# Overview
Source: https://docs.rootly.com/ai/ai

Discover how Rootly AI supports incident response with proactive guidance, concise summaries, and conversational workflows across the incident lifecycle.

Rootly AI applies generative AI across the entire incident lifecycle, from the moment an alert fires through post-incident analysis. Rather than acting as a separate tool, Rootly AI is embedded directly into incident workflows, helping responders understand what is happening, decide what to do next, and document outcomes with minimal manual effort.

Rootly AI provides proactive guidance, accurate summaries, and contextual insights using simple conversational prompts in both Slack and the web application. All AI capabilities are designed to fit naturally into existing incident response processes without disrupting established workflows.

<Callout icon="brain">
  Rootly AI is designed to augment incident responders, not replace them. It provides context, suggestions, and summaries while keeping humans in control of decisions and actions.
</Callout>

<Frame>
  <img alt="Rootly AI overview" />
</Frame>

## What Rootly AI Can Do

Rootly AI supports a focused set of capabilities that map directly to common incident-response needs. Each feature can be used independently and is available when both enabled at the team level and permitted for the specific incident based on privacy settings.

### Generated Incident Titles

Rootly AI can automatically generate concise, descriptive incident titles based on available incident context. This helps teams quickly understand the nature of an incident without manually crafting a summary under pressure. Titles are designed to be short, consistent, and informative, making dashboards, timelines, and retrospectives easier to scan.

### Incident Summarization

Incident Summarization produces a single, coherent summary of what happened during an incident. The summary is generated from incident metadata, timeline events, alerts, action items, and relevant communications. It is intended to capture the problem, impact, trigger or cause when available, resolution steps, and key participants in plain language.

Summaries can be generated and updated during an active incident or after resolution, automatically improving as more information becomes available. Summaries can be generated using `/rootly summary` in Slack or the **Generate Summary** button in the web application.

### Incident Catchup

Incident Catchup helps responders who join an incident after it has already started quickly get oriented. Instead of scrolling through long Slack threads, responders can request a catchup summary that reflects the current state of the incident.

Responders can request a catchup summary using `/rootly catchup` in Slack or the catchup feature in the web application. This is especially useful for long-running or high-severity incidents with heavy communication volume.

### Mitigation and Resolution Summaries

When an incident transitions through key lifecycle stages such as mitigation, resolution, cancellation, or closure, Rootly AI can assist by drafting short explanations of what actions were taken and why. These summaries help ensure that incident timelines and retrospectives accurately reflect decision-making and outcomes without requiring responders to write detailed explanations during or after an incident.

### Ask Rootly AI

Ask Rootly AI allows responders to ask contextual questions using natural language.

In Slack, this appears as a conversational assistant within the incident channel that answers questions about the current incident. In the web application, the AI Copilot enables questions across incident history and aggregated metrics, with the ability to query, filter, group, and visualize incident data.

This capability can be used to understand what has happened so far, identify next steps, draft communications, or analyze trends across incidents.

### Rootly AI Editor

The Rootly AI Editor is available in all text fields throughout the platform, including incident descriptions, summaries, communications, retrospectives, and more. It helps improve written content by fixing grammar, simplifying language, expanding details, or shortening text while preserving meaning.

### Meeting Scribe

Rootly AI can automatically join incident bridge calls on supported meeting platforms including Zoom, Google Meet, Webex, Microsoft Teams, and GoToMeeting. During meetings, it captures live transcripts and produces post-meeting summaries.

These transcripts and summaries are attached to the incident and can be incorporated into AI-generated summaries and retrospectives.

## Privacy, Security, and Control

Rootly AI is designed with privacy and data isolation as first-class principles. All AI functionality is controlled through team-level settings, allowing organizations to opt in or out of individual features.

AI access is evaluated on a per-incident basis and respects incident visibility and Slack message-scoping rules. For private incidents, AI features are only available when explicitly permitted by configuration.

Sensitive information such as links, emails, and passwords is automatically redacted before being sent to AI providers, and all requests are authenticated and scoped to the requesting organization.

Organizations can also bring their own LLM API keys, including OpenAI or IBM Watsonx, for additional data privacy and segmentation.

<Callout icon="shield">
  Rootly AI never uses customer data to train models or improve results for other customers. Data sent to AI providers is used solely to deliver Rootly AI functionality.
</Callout>

## Learn More

* [Generated Incident Title](/ai/generated-incident-title)
* [Incident Summarization](/ai/incident-summarization)
* [Incident Catchup](/ai/incident-catchup)
* [Mitigation and Resolution Summary](/ai/mitigation-and-resolution-summary)
* [Ask Rootly AI](/ai/ask-rootly-ai)
* [Rootly AI Editor](/ai/rootly-ai-editor)
* [Meeting Scribe](/ai/meeting-scribe)

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Is Rootly AI always enabled for incidents?" icon="circle-question">
    No. Rootly AI is controlled through team-level configuration settings and can be enabled or disabled per feature. AI access is also evaluated on a per-incident basis and respects incident visibility and privacy rules.
  </Accordion>

  <Accordion title="Does Rootly AI take actions or change incident data?" icon="hand">
    No. Rootly AI does not take actions or modify incident properties automatically. It provides suggestions, summaries, and contextual guidance while keeping responders fully in control of decisions and updates.
  </Accordion>

  <Accordion title="Is customer data used to train AI models?" icon="lock">
    No. Rootly AI never uses customer data to train models or improve results for other customers. Data sent to AI providers is used solely to deliver Rootly AI functionality.
  </Accordion>

  <Accordion title="Can Rootly AI be used in private incidents?" icon="shield">
    Rootly AI can be used in private incidents only when explicitly permitted by configuration. Access depends on incident visibility settings and Slack message scope controls.
  </Accordion>

  <Accordion title="Where can I configure Rootly AI settings?" icon="gear">
    Rootly AI settings are managed at the team level in the Rootly web application. Each AI capability can be enabled or disabled independently.
  </Accordion>
</AccordionGroup>

***

<Callout icon="life-ring">
  **Need help or have a question?**

  Contact us anytime at **[support@rootly.com](mailto:support@rootly.com)**, use the `/rootly support` Slack command, or visit **Getting Help** to start a chat.
</Callout>


# Ask Rootly AI
Source: https://docs.rootly.com/ai/ask-rootly-ai

Interactive AI assistants that help answer questions about the current incident in Slack or analyze incident history and metrics in the web application.

## Overview

Ask Rootly AI provides two complementary AI assistants designed to support responders during incidents and after the fact.

* **Slack Copilot** helps responders ask questions about the *current incident* directly within an incident Slack channel.
* **Web Copilot** enables deeper analysis across *incident history and metrics* in the Rootly web application.

Together, these tools help teams quickly understand what’s happening, communicate clearly, and analyze trends—without replacing human decision-making.

***

## Slack Copilot (Ask Rootly AI in Slack)

Slack Copilot is designed for real-time collaboration during an active incident. By mentioning `@rootly` in a thread within an incident Slack channel, responders can ask questions and receive concise, contextual answers based on the current incident.

**Via Slack in an incident channel: mention `@rootly` in a thread**

<Frame>
  <img alt="Ask Rootly AI in Slack" />
</Frame>

### What Slack Copilot Can Help With

Slack Copilot focuses exclusively on the *current incident* and can:

* Answer questions about what has happened so far
* Identify roles such as the incident commander
* Summarize actions taken and decisions made
* Help draft internal or external communications
* Provide general incident response guidance

Example prompts include:

* What happened?
* What caused the incident?
* Who is the commander?
* What have we tried so far?
* What should I do next?
* Write a customer-facing summary of this incident

Responses are intentionally concise to support fast decision-making.

### Limitations

Slack Copilot cannot:

* Answer questions about historical incidents
* Modify incident properties
* Access data outside the current incident

<Note>
  Slack Copilot is restricted to answering questions about the current incident and general incident management practices.
</Note>

***

## Web Copilot (AI Copilot in the Web Application)

Web Copilot is designed for broader analysis beyond a single incident. It allows users to ask questions across their entire incident history and analyze trends and performance metrics.

**Via the web application: open the AI Copilot interface**

<Frame>
  <img alt="Ask Rootly AI on the web" />
</Frame>

### What Web Copilot Can Help With

Web Copilot can:

* Query incident history using filters such as severity, environment, service, or incident type
* Group incidents by attributes like service, severity, or team
* Calculate metrics such as incident count, MTTR, and MTTM
* Create charts and visualizations
* Answer questions about trends and patterns over time

Example prompts include:

* How many incidents occurred last month?
* What is our average time to resolution for severity 1 incidents?
* Show incidents grouped by service
* Create a chart of incidents over the last quarter

Web Copilot maintains conversation context and is suited for analysis, reporting, and operational insights.

***

## Configuration

Ask Rootly AI features are available to all customers but must be explicitly enabled.

To enable these features, navigate to **Rootly AI** and toggle on **Enable Rootly AI**. Only Admins can configure Rootly AI settings.

Then enable the relevant assistants:

* **Ask Rootly AI** — enables Slack Copilot
* **Rootly AI Copilot** — enables Web Copilot

For best results with Slack Copilot, configure **Slack channel message visibility** to **All messages** or **All messages in Public + pinned in Private**. This allows Rootly AI to access sufficient context when answering questions.

<Frame>
  <img alt="Rootly AI configuration" />
</Frame>

<Note>
  Availability in private incidents depends on your Slack channel message visibility settings. For private incidents, AI features are available only when your channel history scope includes private messages.
</Note>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Slack Copilot is not responding" icon="circle-question">
    Ensure **Ask Rootly AI** is enabled in Rootly AI settings. Verify that you are in an incident Slack channel and mentioning `@rootly` within a thread. For private incidents, confirm that Slack channel message visibility settings allow AI access.
  </Accordion>

  <Accordion title="Web Copilot is not available" icon="circle-exclamation">
    Ensure **Rootly AI Copilot** is enabled in Rootly AI settings and that you have access to the Rootly web application.
  </Accordion>

  <Accordion title="Slack Copilot says it can only answer about the current incident" icon="info">
    This is expected behavior. Slack Copilot is intentionally scoped to the current incident only. Use Web Copilot for questions about historical incidents or aggregated metrics.
  </Accordion>
</AccordionGroup>


# Data Privacy for AI
Source: https://docs.rootly.com/ai/data-privacy-for-ai

Learn about Rootly's data privacy safeguards for AI features, including what data is shared with OpenAI and how to opt out for your organization.

Rootly is dedicated to maintaining the highest standards of privacy and security. [Read more about our data philosophy](https://rootly.com/blog/building-a-privacy-first-ai-for-incident-management).

* Rootly AI, driven by OpenAI, incorporates multiple safeguards to ensure the security of your data, providing you with peace of mind.
* Data sent to OpenAI is solely used to provide Rootly AI services and is neither stored nor used for training purposes by OpenAI.
* We automatically redact the following PII before sending any data to OpenAI:
  * email, addresses, phone numbers, credit card numbers, social security numbers (SSNs) and passwords in URLs
* Private incident data is **never** sent to OpenAI.
* Rootly AI never uses your data (even if anonymously) to improve results for other customers; it stays within the walls of your organization and is only used there.
* You may opt-out at any time via the [AI configuration page](https://rootly.com/account/ai/configurations). No future changes to how your data is used will change without your explicit approval.
* Optionally, organizations may [integrate their OpenAI account](https://rootly.com/account/integrations/open_ai_accounts/new) to take advantage of any organization specific data retention policies.

**Data from the incident that will be considered includes:**

* Built-in and custom fields
* Human-created timeline events
* Completed action items
* Timestamps
* Alert source
* Mitigated and resolved messages
* Slack messages from the incident channel (depending upon [Slack channel message visibility](https://rootly.com/account/ai/configurations))

**Data that is not considered includes:**

* Incident feedback
* Automated timeline events relating to action items, workflow runs and playbooks.
* Any data from private incidents

<Note>
  Note: To enable higher quality output [Slack Scope Updates](/ai/slack-scope-updates) are required.
</Note>


# Generated Incident Title
Source: https://docs.rootly.com/ai/generated-incident-title

Automatically generate concise and descriptive incident titles using AI that analyzes incident context and improves as more details become available.

## Overview

Rootly AI can automatically generate concise, descriptive incident titles by analyzing the current context of an incident, including summaries, alerts, and early timeline events. Titles are designed to clearly describe the underlying problem and are kept short for readability across dashboards, timelines, and retrospectives.

Generated titles are limited to under 90 characters and can be regenerated as more information becomes available, allowing titles to improve in accuracy as an incident evolves.

## How to Generate an Incident Title

You can generate or regenerate an incident title from both the web application and Slack.

### Via the Web

Within an incident, click the **magic pen** icon next to the incident title to generate a suggested title using AI.

<Frame>
  <img alt="Generate incident title in web UI" />
</Frame>

### Via Slack

In an incident Slack channel, run the `/rootly update` command and click the **Generate with AI** button to generate or regenerate the incident title.

<Frame>
  <img alt="Generate incident title in Slack" />
</Frame>

You may regenerate the title multiple times as the incident progresses to reflect newly available information.

## How It Works

Rootly AI analyzes the incident’s current context, which may include:

* Incident summary and description
* Associated alerts and alert metadata
* Initial timeline events
* Slack channel messages, when available and permitted by privacy settings

Using this information, the AI generates a concise title that describes the problem that caused the incident. If insufficient information is available, Rootly will indicate that more incident context is required before a meaningful title can be generated.

## Configuration

Generated incident titles are available to all customers but must be explicitly enabled.

To enable this feature, navigate to **Rootly AI** and toggle on **Enable Rootly AI**. Only Admins can enable Rootly AI features. Ensure that **Incident title suggestion** is enabled.

For best results, configure **Slack channel message visibility** to one of the following:

* **All messages**
* **All messages in Public + pinned in Private**

This allows Rootly AI to access sufficient context when generating titles. These settings can be updated at any time from **Rootly AI** configuration.

<Frame>
  <img alt="Rootly AI configuration" />
</Frame>

<Note>
  Incident title generation in private incidents depends on your Slack channel message visibility settings. For private incidents, AI features are only available when your channel history scope includes private messages.
</Note>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why is incident title generation not available?" icon="circle-question">
    Ensure that Rootly AI is enabled and that **Incident title suggestion** is turned on. Verify that the incident contains sufficient information, such as alerts, timeline events, or a summary. For private incidents, confirm that Slack channel message visibility settings allow AI access.
  </Accordion>

  <Accordion title="Why does the generated incident title seem inaccurate?" icon="wand-magic-sparkles">
    Try regenerating the title after additional incident details become available. Adding more context to the incident summary or allowing relevant Slack messages to be included often improves results.
  </Accordion>
</AccordionGroup>


# Incident Catchup
Source: https://docs.rootly.com/ai/incident-catchup

Quickly get up to speed on an ongoing incident with a private, AI-generated summary of timeline events, status, and key decisions delivered directly in Slack.

## Overview

Incident Catchup helps responders quickly understand the current state of an incident when joining an incident Slack channel midstream. Using Rootly AI, responders can request an up-to-date summary that explains what has happened so far, what is currently known, and how the incident is being handled—without needing to read the full channel history.

Incident Catchup is available in **Slack only** and is designed specifically for real-time collaboration during an active incident. When a responder runs the catchup command in an incident channel, Rootly generates a concise, AI-powered summary based on the incident’s current context and delivers it as a private, ephemeral message visible only to the requester.

### Via Slack

In an incident Slack channel, run one of the following commands:

* `/rootly catchup`
* `/rootly catch up`
* `/rootly catch-up`
* `/rootly summarize`

All variations trigger the same behavior.

<Frame>
  <img alt="Incident catchup command in Slack" />
</Frame>

The summary is sent as an ephemeral message, meaning it is only visible to you and does not post publicly in the channel. You can run the command multiple times as the incident evolves to receive updated summaries.

<Frame>
  <img alt="Incident catchup private summary" />
</Frame>

## What’s Included in a Catchup Summary

Incident Catchup uses the same AI summarization technology as standard incident summaries, with an expanded output.

The catchup summary includes:

* A single-paragraph narrative describing the incident problem, impact, trigger or cause, and resolution or mitigation steps (when available)
* People involved in the incident and their roles (when documented)
* An automatically appended attributes list, which may include:
  * Meeting or bridge links
  * Severity
  * Affected environments and services
  * Selected custom form field values

This ensures responders receive both a narrative overview and key structured details in one view.

## How It Works

The `/rootly catchup` command uses the same AI service as Incident Summarization and analyzes the incident’s complete current context, which may include:

* Incident metadata and attributes
* Timeline events
* Associated alerts
* Action items and follow-ups
* Slack channel messages (when permitted by privacy settings)
* Meeting transcripts, if available

The summary is generated at the time the command is run and reflects the most current state of the incident. Because the message is ephemeral, it does not clutter the incident channel and remains private to the requesting user.

## Permissions

To use Incident Catchup, you need the following conditions:

* Have permission to generate summaries on the incident, or
  * Have permission to update the incident

If you do not meet these requirements, the command will return an error.

## Configuration

Incident Catchup is available to all customers but requires Incident Summarization to be enabled.

To enable this feature:

1. Navigate to **Rootly AI**
2. Toggle on **Enable Rootly AI**
3. Ensure **Incident summarization** is enabled

Only Admins can manage Rootly AI configuration.

To ensure the best results, configure **Slack channel message visibility** to one of the following:

* **All messages**
* **All messages in Public + pinned in Private**

These settings allow Rootly AI to access sufficient Slack context when generating summaries and can be updated at any time from **Rootly AI** configuration.

<Frame>
  <img alt="Rootly AI incident catchup configuration" />
</Frame>

<Note>
  Incident Catchup in private incidents depends on your Slack channel message visibility settings. For private incidents, AI features are available only when your channel history scope includes private messages.
</Note>

## Troubleshooting

<AccordionGroup>
  <Accordion icon="circle-question" title="Why can’t I use /rootly catchup?">
    Ensure that Rootly AI is enabled and **Incident summarization** is turned on. Verify that you have permission to generate summaries and that you meet the incident permission requirements. For private incidents, confirm that Slack channel message visibility settings allow AI access.
  </Accordion>

  <Accordion icon="message-slash" title="Why didn’t the summary appear in the channel?">
    Incident Catchup summaries are sent as ephemeral messages and are only visible to you. Check for a private message in the channel rather than a public post.
  </Accordion>

  <Accordion icon="circle-exclamation" title="Why does the summary seem incomplete?">
    The summary can only include information that exists at the time it is generated. Add or update timeline events, alerts, action items, or incident details, then run the command again to receive an updated summary.
  </Accordion>
</AccordionGroup>


# Incident Summarization
Source: https://docs.rootly.com/ai/incident-summarization

Generate AI-powered summaries of the current incident that capture the problem, impact, resolution steps, and key participants in a single coherent overview.

## Overview

Incident Summarization generates a concise, single-paragraph summary of the current incident using the information available at the time of generation. Rootly AI compiles context from incident metadata, alerts, timeline events, action items, and communications to produce a clear narrative that helps responders quickly understand what happened and how it was addressed.

Summaries can be generated during an active incident or after resolution. As more details are added over time, the summary can be regenerated to reflect the most accurate and up-to-date state of the incident.

## How to Generate an Incident Summary

You can generate or regenerate an incident summary from both the web application and Slack.

### Via the Web

Within an incident, click **Generate Summary** to create a summary using Rootly AI.

<Frame>
  <img alt="Generate incident summary in web UI" />
</Frame>

### Via Slack

In an incident Slack channel, run `/rootly summary` to generate a summary. You can regenerate the summary at any point as the incident evolves.

<Frame>
  <img alt="Generate incident summary in Slack" />
</Frame>

## What’s Included in the Summary

The generated summary is designed to capture the most important incident details in plain language. Depending on what information is available, the summary may include the incident problem, customer impact, trigger or cause, steps taken to mitigate or resolve the issue, and the people involved along with their roles.

When configured, the summary may also include an automatically appended attributes list, such as meeting links, severity, affected environments and services, and selected custom form field values.

## How It Works

Rootly AI generates the summary by analyzing the incident’s current context. This may include incident attributes such as severity, environments, services, labels, and incident types, along with form field selections, action items, timeline events, and alert data.

If permitted by your privacy settings, Rootly AI may also incorporate relevant Slack channel messages and meeting transcripts to improve summary quality and completeness. For best results, configure **Slack channel message visibility** to **All messages** or **All messages in Public + pinned in Private**.

If there is not enough information available to produce a meaningful summary, Rootly will indicate that additional incident context is required.

## Configuration

Incident Summarization is available to all customers but must be explicitly enabled.

To enable this feature, navigate to **Rootly AI** and toggle on **Enable Rootly AI**. Only Admins can enable Rootly AI features. Ensure that **Incident summarization** is enabled.

To ensure the best results, configure **Slack channel message visibility** to **All messages** or **All messages in Public + pinned in Private**. This allows Rootly AI to access sufficient context from Slack communications when generating summaries. These settings can be updated at any time from **Rootly AI** configuration.

<Frame>
  <img alt="Rootly AI incident summarization configuration" />
</Frame>

<Note>
  Incident summarization in private incidents depends on your Slack channel message visibility settings. For private incidents, AI features are available only when your channel history scope includes private messages.
</Note>

## Best Practices

<AccordionGroup>
  <Accordion title="Generate early, regenerate often" icon="rotate">
    Generate an initial summary when the incident starts, then regenerate it as more details emerge. As timeline events, alerts, and resolution steps are added, the summary becomes more accurate and useful.
  </Accordion>

  <Accordion title="Include sufficient incident context" icon="list-check">
    Timeline events, action items, alerts, and relevant Slack communications significantly improve summary quality. Providing clear and complete context helps Rootly AI produce more accurate summaries.
  </Accordion>

  <Accordion title="Use summaries for responder catchup" icon="users">
    The `/rootly catchup` command uses the same summarization technology to help new responders quickly understand long-running incidents without needing to read the full incident history.
  </Accordion>
</AccordionGroup>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why can’t Rootly AI generate a summary?" icon="circle-question">
    If you see a message indicating that *“The incident report does not provide enough information to summarize”*, add more context such as an incident summary or description, associated alerts, timeline updates, or action items and try again. In private incidents, confirm that Slack channel message visibility settings allow AI access.
  </Accordion>

  <Accordion title="Why is the summary missing important details?" icon="circle-exclamation">
    The summary can only include information that exists in the incident context at the time it is generated. Add or update key incident details such as impact, mitigation steps, resolution notes, or relevant timeline events, then regenerate the summary. If Slack messages or meeting transcripts are expected to be included, confirm that privacy settings permit their use.
  </Accordion>
</AccordionGroup>


# Rootly Meeting Scribe
Source: https://docs.rootly.com/ai/meeting-scribe

Record, transcribe, and summarize incident bridge calls across Zoom, Meet, Webex, Teams, and GoToMeeting with built-in privacy protections.

## Overview

Rootly Meeting Scribe helps capture and preserve critical incident context that would otherwise live only in live bridge calls. When enabled, Meeting Scribe automatically joins incident bridge meetings to record, transcribe, and summarize discussions—making incident communication more accessible, auditable, and actionable.

By continuously capturing meeting context, Rootly Meeting Scribe ensures responders who join late, stakeholders who weren’t on the call, and post-incident reviewers all have access to the same shared source of truth.

Meeting Scribe supports **Zoom, Google Meet, Webex, Microsoft Teams, and GoToMeeting**, and integrates directly with Incident Summarization, Incident Catchup, and retrospectives.

<Callout icon="check">
  Once enabled, Rootly Meeting Scribe automatically joins incident bridges and captures transcripts and summaries.
</Callout>

## Supported Platforms

Meeting Scribe supports the following virtual meeting platforms:

* **Zoom** (optional auto-join support)
* **Google Meet**
* **Webex**
* **Microsoft Teams**
* **GoToMeeting**

Each platform must be integrated with Rootly before Meeting Scribe can be used.

## Configuration

To get started, integrate your meeting platform with Rootly. Refer to the [integration documentation](/integrations) for platform-specific setup instructions.

Once your meeting platform is integrated:

1. Navigate to **Integrations** and select your meeting platform
2. Toggle on **Meeting transcript and summary**
3. For Zoom, optionally enable **Auto-join bot** to allow the bot to join meetings without manual admission

<Frame>
  <img alt="Enable meeting transcript and summary" />
</Frame>

When enabled, Meeting Scribe is automatically created when a meeting URL is added to an incident.

<Note>
  **Important:** Always use the virtual meeting room created by Rootly when an incident starts. This meeting link is pinned at the top of the incident’s Slack channel. Using the Rootly-generated meeting URL ensures the bot can join successfully and associate recordings with the correct incident.
</Note>

## During Incident Bridges

Once admitted to the incident bridge, Meeting Scribe immediately begins capturing the call.

During the meeting, the bot will:

* Announce its presence to participants
* Begin **live transcription** in real time
* Record audio (and video when supported)
* Identify speakers in the transcript
* Stream transcription updates back to Rootly continuously
* Post **Slack notifications** to the incident channel when recording starts and when the transcript is ready

Live transcription is available during the meeting and is included in AI-powered features such as [Incident Catchup](/ai/incident-catchup). This allows new responders to quickly understand what has already been discussed without interrupting the bridge.

<Frame>
  <img alt="Meeting Scribe recording and transcription" />
</Frame>

## After the Incident

After the meeting ends and the incident is resolved, Meeting Scribe processes the captured data and updates the incident with:

* **Full meeting transcript** with speaker labels
* **AI-generated meeting summary** highlighting key discussion points and decisions
* **Optional video recording**, when supported by the platform
* **Automatic PII redaction**, removing sensitive data such as emails, phone numbers, passwords, and personal identifiers

All artifacts are stored in the **Meeting** tab of the incident and are automatically incorporated into incident summaries, catchup responses, and retrospectives.

<Frame>
  <img alt="Meeting transcript and summary in incident" />
</Frame>

## How It Works

Meeting Scribe uses the Recall.ai platform to manage meeting participation, transcription, and post-meeting analysis.

When a meeting URL is added to an incident:

1. **Bot creation**\
   Rootly creates a Meeting Scribe bot scoped to the incident and team.

2. **Bot joins the meeting**\
   The bot joins automatically or waits for admission, depending on platform and settings.

3. **Live transcription & recording**\
   Real-time transcription is captured during the call, with speaker identification and word-level timing.

4. **Post-meeting analysis**\
   After the meeting ends, the bot:
   * Generates a full transcript
   * Produces an AI-generated summary
   * Applies automatic PII redaction
   * Attaches recordings and artifacts to the incident

5. **Incident integration**\
   Meeting transcripts are included in Incident Summarization and Incident Catchup, ensuring meeting context is available across Rootly AI features.

The bot may automatically retry joining meetings in certain scenarios (for example, if the meeting has not started yet or the bot is waiting to be admitted), with safeguards in place to prevent excessive retries.

## Recording Sessions

A single incident can have **multiple recording sessions** per platform—up to 10 sessions each. A recording session is created each time the bot joins or rejoins a call, which is distinct from the meeting itself. This is useful when:

* A bridge call is interrupted and the bot needs to rejoin
* The bot is removed and later reinvited to the same meeting
* The bot reconnects after a network disruption

Each session produces its own transcript, summary, and optional video recording. All sessions are displayed chronologically in the **Meeting** tab of the incident.

### Pause and resume

You can **pause** and **resume** a recording mid-call without ending the session. This is useful when sensitive topics arise that should not be captured. Pausing stops transcription and recording; resuming picks up where it left off within the same session.

### Reinviting the bot

If the bot leaves or is removed from a call, you can reinvite it from the **Meeting** tab. Reinviting creates a new session, preserving all prior session data.

<Tip>
  Recording sessions can also be managed programmatically via the Meeting Recordings API. Available operations include listing, creating, pausing, resuming, stopping, and deleting sessions.
</Tip>

## Privacy and Security

Meeting Scribe is built with strong privacy and security controls. Meeting data is used only to support your organization’s incident response workflows and is never shared across customers.

### Subprocessors

Meeting Scribe relies on the following third-party subprocessors to deliver recording, transcription, and analysis capabilities:

| Subprocessor                                         | Purpose                                                                                             | Data processed                                    |
| ---------------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| [Recall.ai](https://recall.ai)                       | Meeting orchestration, recording capture, and platform connectivity                                 | Meeting audio/video streams, bot lifecycle events |
| [AssemblyAI](https://assemblyai.com) (via Recall.ai) | Speech-to-text transcription, summarization, PII redaction, and speaker identification              | Meeting audio for transcription                   |
| [Amazon S3](https://aws.amazon.com/s3/)              | Encrypted storage of meeting video recordings                                                       | Video files                                       |
| [OpenAI](https://openai.com)                         | AI-powered incident summarization using meeting transcripts ([learn more](/ai/data-privacy-for-ai)) | Redacted transcripts and summaries                |

<Note>
  All subprocessors are bound by data processing agreements. Data sent to subprocessors is used solely to provide Rootly services and is not used for model training.
</Note>

### Data flow

1. **Recording** — When a meeting starts, Rootly dispatches a bot via Recall.ai to join the call on the configured platform (Zoom, Google Meet, Microsoft Teams, Webex, or GoToMeeting).
2. **Live transcription** — During the call, the bot streams real-time transcription back to Rootly. Live transcripts are used by features like [Incident Catchup](/ai/incident-catchup) to keep responders informed in real time.
3. **Post-meeting analysis** — After the meeting ends, the full recording is sent to AssemblyAI (through Recall.ai) for final transcription with automatic PII redaction, speaker labeling, and summarization. The PII-redacted transcript replaces the live version.
4. **Storage** — The redacted transcript and summary are stored in Rootly’s database. Video recordings are stored in Amazon S3 with encryption at rest.
5. **AI analysis** — Redacted transcripts feed into Rootly AI features such as Incident Summarization and Incident Catchup, processed via OpenAI under the same [data privacy safeguards](/ai/data-privacy-for-ai) as all other Rootly AI features.

### Automatic PII redaction

All transcripts are automatically processed through AssemblyAI’s PII redaction engine before storage. The following categories are redacted:

<AccordionGroup>
  <Accordion title="View all 36 PII redaction categories" icon="shield-halved">
    * Account numbers
    * Banking information
    * Blood type
    * Credit card CVV
    * Credit card expiration
    * Credit card numbers
    * Dates
    * Dates of birth
    * Driver’s license numbers
    * Drug references
    * Email addresses
    * Events
    * Gender and sexuality
    * Healthcare numbers
    * Injuries
    * IP addresses
    * Languages
    * Locations
    * Medical conditions
    * Medical processes
    * Money amounts
    * Nationalities
    * Number sequences
    * Occupations
    * Organizations
    * Passport numbers
    * Passwords
    * Person ages
    * Person names
    * Phone numbers
    * Political affiliations
    * Religions
    * URLs
    * US Social Security numbers
    * Usernames
    * Vehicle IDs
  </Accordion>
</AccordionGroup>

### Data retention and deletion

* **Video recordings** — Stored in encrypted Amazon S3. Users can delete video files at any time while retaining the transcript. Deleted videos are removed from storage immediately.
* **Transcripts and summaries** — Stored in Rootly’s database, scoped to the incident and team. Deleted when the associated recording is removed.
* **Recall.ai** — Recording media at Recall.ai is subject to a configurable retention window. Once expired or explicitly deleted, data is permanently removed from Recall servers and cannot be recovered. See [Recall.ai Storage and Playback](https://docs.recall.ai/docs/storage-and-playback) for details.

### Security controls

* **Encryption at rest** for all stored transcripts, summaries, and video recordings
* **Webhook signature verification** (via Svix) ensures authenticity of all Recall.ai events
* **Encrypted credential storage** for all meeting platform OAuth tokens
* **Incident- and team-scoped access** — meeting data is only accessible within the associated incident and team
* **Audit logging** for credential changes and recording deletions
* **No cross-customer data sharing** — your meeting data is never used to improve results for other customers

## Usage Limits

Teams have monthly usage limits for meeting recording time. Usage is tracked automatically and applies across all supported platforms.

If a usage limit is exceeded, the bot will not join new meetings until usage resets or limits are increased. Your Rootly admin can review usage and limits if this occurs.

## Best Practices

* Use the Rootly-generated meeting URL pinned in the incident Slack channel
* Enable auto-join for Zoom when possible
* Admit the bot promptly when it requests access
* Monitor the **Meeting** tab for bot status and artifacts
* Use Incident Catchup to onboard late responders efficiently

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why isn’t the bot joining the meeting?" icon="circle-question">
    Ensure the meeting URL was generated by Rootly and that your meeting platform integration is enabled with **Meeting transcript and summary** turned on. For Zoom, confirm whether auto-join is enabled or manually admit the bot when prompted.
  </Accordion>

  <Accordion title="Why don’t I see a transcript or summary?" icon="circle-exclamation">
    Transcripts and summaries are generated after the meeting ends. Wait a few minutes, then check the **Meeting** tab of the incident. Confirm the bot successfully joined and recorded the call.
  </Accordion>

  <Accordion title="Why am I seeing a usage limit error?" icon="triangle-exclamation">
    Your team may have exceeded its monthly meeting recording limit. Contact your Rootly admin to review usage or adjust limits.
  </Accordion>
</AccordionGroup>


# Mitigation & Resolution
Source: https://docs.rootly.com/ai/mitigation-and-resolution-summary

Generate concise AI-powered summaries explaining how an incident was mitigated, resolved, cancelled, or closed using Rootly AI in retrospectives and timelines.

## Overview

Mitigation and Resolution Summary helps responders quickly document *how* an incident was handled at key status transitions. When an incident is marked as **mitigated**, **resolved**, **cancelled**, or **closed**, Rootly AI can generate a short, clear summary describing the actions taken and the outcome.

These summaries are intentionally brief—typically one to two sentences—and are designed to reduce manual write-ups while maintaining accurate incident records for timelines, retrospectives, and reporting.

## How to Generate a Summary

Mitigation and resolution summaries can be generated from both the web application and Slack when updating an incident’s status.

### Via the Web

When updating an incident’s status to **mitigated**, **resolved**, **cancelled**, or **closed**, click the **Generate with AI** button (or the genius pen icon) next to the status message field.

<Frame>
  <img alt="Generate mitigation or resolution summary in web UI" />
</Frame>

### Via Slack

In an incident Slack channel, run `/rootly mitigate` or `/rootly resolve` (also accepts `/rootly mitigated` or `/rootly resolved`). This opens a status update dialog where you can click **Generate with AI** to generate the summary.

<Frame>
  <img alt="Generate mitigation or resolution summary in Slack" />
</Frame>

You can review and edit the generated text before submitting the status update.

## What’s Included

Depending on the status transition, Rootly AI generates a concise explanation that focuses on the key actions and outcomes:

* **Mitigated** — What specific actions were taken to reduce impact
* **Resolved** — How the incident was fully resolved
* **Cancelled** — Why the incident was cancelled
* **Closed** — Why the incident was closed

All summaries are limited to one or two sentences and prioritize clarity and relevance over exhaustive detail. The AI identifies the most important actions from the incident timeline and communications to explain the status transition clearly and consistently.

## How It Works

Rootly AI analyzes the incident’s current context at the time of the status update. This may include timeline events, alerts, action items, mitigation or resolution notes, and communications associated with the incident.

Using this context, the AI identifies the most relevant actions taken and generates a concise status summary. If there is not enough information available, Rootly will indicate that *“The incident report does not provide enough information to determine how the incident was \[status]”* and additional incident context is required before a summary can be generated.

## Configuration

Mitigation and resolution summaries are available to all customers but must be explicitly enabled.

To enable this feature, navigate to **Rootly AI** and toggle on **Enable Rootly AI**, then ensure **Mitigation and resolution summarization** is enabled. Only Admins can configure Rootly AI features.

For best results, configure **Slack channel message visibility** to **All messages** or **All messages in Public + pinned in Private**. This allows Rootly AI to access sufficient context when generating summaries.

<Frame>
  <img alt="Rootly AI mitigation and resolution configuration" />
</Frame>

<Note>
  Mitigation and resolution summary generation in private incidents depends on your Slack channel message visibility settings. For private incidents, AI features are available only when your channel history scope includes private messages.
</Note>

## Best Practices

* **Generate before finalizing**\
  Use the AI-generated summary as a starting point, then review and refine it to match your team’s documentation standards.

* **Add context first**\
  Ensure the incident includes sufficient timeline events, action items, or resolution notes before generating a summary for best results.

* **Edit as needed**\
  AI-generated summaries are suggestions—customize them as needed to accurately reflect your team’s incident response.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why isn’t the Generate with AI button appearing?" icon="circle-question">
    Ensure Rootly AI is enabled and that **Mitigation and resolution summarization** is turned on. Verify that you have permission to update the incident status and that the status you’re selecting is supported (mitigated, resolved, cancelled, or closed).
  </Accordion>

  <Accordion title="Why does the generated summary seem incomplete?" icon="circle-exclamation">
    Summaries are intentionally brief and rely on existing incident context. If you see a message indicating insufficient information, add more detail to the incident—such as timeline events, action items, or resolution notes—and try again. You can always edit the generated summary before submitting it.
  </Accordion>
</AccordionGroup>


# Rootly AI Editor
Source: https://docs.rootly.com/ai/rootly-ai-editor

Improve your writing across Rootly with AI-powered text editing that fixes spelling and grammar, adjusts length, and simplifies language.

## Overview

Rootly AI Editor helps you improve your writing across the Rootly platform with quick, AI-powered edits. Available in all text fields, the editor makes it easy to clean up spelling and grammar, adjust length, or simplify language—without leaving your workflow.

Whether you're drafting an incident description, writing a customer update, or polishing a retrospective, the AI Editor provides fast, contextual suggestions you can review and apply instantly.

<Callout icon="bolt">
  Use the Rootly AI Editor to clean up writing in seconds—no context switching, no rewriting from scratch.
</Callout>

## Available Editing Actions

Rootly AI Editor supports four editing operations:

* **Fix spelling & grammar**\
  Corrects spelling mistakes and grammatical errors while preserving your original meaning.
* **Make shorter**\
  Condenses text by removing unnecessary words and phrases while keeping the intent intact.
* **Make longer**\
  Expands text with additional clarity or detail when more context is needed.
* **Simplify language**\
  Rewrites complex or technical language into clearer, more accessible wording.

## How to Use the AI Editor

1. **Highlight text**\
   Select any text in a supported text field.
2. **Open the AI menu**\
   A floating **Ask AI** button appears near your selection.
3. **Choose an action**\
   Select one of the available editing options.
4. **Review the result**\
   After generation, you can:
   * **Accept** the suggestion
   * **Try Again** to regenerate
   * **Reject** and keep your original text

<Frame>
  <img alt="Using the Rootly AI Editor by highlighting text" />
</Frame>

## Where It’s Available

The Rootly AI Editor works in all supported text fields across the platform, including:

* Incident descriptions and summaries
* Communications and status updates
* Retrospectives and postmortems
* Action items and follow-ups
* Custom form fields
* Any other rich text or standard text input

## How It Works

When you select text and choose an editing action, Rootly AI applies the requested transformation and returns a revised version for your review.

All edits are suggestions—you stay in control and decide whether to apply them.

## Configuration

Rootly AI Editor is available to all customers but must be explicitly enabled.

To enable the editor:

1. Navigate to **Rootly AI**
2. Toggle on **Enable Rootly AI**
3. Ensure **Ask Rootly AI** is enabled (this includes the AI Editor)

Only Admins can enable Rootly AI features. Once enabled, no additional configuration is required—the editor is automatically available in supported text fields.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why isn’t the AI Editor menu appearing?" icon="circle-question">
    Ensure Rootly AI is enabled and that **Ask Rootly AI** is turned on. Verify that you’ve highlighted text inside a supported text field. The AI Editor only appears when text is actively selected.
  </Accordion>

  <Accordion title="Why didn’t the edit apply?" icon="circle-exclamation">
    After generating a suggestion, you must click **Accept** to apply the changes. If the result isn’t what you expected, try selecting a different portion of text or click **Try Again** to regenerate.
  </Accordion>

  <Accordion title="Why am I seeing an error message?" icon="triangle-exclamation">
    Errors may occur due to timeouts or rate limits. If this happens, wait a moment and try again. If the issue persists, contact Rootly Support.
  </Accordion>
</AccordionGroup>


# Slack Scope Updates
Source: https://docs.rootly.com/ai/slack-scope-updates

Configure enhanced Slack permissions to enable Rootly AI features with customizable privacy levels for incident channel message ingestion.

Administrators will be prompted to update Slack Scopes to enable Rootly AI. These updated scopes enable the ingestion of the contents of incident slack channels providing a higher quality experience when generating AI responses.

These enhanced scopes are only used in the context of Rootly AI. They can be [configured to five varying levels of privacy](https://rootly.com/account/ai/configurations "configured to five varying levels of privacy") from fully permissive (ingesting every message in an incident channel), to only ingesting content from specific types of incidents (public or private) or completely off and ingesting no slack messages.

<Frame>
  <img alt="Document image" />
</Frame>


# Alert Fields
Source: https://docs.rootly.com/alerts/alert-fields

Use Alert Fields to extract, normalize, and store structured alert data for routing, enrichment, automation, and triage across Rootly.

Alert Fields allow you to extract key information from incoming alert payloads and store it in a normalized format that can be used consistently across Rootly. This removes the need to understand every alert provider’s unique payload structure—Rootly handles that translation automatically.

<Info>
  Alert Fields are populated automatically on alert creation or update, depending on the mappings you configure on each Alert Source.
</Info>

***

### Overview

Different observability tools send alerts in very different formats. Alert Fields standardize this by letting you:

* Normalize metadata such as environment, severity, region, service, or product area
* Route alerts consistently, regardless of which tool sent them
* Enrich alerts with structured information to help responders triage faster
* Build metrics and dashboards using clean, uniform data
* Simplify workflows across multi-tool monitoring environments

Alert Fields become part of the alert record itself and are accessible everywhere Rootly evaluates conditions, displays alert information, or triggers automation.

***

### How Alert Fields Work

When an alert is ingested:

1. Rootly reads the raw payload from the alert source.
2. Each configured mapping is evaluated using Liquid.
3. The results are stored as `alert_field_values`.
4. The normalized fields are then available throughout the platform.

Rootly automatically seeds built-in fields when creating a new Alert Source so you can map values immediately.

<Frame>
  <img alt="Alert Fields configuration" />
</Frame>

***

### Examples

**Route alerts by impacted product area**\
Map a `product_area` field using Liquid, then build routes that send alerts to the correct on-call team.

**Enrich alert details for responders**\
Extract severity, region, deployment ID, customer tier, or any custom metadata.

**Build better metrics and dashboards**\
Use normalized field values to track trends without parsing different payload structures.

**Simplify multi-tool environments**\
Create one `severity` field and map Datadog, PagerDuty, Opsgenie, and Sentry severities into it consistently.

***

### Configuring Alert Fields

To configure Alert Fields:

<Steps>
  <Step title="Open the Fields tab on an Alert Source">
    Navigate to the Alert Source and select the <strong>Fields</strong> tab to view all fields currently mapped.
  </Step>

  <Step title="Add or create an Alert Field">
    Click <strong>Add Field</strong> to select an existing field or create a new one.\
    New fields immediately become available across all alert sources.
  </Step>

  <Step title="Define the Liquid mapping">
    Specify a Liquid expression that extracts a value from the alert payload.\
    Reference recent alerts using the preview on the right.

    <Tip>
      Click any purple pill in the payload viewer to copy its Liquid expression.
    </Tip>
  </Step>

  <Step title="Save the configuration">
    All future alerts from this source will populate the field using your mapping.
  </Step>
</Steps>

<Note>
  If the title or description fields are left blank, Rootly automatically assigns reasonable defaults (for example, using the subject line for email alert sources).
</Note>

***

### Using Alert Fields in Alert Routes

Alert Fields can be referenced directly in Alert Route conditions.\
This allows your routing logic to be built once and work across all sources, as long as each source maps its payload fields correctly.

Examples:

* Route all `severity = critical` alerts to the primary on-call
* Route `region = EU` alerts to the EMEA team
* Route alerts associated with a specific service or component
* Route customer-impacting alerts differently from internal signals

Learn more on the **[Alert Routes](/alerts/alert-routing)** page.

***

### Using Alert Fields for Auto-Resolution Rules (Email Sources)

Email alert sources support auto-resolution rules based on Alert Fields.

To set this up:

1. Open the email alert source.
2. Define auto-resolution conditions.
3. Reference Alert Fields in those conditions (e.g., subject text, severity, environment).

When a new email alert arrives, Rootly evaluates your conditions and automatically resolves the alert if they match.

***

### Accessing Alert Fields as a Responder

Responders can view alert field values in:

* **Web:** Alert details panel
* **Slack:** Alert details and context blocks
* **Mobile:** Alert details in the Rootly mobile app

This gives responders immediate access to normalized metadata without reviewing raw JSON payloads.

***

### Best Practices

<AccordionGroup>
  <Accordion title="Normalize fields across all alert sources">
    Use shared fields (severity, environment, service, region, etc.) to keep routing behavior consistent across monitoring tools.
  </Accordion>

  <Accordion title="Use the preview data for accurate Liquid expressions">
    Test Liquid mappings with real alerts to avoid mismatches or null values.
  </Accordion>

  <Accordion title="Centralize routing logic using Alert Fields">
    Map differences at the Alert Source layer rather than building multiple routing rules for each provider.
  </Accordion>

  <Accordion title="Keep field values clean and human-readable">
    Adopt consistent formatting across sources (e.g., PRODUCTION, STAGING, DEV).
  </Accordion>

  <Accordion title="Leverage fields in workflows and automation">
    Alert Fields make workflow triggers more reliable and much easier to maintain.
  </Accordion>
</AccordionGroup>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="Alert Fields are not populating">
    * Ensure the field is mapped on the correct Alert Source.
    * Confirm your Liquid expression returns a value.
    * Check that the alert payload changed (fields update when payload changes).
    * Verify your team has Alert Fields enabled.
  </Accordion>

  <Accordion title="Liquid expression returns blank values">
    * Confirm the payload path is accurate.
    * Use purple-pill copy from the alert payload preview.
    * Add default guards in Liquid where necessary.
  </Accordion>

  <Accordion title="Fields appear on some alerts but not others">
    * Not all providers send uniform payloads.
    * Some alerts may lack the field entirely.
    * The mapping may require a conditional or fallback.
  </Accordion>

  <Accordion title="Alert Routes are not matching field values">
    * Verify the field is correctly populated before routing.
    * Compare formatting (case sensitivity, whitespace, arrays).
    * Ensure the route condition exactly matches the field value.
  </Accordion>
</AccordionGroup>

***

### Summary

Alert Fields give your organization a unified layer of structured alert data across multiple tools.
They power consistent routing, faster triage, stronger automation, and cleaner reporting—making them one of the most important parts of a scalable alerting setup in Rootly.

Let them do the heavy lifting so your responders don’t have to.


# Alert Grouping
Source: https://docs.rootly.com/alerts/alert-grouping

Reduce alert noise by automatically grouping related alerts into a single, leader-driven alert based on time windows, fields, and matching attributes.

### Overview

Alert Grouping reduces noise and alert fatigue by consolidating related alerts into a **single leader alert** with associated **member alerts**.\
Responders are paged for the leader, while subsequent matching alerts join its group silently.

This helps you:

* Avoid duplicate pages from multiple monitors on the same issue
* Keep alert timelines focused on one “source of truth”
* Improve prioritization and reduce cognitive load for on-call responders

<Warning>
  **Non-paging alerts** (alerts that do not route to any team, service, or escalation policy) are not grouped. Only alerts that participate in routing and paging can form or join groups.
</Warning>

***

### How Alert Grouping Works

Each **Alert Group** defines *which alerts belong together* based on:

* **Destinations** – what the alert was routed to (team, service, escalation policy)
* **Time Window** – how long alerts are considered part of the same episode
* **Content Matching** – which alert attributes or payload fields must match

When an alert arrives:

1. Rootly finds any **active group** whose rules and time window match.
2. If a match is found:
   * The existing alert becomes (or remains) the **group leader**
   * The new alert is added as a **member**, and **does not re-page**
3. If no group matches:
   * A **new leader alert** and group are created (and the responder is paged according to routing rules)

***

### Group Leaders vs. Members

Within a group:

* The **leader alert**:
  * Is the alert that originally caused the page
  * Acts as the **source of truth** for the group
  * Drives status and noise updates (e.g., acknowledged, resolved)
* **Member alerts**:
  * Join silently (no additional pages)
  * Inherit status changes from the leader
  * Appear on the group timeline for context

You can view an alert’s group on the **Alert details page** under the **Alert Group** tab.

***

### When to Enable Alert Grouping

Alert Grouping is especially useful when:

* A single service has **many monitors** (error rate, latency, CPU, DB health, etc.)
* A failure in one component triggers multiple alarms across:
  * APM, logging, metrics, and infrastructure tools
* You want to treat a burst of related alerts as **one incident episode** rather than many independent pages

Example:

> “Service A has 5 monitors. When it goes down, all 5 fire at once. With grouping, responders get **one page** and then see all related alerts attached to that leader.”

***

### Creating an Alert Group

To create a new Alert Group in the web app:

<Steps>
  <Step title="Step 1: Open Alert Grouping">
    * Go to **Alerts → Grouping**
    * Click **+ New Alert Group**
    * Enter a **Name** (required) and a **Description** (optional)
  </Step>

  <Step title="Step 2: Configure Destination conditions">
    Destinations define **which routed alerts** are candidates for this group.

