> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scrubbe.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create, Triage, and Resolve Incidents in Scrubbe

> Learn how to create, update, comment on, and resolve incidents using the Scrubbe incident management API, from first alert to closure.

Incidents in Scrubbe represent a discrete failure or degradation event in your systems. Each incident ticket tracks the full lifecycle — from the moment an alert fires to the final post-mortem — giving your team a single source of truth throughout the response. This guide walks you through the core operations: creating a ticket, moving it through its status states, adding comments, and marking it resolved.

## Prerequisites

* A valid API key with incident read/write permissions
* The base URL for your Scrubbe workspace (e.g., `https://api.scrubbe.io`)

All requests require the `Authorization: Bearer <token>` header.

***

## Create an incident

When an alert fires or an engineer spots an issue, open a ticket immediately. Providing complete context up front — including `techDescription`, `impactSummary`, and `blastRadius` — helps responders act faster and feeds Ezra's AI analysis.

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://api.scrubbe.io/api/v1/incident-ticket \
    -H "Authorization: Bearer <token>" \
    -H "Content-Type: application/json" \
    -d '{
      "summary": "Payment service down",
      "priority": "CRITICAL",
      "status": "OPEN",
      "source": "MONITORING",
      "serviceArea": "payments",
      "environment": "production",
      "region": "us-east-1",
      "assignedToEmail": "oncall@example.com",
      "description": "The payment gateway is returning 500 errors.",
      "techDescription": "Redis connection pool exhausted.",
      "impactSummary": "All checkout flows are failing.",
      "blastRadius": "100% of users attempting checkout"
    }'
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://api.scrubbe.io/api/v1/incident-ticket', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer <token>',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      summary: 'Payment service down',
      priority: 'CRITICAL',
      status: 'OPEN',
      source: 'MONITORING',
      serviceArea: 'payments',
      environment: 'production',
      region: 'us-east-1',
      assignedToEmail: 'oncall@example.com',
      description: 'The payment gateway is returning 500 errors.',
      techDescription: 'Redis connection pool exhausted.',
      impactSummary: 'All checkout flows are failing.',
      blastRadius: '100% of users attempting checkout',
    }),
  });
  const incident = await response.json();
  ```
</CodeGroup>

### Priority and status values

| Field      | Allowed values                                                             |
| ---------- | -------------------------------------------------------------------------- |
| `priority` | `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`                                        |
| `status`   | `OPEN`, `ACKNOWLEDGED`, `INVESTIGATION`, `MITIGATED`, `RESOLVED`, `CLOSED` |

<Tip>Set `status` to `OPEN` on creation. Move it through the lifecycle as your team responds — this keeps the timeline accurate for post-mortems.</Tip>

***

## List and retrieve incidents

Fetch all incidents in your workspace, or retrieve a single ticket by its ID.

<CodeGroup>
  ```bash List all theme={null}
  curl https://api.scrubbe.io/api/v1/incident-ticket \
    -H "Authorization: Bearer <token>"
  ```

  ```bash Get by ID theme={null}
  curl https://api.scrubbe.io/api/v1/incident-ticket/<id> \
    -H "Authorization: Bearer <token>"
  ```
</CodeGroup>

***

## Update an incident

Use `PUT /api/v1/incident-ticket/:id` to change any field on an existing ticket — reassign it, escalate the priority, or advance the status as your response progresses.

```bash theme={null}
curl -X PUT https://api.scrubbe.io/api/v1/incident-ticket/<id> \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "INVESTIGATION",
    "priority": "CRITICAL",
    "assignedToEmail": "senior-oncall@example.com"
  }'
```

***

## Add and read comments

Comments keep the incident timeline intact and let responders share findings without leaving the ticket context.

<CodeGroup>
  ```bash Add a comment theme={null}
  curl -X POST https://api.scrubbe.io/api/v1/incident-ticket/comment \
    -H "Authorization: Bearer <token>" \
    -H "Content-Type: application/json" \
    -d '{
      "ticketId": "<id>",
      "body": "Redis maxmemory policy changed — monitoring pool recovery."
    }'
  ```

  ```bash List comments theme={null}
  curl https://api.scrubbe.io/api/v1/incident-ticket/comment/<ticketId> \
    -H "Authorization: Bearer <token>"
  ```
</CodeGroup>

***

## Resolve an incident

Once the issue is contained, mark the incident resolved. You can resolve it directly or use the customer knowledge base endpoint to attach a resolution note that gets shared with affected customers.

<Tabs>
  <Tab title="Standard resolve">
    ```bash theme={null}
    curl -X POST https://api.scrubbe.io/api/v1/incident-ticket/resolve/<id> \
      -H "Authorization: Bearer <token>"
    ```
  </Tab>

  <Tab title="Resolve with customer KB">
    ```bash theme={null}
    curl -X POST https://api.scrubbe.io/api/v1/incident-ticket/resolve/customer-kb/<id> \
      -H "Authorization: Bearer <token>" \
      -H "Content-Type: application/json" \
      -d '{
        "resolutionNote": "The Redis connection pool has been expanded. Checkout is fully operational."
      }'
    ```
  </Tab>
</Tabs>

<Note>After resolving an incident, use the [Post-mortems guide](/guides/post-mortems) to generate an AI-assisted five-whys analysis and stakeholder report.</Note>

***

## View incident analytics

Pull aggregate metrics across all incidents in your workspace — useful for trend analysis, SLA tracking, and reporting.

```bash theme={null}
curl https://api.scrubbe.io/api/v1/incident-ticket/analytics \
  -H "Authorization: Bearer <token>"
```

***

## Delete an incident

<Warning>Deleting an incident is permanent and removes all associated comments and history. Only delete test or duplicate tickets.</Warning>

```bash theme={null}
curl -X DELETE https://api.scrubbe.io/api/v1/incident-ticket/<id> \
  -H "Authorization: Bearer <token>"
```
