GET /alerts
Bearer auth

Retrieves active alerts from Mimir for the caller's scope, paginated and sorted by startsAt descending (fingerprint as tiebreaker for stable pagination).

Scope follows the same three modes as /alerts/totals:

  • organization_id omitted → caller's full hierarchy (cross-tenant fan-out).
  • organization_id=X → single tenant X.
  • organization_id=X&include=descendantsX plus its sub-tree.

All filter params support multiple values (repeat the param): values within the same filter are matched as OR; different filters AND together. Example: ?severity=critical&severity=warning&alertname=CVE-2024-1234 returns CVE-2024-1234 alerts that are critical or warning.

Per-tenant failures during fan-out (timeout, 5xx) are non-fatal: the rest of the result is returned and the failure is reported in the warnings array.

Query parameters

  • organization_id string

    Target organization ID. Optional for all roles except Customer (where it is ignored).

  • include string

    Set to descendants together with organization_id to drill down on a sub-tree.

    Value is descendants.

  • page integer

    1-based page number.

    Minimum value is 1. Default value is 1.

  • page_size integer

    Page size. Default 50, max 100.

    Minimum value is 1, maximum value is 100. Default value is 50.

  • state array[string]

    Filter alerts by state. Supports multiple values.

    Values are active, suppressed, or unprocessed.

  • severity array[string]

    Filter alerts by severity label. Supports multiple values.

    Values are critical, warning, or info.

  • system_key array[string]

    Filter alerts by system_key label. Supports multiple values.

  • alertname array[string]

    Filter alerts by alertname label (the alert "type" — e.g. HighCPU, DiskFull, CVE-2024-1234). Supports multiple values.

Responses

  • 200 application/json

    Paginated list of active alerts

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object
      Hide data attributes Show data attributes object
      • alerts array[object]
      • pagination object
        Hide pagination attributes Show pagination attributes object
        • page integer

          Current page number

          Minimum value is 1.

        • page_size integer

          Number of items per page

          Minimum value is 1, maximum value is 200.

        • total_count integer

          Total number of items

          Minimum value is 0.

        • total_pages integer

          Total number of pages

          Minimum value is 0.

        • has_next boolean

          Whether there is a next page

        • has_prev boolean

          Whether there is a previous page

        • next_page integer | null

          Next page number if available

        • prev_page integer | null

          Previous page number if available

        • sort_by string | null

          Field used for sorting

        • sort_direction string | null

          Sort direction

          Values are asc or desc.

      • warnings array[string]

        Per-tenant errors encountered during fan-out. Always present (empty array when every tenant responded OK). Each entry is a string org <logto_id>: <error>.
  • 400 application/json

    Bad request - validation error

    Hide response attributes Show response attributes object
    • code integer

      HTTP error code

    • message string

      Error message

    • data object
      Hide data attributes Show data attributes object
      • type string

        Type of error

        Values are validation_error or external_api_error.

      • errors array[object]
        Hide errors attributes Show errors attributes object
        • key string

          Field name that failed validation

        • message string

          Error code or message

        • value string

          Value that failed validation

      • details

        Additional error details
  • 401 application/json

    Unauthorized - invalid or missing token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 403 application/json

    Forbidden - insufficient permissions

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 500 application/json

    Internal server error

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
GET /alerts 
curl \
 --request GET 'https://collect.your-domain.com/api/alerts' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200) 
{
  "code": 200,
  "message": "alerts retrieved successfully",
  "data": {
    "alerts": [
      {}
    ],
    "pagination": {
      "page": 1,
      "page_size": 20,
      "total_count": 156,
      "total_pages": 8,
      "has_next": true,
      "has_prev": false,
      "next_page": 2,
      "prev_page": 42,
      "sort_by": "name",
      "sort_direction": "asc"
    },
    "warnings": [
      "string"
    ]
  }
}
Response examples (400) 
{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}
Response examples (403) 
{
  "code": 403,
  "message": "insufficient permissions",
  "data": {}
}
Response examples (500) 
{
  "code": 500,
  "message": "internal server error",
  "data": {}
}