Incidents¶
GET /v1/incidents¶
List incidents for your account. Returns up to 50 incidents, defaulting to the last 7 days.
curl "https://api.noctuary.io/v1/incidents?since=2026-05-01T00:00:00Z" \
-H "Authorization: Bearer noc_ro_your_key"
Query parameters¶
| Parameter | Format | Default | Description |
|---|---|---|---|
since |
ISO 8601 | 7 days ago | Only return incidents triggered after this time |
service |
string | — | Filter by service name |
Response: 200 OK
[
{
"id": "f3a91b2c-...",
"tenant_id": "5f0bfa6c-...",
"service_id": "a8d4e91c-...",
"triggered_at": "2026-05-31T02:14:41Z",
"hypothesis": "Deploy sha=a4f2c1 to payments-api rolled out 4 minutes before onset",
"recommended_action": "Roll back to sha=f8b3e22",
"confidence": 0.94,
"external_ref": "PD-12345",
"external_source": "pagerduty",
"posted_back": true,
"resolved_at": null,
"engineer_confirmed": null,
"created_at": "2026-05-31T02:14:52Z"
}
]
GET /v1/incidents/{id}¶
Get a single incident with full detail including the context snapshot.
Response: 200 OK — same shape as list item, with context_snapshot populated.
The context_snapshot field contains the full state window at the time the incident was diagnosed — the exact evidence the LLM used to produce the hypothesis.
PUT /v1/incidents/{id}/feedback¶
Record whether an engineer confirmed or rejected the diagnosis. This feeds back into the causal vector store to improve future correlations.
curl -X PUT https://api.noctuary.io/v1/incidents/{id}/feedback \
-H "Authorization: Bearer noc_ro_your_key" \
-H "Content-Type: application/json" \
-d '{"confirmed": true}'
Response: 204 No Content
Request body¶
| Field | Type | Description |
|---|---|---|
confirmed |
boolean | true if the diagnosis was correct, false if wrong |
Tip
Marking incidents as confirmed or wrong is the most valuable feedback you can give. Confirmed diagnoses are stored as causal patterns and improve accuracy for similar incidents in future.