Incidents V2

Create and read incidents.

Incidents are a core resource, on which many other resources (actions, etc) are created.

Care should be taken around these endpoints, as automation that creates duplicate incidents can be distracting, and impact reporting.

List Incidents V2

List all incidents for an organisation.

This endpoint supports a number of filters, which can help find incidents matching certain criteria.

Filters are provided as query parameters, but due to the dynamic nature of what you can query by (different accounts have different custom fields, statuses, etc) they are more complex than most.

To help, here are some exemplar curl requests with a human description of what they search for.

Note that:

  • Filters may be used together, and the result will be incidents that match all filters.
  • IDs are normally in UUID format, but have been replaced with shorter strings to improve readability.
  • All query parameters must be URI encoded.

By status

With status of id=ABC, find all incidents that are set to that status:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'status[one_of]=ABC'

Or all incidents that are not set to status with id=ABC:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'status[not_in]=ABC'

By created_at or updated_at

Find all incidents that follow specified date parameters for created_at and updated_at fields. Possible values are "gte" (greater than or equal to) and "lte" (less than or equal to). The following example finds all incidents created before or on 2021-01-02T00:00:00Z:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'created_at[lte]=2021-01-02'

By status category

Find all incidents that are in a status category. Possible values are "triage", "declined", "merged", "canceled", "live", "learning" and "closed":

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'status_category[one_of]=live'

Or all incidents that are not in a status category:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'status_category[not_in]=live'

By severity

With severity of id=ABC, find all incidents that are set to that severity:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'severity[one_of]=ABC'

Or all incidents where severity rank is greater-than-or-equal-to the rank of severity id=ABC:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'severity[gte]=ABC'

Or all incidents where severity rank is less-than-or-equal-to the rank of severity id=ABC:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'severity[lte]=ABC'

By incident type

With incident type of id=ABC, find all incidents that are of that type:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'incident_type[one_of]=ABC'

Or all incidents not of that type:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'incident_type[not_in]=ABC'

By incident mode

By default, we return standard and retrospective incidents. This means that test and tutorial incidents are filtered out. To override this behaviour, you can use the mode filter to specify which modes you want to get.

To find incidents of all modes:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'mode[one_of]=standard&mode[one_of]=retrospective&mode[one_of]=test&mode[one_of]=tutorial'

To find just test incidents:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'mode[one_of]=test'

By incident role

Roles and custom fields have another nested layer in the query parameter, to account for operations against any of the roles or custom fields created in the account.

With incident role id=ABC, find all incidents where that role is unset:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'incident_role[ABC][is_blank]=true'

Or where the role has been set:

    curl --get 'https://api.incident.io/v2/incidents' \
        --data 'incident_role[ABC][is_blank]=false'

By option custom fields

With an option custom field id=ABC, all incidents that have field ABC set to the custom field option of id=XYZ:

    curl \
        --get 'https://api.incident.io/v2/incidents' \
        --data 'custom_field[ABC][one_of]=XYZ'

Or all incidents that do not have custom field id=ABC set to option id=XYZ:

    curl \
        --get 'https://api.incident.io/v2/incidents' \
        --data 'custom_field[ABC][not_in]=XYZ'
Request
query Parameters
page_size
integer <int64>
Default: 25

number of records to return

Example: page_size=25
after
string

An incident's ID. This endpoint will return a list of incidents after this ID in relation to the API response order.

Example: after=01FDAG4SAP5TYPT98WGR2N7W91
object

Filter on incident status. The accepted operators are 'one_of', or 'not_in'.

Example: one_of=01GBSQF3FHF7FWZQNWGHAVQ804
object

Filter on the category of the incidents status. The accepted operators are 'one_of', or 'not_in'. If this is not provided, this value defaults to {"one_of": ["triage", "active", "post-incident", "closed"] }, meaning that canceled, declined and merged incidents are not included.

Example: one_of=active
object

Filter on incident created at timestamp. The accepted operators are 'gte', 'lte' and 'date_range'.

Example: created_at[gte]=2024-05-01
object

Filter on incident updated at timestamp. The accepted operators are 'gte', 'lte' and 'date_range'.

Example: updated_at[gte]=2024-05-01
object

Filter on incident severity. The accepted operators are 'one_of', 'not_in', 'gte', 'lte'.

Example: one_of=01GBSQF3FHF7FWZQNWGHAVQ804
object

Filter on incident type. The accepted operators are 'one_of, or 'not_in'.

Example: one_of=01GBSQF3FHF7FWZQNWGHAVQ804
object

Filter on an incident role. Role ID should be sent, followed by the operator and values. The accepted operators are 'one_of', 'is_blank'.

