search
Get Demo

View customer's campaign list and report

As a Reseller you can list a customer’s phishing, smishing, or quishing campaigns and get reports for a specific campaign or campaign job. Get the customer’s Company ID, then call the campaign search and campaign-job-report endpoints with X-KEEPNET-Company-Id so results are scoped to that company. Use a credential with Client Role = Reseller. The same pattern applies to phishing, smishing, and quishing simulators — only the base path changes.

hashtag
POST /api/companies/search

Get the customer’s Company ID. Use the resourceId of the desired company in the next steps.

Retrieves a paginated list of all companies you manage with license details. Each item includes resourceId — use it as the Company ID for scoped requests. Test it: Authorize with Client ID/Secret, then Send — request body is pre-filled.

hashtag
Retrieves a list of all companies

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
pageNumberintegerRequiredExample: 1
pageSizeintegerRequiredExample: 10
orderBystringRequiredExample: CreateTime
ascendingbooleanRequiredExample: false
isTargetUserCountExceededLimitbooleanOptional

If true, only companies exceeding license limit are returned

Example: false
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/companies/search
200

OK

From the response, pick the company (e.g. by name) and note its resourceId. Example: "resourceId": "xC5kfGz7w2Nz" → use xC5kfGz7w2Nz as Company ID in the campaign and report requests below.

hashtag
POST /api/phishing-simulator/phishing-campaign/search

Send the Company ID in the X-KEEPNET-Company-Id header so the list is scoped to the chosen company. Returns a paginated list of phishing campaigns for that customer. Response includes campaign resourceId, name, status, and other fields.

Returns a list of the phishing campaigns. As a Reseller, send X-KEEPNET-Company-Id: <companyResourceId>. Request body: optional filter, pageNumber, pageSize, orderBy, ascending. Test it: Endpoints → PhishingCampaignReturns a list of the phishing campaigns — use dummy data (H8d) and set the header to a Company ID from companies/search. As a Reseller, send X-KEEPNET-Company-Id: <companyResourceId>. Request body: optional filter, pageNumber, pageSize, orderBy, ascending. Test it: Endpoints → PhishingCampaignReturns a list of the phishing campaigns — use dummy data (H8d) and set the header to a Company ID from companies/search.

hashtag
Returns a list of the phishing campaigns

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
pageNumberinteger · int32Optional
pageSizeinteger · int32Optional
orderBystring · nullableOptional
ascendingbooleanOptional
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/phishing-simulator/phishing-campaign/search
200

OK

Example request headers:

Example body (dummy data — first page):

hashtag
Smishing and quishing

Same flow with a different base path and same header:

  • Smishing: POST /api/smishing-simulator/smishing-campaign/search

  • Quishing: POST /api/quishing-simulator/quishing-campaign/search

hashtag
POST /api/phishing-simulator/phishing-campaign-job-report/search

Campaign jobs are run instances of a campaign. To get job-level reports (summary, clicked users, export), use this endpoint — it returns jobs with resourceId and instanceGroup that you need for the summary and export endpoints. Send X-KEEPNET-Company-Id. From the response, note resourceId and instanceGroup for the job you want to report on.

Retrieves campaign job's list. As a Reseller, send X-KEEPNET-Company-Id: <companyResourceId>. Request body: see Endpoints → PhishingCampaignJobReport for the search request schema.

hashtag
Retrieves campaign job's list.

post
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Body
pageNumberinteger · int32Optional
pageSizeinteger · int32Optional
orderBystring · nullableOptional
ascendingbooleanOptional
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
post
/api/phishing-simulator/phishing-campaign-job-report/search
200

OK

hashtag
GET /api/phishing-simulator/phishing-campaign-job-report/summary/{resourceId}/{instanceGroup}

Returns the summary report for one campaign job (sent, opened, clicked, etc.). Send X-KEEPNET-Company-Id.

Returns campaign job summary. As a Reseller, send X-KEEPNET-Company-Id: <companyResourceId>.

hashtag
Retrieves phishing campaign job's summary details.

get
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : API
Authorizations
OAuth2clientCredentialsRequired

Client ID and Client Secret from Company → Company Settings → REST API. Enter credentials to auto-fetch token.

Token URL:
Path parameters
resourceIdstringRequired
instanceGroupinteger · int32Required
Responses
chevron-right
200

OK

application/json
statusstringOptional
messagestring · nullableOptional
validationMessagesstring[] · nullableOptional
get
/api/phishing-simulator/phishing-campaign-job-report/summary/{resourceId}/{instanceGroup}
200

OK

Example: GET /api/phishing-simulator/phishing-campaign-job-report/summary/pJb2kL9mNq/1 with header X-KEEPNET-Company-Id: xC5kfGz7w2Nz.

hashtag
Export campaign or job report list

  • Export campaign list: POST /api/phishing-simulator/phishing-campaign/search/export — same Company ID header and body shape as search (see Endpoints → PhishingCampaign).

  • Export campaign job report list: POST /api/phishing-simulator/phishing-campaign-job-report/search/export — same header, request body per Endpoints → PhishingCampaignJobReport.

Smishing and quishing have equivalent paths under smishing-simulator and quishing-simulator (e.g. .../smishing-campaign/search, .../smishing-campaign-job-report/search, .../summary/{resourceId}/{instanceGroup}, .../search/export).

hashtag
Common errors

  • 403 Forbidden — Credential is not Reseller, or the Company ID is not one you manage. Set Client Role = Reseller. Roles and permissions →

  • 401 Unauthorized — Missing or invalid token. Request a new token via POST /connect/token.

  • 404 Not Found / 400 Bad Request — Invalid Company ID or campaign/job ID. Verify Company ID from POST /api/companies/search and job resourceId/instanceGroup from the campaign-job-report search; ensure you send X-KEEPNET-Company-Id for the customer that owns the campaign.

Related: Scope API requests to a customer →. Endpoint details: see EndpointsPhishingCampaign, PhishingCampaignJobReport (and equivalent paths under smishing-simulator, quishing-simulator).

PreviousStart phishing simulation for a customerNextList phishing scenarios for a customer

Last updated