Observer
Observer

Create incidents via API

For IR automation and ChatOps integrations.

Every console action on incidents has an API equivalent. Most IR teams wire their alerting (PagerDuty, Opsgenie) or ChatOps (Slack slash commands, GitHub Actions) to file and update Observer incidents directly without an operator touching the console.

Auth

API keys are issued per organisation. Two new scopes were added in Phase 25:

  • write:incidents — create / patch / publish / resolve / delete.
  • write:maintenances — create / patch / start / complete / cancel.

Both inherit from read:incidents for retrieval.

File a new incident from a Slack slash command

curl -X POST https://use.observer/api/v1/incidents \
  -H "Authorization: Bearer obs_pub_..." \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Checkout API errors",
    "severity": "major",
    "affected_services": ["<service-uuid>"],
    "publish": true,
    "initial_message": {
      "type": "Investigating",
      "description": "Investigating elevated error rate on checkout."
    }
  }'

The response includes id, the projected lifecycle state, and the affected-service rollup. Use the id for follow-up calls.

Append a status update

curl -X POST https://use.observer/api/v1/incidents/$ID/messages \
  -H "Authorization: Bearer obs_pub_..." \
  -H "Content-Type: application/json" \
  -d '{
    "type": "Identified",
    "description": "Identified bad deploy. Rolling back."
  }'

A Resolved message auto-marks the parent incident resolved.

Resolve

curl -X POST https://use.observer/api/v1/incidents/$ID/resolve \
  -H "Authorization: Bearer obs_pub_..." \
  -H "Content-Type: application/json" \
  -d '{"description": "Rollback complete. Error rate back to baseline."}'

Schedule a maintenance window

curl -X POST https://use.observer/api/v1/maintenances \
  -H "Authorization: Bearer obs_pub_..." \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Database upgrade",
    "scheduled_start_at": "2026-06-01T02:00:00Z",
    "scheduled_end_at": "2026-06-01T04:00:00Z",
    "affected_services": ["<service-uuid>"]
  }'

Idempotency

The from-metric endpoint is dedupe-protected:

curl -X POST https://use.observer/api/v1/incidents/from-metric/$METRIC_ID \
  -H "Authorization: Bearer obs_pub_..."

Calling this twice for the same metric within 30 minutes returns the same draft incident id. Useful when an alert hook may fire duplicate webhooks.

Was this page helpful?