Skip to main content
Alerts are generated automatically by InfraAudit when drift, vulnerability, compliance, or cost anomaly findings exceed configured thresholds. You can also create alerts manually. The alerts endpoints let you list, filter, acknowledge, and resolve alert findings. Base path: /api/v1/alerts

GET /alerts — list alerts

Returns a paginated list of alerts. 
GET /api/v1/alerts
Authorization: Bearer <token>

Query parameters

severity
string
Filter by severity: critical, high, medium, or low.
type
string
Filter by alert type: security, cost, compliance, or performance.
status
string
Filter by status: open, acknowledged, or resolved.
provider_id
integer
Filter by provider.
page
integer
default:"1"
Page number.
per_page
integer
default:"20"
Results per page. Maximum is 100.

Response

{
  "data": [
    {
      "id": 1,
      "title": "S3 bucket made public",
      "type": "security",
      "severity": "critical",
      "status": "open",
      "resource_id": 5,
      "resource_name": "data-lake-bucket",
      "created_at": "2024-01-15T14:35:00Z"
    }
  ],
  "meta": { "total": 7, "page": 1, "per_page": 20 }
}

GET /alerts/ — get alert

Returns full details for a single alert. 
GET /api/v1/alerts/{id}
Authorization: Bearer <token>

POST /alerts — create alert (manual)

Creates a manual alert for a resource. 
POST /api/v1/alerts
Authorization: Bearer <token>
Content-Type: application/json

Request body

title
string
required
A short description of the alert.
type
string
required
Alert type: security, cost, compliance, or performance.
severity
string
required
Severity: critical, high, medium, or low.
resource_id
integer
Resource the alert is associated with.
description
string
Extended description or context.
{
  "title": "Manual security review required",
  "type": "security",
  "severity": "high",
  "resource_id": 15,
  "description": "Audit requested by CISO"
}

POST /alerts//acknowledge — acknowledge an alert

Marks an alert as acknowledged. Returns 200 with the updated alert. 
POST /api/v1/alerts/{id}/acknowledge
Authorization: Bearer <token>

POST /alerts//resolve — resolve an alert

Marks an alert as resolved with an optional resolution note. 
POST /api/v1/alerts/{id}/resolve
Authorization: Bearer <token>
Content-Type: application/json

Request body (optional)

resolution_note
string
A note describing how the issue was resolved.
{
  "resolution_note": "Reverted security group change"
}

POST /alerts/bulk — bulk update alerts

Acknowledge or resolve multiple alerts in a single request. 
POST /api/v1/alerts/bulk
Authorization: Bearer <token>
Content-Type: application/json

Request body

ids
array
required
Array of alert IDs to update.
action
string
required
Action to apply: acknowledge or resolve.
{
  "ids": [1, 2, 3],
  "action": "acknowledge"
}