How to retrieve dedup_key from REST Api /incidents endpoint

Good afternoon,

I’m working on a tool with a workflow that would retrieve a list of incidents by the service-id, then iterate through those to resolve or acknowledge them with the Events V2 Api.[]=acknowledged&statuses[]=triggered (as well as the serviceId query param)

As I’m looking through the results of these, I don’t see a field that would line up with the value of the dedup_key. I understand from reading through the documents that the incident_key should be sufficient. When looking at that field, it’s null or has a value that looks different than a UUID.

Is there another field/value that can be used for the events api v2 dedup_key? or am I looking in the wrong place for it?

thank you

Hello Brian,

The Alert key should line up with the Dedup key. Details on that here.

Are you seeking something different?


Try your query with an include[]=‘first_trigger_log_entries’ and then look into the cef_details section for the dedup_key. This will always contain the raw event data for the triggering event.


Thank you for the replies. Doug, I tried using that extra query param. I had similar results. Looking more closely at this, I think my solution would be use to the REST api PUT /incidents/{id} with the incident id.

I appreciate the responses!