AIops Engine API
Base URL: http://localhost:8080/api/v1 (HTTP) and http://localhost:9093/api/v1 (Alertmanager webhook)
All endpoints require JWT authentication unless noted otherwise.
Authorization: Bearer <your-jwt-token>
System Status
GET /api/v1/status
System health and component status.
Response 200
{
"status": "ok",
"version": "1.2.0",
"components": {
"watchdog": "running",
"vectorizer": "running",
"rca": "ready",
"llm": "connected",
"clickhouse": "ok"
},
"watchdog": {
"last_run": "2026-04-10T12:00:00Z",
"metrics_monitored": 3241,
"anomalies_last_hour": 7
}
}
Tenants
GET /api/v1/tenants
List all tenants. Requires Super-Admin role.
Response 200
{
"tenants": [
{
"tenant_id": "acme-corp",
"name": "Acme Corporation",
"plan": "pro",
"created_at": "2026-01-15T00:00:00Z",
"events_this_month": 142000000
}
]
}
POST /api/v1/tenants
Register a new tenant. Requires Super-Admin role.
Request body
{
"tenant_id": "acme-corp",
"name": "Acme Corporation",
"plan": "pro",
"contact_email": "ops@acme.com"
}
Response 201
{
"tenant_id": "acme-corp",
"created_at": "2026-04-10T12:00:00Z"
}
RBAC
GET /api/v1/rbac/permissions
Get the permissions of the currently authenticated user.
Response 200
{
"tenant_id": "acme-corp",
"user_id": "alice@acme.com",
"role": "admin",
"level": 3,
"permissions": ["read", "write", "manage_keys", "manage_users"]
}
Anomalies
GET /api/v1/anomalies
List detected anomalies with optional filters.
Query parameters
| Param | Type | Description |
|---|---|---|
service_id | string | Filter by service |
since | RFC3339 | Start timestamp |
until | RFC3339 | End timestamp |
min_score | float | Minimum anomaly score (0–1) |
limit | int | Max records (default: 50, max: 1000) |
Response 200
{
"anomalies": [
{
"anomaly_id": "anom-7f3d",
"service_id": "payment-api",
"metric_name": "cpu_usage_percent",
"anomaly_score": 0.93,
"z_score": 4.2,
"detected_at": "2026-04-10T12:00:05Z",
"rca_triggered": true,
"resolved": false
}
],
"total": 142,
"page_token": "eyJvZmZzZXQiOjUwfQ=="
}
RCA
GET /api/v1/rca/correlations
Get service correlation graph for blast radius analysis.
Query parameters
| Param | Type | Description |
|---|---|---|
service_id | string | Origin service |
depth | int | Max graph traversal depth (default: 3) |
Response 200
{
"service_id": "payment-api",
"correlations": [
{
"related_service": "user-service",
"correlation_score": 0.87,
"lag_minutes": 2,
"direction": "downstream"
},
{
"related_service": "database",
"correlation_score": 0.91,
"lag_minutes": -3,
"direction": "upstream"
}
]
}
Alertmanager Webhook
POST /api/v1/alerts/webhook (port 9093)
Receive alerts from Prometheus Alertmanager. No auth required (configure network-level restriction instead).
Request body (standard Alertmanager format)
{
"alerts": [
{
"status": "firing",
"labels": {
"alertname": "HighCPU",
"service_id": "payment-api",
"severity": "critical"
},
"annotations": {
"summary": "CPU usage above 85% for 5 minutes"
},
"startsAt": "2026-04-10T12:00:00Z",
"endsAt": "0001-01-01T00:00:00Z"
}
],
"groupLabels": {"alertname": "HighCPU"},
"commonLabels": {"service_id": "payment-api"}
}
Response 200
{"status": "ok", "rca_triggered": true, "anomaly_id": "anom-7f3d"}
Resolution Webhook
POST /api/v1/resolutions/webhook
Submit a human-authored incident resolution for training the incident memory.
Request body
{
"incident_id": "anom-7f3d",
"service_id": "payment-api",
"resolution": "Scaled payment-api from 3 to 5 pods. Root cause was memory leak in DB connection pool introduced in v2.3.1. Fixed by upgrading to v2.3.2.",
"resolved_by": "alice@mycompany.com",
"time_to_recovery_minutes": 18,
"tags": ["memory-leak", "db-pool"]
}
Response 200
{"status": "ok", "stored": true, "knowledge_base_id": "kb-abc123"}
API Keys
POST /api/v1/apikeys
Create a new API key for the authenticated tenant. Requires Admin role.
Request body
{
"name": "Production Ingestion",
"scope": "ingestion",
"rate_limit_rps": 1000,
"expires_at": "2027-01-01T00:00:00Z"
}
Response 201
{
"key_id": "isage_key_abc123",
"api_key": "isage_ab...xyz",
"scope": "ingestion",
"created_at": "2026-04-10T12:00:00Z"
}
The full api_key value is only shown once at creation. Store it securely.
GET /api/v1/apikeys
List API keys for the authenticated tenant (shows prefix only, never full key).
DELETE /api/v1/apikeys/:key_id
Revoke an API key.