/alerts/config - Get the caller's alerting layer

GET /alerts/config
Bearer auth

Returns the CALLER's own alerting configuration layer. No inherited ancestor layers, no merged effective view: every organization sees only its own configuration. The server-side merge that backs the Mimir YAML stays inside the backend.

When the caller has never saved a layer the response body contains an empty layer (toggles all null, recipient lists empty) and the two audit fields set to null. The UI uses that state to render a first-save form.

Requires read:alerts permission.

Responses

  • 200 application/json

    Caller's layer

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object

      The caller's alerting configuration. This is what POST /alerts/config accepts and what GET /alerts/config returns; the merged effective config that backs Mimir is computed server-side and never exposed.

      Each recipient carries its own severities[] (empty = all severities); email recipients additionally carry per-recipient language and format. Channel toggles under enabled are tri-state: null = no opinion at this layer (inherit), true = enabled, false = disabled (Owner only — non-Owner false is normalised to null on save).

      Body size: the request body is capped at 1 MiB on POST. Oversized requests are rejected with HTTP 413 before binding.

      Hide data attributes Show data attributes object
      • enabled object

        Per-layer enable/disable for each notification channel. Each value is tri-state:

        • true — explicitly enabled at this layer
        • false — explicitly disabled (Owner only; non-Owner false is normalised to null on save)
        • null — no opinion at this layer; effective state inherits from the merge of any ancestor layer that took a position. If no layer in the chain enables a channel, the channel stays off.
        Hide enabled attributes Show enabled attributes object
        • email boolean | null
        • webhook boolean | null
        • telegram boolean | null
      • email_recipients array[object]

        Not more than 50 elements.

        Hide email_recipients attributes Show email_recipients attributes object
        • address string(email) Required

          Maximum length is 320.

        • severities array[string]

          Severity scope for this recipient. Empty (or omitted) means "all severities" — the recipient lands on every per-severity receiver. A non-empty subset narrows delivery to those severities.

          Not more than 3 elements. Values are critical, warning, or info.

        • language string

          Rendering language for this recipient's email body and subject. Defaults to en when omitted.

          Values are en or it.

        • format string

          Body format preference. html (default) emits multipart with an html primary body and text alternative; plain emits only a text body.

          Values are html or plain.

      • webhook_recipients array[object]

        Not more than 20 elements.

        Hide webhook_recipients attributes Show webhook_recipients attributes object
        • name string Required

          Descriptive label for the webhook target (UI only).

          Maximum length is 100.

        • url string(uri) Required

          Webhook URL. Validation rejects non-public destinations (loopback, RFC1918, RFC6598 CGNAT, link-local, multicast, cloud metadata) and requires a canonical hostname (containing at least one letter) or a valid IP literal. Only http/https schemes are accepted; URLs cannot embed userinfo.

          Maximum length is 2048.

        • severities array[string]

          Not more than 3 elements. Values are critical, warning, or info.

      • telegram_recipients array[object]

        Not more than 20 elements.

        Hide telegram_recipients attributes Show telegram_recipients attributes object
        • bot_token string Required

          Maximum length is 256.

        • chat_id integer(int64) Required
        • severities array[string]

          Not more than 3 elements. Values are critical, warning, or info.

      • updated_by_name string | null
      • updated_at string(date-time) | null
  • 401 application/json

    Unauthorized - invalid or missing token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 403 application/json

    Forbidden - insufficient permissions

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
GET /alerts/config 
curl \
 --request GET 'https://api.your-domain.com/api/alerts/config' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200) 
{
  "code": 200,
  "message": "alerting layer retrieved successfully",
  "data": {
    "enabled": {
      "email": true,
      "webhook": null,
      "telegram": null
    },
    "email_recipients": [
      {
        "address": "noc@reseller.example",
        "severities": [
          "critical"
        ],
        "language": "it",
        "format": "html"
      }
    ],
    "webhook_recipients": [],
    "telegram_recipients": [],
    "updated_by_name": "Reseller Admin",
    "updated_at": "2026-05-09T10:14:00Z"
  }
}
{
  "code": 200,
  "message": "alerting layer retrieved successfully",
  "data": {
    "enabled": {
      "email": null,
      "webhook": null,
      "telegram": null
    },
    "email_recipients": [],
    "webhook_recipients": [],
    "telegram_recipients": [],
    "updated_by_name": null,
    "updated_at": null
  }
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}
Response examples (403) 
{
  "code": 403,
  "message": "insufficient permissions",
  "data": {}
}