Ticketing API
The Ticketing Agent provides APIs for incident management, platform configuration, severity routing, and connectivity testing.
Base URL: http://logclaw-ticketing-agent:18081
Dashboard proxy: /api/ticketing/*
Incidents
List Incidents
Returns all tracked incidents with their current state and metadata.
Response
[
{
"id": "inc-20240301-001",
"title": "High error rate on payment-api",
"severity": "critical",
"status": "open",
"service": "payment-api",
"anomalyScore": 4.2,
"affectedServices": ["payment-api", "order-engine", "notification-svc"],
"traceId": "abcdef1234567890",
"createdAt": "2024-03-01T15:30:00Z",
"updatedAt": "2024-03-01T15:30:00Z",
"platforms": ["pagerduty", "jira", "slack"]
}
]
Acknowledge Incident
POST /api/incidents/:id/acknowledge
open to acknowledged.
Response
{
"id": "inc-20240301-001",
"status": "acknowledged",
"acknowledgedAt": "2024-03-01T15:35:00Z"
}
Resolve Incident
POST /api/incidents/:id/resolve
resolved.
Response
{
"id": "inc-20240301-001",
"status": "resolved",
"resolvedAt": "2024-03-01T16:00:00Z"
}
Escalate Incident
POST /api/incidents/:id/escalate
Response
{
"id": "inc-20240301-001",
"status": "escalated",
"escalatedAt": "2024-03-01T15:45:00Z",
"escalatedTo": ["pagerduty"]
}
Runtime Configuration
Get Full Configuration
Returns the complete runtime configuration including all platform settings, routing rules, anomaly thresholds, and LLM configuration.
Response
{
"platforms": {
"pagerduty": { "enabled": true, "routingKey": "****" },
"jira": { "enabled": true, "baseUrl": "https://org.atlassian.net" },
"servicenow": { "enabled": false },
"opsgenie": { "enabled": false },
"slack": { "enabled": true, "webhookUrl": "****" }
},
"routing": {
"critical": ["pagerduty", "slack", "jira"],
"high": ["jira", "slack"],
"medium": ["jira"],
"low": ["slack"]
},
"anomaly": {
"minimumScore": 0.85,
"lookbackWindow": "15m"
},
"llm": {
"provider": "openai",
"model": "gpt-4"
}
}
Sensitive fields (API keys, tokens, passwords) are masked with **** in the response. Use the PATCH endpoints to update them.
PATCH /api/v1/config/platforms
Request Body
{
"pagerduty": {
"enabled": true,
"routingKey": "your-pagerduty-routing-key"
},
"slack": {
"enabled": true,
"webhookUrl": "https://hooks.slack.com/services/T.../B.../..."
}
}
| Platform | Required Fields |
|---|
| PagerDuty | routingKey |
| Jira | baseUrl, apiToken, userEmail |
| ServiceNow | instanceUrl, username, password |
| OpsGenie | apiKey |
| Slack | webhookUrl |
Response
{
"status": "ok",
"updated": ["pagerduty", "slack"]
}
Update Routing Rules
PATCH /api/v1/config/routing
Request Body
{
"critical": ["pagerduty", "slack", "jira"],
"high": ["jira", "slack"],
"medium": ["jira"],
"low": ["slack"]
}
Response
{
"status": "ok",
"routing": {
"critical": ["pagerduty", "slack", "jira"],
"high": ["jira", "slack"],
"medium": ["jira"],
"low": ["slack"]
}
}
Update Anomaly Settings
PATCH /api/v1/config/anomaly
Request Body
{
"minimumScore": 0.9,
"lookbackWindow": "30m"
}
| Field | Type | Default | Description |
|---|
minimumScore | number | 0.85 | Minimum anomaly score to trigger incident creation |
lookbackWindow | string | 15m | Time window for anomaly grouping and deduplication |
Update LLM Settings
Request Body
{
"provider": "openai",
"model": "gpt-4",
"apiKey": "sk-..."
}
Connectivity Testing
POST /api/v1/test-connection
Request Body
{
"platform": "pagerduty"
}
Success Response
{
"status": "ok",
"platform": "pagerduty",
"message": "Connection successful"
}
Failure Response
{
"status": "error",
"platform": "pagerduty",
"message": "Invalid routing key"
}
Test LLM Connection
Verify connectivity to the configured LLM provider.
Success Response
{
"status": "ok",
"provider": "openai",
"model": "gpt-4",
"message": "LLM connection successful"
}
Batch Operations
Batch Update Incidents
POST /api/v1/incidents/batch
Request Body
{
"ids": ["inc-20240301-001", "inc-20240301-002", "inc-20240301-003"],
"action": "acknowledge"
}
| Field | Type | Required | Description |
|---|
ids | string[] | Yes | Array of incident IDs to update |
action | string | Yes | One of: acknowledge, resolve, escalate |
Response
{
"updated": 3,
"action": "acknowledge",
"ids": ["inc-20240301-001", "inc-20240301-002", "inc-20240301-003"]
}
Audit Trail
Get Incident Audit Log
GET /api/v1/audit?incident_id=:id
Query Parameters
| Parameter | Type | Required | Description |
|---|
incident_id | string | Yes | The incident ID to retrieve the audit trail for |
Response
{
"incident_id": "inc-20240301-001",
"entries": [
{
"action": "created",
"timestamp": "2024-03-01T15:30:00Z",
"details": "Incident created from anomaly detection"
},
{
"action": "acknowledged",
"timestamp": "2024-03-01T15:35:00Z",
"details": "Status changed from open to acknowledged"
},
{
"action": "escalated",
"timestamp": "2024-03-01T15:45:00Z",
"details": "Escalated to pagerduty"
},
{
"action": "resolved",
"timestamp": "2024-03-01T16:00:00Z",
"details": "Status changed to resolved"
}
]
}
LLM Status
Get LLM Provider Status
Returns the current status and health of the configured LLM provider, including whether it is reachable and the configured model.
Response (Healthy)
{
"status": "ok",
"provider": "openai",
"model": "gpt-4",
"available": true
}
Response (Degraded / Unreachable)
{
"status": "degraded",
"provider": "openai",
"model": "gpt-4",
"available": false,
"error": "Connection timeout after 5s"
}
When the LLM provider is unreachable, the Ticketing Agent continues to create incidents using rule-based fallback RCA instead of AI-generated root cause analysis. The Dashboard displays a “Fallback” badge on affected incidents.
Deduplication
The Ticketing Agent automatically deduplicates incoming anomalies to prevent duplicate incidents. Two anomalies are considered duplicates when they share the same service name, severity level, and occur within the configured lookback window.
When a duplicate is detected:
- No new incident is created
- The existing incident’s
updatedAt timestamp is refreshed
- The anomaly count is incremented on the existing incident
Configure the deduplication window via the anomaly settings endpoint:
PATCH /api/v1/config/anomaly
{
"lookbackWindow": "30m"
}
