# Alert Rules

## Fetch all alert rules

> Get a list of all alert rules configured for a team. Returns both enabled and disabled rules.\
> \
> Each rule contains:\
> \- \`name\`: Rule name\
> \- \`conditions\`: Array of condition groups (OR logic between groups, AND logic within a group)\
> \- \`actions\`: Array of actions to execute when conditions match\
> \- \`enabled\`: Whether the rule is currently active<br>

```json
{"openapi":"3.1.0","info":{"title":"Spike API","version":"1.0.0"},"tags":[{"name":"Alert Rules"}],"servers":[{"url":"https://api.spike.sh","description":"API server"}],"security":[{"ApiKeyAuth":[],"TeamIdHeader":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","in":"header","name":"x-api-key","description":"Your API key. You can find this in your Spike dashboard under Settings > API."}},"schemas":{"Error":{"type":"object","properties":{"message":{"type":"string","description":"Error message describing the problem"},"error":{"type":"string","description":"Error type or code"}}}}},"paths":{"/automation/rules":{"get":{"summary":"Fetch all alert rules","description":"Get a list of all alert rules configured for a team. Returns both enabled and disabled rules.\n\nEach rule contains:\n- `name`: Rule name\n- `conditions`: Array of condition groups (OR logic between groups, AND logic within a group)\n- `actions`: Array of actions to execute when conditions match\n- `enabled`: Whether the rule is currently active\n","tags":["Alert Rules"],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Get alert rule details

> Get full details of a specific alert rule by its ID, including all conditions and actions.

```json
{"openapi":"3.1.0","info":{"title":"Spike API","version":"1.0.0"},"tags":[{"name":"Alert Rules"}],"servers":[{"url":"https://api.spike.sh","description":"API server"}],"security":[{"ApiKeyAuth":[],"TeamIdHeader":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","in":"header","name":"x-api-key","description":"Your API key. You can find this in your Spike dashboard under Settings > API."}},"schemas":{"Error":{"type":"object","properties":{"message":{"type":"string","description":"Error message describing the problem"},"error":{"type":"string","description":"Error type or code"}}}}},"paths":{"/automation/rules/{ruleId}":{"get":{"summary":"Get alert rule details","description":"Get full details of a specific alert rule by its ID, including all conditions and actions.","tags":["Alert Rules"],"parameters":[{"name":"ruleId","in":"path","required":true,"schema":{"type":"string"},"description":"ruleId parameter"}],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Create an alert rule

