Ctrlk
DashboardWebsiteRoadmap

Alert Rules

Fetch all alert rules

get

Get a list of all alert rules configured for a team. Returns both enabled and disabled rules.

Each rule contains:

  • name: Rule name

  • conditions: Array of condition groups (OR logic between groups, AND logic within a group)

  • actions: Array of actions to execute when conditions match

  • enabled: Whether the rule is currently active

Header parameters
x-api-keystringRequired

Your API key. Find it in your Spike dashboard under Settings > API.

x-team-idstringRequired

Team ID of the team you are making the request to.

Responses
200

Successful response

application/json
objectOptional
get
/automation/rules

Get alert rule details

get

Get full details of a specific alert rule by its ID, including all conditions and actions.

Path parameters
ruleIdstringRequired

ruleId parameter

Header parameters
x-api-keystringRequired

Your API key. Find it in your Spike dashboard under Settings > API.

x-team-idstringRequired

Team ID of the team you are making the request to.

Responses
200

Successful response

application/json
objectOptional
get
/automation/rules/{ruleId}

Create an alert rule

post

Create a new alert rule for a team. An alert rule automatically executes actions when incoming incidents match the specified conditions.

Request Body:

  • name (required): A descriptive name for the rule.

  • conditions (required): A 2D array of condition objects. The outer array represents OR groups — if any group matches, the rule triggers. Each inner array contains conditions combined with AND logic — all must match.

  • actions (required): An array of action objects to execute when conditions are met.

Condition Types:

conditionType

Description

Additional Fields

allIncidents

Matches every incident (wildcard)

incidentMessage

Match on the incident title/message

comparator, text

incidentDetails

Match on a specific key in the incident metadata

comparator, text, keypair

incidentOccurrence

Match when total occurrences exceed a threshold

occurrences

incidentOccurrenceTimeframe

Match when occurrences exceed a threshold within a time window

occurrences, timeframe (in minutes)

priority

Match on incident priority

priority (one of p1, p2, p3, p4, p5)

severity

Match on incident severity

severity (one of sev1, sev2, sev3)

regexMatch

Match incident message against a regex pattern

regex

incidentTiming

Match based on time of day the incident occurred

start (HH:mm), end (HH:mm), timezone (optional, e.g., America/New_York)

incidentDayOfWeek

Match based on day of the week

days (array of day numbers: 0=Sunday, 6=Saturday), timezone (optional)

Comparators (for incidentMessage and incidentDetails): contains, doesNotContain, equals, doesNotEqual, startsWith, endsWith, greaterThan, lessThan, greaterThanOrEqual, lessThanOrEqual, regexMatch

Note: greaterThan, lessThan, greaterThanOrEqual, lessThanOrEqual are only available for incidentDetails.

Action Types:

actionType

Description

Additional Fields

reassignIncident

Reassign the incident to a specific user

user (user ID)

suppressIncident

Suppress the incident (do not create)

acknowledgeIncident

Auto-acknowledge the incident

sendAlert (\"true\" or \"false\")

resolveIncident

Auto-resolve the incident

sendAlert (\"true\" or \"false\")

changeEscalation

Override the escalation policy

escalation (escalation policy ID)

priority

Set incident priority

priority (one of p1, p2, p3, p4, p5)

severity

Set incident severity

severity (one of sev1, sev2, sev3)

outboundWebhook

Trigger an outbound webhook

outboundWebhook (webhook ID)

executePlaybook

Execute a playbook

playbook (playbook ID)

timerResolve

Auto-resolve after a timer

timer config

Example: The sample body creates a rule that matches all incidents whose message starts with "test" AND whose metadata key "test" has a value greater than 8, then reassigns the incident to a specific user.

Header parameters
x-api-keystringRequired

Your API key. Find it in your Spike dashboard under Settings > API.

x-team-idstringRequired

Team ID of the team you are making the request to.

Body
namestringOptional
Responses
200

Successful response

application/json
objectOptional
post
/automation/rules/create

Update an alert rule

put

Update an existing alert rule by its ID. You must send the complete rule — partial updates are not supported. The existing rule will be fully replaced with the provided data.

Request Body:

  • name (required): Updated rule name.

  • conditions (required): Full 2D array of condition groups (same format as Create).

  • actions (required): Full array of action objects (same format as Create).

See Create an alert rule for all available conditionType, comparator, and actionType values.

Path parameters
ruleIdstringRequired

ruleId parameter

Header parameters
x-api-keystringRequired

Your API key. Find it in your Spike dashboard under Settings > API.

x-team-idstringRequired

Team ID of the team you are making the request to.

Body
namestringOptional
Responses
200

Successful response

application/json
objectOptional
put
/automation/rules/{ruleId}/update

Archive an alert rule

delete

Archive (soft-delete) an alert rule by its ID. Archived rules will no longer evaluate against incoming incidents.

Pass the alert rule _id as a path parameter. No request body is required.

Path parameters
ruleIdstringRequired

ruleId parameter

Header parameters
x-api-keystringRequired

Your API key. Find it in your Spike dashboard under Settings > API.

x-team-idstringRequired

Team ID of the team you are making the request to.

Responses
200

Successful response

application/json
objectOptional
delete
/automation/rules/{ruleId}/archive
PreviousEscalationsNextServices

Last updated