Incidents API

The Incidents API gives you programmatic, read-only access to the incidents recorded for your monitors and servers. Use it to pull the current incident state into dashboards, alerting pipelines, or audit tooling.

Incidents are created and managed three ways:

  • Automatically when a monitor goes down or the anomaly detector flags a server.
  • Manually from Dashboard β†’ Incidents.

The REST API exposes list and get operations only. Creating, updating, acknowledging, and resolving incidents are performed in the dashboard (see Managing incidents below).

Base URL and version

All endpoints live under the /v1 prefix on the API host:

https://api.statusradar.dev/v1

https://statusradar.dev/v1 is an accepted alias.

Authentication

The Incidents API is part of the User API and authenticates with a user API token sent as a Bearer token:

Authorization: Bearer YOUR_API_TOKEN

Generate a token at Dashboard β†’ Settings β†’ API. Tokens are scoped to the resources your account and team own β€” you only ever see incidents for entities you have access to. Clients that cannot set the Authorization header may use the X-API-Token: YOUR_API_TOKEN header instead.

See API Authentication for full details.

Rate limiting

User API requests are limited to 60 requests per minute per token. When you exceed the limit the API responds with HTTP 429 and a Retry-After: 60 header. Back off and retry.

Endpoints

Method Path Description
GET /v1/incidents List incidents
GET /v1/incidents/{id} Get a single incident with its updates

List incidents

GET /v1/incidents

Returns the incidents visible to your token, most recent first.

Query parameters

Parameter Type Description
status string Filter by status. active returns everything not yet resolved. Accepts a single status value (see Status). Default: all.
severity string Filter by severity (see Severity). Default: all.
entity_type string Filter by affected entity: monitor or server. Default: all.
detection string Filter by how the incident was detected: manual or anomaly. Default: all.
search string Match against incident title or entity name.
page integer Page number, starting at 1. Default: 1.

Example request

curl -H "Authorization: Bearer YOUR_API_TOKEN" \
  "https://api.statusradar.dev/v1/incidents?status=active&severity=critical"

Example response

{
  "success": true,
  "data": [
    {
      "id": 482,
      "entity_type": "monitor",
      "entity_id": 117,
      "entity_name": "API Gateway",
      "entity_target": "https://api.example.com/health",
      "title": "API Gateway is down",
      "description": "Health check returned 503 from all probe locations.",
      "severity": "critical",
      "status": "investigating",
      "detection_source": "monitor",
      "started_at": "2026-06-23T09:14:02Z",
      "resolved_at": null,
      "duration_minutes": 27
    }
  ],
  "page": 1,
  "total": 1,
  "total_pages": 1
}

Get an incident

GET /v1/incidents/{id}

Returns a single incident, including its chronological updates. For monitor incidents the response also includes the check results recorded during the incident window. Returns 404 if the incident does not exist or is not visible to your token.

Example request

curl -H "Authorization: Bearer YOUR_API_TOKEN" \
  https://api.statusradar.dev/v1/incidents/482

Example response

{
  "success": true,
  "data": {
    "id": 482,
    "entity_type": "monitor",
    "entity_id": 117,
    "entity_name": "API Gateway",
    "entity_target": "https://api.example.com/health",
    "title": "API Gateway is down",
    "description": "Health check returned 503 from all probe locations.",
    "severity": "critical",
    "status": "monitoring",
    "detection_source": "monitor",
    "started_at": "2026-06-23T09:14:02Z",
    "resolved_at": null,
    "duration_minutes": 41,
    "updates": [
      {
        "id": 1204,
        "status": "monitoring",
        "message": "Rolled back the bad deploy; error rate is dropping.",
        "user_name": "Jane Ops",
        "created_at": "2026-06-23T09:48:00Z"
      },
      {
        "id": 1201,
        "status": "investigating",
        "message": "Confirmed 503s across all locations, investigating.",
        "user_name": "Jane Ops",
        "created_at": "2026-06-23T09:16:00Z"
      }
    ]
  }
}

Incident fields

Field Type Description
id integer Incident ID.
entity_type string The affected entity type: monitor or server.
entity_id integer ID of the affected monitor or server.
entity_name string Display name of the affected entity.
entity_target string The monitor target URL, or the server hostname.
title string Short incident title.
description string Longer description of the incident.
severity string Impact level (see Severity).
status string Current lifecycle status (see Status).
detection_source string How the incident was opened: manual (created in the dashboard) or anomaly (ML detection). Monitor down-events are opened automatically by the monitoring pipeline.
started_at datetime When the incident began.
resolved_at datetime / null When the incident was resolved, or null while open.
duration_minutes integer Elapsed minutes from started_at to resolved_at (or now, if still open).
updates array Chronological status updates (newest first). Present on the single-incident response.

Update object

Field Type Description
id integer Update ID.
status string Incident status set by this update.
message string Human-written note.
user_name string / null Author of the update.
created_at datetime When the update was posted.

Severity

Value Meaning
critical Full outage / severe impact.
major Significant degradation.
minor Limited or partial impact.
warning Early signal, no confirmed outage.
info Informational.

Manually created incidents accept minor, major, and critical. warning and info are used by automatic and anomaly-detected incidents.

Status

Incidents follow this lifecycle:

Value Meaning
investigating The issue is acknowledged and being looked into.
identified Root cause identified.
monitoring A fix is applied and being observed.
resolved The incident is closed.

A status filter of active matches every incident whose status is not resolved.

Managing incidents

The REST API is read-only. To create, update, acknowledge, or resolve incidents, use the dashboard at Dashboard β†’ Incidents (/dashboard/incidents):

  • Create β€” open an incident manually against one of your monitors with a title, description, severity, and initial status.
  • Update β€” post a status update with a message; setting the status to resolved closes the incident.
  • Acknowledge β€” mark an active incident as being handled.
  • Resolve β€” close the incident and restore the entity to a healthy state.

When a monitor recovers, its open incident is resolved automatically.

Error responses

Errors return a non-2xx status with a JSON body:

{
  "success": false,
  "error": "Invalid token",
  "message": "The provided API token is invalid or has been revoked"
}
Status Meaning
401 Missing, invalid, or revoked token.
404 Incident not found or not visible to your token.
429 Rate limit exceeded (60 requests/minute).
500 Server error.

Next Steps