Get Alerts

Cortex Xpanse REST API
post /public_api/v2/alerts/get_alerts_multi_events/

Get a single alert or list of alerts with multiple events.

  • Response is concatenated using AND condition (OR is not supported).
  • Maximum result set size is 100.
  • Offset is the zero-based number of alerts from the start of the result set.


Note: You can send a request to retrieve all or filtered results.
Required license: Cortex Xpanse Expander

Request headers
authorization String required

api-key
Example: {{api_key}}
x-xdr-auth-id String required

api-key-id
Example: {{api_key_id}}
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: {{api_key}}' -H 'x-xdr-auth-id: {{api_key_id}}'
'https://api-}/public_api/v2/alerts/get_alerts_multi_events/'
-d '{ "request_data" : { "search_from" : 0, "next_page_token" : "next_page_token", "filters" : [ { "field" : "business_units_list", "value" : "AlertFilter_value", "operator" : "gte" }, { "field" : "business_units_list", "value" : "AlertFilter_value", "operator" : "gte" } ], "sort" : { "field" : "creation_time", "keyword" : "desc" }, "search_to" : 0, "use_page_token" : true } }'
import http.client conn = http.client.HTTPSConnection("api-") payload = "{\"request_data\":{\"filters\":[{\"field\":\"business_units_list\",\"operator\":\"gte\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"creation_time\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}" headers = { 'authorization': "{{api_key}}", 'x-xdr-auth-id': "{{api_key_id}}", 'content-type': "application/json" } conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = '{{api_key}}' request["x-xdr-auth-id"] = '{{api_key_id}}' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"business_units_list\",\"operator\":\"gte\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"creation_time\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "business_units_list", "operator": "gte", "value": "string" } ], "search_from": 0, "search_to": 100, "sort": { "field": "creation_time", "keyword": "ASC" }, "use_page_token": true, "next_page_token": "string" } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/"); xhr.setRequestHeader("authorization", "{{api_key}}"); xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/") .header("authorization", "{{api_key}}") .header("x-xdr-auth-id", "{{api_key_id}}") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"business_units_list\",\"operator\":\"gte\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"creation_time\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}") .asString();
import Foundation let headers = [ "authorization": "{{api_key}}", "x-xdr-auth-id": "{{api_key_id}}", "content-type": "application/json" ] let parameters = ["request_data": [ "filters": [ [ "field": "business_units_list", "operator": "gte", "value": "string" ] ], "search_from": 0, "search_to": 100, "sort": [ "field": "creation_time", "keyword": "ASC" ], "use_page_token": true, "next_page_token": "string" ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"business_units_list\",\"operator\":\"gte\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"creation_time\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}", CURLOPT_HTTPHEADER => [ "authorization: {{api_key}}", "content-type: application/json", "x-xdr-auth-id: {{api_key_id}}" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "authorization: {{api_key}}"); headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"business_units_list\",\"operator\":\"gte\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"creation_time\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v2/alerts/get_alerts_multi_events/"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "{{api_key}}"); request.AddHeader("x-xdr-auth-id", "{{api_key_id}}"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"business_units_list\",\"operator\":\"gte\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"creation_time\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json
request_dataobject

A dictionary containing the API request fields. An empty dictionary returns all results.

filtersarray

An array of filter fields.

[
fieldstring (Enum)

Identifies the alert fields the filter is matching.

Allowed values:"business_units_list""tags""asm_alert_categories""attack_surface_rule_id""alert_id_list""external_id_list""alert_source""creation_time""last_modified_ts""server_creation_time""severity""status""attack_surface_rule_name""host_name""xpanse_policy_id""case_id_list""cloud_management_status""integration_source""aws_cloud_tags""gcp_cloud_tags""azure_cloud_tags""first_observed""last_observed"
operatorstring (Enum)

String that identifies the comparison operator you want to use for this filter. Possible values:

