List
List all incidents for an organisation.
This endpoint supports a number of filters, which can help find incidents matching certain criteria.
Filters are provided as query parameters, but due to the dynamic nature of what you can query by (different accounts have different custom fields, statuses, etc) they are more complex than most.
The maximum page size that can be requested is 250.
To help, here are some exemplar curl requests with a human description of what they search for.
Note that:
- Filters may be combined using the filter_mode parameter: ‘all’ (default) requires all filters to match (AND logic), while ‘any’ requires at least one filter to match (OR logic).
- IDs are normally in UUID format, but have been replaced with shorter strings to improve readability.
- All query parameters must be URI encoded.
By status
With status of id=ABC, find all incidents that are set to that status:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘status[one_of]=ABC’
Or all incidents that are not set to status with id=ABC:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘status[not_in]=ABC’
By created_at or updated_at
Find all incidents that follow specified date parameters for created_at and updated_at fields. Possible values are “gte” (greater than or equal to), “lte” (less than or equal to), and “date_range” (between two dates). The following example finds all incidents created before or on 2021-01-02T00:00:00Z:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘created_at[lte]=2021-01-02’
To find incidents created within a specific date range, use the date_range option with tilde-separated dates:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘created_at[date_range]=2024-12-02~2024-12-08’
By status category
Find all incidents that are in a status category. Possible values are “triage”, “declined”, “merged”, “canceled”, “live”, “learning” and “closed”:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘status_category[one_of]=live’
Or all incidents that are not in a status category:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘status_category[not_in]=live’
By severity
With severity of id=ABC, find all incidents that are set to that severity:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘severity[one_of]=ABC’
Or all incidents where severity rank is greater-than-or-equal-to the rank of severity id=ABC:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘severity[gte]=ABC’
Or all incidents where severity rank is less-than-or-equal-to the rank of severity id=ABC:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘severity[lte]=ABC’
By incident type
With incident type of id=ABC, find all incidents that are of that type:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘incident_type[one_of]=ABC’
Or all incidents not of that type:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘incident_type[not_in]=ABC’
By incident mode
By default, we return standard and retrospective incidents. This means that test and tutorial incidents are filtered out. To override this behaviour, you can use the mode filter to specify which modes you want to get.
To find incidents of all modes:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘mode[one_of]=standard&mode[one_of]=retrospective&mode[one_of]=test&mode[one_of]=tutorial’
To find just test incidents:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘mode[one_of]=test’
By incident role
Roles and custom fields have another nested layer in the query parameter, to account for operations against any of the roles or custom fields created in the account.
With incident role id=ABC, find all incidents where that role is unset:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘incident_role[ABC][is_set]=true’
Or where the role has been set:
curl —get ‘https://api.incident.io/v2/incidents’
—data ‘incident_role[ABC][is_set]=false’
By option custom fields
With an option custom field id=ABC, all incidents that have field ABC set to the custom field option of id=XYZ:
curl
—get ‘https://api.incident.io/v2/incidents’
—data ‘custom_field[ABC][one_of]=XYZ’
Or all incidents that do not have custom field id=ABC set to option id=XYZ:
curl
—get ‘https://api.incident.io/v2/incidents’
—data ‘custom_field[ABC][not_in]=XYZ’
Query Parameters
Integer number of records to return
x <= 50025
An incident's ID. This endpoint will return a list of incidents after this ID in relation to the API response order.
"01FDAG4SAP5TYPT98WGR2N7W91"
How to combine the filters: 'all' combines them with AND logic (all must match), 'any' combines them with OR logic (any can match). Defaults to 'all'.
all, any "all"
Filter on incident status. The accepted operators are 'one_of', or 'not_in'.
{ "one_of": ["01GBSQF3FHF7FWZQNWGHAVQ804"] }Filter on the category of the incidents status. The accepted operators are 'one_of', or 'not_in'.
{ "one_of": ["active"] }Filter on incident created at timestamp. The accepted operators are 'gte', 'lte' and 'date_range'.
{ "created_at[gte]": ["2024-05-01"] }Filter on incident updated at timestamp. The accepted operators are 'gte', 'lte' and 'date_range'.
{ "updated_at[gte]": ["2024-05-01"] }Filter on incident severity. The accepted operators are 'one_of', 'not_in', 'gte', 'lte'.
{ "one_of": ["01GBSQF3FHF7FWZQNWGHAVQ804"] }Filter on incident type. The accepted operators are 'one_of, or 'not_in'.
{ "one_of": ["01GBSQF3FHF7FWZQNWGHAVQ804"] }Filter on an incident role. Role ID should be sent, along with backlink attribute ID (if needed) followed by the operator and values. The accepted operators are 'one_of', 'is_blank'.
{
"01GBSQF3FHF7FWZQNWGHAVQ804": {
"one_of": [
"01GBSQF3FHF7FWZQNWGHAVQ804",
"01ET65M7ZARSFZ6TFDFVQDN9AA"
]
}
}Filter on an incident custom field. Custom field ID should be sent, followed by the operator and values. Accepted operator will depend on the custom field type.
