incident.io Data Source

The incident.io connector enables you to ingest incident management data—including incidents, alerts, on-call schedules, actions, follow-ups, and team information—directly into Nexla for analysis, reporting, and integration with downstream systems. Follow the instructions below to create a new data flow that ingests data from an incident.io source in Nexla.

incident.io

Create a New Data Flow

1. To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Then, select the desired flow type from the list, and click the Create button.

2. Select the incident.io connector tile from the list of available connectors. Then, select the credential that will be used to connect to the incident.io instance, and click Next; or, create a new incident.io credential for use in this flow.

3. In Nexla, incident.io data sources can be created using pre-built endpoint templates, which expedite source setup for common incident.io endpoints. Each template is designed specifically for the corresponding incident.io API endpoint, making source configuration easy and efficient.
   • To configure this source using a template, follow the instructions in Configure Using a Template.

   incident.io sources can also be configured manually, allowing you to ingest data from incident.io endpoints not included in the pre-built templates or apply further customizations to exactly suit your needs.
   • To configure this source manually, follow the instructions in Configure Manually.

Configure Using a Template

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common incident.io endpoints. Each template is designed specifically for the corresponding incident.io API endpoint, making data source setup easy and efficient.

Endpoint Settings

• Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.

List Incidents

Retrieves a list of incidents from your incident.io organization, including metadata such as severity, status, timestamps, assigned roles, affected services, and custom fields. Use this endpoint to pull incident records into Nexla for operational analysis, SLA reporting, or integration with data warehouses and BI tools.

• This endpoint returns all incidents accessible to your API key. No additional configuration is required to retrieve the full list of incidents in your organization.
• The incident.io API returns incidents in pages of up to 250 records. Nexla automatically paginates through all available results to ensure a complete data set is ingested.
• Each incident record includes fields such as incident ID, name, summary, severity, status, created and updated timestamps, assigned team members, impacted services, and any custom fields defined in your incident.io account.

The fields returned by this endpoint reflect your organization's incident.io configuration, including any custom fields and statuses your team has defined. For complete details on the response schema, refer to the incident.io List Incidents API documentation.

List Alerts

Retrieves a list of alerts from your incident.io organization. Alerts in incident.io are notifications generated by monitoring and observability tools that are routed through alert routes. Use this endpoint to ingest alert data into Nexla for analysis of alert volumes, noise patterns, and correlation with incidents.

• This endpoint returns all alerts accessible to your API key, including alert source, status, associated incidents, deduplication keys, and timestamps.
• Nexla automatically paginates through all available alert records to ensure complete data ingestion.
• Alert data is particularly useful for tracking signal-to-noise ratios in your monitoring stack and identifying which alert sources most commonly trigger incidents in your environment.

For complete details about the alert data structure and available filter parameters, refer to the incident.io Alerts API documentation.

List Actions

Retrieves a list of actions from your incident.io organization. Actions are tasks assigned to team members during an incident to help with investigation and mitigation. Use this endpoint to track action completion rates, workload distribution, and response effectiveness across your team.

• This endpoint returns all actions across your incidents, including the action description, assignee, status (outstanding or completed), and the incident it is associated with.
• Nexla automatically paginates through all available action records to ensure complete data ingestion.
• Action data is useful for post-incident reviews and for measuring how effectively your team assigns and completes tasks during incidents.

List Follow-ups

Retrieves a list of follow-up actions from your incident.io organization. Follow-ups are post-incident tasks created to address root causes and prevent recurrence. Use this endpoint to track follow-up completion, ownership, and progress as part of your continuous improvement workflows.

• This endpoint returns all follow-up items across your incidents, including the follow-up title, assignee, due date, status, priority, and the associated incident.
• Nexla automatically paginates through all available follow-up records to ensure complete data ingestion.
• Follow-up data is particularly valuable for reliability engineering teams who need to ensure that post-incident action items are completed in a timely manner to prevent incident recurrence.

List Schedules

Retrieves a list of on-call schedules configured in your incident.io organization. On-call schedules define which team members are responsible for responding to incidents at any given time. Use this endpoint to ingest schedule data into Nexla for workforce planning, coverage reporting, and on-call rotation analysis.