  • in— use with alert_id_list, alert_source, asm_alert_categories, case_id_list, business_units_list, cloud_management_status, tags, xpanse_policy_id, severity, integration_source
  • gte— Filters data from a specific timestamp onwards. Use with creation_time, first_observed, last_observed.
  • lte— Filters data up to a specific timestamp. Use with creation_time, first_observed, last_observed.
  • range— Filters data between two specific timestamps. Use with first_observed, last_observed.
  • relative_timestamp— Filters data relative to the current time (e.g., last 30 days). Use with first_observed, last_observed.
Allowed values:"gte""lte""in""range""relative_timestamp"
valueobject

Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter:

  • alert_id_list — List of integers. Each item in the list must be an alert ID.
  • alert_source — List of strings.
  • asm_alert_categories — List of strings. Example values: "Development Infrastructure", "Unpatched, Misconfigured, and end-of-life (EOL) systems".
  • business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
  • case_id_list — List of integers. Each item in the list must be a case ID.
  • cloud_management_status — String. Values are Managed Cloud, Unmanaged Cloud, and Not Applicable.
  • creation_time — Integer representing the number of seconds or milliseconds after the Unix epoch, UTC timezone. The value is returned in the response under the detection_timestamp field and represented in the console under the TIMESTAMP field.
  • external_id_list— List of strings representing external IDs.
  • first_observed — Values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • integration_source — Valid values: AWS, AZURE, GOOGLE, PRISMA_CLOUD
  • last_observed — values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format, as follows "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • severity — Valid values: low, medium, high, critical, informational
  • status — Valid values: new, reopened, resolved_no_risk, resolved_risk_accepted, resolved_no_longer_observed, resolved_contested_asset, resolved_remediated_automatically, resolved, under_investigation.
  • tags — List of strings indicating the tags to filter on in the format "tag-family:tag-name", for example "AR:registered to you".
  • xpanse_policy_id — List of strings representing the xpanse policy IDs.
string

Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter:

  • alert_id_list — List of integers. Each item in the list must be an alert ID.
  • alert_source — List of strings.
  • asm_alert_categories — List of strings. Example values: "Development Infrastructure", "Unpatched, Misconfigured, and end-of-life (EOL) systems".
  • business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
  • case_id_list — List of integers. Each item in the list must be a case ID.
  • cloud_management_status — String. Values are Managed Cloud, Unmanaged Cloud, and Not Applicable.
  • creation_time — Integer representing the number of seconds or milliseconds after the Unix epoch, UTC timezone. The value is returned in the response under the detection_timestamp field and represented in the console under the TIMESTAMP field.
  • external_id_list— List of strings representing external IDs.
  • first_observed — Values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • integration_source — Valid values: AWS, AZURE, GOOGLE, PRISMA_CLOUD
  • last_observed — values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format, as follows "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • severity — Valid values: low, medium, high, critical, informational
  • status — Valid values: new, reopened, resolved_no_risk, resolved_risk_accepted, resolved_no_longer_observed, resolved_contested_asset, resolved_remediated_automatically, resolved, under_investigation.
  • tags — List of strings indicating the tags to filter on in the format "tag-family:tag-name", for example "AR:registered to you".
  • xpanse_policy_id — List of strings representing the xpanse policy IDs.
integer

Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter:

  • alert_id_list — List of integers. Each item in the list must be an alert ID.
  • alert_source — List of strings.
  • asm_alert_categories — List of strings. Example values: "Development Infrastructure", "Unpatched, Misconfigured, and end-of-life (EOL) systems".
  • business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
  • case_id_list — List of integers. Each item in the list must be a case ID.
  • cloud_management_status — String. Values are Managed Cloud, Unmanaged Cloud, and Not Applicable.
  • creation_time — Integer representing the number of seconds or milliseconds after the Unix epoch, UTC timezone. The value is returned in the response under the detection_timestamp field and represented in the console under the TIMESTAMP field.
  • external_id_list— List of strings representing external IDs.
  • first_observed — Values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • integration_source — Valid values: AWS, AZURE, GOOGLE, PRISMA_CLOUD
  • last_observed — values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format, as follows "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • severity — Valid values: low, medium, high, critical, informational
  • status — Valid values: new, reopened, resolved_no_risk, resolved_risk_accepted, resolved_no_longer_observed, resolved_contested_asset, resolved_remediated_automatically, resolved, under_investigation.
  • tags — List of strings indicating the tags to filter on in the format "tag-family:tag-name", for example "AR:registered to you".
  • xpanse_policy_id — List of strings representing the xpanse policy IDs.
Array
]
search_frominteger

