Authentication
API keys, base URL, and error format for the Incidentary REST API
REST API — Authentication
All API requests require an API key passed in the Authorization header as a Bearer token.
API keys carry full write access to your workspace. Use separate keys per environment (staging, production). Rotate keys immediately if compromised.
Base URL
https://api.incidentary.com/v1Authentication Header
curl https://api.incidentary.com/v1/incidents \
-H "Authorization: Bearer key_your_api_key_here" \
-H "Content-Type: application/json"Error Format
All errors return JSON with a consistent structure:
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key.",
"status": 401
}
}Error Codes
| Code | HTTP Status | Description |
|---|---|---|
UNAUTHORIZED | 401 | Missing or invalid API key |
FORBIDDEN | 403 | Key lacks permission for this action |
NOT_FOUND | 404 | Resource does not exist |
RATE_LIMITED | 429 | Too many requests — back off and retry |
INTERNAL_ERROR | 500 | Server error — contact support if persistent |
Rate Limits
Requests are rate-limited per API key:
- Ingestion endpoints (
/traces,/events): 10,000 req/min - Query endpoints (
/incidents,/traces/:id): 1,000 req/min
Rate limit state is returned in response headers:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 987
X-RateLimit-Reset: 1709289600Pagination
List endpoints return paginated results using cursor-based pagination:
{
"data": [...],
"pagination": {
"cursor": "cur_abc123",
"hasMore": true
}
}Pass ?cursor=cur_abc123 to fetch the next page.