• This endpoint returns all schedules accessible to your API key, including schedule name, team, timezone, rotation configuration, and the current on-call user(s).
• Nexla automatically paginates through all available schedule records to ensure complete data ingestion.
• Schedule data is useful for analyzing on-call burden across teams, ensuring adequate coverage during peak risk periods, and informing decisions about team capacity and rotation design.

For complete details about schedule configuration and available API parameters, refer to the incident.io On-call Schedules API changelog.

List Users

Retrieves a list of users in your incident.io organization. Use this endpoint to ingest user data into Nexla for correlating incident assignments, on-call rotations, and follow-up ownership with individual team members.

• This endpoint returns all users in your incident.io organization, including their name, email address, role, and associated teams.
• User data is often used as a lookup dimension when combining incident.io data with HR systems or other organizational data sources in Nexla.

Endpoint Testing

Once the selected endpoint template has been configured, Nexla can retrieve a sample of the data that will be fetched according to the current settings. This allows users to verify that the source is configured correctly before saving.

• To test the current endpoint configuration, click the Test button to the right of the endpoint selection menu. Sample data will be fetched & displayed in the Endpoint Test Result panel on the right.

• If the sample data is not as expected, review the selected endpoint and associated settings, and make any necessary adjustments. Then, click the Test button again, and check the sample data to ensure that the correct information is displayed.

Configure Manually

incident.io data sources can be manually configured to ingest data from any valid incident.io API endpoint. Manual configuration provides maximum flexibility for accessing endpoints not covered by pre-built templates or when you need custom API configurations.

With manual configuration, you can also create more complex incident.io sources, such as sources that use chained API calls to fetch data from multiple endpoints or sources that require custom authentication headers or request parameters.

The incident.io API base URL is https://api.incident.io/v2/ (with some resources available at /v1/ or /v3/). All endpoints use HTTPS and require a valid Bearer token in the Authorization header, which Nexla handles automatically from your saved credential.

API Method

1. To manually configure this source, select the Advanced tab at the top of the configuration screen.

2. Select the API method that will be used for calls to the incident.io API from the Method pulldown menu. The most common method for data retrieval is:

   • GET: For retrieving data from the API (used for listing incidents, alerts, schedules, users, and other resources).

   • POST: For sending data to the API or triggering actions (for example, creating a new incident or alert event).

API Endpoint URL

3. Enter the URL of the incident.io API endpoint from which this source will fetch data in the Set API URL field. The URL should be the complete endpoint URL including the protocol. For example:

   • https://api.incident.io/v2/incidents — list all incidents
   • https://api.incident.io/v2/alerts — list all alerts
   • https://api.incident.io/v2/follow_ups — list all follow-up actions
   • https://api.incident.io/v2/schedules — list all on-call schedules
   • https://api.incident.io/v2/users — list all users

Ensure the API endpoint URL is correct and accessible with your current credentials. You can test the endpoint using the Test button after configuring the URL. For a complete list of available incident.io API endpoints, refer to the incident.io API Reference.

Date/Time Macros (API URL)

Optional

Optionally, the API URL can be customized using macros—all macros added to the API URL will be converted into values when Nexla executes the API call. Macros are dynamic placeholders that allow you to create flexible API endpoints that can adapt to different time periods or data requirements.

Macros are particularly useful for incident.io endpoints that support date-based filtering parameters, such as fetching incidents created or updated within a specific time window. For example, you can use a macro to pass a created_after query parameter that dynamically reflects the previous day's date.

1. To add a macro, type { at the appropriate position in the API URL (within the Set API URL field), and select the desired macro from the dropdown list.

   • {now} – The current datetime
   • {now-1} – The datetime one time unit before the current datetime
   • {now+1} – The datetime one time unit after the current datetime
   • custom – Datetime macros can reference any number of time units before or after the current datetime—for example, enter (now-4) to indicate the datetime four time units before the current datetime

2. Select the format that will be applied to datetime macros from the Date Format for Date/Time Macro pulldown menu. This format will be applied to the base datetime value of the macro—i.e., the value of {now} in {now-1}.

3. Select the datetime unit that will be used to perform mathematical operations in the included macro(s) from the Time Unit for Operations pulldown menu—for example, for the macro {now-1}, when Day is selected, {now-1} will be converted to the datetime one day before the current datetime.

Lookup-Based Macros (API URL)

Optional

Column values from existing lookups can also be included as macros in the API URL. Lookup-based macros allow you to reference data from previously configured data sources or lookups, enabling dynamic API endpoints that can adapt based on existing data.

