispam allowlist of the mailbox of a given user.
Request
DELETE /v1/mailboxes/<userName>/antispam/whitelist/<emailAdress>
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- emailAddress: the email address to delete (String)
Success Response
Status
204
Error Codes
See: API Concepts for general error information
- 400: User name or email address is missing/invalid
- 404: User does not exist
5.3.3 Query blocklist filter of a mailbox
This resource is used to query the antispam blocklist of the mailbox of a given user.
Request
GET /v1/mailboxes/<userName>/antispam/blacklist/
Fields
All listed parameters are mandatory.
Success Response
Body
{ "blacklist": [ "address1@example.com", "address2@example.com", ... ] }
Fields
- blacklist: list of whitelited addresses/domains
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.3.4 Delete a single blocklist filter
This resource is used to delete an email address or domain from the antispam blocklist of the mailbox of a given user.
Request
DELETE /v1/mailboxes/<userName>/antispam/blacklist/<emailAdress>
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- emailAddress: the email address to delete (String)
Success Response
Status
204
Error Codes
See: API Concepts for general error information
- 400: User name or email address is missing/invalid
- 404: User does not exist
5.4 Authentication
This resource represents the authentication information associated with a mailbox.
Authentication Fields
active | Flag indicating, whether the password is active |
passwordMisentries | Number of password misentries since last successful login |
passwordLastChanged | Timestamp of last password change as java timestamp (miliseconds since epoch) and UTC |
5.4.1 Query authentication information for a mailbox (AUTH)
This resource is used to query authentication information of the mailbox of a given user.
Request
GET /v1/mailboxes/<userName>/auth/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
{ "active": true, "passwordMisentries": 0, "passwordLastChanged": 1465552800000 }
Fields
- active: Flag indicating, whether the password is active
- passwordMisentries: Number of password misentries since last successful login
- passwordLastChanged: Timestamp of last password change as Java timestamp (miliseconds since epoch) and UTC If no data is found in the backend system the fields will be set to 'null'.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing/invalid
- 404: User does not exist
5.4.2 Update password of a mailbox (AUTH)
This resource is used to update the password of the mailbox of a given user.
Request
PUT /v1/mailboxes/<userName>/auth/
Body
{ "password": "topsecret" }
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- password: the password to set (String)
Success Response
Body
{ "active": true, "passwordMisentries": 0, "passwordLastChanged": 1465552800000 }
Fields
- active: Flag indicating, whether the password is active
- passwordMisentries: Number of password misentries since last successful login
- passwordLastChanged: Timestamp of last password change as java timestamp (miliseconds since epoch) and UTC If no data is found in the backend system the fields will be set to 'null'.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or request body are missing/invalid
- 404: User does not exist
5.4.3 Set password hash of a mailbox (PASSWORDHASH)
This resource is used to set the password hash of the mailbox of a given user.
Request
PUT /v1/mailboxes/<userName>/auth/hash
Body
{ "passwordHash": "{HASH_METHOD}<valid_password_hash>" }
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- passwordHash: the password hash to set (has formatted string)
HASH_METHOD: supported values are MD5, SHA, CRYPT, SMD5, SSHA, SSHA384, SSHA512
Success Response
Body
{ "active": true, "passwordMisentries": 0, "passwordLastChanged": 1465552800000 }
Fields
- active: Flag indicating, whether the password is active
- passwordMisentries: Number of password misentries since last successful login
- passwordLastChanged: Timestamp of last password change as java timestamp (miliseconds since epoch) and UTC If no data is found in the backend system the fields will be set to 'null'.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or request body are missing/invalid
- 404: User does not exist
5.5 Filters
This resource represents the e-mail filters associated with a mailbox.
5.5.1 Query filter list of a mailbox (FILTERS)
This resource is used to query the list of e-mail filters of the mailbox of a given user. The returned filters follow the format defined in the OX HTTP API.
Request
GET /v1/mailboxes/<userName>/filters/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "filters": [ { "id": 1, "rulename": "my filter", "active": true, "test": { "id": "true" }, "actioncmds": [{ "id": "size", "comparison": "over", size": 100000 } ] }, { "id": 2, ... } ] }
Fields
- filters: List of mail filters with the following fields:
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.5.2 Create a filter of mailbox (FILTERS)
This resource is used to add a new filter to the mailbox of a given user.