> Create a new alert rule for a team. An alert rule automatically executes actions when incoming incidents match the specified conditions.\
> \
> \*\*Request Body:\*\*\
> \- \`name\` (required): A descriptive name for the rule.\
> \- \`conditions\` (required): A 2D array of condition objects. The outer array represents \*\*OR\*\* groups — if any group matches, the rule triggers. Each inner array contains conditions combined with \*\*AND\*\* logic — all must match.\
> \- \`actions\` (required): An array of action objects to execute when conditions are met.\
> \
> \---\
> \
> \*\*Condition Types:\*\*\
> \
> \| \`conditionType\` | Description | Additional Fields |\
> \|---|---|---|\
> \| \`allIncidents\` | Matches every incident (wildcard) | — |\
> \| \`incidentMessage\` | Match on the incident title/message | \`comparator\`, \`text\` |\
> \| \`incidentDetails\` | Match on a specific key in the incident metadata | \`comparator\`, \`text\`, \`keypair\` |\
> \| \`incidentOccurrence\` | Match when total occurrences exceed a threshold | \`occurrences\` |\
> \| \`incidentOccurrenceTimeframe\` | Match when occurrences exceed a threshold within a time window | \`occurrences\`, \`timeframe\` (in minutes) |\
> \| \`priority\` | Match on incident priority | \`priority\` (one of \`p1\`, \`p2\`, \`p3\`, \`p4\`, \`p5\`) |\
> \| \`severity\` | Match on incident severity | \`severity\` (one of \`sev1\`, \`sev2\`, \`sev3\`) |\
> \| \`regexMatch\` | Match incident message against a regex pattern | \`regex\` |\
> \| \`incidentTiming\` | Match based on time of day the incident occurred | \`start\` (HH:mm), \`end\` (HH:mm), \`timezone\` (optional, e.g., \`America/New\_York\`) |\
> \| \`incidentDayOfWeek\` | Match based on day of the week | \`days\` (array of day numbers: 0=Sunday, 6=Saturday), \`timezone\` (optional) |\
> \
> \*\*Comparators\*\* (for \`incidentMessage\` and \`incidentDetails\`):\
> \`contains\`, \`doesNotContain\`, \`equals\`, \`doesNotEqual\`, \`startsWith\`, \`endsWith\`, \`greaterThan\`, \`lessThan\`, \`greaterThanOrEqual\`, \`lessThanOrEqual\`, \`regexMatch\`\
> \
> \> \*\*Note:\*\* \`greaterThan\`, \`lessThan\`, \`greaterThanOrEqual\`, \`lessThanOrEqual\` are only available for \`incidentDetails\`.\
> \
> \---\
> \
> \*\*Action Types:\*\*\
> \
> \| \`actionType\` | Description | Additional Fields |\
> \|---|---|---|\
> \| \`reassignIncident\` | Reassign the incident to a specific user | \`user\` (user ID) |\
> \| \`suppressIncident\` | Suppress the incident (do not create) | — |\
> \| \`acknowledgeIncident\` | Auto-acknowledge the incident | \`sendAlert\` (\`\\"true\\"\` or \`\\"false\\"\`) |\
> \| \`resolveIncident\` | Auto-resolve the incident | \`sendAlert\` (\`\\"true\\"\` or \`\\"false\\"\`) |\
> \| \`changeEscalation\` | Override the escalation policy | \`escalation\` (escalation policy ID) |\
> \| \`priority\` | Set incident priority | \`priority\` (one of \`p1\`, \`p2\`, \`p3\`, \`p4\`, \`p5\`) |\
> \| \`severity\` | Set incident severity | \`severity\` (one of \`sev1\`, \`sev2\`, \`sev3\`) |\
> \| \`outboundWebhook\` | Trigger an outbound webhook | \`outboundWebhook\` (webhook ID) |\
> \| \`executePlaybook\` | Execute a playbook | \`playbook\` (playbook ID) |\
> \| \`timerResolve\` | Auto-resolve after a timer | timer config |\
> \
> \---\
> \
> \*\*Example:\*\* The sample body creates a rule that matches all incidents whose message starts with \\"test\\" AND whose metadata key \\"test\\" has a value greater than 8, then reassigns the incident to a specific user.<br>

```json
{"openapi":"3.1.0","info":{"title":"Spike API","version":"1.0.0"},"tags":[{"name":"Alert Rules"}],"servers":[{"url":"https://api.spike.sh","description":"API server"}],"security":[{"ApiKeyAuth":[],"TeamIdHeader":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","in":"header","name":"x-api-key","description":"Your API key. You can find this in your Spike dashboard under Settings > API."}},"schemas":{"Error":{"type":"object","properties":{"message":{"type":"string","description":"Error message describing the problem"},"error":{"type":"string","description":"Error type or code"}}}}},"paths":{"/automation/rules/create":{"post":{"summary":"Create an alert rule","description":"Create a new alert rule for a team. An alert rule automatically executes actions when incoming incidents match the specified conditions.\n\n**Request Body:**\n- `name` (required): A descriptive name for the rule.\n- `conditions` (required): A 2D array of condition objects. The outer array represents **OR** groups — if any group matches, the rule triggers. Each inner array contains conditions combined with **AND** logic — all must match.\n- `actions` (required): An array of action objects to execute when conditions are met.\n\n---\n\n**Condition Types:**\n\n| `conditionType` | Description | Additional Fields |\n|---|---|---|\n| `allIncidents` | Matches every incident (wildcard) | — |\n| `incidentMessage` | Match on the incident title/message | `comparator`, `text` |\n| `incidentDetails` | Match on a specific key in the incident metadata | `comparator`, `text`, `keypair` |\n| `incidentOccurrence` | Match when total occurrences exceed a threshold | `occurrences` |\n| `incidentOccurrenceTimeframe` | Match when occurrences exceed a threshold within a time window | `occurrences`, `timeframe` (in minutes) |\n| `priority` | Match on incident priority | `priority` (one of `p1`, `p2`, `p3`, `p4`, `p5`) |\n| `severity` | Match on incident severity | `severity` (one of `sev1`, `sev2`, `sev3`) |\n| `regexMatch` | Match incident message against a regex pattern | `regex` |\n| `incidentTiming` | Match based on time of day the incident occurred | `start` (HH:mm), `end` (HH:mm), `timezone` (optional, e.g., `America/New_York`) |\n| `incidentDayOfWeek` | Match based on day of the week | `days` (array of day numbers: 0=Sunday, 6=Saturday), `timezone` (optional) |\n\n**Comparators** (for `incidentMessage` and `incidentDetails`):\n`contains`, `doesNotContain`, `equals`, `doesNotEqual`, `startsWith`, `endsWith`, `greaterThan`, `lessThan`, `greaterThanOrEqual`, `lessThanOrEqual`, `regexMatch`\n\n> **Note:** `greaterThan`, `lessThan`, `greaterThanOrEqual`, `lessThanOrEqual` are only available for `incidentDetails`.\n\n---\n\n**Action Types:**\n\n| `actionType` | Description | Additional Fields |\n|---|---|---|\n| `reassignIncident` | Reassign the incident to a specific user | `user` (user ID) |\n| `suppressIncident` | Suppress the incident (do not create) | — |\n| `acknowledgeIncident` | Auto-acknowledge the incident | `sendAlert` (`\\\"true\\\"` or `\\\"false\\\"`) |\n| `resolveIncident` | Auto-resolve the incident | `sendAlert` (`\\\"true\\\"` or `\\\"false\\\"`) |\n| `changeEscalation` | Override the escalation policy | `escalation` (escalation policy ID) |\n| `priority` | Set incident priority | `priority` (one of `p1`, `p2`, `p3`, `p4`, `p5`) |\n| `severity` | Set incident severity | `severity` (one of `sev1`, `sev2`, `sev3`) |\n| `outboundWebhook` | Trigger an outbound webhook | `outboundWebhook` (webhook ID) |\n| `executePlaybook` | Execute a playbook | `playbook` (playbook ID) |\n| `timerResolve` | Auto-resolve after a timer | timer config |\n\n---\n\n**Example:** The sample body creates a rule that matches all incidents whose message starts with \\\"test\\\" AND whose metadata key \\\"test\\\" has a value greater than 8, then reassigns the incident to a specific user.\n","tags":["Alert Rules"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"name":{"type":"string"},"conditions":{"type":"array","items":{"type":"array","items":{"type":"object","properties":{"conditionType":{"type":"string"},"comparator":{"type":"string"},"text":{"type":"string"}}}}},"actions":{"type":"array","items":{"type":"object","properties":{"actionType":{"type":"string"},"user":{"type":"string"}}}}}}}}},"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Update an alert rule

> Update an existing alert rule by its ID. You must send the \*\*complete rule\*\* — partial updates are not supported. The existing rule will be fully replaced with the provided data.\
> \
> \*\*Request Body:\*\*\
> \- \`name\` (required): Updated rule name.\
> \- \`conditions\` (required): Full 2D array of condition groups (same format as Create).\
> \- \`actions\` (required): Full array of action objects (same format as Create).\
> \
> See \*Create an alert rule\* for all available \`conditionType\`, \`comparator\`, and \`actionType\` values.<br>

