# Office365

These are a collection of endpoints that allow you to insert Canarytoken Mails into every selected Office365 email in your organisation.

TIP

These endpoints are recommended to be used via your Canary Console UI. The Canary Console UI will handle all the different flows and parameters needed, making your life a lot easier.

# Initiate Office356 Canarytoken process

POST /api/v1/canarytoken/office365/initiate

Initiates the creation of an Office365 Canarytoken.

Required Parameters

auth_token string
A valid auth token

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)

Response

A JSON structure with a result indicator and state value used for oauth process.

# List Office356 email addresses

POST /api/v1/canarytoken/office365/users/list

Lists the users in the oauth'ed Office365 organisation.

Required Parameters

auth_token string
A valid auth token

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)
is_exchange boolean
Defaults to: false
If your email is hosted by a Microsoft Exchange server instead of Office365.
exchange_username string
The username used to authenticate to the Office365 exchange.
exchange_password string
The password used to authenticate the specified exchange_username to the Office365 exchange.

Response

A JSON structure with the user_emails information and a result indicator

# Insert Canarytokens into Office365 mail accounts

POST /api/v1/canarytoken/office365/create

Inserts the Office365 mail Canarytoken into specified email addresses.

Required Parameters

auth_token string
A valid auth token
user_emails string
A comma separated list of the user email addresses to insert the Canarytoken into.

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)
is_exchange boolean
Defaults to: false
If your email is hosted by a Microsoft Exchange server instead of Office365.
exchange_username string
The username used to authenticate to the Office365 exchange.
exchange_password string
The password used to authenticate the specified exchange_username to the Office365 exchange.

Response

A JSON structure with a result indicator

# Get email template for Office365 Canarytoken

GET /api/v1/canarytoken/office365/email

Gets the Office365 mail template to be used when tokening Office365 mailboxes.

Required Parameters

auth_token string
A valid auth token

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)

Response

A JSON structure with the html and subject information with a result indicator

# Save email template for Office365 Canarytoken

POST /api/v1/canarytoken/office365/email

Saves the Office365 mail template to be used when tokening Office365 mailboxes.

Required Parameters

auth_token string
A valid auth token
email_html string
The HTML of the email template
email_subject string
The subject of the email

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)

Response

A JSON structure with the html and subject information with a result indicator

# Requests Office365 oauth access token

POST /api/v1/canarytoken/office365/oauth/token

Requests the Office365 access token.

Required Parameters

code string
Value returned after sign in with Office365 is successful and redirects
user_email string
Email used to complete Office oauth process
state string
Value returned after sign in with Office365 is successful and redirects

Response

A JSON structure with a result indicator

# Get the status of the Office365 Canarytoken process

GET /canarytoken/office365/status

Gets the status of the Office365 tokening process.

Required Parameters

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)

Response

A JSON structure with a result indicator, successful, failed and total users.