The filter format follows the format defined in the OX HTTP API
Request
POST /v1/mailboxes/<userName>/filters/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "filters": [ { "id": 1, "position": 0, "rulename": "my filter", "active": true, "test": { "id": "true" }, "actioncmds": [{ "id": "size", "comparison": "over", "size": 100000} ] }, { "id": 2, ... } ] }
Fields
- filters: List of mail filters with the following fields:
Status
201
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.5.3 Query redirection filter list of a mailbox (FILTERS_REDIRECT)
This resource is used to query the list of redirection filters of the mailbox of a given user. The resulting filters will only contain redirection filters - i.e. filters that contain an action command of type redirect. All action commands that are not of type redirect will be omitted in the resulting filters.
The returned filters follow the format defined in the OX HTTP API.
Request
GET /v1/mailboxes/<userName>/filters/redirect/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "filters": [ { "actioncmds": [ { "id": "redirect", "to": "test@domain.com" } ], "active": true, "id": 2, "rulename": "autoforward", "test": { "id": "true" } }, { filter 2 } ] }
Fields
- filters: List of mail filters with the following fields:
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.5.4 Delete a single filter of a mailbox (FILTERS)
This resource is used to delete a single e-mail filter from the mailbox of a given user.
Request
DELETE /v1/mailboxes/<userName>/filters/<filterId>
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- filterId: the ID of the filter (Integer)
Success Response
Status
204
Error Codes
See: API Concepts for general error information
- 400: User name or filter are missing/invalid
- 404: User or filter does not exist
5.6 Infostore
This resource represents the content of the OX infostore.
5.6.1 Query folder information
This resource is used to query information about the contents of a folder in the OX infostore. If no folder ID is provided, the content of the root folder of the OX infostore will be returned.
Request
- root folder (INFOSTORE):
GET /v1/mailboxes/<userName>/infostore/
- or specific folder (INFOSTORES):
GET /v1/mailboxes/<userName>/infostore/<folderId>
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- folderId: the ID of the folder (Integer)
Success Response
Body
{ "name": "Images", "id": "111" "parent": "110", "files": [ { "name": "Image1.jpg", "mime-type": "image/jpeg", "size": 145882 }, { "name": "Image.jpg", "mime-type": "image/jpeg", "size": 195876 }, ], "subFolders": [ { "name": "Archive", "id": "112" }, { "name": "Trash", "id": "113" }, ], }
Fields
- name: the folder name
- id: the folder ID
- parent: the parent folder ID
- files: list of files with the following fields:
- name: the file name
- mime-type: the file MIME type
- size: the file size
- subFolders: list of sub folders with the following fields:
- name: the folder name
- id: the folder ID
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or folder ID are missing/invalid
- 404: User does not exist
5.7 Last Login
Last Login Fields
Name | Description |
protocol | The protocol used to access the mailbox. The result list will contain one object for each protocol available on the queried mailbox |
lastAccess | The last access time is returned as java timestamp (miliseconds since epoch) and UTC |
lastAccessIP | The IP address of the last access might be null if it is unknown |
This resource represents mailbox access information of the available protocols.
5.7.1 Query last login information (LAST_LOGIN)
This resource is used to query last access information of a given user.
Request
GET /v1/mailboxes/<userName>/last_login/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "access": [ { "protocol": "POP3", "lastAccess": 1465552800000 "lastAccessIP": "127.0.0.1" }, { "protocol": "IMAP", "lastAccess": 1465552800000 "lastAccessIP": "127.0.0.1" }, { "protocol": "HTTP", "lastAccess": 1465552800000 "lastAccessIP": "127.0.0.1" }, ] }
Fields
protocol: The protocol used to access the mailbox. The result list will contain one object for each protocol available on the queried mailbox
lastAccess: The last access time is returned as java timestamp (miliseconds since epoch) and UTC- lastAccessIP: The IP address of the last access might be null if it is unknown
If no data is found in the backendsystem, the list will be empty.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.8 Mail Accounts
This resource represents the e-mail accounts associated with users.
