> ## Documentation Index > Fetch the complete documentation index at: https://docs.incident.io/llms.txt > Use this file to discover all available pages before exploring further. # List > List all alerts for your account. ```bash ``` This endpoint supports a number of filters, which can help find alerts matching certain criteria. These filters work similarly to the filters on the incidents endpoint, where a field is specified alongside a comparison operator in the query string. Note that: - Filters may be used together, and the result will be alerts that match all filters. - All query parameters must be URI encoded. ### By deduplication_key Find all alerts with deduplication_key ABC: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'deduplication_key[is]=ABC' ``` ### By status Find all alerts in a firing state: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'status[one_of]=firing' ``` ### By alert_source Find all alerts from a specific alert source (by alert source ID): ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'alert_source[one_of]=01GBSQF3FHF7FWZQNWGHAVQ804' ``` Find all alerts not from a specific alert source: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'alert_source[not_in]=01GBSQF3FHF7FWZQNWGHAVQ804' ``` ### By created_at Find all alerts that follow specified date parameters for created_at field. Possible values are "gte" (greater than or equal to), "lte" (less than or equal to), and "date_range" (between two dates). The following example finds all alerts created after 2025-01-01: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'created_at[gte]=2025-01-01' ``` To find alerts created within a specific date range, use the date_range option with tilde-separated dates: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'created_at[date_range]=2024-12-02~2024-12-08' ``` ### Maintenance windows By default, all alerts are returned including those held by a maintenance window. To exclude alerts that are held by a maintenance window: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'include_maintenance_window[is]=false' ``` ## OpenAPI ````yaml /openapi/tags/alerts-v2.json get /v2/alerts openapi: 3.0.3 info: description: "This is the API reference for incident.io.\n\nIt documents available API endpoints, provides examples of how to use it, and\ninstructions around things like authentication and error handling.\n\nThe API is hosted at:\n\n- https://api.incident.io/\n\nAnd you will need to create an API key via your [incident.io\ndashboard](https://app.incident.io/settings/api-keys) to make requests.\n\n# Making requests\n\nHere are the key concepts required to make requests to the incident.io API.\n\n## Authentication\n\nFor all requests made to the incident.io API, you'll need an API key.\n\nTo create an API key, head to the incident dashboard and visit [API\nkeys](https://app.incident.io/settings/api-keys). When you create the key, you'll be able to choose what actions it\ncan take for your account: choose carefully, as those roles can only be set\nwhen you first create the key. We'll only show you the token once, so make sure\nyou store it somewhere safe.\n\nAPI keys are global to your incident.io account, and can be managed by anyone\nwho has the right permissions. We display the user that created the API key,\nand the API key will remain valid if that user becomes deactivated.\n\nOnce you have the key, you should make requests to the API that set the\n`Authorization` request header using a \"Bearer\" authentication scheme:\n\n```\nAuthorization: Bearer \n```\n\n## Rate Limits\n\nThe incident.io API enforces rate limits to ensure consistent performance for all users.\n\nThe default rate limit is 1200 requests/minute per API key. This limit applies to most endpoints across the API.\n\nSome endpoints have lower rate limits, particularly those that interact with external third-party systems that impose\ntheir own limitations. These specific limits vary by endpoint, and we recommend relying on the rate-limit error\nresponses to understand usage patterns and implement appropriate retry strategies.\n\nWhen you exceed a rate limit, the API will respond with a `429 Too Many Requests` status code, along with a JSON\nresponse that includes information about the limit and when you can retry:\n\n```json\n{\n \"type\": \"too_many_requests\",\n \"status\": 429,\n \"request_id\": \"b839a403-7704-41c1-bf6a-39a2d68caefa\",\n \"rate_limit\": {\n \"name\": \"api_key_name\",\n \"limit\": 1200,\n \"remaining\": 0,\n \"retry_after\": \"Thu, 17 Apr 2025 11:17:18 UTC\"\n },\n \"errors\": [\n {\n \"code\": \"too_many_requests\",\n \"message\": \"Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.\"\n }\n ]\n}\n```\n\nThe response includes:\n* The name of the API key (`name`)\n* The bucket limit (`limit`)\n* The number of requests remaining (`remaining`)\n* When you can retry requests (`retry_after`)\n\n## Errors\n\nWe use standard HTTP response codes to indicate the status or failure of API\nrequests.\n\nThe API response body will be JSON, and contain more detailed information on the\nnature of the error.