REST API

Incidents

Incidents are automatically created by the risk worker when anomaly thresholds are exceeded. You can also create them manually. Incidents are broadcast over WebSocket when created or updated.

Incident lifecycle

open→investigating→resolved

GET/incidents

List incidents for the authenticated organization. Optionally filter by status or project.

Auth:JWT Session (cookie)

Query Parameters

Name	Type	Required	Description
`project_id`	string	optional	Filter incidents to a specific project.
`status`	"open" \| "investigating" \| "resolved"	optional	Filter by incident status.
`limit`	number	optional	Maximum number of incidents to return. Defaults to 50.

HTTP/1.1 200 OK

[
  {
    "id": "inc_01HX...",
    "title": "Elevated 5xx error rate",
    "status": "open",
    "severity": "critical",
    "projectId": "proj_01HX...",
    "organizationId": "org_01HX...",
    "eventCount": 47,
    "openedAt": "2026-03-12T18:40:00.000Z",
    "resolvedAt": null
  }
]

POST/incidents

Manually create an incident. Useful for flagging known outages or maintenance windows.

Auth:JWT Session (cookie)

Creating an incident via the API triggers a real-time incident_created WebSocket event for all connected dashboard clients in the organization.

Request Body

Name	Type	Required	Description
`title`	string	required	Short description of the incident.
`severity`	"info" \| "warn" \| "error" \| "critical"	required	Incident severity.
`projectId`	string	required	Project this incident belongs to.
`status`	"open" \| "investigating"	optional	Initial status. Defaults to open.

POST /incidents HTTP/1.1
Content-Type: application/json

{
  "title": "Payment service degraded",
  "severity": "error",
  "projectId": "proj_01HX..."
}

HTTP/1.1 201 Created

{
  "id": "inc_02HX...",
  "title": "Payment service degraded",
  "status": "open",
  "severity": "error",
  "projectId": "proj_01HX...",
  "organizationId": "org_01HX...",
  "eventCount": 0,
  "openedAt": "2026-03-13T12:00:00.000Z",
  "resolvedAt": null
}