Mail Account Fields
Name | Description |
ID | ID of the account. The primary OX account is identified by ID 0. |
login | login name of the account |
password | password of the account |
E-mail address of the account | |
incomingUrl | URL of the mail server used to receive mails |
incomingSecure | whether to establish a secure connection to the incoming mail server |
outgoingUrl | URL of the mail server used to send mails |
outgoingSecure | whether to establish a secure connection to the outgoing mail server |
5.8.1 List mail accounts (MAIL_ACCOUNTS)
This resource is used to query the list of e-mail accounts associated with a given user.
Request
GET /v1/mailboxes/<userName>/mail_accounts/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "mailAccounts": [ { "id": 111, "login": "username", "email": "user@domain.com", "incomingUrl": "imap://mail.domain.com", "incomingSecure": true, "outgoingUrl": "smtp://mail.domain.com", "outgoingSecure": true, }, { "id": 112, "login": "username", "email": "user2@domain.com", "incomingUrl": "imap://mail.domain.com", "incomingSecure": true, "outgoingUrl": "smtp://mail.domain.com", "outgoingSecure": true, }, ] }
Fields
- mailAccounts: The list of external mail accounts with the following fields:
- id: the ID of the account. The primary OX account is identified by ID 0.
- login: the login name of the account
- email: the e-mail address of the account
- incomingUrl: the URL of the mail server used to receive mails
- incomingSecure: whether to establish a secure connection to the incoming mail server outgoingUrl: the URL of the mail server used to send mails
- outgoingSecure: whether to establish a secure connection to the outgoing mail server
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.8.2 Delete a mail account (MAIL_ACCOUNTS)
This resource is used to delete the settings of a single e-mail account associated with a given user.
Request
DELETE /v1/mailboxes/<userName>/mail_accounts/<id>
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- id: the ID of the mail account (Integer)
Success Response
Status
204
Error Codes
See: API Concepts for general error information
- 400: User name or account ID are missing
- 404: User does not exist
5.9 Mailboxes
This resource represents mailboxes of users (i.e. OX accounts).
5.9.1 Query an OX account (mailbox) (MAILBOXES)
This resource is used to query information about the mailbox of a given username or email.
Request
GET /v1/mailboxes/<username>
GET /v1/mailboxes?username=<username>
GET /v1/mailboxes?email=<email>
Fields
All listed parameters are mandatory.
- username: the unique ID of the user (String)
or - email: the email of the user (String)
Success Response
Body
{ "userName" : "unique ID", "displayName" : "Joe Smith", "surname" : "Smith", "givenName" : "Joe", "primaryEmail" : "joe.smith@example.com", "classOfService" : "premium" }
Fields
- userName: the unique ID of the user
- displayName: the display name used for sending email
- surname: the surname of the user
- givenName: the given name of the user
- primaryEmail: the unique primary email address of the account
- classOfService: the class of service (String) - might be null if not set
Status
200
Error Codes
See: Chapter 4 - API Concepts for general error information
- 400: User name or email is missing
- 404: User does not exist
5.9.2 Query a single mailbox by e-mail address (MAILBOXES_BY_EMAIL)
This resource is used to search a single mailbox using the primary e-mail address.
Request
GET /v1/mailboxes/by_email/<emailAddress>
Fields
All listed parameters are mandatory.
- emailAddress: the email address to search (String, valid email address according to RFC 5322)
Success Response
Body
{ "userName": "unique ID" }
Fields
- userName: the unique ID of the user
Status
200
Error Codes
See: Chapter 4 - API Concepts for general error information
- 400: Email address is missing/invalid
- 404: User does not exist
5.9.3 Check availability of several e-mail addresses (MAILBOXES_BY_EMAIL)
This resource is used to check the availability of a list of e-mail addresses.
Request
GET /v1/mailboxes/by_email?available=<email-addresses>
Fields
- available: the list of e-mail addresses to query (comma-separated list of valid email addresses according to RFC 5322, must be URL encoded)
Success Response
Body
{ "mail1@example.com" : true, "mail2@example.com" : false, }
Status
200
Error Codes
See: Chapter 4 - API Concepts for general error information
- 400: e-mail address list is missing/invalid
5.10 Mail folders
This resource represents the mail folders associated with mailboxes.