\n\nAn example error when a request is made without an API key:\n\n```json\n{\n \"type\": \"authentication_error\",\n \"status\": 401,\n \"request_id\": \"8e3cc412-b49d-4957-9073-2c19d2c61804\",\n \"errors\": [\n {\n \"code\": \"missing_authorization_material\",\n \"message\": \"No authorization material provided in request\"\n }\n ]\n}\n```\n\nNote that the error:\n\n- Contains the HTTP status (`401`)\n- References the type of error (`authentication_error`)\n- Includes a `request_id` that can be provided to incident.io support to help\n\tdebug questions with your API request\n- Provides a list of individual errors, which go into detail about why the error\n\toccurred\n\nThe most common error will be a 422 Validation Error, which is returned when the\nrequest was rejected due to failing validations.\n\nThese errors look like this:\n\n```json\n{\n \"type\": \"validation_error\",\n \"status\": 422,\n \"request_id\": \"631766c4-4afd-4803-997c-cd700928fa4b\",\n \"errors\": [\n {\n \"code\": \"is_required\",\n \"message\": \"A severity is required to open an incident\",\n \"source\": {\n \"field\": \"severity_id\"\n }\n }\n ]\n}\n```\n\nThis error is caused by not providing a severity identifier, which should be at\nthe `severity_id` field of the request payload. Errors like these can be mapped to\nforms, should you be integrating with the API from a user-interface.\n\n## Compatibility\n\nWe won't make breaking changes to existing API services or endpoints, but will\nexpect integrators to upgrade themselves to the latest API endpoints within 3\nmonths of us deprecating the old service.\n\nWe will make changes that are considered backwards compatible, which include:\n\n- Adding new API endpoints and services\n- Adding new properties to responses from existing API endpoints\n- Reordering properties returned from existing API endpoints\n- Adding optional request parameters to existing API endpoints\n- Altering the format or length of IDs\n- Adding new values to enums\n\nIt is important that clients are robust to these changes, to ensure reliable\nintegrations.\n\nAs an example, if you are generating a client using an openapi-generator, ensure\nthe generated client is configured to support unknown enum values, often\nconfigured via the `enumUnknownDefaultCase` parameter.\n\nWhen breaking changes are unavoidable, we'll create a new service version on a\nseparate path, and run them in parallel.\n\nFor example:\n\n- https://api.incident.io/v1/incidents\n- https://api.incident.io/v2/incidents\n\nFor any questions, email support@incident.io.\n" title: incident.io version: 1.0.0 servers: - url: https://api.incident.io security: - BearerAuth: [] tags: - description: > Read your alerts in incident.io. Alerts are events ingested from third parties by alert sources. They can trigger incidents and escalations, as configured in alert routes. To view your alerts, you can list all alerts, or show a single alert. If you'd like to view only alerts that are currently firing, you can filter by status. To view the alert that was created for an event in your external system, filter by deduplication key. If you'd like to view alerts connected to a particular incident, you can list incident alerts. You can filter by incident_id to find all alerts attached to a particular incident, or by alert_id to find the incident that a particular alert triggered. name: Alerts V2 paths: /v2/alerts: get: tags: - Alerts V2 summary: List description: >- List all alerts for your account. ```bash ``` This endpoint supports a number of filters, which can help find alerts matching certain criteria. These filters work similarly to the filters on the incidents endpoint, where a field is specified alongside a comparison operator in the query string. Note that: - Filters may be used together, and the result will be alerts that match all filters. - All query parameters must be URI encoded. ### By deduplication_key Find all alerts with deduplication_key ABC: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'deduplication_key[is]=ABC' ``` ### By status Find all alerts in a firing state: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'status[one_of]=firing' ``` ### By alert_source Find all alerts from a specific alert source (by alert source ID): ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'alert_source[one_of]=01GBSQF3FHF7FWZQNWGHAVQ804' ``` Find all alerts not from a specific alert source: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'alert_source[not_in]=01GBSQF3FHF7FWZQNWGHAVQ804' ``` ### By created_at Find all alerts that follow specified date parameters for created_at field. Possible values are "gte" (greater than or equal to), "lte" (less than or equal to), and "date_range" (between two dates). The following example finds all alerts created after 2025-01-01: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'created_at[gte]=2025-01-01' ``` To find alerts created within a specific date range, use the date_range option with tilde-separated dates: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'created_at[date_range]=2024-12-02~2024-12-08' ``` ### Maintenance windows By default, all alerts are returned including those held by a maintenance window. To exclude alerts that are held by a maintenance window: ```bash curl --get 'https://api.incident.io/v2/alerts' \ --data 'include_maintenance_window[is]=false' ``` operationId: Alerts V2_List parameters: - allowEmptyValue: true description: Number of alerts to return per page example: 25 in: query name: page_size required: true schema: default: 25 description: Number