Get incidents | HUMAN Documentation

curl -G https://api-gw.perimeterx.com/v1/incidents \
     -H "Authorization: Bearer <token>" \
     -d appId=abc123 \
     -d appId=def456 \
     -d tld=domain1.com \
     -d tld=domain2.com \
     -d from=1674313200000 \
     -d to=1674313200000 \
     -d skip=40 \
     -d take=10

{
  "paging": {
    "previous": "",
    "current": "https://10.192.0.80:80/v1/incidents?appId=ABC123&tld=example.com&take=20&skip=0",
    "next": "https://10.192.0.80:80/v1/incidents?appId=ABC123&tld=example.com&take=20&skip=20",
    "count": 1000
  },
  "data": [
    {
      "id": "507f1f77bcf86cd799439011",
      "category": "pii",
      "incident": "Credentials - Email access is being made by a third party script",
      "details": "Accessing email address.",
      "initiator": "script.com/lib/main.[UNIQUE_ID].js",
      "first_seen": "2022-01-30T12:15:49Z",
      "last_seen": "2023-03-23T08:55:27Z",
      "host_domain": "example.com",
      "app_id": "PXabc123",
      "page_types": [
        "checkout",
        "products_and_search"
      ],
      "page_types_per": {
        "checkout": 1.436782,
        "login": 1.060606,
        "products_and_search": 0.015879
      },
      "ack_updated_at": "2022-04-26T08:54:22.084Z",
      "additional_data": {
        "vulnerabilities": [
          {
            "package": "jquery-ui",
            "version": "1.0.0",
            "ids": [
              "CVE-2022-1234",
              "CVE-2022-5678"
            ]
          }
        ]
      },
      "under_review": true,
      "risk_level": "high",
      "script": {
        "users_affected_percentage": 50.5,
        "ack": false,
        "key": "11aa22bbcc3344ddeeff5566gghh",
        "id": "script/lib/main.[UNIQUE_ID].js",
        "app_id": "PXabc123",
        "host_domain": "example.com",
        "type": "third_party",
        "vendor": "Google",
        "first_seen": "2021-12-30T16:18:53Z",
        "last_seen": "2023-03-23T09:13:44Z",
        "risk": {
          "level": "medium",
          "reason": "PII sniffing"
        },
        "page_types": [
          "checkout",
          "login",
          "products_and_search"
        ]
      },
      "actions": [
        {
          "type": "DOM Removal",
          "subtype": "Deleted script",
          "last_seen": "2023-03-23T09:13:44Z",
          "action_args": {
            "Storage Key": "mixPanel",
            "Element ID": "email",
            "Element Name": "email",
            "Element tags": "script",
            "Target URL Host": "juggler",
            "Inserted Element Tag": "script",
            "Removed Element Tag": ""
          }
        }
      ]
    }
  ]
}

Get a list of detected incidents for the given Application IDs and host domains.

curl -G https://api-gw.perimeterx.com/v1/incidents \
     -H "Authorization: Bearer <token>" \
     -d appId=abc123 \
     -d appId=def456 \
     -d tld=domain1.com \
     -d tld=domain2.com \
     -d from=1674313200000 \
     -d to=1674313200000 \
     -d skip=40 \
     -d take=10

{
  "paging": {
    "previous": "",
    "current": "https://10.192.0.80:80/v1/incidents?appId=ABC123&tld=example.com&take=20&skip=0",
    "next": "https://10.192.0.80:80/v1/incidents?appId=ABC123&tld=example.com&take=20&skip=20",
    "count": 1000
  },
  "data": [
    {
      "id": "507f1f77bcf86cd799439011",
      "category": "pii",
      "incident": "Credentials - Email access is being made by a third party script",
      "details": "Accessing email address.",
      "initiator": "script.com/lib/main.[UNIQUE_ID].js",
      "first_seen": "2022-01-30T12:15:49Z",
      "last_seen": "2023-03-23T08:55:27Z",
      "host_domain": "example.com",
      "app_id": "PXabc123",
      "page_types": [
        "checkout",
        "products_and_search"
      ],
      "page_types_per": {
        "checkout": 1.436782,
        "login": 1.060606,
        "products_and_search": 0.015879
      },
      "ack_updated_at": "2022-04-26T08:54:22.084Z",
      "additional_data": {
        "vulnerabilities": [
          {
            "package": "jquery-ui",
            "version": "1.0.0",
            "ids": [
              "CVE-2022-1234",
              "CVE-2022-5678"
            ]
          }
        ]
      },
      "under_review": true,
      "risk_level": "high",
      "script": {
        "users_affected_percentage": 50.5,
        "ack": false,
        "key": "11aa22bbcc3344ddeeff5566gghh",
        "id": "script/lib/main.[UNIQUE_ID].js",
        "app_id": "PXabc123",
        "host_domain": "example.com",
        "type": "third_party",
        "vendor": "Google",
        "first_seen": "2021-12-30T16:18:53Z",
        "last_seen": "2023-03-23T09:13:44Z",
        "risk": {
          "level": "medium",
          "reason": "PII sniffing"
        },
        "page_types": [
          "checkout",
          "login",
          "products_and_search"
        ]
      },
      "actions": [
        {
          "type": "DOM Removal",
          "subtype": "Deleted script",
          "last_seen": "2023-03-23T09:13:44Z",
          "action_args": {
            "Storage Key": "mixPanel",
            "Element ID": "email",
            "Element Name": "email",
            "Element tags": "script",
            "Target URL Host": "juggler",
            "Inserted Element Tag": "script",
            "Removed Element Tag": ""
          }
        }
      ]
    }
  ]
}

