The Sublime Platform API allows you to interact with your Sublime deployment programmatically.

Here are some ways you can use the API:

  • Trash malicious messages from your SOAR
  • Update a List containing malicious attachment hashes using threat intel
  • Enrich alerts (e.g. a JIRA or ServiceNow ticket) with message metadata or screenshots

The API is organized around REST and has predictable resource-oriented URLs, accepts JSON request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

Your Base URL

Your Base URL is the location you send API requests. Click Developer in the left-hand navigation to see your Base URL.

In these docs, you'll notice the Base URL is, which is the URL for Sublime Cloud customers. Depending on your type of deployment, yours may be different.

Using with webhooks

The Sublime API and Sublime's webhooks go together like warm chocolate chip cookies and cold, cold milk. Use webhooks to receive notifications when a message is flagged, and use the API to take actions like adding message details to a Jira ticket and providing the option to trash a message directly from that ticket.