Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.anomalyarmor.ai/llms.txt

Use this file to discover all available pages before exploring further.

Send AnomalyArmor alerts to incident.io to automatically create incidents when schema drift or data quality issues are detected. Critical changes can trigger incidents for immediate response from your on-call team.

Why incident.io?

incident.io is ideal for teams that want structured incident management:
  • Incident lifecycle: Track incidents from detection to resolution
  • Automatic creation: Alerts create incidents automatically
  • Slack integration: Automatically create incident channels
  • Post-mortems: Built-in tooling for learning from incidents

Prerequisites

Before you begin:
  • incident.io account with API access
  • AnomalyArmor account with alert configuration permissions
  • Permission to create API keys in incident.io

Setup Guide

Step 1: Create an incident.io API Key

In incident.io:
  1. Go to SettingsAPI Keys
  2. Click Create API key
  3. Give it a descriptive name (e.g., “AnomalyArmor Integration”)
  4. Ensure it has the incident.write permission
  5. Click Create
  6. Copy the API key (it won’t be shown again)
API keys start with inc_ followed by a long alphanumeric string.

Step 2: Get Your Closed Status ID (Optional)

To enable automatic incident closing when alerts are resolved in AnomalyArmor:
  1. Go to SettingsIncident Lifecycle in incident.io
  2. Click on a status with category “Closed” (e.g., “Closed”, “Resolved”)
  3. Copy the UUID from the URL (e.g., 01FCNDV6P870EA6S7TK1DSYDG0)
When configured, resolving or dismissing an alert in AnomalyArmor will automatically close the corresponding incident in incident.io.

Step 3: Add Destination in AnomalyArmor

  1. Log in to AnomalyArmor
  2. Click Alerts in the left sidebar
  3. Select Destinations tab
  4. Click Add Destination
  5. Select incident.io

Step 4: Configure the Destination

Enter the following:
FieldDescription
NameA descriptive name (e.g., “incident.io - Data Platform”)
API KeyThe API key copied from incident.io
Closed Status ID(Optional) UUID of the status to set when closing incidents automatically

Step 5: Test the Connection

Click Test to create a test incident in incident.io. 
Success! Incident created: INC-123
Check incident.io to confirm the incident was created.
Remember to resolve the test incident in incident.io to keep your incident list clean.

Step 6: Save

Click Create Destination to complete the setup.

Alert Format

AnomalyArmor creates incidents using the incident.io API v2:
FieldValue
Name[AnomalyArmor] Alert title
SummaryAlert description with AnomalyArmor context
Modestandard (not retrospective)
Visibilitypublic

Incident Summary

Each incident includes:
  • Alert description
  • Source: AnomalyArmor
  • Rule name that triggered the alert
  • Event type (schema_change, freshness_violation, etc.)
  • Asset ID

Idempotency

AnomalyArmor includes an idempotency key with each incident request. This prevents duplicate incidents if the same alert is processed multiple times.

Incident Lifecycle

AnomalyArmor supports full incident lifecycle management:
AnomalyArmor Actionincident.io Effect
Alert triggeredNew incident created
Alert resolvedIncident status updated to configured closed status
Alert dismissedIncident status updated to configured closed status
Automatic incident closing requires the Closed Status ID to be configured. If not set, incidents must be closed manually in incident.io.

Best Practices

Reserve for Critical Alerts

Don’t route all alerts to incident.io. Reserve it for events that require coordinated response - typically production schema changes that could break pipelines or critical freshness SLA violations.
Good use cases:
  • Production column removed or renamed
  • Critical table freshness SLA violated
  • Breaking schema changes in production databases
Better handled elsewhere:
  • Development database changes (use Slack)
  • Informational schema additions (use email)
  • Routine freshness warnings (use Slack digest)

Combine with Other Destinations

Create alert rules that send to multiple destinations: Production Breaking Changes
  • Event: Schema Change
  • Scope: production databases
  • Conditions: Column removed OR type changed
  • Destinations: incident.io (incident creation), Slack #data-incidents (team visibility), Email data-eng-list@company.com (record)

Troubleshooting

”No API key configured”

Cause: The API key field is empty. Fix:
  1. Edit the destination in AnomalyArmor
  2. Enter your incident.io API key
  3. Save the destination

”HTTP 401: Unauthorized”

Cause: The API key is invalid or expired. Fix:
  1. Go to incident.io Settings → API Keys
  2. Verify the key exists and hasn’t been revoked
  3. Create a new API key if needed
  4. Update the destination in AnomalyArmor

”HTTP 403: Forbidden”

Cause: The API key lacks required permissions. Fix:
  1. Go to incident.io Settings → API Keys
  2. Verify the key has incident.write permission
  3. Create a new key with correct permissions if needed

Incidents not appearing

Cause: Rate limiting or API issues. Fix:
  1. Check incident.io status page for outages
  2. Use the Test button to verify connectivity
  3. Check the AnomalyArmor alert history for delivery errors
Set incident severity manually in incident.io based on your organization’s criteria, or use incident.io’s built-in rules to auto-assign severity.

Security

Data Sent to incident.io

Incident data contains:
  • Asset names (database, schema, table names)
  • Change types and descriptions
  • Timestamps
  • Rule information
Incident data does not contain:
  • Actual data values
  • Database credentials
  • Connection strings
  • Query results

Revoking Access

To disconnect AnomalyArmor from incident.io:
  1. In AnomalyArmor: Delete the incident.io destination
  2. In incident.io: Revoke the API key in Settings → API Keys

Common Questions

What permissions does the incident.io API key need?

The key must have the incident.write permission to create incidents. If you want automatic incident closing when alerts resolve, the same key handles status updates. API keys start with inc_ and are created under Settings > API Keys in incident.io.

Will resolving an AnomalyArmor alert close the incident.io incident?

Only if you configure the Closed Status ID on the destination. Without it, incidents stay open in incident.io even after the alert is resolved or dismissed in AnomalyArmor. Find the status UUID under Settings > Incident Lifecycle in incident.io.

Does AnomalyArmor create duplicate incidents if the same alert fires twice?

No. Every request includes an idempotency key, so retries and repeated processing of the same alert collapse into a single incident in incident.io.

Should I route every alert to incident.io?

No. Reserve it for events that justify a coordinated response such as production breaking schema changes or critical freshness SLA violations. Route dev changes, informational additions, and routine freshness warnings to Slack or email instead. See Best Practices.

Next Steps

Alert Rules

Create rules that route to incident.io

Best Practices

Reduce alert fatigue and create incidents only when necessary