5.10.1 Query unread/recent message count for mailbox (RECENTMESSAGES)
This resource is used to query the total number of unread (recent) messages of all mail folders excluding trash and spam.
Request
GET /v1/mailboxes/<userName>/recentmessages
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "recent": 0 }
Fields
- recent: The total number of unread messages in all folders excluding trash and spam
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.10.2 Query unread/recent messages of a mail folder (RECENTMESSAGES_BY_FOLDER)
This resource is used to query the total number of unread messages of a given mail folder.
Request
GET /mailboxes/<userName>/<folderName>/unread
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- folderName: the name of the folder to query - e.g. INBOX to query the inbox of the user (String)
Success Response
Body
{ "unread": 0 }
Fields
- unread: The total number of unread messages in the queried folder
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or folder name are missing/invalid
- 404: User does not exist
5.11 Out-Of-Office Notice
This resource represents the out-of-office notice of a mailbox.
Out-Of-Office Fields
Name | Description |
message | the message body of the out-of-office notice |
subject | the message subject of the out-of-office notice |
startDate | timestamp of the start date as java timestamp (miliseconds since epoch) and UTC |
endDate | timestamp of the end date as java timestamp (miliseconds since epoch) and UTC |
active | flag indicating, whether the out-of-office notice is active |
5.11.1 Query the out-of-office notice of a mailbox (FILTERS_OUT_OF_OFFICE)
This resource is used to query the out-of-office notice of a given user.
Request
GET /v1/mailboxes/<userName>/filters/out_of_office/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "message": "I'm not in the office currently.", "subject": "Out-of-office notice", "startDate": 1465552800000 , "endDate": 1465552800000, "active": true }
Fields
- message: the message body of the out-of-office notice
- startDate: timestamp of the start date as java timestamp (miliseconds since epoch) and UTC
- endDate: timestamp of the end date as java timestamp (miliseconds since epoch) and UTC
- active: flag indicating, whether the out-of-office notice is active
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.11.2 Update the out-of-office notice of a mailbox (FILTERS_OUT_OF_OFFICE)
This resource is used to update the out-of-office notice of a given user.
Request
PUT /v1/mailboxes/<userName>/filters/out_of_office/
Body
{ "message": "I'm not in the office currently.", "subject": "Out-of-office notice", "startDate": 1465552800000 , "endDate": 1465552800000, "active": true }
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- message: the message body of the out-of-office notice (String)
- startDate: timestamp of the start date as Java timestamp (miliseconds since epoch) and UTC
- endDate: timestamp of the end date as Java timestamp (miliseconds since epoch) and UTC
- active: flag indicating, whether the out-of-office notice is active (Boolean)
Success Response
Body
{ "message": "I'm not in the office currently.", "subject": "Out-of-office notice", "startDate": 1465552800000, "endDate": 1465552800000, "active": true }
Fields
- message: the message body of the out-of-office notice
- startDate: timestamp of the start date as Java timestamp (miliseconds since epoch) and UTC
- endDate: timestamp of the end date as java timestamp (miliseconds since epoch) and UTC
- active: flag indicating, whether the out-of-office notice is active
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or request body are missing/invalid
- 404: User does not exist
5.12 Permissions v1 (deprecated in favor of v2)
This resource represents the access permissions of a mailbox.
Permission Fields
Name | Description |
SEND | user is allowed to send mail |
RECEIVE | user is allowed to receive mail |
MAILLOGIN | user can login using IMAP/PO3 |
WEBLOGIN | user can login to OX webmail |
5.12.1 Query permissions of an OX account (mailbox) (PERMISSIONS)
This resource is used to query the access permissions of the mailbox of a given user.
Request
GET /v1/mailboxes/<userName>/permissions/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "permissions": [ "SEND", "RECEIVE" ] }
Fields
- permissions: The list of permissions of a mailbox.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.12.2 Update permissions of an OX account (mailbox) (PERMISSIONS)
This resource is used to update the access permissions of the mailbox of a given user.