An integer representing the starting offset within the query result set from which you want alerts returned. Alerts are returned as a zero-based list. Any alert indexed less than this value is not returned in the final result set and defaults to zero.

search_tointeger

An integer representing the end offset within the result set after which you do not want alerts returned. Alerts in the alerts list that are indexed higher than this value are not returned in the final results set. Defaults to 100, which returns all alerts to the end of the list. Use this field to specify the number of results on a page when using page token pagination.
Max value - 100

Default:100
sortobject

Identifies the sort order for the result set.

fieldstring (Enum)

Can either be severity or creation_time.

Default:"creation_time"
Allowed values:"creation_time""severity""server_creation_time"
keywordstring (Enum)

Can either be ASC (ascending order) or DESC (descending order). Case sensitive.

Default:"desc"
Allowed values:"ASC""asc""DESC""desc"
Free-Form object
use_page_tokenboolean

Use "use_page_token":true in the initial request to paginate the response data.

next_page_tokenstring

If "use_page_token":true was included in the initial request, the response for that request will include a page token. Use "next_page_token":"string" to pass that page token into the next request to paginate the next set of data.

Free-Form object
REQUEST
{ "request_data": { "filters": [ { "field": "business_units_list", "operator": "gte", "value": "string" } ], "search_from": 0, "search_to": 100, "sort": { "field": "creation_time", "keyword": "desc" }, "use_page_token": true, "next_page_token": "string" } }
{ "request_data": { "filters": [ { "field": "last_observed", "value": { "from": "{{previous30Days}}", "to": "{{previous7Days}}" }, "operator": "range" } ] } }
Responses

Successful response

Body
application/json
replyobjectrequired
total_countinteger

The number of total results of this filter without paging. If the filter returned 10,000 results or more than 9,999 will be the value and you can use paging to view the entire set of data.

result_countinteger

The number of alerts actually returned as result (integer).

alertsarray

A list of alerts.

[
categorystring
projectstring
cloud_providerstring
resource_sub_typestring
resource_typestring
action_countryarray[string]
descriptionstring
eventsstring
event_typestring
is_whitelistedboolean
image_namestring
action_local_ipstring
action_local_portstring
mitre_tactic_id_and_namearray[string]
mitre_technique_id_and_namearray[string]
action_external_hostnamestring
action_remote_iparray[string]
action_remote_portarray[integer]
matching_service_rule_idstring
starredboolean
external_idstring
severitystring
matching_statusstring
end_match_attempt_tsstring
local_insert_tsinteger

The UNIX timestamp that this record was written to the database

last_modified_tsinteger

The UNIX timestamp that this record was last modified

case_idinteger
deduplicate_tokensstring
filter_rule_idstring
event_idstring
event_timestamparray[integer]
action_local_ip_v6string
action_remote_ip_v6array[string]
alert_typestring
resolution_statusstring
resolution_commentstring
dynamic_fieldsstring
tagsarray[string]
malicious_urlsstring
asm_alert_categoriesarray[string]
aws_cloud_tagsarray[string]
azure_cloud_tagsarray[string]
gcp_cloud_tagsarray[string]
last_observedinteger
country_codesarray[string]
cloud_providersarray[string]
ipv4_addressesarray[string]
ipv6_addressesarray[string]
domain_namesarray[string]
service_idsarray[string]
website_idsarray[string]
asset_idsarray[string]
certificateobject
issuerNamestring
subjectNamestring
validNotBeforeinteger
validNotAfterinteger
serialNumberstring
Free-Form object
port_protocolstring
port_numberinteger
cloud_management_statusstring
business_unit_hierarchiesarray
[
[
creation_timeinteger
familystring
family_aliasstring
idstring
is_activeinteger
namestring
parent_idstring
update_timeinteger
Free-Form object
]
]
attack_surface_rule_namestring
remediation_guidancestring
attack_surface_rule_idstring
asset_identifiersarray
[
domainstring
certificateobject
issuerNamestring
subjectNamestring
validNotBeforeinteger
validNotAfterinteger
serialNumberstring
Free-Form object
ipv4Addressstring
ipv6Addressstring
httpPathstring
portNumberinteger
portProtocolstring
firstObservedinteger
lastObservedinteger
Free-Form object
]
integration_sourcestring
alert_idstring
detection_timestampinteger
namestring
endpoint_idstring
host_ipstring
host_namestring
actionstring
sourcestring
user_namestring
mac_addressesstring
action_prettystring
Free-Form object
]
next_page_tokenstring