Lookup-based macros are useful when you need to create incident.io API endpoints that reference specific incident IDs, user IDs, or other identifiers from other data sources in your Nexla environment. For example, you can use a lookup macro to construct per-incident detail requests by referencing incident IDs from a previously ingested list.

1. To include a lookup column value macro, select the relevant lookup from the Add Lookups to Supported Macros pulldown menu.

2. Type { at the appropriate position in the API URL, and select the lookup column-based macro from the dropdown list. Lookup-based macros are automatically populated into the macro list when a lookup is selected in the Add Lookups to Supported Macros pulldown menu.

Path to Data

Optional

If only a subset of the data that will be returned by API endpoint is needed, you can designate the part(s) of the response that should be included in the Nexset(s) produced from this source by specifying the path to the relevant data within the response. This is particularly useful when API responses contain metadata, pagination information, or other data that you don't need for your analysis.

For example, the incident.io List Incidents endpoint returns a JSON object containing an incidents array along with pagination metadata. By specifying the path $.incidents[*], you can configure Nexla to treat each element of the incidents array as an individual record, rather than processing the entire response as a single record.

Path to Data is essential when API responses have nested structures. Without specifying the correct path, Nexla might not be able to properly parse and organize your data into usable records.

• To specify which data should be treated as relevant in responses from this source, enter the path to the relevant data in the Set Path to Data in Response field.

  • For responses in JSON format enter the JSON path that points to the object or array that should be treated as relevant data. JSON paths use dot notation (e.g., $.incidents[*] to access the incidents array, or $.data[*] for other endpoints).

  • For responses in XML format, enter the XPath that points to the object/array containing relevant data. XPath uses slash notation (e.g., /response/data/item to access item elements within a data element).

  Path to Data Example:

  If the incident.io API response includes a top-level incidents array containing the relevant records, the path to the data would be entered as $.incidents[*].

Autogenerate Path Suggestions

Nexla can also autogenerate data path suggestions based on the response from the API endpoint. These suggested paths can be used as-is or modified to exactly suit your needs.

• To use this feature, click the Test button next to the Set API URL field to fetch a sample response from the API endpoint. Suggested data paths generated based on the content & format of the response will be displayed in the Suggestions box below the Set Path to Data in Response field.

• Click on a suggestion to automatically populate the Set Path to Data in Response field with the corresponding path. The populated path can be modified directly within the field if further customization is needed.

  

Metadata

If metadata is included in the response but is located outside of the defined path to relevant data, you can configure Nexla to include this data as common metadata in each record. This is useful when you want to preserve important contextual information that applies to all records but isn't part of the main data array.

For example, the incident.io API typically includes pagination metadata (such as pagination_meta with total_record_count and cursor values) alongside the data array. If you have specified the path to the relevant incident records but want to preserve pagination context, you can specify a path to this metadata to include it with each record in the generated Nexset(s).

Metadata paths are particularly useful for preserving API response context like request IDs, timestamps, or summary statistics that apply to all records in the response.

• To specify the location of metadata that should be included with each record, enter the path to the relevant metadata in the Path to Metadata in Response field.

  • For responses in JSON format, enter the JSON path to the object or array that contains the metadata, and for responses in XML format, enter the XPath.

Request Headers

Optional

• If Nexla should include any additional request headers in API calls to this source, enter the headers & corresponding values as comma-separated pairs in the Request Headers field (e.g., header1:value1,header2:value2). Additional headers may be required for API versioning or custom request specifications.

  You do not need to include the Authorization header here, as it is handled automatically by Nexla from your saved credential. The incident.io API uses Content-Type: application/json by default, which is also handled automatically.

Endpoint Testing

After configuring all settings for the selected endpoint, Nexla can retrieve a sample of the data that will be fetched according to the current configuration. This allows users to verify that the source is configured correctly before saving.

• To test the current endpoint configuration, click the Test button to the right of the endpoint selection menu. Sample data will be fetched & displayed in the Endpoint Test Result panel on the right.

• If the sample data is not as expected, review the selected endpoint and associated settings, and make any necessary adjustments. Then, click the Test button again, and check the sample data to ensure that the correct information is displayed.

Save & Activate the Source

1. Once all of the relevant steps in the above sections have been completed, click the Create button in the upper right corner of the screen to save and create the new incident.io data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.