Skip to content

Request Incident Action

The incident action endpoints provide multiple ways to submit a request for review, takedown, or other feedback on an existing incident by referencing its id. The action requested is specified in the action field and can be one of the following:

  • tkd: requests a takedown on an existing incident.
  • monitor: request an analyst to place this incident into monitoring.
  • safe: request an analyst to remove this incident from the database.

Endpoint

POST /v1/incident/{id}/{action}

Request Example

curl -X POST 'https://capi.phishfort.com/v1/incident/{id}/{action}' \
  -H 'accept: application/json' \
  -H 'x-api-key: YOUR_API_KEY'

import requests

incident_id = "abc123efd"
action = "tkd"  # or "monitor", "safe"
response = requests.post(
    f"https://capi.phishfort.com/v1/incident/{incident_id}/{action}",
    headers={
        "accept": "application/json",
        "x-api-key": "YOUR_API_KEY",
    },
)
print(response.json())

const incidentId = "abc123efd";
const action = "tkd"; // or "monitor", "safe"
const response = await fetch(
  `https://capi.phishfort.com/v1/incident/${incidentId}/${action}`,
  {
    method: "POST",
    headers: {
      accept: "application/json",
      "x-api-key": "YOUR_API_KEY",
    },
  }
);
const data = await response.json();
console.log(data);

Where {id} is the ID of the incident you wish to query and {action} is one of the predetermined actions provided and explained above.

Response Example

In the case of a successful request for review being submitted, the endpoint will return status code 200 with a relevant message. If the incident cannot be found, a 404 response will be returned.

{
    "message": "You issued a review request to mark safe on incidentId: abc123efd",
    "id": "abc123efd"
}