of alerts to return per page example: 25 format: int64 maximum: 50 minimum: 1 type: integer - allowEmptyValue: true description: If provided, pass this as the 'after' param to load the next page example: 01FCNDV6P870EA6S7TK1DSYDG0 in: query name: after schema: description: If provided, pass this as the 'after' param to load the next page example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string - allowEmptyValue: true description: Filter on alert deduplication key. The accepted operator is 'is'. example: is: - 01GBSQF3FHF7FWZQNWGHAVQ804 in: query name: deduplication_key schema: additionalProperties: example: - some_value items: example: some_value type: string type: array description: Filter on alert deduplication key. The accepted operator is 'is'. example: is: - 01GBSQF3FHF7FWZQNWGHAVQ804 type: object - allowEmptyValue: true description: >- Filter on alert status. The accepted operators are 'one_of', or 'not_in'. example: one_of: - firing in: query name: status schema: additionalProperties: example: - some_value items: example: some_value type: string type: array description: >- Filter on alert status. The accepted operators are 'one_of', or 'not_in'. example: one_of: - firing type: object - allowEmptyValue: true description: >- Filter on alert source by ID. The accepted operators are 'one_of', or 'not_in'. example: one_of: - 01GBSQF3FHF7FWZQNWGHAVQ804 in: query name: alert_source schema: additionalProperties: example: - some_value items: example: some_value type: string type: array description: >- Filter on alert source by ID. The accepted operators are 'one_of', or 'not_in'. example: one_of: - 01GBSQF3FHF7FWZQNWGHAVQ804 type: object - allowEmptyValue: true description: >- Filter on alert created at timestamp. Accepted operators are 'gte', 'lte' and 'date_range'. example: gte: - '2025-01-01' in: query name: created_at schema: additionalProperties: example: - some_value items: example: some_value type: string type: array description: >- Filter on alert created at timestamp. Accepted operators are 'gte', 'lte' and 'date_range'. example: gte: - '2025-01-01' type: object - allowEmptyValue: true description: >- Filter on whether to include maintenance window alerts. The accepted operator is 'is'. example: is: - 'true' in: query name: include_maintenance_window schema: additionalProperties: example: - some_value items: example: some_value type: string type: array description: >- Filter on whether to include maintenance window alerts. The accepted operator is 'is'. example: is: - 'true' type: object responses: '200': content: application/json: example: alerts: - alert_source_id: 01GW2G3V0S59R238FAHPDS1R66 attributes: - array_value: - catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 attribute: array: false emoji: fire id: 01GW2G3V0S59R238FAHPDS1R66 name: service required: false type: CatalogEntry["01GW2G3V0S59R238FAHPDS1R67"] value: catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 created_at: '2021-08-17T13:28:57.801578Z' deduplication_key: '4293868629' description: >- CPU on the payments service has exceeded 75 percent for 5 minutes id: 01GW2G3V0S59R238FAHPDS1R66 resolved_at: '2021-08-17T14:28:57.801578Z' source_url: https://www.my-alerting-platform.com/alerts/my-alert-123 status: firing title: '*errors.withMessage: PG::Error failed to connect' updated_at: '2021-08-17T13:28:57.801578Z' pagination_meta: after: 01FCNDV6P870EA6S7TK1DSYDG0 page_size: 25 schema: $ref: '#/components/schemas/AlertsListResultV2' description: OK response. components: schemas: AlertsListResultV2: example: alerts: - alert_source_id: 01GW2G3V0S59R238FAHPDS1R66 attributes: - array_value: - catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 attribute: array: false emoji: fire id: 01GW2G3V0S59R238FAHPDS1R66 name: service required: false type: CatalogEntry["01GW2G3V0S59R238FAHPDS1R67"] value: catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 created_at: '2021-08-17T13:28:57.801578Z' deduplication_key: '4293868629' description: CPU on the payments service has exceeded 75 percent for 5 minutes id: 01GW2G3V0S59R238FAHPDS1R66 resolved_at: '2021-08-17T14:28:57.801578Z' source_url: https://www.my-alerting-platform.com/alerts/my-alert-123 status: firing title: '*errors.withMessage: PG::Error failed to connect' updated_at: '2021-08-17T13:28:57.801578Z' pagination_meta: after: 01FCNDV6P870EA6S7TK1DSYDG0 page_size: 25 properties: alerts: example: - alert_source_id: 01GW2G3V0S59R238FAHPDS1R66 attributes: - array_value: - catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 attribute: array: false emoji: fire id: 01GW2G3V0S59R238FAHPDS1R66 name: service required: false type: CatalogEntry["01GW2G3V0S59R238FAHPDS1R67"] value: catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 created_at: '2021-08-17T13:28:57.801578Z' deduplication_key: '4293868629' description: >- CPU on the payments service has exceeded 75 percent for 5 minutes id: 01GW2G3V0S59R238FAHPDS1R66 resolved_at: '2021-08-17T14:28:57.801578Z' source_url: https://www.my-alerting-platform.com/alerts/my-alert-123 status: firing title: '*errors.withMessage: PG::Error failed to connect' updated_at: '2021-08-17T13:28:57.801578Z' items: $ref: '#/components/schemas/AlertV2' type: array pagination_meta: $ref: '#/components/schemas/PaginationMetaResultV2' required: - alerts - pagination_meta type: object