Authentication
API keys are scoped (read-only or read-write) and managed under Settings → API Keys in the Infrawatch dashboard. Keys are stored as salted hashes — retrieve the raw value once on creation. Pass the key in the Authorization header on every request:
bash
$ curl https://api.infrawtch.com/v1/incidents \
-H "Authorization: Bearer iwtch_live_xxxxxxxxxxxx"Incidents
| Method | Endpoint | Description |
|---|---|---|
| GET | /incidents |
List all incidents. Supports ?status=open|closed&limit=50&offset=0. |
| GET | /incidents/{id} |
Get a single incident with full signal list and correlation metadata. |
| POST | /incidents/{id}/acknowledge |
Mark an incident acknowledged. Body: {"user": "ops-team"}. |
| POST | /incidents/{id}/resolve |
Close an incident. Body: {"resolution_note": "..."}. |
Signals
| Method | Endpoint | Description |
|---|---|---|
| GET | /signals |
List raw signals. Supports ?service=&type=trace|metric|log&from=&to=. |
| GET | /signals/{id} |
Get a single signal with its incident correlation ID (if assigned). |
| GET | /incidents/{id}/signals |
List all signals grouped under a specific incident. |
Integrations
| Method | Endpoint | Description |
|---|---|---|
| GET | /integrations |
List configured integrations and their status. |
| POST | /integrations |
Create a new integration. Body varies by type. |
| DELETE | /integrations/{id} |
Remove an integration. |
Example response — GET /incidents
JSON response
{
"incidents": [
{
"id": ,
"status": ,
"signal_count": ,
"root_service": ,
"opened_at":
}
],
"total": ,
"limit":
}