Example: 01GBSQF3FHF7FWZQNWGHAVQ804=[object Object]
object

Filter on an incident custom field. Custom field ID should be sent, followed by the operator and values. Accepted operator will depend on the custom field type.

Example: 01GBSQF3FHF7FWZQNWGHAVQ804=[object Object]
object

Filter on incident mode. The accepted operator is 'one_of'. If this is not provided, this value defaults to {"one_of": ["standard", "retrospective"] }, meaning that test and tutorial incidents are not included.

Example: one_of=retrospective
Responses
200

OK response.

get/v2/incidents
Request samples 
Response samples 
application/json
{
  • "incidents": [
    ],
  • "pagination_meta": {
    }
}
Create Incidents V2
Create a new incident.


Note that if the incident mode is set to "retrospective" then the new incident
will not be announced in Slack.


Request 
Request Body schema: application/json
required
Array of objects (CustomFieldEntryPayloadV2) 
Set the incident's custom fields to these values


 
id
string
Unique identifier for the incident


 
idempotency_key
required
string
Unique string used to de-duplicate incident create requests


 
Array of objects (IncidentRoleAssignmentPayloadV2) 
Assign incident roles to these people


 
incident_status_id
string
Incident status to assign to the incident


 
Array of objects (IncidentTimestampValuePayloadV2) 
Assign the incident's timestamps to these values


 
incident_type_id
string
Incident type to create this incident as


 
mode
string
Whether the incident is real, a test, a tutorial, or importing as a retrospective incident


 Enum: "standard" "retrospective" "test" "tutorial"  
name
string
Explanation of the incident


 
object (RetrospectiveIncidentOptionsV2) 
 
severity_id
string
Severity to create incident as


 
slack_channel_name_override
string
Name of the Slack channel to create for this incident


 
slack_team_id
string
Slack Team to create the incident in


 
summary
string
Detailed description of the incident


 
visibility
required
string
Whether the incident should be open to anyone in your Slack workspace (public), or invite-only (private). For more information on Private Incidents see our help centre.


 Enum: "public" "private"  
Responses 
200
OK response.


post/v2/incidents
Request samples 
application/json
{
  • "custom_field_entries": [
    ],
  • "id": "01FDAG4SAP5TYPT98WGR2N7W91",
  • "idempotency_key": "alert-uuid",
  • "incident_role_assignments": [
    ],
  • "incident_status_id": "01G0J1EXE7AXZ2C93K61WBPYEH",
  • "incident_timestamp_values": [
    ],
  • "incident_type_id": "01FH5TZRWMNAFB0DZ23FD1TV96",
  • "mode": "standard",
  • "name": "Our database is sad",
  • "retrospective_incident_options": {},
  • "severity_id": "01FH5TZRWMNAFB0DZ23FD1TV96",
  • "slack_channel_name_override": "inc-123-database-down",
  • "slack_team_id": "T02A1FSLE8J",
  • "summary": "Our database is really really sad, and we don't know why yet.",
  • "visibility": "public"
}
Response samples 
application/json
{
  • "incident": {
    }
}
Show Incidents V2
Get a single incident.


The ID supplied can be either the incident's full ID, or the numeric part of its
reference. For example, to get INC-123, you could use either its full ID or:


    curl \
        --get 'https://api.incident.io/v2/incidents/123



Request 
path Parameters
id
required
string
Unique identifier for the incident


 
 Example:  01FDAG4SAP5TYPT98WGR2N7W91
Responses 
200
OK response.


get/v2/incidents/{id}
Request samples 
Response samples 
application/json
{
  • "incident": {
    }
}
Edit Incidents V2
Edit an existing incident.


This endpoint allows you to edit the properties of an existing incident: e.g. set the severity or update custom fields.


When using this endpoint, only fields that are provided will be edited (omitted fields
will be ignored).


Request 
path Parameters
id
required
string
The unique identifier of the incident that you want to edit


 
 Example:  01G18REBY9AYH6CMWCJ2CVCYCH
Request Body schema: application/json
required
required
object (IncidentEditPayloadV2) 
 
notify_incident_channel
required
boolean
Should we send Slack channel notifications to inform responders of this update? Note that this won't work if the Slack channel has already been archived.


 
Responses 
200
OK response.


post/v2/incidents/{id}/actions/edit
Request samples 
application/json
{
  • "incident": {
    },
  • "notify_incident_channel": true
}
Response samples 
application/json
{
  • "incident": {
    }
}
➔ Next to Schedules V2