    Under **Destinations**, choose one of:

    * **All services, teams, and escalation policies**
    * **All services**
    * **All teams**
    * **All escalation policies**
    * **Select routes** – only alerts routed to specific:
      * Services
      * Teams
      * Escalation policies

    To group only alerts routed to specific targets:

    * Choose **Select routes**
    * Pick the services, teams, or escalation policies you want to include

    <Info>
      Destination scoping ensures you don’t accidentally group unrelated alerts\
      (for example, SRE and Security alerts) into the same cluster.
    </Info>
  </Step>

  <Step title="Step 3: Choose route grouping logic">
    Next, decide how strictly routing must match inside a group.

    You can choose:

    * **Groups should only contain alerts for the same route**
      * Alerts must be routed to the **exact same** service, team, or escalation policy
      * Example: alerts routed to Service A group only with other Service A alerts
    * **Groups can contain alerts for any selected route**
      * Alerts routed to **any** of the selected targets are allowed in the same group
      * Example: all alerts routed to any SRE team are grouped together

    Internally, Rootly treats this as:

    * `same` – route must match exactly
    * `any` – any eligible route can join the group
  </Step>

  <Step title="Step 4: Set the Time Window (required)">
    The **Time Window** defines how long alerts should be considered part of the same group.

    * Specify the window in **minutes**
    * Rootly supports values between:
      * **5 minutes (minimum)**
      * **7 days (maximum)**

    The time window is **rolling** and is anchored to the **last alert** added to the group.

    <Note>
      With a **10-minute** window, the group remains open as long as new alerts keep arriving within 10 minutes of the last one.\
      Once 10 minutes pass with no new alerts, a **new group** will be created next time a matching alert arrives.
    </Note>
  </Step>

  <Step title="Step 5: Configure Content Matching">
    Content Matching defines **what must be similar** between grouped alerts.

    You can group on:

    * **Alert Title** – matches the alert’s `summary`
    * **Alert Description** – the alert’s `description`
    * **Alert Urgency** – e.g., High, Medium, Low
    * **Source Link** – the `external_url` (e.g., link to Datadog, PagerDuty, etc.)
    * **Payload** – any field within the incoming alert payload (via JSONPath)
    * **Alert Fields** – normalized fields you’ve configured on the Alert Source

    Operators include:

    * `is one of` / `is not one of`
    * `contains` / `does not contain`
    * `starts with` / `ends with`
    * `matches regex`
    * `is empty`

    <Note>
      To group by a payload field, choose **Payload** and provide a **JSONPath**\
      (for example `$.alert.feature`).
    </Note>

    <Frame>
      <img alt="Alert grouping conditions configuration" />
    </Frame>

    <Info>
      For convenience, Rootly provides quick toggles such as **Group by Title** and **Group by Urgency**, which automatically create the appropriate underlying conditions.
    </Info>
  </Step>
</Steps>

***

### Working with Alert Groups

Once your Alert Groups are configured and active:

* The **first alert** that matches a group becomes the **leader** and triggers paging
* Subsequent alerts that match:
  * Are added as **members**
  * **Do not** re-page responders
  * Update the group’s timeline with additional context

When you change the leader’s status:

* All member alerts’ statuses are updated to match (e.g., resolving the leader resolves its members)
* Noise controls on the leader (e.g., marking as noise) propagate to members as they join

You can inspect group membership by:

* Opening an alert in the web UI
* Navigating to the **Alert Group** tab

***

### Example: Grouping Multiple Monitors for One Service

Suppose you have the following monitors for `checkout-service`:

* Error rate > threshold
* P95 latency > threshold
* CPU saturation
* Database connection errors

If the database experiences a serious issue, **all four monitors** might fire. Without grouping:

* The on-call may receive 4 pages
* Each alert appears as independent noise

With alert grouping:

* Destination condition: **Select routes → Service: checkout-service**
* Route logic: **Groups should only contain alerts for the same route**
* Time window: **10 minutes**
* Content matching: **Group by Service + Urgency** (or only by destination)

Result:

* First alert pages and becomes the **leader**
* Remaining alerts join silently as **members**
* The responder sees one alert with a rich history of related signals

***

### Best Practices

* **Start narrow**
  * Group by **route + short time window** first; broaden later if needed
* **Use content carefully**
  * Combining **Title + Urgency + Payload** can create very precise groupings
  * Avoid overly broad conditions that might lump unrelated incidents together
* **Align with incident semantics**
  * Think of an Alert Group as “all signals about the same episode,” not “all alerts about the same service forever”
* **Regularly review grouped alerts**
  * Use the Alert Group tab and alert timelines to validate whether groupings still make sense as your monitoring evolves

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="Alerts I expected to group are separate">
    * Verify the **Destination** condition includes those routes
    * Check whether the **route logic** is set to “same route” vs “any selected route”
    * Confirm the **Time Window** hasn’t expired between alerts
    * Make sure content matching conditions (Title, Urgency, Payload, etc.) actually match
  </Accordion>

  <Accordion title="Too many alerts are being grouped together">
    * Narrow the **Destination** scope (e.g., from “all teams” to “specific teams/services”)
    * Switch from “any selected route” to “same route”
    * Add or tighten **Content Matching** conditions (e.g., require matching Title and Urgency)
    * Reduce the **Time Window** duration
  </Accordion>

  <Accordion title="An alert didn’t group and created a new leader">
    * The previous group’s time window may have expired
    * Conditions may have changed (e.g., different title or urgency)
    * Destination may differ (e.g., different service or team)
  </Accordion>

  <Accordion title="Non-paging alerts aren’t grouping">
    * This is expected: only alerts that **route to a team, service, or escalation policy** can group
    * Convert important non-paging alerts into routed alerts via **Alert Routes** if you want them to participate in grouping
  </Accordion>
</AccordionGroup>


# Alert Routing
Source: https://docs.rootly.com/alerts/alert-routing

Use Alert Routes to determine which teams, services, and escalation policies receive incoming alerts from your monitoring tools based on conditions you define.

### Overview

Alert Routing ensures that alerts from your monitoring and observability systems reach the correct responders quickly and reliably. Rootly provides a unified routing layer that works across all alert sources, enabling consistent on-call workflows.

Rootly supports two routing pathways:

1. **Routing inside your monitoring tool** (Datadog, PagerDuty, Opsgenie, etc.)
2. **Routing inside Rootly** using centralized **Alert Routes**

This guide focuses on routing **inside Rootly**.

<Frame>
  <img alt="Alert Routes page" />
</Frame>

***

### What Is an Alert Route?

An **Alert Route** defines *when*, *how*, and *to whom* Rootly should send alerts. It supports evaluation against:

* Alert Sources
* Alert Fields (normalized metadata)
* Raw payload values (JSONPath)
* Teams, services, and escalation policies

<Info>
  **Tip:** Alert Routes work best when combined with **Alert Fields**, which let you write stable routing logic even when payload schemas vary across providers.
</Info>

***

### Creating an Alert Route

Navigate to **Alerts → Routes** and click **New Route**.

Each route requires:

#### Name

A descriptive title that clarifies the route’s purpose.

#### Alert Sources

Select one or more alert sources the route should evaluate.\
Sources can be added or removed at any time.

See all integrations → [Integrations Overview](/integrations/overview)

#### Owning Team

Controls who can edit the route.

<Note>
  **Permissions:**

  * Team Admins may only create routes **for their own team**.
  * Teams can only route alerts **from alert sources they own**.
</Note>

After creating a route, you can begin adding Routing Rules.

***

### Configuring Routing Rules

Routing Rules determine *which alerts should page responders* and *where they should go*.

Click **Add routing rule** to create one.

<Frame>
  <img alt="Routing Rule creation" />
</Frame>

***

### Routing Rule Conditions

Conditions define when a rule should trigger.

#### Select a Field

You may reference:

* **Alert Fields** (recommended)
* **Payload values via JSONPath**

<Info>
  Alert Fields ensure your routing logic remains stable even if payload structures change.
</Info>

<Frame>
  <img alt="Condition builder" />
</Frame>

#### Choose an Operator

Supported operators include:

* *is one of*
* *contains*
* *starts with*
* *matches regex*
* *is empty*
* and more

<Tip>
  Use **regex** when values vary across alert providers and need flexible matching.
</Tip>

#### Add Additional Conditions

Use **AND/OR** groups to define complex routing logic.

#### Live Preview

Rootly shows matching historical alerts to validate your logic.

<Frame>
  <img alt="Matching alerts preview" />
</Frame>

***

### Routing Rule Destinations

Each rule must specify **who receives the alert**. You may route alerts to:

* **Teams**
* **Services**
* **Escalation Policies**

Routing to a team or service automatically triggers its configured escalation policy.

<Tip>
  For easier reporting and maintenance, we recommend routing to **teams** or **services**, not directly to escalation policies.
</Tip>

Rules may include **multiple destinations**, all of which will be paged when the rule fires.

***

### Completing the Alert Route

A route may contain any number of rules.\
Rootly evaluates rules **top-to-bottom**, so ordering matters.

Use the rule menu (**… → Reorder rule**) to adjust order.

***

### How Rootly Routes Alerts

Rootly evaluates alerts in two sequential stages.

#### Stage 1 — Payload-Based Routing

If the alert payload contains a **target ID** (team or service), Rootly immediately routes the alert there without evaluating Alert Routes.

#### Stage 2 — Evaluate Alert Routes

If the alert does not specify a target:

#### Evaluate Routes

Rootly evaluates **every Alert Route associated with the alert’s source**.

#### Evaluate Rules

Within each route, rules are evaluated **from top to bottom**.

* The first matching rule triggers paging
* Rootly stops evaluating additional rules in that route
* Other routes referencing the same source will still run

<Warning>
  If no rules match, the alert becomes a **Non-Paging Alert**. Review these in the Alerts dashboard by filtering **Status → Non-Paging**.
</Warning>

<Frame>
  <img alt="Reordering rules" />
</Frame>

<Tip>
  Order rules **most specific → least specific** to avoid unintended matches.
</Tip>

***

### Alert Timeline

Every routed alert includes a timeline event documenting:

* Which **Alert Route** was applied
* Which **Routing Rule** matched
* Which **destinations** were paged

<Frame>
  <img alt="Alert timeline routing" />
</Frame>

This ensures responders understand *why* they were paged.

***

### Best Practices

* Prefer **Alert Fields** over JSONPath for stability.
* Start with broad routing categories and refine with specific rules.
* Keep rule names action-oriented and descriptive.
* Regularly check **Non-Paging Alerts** for routing gaps.
* Route to **teams/services**, not escalation policies, for better ownership.
* Combine routes thoughtfully when different teams own different tools.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="My alert is not routing to anyone">
    * Ensure the alert source is included in at least one route.
    * Verify that at least one rule matches the alert.
    * Confirm the alert payload does not contain a `target_id`, which overrides routing.
  </Accordion>

  <Accordion title="The wrong rule is triggering">
    * Check the rule order; a broader rule may be matching first.
    * Validate operators and values used in conditions.
    * Ensure Alert Field mappings are extracting values correctly.
  </Accordion>

  <Accordion title="My alert is routing to too many destinations">
    * All routes referencing the alert source are evaluated.
    * Remove unnecessary alert sources from routes.
    * Tighten condition logic.
  </Accordion>

  <Accordion title="JSONPath conditions aren't matching the alert">
    * Review the alert payload preview (purple pill tokens).
    * Confirm your JSONPath reflects the actual alert structure.
    * Use Alert Fields whenever possible.
  </Accordion>
</AccordionGroup>


# Alert Statuses
Source: https://docs.rootly.com/alerts/alert-statuses

Understand how alerts progress through their lifecycle in Rootly, including triggered, acknowledged, and resolved states with valid transitions.

### Overview

Every alert in Rootly progresses through a well-defined **finite state machine (FSM)** that dictates how it escalates, notifies responders, synchronizes with alert groups, and ultimately resolves.\
Understanding these states ensures predictable behavior across Routing, On-Call Escalation Policies, Alert Grouping, and integrations like Slack.

Rootly alerts can be in one of four statuses:

* **open**
* **triggered**
* **acknowledged**
* **resolved**

These values are stored on the alert’s canonical `status` enum. All transitions, notification triggers, and timeline events are governed by Rootly’s internal state machine.

<Frame>
  <img alt="Alert Status State Machine" title="Alert Status State Machine" />
</Frame>

***

### Status Definitions

#### **open**

The alert has been created but **has not yet been assigned a notification target**.

Typical reasons for an `open` alert:

* The alert was ingested but did not match a Routing Rule
* The alert is a *non-paging alert*
* It was created manually without a destination

This status allows two transitions:

* `open → triggered` (once a notification target is assigned via routing or manual paging)
* `open → resolved`

<Info>
  An alert immediately transitions from **open → triggered** when Routing assigns a team, service, user, or escalation policy.
</Info>

#### **triggered**

The alert is **actively paging responders**. This is the state where on-call users are notified based on escalation logic.

A triggered alert:

* Sends notifications (SMS, push, phone call, Slack)
* Can be acknowledged by responders
* Can be resolved manually or via automation

Allowed transitions:

* `triggered → acknowledged`
* `triggered → resolved`
* `triggered → triggered` (retrigger—e.g., ack timeout, forced escalation, manual actions)

<Note>
  All transitions into `triggered` create a `status_update` timeline event.
</Note>

#### **acknowledged**

A responder confirmed that they have seen the alert and are working on it. Escalation pauses unless a timeout or retrigger occurs.

Allowed transitions:

* `acknowledged → resolved`
* `acknowledged → triggered` (ack timeout or manual retrigger)

<Info>
  If an acknowledged alert hits **acknowledgement timeout**, Rootly automatically **re-triggers** it and resumes escalation.
</Info>

#### **resolved**

A terminal state indicating no further action is required. Notifications cease and Rootly records `ended_at`.

However, Rootly allows:

* `resolved → triggered` (re-open regression, manual retrigger, new escalation)

This ensures alerts can be reopened without creating duplicates.

<Note>
  Resolved alerts remain visible and analyzable in your alert history, even after re-triggering.
</Note>

***

### Summary Table of Allowed Transitions

| From ↓           | To: triggered | To: acknowledged | To: resolved |
| ---------------- | ------------- | ---------------- | ------------ |
| **open**         | ✅             | —                | ✅            |
| **triggered**    | —             | ✅                | ✅            |
| **acknowledged** | ✅ (retrigger) | —                | ✅            |
| **resolved**     | ✅ (retrigger) | —                | —            |

<Tip>
  Retriggering is a first-class action in Rootly. A retrigger transitions an alert **back to `triggered`**, restarts escalation, and produces appropriate timeline events.
</Tip>

***

### How Rootly Records Status Changes

Every transition writes a `status_update` event into the alert timeline.

A status event includes:

* The new status
* The previous status
* Who performed the action (user or system)
* Metadata such as escalation step, ack timeout, grouping rule, or routing origin

These timeline entries power audit trails, analytics, and seamless Slack updates.

***

### Interaction With Alert Grouping

When an alert is part of an **Alert Group**, status synchronization is automatic:

#### Leader Alert Behavior

* The **group leader** is the first alert in the group (the one that paged).
* Any change to the leader’s status cascades to all members.
* Member alerts update timestamps, noise indicators, and events to match the leader.

#### Member Alert Behavior

* Members never independently influence group state.
* Status changes come exclusively from the group leader.
* Retriggering the leader retriggers all members.

<Info>
  This ensures responders never lose the true “source of paging,” even when many alerts represent the same event.
</Info>

***

### Visual Indicators Across Rootly

Rootly uses consistent color/status styling across the Web UI, Slack, and Mobile:

* 🟥 **Open / Triggered** — Requires action
* 🟧 **Acknowledged** — Someone is actively working the alert
* 🟩 **Resolved** — Incident has concluded

These indicators appear in:

* Alert lists
* Slack alert threads
* Alert details
* Incident sidebars when alerts link to incidents

***

### Timestamp Behavior

Each alert automatically manages its own lifecycle timestamps:

* **started\_at** – Set when the alert is created
* **ended\_at** – Set when transitioning into `resolved`
* **ended\_at** is cleared if later retriggered

This enables clean duration metrics (MTTA, MTTR, paging duration, escalation analytics).

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="My alert is stuck in open">
    * It may not match any routing rules
    * The alert source may not be associated with an Alert Route
    * No notification target was assigned
    * The alert may be a non-paging alert
  </Accordion>

  <Accordion title="An alert never triggered escalation">
    * Ensure its status is **triggered**, not **open**
    * Validate the routing rule actually assigned a team or escalation policy
    * Confirm notification channels are enabled
    * Check for quiet-only escalation paths
  </Accordion>

  <Accordion title="Acknowledged alerts are retriggering unexpectedly">
    * Review acknowledgement timeout settings
    * Check whether escalation policies intentionally retrigger
    * Ensure grouping leader logic isn’t retriggering members
  </Accordion>

  <Accordion title="Resolved alerts are triggering again">
    This is expected if:

    * A user manually retriggered
    * The system detected a regression
    * A new routing condition matched and assigned a destination
  </Accordion>
</AccordionGroup>

***

### Summary

Alert Statuses are the backbone of Rootly’s alerting engine.

They define:

* How and when responders are notified
* How escalation policies activate
* How grouping behaves
* How alerts appear in dashboards and Slack
* How timeline events reflect real-world activity

By enforcing strict, predictable transitions—and exposing complete audit trails—Rootly ensures smooth, reliable alerting workflows from ingestion → paging → acknowledgment → resolution → retriggering if needed.


# Alert Urgency
Source: https://docs.rootly.com/alerts/alert-urgency

Learn how Alert Urgencies determine alert priority across Alert Sources, Heartbeats, Live Call Routing, and Escalation Policies for paging rules.

### Overview

Alert Urgency controls **how quickly responders must act** when an alert is triggered.\
It’s the core signal Rootly uses to decide:

* How aggressively to page on-call responders
* Whether notifications should be **audible** (wake people up) or **quiet**
* Which escalation paths apply during or outside of **working hours**

Configured well, urgency ensures true incidents get immediate attention, while low-impact noise stays non-disruptive.

<iframe title="Alert Urgency Overview" />

***

### Understanding Alert Urgency

Rootly ships with three urgency levels by default:

* **High**
* **Medium**
* **Low**

You can:

* Add new urgencies
* Rename existing ones
* Reorder them to change their relative priority

Rootly automatically interprets order as:

* **Top** → high urgency
* **Middle** → medium urgency
* **Bottom** → low urgency

Urgency influences:

* Escalation behavior (which paths run, what channels are used)
* Whether notifications bypass **Do Not Disturb**
* Dynamic Escalation Paths (e.g., only wake people up on High)
* Heartbeat severity
* Live Call Routing behavior
* Analytics on alert volume & response behavior

<Info>
  The **team’s top urgency** becomes the default urgency for **new Alert Sources**.\
  This is usually “High”, but it’s fully controlled by how you order your urgencies.
</Info>

***

### How Rootly Determines Urgency

When an alert is created, Rootly applies urgency in this order:

1. **Urgency Rules on the Alert Source**
   * If any rule matches, its urgency wins.
2. **Default Urgency on the Alert Source**
   * If no rule matches, we use the source’s default urgency.
3. **Team Default Urgency**
   * If the source has no default, Rootly falls back to your **team’s top urgency**.

<Note>
  The **Alert** model also enforces a fallback: if no urgency is set by the source or rules, it assigns the team’s default urgency automatically.
</Note>

***

### Configuring Alert Urgency Definitions

Alert Urgency definitions live under the **Alerts → Urgency** tab and are shared across:

* Alert Sources
* Heartbeats
* Live Call Routing
* Escalation Policies

<Steps>
  <Step title="Step 1: Create or edit urgency definitions">
    - Go to **Alerts → Urgency**
    - Click **+ New Alert Urgency** or select an existing one to edit
    - Provide a **Name** and a **Description** (e.g., “Critical – Wake up on-call immediately”)
    - Drag and drop urgencies to reorder them

    <Info>
      Reordering urgencies automatically updates their internal “high / medium / low” semantics and color coding.
    </Info>
  </Step>

  <Step title="Step 2: Configure urgency for Heartbeats">
    Heartbeats generate alerts when a periodic signal is missing. Assign an urgency so these alerts escalate correctly.

    * Go to **On-Call → Heartbeats**
    * Edit an existing heartbeat or click **+ New Heartbeat**
    * Set the **Alert Urgency** for that heartbeat

    <Frame>
      <img alt="Configuring alert urgency on a heartbeat" title="Alert urgency on Heartbeat" />
    </Frame>

    <Tip>
      Use **High** urgency for critical production heartbeats, and lower urgencies for less critical environments (e.g., staging).
    </Tip>
  </Step>

  <Step title="Step 3: Configure urgency for Live Call Routing">
    Live Call Routing creates alerts when someone dials your on-call phone number.

    * Go to **On-Call → Live Call Routing**
    * Edit a **Routing Number** or create a new one
    * In **Routing Rules**, set the **Alert Urgency**

    <Frame>
      <img alt="Alert urgency routing number configuration" title="Alert urgency for Live Call Routing" />
    </Frame>

    <Info>
      An Alert Urgency is **required** for Live Call Routing **unless** you’re using a **Calling Tree**.\
      With a Calling Tree, urgency is set per mapping instead.
    </Info>
  </Step>

  <Step title="Step 4: Configure urgency rules on Alert Sources (recommended)">
    Alert Sources control how urgency is derived from incoming payloads.

    * Go to **Alerts → Alert Sources**
    * Click the pencil icon next to a source
    * Open the **Configure** or **Urgency** section
    * Click **+ Add Condition**

    <Frame>
      <img alt="Alert Source urgency conditional configuration" title="Configuring Alert Source urgency rules" />
    </Frame>

    For each rule:

    * Choose whether to evaluate:
      * **Payload (JSONPath)**
      * **Alert Field** (recommended for long-term stability)
    * Select an **operator**:
      * `is`
      * `is_not`
      * `contains`
      * `does_not_contain`
    * Provide a comparison **value**
    * Select which **Alert Urgency** to set when the rule matches

    <Note>
      New Alert Sources inherit your **team’s top urgency** as their default.\
      Urgency rules override this default when they match.
    </Note>
  </Step>

  <Step title="Step 5: Configure Escalation Paths for urgency-aware routing">
    A common pattern:

    * **High** urgency → always audible, 24/7
    * **Medium** urgency → audible only during working hours
    * **Low** urgency → quiet notifications or no after-hours paging

    To configure this:

    * Go to **On-Call → Escalation Policies**
    * Edit the relevant policy
    * Configure **Working Hours**
    * Under **Dynamic Escalation Paths**, click **+ New Path**
    * Set conditions such as:
      * `Alert Urgency includes High`
      * `Within working hours is false`
    * Choose **Audible** or **Quiet** notification behavior
    * Configure targets (teams or users) for that path

    <Frame>
      <img alt="Escalation path creation with alert urgency conditions" title="Escalation path with Alert Urgency" />
    </Frame>

    <Info>
      Dynamic Escalation Paths can match **one or many** urgencies, enabling nuanced routing such as “High or Medium after hours, Low during working hours only”.
    </Info>
  </Step>

  <Step title="Step 6: Configure personal notification behavior">
    Each responder controls *how* urgency translates to alerts on their devices.

    * Go to **Account Settings → Notifications → On-Call Notifications**
    * Configure notification rules for **Audible** and **Quiet** alerts

    Behavior:

    * **Audible alerts** override device Do Not Disturb and will attempt higher-impact channels (e.g., Rootly app push + phone call)
    * **Quiet alerts** respect Do Not Disturb and are better suited for non-urgent noise

    <Tip>
      We recommend setting **at least two** channels for Audible alerts\
      (e.g., Push + SMS, or Push + Phone).
    </Tip>
  </Step>
</Steps>

***

### Using Alert Fields for Dynamic Urgency Assignment

[Alert Fields](/alerts/alert-fields) normalize data across different alert payloads (e.g., severity, environment, customer tier).\
Urgency rules can use these fields instead of brittle JSONPaths.

#### Example Patterns

* If `Alert Field: Severity is Critical` → set urgency to **High**
* If `Alert Field: Environment is staging` → set urgency to **Low**
* If `Alert Field: Customer Tier contains "Enterprise"` → set urgency to **High**

#### How to Configure

1. Open your **Alert Source** and go to the **Urgency** or **Configure** tab
2. Click **+ Add Condition**
3. Choose **Alert Field** as the kind
4. Pick the desired field (only fields configured on this source will appear)
5. Select an operator (`is`, `is_not`, `contains`, `does_not_contain`)
6. Provide the comparison value
7. Choose which **Alert Urgency** to assign

<Info>
  When alerts arrive, Rootly evaluates field-based urgency rules first.\
  This keeps your urgency logic stable even if the underlying payload schema changes.
</Info>

***

### Where You’ll See Alert Urgency

Once configured, urgency surfaces throughout Rootly:

* **Alerts list & details** – visually highlighted urgency labels
* **Heartbeats** – each heartbeat alert inherits its configured urgency
* **Live Call Routing** – phone-originated alerts carry urgency into escalation
* **Escalation Policies** – Dynamic paths filtered by urgency
* **Notifications** – audible vs. quiet delivery based on urgency + path
* **Analytics** – filter and analyze alert volume by urgency level

***

### Best Practices

* **Drive behavior, not just labels**
  * Name urgencies by the action they imply (e.g., “Critical – Page Immediately”)

* **Use Alert Fields where possible**
  * Avoid tightly coupling urgency rules to a specific tool’s payload schema

* **Keep the number of urgencies small**
  * Three to five well-defined levels are easier to reason about than many granular ones

* **Align urgency with business impact**
  * “High” should always mean “wake someone up”, not “interesting metric blip”

* **Regularly review usage**
  * Use analytics and retrospectives to adjust urgencies if too many alerts are High or too many critical issues are Low

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="Urgency rules aren’t applying">
    * Confirm you added rules on the **correct Alert Source**
    * Check whether the rule is using **Payload (JSONPath)** or **Alert Field**
    * Ensure the operator is one of: `is`, `is_not`, `contains`, `does_not_contain`
    * Verify the payload or field value actually matches the condition
    * Remember: if no rules match, the **source default** or **team default** will be used
  </Accordion>

  <Accordion title="All alerts are showing the same urgency">
    * The Alert Source may not have urgency rules configured
    * The Source default may be set to a single urgency for all alerts
    * The team’s top urgency will apply if no other urgency is set
    * Check whether multiple sources are pointing to the same urgency configuration
  </Accordion>

  <Accordion title="Live Call Routing won’t let me save without urgency">
    * Urgency is required on Live Call Routing **unless** a **Calling Tree** is configured
    * If using a Calling Tree, confirm mappings are set there instead
  </Accordion>

  <Accordion title="Escalation Paths aren’t behaving as expected">
    * Confirm the **Alert Urgency** condition matches exactly (e.g., High vs. HIGH)
    * Double-check **Working Hours** definitions
    * Ensure your personal **On-Call Notification** settings allow Audible or Quiet alerts for that path
    * Verify that multiple paths aren’t overlapping in unexpected ways
  </Accordion>
</AccordionGroup>


# Alerts
Source: https://docs.rootly.com/alerts/alerts

Learn how Rootly ingests, deduplicates, and links alerts from monitoring tools to incidents, including alert sources, urgency, and routing.

# How Alerts Work

Alerts represent events generated by your users or monitoring and operational tools when something needs attention—like a firing Datadog monitor, a PagerDuty incident, or a Zendesk ticket.

In Rootly:

* Each alert has a **status**:
  * `open`
  * `triggered`
  * `acknowledged`
  * `resolved`
* Alerts can be **linked to incidents**, so responders see the right telemetry and tickets in context.
* Alert records track a **request count** and **last received time**, so you can see how often a condition has fired.

Rootly supports two different kinds of alerts: programmatic and manual.

Programmatic alerts are automatically ingested into Rootly via your Alert Sources, and connected to incidents via workflows, mappings, or manual linking. Manual alerts however are manually created by your users: either to escalate an incident, or page someone adhoc. This can be done in Rootly's web application, Slack, or the mobile app.

***

# Programmatic Alerts

## Supported Alert Sources

Rootly integrates with many alerting and ticketing tools. Some of the most common include:

| Integration                                                                                               | Trigger                                         |
| --------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
| [PagerDuty](/integrations/pagerduty)                                                                      | When a PagerDuty Incident is created            |
| [Opsgenie](/integrations/opsgenie)                                                                        | When an Opsgenie Incident is created            |
| [Splunk On-Call](https://docs.rootly.com/integrations/victor-ops) ([VictorOps](/integrations/victor-ops)) | When a VictorOps Incident is created            |
| [Datadog](/integrations/datadog)                                                                          | When a Datadog alert is triggered               |
| [Zendesk](/integrations/zendesk)                                                                          | When a Zendesk ticket is created (customizable) |
| [Nobl9](/integrations/nobl9)                                                                              | When an SLO is not satisfied                    |
| [Sentry](/integrations/sentry)                                                                            | When a Sentry alert is triggered                |

Additional alert sources include tools like **Asana, ClickUp, Rollbar, Jira, Honeycomb, ServiceNow, Linear, Grafana, Alertmanager, Google Cloud, CloudWatch, Azure, Splunk, Chronosphere, New Relic, GitLab**, and more—usually via a dedicated integration or generic webhooks.

If your provider is not listed, Rootly can ingest alerts through:

* [**Generic Webhook Alert Sources**](/integrations/generic-webhook-alert-source)

<Note>
  Alert ingestion is rate limited to **50 alerts per minute per source/API key** by default.\
  This limit is **configurable per team**, and higher limits are available for Enterprise customers upon request.
</Note>

***

## Alert Deduplication

Monitoring systems often keep sending alerts while a condition remains unhealthy. Instead of flooding responders with multiple identical alerts, Rootly provides **two layers of deduplication**:

1. **Configurable per–Alert Source dedupe** (by unique identifier)
2. **Payload-based suppression** (ignored duplicate requests)

Together, these keep your alert list clean while preserving a full history of how often a condition has fired.

***

### Combining Alerts by Unique Identifier

At the **Alert Source** level, you can tell Rootly to **combine duplicate alerts into one alert** using a stable identifier from the payload or alert fields.

To configure:

1. Open an **Alert Source** in Rootly Web.
2. Go to the **Events** tab.
3. Toggle on **Combine duplicate alerts into one alert**.
4. Choose where the identifier comes from:
   * **Payload** – use a JSONPath into the raw payload (recommended for most cases)
   * **Alert field** – use a specific alert attribute
5. Provide the **deduplication key path** (e.g., a JSONPath value).
6. Optionally apply a **regular expression** to normalize the value before matching.

If deduplication is enabled, Rootly requires a valid **unique identifier**; the UI will block saves until you configure one.

<Note>
  In the Alert Source UI, you can preview sample alerts.\
  Clicking a **purple pill** in the payload viewer copies its JSONPath—use this directly as your deduplication key path.
</Note>

When a new alert arrives:

* If its deduplication key **matches an existing alert**, Rootly:
  * **Does not create a new alert**
  * Adds a **duplicate/ignored request event** to the original alert
  * Increments the alert’s **requests count**
  * Updates **last\_request\_at**

This behavior shows up in the UI as:

* A **badge** like `×3` next to the alert
* A tooltip indicating how many matching requests have been received and when the last one arrived

***

### Payload-Based Duplicate Suppression

In addition to key-based dedupe, Rootly can also suppress **exact payload duplicates** at the team level.

When enabled, if Rootly sees another alert with the exact same **request body** as a previous “ignored” event for that alert:

* The request is **counted** against the same alert
* Rootly records an internal event (e.g., `"ignored_alert_request"`)
* **No new alert is created**

<Warning>
  Duplicate alerts are **not silently discarded**.\
  They are tracked as additional requests on the original alert and reflected in the alert’s counter and timeline events.
</Warning>

***

## Linking Alerts to Incidents

Alerts become most useful when tied directly to incidents.

In Rootly, alerts can be associated with incidents via:

* **Integration mappings and workflows**
  * e.g., “When a PagerDuty incident is created, attach the alert to the corresponding Rootly incident.”
* **Automation logic**
  * e.g., based on service, environment, or alert attributes
* **Manual linking** from the incident or alert views

Once linked, responders can:

* Jump from the incident to the underlying alert(s)
* See how many times the alert fired (via the requests count)
* Use alert details to drive mitigation and follow-up tasks

***

## Best Practices

* **Choose a stable deduplication key**\
  Use identifiers like monitor IDs, incident keys, or ticket IDs—avoid full message text or highly variable fields.
* **Start narrow, then broaden if needed**\
  Begin with conservative dedup rules and relax them as you gain confidence, to avoid accidentally merging unrelated alerts.
* **Link alerts to incidents early**\
  Use workflows to automatically attach alerts to incidents as soon as they are ingested.
* **Watch the request count**\
  A high `×N` count on an alert is a strong signal of ongoing or flapping conditions and can inform severity and prioritization.
* **Tune rate limits for noisy environments**\
  If you know a source can spike, consider increasing the per-source rate limit for that team.

***

# Manual Alerts

Manual alerts are created by users to page other users, teams, services, functionalities or escalation policies. These are usually created when someone is escalating an incident to another person, or needs support from another subject matter expert on a different team.

If you manually page a team or service, Rootly will kick off that team or service's escalation policy (similar to how programmatic paging works).

## Customizing escalation targets

Rootly allows you and your users to page other users, teams, services, functionalities, and escalation policies. However, sometimes your users are only ever going to page a team or a service (for example): seeing all the other options can lead to decision paralysis and slow them down in urgent situations.

<Frame>
  <img alt="Clean Shot 2026 04 23 At 13 52 37@2x" />
</Frame>

You can customize which types of targets your users are able to pick from to save them time! To do so:

1. Navigate to the Alerts page in Rootly Web.
2. Click **Settings** in the top right corner, then the **Manual Paging Options** tab.
3. From here, toggle on or off the types of targets you'd like your users to choose from.

<Frame>
  <img alt="Clean Shot 2026 04 23 At 13 54 08@2x" />
</Frame>

**Note**: You must have at least one paging option enabled at all times. Which ever targets you leave enabled will be the targets your users choose from when escalating from Rootly Web or Slack!

## Manual paging in Slack

You can manually page another person with two Slack commands: `/rootly escalate` (which works in an incident Slack channel), and `/rootly page` (which works in any channel shared with the Rootly bot).

Once you've run these commands, fill out the information in the form to begin paging your notification target.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 17 14 37@2x" />
</Frame>

## Manual paging in Web

You can manually page directly on web through the left-hand navigation at anytime by clicking the `Start Paging` button.

<img alt="Clean Shot2026 01 22at13 45 46@2x" />

You can also manually page at anytime on the Alert page, as well as through any incident by clicking the `Escalate` button.

Fill out the necessary information in the form to give the user context on why they're being paged, then click `Start paging` to begin paging.

## Best Practices

* **Give the person you're paging as much context as possible to help them respond quickly.** We recommend using a description template to make sure you and your users know exactly what to add into your alert descriptions every time.
  * Create a title and description template on the Alert details page by clicking `Settings` in the top right, then toggle on `Default alert message`. You can use liquid templating here to dynamically populate the alert's title and description every time: your users will be able to make any edits if necessary.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 17 08 59@2x" />
</Frame>

***

# Troubleshooting

<AccordionGroup>
  <Accordion title="Alerts aren’t being combined as expected">
    Confirm that **Combine duplicate alerts into one alert** is enabled on the Alert Source and that the **deduplication key path** points to a stable, consistent value.\
    If the key changes between alerts, Rootly treats them as separate alerts.
  </Accordion>

  <Accordion title="I see fewer alerts than my provider shows">
    Often this means deduplication is working as designed.\
    Multiple provider alerts may be mapped to a single Rootly alert, with extra occurrences recorded as **ignored/duplicate requests** on the original alert.
  </Accordion>

  <Accordion title="The alert requests counter isn’t increasing">
    Make sure:

    * Deduplication is configured correctly, **or** payload-based suppression is enabled
    * Incoming payloads actually match the configured dedup key or body\
      If the identifier or body differs, Rootly will create separate alerts instead of incrementing the existing one.
  </Accordion>

  <Accordion title="Alerts are hitting rate limits">
    Rootly enforces a per-team, per-source/API key rate limit (default **50 alerts/minute**).\
    For high-throughput environments, increase the **alerts rate limit per minute** in team settings or contact support for higher Enterprise limits.
  </Accordion>

  <Accordion title="An alert from my tool never appears in Rootly">
    Check:

    * The integration is installed and authenticated
    * The mapping points to the right team or alert source
    * The webhook or outbound configuration is using the correct URL
    * The payload contains all required fields for that integration\
      Also review integration error logs in Rootly for more details.
  </Accordion>
</AccordionGroup>


# [DEPRECATED] Creates a custom field option
Source: https://docs.rootly.com/api-reference/[deprecated]-customfieldoptions/[deprecated]-creates-a-custom-field-option

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/custom_fields/{custom_field_id}/options
[DEPRECATED] Use form field endpoints instead. Creates a new custom field option from provided data



# [DEPRECATED] Delete a custom field option
Source: https://docs.rootly.com/api-reference/[deprecated]-customfieldoptions/[deprecated]-delete-a-custom-field-option

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/custom_field_options/{id}
[DEPRECATED] Use form field endpoints instead. Delete a specific Custom Field Option by id



# [DEPRECATED] List custom field options
Source: https://docs.rootly.com/api-reference/[deprecated]-customfieldoptions/[deprecated]-list-custom-field-options

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/custom_fields/{custom_field_id}/options
[DEPRECATED] Use form field endpoints instead. List custom field options



# [DEPRECATED] Retrieves a custom field option
Source: https://docs.rootly.com/api-reference/[deprecated]-customfieldoptions/[deprecated]-retrieves-a-custom-field-option

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/custom_field_options/{id}
[DEPRECATED] Use form field endpoints instead. Retrieves a specific custom field option by id



# [DEPRECATED] Update a custom field option
Source: https://docs.rootly.com/api-reference/[deprecated]-customfieldoptions/[deprecated]-update-a-custom-field-option

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/custom_field_options/{id}
[DEPRECATED] Use form field endpoints instead. Update a specific custom field option by id



# [DEPRECATED] Creates a Custom Field
Source: https://docs.rootly.com/api-reference/[deprecated]-customfields/[deprecated]-creates-a-custom-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/custom_fields
[DEPRECATED] Use form field endpoints instead. Creates a new custom field from provided data



# [DEPRECATED] Delete a Custom Field
Source: https://docs.rootly.com/api-reference/[deprecated]-customfields/[deprecated]-delete-a-custom-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/custom_fields/{id}
[DEPRECATED] Use form field endpoints instead. Delete a specific custom field by id



# [DEPRECATED] List Custom Fields
Source: https://docs.rootly.com/api-reference/[deprecated]-customfields/[deprecated]-list-custom-fields

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/custom_fields
[DEPRECATED] Use form field endpoints instead. List Custom fields



# [DEPRECATED] Retrieves a Custom Field
Source: https://docs.rootly.com/api-reference/[deprecated]-customfields/[deprecated]-retrieves-a-custom-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/custom_fields/{id}
Retrieves a specific custom_field by id



# [DEPRECATED] Update a Custom Field
Source: https://docs.rootly.com/api-reference/[deprecated]-customfields/[deprecated]-update-a-custom-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/custom_fields/{id}
[DEPRECATED] Use form field endpoints instead. Update a specific custom field by id



# [DEPRECATED] Creates an incident custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-incidentcustomfieldselections/[deprecated]-creates-an-incident-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/custom_field_selections
[DEPRECATED] Use form field endpoints instead. Creates a new incident custom field selection from provided data



# [DEPRECATED] Delete an incident custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-incidentcustomfieldselections/[deprecated]-delete-an-incident-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_custom_field_selections/{id}
[DEPRECATED] Use form field endpoints instead. Delete a specific incident custom field selection by id



# [DEPRECATED] List incident custom field selections
Source: https://docs.rootly.com/api-reference/[deprecated]-incidentcustomfieldselections/[deprecated]-list-incident-custom-field-selections

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/custom_field_selections
[DEPRECATED] Use form field endpoints instead. List incident custom field selections



# [DEPRECATED] Retrieves an incident custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-incidentcustomfieldselections/[deprecated]-retrieves-an-incident-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_custom_field_selections/{id}
[DEPRECATED] Use form field endpoints instead. Retrieves a specific incident custom field selection by id



# [DEPRECATED] Update an incident custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-incidentcustomfieldselections/[deprecated]-update-an-incident-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_custom_field_selections/{id}
[DEPRECATED] Use form field endpoints instead. Update a specific incident custom field selection by id



# [DEPRECATED] Creates a workflow custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-workflowcustomfieldselections/[deprecated]-creates-a-workflow-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/workflows/{workflow_id}/custom_field_selections
[DEPRECATED] Use form field endpoints instead. Creates a new workflow custom field selection from provided data



# [DEPRECATED] Delete a workflow custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-workflowcustomfieldselections/[deprecated]-delete-a-workflow-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/workflow_custom_field_selections/{id}
[DEPRECATED] Use form field endpoints instead. Delete a specific workflow custom field selection by id



# [DEPRECATED] List workflow custom field selections
Source: https://docs.rootly.com/api-reference/[deprecated]-workflowcustomfieldselections/[deprecated]-list-workflow-custom-field-selections

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflows/{workflow_id}/custom_field_selections
[DEPRECATED] Use form field endpoints instead. List workflow custom field selections



# [DEPRECATED] Retrieves a workflow custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-workflowcustomfieldselections/[deprecated]-retrieves-a-workflow-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflow_custom_field_selections/{id}
[DEPRECATED] Use form field endpoints instead. Retrieves a specific workflow custom field selection by id



# [DEPRECATED] Update a workflow custom field selection
Source: https://docs.rootly.com/api-reference/[deprecated]-workflowcustomfieldselections/[deprecated]-update-a-workflow-custom-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/workflow_custom_field_selections/{id}
[DEPRECATED] Use form field endpoints instead. Update a specific workflow custom field selection by id



# Create alert event
Source: https://docs.rootly.com/api-reference/alertevents/create-alert-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alerts/{alert_id}/events
Creates a new alert event



# Delete alert event
Source: https://docs.rootly.com/api-reference/alertevents/delete-alert-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/alert_events/{id}
Deletes a specific alert event. Only alert events with kind 'note' (user-created notes) can be deleted. System-generated events are immutable to maintain audit trail integrity.



# List alert events
Source: https://docs.rootly.com/api-reference/alertevents/list-alert-events

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alerts/{alert_id}/events
List alert_events



# List alert events across alerts
Source: https://docs.rootly.com/api-reference/alertevents/list-alert-events-across-alerts

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_events
Returns a flat list of alert events across all alerts the requester can access. Designed for periodic polling: use `page[after]` with the `next_cursor` returned in the previous response to stream forward.



# Retrieve alert event
Source: https://docs.rootly.com/api-reference/alertevents/retrieve-alert-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_events/{id}
Retrieves a specific alert_event by id



# Update alert event
Source: https://docs.rootly.com/api-reference/alertevents/update-alert-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/alert_events/{id}
Updates a specific alert event. Only alert events with kind 'note' (user-created notes) can be updated. System-generated events are immutable to maintain audit trail integrity.



# Creates an alert field
Source: https://docs.rootly.com/api-reference/alertfields/creates-an-alert-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alert_fields
Creates a new alert field from provided data



# Delete an alert field
Source: https://docs.rootly.com/api-reference/alertfields/delete-an-alert-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/alert_fields/{id}
Delete a specific alert field by id



# List alert fields
Source: https://docs.rootly.com/api-reference/alertfields/list-alert-fields

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_fields
List alert fields



# Retrieves an alert field
Source: https://docs.rootly.com/api-reference/alertfields/retrieves-an-alert-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_fields/{id}
Retrieves a specific alert field by id



# Update an alert field
Source: https://docs.rootly.com/api-reference/alertfields/update-an-alert-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/alert_fields/{id}
Update a specific alert field by id



# Creates an alert group
Source: https://docs.rootly.com/api-reference/alertgroups/creates-an-alert-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alert_groups
Creates a new alert group. **Note**: For enhanced functionality and future compatibility, consider using the advanced alert grouping with `conditions` field instead of the legacy `group_by_alert_title`, `group_by_alert_urgency`, and `attributes` fields.



# Delete an alert group
Source: https://docs.rootly.com/api-reference/alertgroups/delete-an-alert-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/alert_groups/{id}
Delete a specific alert group by id



# List alert groups
Source: https://docs.rootly.com/api-reference/alertgroups/list-alert-groups

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_groups
List alert groups



# Retrieves an alert group
Source: https://docs.rootly.com/api-reference/alertgroups/retrieves-an-alert-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_groups/{id}
Retrieves a specific alert group by id



# Update an alert group
Source: https://docs.rootly.com/api-reference/alertgroups/update-an-alert-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/alert_groups/{id}
Update a specific alert group by id. **Note**: For enhanced functionality and future compatibility, consider using the advanced alert grouping with `conditions` field instead of the legacy `group_by_alert_title`, `group_by_alert_urgency`, and `attributes` fields.



# Creates an alert route
Source: https://docs.rootly.com/api-reference/alertroutes/creates-an-alert-route

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alert_routes
Creates a new alert route from provided data. **Note: This endpoint requires access to Advanced Alert Routing. If you're unsure whether you have access to this feature, please contact Rootly customer support.**

## Asynchronous Rule Creation

For organizations with large numbers of routing rules, Rootly supports asynchronous rule processing to improve performance. When enabled, rule creation happens in the background.

**Important**: When async processing is enabled, the rules list in the API response will not be up-to-date immediately after creation. You should refetch the alert route after a few minutes to get the updated rules.

If you experience slow operations when managing alert routes with many rules, contact Rootly customer support to enable asynchronous rule processing for your organization.



# Delete an alert route
Source: https://docs.rootly.com/api-reference/alertroutes/delete-an-alert-route

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/alert_routes/{id}
Delete a specific alert route by id. **Note: This endpoint requires access to Advanced Alert Routing. If you're unsure whether you have access to this feature, please contact Rootly customer support.**



# Get an alert route
Source: https://docs.rootly.com/api-reference/alertroutes/get-an-alert-route

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_routes/{id}
Get a specific alert route by id. **Note: This endpoint requires access to Advanced Alert Routing. If you're unsure whether you have access to this feature, please contact Rootly customer support.**

## Optional Parameters

- **show_nested_ids** (query parameter): When set to `true`, the response will include IDs for all nested resources (destinations, condition_groups, conditions). This is useful when you need to reference these nested resources for updates or deletions via PATCH requests.

Example: `GET /v1/alert_routes/{id}?show_nested_ids=true`



# List alert routes
Source: https://docs.rootly.com/api-reference/alertroutes/list-alert-routes

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_routes
List all alert routes for the current team with filtering and pagination. **Note: This endpoint requires access to Advanced Alert Routing. If you're unsure whether you have access to this feature, please contact Rootly customer support.**



# Update an alert route
Source: https://docs.rootly.com/api-reference/alertroutes/update-an-alert-route

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/alert_routes/{id}
Update a specific alert route by id. **Note: This endpoint requires access to Advanced Alert Routing. If you're unsure whether you have access to this feature, please contact Rootly customer support.**

### Asynchronous Rule Creation

For organizations with large numbers of routing rules, Rootly supports asynchronous rule processing to improve performance. When enabled, rule updates happen in the background.

**Important**: When async processing is enabled, the rules list in the API response will not be up-to-date immediately after update. You should refetch the alert route after a few minutes to get the updated rules.

If you experience slow operations when managing alert routes with many rules, contact Rootly customer support to enable asynchronous rule processing for your organization.



