Authentication
All API requests require a Bearer token in the Authorization header. Generate API keys from your dashboard at app.pixacolour.com/settings/api.
// Include in every request
Authorization: Bearer px_live_your_api_key_here
Keep your API keys secure. Never expose them in client-side code or public repositories.
There are two types of keys:
- Live keys (
px_live_) — Production environment with real filtering - Test keys (
px_test_) — Sandbox mode for development and testing
Quick Start
Get your email security gateway running in 3 steps:
# 1. Add your domain
curl -X POST https://api.pixacolour.com/v1/domains \
-H "Authorization: Bearer px_live_xxx" \
-H "Content-Type: application/json" \
-d '{ "domain": "yourcompany.com" }'
# 2. Update your MX records (returned in response)
# 3. Emails now route through Pixacolour for scanning
Response:
{
"id": "dom_a1b2c3d4",
"domain": "yourcompany.com",
"status": "pending_mx_verification",
"mx_records": [
"mx1.pixacolour.com",
"mx2.pixacolour.com"
]
}
Quarantine
Manage quarantined emails. List, release, or permanently delete flagged messages.
GET /v1/quarantine
POST /v1/quarantine/{id}/release
DELETE /v1/quarantine/{id}
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
status | string | No | Filter: quarantined, released, deleted |
threat_type | string | No | Filter: spam, phishing, malware, bec |
from | string | No | Filter by sender address |
limit | integer | No | Results per page (default: 50) |
Threat Feed
Access real-time threat intelligence data for your protected domains.
GET /v1/threats
{
"threats": [
{
"id": "thr_x9y8z7",
"type": "phishing",
"severity": "critical",
"from": "attacker@spoofed-domain.com",
"target": "ceo@yourcompany.com",
"detected_at": "2026-06-15T14:22:00Z",
"action": "quarantined"
}
]
}
Policies
Configure filtering rules, allowlists, blocklists, and custom actions for your organization.
GET /v1/policies
POST /v1/policies
PUT /v1/policies/{id}
// Create a custom policy
{
"name": "Block crypto scams",
"condition": {
"subject_contains": ["bitcoin", "crypto wallet", "urgent transfer"]
},
"action": "quarantine",
"notify_admin": true
}
Domains
Manage your protected domains. After adding a domain, update your MX records to route email through the gateway.
POST /v1/domains
GET /v1/domains
DELETE /v1/domains/{id}
{
"id": "dom_a1b2c3d4",
"domain": "yourcompany.com",
"status": "active",
"mx_records": [
"mx1.pixacolour.com",
"mx2.pixacolour.com"
],
"verified_at": "2026-06-10T09:15:00Z"
}
Webhooks
Configure webhooks to receive real-time notifications about security events. Set your endpoint URL in the dashboard.
Events
| Event | Description |
|---|---|
threat.detected | New threat identified and blocked |
threat.quarantined | Email moved to quarantine |
quarantine.released | Admin released a quarantined email |
policy.triggered | Custom policy rule matched |
auth.failed | SPF/DKIM/DMARC authentication failure |
report.daily | Daily security summary available |
SDKs & Libraries
Official libraries for popular languages:
- Node.js —
npm install @pixacolour/sdk - Python —
pip install pixacolour - PHP —
composer require pixacolour/sdk - Go —
go get github.com/pixacolour/go-sdk
Python Example
from pixacolour import Pixacolour
client = Pixacolour('px_live_xxx')
# Get recent threats
threats = client.threats.list(
severity='critical',
limit=10
)
for t in threats:
print(f"{t.type}: {t.from_addr} → {t.action}")