{
"01GBSQF3FHF7FWZQNWGHAVQ804": {
"one_of": [
"01GBSQF3FHF7FWZQNWGHAVQ804",
"01ET65M7ZARSFZ6TFDFVQDN9AA"
]
}
}Filter on incident mode. The accepted operator is 'one_of'. If this is not provided, this value defaults to {"one_of": ["standard", "retrospective"] }, meaning that test and tutorial incidents are not included.
{ "one_of": ["retrospective"] }Response
OK response.
[
{
"call_url": "https://zoom.us/foo",
"created_at": "2021-08-17T13:28:57.801578Z",
"creator": {
"alert": {
"id": "01GW2G3V0S59R238FAHPDS1R66",
"title": "*errors.withMessage: PG::Error failed to connect"
},
"api_key": {
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"name": "My test API key"
},
"user": {
"email": "lisa@incident.io",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"name": "Lisa Karlin Curtis",
"role": "viewer",
"slack_user_id": "U02AYNF2XJM"
},
"workflow": {
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"name": "My little workflow"
}
},
"custom_field_entries": [
{
"custom_field": {
"description": "Which team is impacted by this issue",
"field_type": "single_select",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"name": "Affected Team",
"options": [
{
"custom_field_id": "01FCNDV6P870EA6S7TK1DSYDG0",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"sort_key": 10,
"value": "Product"
}
]
},
"values": [
{
"value_catalog_entry": {
"aliases": ["lawrence@incident.io", "lawrence"],
"external_id": "761722cd-d1d7-477b-ac7e-90f9e079dc33",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"name": "Primary On-call"
},
"value_link": "https://google.com/",
"value_numeric": "123.456",
"value_option": {
"custom_field_id": "01FCNDV6P870EA6S7TK1DSYDG0",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"sort_key": 10,
"value": "Product"
},
"value_text": "This is my text field, I hope you like it"
}
]
}
],
"duration_metrics": [
{
"duration_metric": {
"id": "01FCNDV6P870EA6S7TK1DSYD5H",
"name": "Lasted"
},
"value_seconds": 10800
}
],
"external_issue_reference": {
"issue_name": "INC-123",
"issue_permalink": "https://linear.app/incident-io/issue/INC-1609/find-copywriter-to-write-up",
"provider": "asana"
},
"has_debrief": false,
"id": "01FDAG4SAP5TYPT98WGR2N7W91",
"incident_role_assignments": [
{
"assignee": {
"email": "lisa@incident.io",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"name": "Lisa Karlin Curtis",
"role": "viewer",
"slack_user_id": "U02AYNF2XJM"
},
"role": {
"created_at": "2021-08-17T13:28:57.801578Z",
"description": "The person currently coordinating the incident",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"instructions": "Take point on the incident; Make sure people are clear on responsibilities",
"name": "Incident Lead",
"required": false,
"role_type": "lead",
"shortform": "lead",
"updated_at": "2021-08-17T13:28:57.801578Z"
}
}
],
"incident_status": {
"category": "triage",
"created_at": "2021-08-17T13:28:57.801578Z",
"description": "Impact has been **fully mitigated**, and we're ready to learn from this incident.",
"id": "01FCNDV6P870EA6S7TK1DSYD5H",
"name": "Closed",
"rank": 4,
"updated_at": "2021-08-17T13:28:57.801578Z"
},
"incident_timestamp_values": [
{
"incident_timestamp": {
"id": "01FCNDV6P870EA6S7TK1DSYD5H",
"name": "Impact started",
"rank": 1
},
"value": { "value": "2021-08-17T13:28:57.801578Z" }
}
],
"incident_type": {
"create_in_triage": "always",
"created_at": "2021-08-17T13:28:57.801578Z",
"description": "Customer facing production outages",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"is_default": false,
"name": "Production Outage",
"private_incidents_only": false,
"updated_at": "2021-08-17T13:28:57.801578Z"
},
"mode": "standard",
"name": "Our database is sad",
"permalink": "https://app.incident.io/incidents/123",
"postmortem_document_url": "https://docs.google.com/my_doc_id",
"reference": "INC-123",
"severity": {
"created_at": "2021-08-17T13:28:57.801578Z",
"description": "Issues with **low impact**.",
"id": "01FCNDV6P870EA6S7TK1DSYDG0",
"name": "Minor",
"rank": 1,
"updated_at": "2021-08-17T13:28:57.801578Z"
},
"slack_channel_id": "C02AW36C1M5",
"slack_channel_name": "inc-165-green-parrot",
"slack_team_id": "T02A1FSLE8J",
"summary": "Our database is really really sad, and we don't know why yet.",
"updated_at": "2021-08-17T13:28:57.801578Z",
"visibility": "public",
"workload_minutes_late": 40.7,
"workload_minutes_sleeping": 0,
"workload_minutes_total": 60.7,
"workload_minutes_working": 20
}
]{
"after": "01FCNDV6P870EA6S7TK1DSYDG0",
"page_size": 25,
"total_record_count": 238
}