Secumailer

SecureMail - Secumailer

Secumailer

Improve user experience with secure e-mail

End-to-end encypted and GDPR compliant

  • Communication
  • Security

API reference on SwaggerHub

Introduction

The SecureMail API makes sure your e-mails to clients, users and other audiences are compliant with mandatory GDPR/AVG regulations for businesses. When sending (bulk) business e-mails it is hard to make sure that the mail server of all your addressees have the right standard security configured and that the e-mails arrive at the intended mailboxes. By law it is not allowed to send sensitive data over unsecured e-mail. The SecureMail API solves this problem for you by checking the security of the connection with mail servers and only sending your message through to secure servers.

Conceptual model

Conceptual model

Definitions

Account

In this context, an account is the entity where organizational parameters are held and maintained.

AVG

The AVG (in Dutch: Algemene verordening gegevensbescherming) is the Dutch name for the GDPR.

DNS

Domain Name Service. A service that translates domain names to IP addresses and vice versa.

Domain

This is the domain name, from which you will be sending your secure e-mails.

GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

API workflow

Sequence diagram

Prerequirements

You must be able to configure the DNS records of your registered domain, to be able to route e-mail to the Secumailer platform.

Features and constraints

Features

  • Always deliver e-mail to secure mail servers.
  • Bulk e-mail supported.
  • Compliant with GDPR/AVG regulation.

Constraints

  • You would have to check your e-mail address configured as reseller, to check for e-mails that could not be delivered because of insecure mail servers.
  • DNS changes have to be made for e-mail routing.

Getting started

Setting up your third-party accounts

To start e-mailing with the SecureMail API, you need to create a Secumailer account.

Use the API request /POST account to create an account on the Secumailer platform, providing the domain name and an e-mail address on which you would like to receive notifications. You will receive a notification for example when a SecureMail cannot be sent to the addressee.

Configuring your DNS registration

In order to send secure e-mail, you need to make changes to your DNS registration.

The changes concern the creation of 2 MX records for a subdomain of the apex domain (default is secure.example.com) and number of TXT records (SPF, DKIM and DMARC) that also establish proof of ownership of the domain.

You can retrieve the set of required DNS changes by calling the /GET account endpoint. You need to supply the domain for which you are retrieving the DNS settings as documented by the Swagger file. You will receive the values that you need to implement as DNS changes.

The values consist of a section named ‘receiving_dns_records’ and ‘sending_dns_records’. The first section concerns MX records and they need to be applied to the host value as documented in the ‘domain’ --> ‘name’ section of the response. This will generally be in the form of ‘secure.example.com’. Note: DO NOT apply these settings to your root domain as this will interfere with your regular e-mail.

The second section concerns a number of TXT records. These need to be applied to the host as determined in each ‘name’ attribute of a TXT record. DNS changes take time to process. As soon as your DNS changes have validated correctly the ‘state’ attribute in the ‘domain’ section will change from ‘unverified’ to ‘valid’.

When this is the case you can start sending messages via the /message endpoint.

Use the GET /account endpoint to check if all settings where correctly processed.

Note: Take a into account that syncing DNS can take up to 24 hours.

Authentication

To authenticate you'll need to request an access token. Use your API Store app's credentials (Consumer Key and Consumer Secret) to make an authentication request. The authorization service returns a JSON message that contains the access_token field.

Use one of the following 3 options:

cURL

Execute below cURL command to receive an access token. Replace APP_CONSUMER_KEY and APP_CONSUMER_SECRET with your app's credentials.

curl -X POST \
 'https://api-prd.kpn.com/oauth/client_credential/accesstoken?grant_type=client_credentials' \
 -H 'content-type: application/x-www-form-urlencoded' \
 -d 'client_id=APP_CONSUMER_KEY&client_secret=APP_CONSUMER_SECRET'

If you are using cURL for Windows, please use the command below instead.

curl -X POST "https://api-prd.kpn.com/oauth/client_credential/accesstoken?grant_type=client_credentials" -H "content-type: application/x-www-form-urlencoded" -d "client_id=APP_CONSUMER_KEY&client_secret=APP_CONSUMER_SECRET"

The authentication service returns a JSON message that contains the access token field.

{
    "refresh_token_expires_in": "0",
    "api_product_list": "[xxxxxxx]",
    "api_product_list_json": [
        " xxxxxxx"
    ],
    "organization_name": "kpn",
    "developer_email": "demo123@kpn.com",
    "token_type": "Bearer",
    "issued_at": "1521039195424",
    "client_id": "APP_CONSUMER_KEY",
    "access_token": "haf2SDl07E9N7RluNQ4kJ1TkGgso",
    "application_name": "6e38edxxxxxxxxxxxxxxxx4065d79c",
    "scope": "",
    "expires_in": "3599",
    "refresh_count": "0",
    "status": "approved"
}

SwaggerHub

  1. Click on the Authorize button on the top right.
  2. In the form, fill in client_id and client_secret, using your app's credentials.
  3. Click Authorize.

Postman

When using Postman, you will have to import the Swagger file into a Postman collection as follows:

  1. Open the API reference on SwaggerHub.
  2. On the top right, click Export, click Download API and click 'YAML Unresolved'.
  3. In Postman from the menu click File and click Import... Choose the YAML file you downloaded in the previous step. A new collection will be added.
  4. Select Get Access Token from the collection.
  5. Make sure the right environment is selected, corresponding to the API.
  6. Edit the environment variables client_id and client_secret, using your app's credentials.
  7. Check the response code and message.
  8. Press the Send button to get an access token.

Note: Request variables are no longer linked to an environment, but to the collection.

Functionality

Send secure e-mails

Use the POST /message endpoint to send a secure e-mail. Provide an application/json payload with: - sender, - recipient(s), - a MIME encoded, escaped e-mail message.

Note: The payload date and Message-ID should be unique.

Return codes

Code   Description
200   Success
201   Created
202   Accepted
302   Found. Link in location header
400   Bad request
401   Unauthorized
403   Forbidden
404   Not found
405   Method not allowed
412   Precondition failed
429   Too many requests
500   Internal server error
502   Bad gateway
503   Service unavailable