It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Public API Overview

  • Last updated on

The Barracuda Forensics & Incident Response RESTful API (beta) provides remote administration and configuration of Barracuda Forensics & Incident Response. This article gives a brief description of the Barracuda Forensics & Incident Response API and the API endpoints, with links to details about each endpoint.


You must have the following items before you can access the API:  

  1. A Barracuda Cloud Control (BCC) account user credentials. If you do not already have a Barracuda Cloud Control account, see Create a Barracuda Cloud Control Account.
  2. A Client ID and Client Secret from a registered application in the Barracuda Token Service at
    For instructions, see Registering your Application in the Barracuda Token Service.
  3. An access token to make API requests. To create an access token, refer to the instructions in Obtaining an Access Token.
    Be sure to specify one or more correct scope values for your Access Token:
    • GET methods require an Access Token with scope forensics:account:read 
    • POST methods require an Access Token with scope forensics:account:write

Barracuda Forensics & Incident Response API

API EndpointMethodFunction
Get AccountsGET

Retrieves a list of accounts for Barracuda Forensics & Incident Response.

Get TenantsGET

Retrieves a list of Office 365 tenants connected to a Barracuda Forensics & Incident Response account.

Create IncidentPOST

Creates an incident for an Office 365 tenant.

Get IncidentGET

Retrieves a single incident using the incident ID.

Get IncidentsGET

Retrieves a list of created incidents for an Office 365 tenant.

Get User-Reported EmailsGET

Retrieves a list of user-reported emails for an Office 365 tenant.

You will often use the following endpoints first, as the information they retrieve is needed in other endpoints:

Tool for Interacting with the API


cURL is a command line tool for transferring data from or to a remote server via URLs. cURL is pre-installed on many UNIX/Linux platforms and newer Windows platforms. Type curl -V in your favorite shell to see if the tool is installed.

Examples in the endpoint references use cURL commands to send HTTP requests to access, create, and manipulate resources. 


Endpoints that require paging (Get Incidents and Get User-Reported Emails) include the necessary parameters. 


Last updated on