Appends a free-form operator note (ticket links, findings, hand-over
info) to the alert's activity timeline as a note_added event. Notes
are independent from silences and assignments, immutable (append-only)
and can also target an alert that has already resolved — the timeline
outlives the alert, so no Mimir lookup is performed.
Notes are namespaced by organization: they are written under the
caller-resolved organization_id and only readable through that
organization's timeline.
Requires manage:systems permission on an organization in the caller's
hierarchy. Customers are pinned to their own organization.
Query parameters
-
The alert's organization (its organization_id label). Required for Owner/Distributor/Reseller; ignored for Customer (pinned).
POST
/alerts/notes
curl \
--request POST 'https://api.your-domain.com/api/alerts/notes' \
--header "Authorization: Bearer $ACCESS_TOKEN" \
--header "Content-Type: application/json" \
--data '"{\n \"fingerprint\": \"79b1c79b3211797c\",\n \"text\": \"Firewall irraggiungibile, sentito il cliente: intervento on-site domattina. Ticket #123\"\n}"'
Request example
{
"fingerprint": "79b1c79b3211797c",
"text": "Firewall irraggiungibile, sentito il cliente: intervento on-site domattina. Ticket #123"
}
Response examples (200)
{
"code": 200,
"message": "alert note added successfully",
"data": null
}
Response examples (400)
{
"code": 400,
"message": "validation failed",
"data": {
"type": "validation_error",
"errors": [
{
"key": "username",
"message": "required",
"value": "string"
}
]
}
}
Response examples (401)
{
"code": 401,
"message": "invalid token",
"data": {}
}
Response examples (403)
{
"code": 403,
"message": "insufficient permissions",
"data": {}
}