Get a list of detected incidents for the given Application IDs and host domains.

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Query parameters

appIdlist of stringsRequired

An array of Application IDs to filter the relevant incidents by. At least one ID is required.

tldlist of stringsRequired

An array of host domains to filter the relevant incidents by. At least one domain is required.

fromintegerOptional

A timestamp, in milliseconds, indicating from what point in time to filter the results by. Defaults to the past 24 hours.

tointegerOptional

A timestamp, in milliseconds, indicating until what point in time to filter the results by. Defaults to the current time.

skipintegerOptionalDefaults to 0

The number of incidents to offset pagination by when returning the results.

takeintegerOptionalDefaults to 20

The number of incidents to display per page when returning the results.

Response

Success

pagingobject

datalist of objects

Errors

401

Unauthorized Error

422

Unprocessable Entity Error

500

Internal Server Error

$	curl -G https://api-gw.perimeterx.com/v1/incidents \
>	-H "Authorization: Bearer <token>" \
>	-d appId=abc123 \
>	-d appId=def456 \
>	-d tld=domain1.com \
>	-d tld=domain2.com \
>	-d from=1674313200000 \
>	-d to=1674313200000 \
>	-d skip=40 \
>	-d take=10

1	{
2	"paging": {
3	"previous": "",
4	"current": "https://10.192.0.80:80/v1/incidents?appId=ABC123&tld=example.com&take=20&skip=0",
5	"next": "https://10.192.0.80:80/v1/incidents?appId=ABC123&tld=example.com&take=20&skip=20",
6	"count": 1000
7	},
8	"data": [
9	{
10	"id": "507f1f77bcf86cd799439011",
11	"category": "pii",
12	"incident": "Credentials - Email access is being made by a third party script",
13	"details": "Accessing email address.",
14	"initiator": "script.com/lib/main.[UNIQUE_ID].js",
15	"first_seen": "2022-01-30T12:15:49Z",
16	"last_seen": "2023-03-23T08:55:27Z",
17	"host_domain": "example.com",
18	"app_id": "PXabc123",
19	"page_types": [
20	"checkout",
21	"products_and_search"
22	],
23	"page_types_per": {
24	"checkout": 1.436782,
25	"login": 1.060606,
26	"products_and_search": 0.015879
27	},
28	"ack_updated_at": "2022-04-26T08:54:22.084Z",
29	"additional_data": {
30	"vulnerabilities": [
31	{
32	"package": "jquery-ui",
33	"version": "1.0.0",
34	"ids": [
35	"CVE-2022-1234",
36	"CVE-2022-5678"
37	]
38	}
39	]
40	},
41	"under_review": true,
42	"risk_level": "high",
43	"script": {
44	"users_affected_percentage": 50.5,
45	"ack": false,
46	"key": "11aa22bbcc3344ddeeff5566gghh",
47	"id": "script/lib/main.[UNIQUE_ID].js",
48	"app_id": "PXabc123",
49	"host_domain": "example.com",
50	"type": "third_party",
51	"vendor": "Google",
52	"first_seen": "2021-12-30T16:18:53Z",
53	"last_seen": "2023-03-23T09:13:44Z",
54	"risk": {
55	"level": "medium",
56	"reason": "PII sniffing"
57	},
58	"page_types": [
59	"checkout",
60	"login",
61	"products_and_search"
62	]
63	},
64	"actions": [
65	{
66	"type": "DOM Removal",
67	"subtype": "Deleted script",
68	"last_seen": "2023-03-23T09:13:44Z",
69	"action_args": {
70	"Storage Key": "mixPanel",
71	"Element ID": "email",
72	"Element Name": "email",
73	"Element tags": "script",
74	"Target URL Host": "juggler",
75	"Inserted Element Tag": "script",
76	"Removed Element Tag": ""
77	}
78	}
79	]
80	}
81	]
82	}