# Update an alert route
Source: https://docs.rootly.com/api-reference/alertroutes/update-an-alert-route-1

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/alert_routes/{id}
Updates an alert route. **Note: This endpoint requires access to Advanced Alert Routing. If you're unsure whether you have access to this feature, please contact Rootly customer support.**



# Creates an alert routing rule
Source: https://docs.rootly.com/api-reference/alertroutingrules/creates-an-alert-routing-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alert_routing_rules
Creates a new alert routing rule from provided data. **Note: If you are an advanced alert routing user, you should use the Alert Routes endpoint instead of this endpoint. If you don't know whether you are an advanced user, please contact Rootly customer support.**



# Delete an alert routing rule
Source: https://docs.rootly.com/api-reference/alertroutingrules/delete-an-alert-routing-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/alert_routing_rules/{id}
Delete a specific alert routing rule by id. **Note: If you are an advanced alert routing user, you should use the Alert Routes endpoint instead of this endpoint. If you don't know whether you are an advanced user, please contact Rootly customer support.**



# List alert routing rules
Source: https://docs.rootly.com/api-reference/alertroutingrules/list-alert-routing-rules

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_routing_rules
List alert routing rules. **Note: If you are an advanced alert routing user, you should use the Alert Routes endpoint instead of this endpoint. If you don't know whether you are an advanced user, please contact Rootly customer support.**



# Retrieves an alert routing rule
Source: https://docs.rootly.com/api-reference/alertroutingrules/retrieves-an-alert-routing-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_routing_rules/{id}
Retrieves a specific alert routing rule by id. **Note: If you are an advanced alert routing user, you should use the Alert Routes endpoint instead of this endpoint. If you don't know whether you are an advanced user, please contact Rootly customer support.**



# Update an alert routing rule
Source: https://docs.rootly.com/api-reference/alertroutingrules/update-an-alert-routing-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/alert_routing_rules/{id}
Update a specific alert routing rule by id. **Note: If you are an advanced alert routing user, you should use the Alert Routes endpoint instead of this endpoint. If you don't know whether you are an advanced user, please contact Rootly customer support.**



# Acknowledges an alert
Source: https://docs.rootly.com/api-reference/alerts/acknowledges-an-alert

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alerts/{id}/acknowledge
Acknowledges a specific alert by id



# Attach alerts to an incident
Source: https://docs.rootly.com/api-reference/alerts/attach-alerts-to-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/alerts
Attach alerts to an incident from provided data



# Creates an alert
Source: https://docs.rootly.com/api-reference/alerts/creates-an-alert

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alerts
Creates a new alert from provided data



# Escalates an alert
Source: https://docs.rootly.com/api-reference/alerts/escalates-an-alert

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alerts/{id}/escalate
Escalates a specific alert to the next or specified level in its escalation policy



# List alerts
Source: https://docs.rootly.com/api-reference/alerts/list-alerts

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alerts
List alerts



# List Incident alerts
Source: https://docs.rootly.com/api-reference/alerts/list-incident-alerts

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/alerts
List incident alerts



# Resolves an alert
Source: https://docs.rootly.com/api-reference/alerts/resolves-an-alert

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alerts/{id}/resolve
Resolves a specific alert by id



# Retrieves an alert
Source: https://docs.rootly.com/api-reference/alerts/retrieves-an-alert

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alerts/{id}
Retrieves a specific alert by id



# Snoozes an alert
Source: https://docs.rootly.com/api-reference/alerts/snoozes-an-alert

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alerts/{id}/snooze
Snoozes a specific alert by id, extending the acknowledgment timeout



# Update alert
Source: https://docs.rootly.com/api-reference/alerts/update-alert

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/alerts/{id}
Updates an alert



# Creates an alert source
Source: https://docs.rootly.com/api-reference/alertsources/creates-an-alert-source

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alert_sources
Creates a new alert source from provided data



# Delete an alert source
Source: https://docs.rootly.com/api-reference/alertsources/delete-an-alert-source

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/alert_sources/{id}
Delete a specific alert source by id



# List alert sources
Source: https://docs.rootly.com/api-reference/alertsources/list-alert-sources

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_sources
List alert sources



# Retrieves an alert source
Source: https://docs.rootly.com/api-reference/alertsources/retrieves-an-alert-source

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_sources/{id}
Retrieves a specific alert source by id



# Update an alert source
Source: https://docs.rootly.com/api-reference/alertsources/update-an-alert-source

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/alert_sources/{id}
Update a specific alert source by id



# Creates an alert urgency
Source: https://docs.rootly.com/api-reference/alerturgencies/creates-an-alert-urgency

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/alert_urgencies
Creates a new alert urgency from provided data



# Delete an alert urgency
Source: https://docs.rootly.com/api-reference/alerturgencies/delete-an-alert-urgency

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/alert_urgencies/{id}
Delete a specific alert urgency by id



# List alert urgencies
Source: https://docs.rootly.com/api-reference/alerturgencies/list-alert-urgencies

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_urgencies
List alert urgencies



# Retrieves an alert urgency
Source: https://docs.rootly.com/api-reference/alerturgencies/retrieves-an-alert-urgency

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/alert_urgencies/{id}
Retrieves a specific alert urgency by id



# Update an alert urgency
Source: https://docs.rootly.com/api-reference/alerturgencies/update-an-alert-urgency

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/alert_urgencies/{id}
Update a specific alert urgency by id



# Creates an API key
Source: https://docs.rootly.com/api-reference/api-keys/creates-an-api-key

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/api_keys
Creates a new API key and returns it with the plaintext token. **The token is only returned once** — store it securely, as it cannot be retrieved again.

**Kinds and required fields:**
- `personal` — created for the authenticated user. No additional fields required.
- `team` — scoped to a team (group). Requires `group_id`. A service account is automatically created with permissions derived from group membership.
- `organization` — organization-wide access. Requires owner or admin role. Optionally set `role_id` and `on_call_role_id` to control the service account's permissions.

**Expiration:** All keys require an `expires_at` date set in the future (maximum 5 years). Names must be unique within their kind and scope.




# List API keys
Source: https://docs.rootly.com/api-reference/api-keys/list-api-keys

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/api_keys
List API keys for the current organization. Returns key metadata including name, kind, expiration, and last usage — the secret token value is never included in the response.

**API key kinds:**
- `personal` — tied to a specific user, inherits that user's permissions.
- `team` — scoped to one or more teams (groups), creates a service account with permissions derived from group membership.
- `organization` — organization-wide, creates a service account with a configurable role and on-call role.

**Automated rotation workflow:** Use `filter[expires_at][lt]` to find keys approaching expiration, then call the rotate endpoint to issue a new token before the old one expires. Combine with `filter[active]=true` to exclude already-expired keys.

**Sorting:** Use the `sort` parameter with a field name (e.g., `sort=expires_at`). Prefix with `-` for descending order (e.g., `sort=-created_at`). Allowed fields: `name`, `kind`, `created_at`, `updated_at`, `expires_at`, `last_used_at`.




# Retrieves an API key
Source: https://docs.rootly.com/api-reference/api-keys/retrieves-an-api-key

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/api_keys/{id}
Retrieves a specific API key by its UUID. Returns key metadata including name, kind, expiration, last usage timestamp, and the grace period status — the secret token is never included.



# Revoke an API key
Source: https://docs.rootly.com/api-reference/api-keys/revoke-an-api-key

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/api_keys/{id}
Revoke an API key. The key is immediately invalidated and can no longer be used for authentication. This action cannot be undone.

For `team` and `organization` keys, the associated service account is also deleted. Any active sessions using this key will fail on the next request.




# Rotate an API key
Source: https://docs.rootly.com/api-reference/api-keys/rotate-an-api-key

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/api_keys/{id}/rotate
Rotate an API key's token. Issues a new secret token and returns it — **the new token is only shown once**, so store it securely.

**Self-only:** You can only rotate the API key that was used to authenticate this request. Attempting to rotate a different key returns `403 Forbidden`.

**Grace period:** When enabled for your organization, the previous token remains valid after rotation, giving you time to deploy the new token without downtime. Pass `grace_period_minutes` (integer, 0–1440, default 30) to control how long the old token stays valid. Set to 0 to immediately invalidate the old token. The `grace_period_ends_at` field in the response confirms the exact time the old token will stop working.

**Expiration:** Optionally provide a new `expires_at` date (ISO 8601, up to 5 years). Defaults to 90 days from now if omitted. Dates in the past are rejected.

**Typical rotation workflow:**
1. Call this endpoint to get a new token (optionally with a custom `grace_period_minutes`).
2. Deploy the new token to your systems.
3. The old token continues working for `grace_period_minutes` (if grace period is enabled).
4. After the grace period, the old token is automatically invalidated.




# Update an API key
Source: https://docs.rootly.com/api-reference/api-keys/update-an-api-key

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/api_keys/{id}
Update an API key's mutable attributes: `name`, `description`, and `expires_at`.

The key's `kind`, `role_id`, `on_call_role_id`, and token cannot be changed after creation. To issue a new token, use the rotate endpoint. To change the role or kind, revoke the key and create a new one.

The new `expires_at` must be in the future and within 5 years.




# List audits
Source: https://docs.rootly.com/api-reference/audits/list-audits

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/audits
List audits



# Creates an authorization
Source: https://docs.rootly.com/api-reference/authorizations/creates-an-authorization

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/authorizations
Creates a new authorization from provided data



# Delete an authorization
Source: https://docs.rootly.com/api-reference/authorizations/delete-an-authorization

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/authorizations/{id}
Delete a specific authorization by id



# List authorizations
Source: https://docs.rootly.com/api-reference/authorizations/list-authorizations

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/authorizations
List authorizations



# Retrieves an authorization
Source: https://docs.rootly.com/api-reference/authorizations/retrieves-an-authorization

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/authorizations/{id}
Retrieves a specific authorization by id



# Update an authorization
Source: https://docs.rootly.com/api-reference/authorizations/update-an-authorization

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/authorizations/{id}
Update a specific authorization by id



# Creates a catalog checklist template
Source: https://docs.rootly.com/api-reference/catalog-checklist-templates/creates-a-catalog-checklist-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/catalog_checklist_templates
Creates a new catalog checklist template



# Delete a catalog checklist template
Source: https://docs.rootly.com/api-reference/catalog-checklist-templates/delete-a-catalog-checklist-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/catalog_checklist_templates/{id}
Delete a specific catalog checklist template by id



# List catalog checklist templates
Source: https://docs.rootly.com/api-reference/catalog-checklist-templates/list-catalog-checklist-templates

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_checklist_templates
List catalog checklist templates



# Retrieves a catalog checklist template
Source: https://docs.rootly.com/api-reference/catalog-checklist-templates/retrieves-a-catalog-checklist-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_checklist_templates/{id}
Retrieves a specific catalog checklist template by id



# Trigger an audit for a catalog checklist template
Source: https://docs.rootly.com/api-reference/catalog-checklist-templates/trigger-an-audit-for-a-catalog-checklist-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/catalog_checklist_templates/{id}/trigger
Triggers an audit for all applicable entities of the checklist template



# Update a catalog checklist template
Source: https://docs.rootly.com/api-reference/catalog-checklist-templates/update-a-catalog-checklist-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/catalog_checklist_templates/{id}
Update a specific catalog checklist template by id



# List catalog entity checklists
Source: https://docs.rootly.com/api-reference/catalog-entity-checklists/list-catalog-entity-checklists

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_entity_checklists
List catalog entity checklists



# Retrieves a catalog entity checklist
Source: https://docs.rootly.com/api-reference/catalog-entity-checklists/retrieves-a-catalog-entity-checklist

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_entity_checklists/{id}
Retrieves a specific catalog entity checklist by id



# Creates a Catalog Entity
Source: https://docs.rootly.com/api-reference/catalogentities/creates-a-catalog-entity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/catalogs/{catalog_id}/entities
Creates a new Catalog Entity from provided data



# Delete a Catalog Entity
Source: https://docs.rootly.com/api-reference/catalogentities/delete-a-catalog-entity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/catalog_entities/{id}
Delete a specific Catalog Entity by id



# List Catalog Entities
Source: https://docs.rootly.com/api-reference/catalogentities/list-catalog-entities

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalogs/{catalog_id}/entities
List Catalog Entities



# Retrieves a Catalog Entity
Source: https://docs.rootly.com/api-reference/catalogentities/retrieves-a-catalog-entity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_entities/{id}
Retrieves a specific Catalog Entity by id



# Update a Catalog Entity
Source: https://docs.rootly.com/api-reference/catalogentities/update-a-catalog-entity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/catalog_entities/{id}
Update a specific Catalog Entity by id



# Creates a Catalog Entity Property
Source: https://docs.rootly.com/api-reference/catalogentityproperties/creates-a-catalog-entity-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/catalog_entities/{catalog_entity_id}/properties
**Deprecated:** This endpoint is deprecated, please use the `fields` attribute on catalog entities or native catalog endpoints (teams, services, functionalities, incident_types, causes, environments) to set field values instead.

Creates a new Catalog Entity Property from provided data.



# Delete a Catalog Entity Property
Source: https://docs.rootly.com/api-reference/catalogentityproperties/delete-a-catalog-entity-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/catalog_entity_properties/{id}
**Deprecated:** This endpoint is deprecated, please use the `fields` attribute on catalog entities or native catalog endpoints (teams, services, functionalities, incident_types, causes, environments) to set field values instead.

Delete a specific Catalog Entity Property by id.



# List catalog properties
Source: https://docs.rootly.com/api-reference/catalogentityproperties/list-catalog-properties

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_entities/{catalog_entity_id}/properties
**Deprecated:** This endpoint is deprecated, please use `include=fields` on catalog entities or native catalog endpoints (teams, services, functionalities, incident_types, causes, environments) to retrieve field values instead.

List Catalog Entity Properties.



# Retrieves a Catalog Entity Property
Source: https://docs.rootly.com/api-reference/catalogentityproperties/retrieves-a-catalog-entity-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_entity_properties/{id}
**Deprecated:** This endpoint is deprecated, please use `include=fields` on catalog entities or native catalog endpoints (teams, services, functionalities, incident_types, causes, environments) to retrieve field values instead.

Retrieves a specific Catalog Entity Property by id.



# Update a Catalog Entity Property
Source: https://docs.rootly.com/api-reference/catalogentityproperties/update-a-catalog-entity-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/catalog_entity_properties/{id}
**Deprecated:** This endpoint is deprecated, please use the `fields` attribute on catalog entities or native catalog endpoints (teams, services, functionalities, incident_types, causes, environments) to set field values instead.

Update a specific Catalog Entity Property by id.



# Creates a Catalog Property (alias for field)
Source: https://docs.rootly.com/api-reference/catalogproperties/creates-a-catalog-property-alias-for-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/catalogs/{catalog_id}/properties
Creates a new Catalog Property - returns catalog_properties type



# Delete a catalog_property
Source: https://docs.rootly.com/api-reference/catalogproperties/delete-a-catalog_property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/catalog_properties/{id}
Delete a specific catalog_property by id - returns catalog_properties type



# List Catalog Properties (alias for fields)
Source: https://docs.rootly.com/api-reference/catalogproperties/list-catalog-properties-alias-for-fields

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalogs/{catalog_id}/properties
List Catalog Properties - returns catalog_properties type



# Retrieves a Catalog Property (alias for field)
Source: https://docs.rootly.com/api-reference/catalogproperties/retrieves-a-catalog-property-alias-for-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalog_properties/{id}
Retrieves a specific Catalog Property by id - returns catalog_properties type



# Update a catalog_property (alias for field)
Source: https://docs.rootly.com/api-reference/catalogproperties/update-a-catalog_property-alias-for-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/catalog_properties/{id}
Update a specific catalog_property by id - returns catalog_properties type



# Creates a catalog
Source: https://docs.rootly.com/api-reference/catalogs/creates-a-catalog

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/catalogs
Creates a new catalog from provided data



# Delete a catalog
Source: https://docs.rootly.com/api-reference/catalogs/delete-a-catalog

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/catalogs/{id}
Delete a specific catalog by id



# List catalogs
Source: https://docs.rootly.com/api-reference/catalogs/list-catalogs

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalogs
List catalogs



# Retrieves a catalog
Source: https://docs.rootly.com/api-reference/catalogs/retrieves-a-catalog

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/catalogs/{id}
Retrieves a specific catalog by id



# Update a catalog
Source: https://docs.rootly.com/api-reference/catalogs/update-a-catalog

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/catalogs/{id}
Update a specific catalog by id



# Creates a Catalog Property
Source: https://docs.rootly.com/api-reference/causes/creates-a-catalog-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/causes/properties
Creates a new Catalog Property from provided data



# Creates a cause
Source: https://docs.rootly.com/api-reference/causes/creates-a-cause

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/causes
Creates a new cause from provided data



# Delete a cause
Source: https://docs.rootly.com/api-reference/causes/delete-a-cause

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/causes/{id}
Delete a specific cause by id



# List Catalog Properties
Source: https://docs.rootly.com/api-reference/causes/list-catalog-properties

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/causes/properties
List Cause Catalog Properties



# List causes
Source: https://docs.rootly.com/api-reference/causes/list-causes

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/causes
List causes



# Retrieves a cause
Source: https://docs.rootly.com/api-reference/causes/retrieves-a-cause

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/causes/{id}
Retrieves a specific cause by id



# Update a cause
Source: https://docs.rootly.com/api-reference/causes/update-a-cause

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/causes/{id}
Update a specific cause by id



# API Changelog
Source: https://docs.rootly.com/api-reference/changelog

Track the latest changes, deprecations, and breaking updates to the Rootly API, including new endpoints, payload changes, and version release notes.

## Unreleased

* **fix:** pagination stability across 26 API v1 controllers by adding deterministic sorting tiebreakers (created\_at, id) to prevent duplicate records across pages
* **breaking:** default sort order changed from descending to ascending for 16 endpoints: causes, custom\_fields, environments, form\_fields, form\_field\_placements, form\_field\_placement\_conditions, functionalities, genius\_tasks, genius\_workflows, groups, incident\_roles, incident\_types, services, severities, catalog\_entities, catalog\_fields. Use `sort=-position` to restore previous behavior.
* **fix:** custom\_forms endpoint now defaults to `created_at` sort (previously used non-existent `position` column)

## December 2025

### December 5, 2025

* **feat:** add assignee to shifts include options and deprecate user field
* **feat:** add incident alerts to incident API response

### December 3, 2025

* **feat:** add created\_by field to Incident AI API

## November 2025

### November 26, 2025

* **feat:** add mitigation\_message, resolution\_message, and cancellation\_message to incident update API

### November 7, 2025

* **fix:** remove timestamps from routing rule target serializer

### November 6, 2025

* **feat:** make slack\_channel nullable in schedules API

### November 4, 2025

* **feat:** add slack\_channel field to schedule endpoint

## October 2025

### October 30, 2025

* **feat:** return UUID for custom\_field\_id in workflow custom field selections API

### October 29, 2025

* **feat:** make scheduled\_for and scheduled\_until fields not required, with auto defaults

### October 28, 2025

* **fix:** add rules back to alert routes API schema
* **feat:** support large position values in API

### October 14, 2025

* **feat:** add additional information fields to Users API
* **feat:** add auto\_add\_members\_when\_attached field to Teams API

### October 10, 2025

* **feat:** add project schedules support to schedules API

### October 7, 2025

* **feat:** add schedule rotation serializer with enhanced rotation details
* **fix:** alert sources API schema validation errors

### October 6, 2025

* **fix:** add alert deduplication fields to alert serializer

### October 3, 2025

* **fix:** missing shifts in API response due to duplicate shift IDs by generating deterministic UUIDs

### October 2, 2025

* **fix:** timezone handling in escalation policy business\_hours API

### October 1, 2025

* **feat:** include substatus name with ID for incidents API
* **feat:** update schedule rotations API to support schedule rotation members
* **fix:** shifts API to return all shifts including duplicates by ID
* **fix:** shift start time to respect API query time range

## September 2025

### September 30, 2025

* **feat:** implement SAML authentication API endpoints for status pages
* **feat:** add email-based heartbeat pinging support
* **fix:** postmortem template update from API

### September 26, 2025

* **fix:** correct turn start for hourly rotations crossing DST

### September 25, 2025

* **fix:** schedule members being null in API response

### September 16, 2025

* **feat:** add assignee\_id and assignee\_type to shift serializer
* **perf:** fix N+1 queries in API alerts index endpoint

### September 12, 2025

* **fix:** search filters not working in heartbeats API

### September 11, 2025

* **feat:** add content\_raw field for markdown type post\_mortem\_templates
* **fix:** missing rate limit headers in API responses

### September 10, 2025

* **feat:** add IANA timezone format support to User API serializer
* **fix:** alert acknowledge/resolve endpoints to validate status transitions

### September 9, 2025

* **feat:** add alert\_description field to heartbeats API

### September 6, 2025

* **feat:** add comprehensive API support for SAML authentication configuration

### September 5, 2025

* **fix:** schedule\_rotation\_users API uses shift rendering v2 if enabled

### September 4, 2025

* **feat:** add alert field values to alerts using API

### September 3, 2025

* **fix:** return 400 for ActionDispatch::Http::Parameters::ParseError

## August 2025

### August 27, 2025

* **feat:** added event sourcing for remote MCP source

### August 22, 2025

* **feat:** Alert Routes API endpoints

### August 12, 2025

* **feat:** add non editable form fields option in forms API

### August 7, 2025

* **fix:** undefined reference to current\_user.role in API responses

### August 6, 2025

* **feat:** allow owner/admin to manage UserNotificationRule for team members via API

### August 4, 2025

* **fix:** relax minimum escalation path restriction for Terraform
* **feat:** add alert events to alerts serializer

## July 2025

### July 31, 2025

* **feat:** add custom fields and incident roles as columns in Table metrics panel API

### July 28, 2025

* **feat:** alert deduplication configuration, timeline events, and API endpoints

### July 23, 2025

* **feat:** email verification API endpoints

### July 22, 2025

* **fix:** include destination in alert routing rule API response
* **fix:** rotation start/end timestamps now returned in UTC
* **feat:** add disable auto adding members to incident channel feature in groups API

## June 2025

### June 4, 2025

* **fix:** user\_ids\[] filtering on /v1/shifts endpoint
* **feat:** slug field to status pages API serializer and schema

### June 2, 2025

* **feat:** services API now accepts owner\_group\_ids parameter
* **refactor:** create reusable user response schema
* **fix:** action items schema for assigned\_to field
* **fix:** ensure user contact info is created for correct user

## May 2025

### May 30, 2025

* **fix:** delete prior sourceable when updating attributes from the API

### May 28, 2025

* **feat:** remove verification attributes from email/phone number APIs
* **feat:** remove primary attribute from user email addresses API
* **feat:** add case-insensitive target\_type normalization

### May 27, 2025

* **feat:** add RESTful API endpoints for user phone numbers and email addresses

### May 26, 2025

* **feat:** add API support for advanced conditions in alert grouping

### May 15, 2025

* **feat:** allow automated invite of external emails into Slack incident channels
* **docs:** update API schema

### May 5, 2025

* **feat:** add new escalate targets to public API schemas

## April 2025

### April 30, 2025

* **feat:** ability to filter alerts by status via API

### April 29, 2025

* **feat:** return API timestamps in seconds

### April 21, 2025

* **feat:** allow internal API endpoint to accept a user\_id parameter

### April 18, 2025

* **fix:** API issue with assigning multiple users to role
* **feat:** include initial\_delay in API serializer

### April 15, 2025

* **fix:** allow owner\_group\_ids parameter in API requests
* **perf:** updated pagination method to accept count for large collections

### April 14, 2025

* **perf:** updated API pagination method to avoid extra count call

### April 9, 2025

* **fix:** add missing urgency rules to alert source serializer

### April 8, 2025

* **feat:** add email source settings to disable threaded emails

### April 4, 2025

* **fix:** typo in alert routes API

### April 3, 2025

* **feat:** team and organization API keys

## March 2025

### March 31, 2025

* **refactor:** single paginate method for database queries and search
* **fix:** API key search in audit logs section

### March 28, 2025

* **feat:** support resolution rule in alert source API

### March 26, 2025

* **refactor:** consistent pagination for search and database queries
* **fix:** specify required fields in routing rule schema
* **fix:** change routing rule schema to conform to OpenAPI standards
* **fix:** prevent crash from invalid SQL queries
* **fix:** allow creating alert events with Rootly bot as user

### March 25, 2025

* **feat:** create/update/delete alert "note" events
* **feat:** specify whether field can be computed in API schema

### March 21, 2025

* **refactor:** updated alert params filtering for API controller

### March 20, 2025

* **fix:** alert routing API issues

### March 17, 2025

* **feat:** add API support for alert routes
* **docs:** fix incorrect paging strategy options
* **fix:** create cached Slack channel if necessary
* **feat:** filter schedules and escalation policies by name
* **fix:** validate and hydrate Slack channel targets
* **fix:** return 422 for invalid record exceptions
* **fix:** prevent duplicate active\_times when updating rotation

### March 14, 2025

* **feat:** add business hours support to escalation policy API
* **fix:** schedule rotation update should return errors
* **fix:** respect requested escalation level position (breaking change)
* **fix:** replace urgency rules when updating source (breaking change)
* **fix:** do not prevent deletion of schedule rotations (breaking change)
* **fix:** prevent duplicate schedule rotation active times

### March 13, 2025

* **fix:** support for escalation level paging strategy

### March 11, 2025

* **feat:** expose sub-status configuration on teams API

## February 2025

### February 26, 2025

* **fix:** API alert sources webhooks endpoint URL

### February 25, 2025

* **fix:** alert sources tags and operationId API schema
* **feat:** add API support to mark alerts as noise

### February 17, 2025

* **feat:** track last updated user for schedule rotations
* **feat:** track last updated user for schedule rotation users

### February 12, 2025

* **feat:** API support for new escalation policy target type "team"

## January 2025

### January 31, 2025

* **docs:** add note about admin\_ids to groups API schema

### January 30, 2025

* **feat:** API support for group admin\_ids

### January 17, 2025

* **fix:** schedules slack\_user\_group API schema

### January 10, 2025

* **feat:** API support for alert source urgency id and alert template

### January 7, 2025

* **feat:** API support for email alert creation

## December 2024

### December 13, 2024

* **refactor:** update escalation policy levels controller

### December 2, 2024

* **fix:** handle undocumented PagerDuty API schema

## October 2024

### October 23, 2024

* **feat:** on-call shift calendar subscription

### October 16, 2024

* **docs:** improve API documentation

### October 14, 2024

* **feat:** handle "mitigated" status for workflow tasks when sub-status enabled
* **feat:** add "Update Incident Status Timestamp" task to API schema

### October 10, 2024

* **feat:** allow sub\_status\_id for /v1/incidents/:id endpoint

### October 1, 2024

* **feat:** add missing API schema attribute for Terraform compatibility

### September 25, 2024

* **feat:** API support for sub-statuses

### September 16, 2024

* **feat:** expose alert urgency to POST api.rootly.com/v1/alerts

### September 10, 2024

* **feat:** add alert notification target on alert updates

### September 4, 2024

* **feat:** add API support for alert groups

### August 30, 2024

* **feat:** add API support for alert urgency

### August 29, 2024

* **feat:** add schedule rotation attributes to OpenAPI schema for Terraform compatibility
* **feat:** add escalation policy path API support

### August 26, 2024

* **docs:** fix /v1/incidents//alerts documentation

### July 19, 2024

* **fix:** escalation policy OpenAPI schema and add service\_ids, group\_ids

### July 2, 2024

* **fix:** /api/v1/dashboards/:id returning 404 when shared publicly

***


# Creates a communications group
Source: https://docs.rootly.com/api-reference/communications-groups/creates-a-communications-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/communications/groups
Creates a new communications group from provided data



# Deletes a communications group
Source: https://docs.rootly.com/api-reference/communications-groups/deletes-a-communications-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/communications/groups/{id}
Deletes a communications group



# Lists communications groups
Source: https://docs.rootly.com/api-reference/communications-groups/lists-communications-groups

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/groups
Lists communications groups



# Shows a communications group
Source: https://docs.rootly.com/api-reference/communications-groups/shows-a-communications-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/groups/{id}
Shows details of a communications group



# Updates a communications group
Source: https://docs.rootly.com/api-reference/communications-groups/updates-a-communications-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/communications/groups/{id}
Updates a communications group



# Creates a communications stage
Source: https://docs.rootly.com/api-reference/communications-stages/creates-a-communications-stage

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/communications/stages
Creates a new communications stage from provided data



# Deletes a communications stage
Source: https://docs.rootly.com/api-reference/communications-stages/deletes-a-communications-stage

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/communications/stages/{id}
Deletes a communications stage



# Lists communications stages
Source: https://docs.rootly.com/api-reference/communications-stages/lists-communications-stages

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/stages
Lists communications stages



# Shows a communications stage
Source: https://docs.rootly.com/api-reference/communications-stages/shows-a-communications-stage

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/stages/{id}
Shows details of a communications stage



# Updates a communications stage
Source: https://docs.rootly.com/api-reference/communications-stages/updates-a-communications-stage

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/communications/stages/{id}
Updates a communications stage



# Creates a communications template
Source: https://docs.rootly.com/api-reference/communications-templates/creates-a-communications-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/communications/templates
Creates a new communications template from provided data



# Deletes a communications template
Source: https://docs.rootly.com/api-reference/communications-templates/deletes-a-communications-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/communications/templates/{id}
Deletes a communications template



# Lists communications templates
Source: https://docs.rootly.com/api-reference/communications-templates/lists-communications-templates

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/templates
Lists communications templates



# Shows a communications template
Source: https://docs.rootly.com/api-reference/communications-templates/shows-a-communications-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/templates/{id}
Shows details of a communications template



# Updates a communications template
Source: https://docs.rootly.com/api-reference/communications-templates/updates-a-communications-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/communications/templates/{id}
Updates a communications template



# Creates a communications type
Source: https://docs.rootly.com/api-reference/communications-types/creates-a-communications-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/communications/types
Creates a new communications type from provided data



# Deletes a communications type
Source: https://docs.rootly.com/api-reference/communications-types/deletes-a-communications-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/communications/types/{id}
Deletes a communications type



# Lists communications types
Source: https://docs.rootly.com/api-reference/communications-types/lists-communications-types

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/types
Lists communications types



# Shows a communications type
Source: https://docs.rootly.com/api-reference/communications-types/shows-a-communications-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/communications/types/{id}
Shows details of a communications type



# Updates a communications type
Source: https://docs.rootly.com/api-reference/communications-types/updates-a-communications-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/communications/types/{id}
Updates a communications type



# Creates a custom form
Source: https://docs.rootly.com/api-reference/customforms/creates-a-custom-form

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/custom_forms
Creates a new custom form from provided data



# Delete a custom form
Source: https://docs.rootly.com/api-reference/customforms/delete-a-custom-form

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/custom_forms/{id}
Delete a specific custom form by id



# List custom forms
Source: https://docs.rootly.com/api-reference/customforms/list-custom-forms

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/custom_forms
List custom forms



# Retrieves a custom form
Source: https://docs.rootly.com/api-reference/customforms/retrieves-a-custom-form

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/custom_forms/{id}
Retrieves a specific custom form by id



# Update a custom form
Source: https://docs.rootly.com/api-reference/customforms/update-a-custom-form

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/custom_forms/{id}
Update a specific custom form by id



# Creates a dashboard panel
Source: https://docs.rootly.com/api-reference/dashboardpanels/creates-a-dashboard-panel

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/dashboards/{dashboard_id}/panels
Creates a new dashboard panel from provided data



# Delete a dashboard panel
Source: https://docs.rootly.com/api-reference/dashboardpanels/delete-a-dashboard-panel

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/dashboard_panels/{id}
Delete a specific dashboard panel by id



# Duplicates a dashboard panel
Source: https://docs.rootly.com/api-reference/dashboardpanels/duplicates-a-dashboard-panel

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/dashboard_panels/{id}/duplicate
Duplicates a dashboard panel



# List dashboard panels
Source: https://docs.rootly.com/api-reference/dashboardpanels/list-dashboard-panels

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/dashboards/{dashboard_id}/panels
List dashboard panels



# Retrieves a dashboard panel
Source: https://docs.rootly.com/api-reference/dashboardpanels/retrieves-a-dashboard-panel

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/dashboard_panels/{id}
Retrieves a specific dashboard panel by id



# Update a dashboard panel
Source: https://docs.rootly.com/api-reference/dashboardpanels/update-a-dashboard-panel

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/dashboard_panels/{id}
Update a specific dashboard panel by id



# Creates a dashboard
Source: https://docs.rootly.com/api-reference/dashboards/creates-a-dashboard

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/dashboards
Creates a new dashboard from provided data



# Delete a dashboard
Source: https://docs.rootly.com/api-reference/dashboards/delete-a-dashboard

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/dashboards/{id}
Delete a specific dashboard by id



# Duplicates a dashboard
Source: https://docs.rootly.com/api-reference/dashboards/duplicates-a-dashboard

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/dashboards/{id}/duplicate
Duplicates a dashboard



# List dashboards
Source: https://docs.rootly.com/api-reference/dashboards/list-dashboards

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/dashboards
List dashboards



# Retrieves a dashboard
Source: https://docs.rootly.com/api-reference/dashboards/retrieves-a-dashboard

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/dashboards/{id}
Retrieves a specific dashboard by id



# Sets dashboard to user default
Source: https://docs.rootly.com/api-reference/dashboards/sets-dashboard-to-user-default

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/dashboards/{id}/set_default
Sets dashboard to user default



# Update a dashboard
Source: https://docs.rootly.com/api-reference/dashboards/update-a-dashboard

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/dashboards/{id}
Update a specific dashboard by id



# Create edge connector action
Source: https://docs.rootly.com/api-reference/edge-connector-actions/create-edge-connector-action

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/edge_connectors/{edge_connector_id}/actions



# Delete edge connector action
Source: https://docs.rootly.com/api-reference/edge-connector-actions/delete-edge-connector-action

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/edge_connectors/{edge_connector_id}/actions/{id}



# List edge connector actions
Source: https://docs.rootly.com/api-reference/edge-connector-actions/list-edge-connector-actions

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/edge_connectors/{edge_connector_id}/actions



# Show edge connector action
Source: https://docs.rootly.com/api-reference/edge-connector-actions/show-edge-connector-action

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/edge_connectors/{edge_connector_id}/actions/{id}



# Update edge connector action
Source: https://docs.rootly.com/api-reference/edge-connector-actions/update-edge-connector-action

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/edge_connectors/{edge_connector_id}/actions/{id}



# Create edge connector
Source: https://docs.rootly.com/api-reference/edge-connectors/create-edge-connector

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/edge_connectors



# Delete edge connector
Source: https://docs.rootly.com/api-reference/edge-connectors/delete-edge-connector

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/edge_connectors/{id}



# List edge connectors
Source: https://docs.rootly.com/api-reference/edge-connectors/list-edge-connectors

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/edge_connectors



# Show edge connector
Source: https://docs.rootly.com/api-reference/edge-connectors/show-edge-connector

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/edge_connectors/{id}



# Update edge connector
Source: https://docs.rootly.com/api-reference/edge-connectors/update-edge-connector

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json patch /v1/edge_connectors/{id}



# Creates a Catalog Property
Source: https://docs.rootly.com/api-reference/environments/creates-a-catalog-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/environments/properties
Creates a new Catalog Property from provided data



# Creates an environment
Source: https://docs.rootly.com/api-reference/environments/creates-an-environment

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/environments
Creates a new environment from provided data



# Delete an environment
Source: https://docs.rootly.com/api-reference/environments/delete-an-environment

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/environments/{id}
Delete a specific environment by id



# List Catalog Properties
Source: https://docs.rootly.com/api-reference/environments/list-catalog-properties

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/environments/properties
List Environment Catalog Properties



# List environments
Source: https://docs.rootly.com/api-reference/environments/list-environments

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/environments
List environments



# Retrieves an environment
Source: https://docs.rootly.com/api-reference/environments/retrieves-an-environment

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/environments/{id}
Retrieves a specific environment by id



# Update an environment
Source: https://docs.rootly.com/api-reference/environments/update-an-environment

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/environments/{id}
Update a specific environment by id



# Delete an escalation level
Source: https://docs.rootly.com/api-reference/escalationlevels/delete-an-escalation-level

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/escalation_levels/{id}
Delete a specific escalation level by id



# Retrieves an escalation level
Source: https://docs.rootly.com/api-reference/escalationlevels/retrieves-an-escalation-level

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/escalation_levels/{id}
Retrieves a specific escalation level by id



# Update an escalation level
Source: https://docs.rootly.com/api-reference/escalationlevels/update-an-escalation-level

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/escalation_levels/{id}
Update a specific escalation level by id



# Creates an escalation level for an Escalation Path
Source: https://docs.rootly.com/api-reference/escalationlevelspath/creates-an-escalation-level-for-an-escalation-path

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/escalation_paths/{escalation_policy_path_id}/escalation_levels
Creates a new escalation level from provided data



# List escalation levels for an Escalation Path
Source: https://docs.rootly.com/api-reference/escalationlevelspath/list-escalation-levels-for-an-escalation-path

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/escalation_paths/{escalation_policy_path_id}/escalation_levels
List escalation levels



# Creates an escalation level for an Escalation Policy
Source: https://docs.rootly.com/api-reference/escalationlevelspolicies/creates-an-escalation-level-for-an-escalation-policy

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/escalation_policies/{escalation_policy_id}/escalation_levels
Creates a new escalation level from provided data



# List escalation levels for an Escalation Policy
Source: https://docs.rootly.com/api-reference/escalationlevelspolicies/list-escalation-levels-for-an-escalation-policy

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/escalation_policies/{escalation_policy_id}/escalation_levels
List escalation levels



# Creates an escalation path
Source: https://docs.rootly.com/api-reference/escalationpaths/creates-an-escalation-path

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/escalation_policies/{escalation_policy_id}/escalation_paths
Creates a new escalation path from provided data



# Delete an escalation path
Source: https://docs.rootly.com/api-reference/escalationpaths/delete-an-escalation-path

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/escalation_paths/{id}
Delete a specific escalation path by id



# List escalation paths
Source: https://docs.rootly.com/api-reference/escalationpaths/list-escalation-paths

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/escalation_policies/{escalation_policy_id}/escalation_paths
List escalation paths



# Retrieves an escalation path
Source: https://docs.rootly.com/api-reference/escalationpaths/retrieves-an-escalation-path

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/escalation_paths/{id}
Retrieves a specific escalation path by id



# Update an escalation path
Source: https://docs.rootly.com/api-reference/escalationpaths/update-an-escalation-path

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/escalation_paths/{id}
Update a specific escalation path by id



# Creates an escalation policy
Source: https://docs.rootly.com/api-reference/escalationpolicies/creates-an-escalation-policy

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/escalation_policies
Creates a new escalation policy from provided data



# Delete an escalation policy
Source: https://docs.rootly.com/api-reference/escalationpolicies/delete-an-escalation-policy

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/escalation_policies/{id}
Delete a specific escalation policy by id



# List escalation policies
Source: https://docs.rootly.com/api-reference/escalationpolicies/list-escalation-policies

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/escalation_policies
List escalation policies



# Retrieves an escalation policy
Source: https://docs.rootly.com/api-reference/escalationpolicies/retrieves-an-escalation-policy

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/escalation_policies/{id}
Retrieves a specific escalation policy by id



# Update an escalation policy
Source: https://docs.rootly.com/api-reference/escalationpolicies/update-an-escalation-policy

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/escalation_policies/{id}
Update a specific escalation policy by id



# Creates FormField Options
Source: https://docs.rootly.com/api-reference/formfieldoptions/creates-formfield-options

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/form_fields/{form_field_id}/options
Creates a new form_field_option from provided data



# Delete FormField Options
Source: https://docs.rootly.com/api-reference/formfieldoptions/delete-formfield-options

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/form_field_options/{id}
Delete a specific form_field_option by id



# List FormField Options
Source: https://docs.rootly.com/api-reference/formfieldoptions/list-formfield-options

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_fields/{form_field_id}/options
List form_field_options



# Retrieves FormField Options
Source: https://docs.rootly.com/api-reference/formfieldoptions/retrieves-formfield-options

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_field_options/{id}
Retrieves a specific form_field_option by id



# Update FormField Options
Source: https://docs.rootly.com/api-reference/formfieldoptions/update-formfield-options

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/form_field_options/{id}
Update a specific form_field_option by id



# Creates a Form Set Condition
Source: https://docs.rootly.com/api-reference/formfieldplacementconditions/creates-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/form_field_placements/{form_field_placement_id}/conditions
Creates a new form_field_placement_condition from provided data



# Delete a Form Set Condition
Source: https://docs.rootly.com/api-reference/formfieldplacementconditions/delete-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/form_field_placement_conditions/{id}
Delete a specific form_field_placement_condition by id



# List Form Set Conditions
Source: https://docs.rootly.com/api-reference/formfieldplacementconditions/list-form-set-conditions

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_field_placements/{form_field_placement_id}/conditions
List form_field_placement_conditions



# Retrieves a Form Set Condition
Source: https://docs.rootly.com/api-reference/formfieldplacementconditions/retrieves-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_field_placement_conditions/{id}
Retrieves a specific form_field_placement_condition by id



# Update a Form Set Condition
Source: https://docs.rootly.com/api-reference/formfieldplacementconditions/update-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/form_field_placement_conditions/{id}
Update a specific form_field_placement_condition by id



# Creates a Form Field Placement
Source: https://docs.rootly.com/api-reference/formfieldplacements/creates-a-form-field-placement

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/form_fields/{form_field_id}/placements
Creates a new form_field_placement from provided data



# Delete a Form Field Placement
Source: https://docs.rootly.com/api-reference/formfieldplacements/delete-a-form-field-placement

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/form_field_placements/{id}
Delete a specific form_field_placement by id



# List Form Field Placements
Source: https://docs.rootly.com/api-reference/formfieldplacements/list-form-field-placements

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_fields/{form_field_id}/placements
List form_field_placements



# Retrieves a Form Field Placement
Source: https://docs.rootly.com/api-reference/formfieldplacements/retrieves-a-form-field-placement

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_field_placements/{id}
Retrieves a specific form_field_placement by id



# Update a Form Field Placement
Source: https://docs.rootly.com/api-reference/formfieldplacements/update-a-form-field-placement

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/form_field_placements/{id}
Update a specific form_field_placement by id



# Creates FormField Positions
Source: https://docs.rootly.com/api-reference/formfieldpositions/creates-formfield-positions

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/form_fields/{form_field_id}/positions
Creates a new form field_position from provided data



# Delete a FormFieldPosition
Source: https://docs.rootly.com/api-reference/formfieldpositions/delete-a-formfieldposition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/form_field_positions/{id}
Delete a specific form_field position by id



# List FormField Position
Source: https://docs.rootly.com/api-reference/formfieldpositions/list-formfield-position

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_fields/{form_field_id}/positions
List form field positions



# Retrieves a FormFieldPosition
Source: https://docs.rootly.com/api-reference/formfieldpositions/retrieves-a-formfieldposition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_field_positions/{id}
Retrieves a specific form field_position by id



# Update a FormFieldPosition
Source: https://docs.rootly.com/api-reference/formfieldpositions/update-a-formfieldposition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/form_field_positions/{id}
Update a specific form_field position by id



# Creates a Form Field
Source: https://docs.rootly.com/api-reference/formfields/creates-a-form-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/form_fields
Creates a new form_field from provided data



# Delete a Form Field
Source: https://docs.rootly.com/api-reference/formfields/delete-a-form-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/form_fields/{id}
Delete a specific form_field by id



# List Form Fields
Source: https://docs.rootly.com/api-reference/formfields/list-form-fields

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_fields
List form_fields



# Retrieves a Form Field
Source: https://docs.rootly.com/api-reference/formfields/retrieves-a-form-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_fields/{id}
Retrieves a specific form_field by id



# Update a Form Field
Source: https://docs.rootly.com/api-reference/formfields/update-a-form-field

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/form_fields/{id}
Update a specific form_field by id



# Creates a Form Set Condition
Source: https://docs.rootly.com/api-reference/formsetconditions/creates-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/form_sets/{form_set_id}/conditions
Creates a new form_set_condition from provided data



# Delete a Form Set Condition
Source: https://docs.rootly.com/api-reference/formsetconditions/delete-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/form_set_conditions/{id}
Delete a specific form_set_condition by id



# List Form Set Conditions
Source: https://docs.rootly.com/api-reference/formsetconditions/list-form-set-conditions

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_sets/{form_set_id}/conditions
List form_set_conditions



# Retrieves a Form Set Condition
Source: https://docs.rootly.com/api-reference/formsetconditions/retrieves-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_set_conditions/{id}
Retrieves a specific form_set_condition by id



# Update a Form Set Condition
Source: https://docs.rootly.com/api-reference/formsetconditions/update-a-form-set-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/form_set_conditions/{id}
Update a specific form_set_condition by id



# Creates a Form Set
Source: https://docs.rootly.com/api-reference/formsets/creates-a-form-set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/form_sets
Creates a new form_set from provided data



# Delete a Form Set
Source: https://docs.rootly.com/api-reference/formsets/delete-a-form-set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/form_sets/{id}
Delete a specific form_set by id



# List Form Sets
Source: https://docs.rootly.com/api-reference/formsets/list-form-sets

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_sets
List form_sets



# Retrieves a Form Set
Source: https://docs.rootly.com/api-reference/formsets/retrieves-a-form-set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/form_sets/{id}
Retrieves a specific form_set by id



# Update a Form Set
Source: https://docs.rootly.com/api-reference/formsets/update-a-form-set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/form_sets/{id}
Update a specific form_set by id



# Creates a Catalog Property
Source: https://docs.rootly.com/api-reference/functionalities/creates-a-catalog-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/functionalities/properties
Creates a new Catalog Property from provided data



# Creates a functionality
Source: https://docs.rootly.com/api-reference/functionalities/creates-a-functionality

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/functionalities
Creates a new functionality from provided data



# Delete a functionality
Source: https://docs.rootly.com/api-reference/functionalities/delete-a-functionality

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/functionalities/{id}
Delete a specific functionality by id



# Get functionality incidents chart
Source: https://docs.rootly.com/api-reference/functionalities/get-functionality-incidents-chart

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/functionalities/{id}/incidents_chart
Get functionality incidents chart



# Get functionality uptime chart
Source: https://docs.rootly.com/api-reference/functionalities/get-functionality-uptime-chart

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/functionalities/{id}/uptime_chart
Get functionality uptime chart



# List Catalog Properties
Source: https://docs.rootly.com/api-reference/functionalities/list-catalog-properties

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/functionalities/properties
List Functionality Catalog Properties



# List functionalities
Source: https://docs.rootly.com/api-reference/functionalities/list-functionalities

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/functionalities
List functionalities



# Retrieves a functionality
Source: https://docs.rootly.com/api-reference/functionalities/retrieves-a-functionality

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/functionalities/{id}
Retrieves a specific functionality by id



# Update a functionality
Source: https://docs.rootly.com/api-reference/functionalities/update-a-functionality

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/functionalities/{id}
Update a specific functionality by id



# Creates a heartbeat
Source: https://docs.rootly.com/api-reference/heartbeats/creates-a-heartbeat

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/heartbeats
Creates a new heartbeat from provided data



# Delete a heartbeat
Source: https://docs.rootly.com/api-reference/heartbeats/delete-a-heartbeat

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/heartbeats/{id}
Delete a specific heartbeat by id



# List heartbeats
Source: https://docs.rootly.com/api-reference/heartbeats/list-heartbeats

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/heartbeats
List heartbeats



# Ping a heartbeat
Source: https://docs.rootly.com/api-reference/heartbeats/ping-a-heartbeat

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/heartbeats/{heartbeat_id}/ping
Ping a specific heartbeat by id



# Retrieves a heartbeat
Source: https://docs.rootly.com/api-reference/heartbeats/retrieves-a-heartbeat

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/heartbeats/{id}
Retrieves a specific heartbeat by id



# Update a heartbeat
Source: https://docs.rootly.com/api-reference/heartbeats/update-a-heartbeat

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/heartbeats/{id}
Update a specific heartbeat by id



# Creates an incident action item
Source: https://docs.rootly.com/api-reference/incidentactionitems/creates-an-incident-action-item

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/action_items
Creates a new action item from provided data



# Delete an incident action item
Source: https://docs.rootly.com/api-reference/incidentactionitems/delete-an-incident-action-item

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/action_items/{id}
Delete a specific incident action item by id



# List all action items for an organization
Source: https://docs.rootly.com/api-reference/incidentactionitems/list-all-action-items-for-an-organization

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/action_items
List all action items for an organization



# List incident action items
Source: https://docs.rootly.com/api-reference/incidentactionitems/list-incident-action-items

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/action_items
List incident action items



# Retrieves an incident action item
Source: https://docs.rootly.com/api-reference/incidentactionitems/retrieves-an-incident-action-item

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/action_items/{id}
Retrieves a specific incident_action_item by id



# Update an incident action item
Source: https://docs.rootly.com/api-reference/incidentactionitems/update-an-incident-action-item

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/action_items/{id}
Update a specific incident action item by id



# Creates an incident event functionality
Source: https://docs.rootly.com/api-reference/incidenteventfunctionalities/creates-an-incident-event-functionality

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/events/{incident_event_id}/functionalities
Creates a new event functionality from provided data



# Delete an incident event functionality
Source: https://docs.rootly.com/api-reference/incidenteventfunctionalities/delete-an-incident-event-functionality

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_event_functionalities/{id}
Delete a specific incident event functionality by id



# List incident event functionalities
Source: https://docs.rootly.com/api-reference/incidenteventfunctionalities/list-incident-event-functionalities

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/events/{incident_event_id}/functionalities
List incident event functionalities



# Retrieves an incident event functionality
Source: https://docs.rootly.com/api-reference/incidenteventfunctionalities/retrieves-an-incident-event-functionality

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_event_functionalities/{id}
Retrieves a specific incident_event_functionality by id



# Update an incident event
Source: https://docs.rootly.com/api-reference/incidenteventfunctionalities/update-an-incident-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_event_functionalities/{id}
Update a specific incident event functionality by id



# Creates an incident event
Source: https://docs.rootly.com/api-reference/incidentevents/creates-an-incident-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/events
Creates a new event from provided data



# Delete an incident event
Source: https://docs.rootly.com/api-reference/incidentevents/delete-an-incident-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/events/{id}
Delete a specific incident event by id



# List incident events
Source: https://docs.rootly.com/api-reference/incidentevents/list-incident-events

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/events
List incident events



# Retrieves an incident event
Source: https://docs.rootly.com/api-reference/incidentevents/retrieves-an-incident-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/events/{id}
Retrieves a specific incident_event by id



# Update an incident event
Source: https://docs.rootly.com/api-reference/incidentevents/update-an-incident-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/events/{id}
Update a specific incident event by id



# Creates an incident event service
Source: https://docs.rootly.com/api-reference/incidenteventservices/creates-an-incident-event-service

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/events/{incident_event_id}/services
Creates a new event service from provided data



# Delete an incident event functionalitu
Source: https://docs.rootly.com/api-reference/incidenteventservices/delete-an-incident-event-functionalitu

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_event_services/{id}
Delete a specific incident event service by id



# List incident event services
Source: https://docs.rootly.com/api-reference/incidenteventservices/list-incident-event-services

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/events/{incident_event_id}/services
List incident event services



# Retrieves an incident event service
Source: https://docs.rootly.com/api-reference/incidenteventservices/retrieves-an-incident-event-service

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_event_services/{id}
Retrieves a specific incident_event_service by id



# Update an incident event
Source: https://docs.rootly.com/api-reference/incidenteventservices/update-an-incident-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_event_services/{id}
Update a specific incident event service by id



# Creates an incident feedback
Source: https://docs.rootly.com/api-reference/incidentfeedbacks/creates-an-incident-feedback

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/feedbacks
Creates a new feedback from provided data



# List incident feedbacks
Source: https://docs.rootly.com/api-reference/incidentfeedbacks/list-incident-feedbacks

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/feedbacks
List incident feedbacks



# Retrieves an incident feedback
Source: https://docs.rootly.com/api-reference/incidentfeedbacks/retrieves-an-incident-feedback