This attribute is only returned if use_page_token is provided in the request with value true

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "total_count": 0, "result_count": 0, "alerts": [ { "category": "example", "project": "example", "cloud_provider": "example", "resource_sub_type": "example", "resource_type": "example", "action_country": [ "example" ], "description": "example", "events": "example", "event_type": "example", "is_whitelisted": false, "image_name": "example", "action_local_ip": "example", "action_local_port": "example", "mitre_tactic_id_and_name": [ "example" ], "mitre_technique_id_and_name": [ "example" ], "action_external_hostname": "example", "action_remote_ip": [ "example" ], "action_remote_port": [ 0 ], "matching_service_rule_id": "example", "starred": false, "external_id": "example", "severity": "example", "matching_status": "example", "end_match_attempt_ts": "example", "local_insert_ts": 0, "last_modified_ts": 0, "case_id": 0, "deduplicate_tokens": "example", "filter_rule_id": "example", "event_id": "example", "event_timestamp": [ 0 ], "action_local_ip_v6": "example", "action_remote_ip_v6": [ "example" ], "alert_type": "example", "resolution_status": "example", "resolution_comment": "example", "dynamic_fields": "example", "tags": [ "example" ], "malicious_urls": "example", "asm_alert_categories": [ "example" ], "aws_cloud_tags": [ "example" ], "azure_cloud_tags": [ "example" ], "gcp_cloud_tags": [ "example" ], "last_observed": 0, "country_codes": [ "example" ], "cloud_providers": [ "example" ], "ipv4_addresses": [ "example" ], "ipv6_addresses": [ "example" ], "domain_names": [ "example" ], "service_ids": [ "example" ], "website_ids": [ "example" ], "asset_ids": [ "example" ], "certificate": { "issuerName": "example", "subjectName": "example", "validNotBefore": 0, "validNotAfter": 0, "serialNumber": "example" }, "port_protocol": "example", "port_number": 0, "cloud_management_status": "example", "business_unit_hierarchies": [ [ { "creation_time": 0, "family": "example", "family_alias": "example", "id": "example", "is_active": 0, "name": "example", "parent_id": "example", "update_time": 0 } ] ], "attack_surface_rule_name": "example", "remediation_guidance": "example", "attack_surface_rule_id": "example", "asset_identifiers": [ { "domain": "example", "certificate": { "issuerName": "example", "subjectName": "example", "validNotBefore": 0, "validNotAfter": 0, "serialNumber": "example" }, "ipv4Address": "example", "ipv6Address": "example", "httpPath": "example", "portNumber": 0, "portProtocol": "example", "firstObserved": 0, "lastObserved": 0 } ], "integration_source": "example", "alert_id": "example", "detection_timestamp": 0, "name": "example", "endpoint_id": "example", "host_ip": "example", "host_name": "example", "action": "example", "source": "example", "user_name": "example", "mac_addresses": "example", "action_pretty": "example" } ], "next_page_token": "example" } }

Bad Request. Got an invalid JSON.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. User does not have the required license type to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unprocessable Entity

Body
application/json
codeinteger

Error code

statusstring

Error name

messagestring

Error message

errorsobject

Errors

RESPONSE
{ "code": 0, "status": "example", "message": "example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }