Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.scrubbe.com/llms.txt

Use this file to discover all available pages before exploring further.

The Incidents API is the operational core of Scrubbe. Use it to open a ticket the moment an alert fires, progress it through investigation and mitigation, attach comments and messages as responders collaborate, and finally resolve it — optionally generating a customer knowledge-base article in the same call. Once an incident is recorded, the AI endpoints surface root cause analyses, remediation steps, and pre-drafted stakeholder communications without leaving the API.
All endpoints require Authorization: Bearer <token>. Tokens are workspace-scoped and can be rotated from Settings → API Keys.
Base path: https://your-api-domain.com/api/v1/incident-ticket

Generate an incident ID

Fetch a unique, pre-formatted incident ID before creating the ticket. Use this when you need the identifier in an external system ahead of the actual record creation. GET /generate-id 
GET /api/v1/incident-ticket/generate-id
Authorization: Bearer <token>
Response 
{
  "success": true,
  "message": "ID generated",
  "data": { "id": "INC-20260522-0041" }
}
id
string
required
Unique incident identifier in the format INC-YYYYMMDD-XXXX.

Create an incident

Open a new incident ticket. summary and priority are required; all other fields are optional. POST /
summary
string
required
Short, human-readable title for the incident (e.g. "Payment service down").
priority
string
required
Severity level. One of LOW, MEDIUM, HIGH, or CRITICAL.
status
string
default:"OPEN"
Initial lifecycle status. One of OPEN, ACKNOWLEDGED, INVESTIGATION, MITIGATED, RESOLVED, or CLOSED.
source
string
Origin of the incident (e.g. "MONITORING", "CUSTOMER", "INTERNAL").
serviceArea
string
The product or service area affected (e.g. "payments").
environment
string
Target environment (e.g. "production", "staging").
region
string
Cloud or geographic region (e.g. "us-east-1").
assignedToEmail
string
Email address of the on-call engineer to assign this ticket to.
description
string
Customer-facing description of the incident.
techDescription
string
Internal technical description for the engineering team.
impactSummary
string
Brief summary of user or business impact.
blastRadius
string
Estimated scope of impact (e.g. "100% of users", "EU region only").
curl -X POST https://your-api-domain.com/api/v1/incident-ticket \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "summary": "Payment service down",
    "priority": "CRITICAL",
    "status": "OPEN",
    "source": "MONITORING",
    "serviceArea": "payments",
    "environment": "production",
    "region": "us-east-1",
    "assignedToEmail": "oncall@example.com",
    "description": "Customers cannot complete checkout.",
    "techDescription": "stripe-service pod crash-looping in k8s cluster.",
    "impactSummary": "100% of checkout requests failing since 14:32 UTC.",
    "blastRadius": "100% of users"
  }'
Response 
{
  "success": true,
  "message": "Incident created",
  "data": {
    "id": "INC-20260522-0041",
    "summary": "Payment service down",
    "priority": "CRITICAL",
    "status": "OPEN",
    "createdAt": "2026-05-22T14:33:00Z"
  }
}

List incidents

Returns a paginated list of incident tickets, ordered by creation date descending. Supports filtering by status, priority, environment, and date range. GET /
page
number
default:"1"
Page number.
limit
number
default:"20"
Items per page (max 100).
status
string
Filter by status: OPEN, ACKNOWLEDGED, INVESTIGATION, MITIGATED, RESOLVED, or CLOSED.
priority
string
Filter by priority: LOW, MEDIUM, HIGH, or CRITICAL.

Get incident analytics

Returns aggregate metrics across all incidents — useful for dashboards and SLA reporting. Includes total counts by status, mean time to acknowledge (MTTA), and mean time to resolve (MTTR). GET /analytics
total
number
Total incident count in the workspace.
byStatus
object
Count broken down by each status value.
byPriority
object
Count broken down by each priority value.
meanTimeToAcknowledge
number
Average acknowledgement time in minutes.
meanTimeToResolve
number
Average resolution time in minutes.

Get an incident

GET /:id
id
string
required
The incident ID.

Update an incident

Accepts the same fields as POST /. Only provided fields are updated. PUT /:id
id
string
required
The incident ID to update.

Delete an incident

DELETE /:id
id
string
required
The incident ID to delete.
Deleting an incident is permanent. All associated comments, messages, and AI analyses are also removed. Consider moving the incident to CLOSED status instead.

Add a comment

Post a comment to an incident ticket. Comments are visible to all team members with access to the ticket. Markdown is supported in content. POST /comment
ticketId
string
required
The incident ticket ID to comment on.
content
string
required
The comment body. Markdown is supported.

List comments

Retrieve all comments for an incident ticket in chronological order. GET /comment/:ticketId
ticketId
string
required
The incident ticket ID.

List messages

Retrieve the message thread for an incident ticket. Messages are distinct from comments — they typically represent system events, status transitions, and automated notifications. GET /message/:ticketId
ticketId
string
required
The incident ticket ID.

Resolve an incident

Mark an incident as RESOLVED and trigger any configured post-resolution hooks. POST /resolve/:id
id
string
required
The incident ID to resolve.

Resolve and generate a customer KB article

Resolve the incident and automatically draft a knowledge-base article for your customer-facing help center based on the incident summary and resolution steps. POST /resolve/customer-kb/:id
id
string
required
The incident ID.

AI: five-whys analysis

Trigger Ezra AI to perform a five-whys root cause analysis on the incident. Results are computed and returned synchronously. GET /resolve/ai/five-whys/:id
id
string
required
The incident ID to analyse.
Response 
{
  "success": true,
  "data": {
    "why1": "Checkout requests started failing",
    "why2": "stripe-service returned 503 errors",
    "why3": "Connection pool was exhausted",
    "why4": "Upstream gateway latency increased 10x",
    "why5": "No circuit breaker on the gateway call",
    "rootCause": "Missing circuit breaker on third-party payment gateway allowed slow responses to exhaust the connection pool."
  }
}
why1
string
First causal layer — observable symptom.
why2
string
Second causal layer.
why3
string
Third causal layer.
why4
string
Fourth causal layer.
why5
string
Fifth causal layer — root cause.
rootCause
string
Synthesised root cause statement.

AI: remediation suggestion

Ask Ezra AI for recommended remediation steps based on the incident context and historical failure patterns. GET /resolve/ai/suggestion/:id
id
string
required
The incident ID.

AI: stakeholder update

Generate a pre-drafted stakeholder communication tailored for a non-technical audience. GET /resolve/ai/stakeholder/:id
id
string
required
The incident ID.

Generate a PDF report

Export an incident as a formatted PDF suitable for post-incident reviews or audit trails. The response is a binary PDF stream. POST /generate-pdf
incidentId
string
required
The incident ID to export.
cURL
curl -X POST https://your-api-domain.com/api/v1/incident-ticket/generate-pdf \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"incidentId": "INC-20260522-0041"}' \
  --output incident-report.pdf
The response body is a binary PDF stream with Content-Type: application/pdf. Write it directly to a file rather than parsing it as JSON.

Status and priority reference

StatusMeaning
OPENNewly created, not yet acknowledged.
ACKNOWLEDGEDAn engineer has seen and accepted the incident.
INVESTIGATIONActive investigation underway.
MITIGATEDImpact reduced but root cause not yet fully resolved.
RESOLVEDIncident fully resolved.
CLOSEDPost-resolution review complete; ticket archived.
PriorityWhen to use
LOWMinimal impact, no customer effect.
MEDIUMDegraded experience for a subset of users.
HIGHSignificant impact affecting many users.
CRITICALFull service outage or data integrity at risk.