```json
{"openapi":"3.1.0","info":{"title":"Spike API","version":"1.0.0"},"tags":[{"name":"Alert Rules"}],"servers":[{"url":"https://api.spike.sh","description":"API server"}],"security":[{"ApiKeyAuth":[],"TeamIdHeader":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","in":"header","name":"x-api-key","description":"Your API key. You can find this in your Spike dashboard under Settings > API."}},"schemas":{"Error":{"type":"object","properties":{"message":{"type":"string","description":"Error message describing the problem"},"error":{"type":"string","description":"Error type or code"}}}}},"paths":{"/automation/rules/{ruleId}/update":{"put":{"summary":"Update an alert rule","description":"Update an existing alert rule by its ID. You must send the **complete rule** — partial updates are not supported. The existing rule will be fully replaced with the provided data.\n\n**Request Body:**\n- `name` (required): Updated rule name.\n- `conditions` (required): Full 2D array of condition groups (same format as Create).\n- `actions` (required): Full array of action objects (same format as Create).\n\nSee *Create an alert rule* for all available `conditionType`, `comparator`, and `actionType` values.\n","tags":["Alert Rules"],"parameters":[{"name":"ruleId","in":"path","required":true,"schema":{"type":"string"},"description":"ruleId parameter"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"name":{"type":"string"},"conditions":{"type":"array","items":{"type":"array","items":{"type":"object","properties":{"conditionType":{"type":"string"},"comparator":{"type":"string"},"text":{"type":"string"}}}}},"actions":{"type":"array","items":{"type":"object","properties":{"actionType":{"type":"string"},"user":{"type":"string"}}}}}}}}},"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Archive an alert rule

> Archive (soft-delete) an alert rule by its ID. Archived rules will no longer evaluate against incoming incidents.\
> \
> Pass the alert rule \`\_id\` as a path parameter. No request body is required.<br>

```json
{"openapi":"3.1.0","info":{"title":"Spike API","version":"1.0.0"},"tags":[{"name":"Alert Rules"}],"servers":[{"url":"https://api.spike.sh","description":"API server"}],"security":[{"ApiKeyAuth":[],"TeamIdHeader":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","in":"header","name":"x-api-key","description":"Your API key. You can find this in your Spike dashboard under Settings > API."}},"schemas":{"Error":{"type":"object","properties":{"message":{"type":"string","description":"Error message describing the problem"},"error":{"type":"string","description":"Error type or code"}}}}},"paths":{"/automation/rules/{ruleId}/archive":{"delete":{"summary":"Archive an alert rule","description":"Archive (soft-delete) an alert rule by its ID. Archived rules will no longer evaluate against incoming incidents.\n\nPass the alert rule `_id` as a path parameter. No request body is required.\n","tags":["Alert Rules"],"parameters":[{"name":"ruleId","in":"path","required":true,"schema":{"type":"string"},"description":"ruleId parameter"}],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.spike.sh/spike-api-docs/alert-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.