Incidents API
The Incidents API gives you programmatic, read-only access to the incidents recorded for your monitors and servers. Use it to pull the current incident state into dashboards, alerting pipelines, or audit tooling.
Incidents are created and managed three ways:
- Automatically when a monitor goes down or the anomaly detector flags a server.
- Manually from Dashboard β Incidents.
The REST API exposes list and get operations only. Creating, updating, acknowledging, and resolving incidents are performed in the dashboard (see Managing incidents below).
Base URL and version
All endpoints live under the /v1 prefix on the API host:
https://api.statusradar.dev/v1
https://statusradar.dev/v1 is an accepted alias.
Authentication
The Incidents API is part of the User API and authenticates with a user API token sent as a Bearer token:
Authorization: Bearer YOUR_API_TOKEN
Generate a token at Dashboard β Settings β API. Tokens are scoped to the resources your account and team own β you only ever see incidents for entities you have access to. Clients that cannot set the Authorization header may use the X-API-Token: YOUR_API_TOKEN header instead.
See API Authentication for full details.
Rate limiting
User API requests are limited to 60 requests per minute per token. When you exceed the limit the API responds with HTTP 429 and a Retry-After: 60 header. Back off and retry.
Endpoints
| Method | Path | Description |
|---|---|---|
GET |
/v1/incidents |
List incidents |
GET |
/v1/incidents/{id} |
Get a single incident with its updates |
List incidents
GET /v1/incidents
Returns the incidents visible to your token, most recent first.
Query parameters
| Parameter | Type | Description |
|---|---|---|
status |
string | Filter by status. active returns everything not yet resolved. Accepts a single status value (see Status). Default: all. |
severity |
string | Filter by severity (see Severity). Default: all. |
entity_type |
string | Filter by affected entity: monitor or server. Default: all. |
detection |
string | Filter by how the incident was detected: manual or anomaly. Default: all. |
search |
string | Match against incident title or entity name. |
page |
integer | Page number, starting at 1. Default: 1. |
Example request
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
"https://api.statusradar.dev/v1/incidents?status=active&severity=critical"
Example response
{
"success": true,
"data": [
{
"id": 482,
"entity_type": "monitor",
"entity_id": 117,
"entity_name": "API Gateway",
"entity_target": "https://api.example.com/health",
"title": "API Gateway is down",
"description": "Health check returned 503 from all probe locations.",
"severity": "critical",
"status": "investigating",
"detection_source": "monitor",
"started_at": "2026-06-23T09:14:02Z",
"resolved_at": null,
"duration_minutes": 27
}
],
"page": 1,
"total": 1,
"total_pages": 1
}
Get an incident
GET /v1/incidents/{id}
Returns a single incident, including its chronological updates. For monitor incidents the response also includes the check results recorded during the incident window. Returns 404 if the incident does not exist or is not visible to your token.
Example request
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
https://api.statusradar.dev/v1/incidents/482
Example response
{
"success": true,
"data": {
"id": 482,
"entity_type": "monitor",
"entity_id": 117,
"entity_name": "API Gateway",
"entity_target": "https://api.example.com/health",
"title": "API Gateway is down",
"description": "Health check returned 503 from all probe locations.",
"severity": "critical",
"status": "monitoring",
"detection_source": "monitor",
"started_at": "2026-06-23T09:14:02Z",
"resolved_at": null,
"duration_minutes": 41,
"updates": [
{
"id": 1204,
"status": "monitoring",
"message": "Rolled back the bad deploy; error rate is dropping.",
"user_name": "Jane Ops",
"created_at": "2026-06-23T09:48:00Z"
},
{
"id": 1201,
"status": "investigating",
"message": "Confirmed 503s across all locations, investigating.",
"user_name": "Jane Ops",
"created_at": "2026-06-23T09:16:00Z"
}
]
}
}
Incident fields
| Field | Type | Description |
|---|---|---|
id |
integer | Incident ID. |
entity_type |
string | The affected entity type: monitor or server. |
entity_id |
integer | ID of the affected monitor or server. |
entity_name |
string | Display name of the affected entity. |
entity_target |
string | The monitor target URL, or the server hostname. |
title |
string | Short incident title. |
description |
string | Longer description of the incident. |
severity |
string | Impact level (see Severity). |
status |
string | Current lifecycle status (see Status). |
detection_source |
string | How the incident was opened: manual (created in the dashboard) or anomaly (ML detection). Monitor down-events are opened automatically by the monitoring pipeline. |
started_at |
datetime | When the incident began. |
resolved_at |
datetime / null | When the incident was resolved, or null while open. |
duration_minutes |
integer | Elapsed minutes from started_at to resolved_at (or now, if still open). |
updates |
array | Chronological status updates (newest first). Present on the single-incident response. |
Update object
| Field | Type | Description |
|---|---|---|
id |
integer | Update ID. |
status |
string | Incident status set by this update. |
message |
string | Human-written note. |
user_name |
string / null | Author of the update. |
created_at |
datetime | When the update was posted. |
Severity
| Value | Meaning |
|---|---|
critical |
Full outage / severe impact. |
major |
Significant degradation. |
minor |
Limited or partial impact. |
warning |
Early signal, no confirmed outage. |
info |
Informational. |
Manually created incidents accept minor, major, and critical. warning and info are used by automatic and anomaly-detected incidents.
Status
Incidents follow this lifecycle:
| Value | Meaning |
|---|---|
investigating |
The issue is acknowledged and being looked into. |
identified |
Root cause identified. |
monitoring |
A fix is applied and being observed. |
resolved |
The incident is closed. |
A status filter of active matches every incident whose status is not resolved.
Managing incidents
The REST API is read-only. To create, update, acknowledge, or resolve incidents, use the dashboard at Dashboard β Incidents (/dashboard/incidents):
- Create β open an incident manually against one of your monitors with a title, description, severity, and initial status.
- Update β post a status update with a message; setting the status to
resolvedcloses the incident. - Acknowledge β mark an active incident as being handled.
- Resolve β close the incident and restore the entity to a healthy state.
When a monitor recovers, its open incident is resolved automatically.
Error responses
Errors return a non-2xx status with a JSON body:
{
"success": false,
"error": "Invalid token",
"message": "The provided API token is invalid or has been revoked"
}
| Status | Meaning |
|---|---|
401 |
Missing, invalid, or revoked token. |
404 |
Incident not found or not visible to your token. |
429 |
Rate limit exceeded (60 requests/minute). |
500 |
Server error. |
Next Steps
- API Authentication β token types and how to send them
- API Overview β the full API surface
- Alerts overview β turn incidents into notifications
- Anomaly detection β how server incidents are detected