It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Gateway Defense
formerly Email Security

API Overview

  • Last updated on

The Email Gateway Defense API is a beta release and not yet generally available. The APIs in the beta endpoint are currently in preview and subject to change.

The Email Gateway Defense REST API provides the ability to interact with Email Gateway Defense. This article gives a brief description of REST API and the API methods you can use to access Email Gateway Defense. 

Representational State Transfer (REST) is a stateless architecture that runs over HTTP. REST API is a simple web service API you can use to interact with Email Gateway Defense. For more information on REST API, visit

The Email Gateway Defense API is currently only available for accounts in the United States (US) and United Kingdom (UK) regions.

Getting Started

You will need an active Barracuda Cloud Control account and your application registered in the Barracuda Token Service in order to receive the required Client ID and Client Secret. The Client Secret is used to sign and validate access tokens for authentication and to gain access to API endpoints.

For more details, review our Getting Started with the API information. 

Authorization Requirements

All endpoints will require an access token. Access tokens are generated from the token endpoint.

Use the API

Use the following URL based on your region:

United States (US)
United Kingdom (UK)


The following endpoints are available:



Sometimes API requests will return a large number of results. Rather than retrieve them all at once, which may affect your application’s performance, you can use paging to retrieve the results in batches. For more information, see Paging.


The scope constrains the endpoints to which a client has access, and whether a client has read or write access to an endpoint. 

As a general rule, choose the most restrictive scope possible and avoid requesting scopes that your application does not need. 

Available scopes:

ess:account:readAllow read-only access to account information.

HTTP response codes

HTTP codeStatusDescription
200OKThe request was successful.
400Bad RequestThe request was invalid and/or not formed properly.
401UnauthorizedThere is a missing or incorrect API token in header.
403ForbiddenThe client did not have permission to access the requested resource.
404Not FoundThe URI requested is invalid or the resource requested does not exists.
406Not AcceptableThe request specified an invalid format.
410GoneThis resource is gone. Used to indicate that an API endpoint has been turned off.
429Too Many RequestsReturned when a request cannot be served due to the application’s rate limit having been exhausted for the resource.
500Internal Server ErrorSomething went wrong.
502Bad GatewayThe service is down or being upgraded. Try again later.
503Service UnavailableThe service is up, but overloaded with requests. Try again later.
504Gateway TimeoutServers are up, but the request couldn’t be serviced due to some failure within our stack. Try again later.