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/feedbacks/{id}
Retrieves a specific incident_feedback by id



# Update an incident feedback
Source: https://docs.rootly.com/api-reference/incidentfeedbacks/update-an-incident-feedback

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/feedbacks/{id}
Update a specific incident feedback by id



# Creates an incident form field selection
Source: https://docs.rootly.com/api-reference/incidentformfieldselections/creates-an-incident-form-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/form_field_selections
Creates a new incident form field selection from provided data



# Delete an incident form field selection
Source: https://docs.rootly.com/api-reference/incidentformfieldselections/delete-an-incident-form-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_form_field_selections/{id}
Delete a specific incident form field selection by id



# List incident form field selections
Source: https://docs.rootly.com/api-reference/incidentformfieldselections/list-incident-form-field-selections

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/form_field_selections
List incident form field selections



# Retrieves an incident form field selection
Source: https://docs.rootly.com/api-reference/incidentformfieldselections/retrieves-an-incident-form-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_form_field_selections/{id}
Retrieves a specific incident form field selection by id



# Update an incident form field selection
Source: https://docs.rootly.com/api-reference/incidentformfieldselections/update-an-incident-form-field-selection

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_form_field_selections/{id}
Update a specific incident form field selection by id



# Creates an incident_permission_set_boolean
Source: https://docs.rootly.com/api-reference/incidentpermissionsetbooleans/creates-an-incident_permission_set_boolean

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incident_permission_sets/{incident_permission_set_id}/booleans
Creates a new incident_permission_set_boolean from provided data



# Delete an incident_permission_set_boolean
Source: https://docs.rootly.com/api-reference/incidentpermissionsetbooleans/delete-an-incident_permission_set_boolean

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_permission_set_booleans/{id}
Delete a specific incident_permission_set_boolean by id



# List incident_permission_set_booleans
Source: https://docs.rootly.com/api-reference/incidentpermissionsetbooleans/list-incident_permission_set_booleans

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_permission_sets/{incident_permission_set_id}/booleans
List incident_permission_set_booleans



# Retrieves an incident_permission_set_boolean
Source: https://docs.rootly.com/api-reference/incidentpermissionsetbooleans/retrieves-an-incident_permission_set_boolean

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_permission_set_booleans/{id}
Retrieves a specific incident_permission_set_boolean by id



# Update an incident_permission_set_boolean
Source: https://docs.rootly.com/api-reference/incidentpermissionsetbooleans/update-an-incident_permission_set_boolean

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_permission_set_booleans/{id}
Update a specific incident_permission_set_boolean by id



# Creates an incident_permission_set_resource
Source: https://docs.rootly.com/api-reference/incidentpermissionsetresources/creates-an-incident_permission_set_resource

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incident_permission_sets/{incident_permission_set_id}/resources
Creates a new incident_permission_set_resource from provided data



# Delete an incident_permission_set_resource
Source: https://docs.rootly.com/api-reference/incidentpermissionsetresources/delete-an-incident_permission_set_resource

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_permission_set_resources/{id}
Delete a specific incident_permission_set_resource by id



# List incident_permission_set_resources
Source: https://docs.rootly.com/api-reference/incidentpermissionsetresources/list-incident_permission_set_resources

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_permission_sets/{incident_permission_set_id}/resources
List incident_permission_set_resources



# Retrieves an incident_permission_set_resource
Source: https://docs.rootly.com/api-reference/incidentpermissionsetresources/retrieves-an-incident_permission_set_resource

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_permission_set_resources/{id}
Retrieves a specific incident_permission_set_resource by id



# Update an incident_permission_set_resource
Source: https://docs.rootly.com/api-reference/incidentpermissionsetresources/update-an-incident_permission_set_resource

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_permission_set_resources/{id}
Update a specific incident_permission_set_resource by id



# Creates an incident_permission_set
Source: https://docs.rootly.com/api-reference/incidentpermissionsets/creates-an-incident_permission_set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incident_permission_sets
Creates a new incident_permission_set from provided data



# Delete an incident_permission_set
Source: https://docs.rootly.com/api-reference/incidentpermissionsets/delete-an-incident_permission_set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_permission_sets/{id}
Delete a specific incident_permission_set by id



# List incident_permission_sets
Source: https://docs.rootly.com/api-reference/incidentpermissionsets/list-incident_permission_sets

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_permission_sets
List incident_permission_sets



# Retrieves an incident_permission_set
Source: https://docs.rootly.com/api-reference/incidentpermissionsets/retrieves-an-incident_permission_set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_permission_sets/{id}
Retrieves a specific incident_permission_set by id



# Update an incident_permission_set
Source: https://docs.rootly.com/api-reference/incidentpermissionsets/update-an-incident_permission_set

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_permission_sets/{id}
Update a specific incident_permission_set by id



# List incident retrospectives
Source: https://docs.rootly.com/api-reference/incidentretrospectives/list-incident-retrospectives

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/post_mortems
List incident retrospectives



# Retrieves an incident retrospective
Source: https://docs.rootly.com/api-reference/incidentretrospectives/retrieves-an-incident-retrospective

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/post_mortems/{id}
List incidents retrospectives



# Update an incident retrospective
Source: https://docs.rootly.com/api-reference/incidentretrospectives/update-an-incident-retrospective

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/post_mortems/{id}
Update a specific incident retrospective by id



# Retrieves an incident retrospective step
Source: https://docs.rootly.com/api-reference/incidentretrospectivesteps/retrieves-an-incident-retrospective-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_retrospective_steps/{id}
Retrieves a specific incident retrospective step by id



# Update an incident retrospective step
Source: https://docs.rootly.com/api-reference/incidentretrospectivesteps/update-an-incident-retrospective-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_retrospective_steps/{id}
Update a specific incident retrospective step by id



# Creates an incident role
Source: https://docs.rootly.com/api-reference/incidentroles/creates-an-incident-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incident_roles
Creates a new incident role from provided data



# Delete an incident role
Source: https://docs.rootly.com/api-reference/incidentroles/delete-an-incident-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_roles/{id}
Delete a specific incident_role by id



# List incident roles
Source: https://docs.rootly.com/api-reference/incidentroles/list-incident-roles

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_roles
List incident roles



# Retrieves an incident role
Source: https://docs.rootly.com/api-reference/incidentroles/retrieves-an-incident-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_roles/{id}
Retrieves a specific incident_role by id



# Update an incident role
Source: https://docs.rootly.com/api-reference/incidentroles/update-an-incident-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_roles/{id}
Update a specific incident_role by id



# Creates an incident role task
Source: https://docs.rootly.com/api-reference/incidentroletasks/creates-an-incident-role-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incident_roles/{incident_role_id}/incident_role_tasks
Creates a new task from provided data



# Delete an incident role task
Source: https://docs.rootly.com/api-reference/incidentroletasks/delete-an-incident-role-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_role_tasks/{id}
Delete a specific incident_role task by id



# List incident role tasks
Source: https://docs.rootly.com/api-reference/incidentroletasks/list-incident-role-tasks

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_roles/{incident_role_id}/incident_role_tasks
List incident_role tasks



# Retrieves an incident role task
Source: https://docs.rootly.com/api-reference/incidentroletasks/retrieves-an-incident-role-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_role_tasks/{id}
Retrieves a specific incident_role_task by id



# Update an incident role task
Source: https://docs.rootly.com/api-reference/incidentroletasks/update-an-incident-role-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_role_tasks/{id}
Update a specific incident_role task by id



# Add subscribers to incident
Source: https://docs.rootly.com/api-reference/incidents/add-subscribers-to-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{id}/add_subscribers
Add subscribers to incident



# Assign user to incident
Source: https://docs.rootly.com/api-reference/incidents/assign-user-to-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{id}/assign_role_to_user
Assign user to incident



# Cancel an incident
Source: https://docs.rootly.com/api-reference/incidents/cancel-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/cancel
Cancel a specific incident by id



# Creates an incident
Source: https://docs.rootly.com/api-reference/incidents/creates-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents
Creates a new incident from provided data



# Delete an incident
Source: https://docs.rootly.com/api-reference/incidents/delete-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incidents/{id}
Delete a specific incident by id



# Detach an incident from its parent
Source: https://docs.rootly.com/api-reference/incidents/detach-an-incident-from-its-parent

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/detach_from_parent
Detach a sub-incident from its parent incident



# List incidents
Source: https://docs.rootly.com/api-reference/incidents/list-incidents

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents
List incidents



# Mark an incident as a duplicate
Source: https://docs.rootly.com/api-reference/incidents/mark-an-incident-as-a-duplicate

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/duplicate
Mark an incident as a duplicate



# Mitigate an incident
Source: https://docs.rootly.com/api-reference/incidents/mitigate-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/mitigate
Mitigate a specific incident by id



# Remove assigned user from incident
Source: https://docs.rootly.com/api-reference/incidents/remove-assigned-user-from-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incidents/{id}/unassign_role_from_user
Remove assigned user from incident



# Remove duplicate marking from an incident
Source: https://docs.rootly.com/api-reference/incidents/remove-duplicate-marking-from-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/unmark_as_duplicate
Remove the duplicate marking from an incident



# Remove subscribers from incident
Source: https://docs.rootly.com/api-reference/incidents/remove-subscribers-from-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incidents/{id}/remove_subscribers
Remove subscribers to incident



# Resolve an incident
Source: https://docs.rootly.com/api-reference/incidents/resolve-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/resolve
Resolve a specific incident by id



# Restart an incident
Source: https://docs.rootly.com/api-reference/incidents/restart-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/restart
Restart a specific incident by id



# Retrieves an incident
Source: https://docs.rootly.com/api-reference/incidents/retrieves-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{id}
Retrieves a specific incident by id



# Triage an incident
Source: https://docs.rootly.com/api-reference/incidents/triage-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}/in_triage
Set a specific incident by ID to triage state



# Update an incident
Source: https://docs.rootly.com/api-reference/incidents/update-an-incident

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incidents/{id}
Update a specific incident by id



# Creates an incident status page event
Source: https://docs.rootly.com/api-reference/incidentstatuspageevents/creates-an-incident-status-page-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/status-page-events
Creates a new event from provided data



# Delete an incident status page event
Source: https://docs.rootly.com/api-reference/incidentstatuspageevents/delete-an-incident-status-page-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/status-page-events/{id}
Delete a specific incident status page event by id



# List incident status page events
Source: https://docs.rootly.com/api-reference/incidentstatuspageevents/list-incident-status-page-events

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/status-page-events
List incident status page events



# Retrieves an incident status page event
Source: https://docs.rootly.com/api-reference/incidentstatuspageevents/retrieves-an-incident-status-page-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/status-page-events/{id}
Retrieves a specific incident_status_page_event by id



# Update an incident status page event
Source: https://docs.rootly.com/api-reference/incidentstatuspageevents/update-an-incident-status-page-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/status-page-events/{id}
Update a specific incident status page event by id



# Creates a sub-status assignment
Source: https://docs.rootly.com/api-reference/incidentsubstatuses/creates-a-sub-status-assignment

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/sub_statuses
Creates a new sub-status assignment from provided data



# Delete an incident_sub_status
Source: https://docs.rootly.com/api-reference/incidentsubstatuses/delete-an-incident_sub_status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_sub_statuses/{id}
Delete a specific incident_sub_status by id



# List incident_sub_statuses
Source: https://docs.rootly.com/api-reference/incidentsubstatuses/list-incident_sub_statuses

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/sub_statuses
List incident_sub_statuses



# Retrieves incident_sub_status
Source: https://docs.rootly.com/api-reference/incidentsubstatuses/retrieves-incident_sub_status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_sub_statuses/{id}
Retrieves a specific incident_sub_status by id



# Update incident_sub_status
Source: https://docs.rootly.com/api-reference/incidentsubstatuses/update-incident_sub_status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_sub_statuses/{id}
Update a specific incident_sub_status by id



# Creates a Catalog Property
Source: https://docs.rootly.com/api-reference/incidenttypes/creates-a-catalog-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incident_types/properties
Creates a new Catalog Property from provided data



# Creates an incident type
Source: https://docs.rootly.com/api-reference/incidenttypes/creates-an-incident-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incident_types
Creates a new incident_type from provided data



# Delete an incident type
Source: https://docs.rootly.com/api-reference/incidenttypes/delete-an-incident-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/incident_types/{id}
Delete a specific incident_type by id



# List Catalog Properties
Source: https://docs.rootly.com/api-reference/incidenttypes/list-catalog-properties

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_types/properties
List IncidentType Catalog Properties



# List incident types
Source: https://docs.rootly.com/api-reference/incidenttypes/list-incident-types

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_types
List incident types



# Retrieves an incident type
Source: https://docs.rootly.com/api-reference/incidenttypes/retrieves-an-incident-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incident_types/{id}
Retrieves a specific incident_type by id



# Update an incident type
Source: https://docs.rootly.com/api-reference/incidenttypes/update-an-incident-type

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/incident_types/{id}
Update a specific incident_type by id



# Retrieves IP ranges
Source: https://docs.rootly.com/api-reference/ipranges/retrieves-ip-ranges

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/ip_ranges
Retrieves the IP ranges for rootly.com services



# Creates a Live Call Router
Source: https://docs.rootly.com/api-reference/livecallrouters/creates-a-live-call-router

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/live_call_routers
Creates a new Live Call Router from provided data



# Delete a Live Call Router
Source: https://docs.rootly.com/api-reference/livecallrouters/delete-a-live-call-router

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/live_call_routers/{id}
Delete a specific Live Call Router by id



# Generates a phone number for Live Call Router
Source: https://docs.rootly.com/api-reference/livecallrouters/generates-a-phone-number-for-live-call-router

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/live_call_routers/generate_phone_number
Generates a phone number for Live Call Router



# List Live Call Routers
Source: https://docs.rootly.com/api-reference/livecallrouters/list-live-call-routers

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/live_call_routers
List Live Call Routers



# Retrieves a Live Call Router
Source: https://docs.rootly.com/api-reference/livecallrouters/retrieves-a-live-call-router

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/live_call_routers/{id}
Retrieves a specific Live Call Router by id



# Update a Live Call Router
Source: https://docs.rootly.com/api-reference/livecallrouters/update-a-live-call-router

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/live_call_routers/{id}
Update a specific Live Call Router by id



# Create meeting recording
Source: https://docs.rootly.com/api-reference/meeting-recordings/create-meeting-recording

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/incidents/{incident_id}/meeting_recordings
Invite a recording bot to the incident's meeting. If no previous recordings exist for the platform, a new bot is invited (session 1). If previous sessions exist, a new session is created (re-invite). The bot joins the meeting, records audio/video, and generates a transcript when the session ends.



# Delete a meeting recording
Source: https://docs.rootly.com/api-reference/meeting-recordings/delete-a-meeting-recording

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/meeting_recordings/{id}
Delete a meeting recording. Only completed or failed recordings can be deleted. Active recordings (pending, recording, paused) must be stopped first.



# Delete video from a meeting recording
Source: https://docs.rootly.com/api-reference/meeting-recordings/delete-video-from-a-meeting-recording

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/meeting_recordings/{id}/delete_video
Delete only the video file from a meeting recording. The transcript, summary, and all metadata are preserved. Only non-active recordings with an attached video can have their video deleted.



# Get a meeting recording
Source: https://docs.rootly.com/api-reference/meeting-recordings/get-a-meeting-recording

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/meeting_recordings/{id}
Retrieve a single meeting recording session including its status, duration, speaker count, word count, and transcript summary.



# Leave a meeting call
Source: https://docs.rootly.com/api-reference/meeting-recordings/leave-a-meeting-call

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/meeting_recordings/{id}/leave
Remove the recording bot from the meeting entirely. Unlike stop, this immediately disconnects the bot. The session will transition to analyzing and then completed once transcript processing finishes.



# List meeting recordings
Source: https://docs.rootly.com/api-reference/meeting-recordings/list-meeting-recordings

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/incidents/{incident_id}/meeting_recordings
List all meeting recording sessions for an incident. Returns recordings sorted by session number. Each recording represents one bot session with its own transcript, status, and metadata.



# Pause a meeting recording
Source: https://docs.rootly.com/api-reference/meeting-recordings/pause-a-meeting-recording

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/meeting_recordings/{id}/pause
Pause an active recording session. The bot remains in the meeting but stops capturing audio/video. Use the resume endpoint to continue recording.



# Resume a meeting recording
Source: https://docs.rootly.com/api-reference/meeting-recordings/resume-a-meeting-recording

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/meeting_recordings/{id}/resume
Resume a paused recording session. The bot continues capturing audio/video from the meeting.



# Stop a meeting recording
Source: https://docs.rootly.com/api-reference/meeting-recordings/stop-a-meeting-recording

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/meeting_recordings/{id}/stop
Stop an active or paused recording. The bot finishes processing, generates a transcript, and the session status transitions to completed. This is irreversible — to record again, create a new session.



# Creates an On-Call Pay Report
Source: https://docs.rootly.com/api-reference/oncallpayreports/creates-an-on-call-pay-report

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/on_call_pay_reports
Generates a new on-call pay report for the given date range. The report is generated asynchronously.



# List On-Call Pay Reports
Source: https://docs.rootly.com/api-reference/oncallpayreports/list-on-call-pay-reports

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/on_call_pay_reports
List on-call pay reports



# Regenerate an On-Call Pay Report
Source: https://docs.rootly.com/api-reference/oncallpayreports/regenerate-an-on-call-pay-report

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/on_call_pay_reports/{id}/regenerate
Triggers regeneration of an existing on-call pay report.



# Retrieves an On-Call Pay Report
Source: https://docs.rootly.com/api-reference/oncallpayreports/retrieves-an-on-call-pay-report

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/on_call_pay_reports/{id}
Retrieves a specific on-call pay report by id



# Update an On-Call Pay Report
Source: https://docs.rootly.com/api-reference/oncallpayreports/update-an-on-call-pay-report

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/on_call_pay_reports/{id}
Update a specific on-call pay report by id. Triggers report regeneration.



# Creates an On-Call Role
Source: https://docs.rootly.com/api-reference/oncallroles/creates-an-on-call-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/on_call_roles
Creates a new On-Call Role from provided data



# Delete an On-Call Role
Source: https://docs.rootly.com/api-reference/oncallroles/delete-an-on-call-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/on_call_roles/{id}
Delete a specific On-Call Role by id



# List On-Call Roles
Source: https://docs.rootly.com/api-reference/oncallroles/list-on-call-roles

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/on_call_roles
List On-Call Roles



# Retrieves an On-Call Role
Source: https://docs.rootly.com/api-reference/oncallroles/retrieves-an-on-call-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/on_call_roles/{id}
Retrieves a specific On-Call Role by id



# Update an On-Call Role
Source: https://docs.rootly.com/api-reference/oncallroles/update-an-on-call-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/on_call_roles/{id}
Update a specific On-Call Role by id



# List on-calls
Source: https://docs.rootly.com/api-reference/oncalls/list-on-calls

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/oncalls
List who is currently on-call, with support for filtering by escalation policy, schedule, and user. Returns on-call entries grouped by escalation policy level.



# creates an shadow configuration
Source: https://docs.rootly.com/api-reference/oncallshadows/creates-an-shadow-configuration

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/schedules/{schedule_id}/on_call_shadows
Creates a new on call shadow configuration from provided data



# List On Call Shadows for Shift
Source: https://docs.rootly.com/api-reference/oncallshadows/list-on-call-shadows-for-shift

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedules/{schedule_id}/on_call_shadows
List shadow shifts for schedule



# Retrieves an On Call Shadow configuration by ID
Source: https://docs.rootly.com/api-reference/oncallshadows/retrieves-an-on-call-shadow-configuration-by-id

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/on_call_shadows/{id}
Retrieves a specific On Call Shadow configuration by ID



# Update an On Call Shadow configuration
Source: https://docs.rootly.com/api-reference/oncallshadows/update-an-on-call-shadow-configuration

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/on_call_shadows/{id}
Update a specific on call shadow configuration by id



# creates an override shift
Source: https://docs.rootly.com/api-reference/overrideshifts/creates-an-override-shift

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/schedules/{schedule_id}/override_shifts
Creates a new override shift from provided data. If any existing override shifts overlap with the specified time range, they will be automatically deleted and replaced by the new override.



# Delete an on call shadow configuration
Source: https://docs.rootly.com/api-reference/overrideshifts/delete-an-on-call-shadow-configuration

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/on_call_shadows/{id}
Delete a specific on call shadow configuration by id. Future shadows are hard-deleted. Active shadows (started in the past) have their end time truncated to preserve historical data.



# Delete an override shift
Source: https://docs.rootly.com/api-reference/overrideshifts/delete-an-override-shift

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/override_shifts/{id}
Delete a specific override shift by id



# List override shifts
Source: https://docs.rootly.com/api-reference/overrideshifts/list-override-shifts

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedules/{schedule_id}/override_shifts
List override shifts



# Retrieves an override shift
Source: https://docs.rootly.com/api-reference/overrideshifts/retrieves-an-override-shift

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/override_shifts/{id}
Retrieves a specific override shift by id



# Update an override shift
Source: https://docs.rootly.com/api-reference/overrideshifts/update-an-override-shift

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/override_shifts/{id}
Update a specific override shift by id



# Overview
Source: https://docs.rootly.com/api-reference/overview

Learn how to authenticate with the Rootly API using bearer tokens, work with rate limits, pagination, filtering, and JSON:API endpoints.

<CardGroup>
  <Card title="Download OpenAPI Specification" icon="download" href="https://rootly.com/swagger/v1/swagger.json">
    Download our OpenAPI/Swagger specification to explore our API endpoints or generate client libraries.
  </Card>

  <Card title="Official SDKs" icon="code" href="/api-reference/sdks">
    Use our official Go and Python SDKs to integrate with the Rootly API.
  </Card>

  <Card title="OAuth 2.0 & OpenID Connect" icon="shield-halved" href="/api-reference/oauth2">
    Browser-based login, scoped third-party access, and user-independent client credentials tokens.
  </Card>
</CardGroup>

# How to generate an API Key?

To generate a new API key, navigate to: **Organization dropdown** > **Organization Settings** > **API Keys > Generate New API Key**.

Rootly supports three scopes of API Keys:

| API Key Type     | Permissions                                                                                                                                                                                                                                |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Global API Key   | Global API Keys are assigned On-Call and Incident Response role when they're generated. The assigned role's permissions control the key's permissions. Global API Keys are able to interact with all entities within your Rootly instance. |
| Team API Key     | Team API Keys inherit the same permissions of a Team Admin. They have full read and edit access to any Rootly entity that team owns, such as the team's Schedules and Escalation Policies.                                                 |
| Personal API Key | Personal API Keys inherit the permissions of the user who created the API key.                                                                                                                                                             |

# JSON:API Specification

Rootly is using **JSON:API** ([https://jsonapi.org](https://jsonapi.org)) specification:

* JSON:API is a specification for how a client should request that resources be fetched or modified, and how a server should respond to those requests.
* JSON:API is designed to minimize both the number of requests and the amount of data transmitted between clients and servers. This efficiency is achieved without compromising readability, flexibility, or discoverability.
* JSON:API requires use of the JSON:API media type (**application/vnd.api+json**) for exchanging data.

# Authentication and Requests

We use standard HTTP Authentication over HTTPS to authorize your requests.

```bash theme={null}
curl --request GET \
--header 'Content-Type: application/vnd.api+json' \
--header 'Authorization: Bearer YOUR-TOKEN' \
--url https://api.rootly.com/v1/incidents
```

# Rate limiting

* There is a default limit of **3000** **GET**, **HEAD**, and **OPTIONS** calls **per API key** every minute. The limit is calculated over a **1-minute sliding window** looking back from the current time. While the limit can be configured to support higher thresholds, you must first contact your **Rootly Customer Success Manager** to make any adjustments.
* There is a default limit of **3000** **POST**, **PUT**, **PATCH** or **DELETE** calls **per API key** every minute. Alert creation is limited to 50 per minute per API key. The limit is calculated over a **1-minute sliding window** looking back from the current time. While the limit can be configured to support higher thresholds, you must first contact your **Rootly Customer Success Manager** to make any adjustments.
  * Note: Our default rate limit for Alert Creation is 50 alerts every minute, per API key or alert source.
* When rate limits are exceeded, the API will return a **429 Too Many Requests** HTTP status code with the response: `{"error": "Rate limit exceeded. Try again later."}`
  * We recommend configuring your Alert Sources to handle this response and retry in order to create your Alert in Rootly.
* **X-RateLimit headers** are included in every API response, providing real-time rate limit information:
  * **X-RateLimit-Limit** - The maximum number of requests permitted and the time window (e.g., "3000, 3000;window=60" for 3000 requests per minute)
  * **X-RateLimit-Remaining** - The number of requests remaining in the current rate limit window
  * **X-RateLimit-Used** - The number of requests already made in the current window
  * **X-RateLimit-Reset** - The time at which the current rate limit window resets, in UTC epoch seconds

# Pagination

* Pagination is supported for all endpoints that return a **collection** of items.
* Pagination is controlled by the **page** query parameter

## Example

```bash theme={null}
curl --request GET \
--header 'Content-Type: application/vnd.api+json' \
--header 'Authorization: Bearer YOUR-TOKEN' \
--url https://api.rootly.com/v1/incidents?page[number]=1&page[size]=10
```


# Creates a playbook
Source: https://docs.rootly.com/api-reference/playbooks/creates-a-playbook

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/playbooks
Creates a new playbook from provided data



# Delete a playbook
Source: https://docs.rootly.com/api-reference/playbooks/delete-a-playbook

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/playbooks/{id}
Delete a specific playbook by id



# List playbooks
Source: https://docs.rootly.com/api-reference/playbooks/list-playbooks

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/playbooks
List playbooks



# Retrieves a playbook
Source: https://docs.rootly.com/api-reference/playbooks/retrieves-a-playbook

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/playbooks/{id}
Retrieves a specific playbook by id



# Update a playbook
Source: https://docs.rootly.com/api-reference/playbooks/update-a-playbook

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/playbooks/{id}
Update a specific playbook by id



# Creates a playbook task
Source: https://docs.rootly.com/api-reference/playbooktasks/creates-a-playbook-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/playbooks/{playbook_id}/playbook_tasks
Creates a new task from provided data



# Delete a playbook task
Source: https://docs.rootly.com/api-reference/playbooktasks/delete-a-playbook-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/playbook_tasks/{id}
Delete a specific playbook task by id



# List playbook tasks
Source: https://docs.rootly.com/api-reference/playbooktasks/list-playbook-tasks

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/playbooks/{playbook_id}/playbook_tasks
List playbook tasks



# Retrieves a playbook task
Source: https://docs.rootly.com/api-reference/playbooktasks/retrieves-a-playbook-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/playbook_tasks/{id}
Retrieves a specific playbook_task by id



# Update a playbook task
Source: https://docs.rootly.com/api-reference/playbooktasks/update-a-playbook-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/playbook_tasks/{id}
Update a specific playbook task by id



# Creates a pulse
Source: https://docs.rootly.com/api-reference/pulses/creates-a-pulse

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/pulses
Creates a new pulse from provided data



# List pulses
Source: https://docs.rootly.com/api-reference/pulses/list-pulses

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/pulses
List pulses



# Retrieves a pulse
Source: https://docs.rootly.com/api-reference/pulses/retrieves-a-pulse

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/pulses/{id}
Retrieves a specific pulse by id



# Update a pulse
Source: https://docs.rootly.com/api-reference/pulses/update-a-pulse

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/pulses/{id}
Update a specific pulse by id



# List retrospective configurations
Source: https://docs.rootly.com/api-reference/retrospectiveconfigurations/list-retrospective-configurations

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_configurations
List retrospective configurations



# Retrieves a Retrospective Configuration
Source: https://docs.rootly.com/api-reference/retrospectiveconfigurations/retrieves-a-retrospective-configuration

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_configurations/{id}
Retrieves a specific retrospective_configuration by id



# Update a retrospective configuration
Source: https://docs.rootly.com/api-reference/retrospectiveconfigurations/update-a-retrospective-configuration

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/retrospective_configurations/{id}
Update a specific retrospective configuration by id



# Creates a retrospective process
Source: https://docs.rootly.com/api-reference/retrospectiveprocesses/creates-a-retrospective-process

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/retrospective_processes
Creates a new retrospective process from provided data



# Delete a retrospective process
Source: https://docs.rootly.com/api-reference/retrospectiveprocesses/delete-a-retrospective-process

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/retrospective_processes/{id}
Delete a specific retrospective process by id



# List retrospective processes
Source: https://docs.rootly.com/api-reference/retrospectiveprocesses/list-retrospective-processes

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_processes
List retrospective processes



# Retrieves a retrospective process
Source: https://docs.rootly.com/api-reference/retrospectiveprocesses/retrieves-a-retrospective-process

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_processes/{id}
Retrieves a specific retrospective process by id



# Update a retrospective process
Source: https://docs.rootly.com/api-reference/retrospectiveprocesses/update-a-retrospective-process

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/retrospective_processes/{id}
Updates a specific retrospective process by id



# Creates a retrospective process group
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroups/creates-a-retrospective-process-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/retrospective_processes/{retrospective_process_id}/groups
Creates a new retrospective process group from provided data



# Delete a Retrospective Process Group
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroups/delete-a-retrospective-process-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/retrospective_process_groups/{id}
Delete a specific Retrospective Process Group by id



# List Retrospective Process Groups
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroups/list-retrospective-process-groups

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_processes/{retrospective_process_id}/groups
List Retrospective Process Groups



# Retrieves a Retrospective Process Group
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroups/retrieves-a-retrospective-process-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_process_groups/{id}
Retrieves a specific Retrospective Process Group by id



# Update a Retrospective Process Group
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroups/update-a-retrospective-process-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/retrospective_process_groups/{id}
Update a specific Retrospective Process Group by id



# Creates a retrospective process group step
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroupsteps/creates-a-retrospective-process-group-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/retrospective_process_groups/{retrospective_process_group_id}/steps
Creates a new retrospective process group step from provided data



# Delete a RetrospectiveProcessGroup Step
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroupsteps/delete-a-retrospectiveprocessgroup-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/retrospective_process_group_steps/{id}
Delete a specific RetrospectiveProcessGroup Step by id



# List RetrospectiveProcessGroup Steps
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroupsteps/list-retrospectiveprocessgroup-steps

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_process_groups/{retrospective_process_group_id}/steps
List RetrospectiveProcessGroup Steps



# Retrieves a RetrospectiveProcessGroup Step
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroupsteps/retrieves-a-retrospectiveprocessgroup-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_process_group_steps/{id}
Retrieves a specific RetrospectiveProcessGroup Step by id



# Update RetrospectiveProcessGroup Step
Source: https://docs.rootly.com/api-reference/retrospectiveprocessgroupsteps/update-retrospectiveprocessgroup-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/retrospective_process_group_steps/{id}
Update a specific RetrospectiveProcessGroup Step by id



# Creates a retrospective step
Source: https://docs.rootly.com/api-reference/retrospectivesteps/creates-a-retrospective-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/retrospective_processes/{retrospective_process_id}/retrospective_steps
Creates a new retrospective step from provided data



# Delete a retrospective step
Source: https://docs.rootly.com/api-reference/retrospectivesteps/delete-a-retrospective-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/retrospective_steps/{id}
Delete a specific retrospective step by id



# List retrospective steps
Source: https://docs.rootly.com/api-reference/retrospectivesteps/list-retrospective-steps

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_processes/{retrospective_process_id}/retrospective_steps
List retrospective steps



# Retrieves a retrospective step
Source: https://docs.rootly.com/api-reference/retrospectivesteps/retrieves-a-retrospective-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/retrospective_steps/{id}
Retrieves a specific retrospective step by id



# Update a retrospective step
Source: https://docs.rootly.com/api-reference/retrospectivesteps/update-a-retrospective-step

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/retrospective_steps/{id}
Update a specific retrospective step by id



# Creates a retrospective template
Source: https://docs.rootly.com/api-reference/retrospectivetemplates/creates-a-retrospective-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/post_mortem_templates
Creates a new Retrospective Template from provided data



# Delete a Retrospective Template
Source: https://docs.rootly.com/api-reference/retrospectivetemplates/delete-a-retrospective-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/post_mortem_templates/{id}
Delete a specific Retrospective Template by id



# List Retrospective Templates
Source: https://docs.rootly.com/api-reference/retrospectivetemplates/list-retrospective-templates

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/post_mortem_templates
List Retrospective Templates



# Retrieves a Retrospective Template
Source: https://docs.rootly.com/api-reference/retrospectivetemplates/retrieves-a-retrospective-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/post_mortem_templates/{id}
Retrieves a specific Retrospective Template by id



# Update a Retrospective Template
Source: https://docs.rootly.com/api-reference/retrospectivetemplates/update-a-retrospective-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/post_mortem_templates/{id}
Update a specific Retrospective Template by id



# Creates a role
Source: https://docs.rootly.com/api-reference/roles/creates-a-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/roles
Creates a new role from provided data



# Delete a role
Source: https://docs.rootly.com/api-reference/roles/delete-a-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/roles/{id}
Delete a specific role by id



# List roles
Source: https://docs.rootly.com/api-reference/roles/list-roles

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/roles
List roles



# Retrieves a role
Source: https://docs.rootly.com/api-reference/roles/retrieves-a-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/roles/{id}
Retrieves a specific role by id



# Update a role
Source: https://docs.rootly.com/api-reference/roles/update-a-role

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/roles/{id}
Update a specific role by id



# Creates a schedule rotation active day
Source: https://docs.rootly.com/api-reference/schedulerotationactivedays/creates-a-schedule-rotation-active-day

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/schedule_rotations/{schedule_rotation_id}/schedule_rotation_active_days
Creates a new schedule rotation active day from provided data



# Delete a schedule rotation active day
Source: https://docs.rootly.com/api-reference/schedulerotationactivedays/delete-a-schedule-rotation-active-day

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/schedule_rotation_active_days/{id}
Delete a specific schedule rotation active day



# List schedule rotation active days
Source: https://docs.rootly.com/api-reference/schedulerotationactivedays/list-schedule-rotation-active-days

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedule_rotations/{schedule_rotation_id}/schedule_rotation_active_days
List schedule rotation active days



# Retrieves a schedule rotation active day
Source: https://docs.rootly.com/api-reference/schedulerotationactivedays/retrieves-a-schedule-rotation-active-day

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedule_rotation_active_days/{id}
Retrieves a specific schedule rotation active day by id



# Update a schedule rotation active day
Source: https://docs.rootly.com/api-reference/schedulerotationactivedays/update-a-schedule-rotation-active-day

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/schedule_rotation_active_days/{id}
Update a specific schedule rotation active day by id



# Creates a schedule rotation
Source: https://docs.rootly.com/api-reference/schedulerotations/creates-a-schedule-rotation

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/schedules/{schedule_id}/schedule_rotations
Creates a new schedule rotation from provided data



# Delete a schedule rotation
Source: https://docs.rootly.com/api-reference/schedulerotations/delete-a-schedule-rotation

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/schedule_rotations/{id}
Delete a specific schedule rotation by id



# List schedule rotations
Source: https://docs.rootly.com/api-reference/schedulerotations/list-schedule-rotations

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedules/{schedule_id}/schedule_rotations
List schedule rotations



# Retrieves a schedule rotation
Source: https://docs.rootly.com/api-reference/schedulerotations/retrieves-a-schedule-rotation

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedule_rotations/{id}
Retrieves a specific schedule rotation by id



# Update a schedule rotation
Source: https://docs.rootly.com/api-reference/schedulerotations/update-a-schedule-rotation

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/schedule_rotations/{id}
Update a specific schedule rotation by id



# Creates a schedule rotation user
Source: https://docs.rootly.com/api-reference/schedulerotationusers/creates-a-schedule-rotation-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/schedule_rotations/{schedule_rotation_id}/schedule_rotation_users
Creates a new schedule rotation user from provided data



# Delete a schedule rotation user
Source: https://docs.rootly.com/api-reference/schedulerotationusers/delete-a-schedule-rotation-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/schedule_rotation_users/{id}
Delete a specific schedule rotation user by id



# List schedule rotation users
Source: https://docs.rootly.com/api-reference/schedulerotationusers/list-schedule-rotation-users

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedule_rotations/{schedule_rotation_id}/schedule_rotation_users



# Retrieves a schedule rotation user
Source: https://docs.rootly.com/api-reference/schedulerotationusers/retrieves-a-schedule-rotation-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedule_rotation_users/{id}
Retrieves a specific schedule rotation user by id



# Update schedule rotation user
Source: https://docs.rootly.com/api-reference/schedulerotationusers/update-schedule-rotation-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/schedule_rotation_users/{id}
Update a specific schedule rotation user by id



# Creates a schedule
Source: https://docs.rootly.com/api-reference/schedules/creates-a-schedule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/schedules
Creates a new schedule from provided data



# Delete a schedule
Source: https://docs.rootly.com/api-reference/schedules/delete-a-schedule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/schedules/{id}
Delete a specific schedule by id



# List schedules
Source: https://docs.rootly.com/api-reference/schedules/list-schedules

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedules
List schedules



# Retrieves a schedule
Source: https://docs.rootly.com/api-reference/schedules/retrieves-a-schedule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedules/{id}
Retrieves a specific schedule by id



# Update a schedule
Source: https://docs.rootly.com/api-reference/schedules/update-a-schedule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/schedules/{id}
Updates a specific schedule by id



# Official SDKs
Source: https://docs.rootly.com/api-reference/sdks

Official client libraries for interacting with the Rootly API, including TypeScript, Python, Go, Ruby, and Terraform SDKs for incident management automation.

Rootly provides official SDKs to help you integrate with our API in your preferred programming language.

<CardGroup>
  <Card title="Go SDK" icon="golang" href="https://github.com/rootlyhq/rootly-go">
    Official Go client library for the Rootly API
  </Card>

  <Card title="Python SDK" icon="python" href="https://github.com/rootlyhq/rootly-python">
    Official Python client library for the Rootly API
  </Card>

  <Card title="TypeScript SDK" icon="js" href="/integrations/typescript-sdk">
    Type-safe TypeScript client for the Rootly API
  </Card>
</CardGroup>

Follow the links above for installation instructions, usage examples, and detailed documentation — either in the dedicated docs page or the GitHub repository.


# Creates a secret
Source: https://docs.rootly.com/api-reference/secrets/creates-a-secret

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/secrets
Creates a new secret from provided data



# Delete a secret
Source: https://docs.rootly.com/api-reference/secrets/delete-a-secret

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/secrets/{id}
Delete a specific secret by id



# List secrets
Source: https://docs.rootly.com/api-reference/secrets/list-secrets

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/secrets
List secrets



# Retrieves a secret
Source: https://docs.rootly.com/api-reference/secrets/retrieves-a-secret

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/secrets/{id}
Retrieve a specific secret by id



# Update a secret
Source: https://docs.rootly.com/api-reference/secrets/update-a-secret

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/secrets/{id}
Update a specific secret by id



# Creates a Catalog Property
Source: https://docs.rootly.com/api-reference/services/creates-a-catalog-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/services/properties
Creates a new Catalog Property from provided data



# Creates a service
Source: https://docs.rootly.com/api-reference/services/creates-a-service

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/services
Creates a new service from provided data



# Delete a service
Source: https://docs.rootly.com/api-reference/services/delete-a-service

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/services/{id}
Delete a specific service by id



# Get service incidents chart
Source: https://docs.rootly.com/api-reference/services/get-service-incidents-chart

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/services/{id}/incidents_chart
Get service incidents chart



# Get service uptime chart
Source: https://docs.rootly.com/api-reference/services/get-service-uptime-chart

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/services/{id}/uptime_chart
Get service uptime chart



# List Catalog Properties
Source: https://docs.rootly.com/api-reference/services/list-catalog-properties

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/services/properties
List Service Catalog Properties



# List services
Source: https://docs.rootly.com/api-reference/services/list-services

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/services
List services



# Retrieves a service
Source: https://docs.rootly.com/api-reference/services/retrieves-a-service

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/services/{id}
Retrieves a specific service by id



# Update a service
Source: https://docs.rootly.com/api-reference/services/update-a-service

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/services/{id}
Update a specific service by id



# Creates a severity
Source: https://docs.rootly.com/api-reference/severities/creates-a-severity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/severities
Creates a new severity from provided data



# Delete a severity
Source: https://docs.rootly.com/api-reference/severities/delete-a-severity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/severities/{id}
Delete a specific severity by id



# List severities
Source: https://docs.rootly.com/api-reference/severities/list-severities

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/severities
List severities



# Retrieves a severity
Source: https://docs.rootly.com/api-reference/severities/retrieves-a-severity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/severities/{id}
Retrieves a specific severity by id



# Update a severity
Source: https://docs.rootly.com/api-reference/severities/update-a-severity

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/severities/{id}
Update a specific severity by id



# List shifts
Source: https://docs.rootly.com/api-reference/shifts/list-shifts

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/shifts
List shifts



# Retrieves a schedule shifts
Source: https://docs.rootly.com/api-reference/shifts/retrieves-a-schedule-shifts

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/schedules/{id}/shifts
Retrieves schedule shifts



# Creates an SLA
Source: https://docs.rootly.com/api-reference/slas/creates-an-sla

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/slas
Creates a new SLA from provided data



# Delete an SLA
Source: https://docs.rootly.com/api-reference/slas/delete-an-sla

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/slas/{id}
Delete a specific SLA by id



# List SLAs
Source: https://docs.rootly.com/api-reference/slas/list-slas

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/slas
List SLAs



# Retrieves an SLA
Source: https://docs.rootly.com/api-reference/slas/retrieves-an-sla

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/slas/{id}
Retrieves a specific SLA by id



# Update an SLA
Source: https://docs.rootly.com/api-reference/slas/update-an-sla

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/slas/{id}
Update a specific SLA by id



# List Statuses
Source: https://docs.rootly.com/api-reference/statuses/list-statuses

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/statuses
List Statuses



# Retrieves a Status
Source: https://docs.rootly.com/api-reference/statuses/retrieves-a-status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/statuses/{id}
Retrieves a specific Status by id



# Creates a status page
Source: https://docs.rootly.com/api-reference/statuspages/creates-a-status-page

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/status-pages
Creates a new status page from provided data



# Delete a status page
Source: https://docs.rootly.com/api-reference/statuspages/delete-a-status-page

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/status-pages/{id}
Delete a specific status page by id



# Get overall status of a status page
Source: https://docs.rootly.com/api-reference/statuspages/get-overall-status-of-a-status-page

https://rootly-heroku.s3.amazonaws.com/swagger/status_page/v1/swagger.json get /api/v1/status.json
Returns the overall status indicator and active incidents for the status page identified by the custom domain.



# List active incidents for a status page
Source: https://docs.rootly.com/api-reference/statuspages/list-active-incidents-for-a-status-page

https://rootly-heroku.s3.amazonaws.com/swagger/status_page/v1/swagger.json get /api/v1/incidents.json
Returns a paginated list of active incidents for the status page identified by the custom domain.



# List status pages
Source: https://docs.rootly.com/api-reference/statuspages/list-status-pages

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/status-pages
List status pages



# Retrieves a status page
Source: https://docs.rootly.com/api-reference/statuspages/retrieves-a-status-page

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/status-pages/{id}
Retrieves a specific status page by id



# Update a status page
Source: https://docs.rootly.com/api-reference/statuspages/update-a-status-page

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/status-pages/{id}
Update a specific status page by id



# Creates a status page template
Source: https://docs.rootly.com/api-reference/statuspagetemplates/creates-a-status-page-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/status-pages/{status_page_id}/templates
Creates a new template from provided data



# Delete a incident event
Source: https://docs.rootly.com/api-reference/statuspagetemplates/delete-a-incident-event

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/templates/{id}
Delete a specific template event by id



# List status page templates
Source: https://docs.rootly.com/api-reference/statuspagetemplates/list-status-page-templates

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/status-pages/{status_page_id}/templates
List status page templates



# Retrieves a status page template
Source: https://docs.rootly.com/api-reference/statuspagetemplates/retrieves-a-status-page-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/templates/{id}
Retrieves a specific status_page_template by id



# Update status page template
Source: https://docs.rootly.com/api-reference/statuspagetemplates/update-status-page-template

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/templates/{id}
Update a specific template event by id



# Creates a Sub-Status
Source: https://docs.rootly.com/api-reference/substatuses/creates-a-sub-status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/sub_statuses
Creates a new Sub-Status from provided data



# Delete a Sub-Status
Source: https://docs.rootly.com/api-reference/substatuses/delete-a-sub-status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/sub_statuses/{id}
Delete a specific Sub-Status by id



# List Sub-Statuses
Source: https://docs.rootly.com/api-reference/substatuses/list-sub-statuses

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/sub_statuses
List Sub-Statuses



# Retrieves a Sub-Status
Source: https://docs.rootly.com/api-reference/substatuses/retrieves-a-sub-status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/sub_statuses/{id}
Retrieves a specific Sub-Status by id



# Update a Sub-Status
Source: https://docs.rootly.com/api-reference/substatuses/update-a-sub-status

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/sub_statuses/{id}
Update a specific Sub-Status by id



# Creates a Catalog Property
Source: https://docs.rootly.com/api-reference/teams/creates-a-catalog-property

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/teams/properties
Creates a new Catalog Property from provided data



# Creates a team
Source: https://docs.rootly.com/api-reference/teams/creates-a-team

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/teams
Creates a new team from provided data



# Delete a team
Source: https://docs.rootly.com/api-reference/teams/delete-a-team

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/teams/{id}
Delete a specific team by id



# Get team incidents chart
Source: https://docs.rootly.com/api-reference/teams/get-team-incidents-chart

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/teams/{id}/incidents_chart
Get team incidents chart



# List Catalog Properties
Source: https://docs.rootly.com/api-reference/teams/list-catalog-properties

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/teams/properties
List Group Catalog Properties



# List teams
Source: https://docs.rootly.com/api-reference/teams/list-teams

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/teams
List teams



# Retrieves a team
Source: https://docs.rootly.com/api-reference/teams/retrieves-a-team

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/teams/{id}
Retrieves a specific team by id



# Update a team
Source: https://docs.rootly.com/api-reference/teams/update-a-team

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/teams/{id}
Update a specific team by id



# Creates a user email address
Source: https://docs.rootly.com/api-reference/useremailaddresses/creates-a-user-email-address

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/users/{user_id}/email_addresses
Creates a new user email address from provided data



# Delete user email address
Source: https://docs.rootly.com/api-reference/useremailaddresses/delete-user-email-address

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/email_addresses/{id}
Deletes a user email address



# Resends verification email
Source: https://docs.rootly.com/api-reference/useremailaddresses/resends-verification-email

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/email_addresses/{id}/resend_verification
Resends verification email for an email address



# Retrieves user email addresses
Source: https://docs.rootly.com/api-reference/useremailaddresses/retrieves-user-email-addresses

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/users/{user_id}/email_addresses
Retrieves all email addresses for the specified user



# Show user email address
Source: https://docs.rootly.com/api-reference/useremailaddresses/show-user-email-address

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/email_addresses/{id}
Retrieves a specific user email address



# Update user email address
Source: https://docs.rootly.com/api-reference/useremailaddresses/update-user-email-address

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/email_addresses/{id}
Updates a user email address



# Verifies an email address with token
Source: https://docs.rootly.com/api-reference/useremailaddresses/verifies-an-email-address-with-token

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/email_addresses/{id}/verify
Verifies an email address using a verification token



# Creates an user notification rule
Source: https://docs.rootly.com/api-reference/usernotificationrules/creates-an-user-notification-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/users/{user_id}/notification_rules
Creates a new user notification rule from provided data



# Delete an user notification rule
Source: https://docs.rootly.com/api-reference/usernotificationrules/delete-an-user-notification-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/notification_rules/{id}
Delete a specific user notification rule by id



# List user notification rules
Source: https://docs.rootly.com/api-reference/usernotificationrules/list-user-notification-rules

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/users/{user_id}/notification_rules
List user notification rules



# Retrieves an user notification rule
Source: https://docs.rootly.com/api-reference/usernotificationrules/retrieves-an-user-notification-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/notification_rules/{id}
Retrieves a specific user notification rule by id



# Update an user notification rule
Source: https://docs.rootly.com/api-reference/usernotificationrules/update-an-user-notification-rule

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/notification_rules/{id}
Update a specific user notification rule by id



# Creates a user phone number
Source: https://docs.rootly.com/api-reference/userphonenumbers/creates-a-user-phone-number

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/users/{user_id}/phone_numbers
Creates a new user phone number from provided data



# Delete user phone number
Source: https://docs.rootly.com/api-reference/userphonenumbers/delete-user-phone-number

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/phone_numbers/{id}
Deletes a user phone number



# Retrieves user phone numbers
Source: https://docs.rootly.com/api-reference/userphonenumbers/retrieves-user-phone-numbers

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/users/{user_id}/phone_numbers
Retrieves all phone numbers for the specified user



# Show user phone number
Source: https://docs.rootly.com/api-reference/userphonenumbers/show-user-phone-number

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/phone_numbers/{id}
Retrieves a specific user phone number



# Update user phone number
Source: https://docs.rootly.com/api-reference/userphonenumbers/update-user-phone-number

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/phone_numbers/{id}
Updates a user phone number



# Delete an user
Source: https://docs.rootly.com/api-reference/users/delete-an-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/users/{id}
Delete a specific user by id



# Get current user
Source: https://docs.rootly.com/api-reference/users/get-current-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/users/me
Get current user



# List users
Source: https://docs.rootly.com/api-reference/users/list-users

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/users
List users



# Retrieves an user
Source: https://docs.rootly.com/api-reference/users/retrieves-an-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/users/{id}
Retrieves a specific user by id



# Update a user
Source: https://docs.rootly.com/api-reference/users/update-a-user

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/users/{id}
Update a specific user by id



# List webhook deliveries
Source: https://docs.rootly.com/api-reference/webhooksdeliveries/list-webhook-deliveries

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/webhooks/endpoints/{endpoint_id}/deliveries
List webhook deliveries for given endpoint



# Retries a webhook delivery
Source: https://docs.rootly.com/api-reference/webhooksdeliveries/retries-a-webhook-delivery

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/webhooks/deliveries/{id}/deliver
Retries a webhook delivery



# Retrieves a webhook delivery
Source: https://docs.rootly.com/api-reference/webhooksdeliveries/retrieves-a-webhook-delivery

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/webhooks/deliveries/{id}
Retrieves a specific webhook delivery by id



# Creates a webhook endpoint
Source: https://docs.rootly.com/api-reference/webhooksendpoints/creates-a-webhook-endpoint

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/webhooks/endpoints
Creates a new webhook endpoint from provided data



# Delete a webhook endpoint
Source: https://docs.rootly.com/api-reference/webhooksendpoints/delete-a-webhook-endpoint

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/webhooks/endpoints/{id}
Delete a specific webhook endpoint by id



# List webhook endpoints
Source: https://docs.rootly.com/api-reference/webhooksendpoints/list-webhook-endpoints

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/webhooks/endpoints
List webhook endpoints



# Retrieves a webhook endpoint
Source: https://docs.rootly.com/api-reference/webhooksendpoints/retrieves-a-webhook-endpoint

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/webhooks/endpoints/{id}
Retrieves a specific webhook endpoint by id



# Update a webhook endpoint
Source: https://docs.rootly.com/api-reference/webhooksendpoints/update-a-webhook-endpoint

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/webhooks/endpoints/{id}
Update a specific webhook endpoint by id



# Creates a workflow form field condition
Source: https://docs.rootly.com/api-reference/workflowformfieldconditions/creates-a-workflow-form-field-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/workflows/{workflow_id}/form_field_conditions
Creates a new workflow form field condition from provided data



# Delete a workflow_form field condition
Source: https://docs.rootly.com/api-reference/workflowformfieldconditions/delete-a-workflow_form-field-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/workflow_form_field_conditions/{id}
Delete a specific workflow form field condition by id



# List workflow form field conditions
Source: https://docs.rootly.com/api-reference/workflowformfieldconditions/list-workflow-form-field-conditions

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflows/{workflow_id}/form_field_conditions
List workflow form field conditions



# Retrieves a workflow form field condition
Source: https://docs.rootly.com/api-reference/workflowformfieldconditions/retrieves-a-workflow-form-field-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflow_form_field_conditions/{id}
Retrieves a specific workflow form field condition by id



# Update a workflow form field condition
Source: https://docs.rootly.com/api-reference/workflowformfieldconditions/update-a-workflow-form-field-condition

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/workflow_form_field_conditions/{id}
Update a specific workflow form field condition by id



# Creates a workflow group
Source: https://docs.rootly.com/api-reference/workflowgroups/creates-a-workflow-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/workflow_groups
Creates a new workflow group from provided data



# Delete a workflow_group
Source: https://docs.rootly.com/api-reference/workflowgroups/delete-a-workflow_group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/workflow_groups/{id}
Delete a specific workflow group by id



# List workflow groups
Source: https://docs.rootly.com/api-reference/workflowgroups/list-workflow-groups

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflow_groups
List workflow groups



# Retrieves a workflow group
Source: https://docs.rootly.com/api-reference/workflowgroups/retrieves-a-workflow-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflow_groups/{id}
Retrieves a specific workflow group by id



# Update a workflow group
Source: https://docs.rootly.com/api-reference/workflowgroups/update-a-workflow-group

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/workflow_groups/{id}
Update a specific workflow group by id



# Creates a workflow run
Source: https://docs.rootly.com/api-reference/workflowruns/creates-a-workflow-run

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/workflows/{workflow_id}/workflow_runs
Creates a new workflow run from provided data



# List workflow runs
Source: https://docs.rootly.com/api-reference/workflowruns/list-workflow-runs

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflows/{workflow_id}/workflow_runs
List workflow runs



# Creates a workflow
Source: https://docs.rootly.com/api-reference/workflows/creates-a-workflow

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/workflows
Creates a new workflow from provided data



# Delete a workflow
Source: https://docs.rootly.com/api-reference/workflows/delete-a-workflow

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/workflows/{id}
Delete a specific workflow by id



# List workflows
Source: https://docs.rootly.com/api-reference/workflows/list-workflows

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflows
List workflows



# Retrieves a workflow
Source: https://docs.rootly.com/api-reference/workflows/retrieves-a-workflow

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflows/{id}
Retrieves a specific workflow by id



# Update a workflow
Source: https://docs.rootly.com/api-reference/workflows/update-a-workflow

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/workflows/{id}
Update a specific workflow by id



# Creates a workflow task
Source: https://docs.rootly.com/api-reference/workflowtasks/creates-a-workflow-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json post /v1/workflows/{workflow_id}/workflow_tasks
Creates a new workflow task from provided data



# Delete a workflow task
Source: https://docs.rootly.com/api-reference/workflowtasks/delete-a-workflow-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json delete /v1/workflow_tasks/{id}
Delete a specific workflow task by id



# List workflow tasks
Source: https://docs.rootly.com/api-reference/workflowtasks/list-workflow-tasks

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflows/{workflow_id}/workflow_tasks
List workflow tasks



# Retrieves a workflow task
Source: https://docs.rootly.com/api-reference/workflowtasks/retrieves-a-workflow-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json get /v1/workflow_tasks/{id}
Retrieves a specific workflow_task by id



# Update a workflow task
Source: https://docs.rootly.com/api-reference/workflowtasks/update-a-workflow-task

https://rootly-heroku.s3.amazonaws.com/swagger/v1/swagger.json put /v1/workflow_tasks/{id}
Update a specific workflow task by id



# Catalogs
Source: https://docs.rootly.com/catalogs

Define and manage the entities that matter to your business, like services, teams, and regions, as a structured source of truth for incident response.

