search
Get Demo

Start phishing simulation for a customer

As a Reseller you can create a phishing campaign for a customer and immediately start it so the simulation emails go out to target users. The flow: get the customer's Company ID, pick a scenario and target group, create the campaign, then start the campaign job. Use a credential with Client Role = Reseller. Send X-KEEPNET-Company-Id with every request.

hashtag
POST /api/companies/search

Get the customer's Company ID first. Use the resourceId from the response as X-KEEPNET-Company-Id in all subsequent requests. Test it: Authorize with Client ID/Secret, then Send — request body is pre-filled.

hashtag
Retrieves a list of all companies

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
pageNumberintegerRequiredExample: 1
pageSizeintegerRequiredExample: 10
orderBystringRequiredExample: CreateTime
ascendingbooleanRequiredExample: false
isTargetUserCountExceededLimitbooleanOptional

If true, only companies exceeding license limit are returned

Example: false
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/companies/search
200

OK

hashtag
POST /api/phishing-simulator/phishing-scenario/search

List phishing scenarios available for the customer. Send X-KEEPNET-Company-Id. Pick a scenario and note its resourceId — use it as phishingScenarioResourceIds in the campaign body.

hashtag
Returns a list of the phishing scenarios

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
pageNumberintegerRequiredExample: 1
pageSizeintegerRequiredExample: 20
orderBystringOptionalExample: Name
ascendingbooleanOptionalExample: true
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/phishing-simulator/phishing-scenario/search
200

OK

hashtag
POST /api/target-groups/search/current-company

List target groups for the customer. Send X-KEEPNET-Company-Id. Use one or more resourceId values as targetGroupResourceIds in the campaign body.

hashtag
Returns a list of target groups for my company

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
pageNumberintegerRequiredExample: 1
pageSizeintegerRequiredExample: 20
orderBystringOptionalExample: Name
ascendingbooleanOptionalExample: true
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/target-groups/search/current-company
200

OK

hashtag
GET /api/phishing-simulator/phishing-campaign/form-details

Returns dropdown and reference data (email delivery settings, schedule types, etc.) needed to build the campaign. Send X-KEEPNET-Company-Id.

hashtag
Retrieves the create/edit form details

get
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
get
/api/phishing-simulator/phishing-campaign/form-details
200

OK

hashtag
POST /api/phishing-simulator/phishing-campaign

Creates a new phishing campaign for the customer. Send X-KEEPNET-Company-Id. Body: name (required), scheduleTypeId (required), phishingScenarioResourceIds, targetGroupResourceIds, duration, distribution, and email delivery settings. See Endpoints → PhishingCampaign for the full schema.

hashtag
Creates a new phishing campaign for a company

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
namestringRequiredExample: Q1 Phishing Simulation
scheduleTypeIdintegerRequiredExample: 1
phishingScenarioResourceIdsstring[]Optional
targetGroupResourceIdsstring[]Optional
durationintegerOptionalExample: 7
distributionTypeIdintegerOptionalExample: 1
distributionDelayEveryintegerOptionalExample: 0
distributionDelayTimeTypeIdintegerOptionalExample: 1
sendingLimitintegerOptionalExample: 0
emailDeliverySettingTypeintegerOptionalExample: 1
excludeFromReportsbooleanOptionalExample: false
sendOnlyActiveUsersbooleanOptionalExample: true
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/phishing-simulator/phishing-campaign
200

OK

Example body (minimal — send immediately):

From the response, note the campaign resourceId. Use it in the next step.

hashtag
POST /api/phishing-simulator/phishing-campaign-job/start/{resourceId}

Starts the campaign — emails go out to target users. Replace {resourceId} with the campaign ID from the create response. Send X-KEEPNET-Company-Id. Body: scheduleTypeId, targetGroupResourceIds, and optional distribution config.

hashtag
Start new phishing campaign job with phishing campaign resource id.

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Path parameters
resourceIdstringRequired
Body
scheduleTypeIdintegerOptionalExample: 1
targetGroupResourceIdsstring[]Optional
excludeFromReportsbooleanOptionalExample: false
sendingLimitintegerOptionalExample: 0
distributionDelayEveryintegerOptionalExample: 0
distributionDelayTimeTypeIdintegerOptionalExample: 1
useTargetUserTimeZonebooleanOptionalExample: false
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/phishing-simulator/phishing-campaign-job/start/{resourceId}
200

OK

Example body (start immediately):

hashtag
Common errors

  • 403 Forbidden — Credential is not Reseller, or the Company ID is not one you manage. Set Client Role = Reseller. Roles and permissions →

  • 401 Unauthorized — Missing or invalid token. Request a new token via POST /connect/token.

  • 400 Bad Request — Invalid request body (missing scenario, target group, or schedule). Verify IDs from the search endpoints above; check Endpoints → PhishingCampaign for the full schema.

  • 404 Not Found — Invalid Company ID, scenario ID, or campaign ID.

circle-info

Platform UI: Create phishing campaigns under Phishing Simulator → Campaign Manager. Campaign Manager →

Related: Create and start phishing campaign for a customer → (compact version). List phishing scenarios for a customer →. View customer's campaign list and report →. Scope API requests to a customer →.

PreviousPhishing simulationNextView customer's campaign list and report

Last updated