Request
PUT /v1/mailboxes/<userName>/permissions/
Body
{ "permissions": [ "SEND", "RECEIVE" ], "reason": "account unlocked" }
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- permissions: the list of permissions
- reason: the reason for the change
Success Response
Body
{ "permissions": [ "SEND", "RECEIVE" ] }
Fields
- permissions: The list of permissions.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or request body are missing/invalid
- 404: User does not exist
5.13 Permissions v2
This resource represents the access permissions of a mailbox via API v2.
Permission Fields
Name | Description |
SEND | User is allowed to send mail |
RECEIVE | User is allowed to receive mail |
MAILLOGIN | User can login using IMAP/PO3 |
WEBLOGIN | User can login to OX App Suite |
5.13.1 Query permissions of an OX account (mailbox) (PERMISSIONS)
This resource is used to query the access permissions of the mailbox of a given user.
Request
GET /v2/mailboxes/<userName>/permissions/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "enabled": [ "MAILLOGIN", "SEND", "RECEIVE" ], "disabled": [ "WEBLOGIN" ] }
Fields
- enabled: The current enabled permissions of the user
- disabled: The current disabled permissions of the user
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.13.2 Update permissions of an OX account (mailbox) (PERMISSIONS)
This resource is used to update the access permissions of the mailbox of a given user via API v2
Request
PUT /v2/mailboxes/<userName>/permissions/
Body - Enable permissions
{ "enable": [ "SEND", "RECEIVE" ], "reason": "permissions enabled", "clientUser": "unique user id" }
Body - Disable permissions
{ "disable": [ "WEBLOGIN", "MAILLOGIN" ], "reason": "permissions disabled due to misuse", "clientUser": "unique user id" }
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
- enable: the list of permissions that should be enabled
- disable: the list of permissions that should be disabled
- reason: the reason for the change
Success Response
Body - Enable permissions with change
{ "change": { "enabled": ["SEND"] }, "permissions": { "enabled": ["SEND", "RECEIVE", "MAILLOGIN", "WEBLOGIN"], "disabled" : [] } }
Body - Disable permissions with change
{ "change": { "disabled": ["MAILLOGIN", "WEBLOGIN"] }, "permissions": { "enabled": ["SEND", "RECEIVE"], "disabled" : ["MAILLOGIN", "WEBLOGIN"] } }
Body - without change
{ "permissions": { "enabled": [ "SEND", "RECEIVE", "MAILLOGIN" ], "disabled" : [ "WEBLOGIN" ] } }
Fields
- change: Object is optional and describes the actual performed change (if any) of enable or disable specific permissions for the user.
- permissions: The list of permissions.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name or request body are missing/invalid
- 404: User does not exist
5.13.3 Query permission change history of an OX account (mailbox)
This resource is used to query the change history of permissions associated with the mailbox of the given user via API v2.
Request
GET /v2/mailboxes/<userName>/permissions/history
Path-Parameters
Parameter | Format & Range of Values | Mandatory | Description |
---|---|---|---|
userName | String | Yes | The unique ID of the user |
Query-Parameters
A Request of the Permission History can be optionally extended with one or more Query-Parameters
Parameter | Format & Range of Values | Mandatory | Description |
---|---|---|---|
before | ISO-8601 Date-Time | No | Only return permission changes prior to before. |
after | IOS-8601 Date-Time | No | Only return permissio nchanges that occurred after after. |
order | asc, desc | No | Only when using the flat format, order of the entries by the time attribute
|
limit | Integer of 0,... | No | Limits the number of objects that are returned, reduction varies if object or array format is requested:
|
Success Response
A JSON object that contains an array of changes.