Catalog is the central place in Rootly where you define the entities that matter most to your business, things like Services, Teams, Product Areas, Regions, or any other concept that shapes how your organization works and responds to incidents.

Rather than managing this data in spreadsheets or relying on people to fill in the right values from memory, Catalog gives you a structured, reusable source of truth. Once your entities are defined, you can use them everywhere: on incident fields, in workflows, in reports, and more.

<Info>
  **Why this matters**

  When an incident hits, responders need to quickly capture what’s impacted — which service, which region, which team. Without Catalog, this is manual and error-prone. With Catalog, that data is structured, consistent, and can even be filled in automatically.
</Info>

Rootly has always allowed you to manage a catalog of Services, Teams, Functionalities, Types, Environments, and Causes. Now, you’re able to add custom catalogs that represent additional business entities that are relevant to your incident response efforts.

<Frame>
  <img alt="Clean Shot2026 03 30at15 35 17@2x" />
</Frame>

# **Key concepts**

Here are the main building blocks you’ll work with:

* **Catalog**: A collection of related entities. For example, a "Services" Catalog contains all the services your organization runs.
* **Entity**: A single item within a Catalog. For example, "Payments API" is an entity in the Services Catalog.
* **Properties**: Attributes that describe each entity. For example, each Service might have an "Owning Team" property.

# Getting started

Begin setting up your Catalogs by navigating to the **Catalog section** from the left-hand navigation.

When you open the Catalog for the first time, Rootly comes pre-loaded with a set of common Catalogs to help you hit the ground running: Services, Teams, Functionalities, Causes, Types, and Environments.

These should look familiar to you: all of your existing Services, Teams, Functionalities etc. are now accessible from the Catalog page. **You can also access these Catalogs from the Rootly > Configuration section**.

Now, you can continue to use these built-in Catalogs as is, or customize them to match your setup. Nothing is locked in, everything is editable.

<Frame>
  <img alt="Clean Shot2026 03 30at15 38 33@2x" />
</Frame>


# Checklists
Source: https://docs.rootly.com/checklists

Create checklists to verify that every entity in your catalog has the required properties, and run audits to track completeness across your organization.

Checklists help you make sure that every entity in your Catalog has the information it needs to participate in your incident response and on-call processes.

As your organization grows and reorganizes, it’s easy for Catalog data to go stale: teams change ownership, services get deprecated, runbooks go out of date. Checklists give you a structured way to define what "complete" looks like for each type of entity, and to periodically verify that every entity meets that standard.

<Info>
  You can create an "On-Call Ready" checklist for your Teams Catalog, specifying that every Team must have an escalation policy, a goalie, and a support tier defined. You then kick off an audit to check all of your teams at once — any team that’s missing information will show up as incomplete, with a clear owner responsible for filling in the gaps.
</Info>

## **Key concepts**

* **Checklist**: A definition of the properties that must be filled out on a Catalog entity for it to be considered complete. You give it a name, a description, and select the specific properties it covers.
* **Checklist owner**: The person responsible for completing the checklist for a given entity. This can be a specific user, or dynamically determined from a property on the entity (e.g., the entity’s assigned Goalie or Owning Team’s admin).
* **Audit**: An instance of a checklist created for each entity in a Catalog. Triggering an audit kicks off a checklist for every entity at once.
* **Audit status**: Tracks where each entity stands in the review process: Not Started, In Progress, or Complete.

## **Creating a checklist**

You can create checklists on both built-in Catalogs (like Services and Teams) and any custom Catalogs you’ve defined. **For now, you can only create one checklist per Catalog.**

<Frame>
  <img alt="Clean Shot2026 03 30at21 37 11@2x" />
</Frame>

1. Navigate to your Catalog and open the **Checklists** tab, and click **Add checklist**.
2. Give it a name (e.g., "On-Call Ready") and optional instructions so others know what it covers.
3. Optionally, assign a checklist owner (see below for more details).
4. Select the properties from that Catalog that must be filled out for an entity to pass the checklist.
5. Save the checklist.

### **Assigning a checklist owner**

The checklist owner is the person responsible for completing the checklist for each entity. You have a few options for how ownership is determined:

* **A specific user:** One person is responsible for completing the checklist for every entity in the Catalog.
* **A team property on the entity:** The owner is the admin of the team associated with the entity. For example, if each Service has an "Owning Team" property, the checklist owner would be the admin of that team.

Checklists can have more than one owner. However, you’re not required to assign ownership if it doesn’t make sense for your workflow.

### **Editing a checklist definition**

As your Catalog evolves (for example, if you add a new "Tier" property to your Services), you can edit an existing checklist to include the new property: you don’t need to create a brand new checklist.

<Warning>
  **Note on in-progress audits**: If you edit a checklist definition while an audit is already in progress, the active audit will not be changed. It will continue to reflect the checklist definition that was in place when that audit was triggered.
</Warning>

### **Deleting a checklist**

You can delete a checklist at any time. When you do, Rootly retains any historical references to it and any active audits will continue and can still be completed. The checklist itself will no longer be available for future audits.

## **Triggering and managing audits**

When it’s time to review and validate all entities in your Catalog, you can kick off an audit! An audit creates a fresh checklist for every entity in a Catalog at once. If you defined a checklist owner, they are all responsible for completing the audit of their entities. 

To trigger an audit:

1. Open the Catalog you want to audit. Click the **Checklists** tab from the overview page to see the available checklists.
2. Select the checklist you want to run.
3. Click **Initiate checklist review**.

Rootly will create a new checklist instance for every entity in the Catalog. 

<Frame>
  <img alt="Clean Shot2026 03 30at21 40 09@2x" />
</Frame>

<Warning>
  **Note on in-progress audits**: If an entity already has a checklist in "In Progress" status when you trigger an audit, Rootly will not create a new one for that entity and will not close the existing one.
</Warning>

## **Completing an audit**

Once an audit has been triggered for your entity, you’ll find it in the Catalog on that entity’s page. Here’s how to work through it.

<Frame>
  <img alt="Clean Shot2026 03 30at21 41 44@2x" />
</Frame>

### **Viewing audit statuses**

On the Catalog’s overview page, you can see the audit status for every entity at a glance. Entities that haven’t been started show a "Start Review" prompt; entities in progress show an "In Progress" indicator.

### **Reviewing and checking off items**

Each item in the audit corresponds to a property from the checklist definition. For each item, you’ll see the current value of that property on the entity.

1. Review the current value for each property. If the value is correct, check it off. Rootly records who checked it off and what the value was at the time.
2. If the value needs to be updated, make the change to the entity and then check off the item.
3. You can save your progress at any point and come back to finish later.
4. Once every item is checked off, click "Complete" to finalize the audit.

<Warning>
  **Completed audits are locked**: Once you mark an audit as complete, it cannot be edited by anyone. All checkboxes must be checked before you can complete the audit. Rootly records who completed it and when.
</Warning>

### **Multiple people working on the same audit**

More than one person can work on the same audit at the same time. Rootly tracks who checks off each individual item, so you’ll have a clear record of who reviewed what, even when the work is shared across a team.

## **Tracking audit progress**

Audits can have the following statuses:

* **Not Started:** The audit has been created but no items have been reviewed yet.
* **In Progress**: At least one item has been reviewed and checked off.
* **Complete**: All items have been checked off and the audit has been finalized.

## **Viewing audit history**

Rootly keeps a record of every completed audit for each entity. In the entity’s audit history, you can see:

* Who triggered the audit and when it was started.
* Which properties were included in the checklist at the time of the audit.
* The values those properties had when each item was checked off.
* Who checked off each item, and when.
* Who completed the audit, and when.

This gives you a clear, time-stamped record of the state of each entity at each review point: useful for compliance, retrospectives, or just understanding how your Catalog has evolved over time.


# Exporting Retrospectives
Source: https://docs.rootly.com/collaborative-retrospectives/exporting-retrospectives

Export retrospective content to external documentation providers like Google Docs, Confluence, Notion, SharePoint, Quip, Coda, and other knowledge bases.

## Overview

Rootly can export retrospective content to external documentation providers, allowing teams to use their preferred tools while benefiting from Rootly's incident management features.

### Supported Providers

Rootly supports the following external document providers:

* Google Docs
* Confluence
* Notion
* SharePoint
* Dropbox Paper
* Coda
* Quip
* Datadog

<Info>
  Each provider has its own authentication and configuration requirements. Contact your administrator if you need access to a specific provider.
</Info>

## Rootly Editor vs External Providers

### When to Use the Rootly Editor

The built-in collaborative editor is ideal when:

* Multiple team members need to edit simultaneously
* You want data blocks and variables that update automatically
* You prefer keeping incident data within Rootly
* You want to publish a retrospective accessible via a public URL

### When to Use External Providers

External providers work well when:

* Your organization standardizes on a specific documentation tool
* You need to share retrospectives with stakeholders outside Rootly
* You want documents accessible in your existing knowledge base
* Compliance or governance requires specific storage locations

### Using Both

Many teams combine approaches:

1. **Draft in Rootly:** Use the Rootly Editor for initial drafting and collaboration
2. **Export for distribution:** Export to an external provider when ready to share broadly
3. **Link back:** The external document links back to the incident in Rootly

<Info>
  Exporting happens at specific points (when you click Export) rather than in real-time.
</Info>

***

### What Gets Exported

When exporting to your external providers, Rootly processes your retrospective content to ensure compatibility.

### Content That Exports

| Content Type         | How It's Handled                                     |
| :------------------- | :--------------------------------------------------- |
| **Rich text**        | Formatting preserved (bold, italic, headings, lists) |
| **Tables**           | Converted to provider-native table format            |
| **Data blocks**      | Rendered as static content at export time            |
| **Liquid variables** | Resolved to actual values at export time             |
| **Code blocks**      | Formatted appropriately for each provider            |
| **Links**            | Preserved as clickable hyperlinks                    |

### Incident Data Blocks in External Documents

If your retrospective document contains data blocks:

* **Timeline:** Rendered as a formatted table with event date, source, user, and description
* **Follow-ups:** Rendered as a list with title, priority, status, assignee, and due date

<Info>
  Data blocks become static content in external documents. They won't update automatically if the incident data changes after export.
</Info>

### Provider-Specific Formatting

Rootly adjusts content formatting for each provider:

| Provider        | Special Handling                            |
| :-------------- | :------------------------------------------ |
| **Confluence**  | Inline code converted to Confluence macros  |
| **Google Docs** | Tables formatted with borders and styling   |
| **Notion**      | Content structured for Notion's block model |
| **Others**      | Standard HTML-to-provider conversion        |

***

## How to Export

The **Export** button in the editor header provides access to all export options for your retrospective.

### Export Dropdown

Click **Export** in the editor header to access these options:

| Option                       | Description                                                                                  |
| :--------------------------- | :------------------------------------------------------------------------------------------- |
| **Publish retrospective**    | Publishes the retrospective, making it accessible via a public URL and notifying subscribers |
| **Export to new document**   | Opens a modal to create a new export to any connected provider                               |
| **Update exported document** | Opens a modal to update a previously exported document (only visible if exports exist)       |

Once a retrospective is published, the Export dropdown updates to include additional options:

| Option                           | Description                                                                                              |
| :------------------------------- | :------------------------------------------------------------------------------------------------------- |
| **View published retrospective** | Opens the published retrospective in a new tab                                                           |
| **Copy link**                    | Copies the published retrospective URL to your clipboard                                                 |
| **Save as PDF**                  | Downloads the published retrospective as a PDF file                                                      |
| **Document settings**            | Customize what gets appended to the published document (e.g., timeline, action items, incident metadata) |

<Info>
  If you have no external integrations configured, click **Manage integrations** to connect a document provider. Contact your administrator to set up integrations in **Configuration → Integrations**.
</Info>

***

## Publishing a Retrospective

Publishing makes your retrospective accessible to your team and, for non-private incidents, available via a public URL that can be shared with stakeholders outside of Rootly.

### How to Publish

<Steps>
  <Step title="Open the Export dropdown">
    Click **Export** in the editor header.
  </Step>

  <Step title="Click Publish retrospective">
    If the incident has already been resolved, the retrospective is published immediately. If the incident is still active, a confirmation dialog asks you to confirm that you want to publish before the incident is resolved.
  </Step>
</Steps>

### What Happens When You Publish

* The retrospective status changes from **Draft** (yellow chip) to **Published** (green chip) in the editor header
* The published document is accessible via a public URL for non-private incidents
* Subscribers are notified that the retrospective has been published
* The Export dropdown updates to show additional options: view the published document, copy its link, save as PDF, and access document settings

### Document Settings

After publishing, you can customize the published retrospective by clicking **Document settings** in the Export dropdown. Document settings let you control what gets appended to your published document, such as:

* Incident timeline
* Action items / follow-ups
* Incident metadata (severity, services, roles, timestamps)

This allows teams to tailor what stakeholders see in the published version without modifying the editor content.

### Re-publishing

If you make changes to the retrospective after publishing, your published document gets updated automatically. The published URL remains the same — only the content is updated.

<Info>
  Publishing and exporting are independent actions. Publishing makes the retrospective available via a Rootly URL. Exporting pushes the content to an external provider like Confluence or Google Docs. You can do both.
</Info>

***

### Exporting to a New Document

To export your retrospective to an external provider for the first time:

<Steps>
  <Step title="Open the Export dropdown">
    Click **Export** in the editor header.
  </Step>

  <Step title="Select Export to new document">
    This opens a modal where you can configure the export.
  </Step>

  <Step title="Choose your destination">
    Select the provider (Confluence, Google Docs, Notion, etc.) from the dropdown. Each provider shows its icon for easy identification.
  </Step>

  <Step title="Set the document title">
    The title defaults to "Retrospective - \[Incident Title]". You can customize it.
  </Step>

  <Step title="Configure provider-specific options">
    Some providers require additional configuration:

    * **Confluence:** Select a space key for the destination
    * **Notion:** Select a parent page
    * Other providers may have their own options
  </Step>

  <Step title="Click Export">
    The export is created in the background. You'll be notified when it completes.
  </Step>
</Steps>

### Updating an Existing Export

If you've already exported the retrospective and want to push updated content:

<Steps>
  <Step title="Open the Export dropdown">
    Click **Export** in the editor header.
  </Step>

  <Step title="Select Update external document">
    This option only appears if you have previously exported the retrospective.
  </Step>

  <Step title="Choose which export to update">
    Select the export you want to update from the list. Each entry shows the provider name and document title.
  </Step>

  <Step title="Confirm the update">
    A warning confirms that the external document's content will be replaced with the current retrospective content. Click **Update** to proceed.
  </Step>
</Steps>

<Info>
  Updating an export overwrites the external document with the current retrospective content. This is a one-way operation — changes made in the external document will be replaced.
</Info>

### Working with Exported Documents

Once a retrospective is exported to an external provider:

* A link to the external document is stored on the incident
* The document lives in your external provider's system
* You can open external documents directly from the **More actions** menu in the editor header
* Edits in the external document do **not** sync back to Rootly

### Document Links

After exporting, you can reference external document URLs using Liquid variables:

* `{{ incident.confluence_page_url }}`
* `{{ incident.google_drive_url }}`
* `{{ incident.notion_page_url }}`
* `{{ incident.sharepoint_page_url }}`

### Managing Integrations

Click **Manage integrations** in the Export dropdown to go to **Configuration → Integrations** (Docs & Retrospective category), where you can connect or configure document providers.

### How Workflows and Exporting Work Together

Workflows and the Export button serve different purposes:

* **Workflows** can automatically create external documents (e.g., in Confluence or Google Docs) when an incident resolves or another trigger fires. These workflows do not create or modify the Rootly document — they only affect external providers.
* **The Export button** in the editor lets you manually export the Rootly document's content to a new external document or update an existing one at any time.

If you want the Rootly document to be created automatically, set up a separate **Create Rootly Retrospective** workflow. Otherwise, create it manually from the Retrospective tab.

<Info>
  The Rootly document and external documents are independent paths. A workflow that creates a Confluence page will not write to or create the Rootly document, and vice versa. If you create the Rootly document before a workflow fires, the workflow will not override it.
</Info>

***

### Best Practices

* **Set up workflows for initial creation:** Configure workflows to automatically create external documents when incidents resolve, so you don't have to manually export each time.
* **Use Update for changes:** After editing a retrospective, use **Update external document** to push changes to the existing export.
* **Include data blocks before exporting:** Add Timeline and Follow-ups blocks before exporting so they're rendered in the external document.
* **Verify liquid variables have values:** Empty variables create gaps in the external document. Check that referenced fields exist for the incident.

## Frequently Asked Questions

<Accordion title="My export failed with an authentication error">
  The connection to the external provider may have expired. Re-authenticate the integration in **Configuration → Integrations** or contact your administrator.
</Accordion>

<Accordion title="Data blocks are empty.">
  Data blocks must have data to render. If the incident has no timeline events or follow-ups, the blocks may appear empty. Add data to the incident before exporting.
</Accordion>

<Accordion title="Liquid variables resolve to N/A">
  Ensure the incident has the expected data. Variables without values resolve to N/A. Check that referenced fields (Jira ticket, assigned roles, etc.) exist for this incident.
</Accordion>

<Accordion title="Changes in the external document aren't in Rootly">
  Export is one-way. Edits made directly in the external provider don't sync back to Rootly. Make edits in Rootly and use **Update external document** to push changes.
</Accordion>

<Accordion title="How do I update an already-exported document?">
  Click **Export** in the editor header and select **Update external document**. Choose the export you want to update from the list and confirm. The external document will be overwritten with the current retrospective content.
</Accordion>

<Accordion title="Can I export to multiple providers?">
  Yes. Use **Export to new document** for each provider you want to export to. Each export is tracked independently and can be updated separately.
</Accordion>


# Liquid Variables in Retrospectives
Source: https://docs.rootly.com/collaborative-retrospectives/liquid-variables

Use Liquid templating in retrospective documents to dynamically populate incident data, custom fields, action items, and timeline events.

## Overview

Rootly supports the [Liquid](https://shopify.github.io/liquid/) templating engine in retrospective documents and templates. Liquid allows you to insert dynamic placeholders like `{{ incident.title }}` or `{{ incident.severity }}` that automatically resolve to actual incident data when the retrospective is published or exported.

This is especially valuable because retrospective documents often reference the same incident data repeatedly (title, severity, duration, commander, etc.), and the most common failure mode is simple: people copy-paste incorrectly or forget to update values when the incident changes.

Typical uses include:

* Pre-filling retrospective templates with incident metadata
* Referencing incident data without manual copy-paste
* Ensuring consistency when exporting to external systems (Google Docs, Confluence, Notion)
* Creating reusable templates that adapt to each incident automatically

<Info>
  Liquid variables in retrospectives use the same syntax and variable names as Incident Variables in Workflows. If you're familiar with Liquid in Workflows, the same variables are available in the retrospective editor.
</Info>

## Liquid Variables vs Liquid Blocks

Rootly provides two ways to use Liquid in retrospectives:

| Feature        | Liquid Variables                        | Liquid Blocks                                 |
| -------------- | --------------------------------------- | --------------------------------------------- |
| **Insert via** | Type `{{`                               | Type `/liquid`                                |
| **Scope**      | Inline (within text)                    | Block-level (standalone section)              |
| **Syntax**     | `{{ variable }}` with filters           | Full Liquid: `{% if %}`, `{% for %}`, filters |
| **Display**    | Inline chip                             | Edit/Preview panel                            |
| **Best for**   | Inserting dynamic values into sentences | Conditional content, loops, multi-line logic  |

**Use Liquid Variables when** you need to insert a single dynamic value into your text, like "The incident commander was `{{ incident.commander.name }}`."

**Use Liquid Blocks when** you need conditional logic, loops, or multi-line templates—for example, showing different content based on severity or listing all action items.

***

## How to Insert Liquid Variables

### In the Editor

1. **Start typing a variable:** Type `{{` anywhere in the editor to trigger the variable autocomplete.
2. **Filter and select:** Continue typing to filter available variables (e.g., `{{ incident.ti` shows `incident.title`).
3. **Insert the variable:** Click or press Enter to insert the selected variable.
4. **Variable appears as a chip:** The variable displays as a visual chip in the editor, showing the variable name.

### In Templates

Templates support Liquid variables in the same way. When a template is inserted into a retrospective, variables remain as placeholders until the retrospective is published or exported.

<Info>
  Variables in templates allow you to create reusable structures that automatically adapt to each incident to help eliminate manual data entry and reduce errors.
</Info>

### Examples

#### Get the incident title and severity

Expression: `{{ incident.title }} ({{ incident.severity }})`

Sample result: "Database connection timeout (SEV1)"

#### Format a timestamp

Expression: `{{ incident.started_at | date: "%Y-%m-%d %H:%M" }}`

Sample result: "2024-03-15 14:32"

[Reference](https://shopify.github.io/liquid/filters/date/)

#### Get the incident commander's name

Expression: `{{ incident.commander.name }}`

Sample result: "Jane Smith"

#### Build a resource link

Expression: `[Slack Channel]({{ incident.slack_channel_url }})`

Sample result: "[Slack Channel](https://slack.com/archives/C123456)"

<Info>
  Liquid variables are organized by the data they reference. For the complete list of available variables use our [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer).
</Info>

***

## Liquid Blocks

Liquid Blocks are standalone template sections that support the full Liquid templating language, including conditionals (`{% if %}`), loops (`{% for %}`), and all Liquid filters. They're ideal when you need more than simple variable substitution.

### How to Insert a Liquid Block

1. **Open the slash menu:** Type `/liquid` anywhere in the editor.
2. **Select Liquid Block:** Choose "Liquid Block" from the slash command menu.
3. **Write your template:** Enter your Liquid code in the editor panel that appears.
4. **Preview your output:** Click **Preview** to see the rendered result with real incident data.
5. **Edit as needed:** Toggle back to **Edit** to make changes. The preview updates each time you switch.

<Tip>
  The Preview mode renders your template using actual incident data, so you can verify your logic works correctly before publishing.
</Tip>

### When to Use Liquid Blocks

Liquid Blocks are particularly useful for:

* **Conditional content** based on incident properties (severity, status, etc.)
* **Looping through collections** like action items, services, or team members
* **Complex formatting** that requires multiple variables and logic
* **Reusable template sections** that adapt based on incident context

### Examples

#### Conditional severity messaging

```liquid theme={null}
{% if incident.severity == "critical" %}
🚨 **CRITICAL INCIDENT** - This incident required immediate escalation and executive notification.
{% elsif incident.severity == "high" %}
⚠️ **High Priority** - This incident impacted production systems and required urgent response.
{% else %}
📋 This incident followed standard response procedures.
{% endif %}
```

#### Loop through action items

```
### Action Items

{% for item in incident.action_items %}
- [{{ item.status }}] {{ item.summary }}
  - **Owner:** {{ item.owner.name }}
  - **Due:** {{ item.due_at | date: "%B %d, %Y" }}
{% endfor %}
```

#### Conditional sections with fallbacks

```
{% if incident.resolved_at %}
**Resolution Time:** {{ incident.resolved_at | date: "%B %d, %Y at %I:%M %p" }}
**Total Duration:** {{ incident.duration }}
{% else %}
⏳ *This incident is still ongoing.*
{% endif %}
```

#### Dynamic team summary

```
### Response Team

{% if incident.commander %}
- **Incident Commander:** {{ incident.commander.name }}
{% endif %}
{% if incident.communication_lead %}
- **Communication Lead:** {{ incident.communication_lead.name }}
{% endif %}
{% for responder in incident.responders %}
- {{ responder.name }} ({{ responder.role }})
{% endfor %}
```

<Info>
  Liquid Blocks have access to all the same variables available to Liquid Variables. Use the [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer) to see the complete list.
</Info>

### Error Handling

If your Liquid template contains a syntax error, the Preview mode will display an error message describing the issue. Common errors include:

* Unclosed tags (`{% if %}` without `{% endif %}`)
* Undefined variables (check spelling and availability)
* Invalid filter syntax

Fix the error in Edit mode and preview again to verify.

***

## How Variables Resolve

In the editor, variables appear as visual **chips** showing their names, and Liquid Blocks show as editable panels. When you publish or export (to Google Docs, Confluence, etc.), both resolve to their current values, so the final document shows real data instead of placeholders.

<Info>
  Variables always resolve to the **current** value at the time of publish or export. If incident data changes after publishing, the retrospective retains the original resolved values.
</Info>

## Best Practices

* **Use variables for inline values, blocks for logic:** Keep simple insertions as Liquid Variables; use Liquid Blocks when you need conditionals or loops.
* **Use variables in templates:** Templates with variables create consistent retrospectives that auto-populate incident data, eliminating manual entry and reducing errors.
* **Prefer data blocks for timeline/follow-ups:** The `/timeline` and `/followups` data blocks provide richer, interactive display compared to timeline variables.
* **Use the `default` filter for optional data:** If a variable might be empty (e.g., no Jira ticket), use `{{ incident.jira_issue_url | default: "N/A" }}` to provide a fallback.
* **Use role variables for accountability:** Including `{{ incident.commander.name }}` makes ownership clear in the published document.
* **Keep templates DRY:** Define common sections once in a template and let variables fill in the incident-specific details.
* **Preview Liquid Blocks before publishing:** Use the Preview toggle to verify conditional logic and loops render correctly with your incident data.

## Frequently Asked Questions

<Accordion title="Why did my variable resolve to N/A?">
  The referenced data doesn't exist for this incident. For example, `{{ incident.jira_issue_url }}` is empty if no Jira ticket is linked. Use the `default` filter to provide a fallback value.
</Accordion>

<Accordion title="Can I use Liquid logic (if/for) in retrospectives?">
  Yes! Use **Liquid Blocks** for full Liquid logic including conditionals and loops. Type `/liquid` to insert a Liquid Block. Standard **Liquid Variables** (inserted via `{{`) support only variable interpolation and filters.
</Accordion>

<Accordion title="Are these the same variables available in Workflows?">
  Yes. Retrospective Liquid variables use the same syntax and variable names as Incident Variables in Workflows. If you're familiar with Liquid in Workflows, the same variables work in retrospectives.
</Accordion>

<Accordion title="Can I format dates differently?">
  Yes. Use the `date` filter with a format string: `{{ incident.started_at | date: "%B %d, %Y" }}` produces "March 15, 2024". See the [Liquid date filter reference](https://shopify.github.io/liquid/filters/date/) for format options.
</Accordion>

<Accordion title="What's the difference between Liquid Variables and Liquid Blocks?">
  Liquid Variables are inline placeholders for single values (inserted via `{{`). Liquid Blocks are standalone sections that support full Liquid templating including conditionals and loops (inserted via `/liquid`). Use variables for simple value insertion; use blocks when you need logic.
</Accordion>

<Accordion title="Can I nest Liquid Blocks?">
  No, Liquid Blocks are atomic units in the editor. However, you can use nested Liquid logic (like `{% if %}` inside `{% for %}`) within a single Liquid Block.
</Accordion>


# Overview
Source: https://docs.rootly.com/collaborative-retrospectives/overview

Explore the Rootly collaborative retrospective editor with real-time co-authoring, dynamic data blocks, Liquid variables, and inline action item tracking.

## Writing Retrospectives

Once an incident resolves, you can write your retrospective using either:

1. Rootly's document editor
2. An external document editor like Notion, Confluence or Google Docs.

Many teams use a hybrid approach by drafting in the Rootly document editor and export a copy to their external editor of choice.

<Info>
  Integrations are configured by your administrator. Check Configuration → Integrations for a full list of external document providers available to you.
</Info>

## Using The Rootly Editor

We built a rich text editor directly into retrospectives that supports live incident data and real-time collaboration - all without leaving the platform.

When an incident is resolved, the retrospective workflow begins. The editor is where your team can capture what happened, why it happened, and what improvements your team intends to make to prevent the incident from recurring.

## How Teams Collaborate with The Editor

Writing retrospectives is a core part of the incident lifecycle, but it often breaks team momentum. Important context lives across emails, documents, Slack threads, Zoom calls, and knowledge base tools like Notion or Confluence.

Teams are forced to hunt for details, manually copy and paste information into a document, and reformat it every time. As a result, collaboration slows down, context gets lost, and it becomes harder to maintain a single, reliable source of truth for how the incident was resolved.

**The Rootly editor solves these problems by providing:**

* **Incident metadata** that resolves to actual values and stay in sync as you write
* **Dynamic data blocks** that pull in live updates to your incident from Timelines and Action Items
* **Real-time collaboration** so multiple authors can work together and contribute
* **Inline comments** for feedback and discussion in context
* **@mentions** to tag users and reference incidents directly in the document

It's also packed with a host of features to make retrospective documents pleasant to write and collaborate in.

## Key Features at a Glance

| Feature                       | Description                                                                                                                  |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| Variable Incident Metadata    | Dynamic placeholders like `{{ incident.title }}` that resolve to actual values                                               |
| Complex Incident Metadata     | Insert rich liquid variable blocks with conditional syntax that resolve to their actual values                               |
| Data Blocks                   | Insert dynamic Timeline and Follow-ups blocks that pull live data from the incident                                          |
| Real-time Collaboration       | Multiple users edit simultaneously with live cursors and presence indicators                                                 |
| Comments                      | Inline feedback and threaded discussions on selected text                                                                    |
| @Mentions                     | Tag users and reference incidents directly in the document with interactive popovers                                         |
| Export & Sync                 | Export content to Google Docs, Confluence, Notion, and other providers. Download as PDF or copy as Markdown                  |
| Document Status               | Draft and Published states with visual status indicators and publish confirmation flows                                      |
| Invite Collaborators          | Invite team members via Slack or email to collaborate on the retrospective                                                   |
| Templates                     | Pre-built content structures inserted via slash commands                                                                     |
| Version history and analytics | Full visibility into viewers and editors of a document. Track document changes and revert to previous versions with a click. |

## Where the Editor Fits in the Incident Lifecycle

The retrospective editor is part of the broader retrospective workflow that begins when an incident is resolved.

The editor is primarily used in the Write the **Retrospective** step, although teams can start writing their document at any point before or after the incident resolves.

### Retrospective Workflow Steps

1. **Gather and Confirm Data:** Collect incident metadata, impacted services, and initial findings
2. **Write the Retrospective:** Write the retrospective document using the Rootly document editor
3. **Create Follow-ups:** Define action items to prevent recurrence
4. **Publish and Export the Retrospective:** Publish the retrospective document to make it accessible, export to external providers, and notify your team to review

## External Document Editors

Rootly supports integrations with Notion, Google Docs, Confluence, SharePoint, Dropbox Paper, Coda and Quip.

If you have workflows set up to create retrospective documents in an external editor, you can find links to your external documents under the Exports section in the Retrospectives tab.

If you'd like to try the Rootly document editor, you can create a Rootly document from the Retrospective tab at any time. The Rootly document and external documents are independent — workflows that create external documents (e.g., in Confluence) do not create or modify the Rootly document.

<Info>
  You can choose to use the Rootly document editor, an external document editor, or both depending on your team's needs. External providers are configured in Configuration → Integrations.
</Info>

### How the Rootly Document Is Created

The Rootly document is created in one of two ways:

* **Manually:** Click the **Create Rootly Document** button in the Retrospective tab to create a document on demand. You can start from a blank document or choose a template.
* **Via workflow:** Set up a **Create Rootly Retrospective** workflow to automatically create the Rootly document when an incident resolves (or another trigger fires).

<Info>
  Workflows that export to external providers (like Confluence or Google Docs) do not create or write to the Rootly document. These are separate paths. If you want both, configure separate workflows for each.
</Info>

***

## Where to Go Next

These pages provide detailed guidance on specific aspects of the retrospective editor:

* **Using the Editor:** Formatting, slash commands, data blocks, and templates
* **Live Incident Variables:** Dynamic content placeholders and available variables
* **Real-Time Collaboration:** Multi-user editing, comments, and presence
* **Exporting Retrospectives:** Export to external providers, download as PDF, and sync workflows

***

## FAQs

<Accordion title="Can multiple people edit at the same time?">
  Yes. The editor supports real-time collaboration with live cursors showing where each user is working. Changes from all users are merged automatically without conflicts.
</Accordion>

<Accordion title="What happens if I lose my internet connection?">
  The editor automatically saves changes every second. If you lose connection, your changes are preserved locally and will sync when connectivity is restored
</Accordion>

<Accordion title="Can I still use an external tool like Confluence to write my retrospective documents?">
  Yes. Rootly supports external document editors like Confluence, Google Docs, and Notion. If you have a workflow that creates documents in an external editor, those will continue to work as before. The Rootly document editor is optional and independent — workflows for external providers don't affect it.
</Accordion>

<Accordion title="How is the Rootly document created?">
  The Rootly document can be created manually by clicking **Create Rootly Document** in the Retrospective tab, or automatically via a **Create Rootly Retrospective** workflow. Workflows that export to external providers (like Confluence) do not create or modify the Rootly document — these are separate paths. If you create the document manually before a workflow fires, the workflow will not override your document.
</Accordion>

<Accordion title="How do I export to an external provider like Confluence or Google Docs?">
  Click the **Export** button in the editor header and select **Export to new document**. Choose your destination provider, set a title, and configure any provider-specific options. You can also update previously exported documents by selecting **Update external document** from the same dropdown.
</Accordion>

<Accordion title="How do I insert incident data automatically?">
  Use data blocks by typing /timeline or /followups in the editor. These blocks pull live data from the incident and update automatically. You can also use liquid variables like `{{ incident.title }}` for individual data points, or a liquid variable block to display conditional outputs or data types like arrays.
</Accordion>

<Accordion title="Can I @mention people in the document?">
  Yes. Type `@` in the editor to search for and mention users or incidents. User mentions display an interactive popover showing the person's name, avatar, email, teams, and incident roles.
</Accordion>

<Accordion title="Are retrospectives required for all incidents?">
  This depends on your team's configuration. Retrospective workflows can be configured to trigger based on severity, incident type, or other conditions. Some steps can be marked as skippable while others are required.
</Accordion>

<Accordion title="How do comments work?">
  Select any text in the editor and click the comment button to start a discussion thread. Team members can reply, resolve, or delete their comments. Comments are synced in real-time for all collaborators.
</Accordion>

<Accordion title="Can I see who else is editing the document?">
  Yes. The editor shows presence indicators with user avatars/initials for everyone currently viewing or editing the document. Collaborative cursors with names show exactly where each person is working.
</Accordion>


# Real-Time Collaboration
Source: https://docs.rootly.com/collaborative-retrospectives/real-time-collaboration

Work together on retrospectives with real-time editing, collaborative cursors, presence indicators, inline comments, and live co-authoring across teams.

## How Real-Time Collaboration Works

The retrospective editor supports simultaneous editing by multiple team members. Changes sync instantly across all connected users, eliminating version conflicts and enabling true collaborative writing.

Collaboration features include:

* **Real-time editing:** See changes as others make them
* **Collaborative cursors:** See where each person is working
* **@Mentions:** Tag users and reference incidents directly in the document
* **Inline comments:** Discuss specific sections without leaving the editor
* **Invite collaborators:** Share the retrospective via Slack or email
* **Document status:** Visual Draft/Published indicators so teams know where things stand
* **Activity sidebar:** See who recently viewed or edited the document
* **Version history:** See how your document evolved based on edits made by your team

<Info>
  Real-time collaboration uses conflict-free replicated data types (CRDTs) to merge changes automatically. No manual conflict resolution is required.
</Info>

***

## Collaborative Editing

When multiple users open the same retrospective, all changes sync automatically in real-time.

### What You'll Experience

* **Instant updates** — Text typed by others appears immediately
* **No conflicts** — Edits from all users merge seamlessly
* **Shared state** — Everyone sees the same document at all times

<Info>
  Even if two users edit the same paragraph simultaneously, changes merge correctly without overwriting each other's work.
</Info>

### Presence Indicators

Shows who's viewing or editing the retrospective with user avatars, colored indicators, and real-time updates.

### Collaborative Cursors

See exactly where other users are working in the document with real-time feedback for typing, text selection and navigation.

## Inviting Collaborators

You can invite team members to collaborate on the retrospective directly from the editor.

### Invite via Slack

Post an invitation to the incident's Slack channel so team members can quickly jump into the editor.

### Invite via Email

Send an email notification to the incident team with a link to the retrospective editor.

### Copy URL

Copy the retrospective editor URL to share it directly via any channel.

<Info>
  Invite options are available from the editor header. Slack invitations are only available when the incident has a linked Slack channel.
</Info>

***

## Document Status

Retrospectives have two states that are visible to all collaborators via a status chip in the editor header.

### Draft

A yellow **Draft** chip indicates the retrospective is still being worked on. In this state, the document is only accessible to team members with edit access.

### Published

A green **Published** chip indicates the retrospective has been finalized. Published retrospectives:

* Are accessible via a public URL (for non-private incidents)
* Display the publication timestamp (e.g., "Last published at Mar 15, 2026 at 2:30pm UTC")
* Can still be edited and re-published

<Info>
  If the incident has not yet been resolved, publishing requires confirmation. This ensures retrospectives aren't accidentally published for ongoing incidents.
</Info>

***

## Activity Sidebar

The Activity sidebar shows who has recently viewed or edited the retrospective, giving you visibility into document engagement.

To open the Activity sidebar, click **More actions → Show activity** in the editor header.

***

## Comments

Add inline comments to discuss specific parts of the retrospective with your team.

### Creating a Comment

<Steps>
  <Step title="Select text">
    Highlight the text you want to comment on.
  </Step>

  <Step title="Open comment dialog">
    Click the **comment** button in the toolbar, or use the keyboard shortcut.
  </Step>

  <Step title="Write your comment">
    Type your comment in the dialog that appears.
  </Step>

  <Step title="Submit">
    Press Enter or click Submit to create the comment thread.
  </Step>
</Steps>

### Viewing Comments

Comments appear in three ways:

* **Node indicators:** Comments appear inline, attached to the relevant node in the editor.
* **Highlighted text:** Commented text is highlighted in the document. On narrower screens, click the highlight to view the comment.
* **Comments side panel:** View all open and resolved comment threads via the comments panel triggered from the actions dropdown in the header.

<Info>
  Access resolved threads anytime by clicking **More actions → Show resolved comments** in the editor header
</Info>

### Comment Actions

| Action        | Description                                                                   |
| ------------- | ----------------------------------------------------------------------------- |
| **Reply**     | Add a response to an existing thread                                          |
| **Resolve**   | Mark the comment as addressed (hides from active view)                        |
| **Unresolve** | Mark the comment as unaddressed (visible in the All Comments side panel view) |
| **Delete**    | Remove the comment entirely                                                   |
| **Edit**      | Modify your own comment text                                                  |

### Comments Panel

On wider screens, comments display in a dedicated panel alongside the editor.

* **All threads:** See all active comment threads in one place
* **Click to navigate:** Click a thread to jump to that location in the document
* **Reply inline:** Respond to comments directly in the panel
* **Filter options:** View open/resolved comments

#### What Happens When Someone Comments

* The comment appears immediately for all users viewing the document
* The comments panel updates with the new thread
* The commented text becomes highlighted

#### What Happens When Someone Replies

* The reply appears in the thread for all users
* Users viewing the thread see the new reply instantly

<Info>
  Comments are stored with the document and persist across sessions. Team members who open the document later will see all existing comments.
</Info>

***

### Collaboration Best Practices

#### For Effective Teamwork

* **Communicate your focus area** If working with others simultaneously, let them know which section you're editing to avoid stepping on each other's work.
* **Use comments for async feedback** Comments are ideal for review cycles where not everyone is online at the same time.
* **Resolve comments when addressed** Keep the comments panel clean by resolving threads once feedback is incorporated.
* **Check presence before major edits** Glance at who's online before restructuring or deleting large sections.

#### For Comments

* **Be specific** Select the exact text you're commenting on rather than commenting on a general area.
* **Use threads for discussions** Reply to existing comments rather than creating new threads for the same topic.
* **Resolve, don't delete** Resolving preserves the history of feedback; deleting removes it permanently.
* **Tag specific questions** Make it clear if you need a response by phrasing comments as questions.

***

## Visibility and Permissions

### User Permissions

* All users with **edit access** to the incident can collaborate on its retrospective
* Users with **view-only access** can read but not edit or comment
* **Private incidents** restrict access to assigned users

### Comment Visibility

* Comments are visible to all users who can access the retrospective
* There are no private comments. All threads are shared

<Info>
  Collaboration access is determined by incident permissions. Check with your administrator if you need access to a specific incident's retrospective.
</Info>

### Troubleshooting

<AccordionGroup>
  <Accordion title="Presence indicators show someone who left">
    There may be a brief delay (a few seconds) before a user's presence indicator disappears after they close the document. This is normal behavior.
  </Accordion>

  <Accordion title="Can I @mention someone?">
    Yes. The editor supports @mentions in the document body — type `@` to mention users or incidents. Hovering over a mention shows a popover with details like name, avatar, teams, and incident roles. @mentions in comment threads are not currently supported.
  </Accordion>

  <Accordion title="Why can't I delete someone else's comment?">
    Users can only edit or delete their own comments. To remove someone else's comment, ask them to delete it or contact an administrator.
  </Accordion>
</AccordionGroup>


# Using the Retrospective Editor
Source: https://docs.rootly.com/collaborative-retrospectives/using-the-editor

Use the collaborative retrospective editor's formatting tools, slash commands, data blocks, and templates for post-incident reviews.

## How the Editor Works

The new retrospective editor provides a rich text editing experience with real-time collaboration, dynamic data blocks, and template support. This page covers everything you need to know to create and edit retrospectives effectively.

The editor is designed to be intuitive. You can type naturally, use slash commands for quick actions, and let autosave handle the rest.

## Getting Started with the Editor

### Where to Find the Editor

<Steps>
  <Step title="Open the incident">
    Navigate to the incident from the incidents list or a direct link.
  </Step>

  <Step title="Go to the Retrospective tab">
    Click the **Retrospective** tab on the incident page.
  </Step>

  <Step title="Click the document preview">
    Click anywhere in the document preview to open the editor.
  </Step>

  <Step title="Begin editing">
    The editor opens with your team's default template pre-appended to the document. Start typing or use slash commands to add content.
  </Step>
</Steps>

<Info>
  Retrospective documents automatically populate with your team's default template. You can configure this template in **Retrospectives → Document Templates.**
</Info>

### Quick Start

* Type naturally to add text
* Press **Enter** to create new nodes in the document
* Type `/` to open the slash command menu
* Select text and use the toolbar for formatting
* Drag and reposition nodes of content in your document
* All changes save automatically

***

## Rich Text Formatting

The editor supports standard rich text formatting through the toolbar, keyboard shortcuts, and slash commands.

### Text Formatting

| Format            | Keyboard Shortcut      |
| :---------------- | :--------------------- |
| **Bold**          | `Cmd/Ctrl + B`         |
| *Italic*          | `Cmd/Ctrl + I`         |
| ~~Strikethrough~~ | `Cmd/Ctrl + Shift + X` |
| `Inline Code`     | `Cmd/Ctrl + E`         |

### Headings

| Level     | Keyboard Shortcut | **Slash Command** | Description           |
| :-------- | :---------------- | :---------------- | :-------------------- |
| Heading 1 | `#`               | `/h1`             | Main section headers  |
| Heading 2 | `##`              | `/h2`             | Subsection headers    |
| Heading 3 | `###`             | `/h3`             | Minor section headers |

### Lists

| Type          | Keyboard Shortcut | Description                       |
| :------------ | :---------------- | :-------------------------------- |
| Bullet List   | `-`               | Unordered list with bullet points |
| Numbered List | `1.`              | Ordered list with numbers         |

### Other Blocks

| Block      | Slash Command | Description                              |
| :--------- | :------------ | :--------------------------------------- |
| Blockquote | `/blockquote` | Indented quote block for callouts        |
| Code Block | `/codeblock`  | Multi-line code with syntax highlighting |
| Table      | `/table`      | Insert a 3x3 table (expandable)          |
| Image      | `/image`      | Upload and insert an image               |

## Slash Commands

Slash commands provide quick access to all editor features. Type `/` anywhere in the editor to open the command menu.

