Skip to main content

Overview

Retrieve the update history for an incident including status changes, severity changes, and audit trail events. This provides a chronological view of the incident lifecycle. Note: Comments are excluded from this endpoint and are available in a separate Investigation Notes section in the UI. Use the POST /api/incidents/{id}/updates endpoint to add comments.

Authentication

Requires API Key authentication:
  • API Key: X-API-Key: YOUR_API_KEY

Path Parameters

id
string
required
Incident ID (UUID). The unique identifier of the incident.

Response Format

success
boolean
Whether the request was successful
data
array
Array of update/event objects in reverse chronological order (most recent first)

Example Requests

curl -X GET 'https://api.uptimeio.com/api/incidents/550e8400-e29b-41d4-a716-446655440000/updates' \
  -H 'X-API-Key: YOUR_API_KEY'

Example Response

{
  "success": true,
  "data": [
    {
      "id": "event-005",
      "incident_id": "550e8400-e29b-41d4-a716-446655440000",
      "action": "closed",
      "user_id": "cc0e8400-e29b-41d4-a716-446655440002",
      "user_email": "[email protected]",
      "user_name": "Charlie Lee",
      "message": "Incident closed",
      "old_value": "resolved",
      "new_value": "closed",
      "created_at": "2024-12-27T12:00:00Z"
    },
    {
      "id": "event-004",
      "incident_id": "550e8400-e29b-41d4-a716-446655440000",
      "action": "resolved",
      "user_id": "bb0e8400-e29b-41d4-a716-446655440001",
      "user_email": "[email protected]",
      "user_name": "Bob Smith",
      "message": "Incident resolved",
      "old_value": "acknowledged",
      "new_value": "resolved",
      "created_at": "2024-12-26T14:45:00Z"
    },
    {
      "id": "event-003",
      "incident_id": "550e8400-e29b-41d4-a716-446655440000",
      "action": "severity_changed",
      "user_id": "aa0e8400-e29b-41d4-a716-446655440000",
      "user_email": "[email protected]",
      "user_name": "Alice Johnson",
      "message": "Severity changed from critical to major",
      "old_value": "critical",
      "new_value": "major",
      "created_at": "2024-12-26T14:30:00Z"
    },
    {
      "id": "event-002",
      "incident_id": "550e8400-e29b-41d4-a716-446655440000",
      "action": "acknowledged",
      "user_id": "aa0e8400-e29b-41d4-a716-446655440000",
      "user_email": "[email protected]",
      "user_name": "Alice Johnson",
      "message": "Incident acknowledged",
      "old_value": "open",
      "new_value": "acknowledged",
      "created_at": "2024-12-26T14:06:00Z"
    },
    {
      "id": "event-001",
      "incident_id": "550e8400-e29b-41d4-a716-446655440000",
      "action": "created",
      "user_id": null,
      "user_email": null,
      "user_name": null,
      "message": "Incident created: Connection timeout after 30000ms",
      "old_value": null,
      "new_value": null,
      "created_at": "2024-12-26T14:00:00Z"
    }
  ]
}

Status Codes

StatusDescription
200 OKUpdates successfully retrieved
401 UnauthorizedAuthentication failed or invalid credentials
404 Not FoundIncident not found or not accessible in current project
500 Internal Server ErrorServer error during retrieval

Error Codes

{
  "success": false,
  "error": {
    "code": "NOT_FOUND",
    "message": "Incident not found"
  }
}

Action Types

The timeline includes the following action types (comments are excluded and available separately):
ActionDescriptionFields
createdIncident was createdmessage contains creation details
status_changedStatus was updatedold_value and new_value contain status transitions
severity_changedSeverity was updatedold_value and new_value contain severity levels
assignedIncident assigned to useruser info for assignee
acknowledgedIncident was acknowledgeduser info for who acknowledged, old_value/new_value for status
resolvedIncident was resolveduser info for who resolved, old_value/new_value for status
closedIncident was closeduser info for who closed, old_value/new_value for status
reopenedIncident was reopeneduser info for who reopened, old_value/new_value for status
updatedIncident details were updatedold_value and new_value for changed fields
Note: The comment_added action type exists but is intentionally excluded from this endpoint. Comments are displayed separately in the Investigation Notes section of the incident UI.

Timeline Interpretation Guide

Incident Lifecycle Example

14:00 - [created] Incident detected automatically by monitoring
14:06 - [acknowledged] open → acknowledged (Alice Johnson)
14:30 - [severity_changed] critical → major (Alice Johnson)
14:45 - [resolved] acknowledged → resolved (Bob Smith)
12:00 - [closed] resolved → closed (Charlie Lee)

Notes

  • Updates are returned in reverse chronological order (most recent first)
  • System-generated events (like automatic incident creation) have user_id: null
  • All timestamps are in ISO 8601 format
  • Status and severity changes include old and new values for comparison
  • User information (name, email) is included for attribution
  • Comments are excluded from this endpoint; use POST /api/incidents/{id}/updates to add comments and view them in the Investigation Notes section