Canary API Docs

# Office365

These are a collection of endpoints that allow you to insert Canarytoken Mails into every selected Office365 email in your organisation.

Endpoints
POST /api/v1/canarytoken/office365/initiate
POST /api/v1/canarytoken/office365/users/list
POST /api/v1/canarytoken/office365/create
POST /api/v1/canarytoken/office365/email
GET /api/v1/canarytoken/office365/email
POST /api/v1/canarytoken/office365/oauth/token
GET /api/v1/canarytoken/office365/status

TIP

These endpoints are recommended to be used via your Canary Console UI. The Canary Console UI will handle all the different flows and parameters needed, making your life a lot easier.

# Initiate Office356 Canarytoken process

POST /api/v1/canarytoken/office365/initiate

Initiates the creation of an Office365 Canarytoken.

Required Parameters

auth_token string
A valid auth token

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)

Response

A JSON structure with a result indicator and state value used for OAuth process.

# List Office356 email addresses

POST /api/v1/canarytoken/office365/users/list

Lists the users in the oauth'ed Office365 organisation.

Required Parameters

auth_token string
A valid auth token

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)
is_exchange boolean
Defaults to: false
If your email is hosted by a Microsoft Exchange server instead of Office365.
exchange_username string
The username used to authenticate to the Office365 exchange.
exchange_password string
The password used to authenticate the specified exchange_username to the Office365 exchange.

Response

A JSON structure with the user_emails information and a result indicator

# Insert Canarytokens into Office365 mail accounts

POST /api/v1/canarytoken/office365/create

Inserts the Office365 mail Canarytoken into specified email addresses.

Required Parameters

auth_token string
A valid auth token
user_emails string
A comma separated list of the user email addresses to insert the Canarytoken into.

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)
is_exchange boolean
Defaults to: false
If your email is hosted by a Microsoft Exchange server instead of Office365.
exchange_username string
The username used to authenticate to the Office365 exchange.
exchange_password string
The password used to authenticate the specified exchange_username to the Office365 exchange.

Response

A JSON structure with a result indicator

# Get email template for Office365 Canarytoken

GET /api/v1/canarytoken/office365/email

Gets the Office365 mail template to be used when tokening Office365 mailboxes.

Required Parameters

auth_token string
A valid auth token

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)

Response

A JSON structure with the html, subject and sender information with a result indicator

# Save email template for Office365 Canarytoken

POST /api/v1/canarytoken/office365/email

Saves the Office365 mail template to be used when tokening Office365 mailboxes.

Required Parameters

auth_token string
A valid auth token
email_html string
The HTML of the email template
email_subject string
The subject of the email

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)
email_sender string
Defaults to: 'security@{yourdomain}'
The "from" address of the email

Response

A JSON structure with the html, subject and sender information with a result indicator

# Requests Office365 OAuth access token

POST /api/v1/canarytoken/office365/oauth/token

Requests the Office365 access token.

Required Parameters

code string
Value returned after sign in with Office365 is successful and redirects
user_email string
Email used to complete Office OAuth process
state string
Value returned after sign in with Office365 is successful and redirects

Response

A JSON structure with a result indicator

# Get the status of the Office365 Canarytoken process

GET /api/v1/canarytoken/office365/status

Gets the status of the Office365 tokening process.

Required Parameters

Optional Parameters

flock_id string
Defaults to: 'flock:default'
A valid flock_id (defaults to the Default Flock)

Response

A JSON structure with a result indicator, successful, failed and total users.

Gmail