### Incident Data Blocks

With incident data blocks, you can insert dynamic content that pulls data from the incident.

| Command             | Description                                                                                       |
| ------------------- | ------------------------------------------------------------------------------------------------- |
| `/timeline`         | Insert the incident timeline block                                                                |
| `/followups`        | Insert the follow-ups (action items) block                                                        |
| `/liquid-variables` | Insert a single liquid variable into the document                                                 |
| `/liquid-block`     | Insert a code block that render outputs from more complex liquid syntax or conditional variables. |

#### Basic Blocks

Basic blocks insert standard document elements.

| Command        | Description          |
| -------------- | -------------------- |
| `/text`        | Insert a paragraph   |
| `/h1`          | Insert Heading 1     |
| `/h2`          | Insert Heading 2     |
| `/h3`          | Insert Heading 3     |
| `/bulletList`  | Insert bullet list   |
| `/orderedList` | Insert numbered list |
| `/blockquote`  | Insert blockquote    |
| `/code`        | Toggle inline code   |
| `/codeBlock`   | Insert code block    |
| `/table`       | Insert 3x3 table     |
| `/bold`        | Toggle bold          |
| `/italic`      | Toggle italic        |
| `/strike`      | Toggle strikethrough |

<Info>
  The slash command menu filters as you type. For example, typing /time will show the timeline command at the top.
</Info>

***

## Incident Data Blocks

Incident Data Blocks are dynamic elements that pull live data from the incident. They update automatically when the underlying data changes.

### Timeline Block

The Timeline block displays all events from the incident timeline, including user actions, system events, and status changes.

#### **To insert a Timeline block:**

1. Type `/timeline` in the editor
2. Press **Enter** or click the command

#### **Timeline block features:**

* Shows event date/time, source, user, and description
* Pagination controls help keep the document compact
* Drag the block to reposition it in the document
* Click the node to select the entire block, then use backspace to delete

<Info>
  The Timeline block pulls live data from the incident. If new events are added to the timeline, the block updates automatically.
</Info>

### Follow-ups Block

The Follow-ups block displays action items associated with the incident.

#### **To insert a Follow-ups block:**

1. Type `/followups` in the editor
2. Press **Enter** or click the command

#### **Follow-ups block features:**

* Shows action item title, priority, status, assignee, and due date
* Sort options: **Due Date**, **Priority**, or **Status**
* Drag the block to reposition it in the document
* Click the node to select the entire block, then use backspace to delete

<Info>
  When follow-ups are added or updated on the incident, the block reflects those changes automatically.
</Info>

## How Data Blocks Render on Export

When you publish or export the retrospective to an external provider, data blocks are rendered as static content at the time of export. This includes:

* Timeline events formatted as a table
* Follow-ups formatted as a list with metadata
* Liquid variables or blocks resolved to their actual values

***

## Using Templates

Templates provide pre-built content structures that ensure consistency across retrospectives.

### Inserting a Template

<Steps>
  <Step title="Open the slash command menu">
    Type `/` in the editor.
  </Step>

  <Step title="Select Template">
    Click **Template** from the dropdown
  </Step>

  <Step title="Choose a template">
    Browse your team's available templates and click to insert.
  </Step>

  <Step title="Customize the content">
    The template content is inserted at your cursor position. Edit as needed.
  </Step>
</Steps>

### What Templates Can Include

* Headings and sections (Summary, Root Cause, Timeline, etc.)
* Placeholder text to guide authors
* Liquid variables (e.g., `{{ incident.title }}`)
* Data blocks (`/timeline`, `/followups`)
* Formatting and structure

<Info>
  Templates are configured by administrators in **Retrospectives → Document Templates**. Contact your admin to create or modify templates.
</Info>

***

## Liquid Variables

Liquid variables are dynamic placeholders that resolve to actual values from the incident.

### Inserting Liquid Variables

1. Type `{{` to start a liquid variable
2. Continue typing to filter available variables
3. Select from the autocomplete dropdown
4. The variable appears as a chip in the editor

#### Common Variables

| Variable                        | Description               |
| ------------------------------- | ------------------------- |
| `{{ incident.title }}`          | Incident title            |
| `{{ incident.severity }}`       | Severity level            |
| `{{ incident.status }}`         | Current status            |
| `{{ incident.started_at }}`     | Start timestamp           |
| `{{ incident.resolved_at }}`    | Resolution timestamp      |
| `{{ incident.duration }}`       | Total incident duration   |
| `{{ incident.commander.name }}` | Incident commander's name |
| `{{ incident.slack_channel }}`  | Slack channel name        |
| `{{ post_mortem.title }}`       | Retrospective title       |

<Info>
  Liquid variables display as visual chips in the editor. On publish or export, they resolve to their actual values.
</Info>

## Liquid Blocks

Liquid Blocks are standalone template blocks that support the full Liquid templating language, including conditionals, loops, and complex logic.

### Liquid Block vs Liquid Variable

| Feature       | Liquid Variable          | Liquid Block                                  |
| ------------- | ------------------------ | --------------------------------------------- |
| **Scope**     | Inline (within text)     | Block-level (standalone)                      |
| **Syntax**    | `{{ variable }}` only    | Full Liquid: `{% if %}`, `{% for %}`, filters |
| **Rendering** | Inline chip              | Edit/Preview panel with live rendering        |
| **Best for**  | Inserting dynamic values | Conditional content, loops, complex logic     |

<Info>
  Use **Liquid Variables** for simple value substitution inline within your text. Use **Liquid Blocks** when you need conditionals, loops, or multi-line template logic.
</Info>

### Inserting a Liquid Block

1. Type `/liquid` to open the slash command menu
2. Select **Liquid Block** from the options
3. Write your Liquid template in the editor panel
4. Click **Preview** to see the rendered output with real incident data
5. Toggle back to **Edit** to make changes

#### Example Use Cases

**Conditional severity messaging:**

```
{% if incident.severity == "critical" %}
  🚨 CRITICAL INCIDENT - Immediate escalation required
{% elsif incident.severity == "high" %}
  ⚠️ High priority incident - Review within 1 hour
{% else %}
  📋 Standard incident - Follow normal procedures
{% endif %}
```

Loop through action items:

```
{% for item in incident.action_items %}
  - [{{ item.status }}] {{ item.summary }} (Owner: {{ item.owner.name }})
{% endfor %}
```

**Conditional content with filters:**

```
{% if incident.resolved_at %}
  Resolved on {{ incident.resolved_at | date: "%B %d, %Y at %I:%M %p" }}
  Duration: {{ incident.duration }}
{% else %}
  ⏳ Incident is still ongoing
{% endif %}
```

<Tip>
  Click **Preview** at any time to see how your template renders with actual incident data. Syntax errors will be displayed with helpful error messages.
</Tip>

### When to Use Each

Use Liquid Variables when:

Inserting a single dynamic value into a sentence You need a simple inline placeholder Example: "The incident commander is `{{ incident.commander.name }}`"

Use Liquid Blocks when:

You need conditional logic (`{% if %}...{% endif %}`) You need to loop over collections (`{% for %}...{% endfor %}`) You have multi-line template content You need complex formatting with multiple variables Example: Showing different content based on incident severity

## @Mentions

Mention users and incidents directly in the document to create clear accountability and cross-references.

### Mentioning Users

1. Type `@` anywhere in the editor
2. Search for a user by name
3. Select the user from the dropdown
4. The mention appears as an interactive chip in the document

Hovering over a user mention shows a popover with their avatar, name, email, teams, and incident roles.

### Mentioning Incidents

You can also `@`-mention other incidents to cross-reference related events in your retrospective.

<Info>
  @mentions in the document body are interactive — readers can hover to see details without leaving the editor.
</Info>

***

## Collaboration

Multiple users can edit the retrospective simultaneously. For full details on collaboration features, see [Real-Time Collaboration](/collaborative-retrospectives/real-time-collaboration).

### What You'll See

* **Presence indicators:** Avatars/initials of users currently viewing the document
* **Collaborative cursors:** Coloured cursors showing where each user is working
* **Real-time updates:** Changes from other users appear instantly
* **@mentions:** Tag users and incidents inline with interactive popovers

### Comments

Select text and click the **comment** button to start a discussion:

1. Select the text you want to comment on
2. Click the **comment** button in the toolbar
3. Type your comment and submit
4. Others can reply, creating a threaded conversation
5. Mark comments as **resolved** when addressed

<Info>
  Comments are visible to all collaborators and sync in real-time. Use them for async review and feedback.
</Info>

***

### Best Practices

* **Use slash commands for speed:** Typing `/` is faster than reaching for the toolbar, especially for common actions.
* **Insert data blocks instead of copying:** Timeline and Follow-ups blocks stay in sync with the incident. Manual copy-paste becomes stale.
* **Use templates for consistency:** Starting from a template ensures all retrospectives follow the same structure.
* **Add comments for review feedback:** Instead of sending feedback in Slack, add comments directly in the document for better context.
* **Use headings to structure content:** Clear section headers (Summary, Timeline, Root Cause, Action Items) make retrospectives easier to scan.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="The slash command menu doesn't appear when I type /">
    Make sure your cursor is in an editable area of the document, not inside a data block or at an invalid position. Try clicking in a paragraph and typing `/` again.
  </Accordion>

  <Accordion title="A data block shows 'Loading...' indefinitely">
    This usually means the block couldn't fetch data from the incident. Check your network connection and refresh the page. If the problem persists, the incident may not have any data for that block type (e.g., no timeline events or follow-ups).
  </Accordion>

  <Accordion title="Template insertion failed">
    Ensure you have permission to access retrospective templates. If templates aren't appearing, contact your administrator to verify templates are configured for your team.
  </Accordion>

  <Accordion title="I accidentally deleted content. Can I undo?">
    Use `Cmd/Ctrl + Z` to undo recent changes. You can also access version history to restore a previous version of the retrospective.
  </Accordion>
</AccordionGroup>


# Built In Fields
Source: https://docs.rootly.com/configuration/built-in-fields

Manage Rootly's pre-configured incident fields including services, severity, environment, and teams to capture essential incident metadata.

# **Overview**

Rootly comes with a series of built-in incident properties that are carefully selected to meet common incident characterization requirements. These properties are used to provide incidents with additional metadata so teams can dynamically trigger automations and run metrics reports based on these properties. Please see the [Incident Properties](/configuration) page to learn more about them.

You can access the Built-In Fields page by navigating to **Configurations > Fields > Built-in-fields**

<img alt="Clean Shot2025 08 20at13 47 26@2x Pn" />

# Managing Built-In Fields

## Enable/Disable Field

Only enabled fields are considered to be live fields - meaning they can appear on UI screens and be updated during incidents. Disabled fields are NOT usable during incidents and cannot be updated by workflows either.

You can use the toggle switch next to the field name to enable/disable it.

<Frame>
  <img alt="Document image" />
</Frame>

## Edit Field

You can edit a specific field by clicking on the edit icon on the right-hand side of the field.

Once selected, you will see an Edit Form Field pane open. From here, you'll be able to edit how this particular field appears in the forms.

<img alt="Clean Shot2025 08 20at13 49 35@2x Pn" />

<AccordionGroup>
  <Accordion title="ID">
    This is a unique identifier for the form field. It is automatically generated for you upon field creation and cannot be edited. This `id` will be used to reference the specific form field in API calls and Liquid syntaxes.
  </Accordion>

  <Accordion title="Name">
    This field is auto generated for built-in fields and can be edited. The name entered here will be the value that appears on user-facing forms. However, it will NOT alter the Liquid syntax used to reference this property.

    For example, if you set this field to `ENV`, it will be reflected in the forms. However, when you go to reference it using Liquid syntax, it would still be `{{incident.environments[0]}}`.
  </Accordion>

  <Accordion title="Field Type">
    Depending on the built-in field being referenced, you can alter its field type. If the built-in field is an array of values (e.g. Services, Environments, etc.), you can change the field type to either a simple `Select` or `Multiple Select` type. For example, if you want to enforce that users can only select a single `Incident Type`, then you can update the `Incident Type` field to be a `Select` field type.

    Not all built-in fields can have customizable field types. For example a checkbox field (e.g. `Backfill Incident` toggle, `Mark as Triage` toggle) can only be that type.
  </Accordion>

  <Accordion title="Default">
    Built-in fields can be configured to have a default value. For example, if you want all your incidents to default to `SEV4` for the `Severity` field, then you can set it here.
  </Accordion>

  <Accordion title="Enabled">
    Only enabled fields are considered to be live fields - meaning they can appear on UI screens and be updated during incidents. Disabled fields are NOT usable during incidents and cannot be updated by workflows either.

    You can use the toggle switch next to the field name to enable/disable it.

    <Note>
      This is the same setting as the toggle described in the **Enable/Disable Field** section above
    </Note>
  </Accordion>

  <Accordion title="Display This Field in the Incident Details">
    This switch allows you to display or hide the specific field on the **Details** section of the **Incident Details** page.

    <Note>
      **Hiding a field** from being displayed in the **Details** section **does not mean this field is turned off**. It just means users cannot edit it from the UI.

      This is typically used when teams want to configure a custom flag that gets systematically set by workflows, not manually by users.
    </Note>
  </Accordion>
</AccordionGroup>


# Default Forms
Source: https://docs.rootly.com/configuration/built-in-forms

Configure Rootly's eight built-in forms that guide users through incident creation, updates, resolution, and post-incident processes.

# **Overview**

Rootly comes with eight essential, built-in forms that cannot be deleted. The forms each cover a different stage of an incident and scheduled maintenance lifecycle.

You can access the built-in forms by navigating to **Configurations > Forms**.

<Frame>
  <img alt="Document image" />
</Frame>

# Form Types

<AccordionGroup>
  <Accordion title="New Incident Form">
    The New Incident form is displayed whenever the user first declares an incident on Slack (via `/rootly new` command) or on the Rootly web UI (via `Create Incident` button).
  </Accordion>

  <Accordion title="Update Incident Form">
    The Update Incident form is displayed whenever the user attempts to update an incident on Slack (via `/rootly update` command or `Update` button) or on the Rootly web UI (via `Edit` button).
  </Accordion>

  <Accordion title="Incident Mitigation Form">
    The Incident Mitigation form is displayed whenever the user attempts to mitigate an incident on Slack (via `/rootly mitigate` command) or on the Rootly web UI (via `Mitigate` button).
  </Accordion>

  <Accordion title="Incident Resolution Form">
    The Incident Resolution form is displayed whenever the user attempts to resolve an incident on Slack (via `/rootly resolve` command) or on the Rootly web UI (via `Resolve` button).
  </Accordion>

  <Accordion title="Incident Cancellation Form">
    The Incident Cancellation form is displayed whenever the user attempts to cancel an incident on Slack (via `/rootly cancel` command) or on the Rootly web UI (via `Cancel` button).
  </Accordion>

  <Accordion title="Incident Retrospective Form">
    The Incident Retrospective Form is displayed after the incident is resolved and the user enters the **Gather & Confirm Data** step of the retrospective. This form is only accessible from the Rootly web UI.
  </Accordion>

  <Accordion title="New Maintenance Incident Form">
    The New Maintenance Incident form is displayed whenever the user first declares a scheduled maintenance on Slack (via `/rootly maintenance` command) or on the Rootly web UI (via `Schedule Maintenance` button).
  </Accordion>

  <Accordion title="Update Maintenance Incident Form">
    The Update Maintenance Incident form is displayed whenever the user attempts to update a scheduled maintenance on Slack (via `/rootly update` command or Update button) or on the Rootly web UI (via `Edit` button).
  </Accordion>
</AccordionGroup>

<Note>
  You'll notice that the trigger points for scheduled maintenance is exactly the same as for incidents. Rootly will be able to recognize the context and display the appropriate form. For example when `/rootly update` is ran,

  * If it was ran **in an incident channel**, then **Update Incident** form will be displayed
  * If it was ran in an **maintenance channel**, then the **Update Maintenance Incident** form will be displayed
</Note>

# Sub-Status Forms

If your Rootly instance has access to **Rootly's Custom Lifecycle feature**, which allows you to customize your incident statuses, Rootly will generate default forms for each of your incident substatuses.

This allows you to fully customize the information your responders provide throughout the incident's lifecycle, attuned to your business processes.

You'll find these forms under the **Sub-Status Forms** tab.

<img alt="Sub Status Form" />

Get started with Rootly's custom lifecycle feature by reaching out to your account representative.

# **Edit Form**

To begin editing a form, select the Configure button under the form you'd like to edit.

You'll be navigated to the edit form page of the selected form. The **left side of the page is the edit pane** where you can edit what fields are displayed and how they are displayed. The **right side of the page is the preview** of the form.

<img alt="Clean Shot2025 08 20at13 24 26@2x Pn" />

<Tip>
  You can create separate versions of the form for Slack and Rootly Web/Mobile by toggling between the tabs on the left hand side. To ensure incident data is captured consistently, we recommend keeping the fields for each channel in sync.
</Tip>

## Adding fields to a form

Add new fields to your form by selecting the **Add Fields** button. Select all of the fields you'd like to add to the form, then **Add Fields**.

<img alt="Clean Shot2025 08 20at13 34 42@2x Pn" />

Once these fields are added to your form, you can drag and drop them to reorder the form. Remove a field by selecting the **minus** button on the right hand side of the field.

## Editing fields on a form

Once a field is added to a form, you can edit how and when the field is filled out. Select the edit button on the field you want to make changes to.

<img alt="Clean Shot2025 08 20at13 54 42@2x Pn" />

### Conditionally display and require a field

Once a field is added to a form, you can control when the field is displayed and if it is required. Select the edit button on the field that you want to make changes to.

If you only want the field to display under certain conditions or be required under certain conditions, select the **Conditionally** option under **Display this field** or **Require this field**.

Form fields can be displayed or required conditionally depending on the value of any field set above the field that you're editing. For example, if the first field on your form called "Teams" is set to a certain value, your second field can be conditionally displayed depending on the team's value.

### Read-only fields

A field can be set to 'read-only', which means that the value cannot be overwritten by your users. This is particularly useful when you want to set a field value on an incident, but do not want it to be manually set by your team.

When this setting is turned on, the field value will always be set to the default value. You cannot turn this setting on unless the field has a default value: this can be edited in the Fields section of the dashboard.

<Note>
  This setting only impacts the Form experience. Field values can still be overwritten in the Rootly Web UI on the Incident's details page.
</Note>

# Preview

The preview on the right-hand side is interactive and generated in real-time. This is a great way to test out the user experience of your form, and ensure behavior of each field is correct.

<img alt="Clean Shot2025 08 20at13 41 42@2x Pn" />


# Overview
Source: https://docs.rootly.com/configuration/configuration

Configure incident properties, custom fields, and settings to characterize incidents, trigger workflows, and filter metrics across your organization.

## Overview

Every incident created in Rootly is characterized by a structured set of **properties**. These properties define how an incident behaves, how it progresses through its lifecycle, how it interacts with workflows and automation, and how it appears in reporting and analytics.

Incident properties serve several critical purposes:

* Help characterize each incident (e.g., `kind = normal`)
* Trigger workflow automations (e.g., Status Updated)
* Define conditional logic for workflow execution (e.g., Severity is SEV0)
* Enable filtering and segmentation of metrics
* Allow structured access through **Liquid syntax**

Properties fall into three primary categories:

* **Fixed Properties** — system-defined and not customizable
* **Configurable Properties** — built-in but organization-customizable
* **Custom Fields** — fully defined and managed by your organization

***

# Fixed Properties

<Note>
  Fixed properties are intentionally restricted to maintain lifecycle integrity, automation consistency, and reporting standardization across the Rootly platform.
</Note>

Fixed properties cannot be modified or deleted. They define the foundational lifecycle and structural behavior of every incident.

***

## Incident Kind

The **Kind** property determines the classification and structural behavior of an incident at the time it is created. It is immutable after declaration.

Each kind controls workflow triggers, lifecycle expectations, and status page eligibility.

| Kind                          | Description                                                                                                                                                                                                                                                                                                                                     | Data Value      |
| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
| **Incident**                  | Standard production incidents declared via `/rootly new`. These represent real operational events requiring coordinated response. They trigger normal workflow execution and are eligible for publication on status pages (when not cancelled).                                                                                                 | `normal`        |
| **Sub Incident**              | Child incidents created under a parent incident using `/rootly sub`. They inherit contextual linkage from the parent incident and are useful for tracking parallel workstreams or related issues within a broader event. Eligible for status page publication (when not cancelled).                                                             | `normal_sub`    |
| **Test Incident**             | Training or simulation incidents declared via `/rootly test`. They behave functionally like normal incidents but are excluded from status page publication and production metrics. Primarily used to test workflows, integrations, and team processes safely.                                                                                   | `test`          |
| **Sub Test Incident**         | Child incidents created under test incidents. Used exclusively for training and simulation. Not eligible for status page publication.                                                                                                                                                                                                           | `test_sub`      |
| **Backfill Incident**         | Retroactively documented incidents created after resolution has already occurred. Backfill incidents are automatically created in a **resolved** state. Workflows triggered on Incident Created still execute, but active lifecycle stages such as Started or Mitigated are skipped. Eligible for status page publication (when not cancelled). | `backfilled`    |
| **Scheduled Maintenance**     | Planned maintenance windows declared via `/rootly maintenance`. These incidents follow a distinct maintenance lifecycle separate from normal incident statuses. Used to proactively communicate planned changes via status pages.                                                                                                               | `scheduled`     |
| **Sub Scheduled Maintenance** | Child incidents created under scheduled maintenance incidents. These follow the same maintenance lifecycle as their parent scheduled incident.                                                                                                                                                                                                  | `scheduled_sub` |

<Note>
  Normal incidents default to **in\_triage** status when the team setting “Incidents must start in the In-Triage status” is enabled. Otherwise, they default to **started** status upon creation.
</Note>

***

## Incident Status

The **Status** property defines the lifecycle stage of an incident and governs how it progresses from investigation through closure. Status transitions are validated to preserve chronological and logical integrity.

***

### Standard Incident Statuses

| Status        | Description                                                                                                                                                                                                   | Data Value  |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| **Triage**    | An investigative state used to determine whether an issue should escalate into an active incident. This allows teams to evaluate signals before formally beginning response. Timestamped at `in_triage_at`.   | `in_triage` |
| **Started**   | Marks the official activation of incident response. This is the primary active state during which coordination, mitigation, and communication occur. Timestamped at `started_at`.                             | `started`   |
| **Mitigated** | Indicates that user-facing impact has been halted or reduced, but remediation, validation, or cleanup work may still be ongoing. Timestamped at `mitigated_at`, which must be after or equal to `started_at`. | `mitigated` |
| **Resolved**  | Signifies the completion of active incident response. At this stage, service impact has ended and retrospective processes typically begin. Timestamped at `resolved_at`.                                      | `resolved`  |
| **Closed**    | Optional terminal status (team-configurable) used to mark incidents as fully finalized after review. **Requires the incident to already be in Resolved status.** Timestamped at `closed_at`.                  | `closed`    |
| **Cancelled** | Terminal status used for false positives or duplicate incidents. Cancelling prevents further lifecycle progression unless the incident is reopened. Timestamped at `cancelled_at`.                            | `cancelled` |

***

### Terminal Statuses

**Resolved**, **Closed**, and **Cancelled** are considered **terminal statuses**.

These statuses prevent further lifecycle progression unless the incident is explicitly reopened to **Started**, which restarts active response tracking.

***

### Status Transition Rules

<Callout icon="shuffle">
  **Lifecycle Constraints**

  * Incidents in **Triage** or **Cancelled** cannot transition directly to **Mitigated**, **Resolved**, or **Closed**
  * **Closed** can only be reached from **Resolved**
  * Terminal statuses (**Resolved**, **Closed**, **Cancelled**) may be reopened to **Started**
</Callout>

***

### Timestamp Validation Rules

<Callout icon="clock">
  **Chronological Integrity**

  Status timestamps are validated to preserve lifecycle order:

  * `mitigated_at` ≥ `started_at`
  * `resolved_at` ≥ `started_at`
  * `closed_at` ≥ `started_at`
</Callout>

***

### Sub-Statuses

When enabled via team configuration, statuses may contain **sub-statuses** to provide more granular tracking within a parent lifecycle stage.

For example:

* **Started** may include multiple Active sub-statuses (up to 8 per team)
* **Resolved** may include structured post-incident stages such as “Retrospective”

Sub-statuses allow teams to enforce structured workflows, capture finer lifecycle detail, and introduce controlled progression within major stages.

***

## Scheduled Maintenance Statuses

Scheduled Maintenance incidents follow a separate lifecycle from standard incidents.

| Status          | Description                                                                                                    | Data Value    |
| --------------- | -------------------------------------------------------------------------------------------------------------- | ------------- |
| **Scheduled**   | Indicates that the maintenance window has been planned and formally created but has not yet begun.             | `scheduled`   |
| **In Progress** | Indicates that maintenance work is actively underway.                                                          | `in_progress` |
| **Completed**   | Indicates that maintenance activities have concluded successfully. This is the default terminal state.         | `completed`   |
| **Planning**\*  | *(Feature-flag dependent)* Used while maintenance is being prepared but not yet scheduled.                     | `planning`    |
| **Verifying**\* | *(Feature-flag dependent)* Used when maintenance work is complete but final validation checks are in progress. | `verifying`   |
| **Cancelled**\* | *(Feature-flag dependent)* Used to cancel scheduled maintenance. Terminal state.                               | `cancelled`   |

***

# Configurable Properties

Configurable properties are built-in fields that organizations can customize to reflect their operational structure, severity model, and reporting taxonomy.

| Property                                          | Description                                                                                                                                                                                |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| [Environments](/configuration/environments)       | Characterizes incidents by environment (e.g., Development, Staging, Production). Commonly used to prioritize production-impacting incidents and to filter metrics and workflow conditions. |
| [Severities](/configuration/severities)           | Defines impact levels (e.g., SEV0–SEV3). Drives escalation logic, workflow triggers, and reporting analysis.                                                                               |
| [Incident Types](/configuration/incident-types)   | Custom categorization distinct from Kind. Allows organizations to define taxonomy such as UI Bug, Infrastructure Failure, Security Event, etc.                                             |
| [Incident Roles](/configuration/incident-roles)   | Defines structured responder roles (Incident Commander, Communications Lead, etc.) to coordinate responsibilities during response.                                                         |
| [Teams](/configuration/teams)                     | Assigns ownership and organizational routing responsibility to teams or groups.                                                                                                            |
| [Services](/configuration/services)               | Identifies impacted infrastructure components. Used for service-level reporting and status page communication.                                                                             |
| [Functionalities](/configuration/functionalities) | Identifies impacted product capabilities (e.g., login, checkout). Enables feature-level transparency.                                                                                      |
| [Incident Causes](/configuration/incident-causes) | Categorizes root causes to support retrospective analysis and long-term reliability improvements.                                                                                          |

***

## Property Order

The ordering of values within configurable properties determines how they appear in dropdown menus and forms.

Ordering is **global** and affects all users.

You can:

* Drag and drop values manually
* Sort values alphabetically

<img alt="Property order example" />

***

# Custom Fields

When built-in properties are insufficient to meet your organization’s needs, you can create **Custom Fields** to extend the incident schema.

Custom Fields allow you to:

* Capture structured or unstructured metadata
* Apply validation and defaults
* Power advanced workflow automation
* Reference values using Liquid syntax
* Enforce organization-specific incident taxonomy

For full configuration details, see the [Custom Fields](/configuration/custom-fields) documentation.

***

# Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I change an incident's Kind after it's created?" icon="lock">
    No. The **Kind** property is immutable after an incident is created. It determines the incident's structural behavior, workflow triggers, and status page eligibility at creation time. If you need a different kind, you must create a new incident with the desired kind.

    For example, you cannot convert a **Test Incident** to a **normal** incident, or change a **Scheduled Maintenance** to a standard incident after creation.
  </Accordion>

  <Accordion title="What's the difference between Kind and Type?" icon="acorn">
    **Kind** is a fixed, system-defined property that controls how an incident behaves structurally (e.g., `normal`, `test`, `scheduled`). It cannot be customized and determines workflow execution, lifecycle, and status page eligibility.

    **Type** (Incident Types) is a configurable property that allows organizations to define their own categorization taxonomy (e.g., "UI Bug", "Infrastructure Failure", "Security Event"). Types are fully customizable and can be used for filtering, reporting, and workflow conditions, but they don't affect the fundamental behavior of the incident.

    Think of **Kind** as "what kind of incident is this structurally?" and **Type** as "what category does this incident fall into for our organization?"
  </Accordion>

  <Accordion title="Can I reopen a resolved or closed incident?" icon="book-bookmark">
    Yes. Terminal statuses (**Resolved**, **Closed**, **Cancelled**) can be reopened to **Started** status. This restarts active response tracking and allows the incident to progress through its lifecycle again.

    Reopening is useful when:

    * An incident recurs after resolution
    * Additional investigation reveals the original resolution was incomplete
    * A cancelled incident turns out to be a real issue
  </Accordion>

  <Accordion title="Why can't I transition directly from Triage to Resolved?" icon="shuffle">
    Status transitions are validated to preserve logical lifecycle progression. Incidents in **Triage** or **Cancelled** cannot skip directly to **Mitigated**, **Resolved**, or **Closed** because these statuses require the incident to have been actively responded to (i.e., in **Started** status first).

    To resolve an incident that's in Triage, you must first transition it to **Started**, then proceed through **Mitigated** (optional) to **Resolved**.
  </Accordion>

  <Accordion title="What happens if I set a timestamp that violates chronological order?" icon="clock">
    Rootly validates timestamp relationships to maintain chronological integrity. If you attempt to set `mitigated_at`, `resolved_at`, or `closed_at` to a time before `started_at`, the system will reject the change and display a validation error.

    Timestamps must follow this order:

    * `started_at` ≤ `mitigated_at` ≤ `resolved_at` ≤ `closed_at`

    This ensures incident timelines remain accurate and reportable.
  </Accordion>

  <Accordion title="Can I delete or modify fixed properties like Kind or Status?" icon="shield">
    No. Fixed properties (**Kind** and **Status**) are system-defined and cannot be modified, deleted, or customized. They exist to ensure consistency across the platform and maintain the integrity of workflow automation and reporting.

    If you need different categorization options, use **Configurable Properties** (like Incident Types) or **Custom Fields**, which can be fully customized to meet your organization's needs.
  </Accordion>

  <Accordion title="What's the difference between Resolved and Closed status?" icon="check-circle">
    **Resolved** indicates that active incident response has completed and service impact has ended. At this stage, retrospective processes typically begin.

    **Closed** (when enabled via team configuration) is an optional terminal status used to mark incidents as fully finalized after review. It requires the incident to already be in **Resolved** status and provides a clear distinction between incidents that are resolved but still under review versus incidents that are completely closed.

    Not all teams use the Closed status. If it's not enabled, **Resolved** serves as the terminal status.
  </Accordion>

  <Accordion title="Do test incidents trigger workflows?" icon="flask">
    Yes. Test incidents trigger workflows just like normal incidents, allowing you to test workflow automation safely without affecting production metrics or status pages. However, test incidents are excluded from status page publication and production reporting.

    This makes test incidents ideal for:

    * Validating workflow configurations
    * Training team members on incident response
    * Testing integrations without production impact
  </Accordion>

  <Accordion title="How do sub-statuses affect workflow execution?" icon="computer-mouse">
    Sub-statuses provide granular tracking within parent statuses (like **Started** or **Resolved**) but don't change the fundamental status-based workflow triggers. Workflows that trigger on "Status Updated" will still fire when the parent status changes, regardless of sub-status transitions.

    However, you can use sub-statuses in workflow **run conditions** to create more specific automation logic. For example, a workflow could run only when an incident is in **Started** status with a specific Active sub-status.

    Sub-statuses are particularly useful for enforcing sequential workflows within a status.
  </Accordion>

  <Accordion title="Can I use custom fields in workflow conditions?" icon="code">
    Yes. Custom fields can be referenced in workflow run conditions and Liquid templates, allowing you to create sophisticated automation based on organization-specific data.

    Custom fields are accessible via Liquid syntax:

    ```liquid theme={null}
    {{ incident.custom_fields | find: 'custom_field.slug', 'your-field-slug' | get: 'value' }}
    ```

    This enables workflows to react to custom field values, trigger actions based on custom data, and include custom field information in notifications and integrations.
  </Accordion>

  <Accordion title="Why are backfill incidents automatically resolved?" icon="archive">
    Backfill incidents are designed to document incidents retroactively—after they've already been resolved. Since the incident has already concluded, they are created directly in a **Resolved** state.

    Workflows triggered on **Incident Created** still execute for backfill incidents, but active lifecycle stages (like **Started** or **Mitigated**) are skipped because the incident is already resolved.
  </Accordion>

  <Accordion title="Can scheduled maintenance incidents use standard incident statuses?" icon="calendar">
    No. Scheduled Maintenance incidents follow a separate lifecycle with dedicated statuses (**Scheduled**, **In Progress**, **Completed**, etc.). They cannot use standard incident statuses like **Started**, **Mitigated**, or **Resolved**.

    This separation exists because maintenance windows have different lifecycle requirements than unplanned incidents.
  </Accordion>

  <Accordion title="What happens if I change the order of configurable property values?" icon="down-from-bracket">
    Property ordering is **global**, meaning changes affect all users immediately. When you reorder values (e.g., Severities or Environments), the new order appears in:

    * Dropdown menus when creating or editing incidents
    * Form fields across the platform
    * Any interface where that property is displayed

    You can reorder manually via drag-and-drop or sort alphabetically.
  </Accordion>
</AccordionGroup>

***

<Callout icon="life-ring">
  **Need help or have a question?**

  Contact us anytime at **[support@rootly.com](mailto:support@rootly.com)**, use the `/rootly support` Slack command, or visit **Getting Help** to start a chat.
</Callout>


# Creating A Status Page
Source: https://docs.rootly.com/configuration/creating-a-status-page

Set up and customize public status pages in Rootly to communicate service health, incident updates, and scheduled maintenance to your customers.

Creating a status page only takes about a minute. Before you do so, we recommend you have at least one [service](https://docs.rootly.com/configuration/services) configured in Rootly that you can display on your status page. You can do this by visiting **Configuration > Services** or if you have the [PagerDuty integration](/integrations/pagerduty/pagerduty) configured, you can easily import services directly from PagerDuty then add them to your status page.

To create a new status page:

1. In the Rootly navigation bar, click on **Configuration**, then **Status Pages**.
2. Next, click **Add New Status Page**.
3. Give your status page a name and description. These are internal to Rootly, and will not be used on the actual Status Page.

# **Customize your Status Page**

Once you've created your status page, you're able to customize the look and feel of the page to tailor the contents to your end users.

## **Setup**

Under setup, you're able to make changes to the name and description of your status page. Remember: these are internal only so should be descriptive for other Rootly admins to know what the status page is.

Here, you can also determine if the page will be private or publicly available. Learn more about public and private status pages [here](https://docs.rootly.com/configuration/public-and-private-status-pages).

In the Advanced Settings, you can also customize the domain name of the status page. By default, Rootly will assign each Status Page a URL in the following format:

`rootly.com/teams/[your-org-name]/status-pages/[status-page-name]/[public/private]`

Configure your own custom domain by following: [Custom Domain Names for Status Pages](/configuration/custom-domain-names-for-status-pages). Note: for custom external domain names, you may need to talk with the team at your organization to have them help you configure a custom domain name and associated DNS. 

<img alt="Setup Status Page" />

## **Customize**

Customize the default content and look-and-feel of your status page in the Customize tab. As you make changes to the settings in this tab, the right-hand preview of your status page will reflect your latest updates.

<img alt="Customize Status Page" />

## **Components**

Use the Components section to add Services to your status page. You're able to add any Rootly Service, as well as any third party service your organization uses.

Anytime a selected Service is involved in an incident, it will be reflected on the status page under the 'System Status' section.

**Note**: You'll be able to add third party services to your status page after you've created the status page.

<img alt="Status Page Component" />

## **Templates**

Standardize the incident updates your teams share with Status Templates. When a commander publishes an incident update to a status page, they'll be able to use the templates defined in this section to help write their update.

<img alt="Templates Status Pag" />


# Custom Domain Names For Status Pages
Source: https://docs.rootly.com/configuration/custom-domain-names-for-status-pages

Configure custom domain names for your public status pages to maintain brand consistency and provide a seamless customer experience.

## Overview

You can attach one or multiple custom domain names such as status.acme.me using the custom domain names input. This allows you to brand your status page with your own domain while maintaining all the functionality of Rootly's status page system.

<Info>
  **Note**: External domain names are only configurable for public status pages. Private status pages cannot use custom domain names and will only be accessible through the default Rootly URL.
</Info>

## Prerequisites

Before setting up a custom domain, ensure you have:

* Administrative access to your domain's DNS settings
* A public status page configured in Rootly (private pages are not supported)
* Access to your DNS provider's management interface

## Getting Your CNAME Target

Once you save your page, you can obtain the CNAME target by clicking on the link for the status page you want to configure, as in the example below:

<Frame>
  <img alt="Document image" />
</Frame>

The CNAME can be found at the bottom of the screen on the right side, as shown here:

<Frame>
  <img alt="Document image" />
</Frame>

It provides the **Domain** you entered along with the **Value** needed for your DNS records.

## How Custom Domains Work

1. You set up the CNAME record in your DNS provider with:
   * **Domain**: test.statuspage.net
   * **Value**: (rootly-provided-value).external-sp.rootly.com

2. When someone visits test.statuspage.net:
   * The DNS system looks up the CNAME record and directs the request to (rootly-provided-value).external-sp.rootly.com.

3. Rootly serves the corresponding status page associated with the unique identifier in the CNAME.

## DNS Configuration Steps

### Step 1: Configure CNAME Record

Set up the CNAME record in your DNS provider with the values obtained from Rootly:

* **Domain**: Your custom domain (e.g., status.your-domain.com)
* **Value**: The Rootly-provided CNAME target (e.g., unique-id.external-sp.rootly.com)

### Step 2: Add CAA Record (Required)

You must add a CAA (Certificate Authority Authorization) record to your DNS configuration for SSL certificate validation to work properly:

1. Add a CAA record to your **parent domain** (not the subdomain) with the following format:

   ```
   0 issue "pki.goog; cansignhttpexchanges=yes"
   ```

   For example, if your custom domain is `status.your-domain.com`, add the CAA record to `your-domain.com`.

<Info>
  **Important**: Place the CAA record on the parent domain because domains with CNAME records cannot have other record types. The Certificate Authority will check for CAA records starting from the subdomain and work up to the parent domain, stopping at the first CAA record it finds.
</Info>

2. Test your CAA record configuration using the `dig` command:
   ```bash theme={null}
   dig +short CAA your-domain.com
   ```

This CAA record authorizes Google's PKI to issue certificates for your domain and enables HTTP Exchange signing, which can improve performance for your status page.

### Step 3: Verify Configuration

After setting up both records, verify your configuration:

1. **Test CNAME resolution**:
   ```bash theme={null}
   dig +short CNAME status.your-domain.com
   ```

2. **Check SSL certificate**:
   ```bash theme={null}
   curl -I https://status.your-domain.com
   ```

3. **Verify page accessibility**: Visit your custom domain in a browser

## Provider-Specific Configuration Guides

To configure the DNS records, you will need to either work with your company's DNS administrator or configure it yourself if you have access.

Since configuring DNS varies by provider, here are guides for the most common services:

* [Amazon Web Services Route 53](https://aws.amazon.com/premiumsupport/knowledge-center/route-53-create-alias-records/ "Amazon Web Services Route 53")
* [Azure DNS](https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain "Azure DNS")
* [Google Cloud Identity](https://cloud.google.com/identity/docs/add-cname "Google Cloud Identity")
* [GoDaddy Domains DNS](https://www.godaddy.com/help/add-a-cname-record-19236 "GoDaddy Domains DNS")

## Troubleshooting

### Common Issues

**Domain not resolving**

* Verify CNAME record is correctly configured
* Check DNS propagation (can take up to 48 hours)
* Ensure there are no conflicting A records
* Remember: domains with CNAME records cannot have other record types on the same subdomain

**SSL certificate errors**

* Confirm CAA record is properly set on the parent domain (not subdomain)
* Wait for certificate provisioning (can take up to 24 hours)
* Verify the CAA record uses the correct format: `0 issue "pki.goog; cansignhttpexchanges=yes"`
* Check that the CAA record is placed on the parent domain, not the subdomain with the CNAME

**Page shows "Not Found" error**

* Double-check the CNAME target value from Rootly
* Ensure the status page is set to public
* Verify the custom domain is correctly entered in Rootly

### DNS Propagation Check

Use these tools to check DNS propagation across different regions:

* [What's My DNS](https://www.whatsmydns.net/)
* [DNS Checker](https://dnschecker.org/)

### Getting Help

If you continue experiencing issues:

1. Check the Rootly status page configuration
2. Verify DNS records with your provider
3. Contact Rootly support with your domain and error details


# Custom Fields
Source: https://docs.rootly.com/configuration/custom-fields

Create organization-specific incident fields with custom data types, validation rules, and integration mappings to meet unique incident management requirements.

## Overview

Rootly carefully selected the built-in properties based on common attributes used to characterize incidents. However, not all organizations are built the same and sometimes the built-in properties are not enough to meet everyone's requirements.

To enable a fully bespoke experience, Rootly introduced custom properties that can be set up to meet the exact specifications of your organization's incident management requirements.

## Managing Custom Fields

### Create Field

Select the Create New Form Field button to create a new custom field. The following details can be edited on a field:

<Frame>
  <img alt="Clean Shot2026 03 30at21 19 27@2x" />
</Frame>

<AccordionGroup>
  <Accordion title="ID" icon="hashtag">
    This is a unique identifier for the form field. It is automatically generated for you upon field creation and cannot be edited. This ID will be used to reference the specific form field in API calls and Liquid syntax.
  </Accordion>

  <Accordion title="Name" icon="tag">
    This field can be edited. The value entered here will be the value that appears on user-facing forms.

    Renaming a custom field will change the slug of the field, which in turn **WILL** break any Liquid references that use the previous slug. This is because, unlike built-in fields, a custom field's slug is mutable. Each time the field is renamed, its slug is regenerated from the new name, lower-cased and hyphenated. \
    \
    Existing references that use the custom field's ID instead of its slug will not be affected.

    `{{ incident.custom_fields | find: 'custom_field.slug', 'your-custom-field-slug' | get: 'value' }}`
  </Accordion>

  <Accordion title="Description" icon="align-left">
    This field can be used to display a description for the custom field. This is particularly helpful if you want to give your users some instruction on how to fill in the custom field.
  </Accordion>

  <Accordion title="Field Type" icon="layer-group">
    This field allows you to select the field type, which will dictate how the user interacts with this field. For example, a checkbox type will be a boolean field while a select type will ask the user to select one out of many options.

    For more details on the available field types, please scroll down to the [Supported Field Types](/configuration/custom-fields) section.
  </Accordion>

  <Accordion title="Options" icon="palette">
    This field allows you to define selectable options for Select and Multiple Select field types when the 'Custom text' field value is selected.

    1. Enter the **value of the option.**
    2. Select the **color of the option.** This is reflected on metrics graphs.
    3. Drag and drop to **re-order the options** as they appear in dropdowns.
    4. **Delete** an option.
    5. **Copy** the `form_field_option_id`. This is used in API calls and Liquid syntax
    6. **Add** more options.
  </Accordion>

  <Accordion title="Default" icon="star">
    Custom fields can be configured to have a default value. For example, if you want all your incidents to default to Zone 1 for the Zone custom field, then you can set it here.
  </Accordion>

  <Accordion title="Enabled" icon="toggle-on">
    This is the same setting as the toggle described in the **Enable/Disable Field** section above

    Only enabled fields are considered to be live fields - meaning they can appear on UI screens and be updated during incidents. Disabled fields are NOT usable during incidents and cannot be updated by workflows either.

    You can use the toggle switch next to the field name to enable/disable it.
  </Accordion>

  <Accordion title="Display This Field in the Incident Details" icon="eye">
    This switch allows you to display or hide the specific field on the **Details** section of the **Incident Details** page.

    <Note>
      **Hiding a field** from being displayed in the **Details** section **does not mean this field is turned off**. It just means users cannot edit it from the UI.
    </Note>

    This is typically used when teams want to configure a custom flag that gets systematically set by workflows, not manually by users.
  </Accordion>

  <Accordion title="Value Type" icon="link">
    This field allows you to select the value type for select and multiple select fields. The following Value types are available: Custom text, Teams, Services, Users, Functionalities, and Catalog.

    * **Custom text** allows user input to determine what values are available for selection.
    * **Teams, Services, Users, Functionalities, or Catalog** allow the custom field to pull from one of the existing fields populated in Rootly.

    For example, an organization may want to identify both an 'Owning Team' as well as a set of 'Impacted Teams.' A new custom field could be created for 'Impacted Teams' and the existing 'Teams' field could be renamed to 'Owning Team.'
  </Accordion>
</AccordionGroup>

### Delete Field

Custom fields can be deleted by clicking the trash symbol.

<Warning>
  Deleted fields cannot be recovered. It is highly recommended that you disable unused custom fields instead of deleting them.

  Deletion should be reserved for only when you're sure that it won't be used in the response process anymore.
</Warning>

Custom fields can be referenced in Liquid using either the field **slug** or **ID**.\
The `find` filter returns a custom field object, from which you can access different attributes depending on the field type and configured Value Type.

***

## Supported Field Types

Below are all supported custom field types and the recommended Liquid syntax for each.

### Text

A single-line free-form text field that allows users to enter short text values such as names, identifiers, or brief descriptions. This field type is ideal for capturing simple, unstructured text data.

This Liquid syntax retrieves the text value stored in the custom field:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
}}
```

### Textarea

A multi-line free-form text field that allows users to enter longer text content such as detailed descriptions, notes, or comments. Unlike the Text field, Textarea supports multiple lines of text input.

This Liquid syntax retrieves the multi-line text value stored in the custom field:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
}}
```

### Rich Text

A formatted text field that supports rich text formatting (bold, italic, lists, links, etc.) using HTML markup. This field type is stored as an HTML string and is ideal for formatted content that needs to preserve styling.

This Liquid syntax retrieves the HTML-formatted text value stored in the custom field:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
}}
```

<Note>
  Rich text values may contain HTML markup. Be mindful when rendering these values in notifications or external systems.
</Note>

### Tags

A multi-value tag field that allows users to add multiple tags or labels to an incident. Tags are stored as a JSON array string, making them useful for categorization, filtering, or labeling incidents with multiple attributes.

This Liquid syntax retrieves the JSON array string containing all tags:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
}}
```

<Note>
  Tags values are stored as a JSON array string (e.g., `["tag1", "tag2", "tag3"]`). You may need to parse this JSON string depending on your use case.
</Note>

### Number

A numeric input field that enforces numeric values only. This field type is useful for capturing quantities, counts, percentages, or any numeric data. The value is stored as a string representation of the number.

This Liquid syntax retrieves the numeric value stored in the custom field:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
}}
```

<Note>
  Number values may be stored as strings. Use Liquid math filters if numeric operations are required.
</Note>

### Checkbox

A boolean field that stores a checked ("1") or unchecked ("0") state. This field type is ideal for yes/no questions, flags, or binary choices that need to be tracked.

This Liquid syntax retrieves the checkbox value and checks whether it's checked:

```liquid theme={null}
# By SLUG
{% assign v = incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value' %}

# By ID
{% assign v = incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value' %}

{% if v == "1" %}
  true
{% else %}
  false
{% endif %}
```

### Date

A date picker field that allows users to select a specific date. The value is stored as an ISO date string, making it easy to format and use in date calculations or comparisons.

This Liquid syntax retrieves the date value stored in the custom field:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
}}
```

This Liquid syntax formats the date value for display:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
  | date: '%B %d, %Y'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
  | date: '%B %d, %Y'
}}
```

### Datetime

A date and time picker field that allows users to select both a date and a specific time. The value is stored as an ISO datetime string, making it suitable for scheduling, timestamps, or any scenario requiring precise date and time tracking.

This Liquid syntax retrieves the datetime value stored in the custom field:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
}}
```

This Liquid syntax formats the datetime value for display:

```liquid theme={null}
# By SLUG
{{ incident.custom_fields
  | find: 'custom_field.slug', 'your-custom-field-slug'
  | get: 'value'
  | date: '%B %d, %Y at %I:%M %p'
}}

# By ID
{{ incident.custom_fields
  | find: 'custom_field.id', 'your-field-uuid'
  | get: 'value'
  | date: '%B %d, %Y at %I:%M %p'
}}
```

### Catalog

A Catalog field only accepts the entities configured in the related Catalog. Use this field type when you want to track the impact of an incident against one of your business entities configured as a Catalog, like Teams, Services, or any custom Catalogs.

**Note**: Catalog Fields can be automatically set based on properties in your Catalog. For example, any `Services` Catalog field could be automatically set by a `Team` Catalog field, as long as the Team Catalog has a Services property. This would allow you to automatically track the Services an incident is impacting as your users add teams to the incident.

### Select

A single-choice field that allows users to select one value from a predefined list of options.

### Multiple Select

A multi-choice field that allows users to select one or more values from a predefined list of options. Storage follows the same pattern as Select, but may contain multiple values. The storage format and available attributes depend on the configured **Value Type**.

## Best Practices

* Prefer referencing custom fields by **ID** in Liquid to avoid breaking changes when field names change.
* Use field **Descriptions** to guide responders toward consistent data entry.
* Hide workflow-managed fields from the Incident Details UI to reduce manual edits.
* Ensure you reference the correct `selected_*` attribute based on the field’s **Value Type**.


# Custom Forms
Source: https://docs.rootly.com/configuration/custom-forms

Build tailored forms with specific field combinations to collect targeted incident data at different stages of the response lifecycle.