Body
{ "changes": [ { "time": "2021-03-26T12:55:32.193Z", "authUser": "brand1", "clientIp": "192.168.0.1", "clientUser": "subsubadmin1", "disabled": [], "enabled": [ "WEBLOGIN", "MAILLOGIN", "SEND", "RECEIVE" ], "ipAddress": "10.10.150.233", "reason": "re-enabled upon customer request" }, { "time": "2021-03-23T04:23:11.191Z", "authUser": "brand1", "clientIp": "192.168.0.1", "clientUser": "subsubadmin1", "disabled": [ "WEBLOGIN", "MAILLOGIN", "SEND", "RECEIVE" ], "enabled": [], "ipAddress": "10.10.150.233", "reason": "disabled due to abuse detection" } ] }
Fields
- time: An ISO-8601 formatted UTC string represents the point in time when the permission change was performed
- authUser: The username used in the successful authentication when performing the permission change
- clientIp: IP address of the client that invoked the software that performed the permission change (optional)
- clientUser: Username of the credentials that authenticated against the software that performed the permission change (optional)
- disabled: An array of strings that hold the permissions that were effectively disabled
- enabled: An array of strings that hold the permissions that were effectively enabled
- ipAddress: The IP address of the client that performed the API operation to change permissions
- reason: The reason for the permission change, as indicated by the client that performed the API operation to change permissions (except when using the SOAP API)
Status
200
Error Codes
See: API Concepts for general error information
- 400: Bad query request, most likely wrong query parameter
5.14 Quota
This resource represents the quotas associated with a mailbox:
- mail quota: e-mail quota, if unified quota is not available - otherwise empty
- cloud quota: cloud storage quota, if unified quota is not available - otherwise empty
- unified quota: total quota, if available
5.14.1 Query quota information of a mailbox (QUOTA)
Request
GET /v1/mailboxes/<userName>/quota/
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "mailQuota": { "maxQuota": 2048, "usedQuota": 578 }, "cloudQuota": { "maxQuota": 2048, "usedQuota": 237 } }
Fields
- mailQuota: mail quota information containing the following fields:
- maxQuota: maximum quota in megabytes
- usedQuota: used quota in megabytes
- cloudQuota: cloud quota information containing the following fields:
- maxQuota: maximum quota in megabytes
- usedQuota: used quota in megabytes
- unifiedQuota: unified quota information containing the following fields:
- maxQuota: maximum quota in megabytes
- usedQuota: used quota in megabytes
Missing quota values will be returned as null values.
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.15 Sender Information
This resource represents the sender information of a mailbox.
5.15.1 Query sender information of a mailbox (SENDER)
This resource is used to query sender information of a given user.
Request
GET /v1/mailboxes/<userName>/sender
Fields
All listed parameters are mandatory.
- userName: the unique ID of the user (String)
Success Response
Body
{ "senderName": "Example User", "senderAddress": "test@example.com" }
Fields
- senderName: the sender display name
- senderAddress: the sender email address
Status
200
Error Codes
See: API Concepts for general error information
- 400: User name is missing
- 404: User does not exist
5.16 Public key
5.15.1 Get current public key
This resource provides the current public key that is used for uploading data through scp/sftp.
Request
GET /intercept/publickey
Success response
Header
Content-Type: "text/plain"
Body
{ "ssh-rsa": "AAAAB3NzaC1yc2EAAAADAQABAAACAQ..." }
Status
200
5.17 Snapshot resource
A Snapshot Resource is defined by the base path: /intercept/snapshots
The representations of a snapshot are meta data (for creation and management) and the binary data of the snapshot itself.
The creation of the snapshot dump is an asynchronous operation and the current status can be queried with corresponding snapshot ID.
5.17.1 Snapshot metadata
Snapshot metadata is represented by JSON, the represntation can differ between the different REST calls.
JSON representation
Field | Description | Mandatory |
---|---|---|
{ | - | - |
"snapshotId": <string>, | The unique id that qualified a snapshot, will be a UUID. | Yes |
"username": <string>, | The name of the user for which the snapshot is created. | Yes |
"type": <string>, | The type of the snapshot, one of: MAILBOX, CALENDAR, CONTACTS. | Yes |
"action": <string>, | The type of upload action, one of: SCP, SFTP, DOWNLOAD. | Yes |
"status": <string>, | The current snapshot status, see status table below. | Yes |
"lastChanged": <timestamp>, | The timestamp when the last status change happened. | No. Service managed. |
"ssh": { | The ssh connection object. | Yes if "action" is "SCP" or "SFTP" |
"fingerprint": "75:5c:f9:c8:b6:f0:18:aa:23:ec:d9:67:56:ee:5f:c1", | The public key of remote server for upload in hexdecimal notation. | Yes if "action" is "SCP" or "SFTP" |
"host": "upload.customer.net", | The FQDN or IP of the upload destination. | Yes if "action" is "SCP" or "SFTP" |
"port": 22, | The network port of the upload destination. | Yes if "action" is "SCP" or "SFTP" |
"path": "/upload/dir", | The path on remote server to store the upload file. | Yes if "action" is "SCP" or "SFTP" |
"username": "uploaduser" | The username used when connecting to remote server. | Yes if "action" is "SCP" or "SFTP" |
}, | - | - |
"start": "2016-08-01T14:00:00Z", | The start date (interval) of the messages to be exported. | Yes if "type" is "MAILBOX" |
"end": "2016-08-14T15:00:00Z", | The end date (interval) of the messages to be exported. | Yes if "type" is "MAILBOX" |
"error": { | The error object, set if status is 'failed'. | No, Service managed. |
"errorCode": <string>, | The error code of the failure. | No, Service managed. |
"errorMessage": <string> | The error message for the failure. | No, Service managed. |
} | - | - |
} | - | - |
5.17.2 Snapshot status
A Snapshot status is based on it's current state of processing.