AlertV2: properties: alert_source_id: description: The ID of the alert source this alert fired on example: 01GW2G3V0S59R238FAHPDS1R66 type: string attributes: description: Attribute values parsed from the alerts payload example: - array_value: - catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 attribute: array: false emoji: fire id: 01GW2G3V0S59R238FAHPDS1R66 name: service required: false type: CatalogEntry["01GW2G3V0S59R238FAHPDS1R67"] value: catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 items: $ref: '#/components/schemas/AlertAttributeEntryV2' type: array created_at: description: When this entry was created example: '2021-08-17T13:28:57.801578Z' format: date-time type: string deduplication_key: description: >- A deduplication key which uniquely references this alert from your alert source. For newly created HTTP sources, this field is required. If you send an event with the same deduplication_key multiple times, only one alert will be created in incident.io for this alert source config. You can filter on this field to find the alert created by an event you've sent us. example: '4293868629' type: string description: description: The description of the alert example: CPU on the payments service has exceeded 75 percent for 5 minutes type: string id: description: The ID of this alert example: 01GW2G3V0S59R238FAHPDS1R66 type: string resolved_at: description: When this alert was resolved example: '2021-08-17T14:28:57.801578Z' format: date-time type: string source_url: description: If applicable, a link to the alert in the upstream system example: https://www.my-alerting-platform.com/alerts/my-alert-123 type: string status: description: Statuses of an alert enum: - firing - resolved example: firing type: string x-public-api-version: v2 title: description: >- The title of the alert, parsed from the alert payload according to the alert source configuration example: '*errors.withMessage: PG::Error failed to connect' type: string updated_at: description: When this alert was last updated example: '2021-08-17T13:28:57.801578Z' format: date-time type: string required: - id - alert_source_id - deduplication_key - status - title - attributes - created_at - updated_at type: object PaginationMetaResultV2: example: after: 01FCNDV6P870EA6S7TK1DSYDG0 page_size: 25 properties: after: description: If provided, pass this as the 'after' param to load the next page example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string page_size: default: 25 description: What was the maximum number of results requested example: 25 format: int64 maximum: 250 type: integer required: - page_size type: object AlertAttributeEntryV2: example: array_value: - catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 attribute: array: false emoji: fire id: 01GW2G3V0S59R238FAHPDS1R66 name: service required: false type: CatalogEntry["01GW2G3V0S59R238FAHPDS1R67"] value: catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 properties: array_value: description: The value of the attribute if it is an array example: - catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 items: $ref: '#/components/schemas/AlertAttributeValueV2' type: array attribute: $ref: '#/components/schemas/AlertAttributeV2' value: $ref: '#/components/schemas/AlertAttributeValueV2' required: - attribute type: object AlertAttributeValueV2: example: catalog_entry: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call label: Payments Team literal: SEV123 properties: catalog_entry: $ref: '#/components/schemas/AlertAttributeCatalogEntryV2' label: description: >- The human readable label of this value for convenience. Will match the literal if this is a primitive type, or be the name of the catalog entry if this is a catalog entry example: Payments Team type: string literal: description: If set, this is the literal value of the step parameter example: SEV123 type: string type: object AlertAttributeV2: properties: array: description: Whether this attribute is an array example: false type: boolean emoji: description: >- The emoji to display alongside this attribute in chat messages, stored without colons example: fire type: string id: description: The ID of this attribute example: 01GW2G3V0S59R238FAHPDS1R66 type: string name: description: Unique name of this attribute example: service type: string required: description: >- Whether this attribute is required. If this field is not set, the existing setting will be preserved. example: false type: boolean type: description: Engine resource name for this attribute example: CatalogEntry["01GW2G3V0S59R238FAHPDS1R67"] type: string required: - id - name - type - array - required type: object AlertAttributeCatalogEntryV2: example: catalog_type_id: 01FCNDV6P870EA6S7TK1DSYDG0 id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Primary On-call properties: catalog_type_id: description: ID of this catalog type example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string id: description: ID of this catalog entry example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string name: description: Name is the human readable name of this entry example: Primary On-call type: string required: - id - catalog_type_id - name type: object securitySchemes: BearerAuth: type: http scheme: bearer description: API key from your incident.io dashboard (Settings → API keys) ````