Throughout the lifecycle of an incident, teams might want to prompt responders to input various incident properties outside of the [standard built-in forms](/configuration/built-in-forms). Custom forms enable teams to define their own forms that can be triggered either through a custom Slack command or a button within a custom Slack block.

You can access the custom forms by navigating to **Configurations >** [**Forms**](https://rootly.com/account/forms) and scrolling to the bottom of the page.

# **Example Use Cases**

* **Targeted Data Collection**: Create a form specifically for the Comms Lead, which only displays fields that are important to the leadership (e.g. `status`, `summary`, `severity`). This streamlines the communication process by helping teams only focus on the relevant information.
* **Guided Response:** Create various forms that collect specific sets of data at specific points of the incident life cycle. Dynamically display each custom form to guide responders through their response effort.

# **Create Custom Form**

Click on the `Create Form` button to initiate the form creation wizard.

<img alt="Clean Shot2025 08 20at13 43 26@2x Pn" />

A dialogue will appear requesting the following fields:

<AccordionGroup>
  <Accordion title="Name">
    Assign the custom form a name.
  </Accordion>

  <Accordion title="Command">
    Define a Slack command that would prompt to open the form in Slack.

    <Note>
      The full command you would enter in Slack is `/rootly customform your-custom-slack-command`. You only need to enter the `your-custom-slack-command` portion in this field.
    </Note>
  </Accordion>

  <Accordion title="Description">
    You can provide an optional description for your custom form.

    After providing the necessary details, click on `Save`. You’ll be redirected to the following page where you can begin customizing the new form.
  </Accordion>
</AccordionGroup>

# **Edit Custom Form**

To begin editing a form, select the Configure button under the form you'd like to edit.

You'll be navigated to the edit form page of the selected form. The **left side of the page is the edit pane** where you can edit what fields are displayed and how they are displayed. The **right side of the page is the preview** of the form.

<Tip>
  You can create separate versions of the form for Slack and Rootly Web/Mobile by toggling between the tabs on the left hand side. To ensure incident data is captured consistently, we recommend keeping the fields for each channel in sync.
</Tip>

## Adding fields to a form

Add new fields to your form by selecting the **Add Fields** button. Select all of the fields you'd like to add to the form, then **Add Fields**.

Once these fields are added to your form, you can drag and drop them to reorder the form. Remove a field by selecting the **minus** button on the right hand side of the field.

## Editing fields on a form

Once a field is added to a form, you can control when the field is displayed and if it is required. Select the edit button on the field that you want to make changes to.

If you only want the field to display under certain conditions or be required under certain conditions, select the **Conditionally** option under **Display this field** or **Require this field**.

Form fields can be displayed or required conditionally depending on the value of any field set above the field that you're editing. For example, if the first field on your form called "Teams" is set to a certain value, your second field can be conditionally displayed depending on the team's value.

# Preview

The preview on the right-hand side is interactive and generated in real-time. This is a great way to test out the user experience of your form, and ensure behavior of each field is correct.

# Trigger Custom Form

Custom forms can be triggered in various ways: Slack command, custom Slack block, or web UI.

## Prompt Form via Slack Command

A custom form can be prompted in an incident Slack channel via manual command. The command can be found on the edit screen of the specific form.

<img alt="Clean Shot2025 08 20at13 45 48@2x Pn" />

When you write the command in an incident Slack channel, you'll be prompted with the custom form.

## Prompt Form via Slack Block

A custom form can also be prompted in an incident Slack channel via a button in a custom block. The following demo will walk you through how to set this up.

<iframe />

## Prompt Form via Web UI

Lastly, a custom form can also be prompted from the Rootly web UI. First navigate to a specific incident and then select the Custom Form dropdown at the top. The dropdown will contain all custom forms that have been configured in the organization.

<Frame />


# Custom Statuses
Source: https://docs.rootly.com/configuration/custom-statuses

Define custom incident lifecycle stages beyond the default Active, Mitigated, and Resolved statuses to match your organization's response processes.

Custom Statuses allow you to fully customize the statuses that represent your incident's lifecycles. By default, Rootly incidents progress through Active > Mitigated > Resolved. However, some organizations have much more granular statuses to represent key moments in the incident's lifecycle.

Custom Statuses allow you to add, reorder, and capture key information on the incident throughout the incident lifecycle.

# Adding and editing statuses

Navigate to **Configuration > Lifecycle** to begin customizing your Rootly statuses.

Each substatus requires a name and description to give your responders context on what the lifecycle stage represents. When an incident's status is updated to reflect a new status, we will mark the date and time of the status change and store it in the status' `Marked At` field to support any postmortem analyses.

When a new status is added, Rootly will generate a new substatus form for you to customize in the Form configuration section. This allows you to capture incident data at any phase of the incident's lifecycle.

# Lifecycle preferences

Rootly gives you full control over how your incidents progress through the Lifecycle statuses. Control if your responders are able to move an incident across many statuses at once, or if incidents must progress through every status in a defined order.

Navigate to **Configuration > Lifecycle > Preferences** to update these settings.

<img alt="Clean Shot2025 04 14at12 10 46@2x Pn" />

If your Rootly instance requires incidents to progress through Active or Resolved in order, your responders will only be able to update the incident's status to the next status defined in your Lifecycle configuration.

**Note:** Responders are able to move an incident backward to any previous status. If they do so, they'll have to progress the incident through each status again.

Get started with Custom Statuses by reaching out to your Rootly account representative today.


# Dynamic Forms
Source: https://docs.rootly.com/configuration/dynamic-forms

Configure form variations that adapt based on incident properties like type, team, or severity to collect contextually relevant information.

Rootly's dynamic forms allow for more granularity based on different incident types, different teams, or different severities that require different versions of the same forms. You can access the dynamic forms by navigating to **Configuration >** [**Forms**](https://rootly.com/account/forms).

The Dynamic Forms feature is not enabled out-of-box, but if you’d like to try it out, reach out to your Rootly point of contact or support team. [Video Example of Use Case](https://www.loom.com/share/11b9503c6bd94043bfafc6cdd5166021?sid=35cd9955-d742-45f3-b99f-b2840b3e0a74)

<Frame>
  <img alt="Document image" />
</Frame>

## Incident Property Field

The incident property is what is used to **base** the dynamic forms from. The options include Incident Type, Team, or Severity.

> This field is important as it drives the property in which you build your dynamic forms from

<Frame>
  <img alt="Document image" />
</Frame>

Once an incident property is selected, click `+ New Form Set` to create a dynamic form.

<Frame>
  <img alt="Document image" />
</Frame>

## **Creating Form Set**

* Name: Choose a unique name
* Use this form when \[incident type / team / severity]
* Then choose which default forms you would like to customize.

<Frame>
  <img alt="Document image" />
</Frame>

### Example Use Case

One of the main use cases for this is when you want to give more granularity on different teams, incident types, or severities, but you want them to have different versions of the same form. For example, when the information I want to collect for the `security teams` incidents is different than the information I want to collect for the `infrastructure teams` incidents. But within that, within the `security teams` forms, I actually want certain fields different based on if it’s a SEV0 incident.

<Frame>
  <img alt="Document image" />
</Frame>

Click 'Create Form Set'

<Frame>
  <img alt="Document image" />
</Frame>

Once created, you'll see the newly built 'Security Team Forms' on the left and the form types you wish to customize.

These new forms will only show when `Team` is `Security`

<Frame>
  <img alt="Document image" />
</Frame>

Next, we need to get more granular and only show these forms when the `Team` is `Security` **AND** the `Severity` is a `SEV0`. To do this, click 'Configure' on the form type you would like to edit.

<Frame>
  <img alt="Document image" />
</Frame>

The form will start empty, minus your incident property field, which in this case is `Teams`.

<Frame>
  <img alt="Document image" />
</Frame>

Add any custom or built-in fields by clicking 'Add Fields'

<Frame>
  <img alt="Document image" />
</Frame>

When the required fields are selected, click 'Add Fields'.

<Frame>
  <img alt="Document image" />
</Frame>

Edit each field and choose when to display and/or require this field, at this stage you can add conditions.

<Frame>
  <img alt="Document image" />
</Frame>

Set the field to only display when the incident is a `SEV0` , and **REQUIRE** the field. Click Save once the conditions are defined.

<Frame>
  <img alt="Document image" />
</Frame>

### To Test

Create a new incident and set the team to `Security`

<Frame>
  <img alt="Document image" />
</Frame>

Once `<Security team>` is selected, the form will auto-refresh with the dynamic 'Security Team Form'

<Frame>
  <img alt="Document image" />
</Frame>

### Removing An Existing Dynamic Form

Editing and deleting can be done by clicking on the ellipsis.

<Frame>
  <img alt="Document image" />
</Frame>

Only one property can be selected at a time. Removing the existing incident property selection will delete all existing dynamic forms. You will be prompted with a warning message prior.

<Frame>
  <img alt="Document image" />
</Frame>

### Want to use dynamic forms?

Yay! We can't wait! Please reach out to your Rootly point of contact or support team to request access.


# Environments
Source: https://docs.rootly.com/configuration/environments

Define and prioritize the environments (production, staging, development) affected by incidents to ensure proper response urgency and resource allocation.

## Overview

**Environments** allow you to characterize incidents by the environment that they are impacting. For example, incidents impacting PROD should take priority over incidents only impacting DEV.

<Frame>
  <img alt="Document image" />
</Frame>

## Field Type

**Environments** can be customized to be either a **select** or **multi-select** field type. This means you can configure it to allow only one environment value to be selected per incident or allow multiple environment values to be selected per incident.

<Frame>
  <img alt="Document image" />
</Frame>

## Attributes

**Environments** can be configured with the following attributes. Each environment attribute can be referenced via Liquid syntax.

<Note>
  Since the environment field can be either a **select** or **multi-select** field type, the Liquid syntax to reference each field type will differ.

  Select will follow a single-value syntax

  `{{incident.raw_environments | get: '<attribute>'}}`

  Multi-select will follow an array syntax. Where i references the specific environment object in the list of environments.

  `{{incident.raw_environments[index] | get: '<attribute>'}}`
</Note>

### ID

This is the unique identifier of the environment. This field **cannot be customized**. Rootly will automatically assign the *ID* upon creation. It is typically used in Liquid references and API calls.

The following Liquid syntax will allow you to list out the environment *ID*(s) that are selected for an incident:

`{{ incident.environment_ids }}`

**OR**

* `{{ incident.raw_environments | get: 'id'}}` for select field type
* `{{ incident.raw_environments[index] | get: 'id'}}` for multi-select field type

### Name

This is the value that is displayed on the UI for the environment. This field is customizable.

The following Liquid syntax will allow you to list out the environment *name*(s) that are selected for an incident:

`{{ incident.environments }}`

**OR**

* `{{ incident.raw_environments | get: 'name'}}` for select field type
* `{{ incident.raw_environments[index] | get: 'name' }}` for multi-select field type

### Slug

This is the string that is used to reference the environment in Liquid references. This field is automatically generated by lower-casing and hyphenating the environment *name*.

The following Liquid syntax will allow you to list out the environment *slug*(s) that are selected for an incident:

`{{ incident.environment_slugs }}`

**OR**

* `{{ incident.raw_environments | get: 'slug'}}` for select field type
* `{{ incident.raw_environments[index] | get: 'slug' }}` for multi-select field type

### Description

This value is displayed on the UI to describe each environment. This field is customizable.

The following Liquid syntax will allow you to list out the environment *description*(s) that are selected for an incident:

* `{{ incident.raw_environments | get: 'description'}}` for select field type
* `{{ incident.raw_environments[index] | get: 'description' }}` for multi-select field type

### Color

Each environment can be assigned a color, which will be used for color-coding on metrics graphs.

<Note>
  Rootly uses **color-hex codes**. E.g. #000000 is black, #ffffff is white. Use [this page](https://www.color-hex.com/) to help you find the exact hex code for the color you want.
</Note>

The following Liquid syntax will allow you to list out the environment *color*(s) that are selected for an incident:

* `{{ incident.raw_environments | get: 'color'}}` for the select field type
* `{{ incident.raw_environments[index] | get: 'color' }}` for a multi-select field type

### Slack Channels

Each environment can be linked to one or more Slack channels. By default, Rootly does not notify the linked channel(s) when an environment is selected for an incident. Notification needs to be explicitly called out as Attached Environment Channels in workflow configurations.

Systematically, each Slack channel is stored as an object containing an ID and name.

The following Liquid syntax will allow you to list out the environment *Slack Channel*(s) that are selected for an incident:

* `{{ incident.raw_environments | get: 'slack_channels'}}` for the select field type
* `{{ incident.raw_environments[index] | get: 'slack_channels' }}` for a multi-select field type

### Slack Aliases

Each environment can be linked to one or more Slack user groups (aka aliases). By default, Rootly does not invite users in the linked user group(s) when an environment is selected for an incident. Invitations need to be explicitly called out as Attached Environment Aliases in workflow configurations.

The following Liquid syntax will allow you to list out the environment *Slack Alias*(es) that are selected for an incident:

* `{{ incident.raw_environments | get: 'slack_aliases'}}` for select field type
* `{{ incident.raw_environments[index] | get: 'slack_aliases' }}` for multi-select field type

### Notify Emails

Each environment can be linked to one or more emails. By default, Rootly does not send emails to the linked address(es) when an environment is selected for an incident. Notification needs to be explicitly called out as `{{ incident.raw_environments | map: 'notify_emails' | flatten | join: ',' }}` in workflow configurations.

The following Liquid syntax will allow you to list out the environment *Notify Email*(s) that are selected for an incident:

* `{{ incident.raw_environments | get: 'notify_emails'}}` for select field type
* `{{ incident.raw_environments[index] | get: 'notify_emails' }}` for multi-select field type


# Event Payloads
Source: https://docs.rootly.com/configuration/event-payloads

Reference documentation for webhook event payload structures used in Rootly integrations and custom automations, including incident, alert, and pulse events.

## alert.\*

```json JSON theme={null}
{
  "event": {
    "id": "9839c4ca-5e7b-416d-ad95-d09ae0c8eead",
    "type": "alert.created",
    "issued_at": "2022-11-27T19:15:29.546-08:00",
  },
  "data": {
    "id": "13c82722-ec52-4eda-aaa2-771f7c81c01c",
    "team_id": 1,
    "source": "pagerduty",
    "summary": "database-prod-002 Memory threshold over 85%",
    "labels": [],
    "data": {
      "hello": "world"
    },
    "external_id": "Q1IC19Z6U7MIQB",
    "external_url": "https://rootly.pagerduty.com/alerts/Q1IC19Z6U7MIQB",
    "webhook_type": null,
    "webhook_id": null,
    "webhook_idempotency_key": null,
    "started_at": "2022-11-27T19:15:29.546-08:00",
    "ended_at": null,
    "deleted_at": null,
    "created_at": "2022-11-27T19:15:29.546-08:00",
    "updated_at": "2022-11-27T19:15:29.546-08:00"
  }
}
```

## genius\_workflow\_run.\*

<Tabs>
  <Tab title="genius_workflow_run.queued">
    ```json JSON theme={null}
    {
    	"event":{
    		"id":"88a53013-05dc-44df-bb4f-c68d890f8bf9",
    		"type":"genius_workflow_run.queued",
    		"issued_at":"2022-12-19T08:02:03.067-08:00"
    	},
    	"data":{
    		"id":"daf992ed-df23-41df-a72c-438616b4f6dc",
    		"kind":"incident",
    		"status":"queued",
    		"status_message": null,
    		"user_id":3186,
    		"genius_workflow_id":"a1b76e56-e1ab-4b36-856f-b6481251c698",
    		"genius_workflow_name":"Send Email when incident starts",
    		"queued_at":"2022-12-19T08:02:03.031-08:00",
    		"started_at":null,
    		"completed_at":null,
    		"failed_at":null,
    	    "canceled_at":null,
    		"triggered_by":"system",
    		"created_at":"2022-12-19T08:02:03.031-08:00",
    		"updated_at":"2022-12-19T08:02:03.031-08:00",		 
            "incident_id":"5c80f5a1-9389-4970-bb49-8268acf2954f",
    		"incident_action_item_id":null,
    		"incident_post_mortem_id":null,
    		"alert_id":null,
    		"pulse_id":null
    	}
    }
    ```
  </Tab>

  <Tab title="genius_workflow_run.started">
    ```json JSON theme={null}
    {
    	"event":{
    		"id":"76376d80-29e4-4aaf-8295-c12f111cf5eb",
    		"type":"genius_workflow_run.started",
    		"issued_at":"2022-12-19T08:04:55.249-08:00"
    	},
    	"data":{
    		"id":"ff3021be-6ac2-4253-afbe-ae866c0c75a3",
    		"kind":"incident",
    		"status":"started",
    		"status_message": null,
    		"user_id":3186,
    		"genius_workflow_id":"a1b76e56-e1ab-4b36-856f-b6481251c698",		    
            "genius_workflow_name":"Send Email when incident starts",		 
            "queued_at":"2022-12-19T08:04:55.196-08:00",
    		"started_at":"2022-12-19T08:04:55.220-08:00",
    		"completed_at":null,
    		"failed_at":null,
    		"canceled_at":null,
    		"triggered_by":"user",
    		"status":"started",
    		"created_at":"2022-12-19T08:04:55.196-08:00",
    		"updated_at":"2022-12-19T08:04:55.226-08:00",
    		"incident_id":"5c80f5a1-9389-4970-bb49-8268acf2954f",
    		"incident_action_item_id":null,
    	    "incident_post_mortem_id":null,
    		"alert_id":null,
    		"pulse_id":null
    	}
    }
    ```
  </Tab>

  <Tab title="genius_workflow_run.completed">
    ```json JSON theme={null}
    {
    	"event":{
    		"id":"ae55dd1a-9bde-4a98-bd42-61df1e8dd80f",
    		"type":"genius_workflow_run.completed",
    		"issued_at":"2022-12-19T08:06:35.911-08:00"
    	},
    	"data":{
    		"id":"4cd6046c-9ed9-423e-8145-a1891f82ac57",
    		"kind":"incident",
    		"status":"completed",
    		"status_message": null,
    		"user_id":3186,
    		"genius_workflow_id":"678fbb8a-23bc-4fcf-8d46-b1833698b75b",
    		"genius_workflow_name":"Send Email when incident starts",
    		"queued_at":"2022-12-19T08:06:33.493-08:00",
    		"started_at":"2022-12-19T08:06:33.512-08:00",
    		"completed_at":"2022-12-19T08:06:35.887-08:00",
    		"failed_at":null,
    		"canceled_at":null,
    		"triggered_by":"user",
    		"created_at":"2022-12-19T08:06:33.493-08:00",
    		"updated_at":"2022-12-19T08:06:35.887-08:00",
    		"incident_id":"5c80f5a1-9389-4970-bb49-8268acf2954f",
    		"incident_action_item_id":null,
    		"incident_post_mortem_id":null,
    		"alert_id":null,
    		"pulse_id":null
    	}
    }
    ```
  </Tab>

  <Tab title="genius_workflow_run.failed">
    ```json JSON theme={null}
    {
    	"event":{
    		"id":"1562f78b-18fa-4d9f-a765-24e6dfba9794",
    		"type":"genius_workflow_run.failed",
    		"issued_at":"2022-12-19T08:08:18.521-08:00"
    	},
    	"data":{
    		"id":"3ceebcf1-e82f-4dfe-97da-69cd0678696d",
    		"kind":"incident",
    	    "status":"failed",
    		"status_message": null,
    		"user_id":3186,
    		"genius_workflow_id":"a1b76e56-e1ab-4b36-856f-b6481251c698",
    		"genius_workflow_name":"Send Email when incident starts",
    		"queued_at":"2022-12-19T08:08:17.890-08:00",
    		"started_at":"2022-12-19T08:08:17.908-08:00",
    		"completed_at":null,
    		"failed_at":"2022-12-19T08:08:18.498-08:00",
    		"canceled_at":null,
    		"triggered_by":"user",
    		"created_at":"2022-12-19T08:08:17.890-08:00",
    		"updated_at":"2022-12-19T08:08:18.498-08:00",
    		"incident_id":"5c80f5a1-9389-4970-bb49-8268acf2954f",
    		"incident_action_item_id":null,
    		"incident_post_mortem_id":null,
    		"alert_id":null,
    		"pulse_id":null
    	}
    }
    ```
  </Tab>

  <Tab title="genius_workflow_run.canceled">
    ```json JSON theme={null}
    {
    	"event":{
    		"id":"4b3d9e46-1a59-44a7-914d-b1758216b8d5",
    		"type":"genius_workflow_run.canceled",
    		"issued_at":"2022-12-19T11:09:16.508-05:00"
    	},
    	"data":{
    		"id":"e9269feb-1f2b-4d35-9181-f6842361ec62",		    
            "kind":"incident",
    	    "status":"canceled",
    		"status_message": null,
    		"user_id":3186,
    		"genius_workflow_id":"554f0a33-c05b-4352-87d4-1ec0332431bd",
    		"genius_workflow_name":"Send Email when incident starts",
    	    "queued_at":"2022-12-19T11:02:04.659-05:00",
    		"started_at":null,
    		"completed_at":null,
    		"failed_at":null,
    	    "canceled_at":"2022-12-19T11:09:16.480-05:00",
    		"triggered_by":"system",
    		"created_at":"2022-12-19T11:02:04.659-05:00",
    		"updated_at":"2022-12-19T11:09:16.480-05:00",
    	    "incident_id":"5c80f5a1-9389-4970-bb49-8268acf2954f",
    	    "incident_action_item_id":null,
    		"incident_post_mortem_id":null,
    	    "alert_id":null,
    		"pulse_id":null
    	}
    }
    ```
  </Tab>
</Tabs>

## incident.\*

```json JSON theme={null}
{
  "event": {
    "id": "9839c4ca-5e7b-416d-ad95-d09ae0c8eead",
    "type": "incident.created",
    "issued_at": "2022-11-27T19:44:33.633-08:00",
  },
  "data": {
    "id": "b7eed587-50e6-44fe-b010-7a2bb05d737a",
    "sequential_id": 19,
    "title": "Sparkling Frost",
    "slug": "sparkling-frost",
    "kind": "normal",
    "private": false,
    "summary": null,
    "status": "started",
    "url": "http://localhost:3000/account/incidents/19-sparkling-frost",
    "short_url": null,
    "mitigation_message": null,
    "resolution_message": null,
    "cancellation_message": null,
    "public_title": null,
    "zoom_meeting_id": null,
    "zoom_meeting_start_url": null,
    "zoom_meeting_join_url": null,
    "shortcut_story_id": null,
    "shortcut_story_url": null,
    "shortcut_task_id": null,
    "shortcut_task_url": null,
    "asana_task_id": null,
    "asana_task_url": null,
    "github_issue_id": null,
    "github_issue_url": null,
    "jira_issue_id": null,
    "jira_issue_url": null,
    "google_meeting_id": null,
    "google_meeting_url": null,
    "trello_card_id": null,
    "trello_card_url": null,
    "linear_issue_id": null,
    "linear_issue_url": null,
    "zendesk_ticket_id": null,
    "zendesk_ticket_url": null,
    "slack_channel_name": null,
    "slack_channel_id": null,
    "slack_channel_url": null,
    "slack_channel_short_url": null,
    "service_now_incident_id": null,
    "service_now_incident_key": null,
    "service_now_incident_url": null,
    "opsgenie_incident_id": null,
    "opsgenie_incident_url": null,
    "opsgenie_alert_id": null,
    "opsgenie_alert_url": null,
    "victor_ops_incident_id": null,
    "victor_ops_incident_url": null,
    "pagerduty_incident_id": null,
    "pagerduty_incident_url": null,
    "mattermost_channel_id": null,
    "mattermost_channel_name": null,
    "mattermost_channel_url": null,
    "confluence_page_id": null,
    "confluence_page_url": null,
    "quip_page_id": null,
    "quip_page_url": null,
    "airtable_base_key": null,
    "airtable_table_name": null,
    "airtable_record_id": null,
    "airtable_record_url": null,
    "google_drive_id": null,
    "google_drive_url": null,
    "datadog_notebook_id": null,
    "datadog_notebook_url": null,
    "freshservice_ticket_id": null,
    "freshservice_ticket_url": null,
    "freshservice_task_id": null,
    "freshservice_task_url": null,
    "started_at": "2022-11-27T19:36:00.000-08:00",
    "detected_at": null,
    "acknowledged_at": null,
    "mitigated_at": null,
    "resolved_at": null,
    "cancelled_at": null,
    "created_at": "2022-11-27T19:36:49.779-08:00",
    "updated_at": "2022-11-27T19:36:49.779-08:00",
    "labels": {
    },
    "severity": null,
    "user": {
      "id": 7,
      "name": "John Doe",
      "email": "demo@rootly.com",
      "full_name": "John Doe",
      "full_name_with_team": "[rootly.com] John Doe",
      "slack_id": null
    },
    "started_by": {
      "id": 7,
      "name": "John Doe",
      "email": "demo@rootly.com",
      "full_name": "John Doe",
      "full_name_with_team": "[rootly.com] John Doe",
      "slack_id": null
    },
    "mitigated_by": null,
    "resolved_by": null,
    "cancelled_by": null,
    "roles": [
      {
        "id": "e5c83728-78b9-495f-bdc5-55b3db047339"
      },
      {
        "id": "45602201-6cb9-4567-abd6-293096d880ef"
      }
    ],
    "environments": [

    ],
    "incident_types": [

    ],
    "services": [

    ],
    "functionalities": [

    ],
    "groups": [

    ],
    "events": [
      {
        "id": "01608451-5926-41ea-88b0-5af2f3cf5f79",
        "event": "John Doe created this incident",
        "event_raw": "John Doe created this incident",
        "kind": "event",
        "source": "web",
        "visibility": "external",
        "occurred_at": "2022-11-27T19:36:49.779-08:00",
        "created_at": "2022-11-27T19:36:49.779-08:00",
        "updated_at": "2022-11-27T19:36:49.884-08:00"
      },
      {
        "id": "42a1a95d-5ae2-4b74-a8dd-af675311769a",
        "event": "Started date has been set to <span class=\"badge badge-info-inverted\">November 27  7:36 PM PST</span>",
        "event_raw": "Started date has been set to November 27 7:36 PM PST",
        "kind": "trail",
        "source": "web",
        "visibility": "internal",
        "occurred_at": "2022-11-27T19:36:49.955-08:00",
        "created_at": "2022-11-27T19:36:49.955-08:00",
        "updated_at": "2022-11-27T19:36:49.955-08:00"
      }
    ],
    "action_items": [
      {
        "id": "a3121c52-39a8-4ba4-aef4-e33e6c6bcbdc",
        "incident_id": "b7eed587-50e6-44fe-b010-7a2bb05d737a",
        "description": null,
        "summary": "Tasks can be customized in Rootly",
        "kind": "task",
        "priority": "medium",
        "status": "open",
        "due_date": null,
        "jira_issue_id": null,
        "jira_issue_url": null,
        "asana_task_id": null,
        "asana_task_url": null,
        "github_issue_id": null,
        "github_issue_url": null,
        "shortcut_story_id": null,
        "shortcut_story_url": null,
        "shortcut_task_id": null,
        "shortcut_task_url": null,
        "trello_card_id": null,
        "trello_card_url": null,
        "linear_issue_id": null,
        "linear_issue_url": null,
        "zendesk_ticket_id": null,
        "zendesk_ticket_url": null,
        "airtable_base_key": null,
        "airtable_table_name": null,
        "airtable_record_id": null,
        "airtable_record_url": null,
        "freshservice_ticket_id": null,
        "freshservice_ticket_url": null,
        "freshservice_task_id": null,
        "freshservice_task_url": null,
        "created_at": "2022-11-27T19:15:07.651-08:00",
        "updated_at": "2022-11-27T19:15:07.651-08:00"
      },
      {
        "id": "70ef7704-aecb-401a-833d-edaf8aaa9d86",
        "incident_id": "b7eed587-50e6-44fe-b010-7a2bb05d737a",
        "description": null,
        "summary": "Update `/incident summary`",
        "kind": "task",
        "priority": "medium",
        "status": "open",
        "due_date": null,
        "jira_issue_id": null,
        "jira_issue_url": null,
        "asana_task_id": null,
        "asana_task_url": null,
        "github_issue_id": null,
        "github_issue_url": null,
        "shortcut_story_id": null,
        "shortcut_story_url": null,
        "shortcut_task_id": null,
        "shortcut_task_url": null,
        "trello_card_id": null,
        "trello_card_url": null,
        "linear_issue_id": null,
        "linear_issue_url": null,
        "zendesk_ticket_id": null,
        "zendesk_ticket_url": null,
        "airtable_base_key": null,
        "airtable_table_name": null,
        "airtable_record_id": null,
        "airtable_record_url": null,
        "freshservice_ticket_id": null,
        "freshservice_ticket_url": null,
        "freshservice_task_id": null,
        "freshservice_task_url": null,
        "created_at": "2022-11-27T19:15:07.626-08:00",
        "updated_at": "2022-11-27T19:15:07.651-08:00"
      },
      {
        "id": "368921f4-419c-4df3-92a2-006c3882dc70",
        "incident_id": "b7eed587-50e6-44fe-b010-7a2bb05d737a",
        "description": null,
        "summary": "Ensure roles are assigned",
        "kind": "task",
        "priority": "medium",
        "status": "open",
        "due_date": null,
        "jira_issue_id": null,
        "jira_issue_url": null,
        "asana_task_id": null,
        "asana_task_url": null,
        "github_issue_id": null,
        "github_issue_url": null,
        "shortcut_story_id": null,
        "shortcut_story_url": null,
        "shortcut_task_id": null,
        "shortcut_task_url": null,
        "trello_card_id": null,
        "trello_card_url": null,
        "linear_issue_id": null,
        "linear_issue_url": null,
        "zendesk_ticket_id": null,
        "zendesk_ticket_url": null,
        "airtable_base_key": null,
        "airtable_table_name": null,
        "airtable_record_id": null,
        "airtable_record_url": null,
        "freshservice_ticket_id": null,
        "freshservice_ticket_url": null,
        "freshservice_task_id": null,
        "freshservice_task_url": null,
        "created_at": "2022-11-27T19:15:07.601-08:00",
        "updated_at": "2022-11-27T19:15:07.651-08:00"
      }
    ],
    "form_field_selections": [

    ],
    "feedbacks": [

    ],
    "incident_post_mortem": null
  }
}
```

## incident\_post\_mortem.\*

```json JSON theme={null}
{
  "event": {
    "id": "9839c4ca-5e7b-416d-ad95-d09ae0c8eead",
    "type": "incident_post_mortem.created",
    "issued_at": "2022-11-27T19:36:00.000-08:00",
  },
  "data": {
    "id": "2c7497e5-5d15-4fa4-aeac-cac063aafe19",
    "incident_id": "b7eed587-50e6-44fe-b010-7a2bb05d737a",
    "title": "Sparkling Frost",
    "status": "draft",
    "url": "http://rootly.com/account/incidents/19-sparkling-frost/postmortem_url",
    "short_url": null,
    "content": "<h1>{{incident.created_at | date: \"%Y-%m-%d\"}} - {{incident.title}}</h1>\n<h1><strong>Leadup</strong></h1>\n<br><span style=\"color: #7a869a\">Describe the circumstances that led to this incident</span><br><br>\n<h1><strong>Fault</strong></h1>\n<br><span style=\"color: #7a869a\">Describe what failed to work as expected</span><br><br>\n<h1><strong>Detection</strong></h1>\n<br><span style=\"color: #7a869a\">Describe how the incident was detected</span><br><br>\n<h1><strong>Root causes</strong></h1>\n<br><span style=\"color: #7a869a\">Run a 5-whys analysis to understand the true causes of the incident</span><br><br>\n<h1><strong>Mitigation and resolution</strong></h1>\n<br><span style=\"color: #7a869a\">What steps did you take to resolve this incident?</span><br><br>\n<h1><strong>Lessons learnt</strong></h1>\n<br><span style=\"color: #7a869a\">What went well? What could have gone better? What else did you learn?</span><br><br>",
    "published_at": null,
    "started_at": "2022-11-27T19:36:00.000-08:00",
    "mitigated_at": "2022-11-27T19:44:32.156-08:00",
    "resolved_at": "2022-11-27T19:44:32.156-08:00",
    "cancelled_at": null,
    "show_timeline": true,
    "show_timeline_starred_only": false,
    "show_timeline_genius": true,
    "show_timeline_trail": true,
    "show_timeline_tasks": true,
    "show_timeline_action_items": true,
    "show_functionalities_impacted": true,
    "show_services_impacted": true,
    "show_groups_impacted": true,
    "show_action_items": true,
    "created_at": "2022-11-27T19:36:49.779-08:00",
    "updated_at": "2022-11-27T19:44:32.177-08:00"
  }
}
```

## pulse.\*

```json JSON theme={null}
{
  "event": {
    "id": "9839c4ca-5e7b-416d-ad95-d09ae0c8eead",
    "type": "pulse.created",
    "issued_at": "2022-11-27T19:15:30.995-08:00",
  },
  "data": {
    "id": "aa1cab03-00e7-4578-b1ae-72ad9ae417c6",
    "team_id": 1,
    "pulse_trail_id": "b59bfcb7-89ed-4641-b288-5ce1bb3dd801",
    "summary": "Deployed to Kubernetes",
    "labels": [
      {
        "key": "label1",
        "value": "value1"
      },
      {
        "key": "label2",
        "value": "value2"
      }
    ],
    "data": {
      "hello": "world"
    },
    "external_id": null,
    "started_at": "2022-11-27T19:15:30.995-08:00",
    "ended_at": null,
    "deleted_at": null,
    "created_at": "2022-11-27T19:15:30.995-08:00",
    "updated_at": "2022-11-27T19:15:30.995-08:00",
    "webhook_type": null,
    "webhook_id": null,
    "webhook_idempotency_key": null,
    "external_url": null,
    "source": "k8s",
    "refs": [
      {
        "key": "image",
        "value": "registry.rootly.com/rootly/my-service:cd6214"
      }
    ]
  }
}
```


# Example Usage With Incidents
Source: https://docs.rootly.com/configuration/example-usage-with-incidents

Learn how playbooks automatically attach relevant action items and response procedures when incident types are assigned during incident response.

Let's show how we can append a playbook to a newly created incident. If I was in slack for example I would do this by clicking the "Update" button (Seen below).

<Frame>
  <img alt="Document image" />
</Frame>

Let's say this was a security related incident. Once I append "Security" to the types field that would then automatically attach the related playbooks that were associated with the "Security" types.

<Frame>
  <img alt="Document image" />
</Frame>

As you can see below the action items has increased from 3 to 6 as we have appended the Security type related action items. Clicking the Action Items button gives us a full list of all the item actions.

<Frame>
  <img alt="Document image" />
</Frame>

<Frame>
  <img alt="Document image" />
</Frame>

You can also modify incidents in the Rootly UI as well by navigating to the Incidents tab and clicking edit on the appropriate incident. Modifying incidents in the UI will also automatically attach any relevant playbooks associated with the changes.

<Frame>
  <img alt="Document image" />
</Frame>


# Overview
Source: https://docs.rootly.com/configuration/forms-and-fields

Configure incident data collection forms and custom fields in Rootly to control when and how information is captured during the incident response lifecycle.

Use Forms in Rootly to capture incident data throughout your incident's lifecycle. Forms can be filled out at key moments during your incident lifecycle across Slack and web. The form can be completely customized depending on the stage and type of incident using fields.

Start configuring your forms by logging into the Rootly web app and navigating to **Configuration > Forms**.

<img alt="Clean Shot2025 08 20at12 53 53@2x Pn" />

# **Default Forms**

Rootly comes with a series of built-in forms that cannot be deleted. These forms are used to capture information about your incident at standard moments in your incident lifecycle, such as when the incident is created, updated, or cancelled.

The information captured on these forms can be completely customized by updating the form and adding or removing additional fields.

Learn about customizing these default forms on the [Built-In Forms](/configuration/built-in-forms) page.

# **Custom Forms**

Create a custom form to capture information outside of when your incident progresses or the lifecycle status changes. Custom forms can be opened and filled out through a Slack command or using a Slack block button.

To learn about how to create and manage custom forms, please see the [Custom Forms](/configuration/custom-forms) page.

# Sub-Status Forms

For our advanced customers that have access to Custom Lifecycles, Rootly creates a separate form for each custom substatus that you configure in the Lifecycle section of the application. These can be edited in the same way that default and custom forms can be under the substatus forms tab.

# **Built-In Fields**

Rootly comes with a series of built-in incident properties that are typically collected during incident responses. To learn about what can be customized and how to customize built-in fields, please see the [Built-In Fields](/configuration/built-in-fields) page.

# **Custom Fields**

If the built-in properties are not enough to address your requirements, Rootly offers the ability to create custom incident properties in various data types. To learn about how to create custom fields, please see the [Custom Fields](/configuration/custom-fields) page.


# Functionalities
Source: https://docs.rootly.com/configuration/functionalities

Configure functionality categories in Rootly to identify impacted product features during incidents, route to appropriate teams, and surface ownership context.

# Overview

**Functionalities** allow you to specify the impacted features during an incident. This can help you identify which responders to bring in, which on-call to page, which customers to inform, etc. Individual functionalities can be mapped to your status pages.

<Frame>
  <img alt="Clean Shot2026 03 30at20 48 48@2x" />
</Frame>

# Adding properties

While Functionalities in Rootly comes with built-in properties, additional properties can be added. This allows you to build automations and workflows for your incident response processes using this information: for example, quickly identifying the customer impact of an incident based on the related functionality.

To add custom properties, open **Functionalities**, click **Edit catalog**, and click **Add Property**. You can choose from several property types, including text, boolean, and importantly references to other Catalogs.

For each Functionality, you'll be able to find the values of these properties in the **Custom Properties** tab.

# Configuring Functionalities

Begin editing the properties of your Functionalities by selecting the '...', then Edit.

<Frame>
  <img alt="Clean Shot 2026 05 04 At 14 17 10@2x" />
</Frame>

## Basics

Update the information in this tab to set the fundamental details about your functionality.

1. **ID**: Use the ID when working with Rootly's API to refer to the functionality.
2. **Name**: Add a descriptive name to your functionality for other Rootly users to refer to.
3. **Description**: Add a description of your functionality for other Rootly users to refer to.
4. **Public Description**: Add an external-facing description for your status page. This will be shown to your Rootly Status Page visitors.

## Ownership

Assign the responsible stakeholders of your functionality. The values in these fields can be used to automate tasks and processes using Workflows in Rootly.

For example, update an incident with the functionality's `Team` when a functionality is added to an incident.

## Connections

Add connections between other entities in Rootly, like Environments, Services, Playbooks, and Escalation Policies. This information can be used to automate tasks and processes using Workflows in Rootly.

For example, post a message in the incident channel linking to the functionality's playbook when a functionality is added to an incident.

### Paging Functionalities

Functionalities can be paged when things go wrong. When a functionality is paged (either by an Alert Source, or manually by another user), the functionality's escalation policy will fire.

<Note>
  Functionalities can only be paged if they have an assigned escalation policy. Make sure to set this up in the Functionality's Connection tab in Rootly.
</Note>

## Alerting & Notifications

Add relevant channel properties to the functionality to automate communications and processes using Workflows in Rootly.

For example, use the `Slack Channel` property to post a message in a slack channel dedicated to the functionality when it is added to an incident.

## Custom Properties

Add the values to your custom properties in this section. Learn more about adding custom properties [in this section](/configuration/functionalities).

## On-Call

Configure what happens when this Functionality is paged in Rootly On-Call. When this Functionality is paged either manually by a user, or through an Alert Source, the Escalation Policy selected here will fire.

# Incident Fields

**Functionalities** can be customized to be either a **select** or **multi-select** field type. This means you can configure it to allow only one functionality value to be selected per incident or allow multiple functionality values to be selected per incident.

<Frame>
  <img alt="Document image" />
</Frame>

## Attributes

**Functionalities** can be configured with the following attributes. Each functionality attribute can be referenced via Liquid syntax.

<Note>
  Since the functionality field can be either a **select** or **multi-select** field type, the Liquid syntax to reference each field type will differ.

  Select will follow a single-value syntax

  `{{incident.raw_functionalities | get: '<attribute>'}}`

  Multi-select will follow an array syntax. Where i references the specific functionality object in the list of functionalities.

  `{{incident.raw_functionalities[index] | get: '<attribute>'}}`
</Note>

### ID

This is the unique identifier of the functionality. This field **cannot be customized**. Rootly will automatically assign the *ID* upon creation. It is typically used in Liquid references and API calls.

The following Liquid syntax will allow you to list out the functionality *ID*(s) that are selected for an incident:

`{{ incident.functionality_ids }}`

**OR**

* `{{ incident.raw_functionalities | get: 'id'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'id' }}` for a multi-select field type

### Name

This is the value that is displayed on the UI for the functionality. This field is customizable.

The following Liquid syntax will allow you to list out the functionality *name*(s) that are selected for an incident:

`{{ incident.functionalities }}`

**OR**

* `{{ incident.raw_functionalities | get: 'name'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'name' }}` for a multi-select field type

### Slug

This is the string that is used to reference the functionality in Liquid references. This field is automatically generated by lower-casing and hyphenating the functionality *name*.

The following Liquid syntax will allow you to list out the functionality *slug*(s) that are selected for an incident:

`{{ incident.functionality_slugs }}`

**OR**

* `{{ incident.raw_functionalities | get: 'slug'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'slug' }}` for a multi-select field type

### Description

This value is displayed on the UI to further explain each functionality. This field is customizable.

The following Liquid syntax will allow you to list out the functionality *description*(s) that are selected for an incident:

* `{{ incident.raw_functionalities | get: 'description'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'description' }}` for a multi-select field type

### Color

Each functionality can be assigned a color, which will be used for color-coding on metrics graphs.

<Note>
  Rootly uses **color-hex codes**. E.g. #000000 is black, #ffffff is white. Use [this page](https://www.color-hex.com/) to help you find the exact hex code for the color you want.
</Note>

The following Liquid syntax will allow you to list out the functionality *color*(s) that are selected for an incident:

* `{{ incident.raw_functionalities | get: 'color'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'color' }}` for a multi-select field type

### Slack Channels

Each functionality can be linked to one or more Slack channels. By default, Rootly does not notify the linked channel(s) when a functionality is selected for an incident. Notification needs to be explicitly called out as Attached Functionality Channels in workflow configurations.

Systematically, each Slack channel is stored as an object containing an ID and name.

The following Liquid syntax will allow you to list out the functionality *Slack Channel*(s) that are selected for an incident:

* `{{ incident.raw_functionalities | get: 'slack_channels'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'slack_channels' }}` for a multi-select field type

### Slack Aliases

Each functionality can be linked to one or more Slack user groups (aka aliases). By default, Rootly does not invite users in the linked user group(s) when a functionality is selected for an incident. Invitations need to be explicitly called out as Attached Functionality Aliases in workflow configurations.

The following Liquid syntax will allow you to list out the functionality *Slack Alias*(es) that are selected for an incident:

* `{{ incident.raw_functionalities | get: 'slack_aliases'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'slack_aliases' }}` for a multi-select field type

### Notify Emails

Each functionality can be linked to one or more emails. By default, Rootly does not send emails to the linked address(es) when a functionality is selected for an incident. Notification needs to be explicitly called out as `{{ incident.raw_functionalities | map: 'notify_emails' | flatten | join: ',' }}` in workflow configurations.

The following Liquid syntax will allow you to list out the functionality *Notify Email*(s) that are selected for an incident:

* `{{ incident.raw_functionalities | get: 'notify_emails'}}` for the select field type
* `{{ incident.raw_functionalities[index] | get: 'notify_emails' }}` for a multi-select field type

## Import Functionalities

Instead of creating functionalities from scratch, Rootly allows you to import functionalities from **PagerDuty** or **Opsgenie**. Imported functionalities will be automatically kept in sync on a daily basis.

<Note>
  The ability to import functionalities will only become available once you have PagerDuty or Opsgenie installed on the [integrations page](https://rootly.com/account/integrations).
</Note>

The following Liquid syntax will allow you to list out the corresponding IDs from each of the external paging applications:

**PagerDuty**

* `{{ incident.raw_functionalities | get: 'pagerduty_id' }}` for the select field type
* `{{ incident.raw_functionalities\[0\] | get: 'pagerduty_id' }}` for a multi-select field type

**Opsgenie**

* `{{ incident.raw_functionalities | get: 'opsgenie_id' }}` for the select field type
* `{{ incident.raw_functionalities\[0\] | get: 'opsgenie_id' }}` for a multi-select field type


# Github
Source: https://docs.rootly.com/configuration/github

Configure GitHub integration to automatically capture push events and pull request merges as contextual pulses during incident triage and analysis.

Rootly will **automatically** add the following GitHub events as pulses:

* Push to any repositories

* Merged pull requests

* More to come...

<Frame>
  <img alt="Github integration" />
</Frame>

Ready to configure GitHub integration ? [https://docs.rootly.com/integrations/github](/integrations/github)


# Gitlab
Source: https://docs.rootly.com/configuration/gitlab

Configure GitLab integration to automatically track repository pushes and merge requests as contextual pulses for enhanced incident analysis.

Rootly will **automatically** add the following Gitlab events as pulses:

* Push to any repositories

* Merged pull requests

* More to come...

Ready to configure Gitlab integration ? [https://docs.rootly.com/integrations/gitlab](/integrations/gitlab)


# Heroku
Source: https://docs.rootly.com/configuration/heroku

Configure Heroku integration to automatically capture build events and release deployments as contextual pulses for incident correlation.

Heroku will **automatically** add the following Heroku events as pulses:

* A build starts

* A build ends ( Failed or succeeded )

* A release is deployed

* More to come...

<Frame>
  <img alt="Heroku integration" />
</Frame>

Ready to configure Heroku integration ? [https://docs.rootly.com/integrations/heroku](/integrations/heroku)


# Incident Causes
Source: https://docs.rootly.com/configuration/incident-causes

Define and track root causes of incidents to identify patterns, prioritize improvements, and guide post-incident learning initiatives.

## Overview

**Incident causes** allow you to track the root cause of incidents. This is particularly helpful when identifying trends, allowing you to prioritize areas for post-incident improvement.

<Frame>
  <img alt="Document image" />
</Frame>

## Field Type

**Incident causes** is strictly a **multi-select** field type. This means you'll be able to select multiple cause values for a single incident.

## Attributes

**Incident causes** can be configured with the following attributes. Each cause attribute can be referenced via Liquid syntax.

<Note>
  Since the *incident cause* field is a **multi-select** field type, the Liquid reference will follow an array syntax. Where i references the specific cause object in the list of environments.

  `{{incident.raw_causes[index] | get: '<attribute>'}}`
</Note>

### ID

This is the unique identifier of the incident cause. This field **cannot be customized**. Rootly will automatically assign the *ID* upon creation. It is typically used in Liquid references and API calls.

The following Liquid syntax will allow you to list out the incident cause *ID*(s) that are selected for an incident:

`{{ incident.cause_ids }}`

**OR**

* `{{ incident.raw_causes | get: 'id'}}` for the select field type
* `{{ incident.raw_causes[index] | get: 'id' }}` for a multi-select field type

### Name

This is the value that is displayed on the UI for the incident causes. This field is customizable.

The following Liquid syntax will allow you to list out the incident cause *name*(s) that are selected for an incident:

`{{ incident.causes }}`

**OR**

* `{{ incident.raw_causes | get: 'name'}}` for the select field type
* `{{ incident.raw_causes[index] | get: 'name' }}` for a multi-select field type

### Slug

This is the string that is used to reference the incident causes in Liquid references. This field is automatically generated by lower-casing and hyphenating the incident cause *name*.

The following Liquid syntax will allow you to list out the incident causes *slug*(s) that are selected for an incident:

`{{ incident.cause_slugs }}`

**OR**

* `{{ incident.raw_causes | get: 'slug'}}` for the select field type
* `{{ incident.raw_causes[index] | get: 'slug' }}` for a multi-select field type

### Description

This value is displayed on the UI to further explain each incident cause. This field is customizable.

The following Liquid syntax will allow you to list out the incident causes *description*(s) that are selected for an incident:

* `{{ incident.raw_causes | get: 'description'}}` for the select field type
* `{{ incident.raw_causes[index] | get: 'description' }}` for a multi-select field type


# Incident Roles
Source: https://docs.rootly.com/configuration/incident-roles

Define and manage incident response roles with clear responsibilities, tasks, and hierarchies to ensure effective team coordination during incidents.

When the next incident hits, your team should feel prepared. With Incident Roles, you can quickly and efficiently assign responsibilities to your team and define the hierarchy of command.

A swift response will help reduce the impact. By adding descriptions and tasks ahead of time, you can ensure your team knows exactly what to do.

### Built-in Roles

Rootly comes with four roles we consider essential for effective incident response.

**Commander**

The individual responsible for the overall management of the incident from start to finish. Delegation of tasks across the response team and final decision-making authority.

**Communications lead**

The individual responsible for managing internal and external communications to stakeholders outside of the response team.

**Executive Sponsor**

The individual responsible for complex decision making, often used for high-severity or sensitive incidents.

**Retrospective Owner**

The individual responsible for driving the post-incident retrospective process to completion.

### Add an Incident Role

<Steps>
  <Step>
    Go to **Configuration** > **Roles.**
  </Step>

  <Step>
    Select **+ New Role.**
  </Step>

  <Step>
    Add a name, description, and a list of responsibilities for the role.

    <Note>
      **Example**

      Name: Commander

      Description: The person who takes charge of the incident, assigns tasks, and has the deciding vote on proceeding.

