Incidents
Deprecation Notice
The statusVerbose field will be deprecated on 30th April 2026. Please use the status field instead, which returns the same computed verbose status values. See Status Values for details.
The incidents endpoint returns an optionally paginated list of incidents related to the client.
Pagination
This endpoint uses cursor-based pagination to efficiently navigate through large result sets. Use the limit parameter to control page size and the cursor parameter to fetch subsequent pages.
- If the response includes a
paging.nextvalue, more results are available - Pass the
paging.nextvalue as thecursorparameter in your next request to fetch the next page - When
paging.nextisnullor absent, you have reached the end of the results
See PagingStructure for the response format.
Endpoint
GET /v1/incidents
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
clientId |
string |
No | Filter incidents by sub-client ID. Only for clients with managed sub-clients. |
toDate |
string |
No | Filter incidents created before this date. ISO 8601 format (YYYY-MM-DDTHH:mm:ss.sssZ). |
fromDate |
string |
No | Filter incidents created after this date. ISO 8601 format (YYYY-MM-DDTHH:mm:ss.sssZ). |
status |
string |
No | Filter by incident status. See Status Values for accepted values. |
limit |
integer |
No | Maximum number of incidents to return per page. Defaults to 5000 if not specified. |
cursor |
string |
No | Cursor for pagination. Use the paging.next value from the previous response to fetch the next page. |
Request Example
const params = new URLSearchParams({
clientId: "your_client_id",
fromDate: "2022-01-01T12:00",
toDate: "2022-03-08T12:00",
limit: "100",
});
const response = await fetch(
`https://capi.phishfort.com/v1/incidents?${params}`,
{
headers: {
accept: "application/json",
"x-api-key": "YOUR_API_KEY",
},
}
);
const data = await response.json();
console.log(data);
Response Example
The data field is an array of IncidentStructure's. When pagination is used, the response includes a paging object (see PagingStructure).
{
"message": "success",
"data": [
{
"id": "054zKkjCnR1I3B3U812z",
"clientId": "0Xp5voyA4y5xYNoufOVC",
"safeDomain": "exampleclient.com",
"subject": "uniformprivate.cc",
"incidentType": "domain",
"domain": "uniformprivate.cc",
"url": "https://uniformprivate.cc/chevrolet/",
"source": "PHISHFORT_DETECTED",
"timestamp": "2021-11-08T20:36:43.765Z",
"lastHistoryUpdateTimestamp": "2021-12-06T15:10:01.299Z",
"burnStartedTimestamp": "2021-12-06T10:34:43.883Z",
"takedownTimestamp": "2021-12-06T15:10:01.299Z",
"reportedBy": "analyst@phishfort.com",
"threatTaxonomy": {
"name": "Brand - Website - Impersonation",
"description": "Unauthorized representation of another person, brand, or entity. Includes fake profiles, cloned websites, or identity theft used to deceive victims."
},
"status": "takedown_success",
"incidentClass": "phishing"
}
],
"paging": {
"cursor": "054zKkjCnR1I3B3U812z",
"next": "1AbcDefGhI2jKlMnO345",
"limit": 100
}
}