Status | Description |
---|---|
pending | After creation is pending and waits for execution. |
dumping | The dump is in progress. |
dumped | The dump was generated and waits for upload. |
uploading | The upload is in progress. |
available | Indicates, that the upload was successful and snapshot is available. |
failed | Indicates, that an error happens on dumping or uploading operation. |
deleted | The snapshot has been deleted by an operator |
5.17.3 Create a snapshot of a user's mailbox
This resource is used to create a snapshot of the data of a given user.
Request
POST /intercept/snapshots
Body
Mailbox snapshot | Calendar snapshot | Contacts snapshot |
---|---|---|
{ "username" : "someone", "type": "mailbox", "action": "scp", "ssh": { "fingerprint": "75:5c:f9:c8:b6:f0:18:aa:23:ec:d9:67:56:ee:5f:c1.", "host": "upload.customer.net", "port": 22, "path": "/upload/dir", "username": "uploaduser" }, "start": "2016-08-01T14:00:00Z", "end": "2016-08-14T15:00:00Z" } | { | { "username" : "someone", "type": "contacts", "action": "scp", "ssh": { "fingerprint": "75:5c:f9:c8:b6:f0:18:aa:23:ec:d9:67:56:ee:5f:c1.", "host": "upload.customer.net", "port": 22, "path": "/upload/dir", "username": "uploaduser" } } |
Sucess response
Header
Location=/intercept/snapshots/{1a2b3c-..}
Body
{ "snapshotId": "1a2bCc-..", "username" : "someone", "type": "calendar", "action": "scp", "status": "pending" "lastChanged": 123456.. }
Status
200
5.17.4 List all available snapshots
This resource is used to query the list of all available snapshots.
Request
GET /intercept/snapshots?status=available
Sucess response
Body
[ { "snapshotId": <string>, "username": <string>, "type": <string>, "action": <string>, "status": "available" "lastChanged": <timestamp> }, { "snapshotId": <string>, "username": <string>, ... } ]
Status
200
5.17.5 Get snapshot metadata
This resource is used to query the metadata of a specific snapshot.
Request
GET /intercept/snapshots/{snapshotId}
Sucess response
Body
{ "snapshotId": <string>, "username": <string>, "type": <string>, "action": <string>, "status": <string>, "lastChanged": <timestamp>, "error": <object> }
Status
200
5.17.6 Get snapshot status
This resource is used to query the current status of a given snapshot.
Request
GET /intercept/snapshots/{snapshotId}/status
Sucess response
Body
{ "status": <string> }
Status
200
5.17.7 Get snapshot dump
This resource provides the binary dump of the snapshot if snapshot was created with action "DOWNLOAD".
Request
GET /intercept/snapshots/{snapshotId}/dump
Success response
Header
Content-Type: application/octet-stream
Body
byte[]
Status
200
5.17.8 Delete snapshot of mailbox
This resource is used to mark a snapshot as deleted. If the snapshot was of type 'Download', the actual dump is deleted too.
Request
DELETE /intercept/snapshots/{snapshotId}
Sucess response
Status
204
5.18 Brand Permission History
This resource represents the access to permission history of all (sub) brand's mailboxes via API v1.
5.18.1 Query permissions change history of the current brand (BRAND_PERMISSIONS)
This resource is used to query the history of permission changes of the current brand.
Request
GET /v1/permissions/history
Query parameters
A Request of the Permission History can be optionally extended with one or more Parameters
Parameter | Format & Range of Values | Mandatory | Description |
---|---|---|---|
before | ISO-8601 Date-Time | No | Only return permission changes prior to before. |
after | ISO-8601 Date-Time | No | Only return permission changes that occurred after after . |
flatten | true / false | No | Use JSON object or array format, see response examples. |
order | asc / desc | No | Only when using the flat format, order of the entries by the time attribute.
|
limit | Integer of 0, ... | No | Limits the number of objects that are returned, reduction varies if object or array format is requested:
|
Success Response - Map Format
A JSON object with its keys being "OX identifiers" (userid@contextid), and each value being a JSON array of permission change JSON objects.
Body
{ "3@100": [ { "time": "2021-03-30T13:33:17.643Z", "authUser": "brand1", "disabled": [ "RECEIVE", "SEND" ], "ipAddress": "10.10.1.10", "reason": "sendmail flooding detection" }, { "time": "2021-03-30T13:33:17.660Z", "authUser": "brand1", "disabled": [ "MAILLOGIN", "WEBLOGIN" ], "ipAddress": "10.20.32.193", "reason": "DDoS abuse detection" }, { "time": "2021-03-30T13:33:17.671Z", "authUser": "brand1", "enabled": [ "RECEIVE", "SEND", "MAILLOGIN", "WEBLOGIN" ], "ipAddress": "192.168.38.199", "reason": "Resolved by customer support", "clientIp": "82.193.93.112", "clientUser": "carla" } ], "3@329": [ ... ] }
Fields
- time: An ISO-8601 formatted UTC string represents the point in time when the permission change was performed
- authUser: The username used in the successful authentication when performing the permission change
- clientIp: IP address of the client that invoked the software that performed the permission change (optional)
- clientUser: Username of the credentials that authenticated against the software that performed the permission change (optional)
- disabled: An array of strings that hold the permissions that were effectively disabled
- enabled: An array of strings that hold the permissions that were effectively enabled
- ipAddress: The IP address of the client that performed the API operation to change permissions
- reason: The reason for the permission change, as indicated by the client that performed the API operation to change permissions (except when using the SOAP API)
Success Response - Flatten Format
A flat JSON array with each value being a JSON permission change object, augmented with an oxid and a brand attribute.
Body
[ { "time": "2021-03-30T13:33:17.643Z", "authUser": "brand1", "disabled": [ "RECEIVE", "SEND" ], "ipAddress": "10.10.1.10", "reason": "sendmail flooding detection", "oxid": "3@100", "brand": "brand1" }, { "time": "2021-03-30T13:33:17.660Z", "authUser": "brand1", "disabled": [ "MAILLOGIN", "WEBLOGIN" ], "ipAddress": "10.20.32.193", "reason": "DDoS abuse detection", "oxid": "3@100", "brand": "brand1" }, { "time": "2021-03-30T13:33:17.671Z", "authUser": "brand1", "enabled": [ "RECEIVE", "SEND", "MAILLOGIN", "WEBLOGIN" ], "ipAddress": "192.168.38.199", "reason": "Resolved by customer support", "clientIp": "82.193.93.112", "clientUser": "carla", "oxid": "3@100", "brand": "brand1" } ]
Fields
- time: An ISO-8601 formatted UTC string represents the point in time when the permission change was performed
- oxid: Unique identifier of the user, in the form <userId>@<contextId> (e.g. 3@21839)
- brand: The brand the user resides in
- authUser: The username used in the successful authentication when performing the permission change
- clientIp: IP address of the client that invoked the software that performed the permission change (optional)
- clientUser: Username of the credentials that authenticated against the software that performed the permission change (optional)
- disabled: An array of strings that hold the permissions that were effectively disabled
- enabled: An array of strings that hold the permissions that were effectively enabled
- ipAddress: The IP address of the client that performed the API operation to change permissions
- reason: The reason for the permission change, as indicated by the client that performed the API operation to change permissions (except when using the SOAP API)
Status
200
Error Codes
See: API Concepts for general error information
- 400: Bad query request, most likely wrong query parameters