      Responsibilities:

      * Declare and classify the severity of the incident in Rootly
      * Assign roles (e.g., Communications Lead, Subject Matter Experts)
      * Lead regular status updates in the Slack incident channel
      * Escalate to executives or external teams if needed
      * Make "go/no-go" decisions on customer communications and mitigation steps
    </Note>

    Toggle "make this role optional" if it's not required for every incident.
  </Step>

  <Step>
    Switch to the *Advanced settings* tab to adjust the incident permission set and "allow multiple users" to be assigned this role.
  </Step>

  <Step>
    Select **Create Role** to continue. Tasks can be added after a role has been created.
  </Step>
</Steps>

### Add tasks to an Incident Role

<Steps>
  <Step>
    Go to **Configuration** > **Roles**.
  </Step>

  <Step>
    Find the role you want to add tasks to in the table. Click the pencil icon on the left side to edit.
  </Step>

  <Step>
    Switch to the Tasks tab to see existing tasks. Click **+ Add Task**.
  </Step>

  <Step>
    Add a name (required) and description. Set the Priority to low, medium, or high.
  </Step>

  <Step>
    Click **Add** to save.
  </Step>
</Steps>

<Note>
  Example

  Name (required): Declare and classify the severity of the incident in Rootly

  Description: Review the incident alerts, customer reports, and system status to assign an incident severity.

  Priority: High
</Note>

### Edit an Incident Role

<Steps>
  <Step>
    Go to **Configuration** > **Roles.**
  </Step>

  <Step>
    Find the role you want to edit in the table. Click the pencil icon on the left side to edit.

    There are three tabs:

    **Basics**

    * ID (auto-generated by Rootly)
    * Name
    * Description
    * Responsibilities
    * "Make this role optional" checkbox

    **Tasks**

    * Manage existing tasks
    * Add new tasks

    **Advanced**

    * Incident permissions set
    * "Allow multiple users to be assigned this role" toggle
  </Step>

  <Step>
    Once the desired edits are complete, click **Update** to save.
  </Step>
</Steps>

### Delete an Incident Role

<Steps>
  <Step>
    Go to **Configuration** > **Roles.**
  </Step>

  <Step>
    Find the role you want to edit in the table. Click the trashcan icon on the left side to delete.
  </Step>

  <Step>
    Deleting an incident role will also remove its associated data. This can't be undone. Select **Delete** to delete the role and all associated data, or click **Discard changes** to keep the role.
  </Step>
</Steps>

### **Get Help**

For help, use the slash command **/rootly help** in Slack or email [support@rootly.com](mailto:support@rootly.com).


# Incident Types
Source: https://docs.rootly.com/configuration/incident-types

Configure custom incident type categories in Rootly to classify incidents with select or multi-select fields, Liquid template support, and routing logic.

*Type* often gets confused with the *kind* property. *Kind* is an internal categorization used by the Rootly platform, while *type* can be customized to your company's incident categorization requirements.

The usage of this property is very flexible. Some companies use this to distinguish UI bugs from API issues. Others use this property to distinguish internal outages from customer-facing incidents.

<Frame>
  <img alt="Document image" />
</Frame>

# Field Type

*Type* can be customized to be either a **select** or **multi-select** field type. This means you can configure it to allow only one type value to be selected per incident or allow multiple type values to be selected for a single incident.

<img alt="Document image" />

# Attributes

*Type* can be configured with the following attributes. Each type attribute can be referenced via Liquid syntax.

<Note>
  Since the type field can be either a **select** or **multi-select** field type, the Liquid syntax to reference each field type will differ.

  Select will follow a single-value syntax

  `{{incident.types | get: '<attribute>'}}`

  Multi-select will follow an array syntax. Where i references the specific type object in the list of types.

  `{{incident.raw_types[index] | get: '<attribute>'}}`
</Note>

## ID

This is the unique identifier of the type. This field **cannot be customized**. Rootly will auto assign the *ID* upon creation. It is typically used in Liquid references and API calls.

The following Liquid syntax will allow you to list out the type *ID*(s) that are selected for an incident:

`{{ incident.type_ids }}`

OR

`{{ incident.raw_types | get: 'id' }}`for select field type

`{{ incident.raw_types[index] | get: 'id' }}` for multi-select field type

## Name

This is the value that is displayed on the UI for the type. This field is customizable.

The following Liquid syntax will allow you to list out the type *name*(s) that are selected for an incident:

`{{ incident.types }}`

OR

`{{ incident.raw_types | get: 'name'}}`for select field type

`{{ incident.raw_types[index] | get: 'name' }}` for multi-select field type

## Slug

This is the string that is used to reference the type in Liquid references. This field is auto generated by lower-casing and hyphenating the type *name*.

The following Liquid syntax will allow you to list out the type *slug*(s) that are selected for an incident:

`{{ incident.type_slugs }}`

OR

`{{ incident.raw_types | get: 'slug'}}`for select field type

`{{ incident.raw_types[index] | get: 'slug' }}` for multi-select field type

## Description

This value is displayed on the UI to further explain each type. This field is customizable.

The following Liquid syntax will allow you to list out the type *description*(s) that are selected for an incident:

`{{ incident.raw_types | get: 'description'}}`for select field type

`{{ incident.raw_types[index] | get: 'description' }}` for multi-select field type

## Color

Each type can be assigned a color, which will be used for color-coding on metrics graphs.

<Note>
  Rootly uses **color-hex codes**. E.g. #000000 is black, #ffffff is white. Use [this page](https://www.color-hex.com/) to help you find the exact hex code for the color you want.
</Note>

The following Liquid syntax will allow you to list out the type *color*(s) that are selected for an incident:

`{{ incident.raw_types | get: 'color'}}`for select field type

`{{ incident.raw_types[index] | get: 'color' }}` for multi-select field type

## Slack Channels

Each type can be linked to one or more Slack channels. By default, Rootly does not notify the linked channel(s) when a type is selected for an incident. Notification needs to be explicitly called out as Attached Types Channels in workflow configurations.

Systematically, each Slack channel is stored as an object containing an id and name.

The following Liquid syntax will allow you to list out the type *Slack Channel*(s) that are selected for an incident:

`{{ incident.raw_types | get: 'slack_channels'}}`for select field type

`{{ incident.raw_types[index] | get: 'slack_channels' }}` for multi-select field type

## Slack Aliases

Each type can be linked to one or more Slack user groups (aka aliases). By default, Rootly does not invite users in the linked user group(s) when a type is selected for an incident. Invitations need to be explicitly called out as Attached Types Aliases in workflow configurations.

The following Liquid syntax will allow you to list out the type *Slack Alias*(es) that are selected for an incident:

`{{ incident.raw_types | get: 'slack_aliases'}}`for select field type

`{{ incident.raw_types[index] | get: 'slack_aliases' }}` for multi-select field type

## Notify Emails

Each type can be linked to one or more emails. By default, Rootly does not send emails to the linked address(es) when a type is selected for an incident. Notification needs to be explicitly called out as `{{ incident.raw_types | map: 'notify_emails' | flatten | join: ',' }}` in workflow configurations.

The following Liquid syntax will allow you to list out the type *Notify Email*(s) that are selected for an incident:

`{{ incident.raw_types | get: 'notify_emails'}}`for select field type

`{{ incident.raw_types[index] | get: 'notify_emails' }}` for multi-select field type


# Kubernetes
Source: https://docs.rootly.com/configuration/kubernetes

Configure Kubernetes integration to monitor cluster resources and automatically generate pulses from pod, deployment, and service changes.

Kubernetes integration can watch different resources and create pulses:

<Frame>
  <img alt="Kubernetes integration" />
</Frame>

Ready to configure Kubernetes integration ? [https://docs.rootly.com/integrations/kubernetes](/integrations/kubernetes)


# Overview
Source: https://docs.rootly.com/configuration/playbooks

Create and manage response playbooks that automatically attach to incidents based on conditions like severity, service, or team to guide resolution efforts.

## Overview

Playbooks are a great way to create a document that can help speed incident resolution. We can see them as a collection of simple instructions to empower someone to resolve a particular incident (even if they have minimal experience).

Playbooks are **automatically attached** to incidents when they **match a configured condition** (for example: severity, service, functionality, team impacted ). You can see these fields in the screenshot below. If you have Playbooks or supported documentation hosted internally, you can link to them in the "External URL" field and provide detailed instructions in the content field.

<Frame>
  <img alt="Document image" />
</Frame>

<Frame>
  <img alt="Document image" />
</Frame>

On the above example, the **Database outage playbook** will be attached to any incident with the **SEV2 severity or the** **customers-postgresql-db** **microservices.** Please note that this is all OR logic currently, meaning this playbook will be attached to an incident that has just one of those matching condition, such as SEV2 severity for example.

Additionally, at the bottom of the Playbook details page you have the ability to append any relevant tasking that needs to be done during the incident.

<Frame>
  <img alt="Document image" />
</Frame>

Playbooks are a great way to prevent a single person from becoming the de facto expert on how to resolve a particular problem. We don't want one person on the team to be the only one to know how to bring a critical system back online.


# Public And Private Status Pages
Source: https://docs.rootly.com/configuration/public-and-private-status-pages

Configure public status pages for customer communication and private status pages for internal team updates during incidents and maintenance.

Rootly has two types of status pages available: public status pages and private status pages. Both can be used to communicate relevant information about ongoing or past incidents and the status of incidents and services.

<img alt="Clean Shot2025 05 28at15 57 25@2x Pn" />

By default, you will have a public and private status page to customize and configure. You can add additional pages from the Status Page section in Rootly.

<AccordionGroup>
  <Accordion title="Private Status Pages" icon="sparkles">
    Private status pages can only be accessed by Rootly users. These are great for communicating important incidents and service statuses to your internal teams.

    Users must be logged in to Rootly to access this page.
  </Accordion>

  <Accordion title="Public Status Pages" icon="sparkles">
    Public status pages can be accessed by anyone who has access to the status page's URL. These are the perfect option to communicate incident updates and service statuses to your external stakeholders, like customers or partners.
  </Accordion>
</AccordionGroup>


# Publishing Incidents via Slack
Source: https://docs.rootly.com/configuration/publishing-incidents-via-slack

Publish incidents to public status pages directly from Slack using slash commands to quickly communicate outages, updates, and resolutions to customers.

### Publishing Incidents to a Status Page Using Slack

In addition to using the web interface for publishing incidents to status pages, you can also accomplish the same thing without leaving Slack.

To publish an incident using Slack, do the following:

From Slack, navigate to the Slack channel specific to that incident, and type the command:

**/rootly statuspage**

<Frame>
  <img alt="Publish an incident using Slack" />
</Frame>

A dialog will be presented for you to choose the appropriate status pages where you want the incident published.

This will also be your chance to add a useful title and description your external users can better understand. Add the appropriate information in the title and event fields.

Select a status for the incident, and then click **Publish**.


# Publishing Incidents via Web UI
Source: https://docs.rootly.com/configuration/publishing-incidents-via-web-ui

Manually review and publish incident updates to status pages through Rootly's web interface to ensure accurate customer communication.

Incidents associated with services or functionalities attached to your status pages are not automatically published. Your incident teams need to craft and publish an update of the incident to your status page. This ensures that your teams are reviewing the update and ensuring all relevant information is included in the update.

<img alt="Clean Shot2025 05 28at14 57 25@2x Pn" />

## **Publishing incidents**

To publish an incident on a status page in Rootly's Web UI:

1. On the incident's details page, navigate to the **Status Page** tab.
2. Click 'Publish Incident', and fill out the form to write your incident update.
3. Use any templates provided to help craft and standardize your message.
4. Once you've provided all the details, the incident will be published to the status page.

<img alt="Clean Shot2025 05 28at14 58 05@2x Pn" />

Any Service attached to the incident that is also a component of that status page will be automatically updated to show that it is currently **Affected** by an incident. Once the status page is updated to indicate that the incident is resolved, the service will be updated to **Operational**.

## **Updating incidents**

As your incident progresses, you'll need to continually communicate progress to your customers and stakeholders via the status page. You can do so from the same tab in your incident's detail page.

1. Click 'Add to status page' and fill out the necessary information.
2. Rootly will pre-fill the title based on the previous update that was published to the status page.

## **Resolving incidents**

Once your incident has been resolved, publish your final update to the status page using the same flow above. Make sure to update the status in this form to 'Resolved' so that your stakeholders know the issue has been resolved, and all impacted services will return to operational.


# Overview
Source: https://docs.rootly.com/configuration/pulses

Configure and manage pulses to track service changes like deployments, builds, and configuration updates that provide critical context during incident response.

## Overview

Pulses represent service changes such as deploys, build completion, configuration updates, etc., providing contextual information that is critical during incident triage or hypercare.

They can be sent via specific integrations or our cli, and they do not create alerts, incidents or notifications.

## API

You can create pulses through our API directly with curl for example:

```bash Linux theme={null}
curl --header "Content-Type: application/json" \
-H "Authorization: Bearer <your token>" \
--data '{"data": { "attributes": { "summary": "Something changed!" } } }' -X POST https://api.rootly.com/v1/pulses
```

## CLI

You can create pulses through our CLI directly: [https://github.com/rootlyhq/cli](https://github.com/rootlyhq/cli "https://github.com/rootlyhq/cli")

```bash Linux theme={null}
rootly pulse --api-key "ABC123" --environments "staging, production" --services "elasticsearch-staging, elasticsearch-prod" Hello World!
```

Or run a command

```bash Linux theme={null}
rootly pulse-run --api-key ABC123 --environments "production" --labels "version=2, attempt=1" --summary "Deploy Website" sh deploy.sh
```


# Services
Source: https://docs.rootly.com/configuration/services

Configure services to identify impacted components during incidents, manage responders, and integrate with status pages and external tools.

# Overview

*Service* allows you to specify the impacted component during an incident. This can help you with identifying which responders to bring in, which on-call to page, which customers to inform, etc. Individual services can be mapped to your status pages.

<Frame>
  <img alt="Clean Shot2026 03 30at20 26 56@2x" />
</Frame>

# Adding Services in Rootly

To add a new Service via the Rootly Web UI, navigate to **Configuration > Services** then click **New Service**.

Assign your new Service with a description Title and Description to help the rest of your team know what the Service represents.

# Editing Services

Services are made up of a number of properties. Each property can be referenced via Liquid syntax and can be set in the Rootly Web UI, [API](https://docs.rootly.com/api-reference/services/list-services), or [imported from Opsgenie and PagerDuty](https://docs.rootly.com/configuration/services#import-services). This section outlines how to edit the Services in the Rootly Web UI.

<Frame>
  <img alt="Clean Shot2026 03 30at20 29 36@2x" />
</Frame>

## Adding properties

While Services in Rootly comes with built-in properties, additional properties can be added. This allows you to build automations and workflows for your incident response processes using this information: for example, quickly identifying the customer impact of an incident based on the related service.

To add custom properties, open **Services**, click **Edit catalog**, and click **Add Property**. You can choose from several property types, including text, boolean, and importantly references to other Catalogs.

For each Service, you'll be able to find the values of these properties in the **Custom Properties** tab.

## Basics

Configure the basic details of your Service here.

<AccordionGroup>
  <Accordion title="ID">
    This is the unique identifier of the service. This field **cannot be customized**. Rootly will auto assign the *ID* upon creation. It is typically used in Liquid references and API calls.

    The following Liquid syntax will allow you to list out the service *ID*(s) that are selected for an incident:

    `{{ incident.services }}`

    OR

    `{{ incident.raw_services | get: 'id'}}` for select field type

    `{{ incident.raw_services[index] | get: 'id' }}` for multi-select field type
  </Accordion>

  <Accordion title="Name">
    This is the value that is displayed on the UI for the service. This field is customizable.

    The following Liquid syntax will allow you to list out the service *name*(s) that are selected for an incident:

    `{{ incident.services }}`

    OR

    `{{ incident.raw_services | get: 'name'}}` for select field type

    `{{ incident.raw_services[index] | get: 'name' }}` for multi-select field type
  </Accordion>

  <Accordion title="Description">
    This value is displayed on the UI to further explain each service. This field is customizable.

    The following Liquid syntax will allow you to list out the service *description*(s) that are selected for an incident:

    `{{ incident.raw_services | get: 'description'}}` for select field type

    `{{ incident.raw_services[index] | get: 'description' }}` for multi-select field type
  </Accordion>

  <Accordion title="Owning Team">
    Clear team ownership helps identify service owners and dependencies during incidents. The Owning Team's admins will be able to make changes to the Service.
  </Accordion>

  <Accordion title="Related Services">
    Add any services that may be related or affected by this service. This is for reference only and won't have any actual impact.
  </Accordion>

  <Accordion title="Color">
    Each service can be assigned a color, which will be used for color-coding on metrics graphs.

    <Note>
      Rootly uses **color-hex codes**. E.g. #000000 is black, #ffffff is white. Use [this page](https://www.color-hex.com/) to help you find the exact hex code for the color you want.
    </Note>

    The following Liquid syntax will allow you to list out the service *color*(s) that are selected for an incident:

    `{{ incident.raw_services | get: 'color'}}` for select field type

    `{{ incident.raw_services[index] | get: 'color' }}` for multi-select field type
  </Accordion>
</AccordionGroup>

## On-Call

Configure what happens when this Service is paged in Rootly On-Call. When this Service is paged either manually by a user, or through an Alert Source, the Escalation Policy selected here will fire.

## Channels

Configure the Channels section to reference the Service's related Slack properties. These Slack properties (like Slack Channel and User Group) can be used in Rootly's Workflows to build powerful Slack automations off of the Service.

<AccordionGroup>
  <Accordion title="Slack Channels">
    Each service can be linked to one or more Slack channels. By default, Rootly does not notify the linked channel(s) when a service is selected for an incident. Notification needs to be explicitly called out as Attached Service Channels in workflow configurations.

    Systematically, each Slack channel is stored as an object containing an id and name.

    The following Liquid syntax will allow you to list out the service *Slack Channel*(s) that are selected for an incident:

    `{{ incident.raw_services | get: 'slack_channels'}}` for select field type

    `{{ incident.raw_services[index] | get: 'slack_channels' }}` for multi-select field type
  </Accordion>

  <Accordion title="Slack User Group">
    Each service can be linked to one or more Slack user groups (aka aliases). By default, Rootly does not invite users in the linked user group(s) when a service is selected for an incident. Invitations need to be explicitly called out as Attached Service Aliases in workflow configurations.

    The following Liquid syntax will allow you to list out the service *Slack Alias*(es) that are selected for an incident:

    `{{ incident.raw_services | get: 'slack_aliases'}}` for select field type

    `{{ incident.raw_services[index] | get: 'slack_aliases' }}` for multi-select field type
  </Accordion>

  <Accordion title="Emails">
    Each service can be linked to one or more emails. By default, Rootly does not send emails to the linked address(es) when a service is selected for an incident. Notification needs to be explicitly called out as `{{ incident.raw_services | map: 'notify_emails' | flatten | join: ',' }}` in workflow configurations.

    The following Liquid syntax will allow you to list out the service *Notify Email*(s) that are selected for an incident:

    `{{ incident.raw_services | get: 'notify_emails'}}` for select field type

    `{{ incident.raw_services[index] | get: 'notify_emails' }}` for multi-select field type
  </Accordion>
</AccordionGroup>

You can also set up default broadcast channels for when the service is either paged, or added to an incident on this page.

Toggle **Set up a default Alerts Channel** On when you want Rootly to automatically post an update to Slack when the service is paged. Toggle **Set up a default Incidents Channel** when you want to post once the service has been added to an incident.

<img alt="Clean Shot2025 08 21at12 23 40@2x Pn" />

# Services in Fields

*Service* can be customized to be either a **select** or **multi-select** field type. This means you can configure it to allow only one service value to be selected per incident or allow multiple service values to be selected for a single incident.

<Frame>
  <img alt="Document image" />
</Frame>

<Note>
  Since the service field can be either a **select** or **multi-select** field type, the Liquid syntax to reference each field type will differ.

  Select will follow a single-value syntax

  `{{incident.raw_services | get: '<attribute>'}}`

  Multi-select will follow an array syntax. Where i references the specific service object in the list of services.

  `{{incident.raw_services[index] | get: '<attribute>'}}`
</Note>

# Import Services

Instead of creating services from scratch, Rootly allows you to import services from **PagerDuty** or **Opsgenie**. Imported services will be automatically kept in sync on a daily basis.

<Note>
  The ability to import teams will only become available once you have PagerDuty or Opsgenie installed on the [integrations page](https://rootly.com/account/integrations).
</Note>

The following Liquid syntax will allow you to list out the corresponding ids from each of the external paging applications:

**PagerDuty**

`{{ incident.raw_services | get: 'pagerduty_id' }}` for select field type

`{{ incident.raw_services\[0\] | get: 'pagerduty_id' }}`for multi-select field type

**Opsgenie**

`{{ incident.raw_services | get: 'opsgenie_id' }}` for select field type

`{{ incident.raw_services\[0\] | get: 'opsgenie_id' }}`for multi-select field type


# Severities
Source: https://docs.rootly.com/configuration/severities

Learn how to configure severity levels to categorize incident impact and prioritize response efforts with customizable attributes and integrations.

## Overview

**Severity** helps you categorize the impact level of incidents. SEV0 incidents should be handled with priority over SEV3 incidents.

<Frame>
  <img alt="Document image" />
</Frame>

## Field Type

**Severity** is strictly a **select** field type. This means only one severity value can be assigned per incident.

## Attributes

**Severities** can be configured with the following attributes. Each severity attribute can be referenced via Liquid syntax.

### ID

This is the unique identifier of the severity. This field **cannot be customized**. Rootly will automatically assign the *ID* upon creation. It is typically used in Liquid references and API calls.

The following Liquid syntax will allow you to retrieve the severity *ID* that is selected for an incident:

`{{ incident.severity_id }}`

**OR**

`{{ incident.raw_severity | get: 'id'}}`

### Name

This is the value that is displayed on the UI for the severity. This field is customizable.

The following Liquid syntax will allow you to retrieve the severity *name* that is selected for an incident:

`{{ incident.severity }}`

**OR**

`{{ incident.raw_severity | get: 'name'}}`

### Slug

This is the string that is used to reference the severity in Liquid references. This field is automatically generated by lower-casing and hyphenating the severity *name*.

The following Liquid syntax will allow you to retrieve the severity *slug* that is selected for an incident:

`{{ incident.severity_slug }}`

**OR**

`{{ incident.raw_severity | get: 'slug'}}`

### Description

This value is displayed on the UI to further explain each severity. This field is customizable.

The following Liquid syntax will allow you to retrieve the severity *description* that is selected for an incident:

`{{ incident.raw_severity | get: 'description'}}`

### Color

Each severity can be assigned a color, which will be used for color-coding on metrics graphs.

<Note>
  Rootly uses **color-hex codes**. E.g. #000000 is black, #ffffff is white. Use [this page](https://www.color-hex.com/) to help you find the exact hex code for the color you want.
</Note>

The following Liquid syntax will allow you to retrieve the severity *color* that is selected for an incident:

`{{ incident.raw_severity | get: 'color'}}`

### Slack Channels

Each severity can be linked to one or more Slack channels. By default, Rootly does not notify the linked channel(s) when a severity is selected for an incident. Notification needs to be explicitly called out as Attached Severity Channels in workflow configurations.

Systematically, each Slack channel is stored as an object containing an ID and name.

The following Liquid syntax will allow you to list out the severity *Slack Channel*(s) that are selected for an incident:

`{{ incident.raw_severity | get: 'slack_channels'}}`

### Slack Aliases

Each severity can be linked to one or more Slack user groups (aka aliases). By default, Rootly does not invite users in the linked user group(s) when a severity is selected for an incident. Invitations need to be explicitly called out as Attached Severity Aliases in workflow configurations.

The following Liquid syntax will allow you to list out the severity *Slack Alias*(es) that are selected for an incident:

`{{ incident.raw_severity | get: 'slack_aliases'}}`

### Notify Emails

Each severity can be linked to one or more emails. By default, Rootly does not send emails to the linked address(es) when a severity is selected for an incident. Notification needs to be explicitly called out as `{{ incident.raw_severity | map: 'notify_emails' | flatten | join: ',' }}` in workflow configurations.

The following Liquid syntax will allow you to list out the severity *Notify Email*(s) that are selected for an incident:

`{{ incident.raw_severity | get: 'notify_emails'}}`


# Authentication Methods
Source: https://docs.rootly.com/configuration/status-page-authentication-methods

Configure authentication for public Rootly status pages to control viewer access using password protection or SAML-based single sign-on.

## Overview

Rootly provides multiple authentication methods to secure access to your public status pages. You can choose from no authentication, password protection, or enterprise-grade SAML authentication depending on your security requirements.

Authentication is only available for **public status pages**. Private status pages require users to be logged in to Rootly by default.

## Authentication Methods

<AccordionGroup>
  <Accordion title="No Authentication" icon="unlock">
    Your status page is publicly accessible to anyone with the URL. This is the default setting and is suitable for:

    * Public-facing service status pages
    * External customer communications
    * Maximum visibility during incidents
  </Accordion>

  <Accordion title="Password Authentication" icon="key">
    Protect your status page with a shared password. Anyone with the password can access the page.

    **Best for:**

    * Partner or vendor portals
    * Limited external stakeholder access
    * Quick setup without SSO infrastructure

    **How to configure:**

    1. Navigate to your status page settings
    2. Go to the **Authentication** tab
    3. Select "Password" as the authentication method
    4. Enter your desired password
    5. Save the changes

    Share the password securely with stakeholders who need access.
  </Accordion>

  <Accordion title="SAML Authentication" icon="shield-check">
    Enterprise-grade single sign-on using SAML 2.0 protocol. Users authenticate through your identity provider (IdP) without needing separate credentials.

    **Best for:**

    * Enterprise customers with existing SSO infrastructure
    * Compliance requirements (SOC 2, ISO 27001)
    * Centralized access control and audit logs
    * Multiple status pages with different IdP configurations

    **Supported features:**

    * SAML 2.0 authentication flow
    * Single Logout (SLO)
    * Per-status-page IdP configuration
    * X.509 certificate validation
    * Multiple name identifier formats
  </Accordion>
</AccordionGroup>

## Configuring SAML Authentication

### Prerequisites

Before configuring SAML authentication, you'll need:

* Access to your Identity Provider (IdP) admin console (e.g., Okta, Azure AD, Google Workspace)
* Your IdP's SSO Service URL
* Your IdP's X.509 certificate
* Permissions to create SAML applications in your IdP

### Step 1: Enable SAML in Rootly

1. Navigate to your status page settings
2. Select the **Authentication** tab
3. Choose "SAML" as the authentication method

### Step 2: Configure Your Identity Provider

You'll need to create a new SAML application in your IdP with the following information from Rootly:

**Service Provider (SP) Details:**

| Field                        | Description                            | Example                                    |
| ---------------------------- | -------------------------------------- | ------------------------------------------ |
| **Entity ID / Audience URL** | Unique identifier for your status page | `https://status.company.com/saml/metadata` |
| **ACS URL / Callback URL**   | Where SAML responses are sent          | `https://status.company.com/saml/consume`  |
| **Metadata URL**             | Complete SP metadata (optional)        | `https://status.company.com/saml/metadata` |

<Info>
  These URLs are automatically generated after you save your status page and will be displayed in the Authentication tab for easy copying.
</Info>

### Step 3: Configure SAML Settings in Rootly

Enter the following information from your Identity Provider:

<ParamField type="string">
  The SAML authentication endpoint provided by your IdP

  **Example:** `https://your-company.okta.com/app/abc123/sso/saml`
</ParamField>

<ParamField type="string">
  The X.509 certificate from your IdP for validating SAML responses. Paste the full certificate including the BEGIN/END lines.

  ```
  -----BEGIN CERTIFICATE-----
  MIIDpDCCAoygAwIBAgIGAXoTpGkZMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQG
  ...
  -----END CERTIFICATE-----
  ```
</ParamField>

<ParamField type="select">
  The format for user identification in SAML assertions

  **Options:**

  * Email Address (default)
  * Unspecified
  * Persistent
  * Transient
</ParamField>

<ParamField type="string">
  Optional endpoint for SAML Single Logout functionality

  **Example:** `https://your-company.okta.com/app/abc123/slo/saml`
</ParamField>

### Step 4: Test Authentication

1. Save your SAML configuration
2. Open your status page URL in a private/incognito browser window
3. Click the sign-in option
4. You should be redirected to your IdP for authentication
5. After successful authentication, you'll be redirected back to the status page

## Common Identity Provider Guides

<CardGroup>
  <Card title="Okta" icon="circle-nodes">
    Configure SAML with Okta using the Entity ID, ACS URL, and download the certificate from your Okta application settings.
  </Card>

  <Card title="Azure AD" icon="microsoft">
    Use Azure AD Enterprise Applications to create a custom SAML app. Copy the Login URL and certificate from the SAML Signing Certificate section.
  </Card>

  <Card title="Google Workspace" icon="google">
    Configure a custom SAML app in the Google Admin console. Use the SSO URL and download the IDP certificate.
  </Card>

  <Card title="OneLogin" icon="id-card">
    Create a SAML application in OneLogin and configure the ACS URL. Download the X.509 certificate from the SSO tab.
  </Card>
</CardGroup>

## Security Considerations

<Warning>
  **Certificate Management:** SAML certificates have expiration dates. Monitor your certificate expiration and update it in Rootly before it expires to prevent authentication failures.
</Warning>

Rootly's SAML implementation includes:

* **X.509 Certificate Validation** - All SAML responses are verified using your IdP's certificate
* **Signature Verification** - Protects against tampering and man-in-the-middle attacks
* **Replay Attack Protection** - SAML assertions are validated for freshness
* **Audit Logging** - All authentication attempts are logged for compliance
* **Secure Session Management** - Encrypted cookies with automatic expiration

## Troubleshooting

### "Invalid SAML Response" Error

* Verify your IdP certificate is correctly formatted with BEGIN/END lines
* Check that the certificate hasn't expired
* Ensure the ACS URL in your IdP matches exactly (including https\://)

### "Authentication Failed" Error

* Confirm the SSO Service URL is correct
* Check that the SAML application is assigned to the correct users in your IdP
* Verify the Name Identifier Format matches your IdP configuration

### Users Cannot Access After Authentication

* Ensure the status page authentication method is set to "SAML"
* Check that your IdP is sending the SAML response to the correct ACS URL
* Verify there are no network/firewall restrictions blocking the SAML flow

### Certificate Expiration

If your SAML certificate expires:

1. Download the new certificate from your IdP
2. Navigate to your status page Authentication settings
3. Update the IdP Certificate field with the new certificate
4. Save the changes

<Tip>
  Set a calendar reminder 30 days before your certificate expiration date to ensure uninterrupted access.
</Tip>

## Switching Authentication Methods

You can change authentication methods at any time:

1. Navigate to your status page settings
2. Go to the **Authentication** tab
3. Select a different authentication method
4. Configure any required fields
5. Save your changes

<Warning>
  Changing from SAML or Password to "No Authentication" will make your status page publicly accessible immediately.
</Warning>

## API Configuration

Authentication methods can also be configured via the Rootly API:

```json theme={null}
PATCH /v1/status_pages/:id
{
  "authentication_method": "saml",
  "saml_idp_sso_service_url": "https://your-idp.com/sso/saml",
  "saml_idp_cert": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
  "saml_name_identifier_format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
}
```

See the [Rootly API documentation](/api-reference/overview) for complete details.

## Related Resources

<Card title="Public and Private Status Pages" icon="eye" href="/configuration/public-and-private-status-pages">
  Learn about the differences between public and private status pages
</Card>

<Card title="Status Page Overview" icon="signal-bars" href="/configuration/status-pages">
  Get started with creating and managing status pages
</Card>


# Status Page Public API
Source: https://docs.rootly.com/configuration/status-page-public-api

Access status and incident information programmatically through public JSON API endpoints exposed on your status page custom domain.

## Overview

Rootly exposes a public JSON API on your status page's custom domain, allowing you to programmatically retrieve current status and incident data. These endpoints are available at your custom domain (e.g., `status.example.com`) and respect your status page's existing authentication settings — password-protected and SAML-protected pages are not exposed.

<Info>
  These endpoints are only available on status pages with a [custom domain](/configuration/custom-domain-names-for-status-pages) configured.
</Info>

## Endpoints

### Get Current Status

Returns the overall status of your services along with any active incidents.

```
GET /api/v1/status.json
```

**Response**

```json theme={null}
{
  "page": {
    "name": "Acme Status",
    "url": "https://status.example.com",
    "time_zone": "America/Los_Angeles",
    "updated_at": "2026-03-19T12:00:00Z"
  },
  "status": {
    "indicator": "none",
    "description": "All Systems Operational"
  },
  "incidents": []
}
```

The `status.indicator` field can be one of:

| Indicator     | Description                                      |
| ------------- | ------------------------------------------------ |
| `none`        | All systems operational                          |
| `minor`       | Minor service outage or degraded performance     |
| `major`       | Major service outage or critical incident active |
| `maintenance` | Scheduled maintenance in progress                |

### List Incidents

Returns a paginated list of active incidents, ordered by most recent first.

```
GET /api/v1/incidents.json
```

**Query Parameters**

| Parameter  | Type    | Default | Description                            |
| ---------- | ------- | ------- | -------------------------------------- |
| `page`     | integer | 1       | Page number                            |
| `per_page` | integer | 25      | Number of incidents per page (max 100) |

**Response**

```json theme={null}
{
  "page": {
    "name": "Acme Status",
    "url": "https://status.example.com",
    "time_zone": "America/Los_Angeles",
    "updated_at": "2026-03-19T12:00:00Z"
  },
  "incidents": [
    {
      "name": "API Degradation",
      "status": "started",
      "impact": "minor",
      "started_at": "2026-03-19T10:30:00Z",
      "resolved_at": null,
      "url": "https://status.example.com/incidents/abc123",
      "incident_updates": [
        {
          "body": "We are investigating reports of elevated API latency.",
          "status": "investigating",
          "created_at": "2026-03-19T10:35:00Z"
        }
      ]
    }
  ],
  "pagination": {
    "current_page": 1,
    "per_page": 25,
    "total_pages": 1,
    "total_count": 1
  }
}
```

## Incident Impact Levels

The `impact` field on each incident maps from the incident's severity:

| Severity | Impact     |
| -------- | ---------- |
| Critical | `critical` |
| High     | `major`    |
| Medium   | `minor`    |
| Low      | `minor`    |
| None     | `none`     |

## Authentication

These API endpoints respect the same authentication settings as your status page:

* **Public status pages**: Endpoints are accessible without authentication
* **Password-protected pages**: Endpoints require the same password
* **SAML-protected pages**: Endpoints require SAML authentication

## Example Usage

```bash theme={null}
# Get current status
curl https://status.example.com/api/v1/status.json

# List incidents with pagination
curl "https://status.example.com/api/v1/incidents.json?page=1&per_page=10"
```


# Overview
Source: https://docs.rootly.com/configuration/status-pages

Create and manage status pages to communicate service health and incident information to internal stakeholders and external customers in real-time.

## What's a Status Page?

Status pages allow you to quickly communicate information about the health of your services and applications to internal stakeholders and external customers.

This helps save time for team members who might be actively involved in responding to an incident, or customer support staff who need to direct end users to a centralized place for live updates about your organization.

<img alt="Clean Shot2025 05 28at15 29 26@2x Pn" />

It only takes about a minute to set up a status page, so we encourage you to do this soon after you've [signed up](/quick-start-guide).


# Teams
Source: https://docs.rootly.com/configuration/teams

Configure team attributes in Rootly including Slack channels, user groups, escalation policies, on-call schedules, and imports from PagerDuty or Opsgenie.

## Overview

Teams in Rootly let you organize your on-call and incident response processes around your organization's teams. Teams can be paged, assigned to an incident, and be used to build powerful workflow automations.

This section outlines how Teams can be used as an attribute in your incident response processes. Learn more about building and managing your Teams in the Rootly Admin [here](/managing-teams/managing-teams).

<Frame>
  <img alt="Document image" />
</Frame>

## Field Type

**Teams** can be customized to be either a **select** or **multi-select** field type. This means you can configure it to allow only one team value to be selected per incident or allow multiple team values to be selected for a single incident.

<Frame>
  <img alt="Document image" />
</Frame>

## Attributes

**Teams** can be configured with the following attributes. Each team attribute can be referenced via Liquid syntax.

<Note>
  *Team* originally was called *group*. Hence all data values you see references groups. Due to the risk of changing data values, we have elected to keep referencing teams as groups from a data point of view.

  From a UI display point of view, you will see the term "*teams*" being used.
</Note>

<Note>
  Since the *team* field can be either a **select** or **multi-select** field type, the Liquid syntax to reference each field type will differ.

  Select will follow a single-value syntax

  `{{incident.raw_groups | get: '<attribute>'}}`

  Multi-select will follow an array syntax. Where i references the specific team object in the list of teams.

  `{{incident.raw_groups[index] | get: '<attribute>'}}`
</Note>

### ID

This is the unique identifier of the team. This field **cannot be customized**. Rootly will automatically assign the *ID* upon creation. It is typically used in Liquid references and API calls.

The following Liquid syntax will allow you to list out the team *ID*(s) that are selected for an incident:

`{{ incident.group_ids }}`

**OR**

* `{{ incident.raw_groups | get: 'id'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'id' }}` for multi-select field type

### Name

This is the value that is displayed on the UI for the team. This field is customizable.

The following Liquid syntax will allow you to list out the team *name*(s) that are selected for an incident:

`{{ incident.groups }}`

**OR**

* `{{ incident.raw_groups | get: 'name'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'name' }}` for multi-select field type

### Slug

This is the string that is used to reference the team in Liquid references. This field is automatically generated by lower-casing and hyphenating the team *name*.

The following Liquid syntax will allow you to list out the team *slug*(s) that are selected for an incident:

`{{ incident.group_slugs }}`

**OR**

* `{{ incident.raw_groups | get: 'slug'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'slug' }}` for multi-select field type

### Description

This value is displayed on the UI to further explain each team. This field is customizable.

The following Liquid syntax will allow you to list out the team *description*(s) that are selected for an incident:

* `{{ incident.raw_groups | get: 'description'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'description' }}` for multi-select field type

### Color

Each team can be assigned a color, which will be used for color-coding on metrics graphs.

<Note>
  Rootly uses **color-hex codes**. E.g. #000000 is black, #ffffff is white. Use [this page](https://www.color-hex.com/) to help you find the exact hex code for the color you want.
</Note>

The following Liquid syntax will allow you to list out the team *color*(s) that are selected for an incident:

* `{{ incident.raw_groups | get: 'color'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'color' }}` for multi-select field type

### Slack Channels

Each team can be linked to one or more Slack channels. By default, Rootly does not notify the linked channel(s) when a team is selected for an incident. Notification needs to be explicitly called out as Attached Teams Channels in workflow configurations.

Systematically, each Slack channel is stored as an object containing an ID and name.

The following Liquid syntax will allow you to list out the team *Slack Channel*(s) that are selected for an incident:

* `{{ incident.raw_groups | get: 'slack_channels'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'slack_channels' }}` for multi-select field type

### Slack Aliases

Each team can be linked to one or more Slack user groups (aka aliases). By default, Rootly does not invite users in the linked user group(s) when a team is selected for an incident. Invitations need to be explicitly called out as Attached Teams Aliases in workflow configurations.

The following Liquid syntax will allow you to list out the team *Slack Alias*(es) that are selected for an incident:

* `{{ incident.raw_groups | get: 'slack_aliases'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'slack_aliases' }}` for multi-select field type

### Notify Emails

Each team can be linked to one or more emails. By default, Rootly does not send emails to the linked address(es) when a team is selected for an incident. Notification needs to be explicitly called out as `{{ incident.raw_groups | map: 'notify_emails' | flatten | join: ',' }}` in workflow configurations.

The following Liquid syntax will allow you to list out the team *Notify Email*(s) that are selected for an incident:

* `{{ incident.raw_groups | get: 'notify_emails'}}` for select field type
* `{{ incident.raw_groups[index] | get: 'notify_emails' }}` for multi-select field type

## Import Teams

Instead of creating teams from scratch, Rootly allows you to import teams from **PagerDuty**, **Opsgenie**, **VictorOps**, or **PagerTree**. Imported teams will be automatically kept in sync on a daily basis.

<Note>
  The ability to import teams will only become available once you have PagerDuty, Opsgenie, VictorOps, or PagerTree installed on the [integrations page](https://rootly.com/account/integrations).
</Note>

The following Liquid syntax will allow you to list out the corresponding IDs from each of the external paging applications:

**PagerDuty**

* `{{ incident.raw_groups | get: 'pagerduty_id' }}` for select field type
* `{{ incident.raw_groups\[0\] | get: 'pagerduty_id' }}` for multi-select field type

**Opsgenie**

* `{{ incident.raw_groups | get: 'opsgenie_id' }}` for select field type
* `{{ incident.raw_groups\[0\] | get: 'opsgenie_id' }}` for multi-select field type

**VictorOps**

* `{{ incident.raw_groups | get: 'victor_ops_id' }}` for select field type
* `{{ incident.raw_groups\[0\] | get: 'victor_ops_id' }}` for multi-select field type

**PagerTree**

* `{{ incident.raw_groups | get: 'pagertree_id' }}` for select field type
* `{{ incident.raw_groups\[0\] | get: 'pagertree_id' }}` for multi-select field type


# Outgoing Webhooks
Source: https://docs.rootly.com/configuration/webhooks

Send real-time event notifications from Rootly to any external HTTP endpoint as incidents, alerts, pulses, and workflows progress through their lifecycles.

## Overview

Outgoing webhooks let you push Rootly events to any system that accepts HTTP POST requests — a custom internal tool, a data pipeline, an audit log, or a third-party service that does not have a native Rootly integration.

Each webhook endpoint you configure receives a JSON payload for the event types you subscribe it to. Rootly signs every delivery so your server can verify the payload came from Rootly.

## Create a Webhook Endpoint

<Steps>
  <Step title="Navigate to Webhooks">
    Go to **Settings → Webhooks** and click **New Webhook**.
  </Step>

  <Step title="Name and URL">
    Give the endpoint a descriptive name and enter the destination URL. The URL must be publicly reachable and accept HTTPS POST requests.

    <ParamField type="string">
      A label for this endpoint, unique within your team.
    </ParamField>

    <ParamField type="string">
      The HTTPS endpoint that will receive event payloads.
    </ParamField>
  </Step>

  <Step title="Select event types">
    Choose which events this endpoint should receive. If you leave the event types list empty, the endpoint will receive **all** events.

    See [Event Types](#event-types) below for the full list.
  </Step>

  <Step title="Save and copy the secret">
    Click **Save**. Rootly generates a signing secret for this endpoint automatically. Copy it now — it is only shown once. You will use it to verify incoming payloads on your server.

    <Warning>
      The signing secret cannot be retrieved after you leave this page. If you lose it, you can regenerate it from the endpoint's edit form, which will invalidate the old secret immediately.
    </Warning>
  </Step>
</Steps>

***

## Event Types

Subscribe an endpoint to one or more event types. An empty subscription list means the endpoint receives all events.

### Incidents

| Event                | When it fires                      |
| -------------------- | ---------------------------------- |
| `incident.created`   | A new incident is opened           |
| `incident.updated`   | Any field on the incident changes  |
| `incident.in_triage` | Incident moves to In Triage status |
| `incident.mitigated` | Incident is marked as mitigated    |
| `incident.resolved`  | Incident is resolved               |
| `incident.cancelled` | Incident is cancelled              |
| `incident.deleted`   | Incident is deleted                |

### Scheduled Incidents

| Event                            | When it fires                       |
| -------------------------------- | ----------------------------------- |
| `incident.scheduled.created`     | A scheduled incident is created     |
| `incident.scheduled.updated`     | A scheduled incident is updated     |
| `incident.scheduled.in_progress` | A scheduled incident becomes active |
| `incident.scheduled.completed`   | A scheduled incident completes      |
| `incident.scheduled.deleted`     | A scheduled incident is deleted     |

### Retrospectives

| Event                            | When it fires                |
| -------------------------------- | ---------------------------- |
| `incident_post_mortem.created`   | A retrospective is created   |
| `incident_post_mortem.updated`   | A retrospective is updated   |
| `incident_post_mortem.published` | A retrospective is published |
| `incident_post_mortem.deleted`   | A retrospective is deleted   |

### Status Page Events

| Event                                | When it fires                  |
| ------------------------------------ | ------------------------------ |
| `incident_status_page_event.created` | A status page event is created |
| `incident_status_page_event.updated` | A status page event is updated |
| `incident_status_page_event.deleted` | A status page event is deleted |

### Timeline Events

| Event                    | When it fires                            |
| ------------------------ | ---------------------------------------- |
| `incident_event.created` | A timeline event is added to an incident |
| `incident_event.updated` | A timeline event is updated              |
| `incident_event.deleted` | A timeline event is deleted              |

### Alerts and Pulses

| Event           | When it fires                 |
| --------------- | ----------------------------- |
| `alert.created` | An alert is created in Rootly |
| `pulse.created` | A pulse is created            |

### Workflows

| Event                           | When it fires                         |
| ------------------------------- | ------------------------------------- |
| `genius_workflow_run.queued`    | A workflow run is queued              |
| `genius_workflow_run.started`   | A workflow run begins executing       |
| `genius_workflow_run.completed` | A workflow run completes successfully |
| `genius_workflow_run.failed`    | A workflow run fails                  |
| `genius_workflow_run.canceled`  | A workflow run is cancelled           |

For payload examples for the most common event types, see [Event Payloads](/configuration/event-payloads).

***

## Delivery and Retries

Each event triggers a separate HTTP POST to every matching enabled endpoint. Rootly expects a `2xx` response within **10 seconds**. If the delivery fails or times out, Rootly retries automatically on the following schedule:

| Attempt   | Delay after previous failure |
| --------- | ---------------------------- |
| 1st retry | 15 seconds                   |
| 2nd retry | 1 minute                     |
| 3rd retry | 5 minutes                    |

After three failed retries the delivery is abandoned. You can inspect delivery history — including response status codes and response bodies — from the endpoint detail page in **Settings → Webhooks**.

<Note>
  Retries use the same payload as the original attempt. If your endpoint processed the event before returning an error, implement idempotency using the event ID in the payload to avoid duplicate processing.
</Note>

***

## Verifying Webhook Signatures

Every delivery includes an `X-Rootly-Signature` header containing a timestamp and an HMAC-SHA256 signature. Use this to confirm the payload originated from Rootly.

```txt theme={null}
X-Rootly-Signature: t=1492774588,v1=6657a869e8ecebeda32affa62cdca3fa51cad7e77a0e56ff536d0ce8e108d8bd
```

To verify:

1. Extract the timestamp (`t=`) and signature (`v1=`) from the header.
2. Concatenate the timestamp with the raw request body.
3. Compute an HMAC-SHA256 digest of that string using your endpoint's signing secret.
4. Compare the result to the `v1` value. If they match, the payload is authentic.

<CodeGroup>
  ```ruby Ruby theme={null}
  require 'openssl'
  require 'rack'

  header = request.headers['X-Rootly-Signature']
  parts = header.split(',')
  timestamp = parts[0].split('t=').last
  signature = parts[1].split('v1=').last
  secret = 'your_webhook_secret'

  expected = OpenSSL::HMAC.hexdigest('SHA256', secret, timestamp + request.body.read)
  is_valid = Rack::Utils.secure_compare(expected, signature)
  ```

  ```python Python theme={null}
  import hmac
  import hashlib

  header = request.headers['X-Rootly-Signature']
  parts = header.split(',')
  timestamp = parts[0].split('t=')[1]
  signature = parts[1].split('v1=')[1]
  secret = "your_webhook_secret"

  expected = hmac.new(
      key=secret.encode(),
      msg=(timestamp + request.data.decode()).encode(),
      digestmod=hashlib.sha256
  ).hexdigest()

  is_valid = hmac.compare_digest(expected, signature)
  ```

  ```javascript Node.js theme={null}
  const crypto = require('crypto');

  const header = request.headers['x-rootly-signature'];
  const parts = header.split(',');
  const timestamp = parts[0].split('t=')[1];
  const signature = parts[1].split('v1=')[1];
  const secret = "your_webhook_secret";

  // Use the raw request body, not the parsed body.
  // In Express, configure express.raw({ type: 'application/json' }) and use req.body directly,
  // or capture the raw body via a middleware before any JSON parsing.
  const rawBody = request.rawBody; // string or Buffer

  const expected = Buffer.from(
    crypto.createHmac('sha256', secret)
      .update(timestamp + rawBody)
      .digest('hex')
  );
  const received = Buffer.from(signature);
  const isValid = expected.length === received.length &&
    crypto.timingSafeEqual(expected, received);
  ```
</CodeGroup>

<Tip>
  To prevent replay attacks, also check that the timestamp in the header is within a few minutes of the current time before accepting the payload.
</Tip>

***

## Manage Endpoints

From **Settings → Webhooks** you can:

* **Enable or disable** an endpoint without deleting it — disabled endpoints receive no deliveries.
* **Edit** the name, URL, or event subscriptions at any time.
* **View delivery history** for each endpoint, including the HTTP status code and response body for each attempt.
* **Delete** an endpoint to permanently stop deliveries to that URL.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="My endpoint is not receiving events" icon="circle-question">
    Check that the endpoint is **enabled** in **Settings → Webhooks**. Also verify that the event types you expect are included in the endpoint's subscription, or that the subscription list is empty (which receives all events). If the URL requires authentication headers or is behind an IP allowlist, those must be handled at the receiving server — Rootly sends only the `X-Rootly-Signature` header alongside the standard `Content-Type: application/json` header.
  </Accordion>

  <Accordion title="Deliveries are failing with a timeout" icon="circle-exclamation">
    Rootly waits up to 10 seconds for a response. If your endpoint takes longer to process, return a `200` immediately and handle the payload asynchronously. Rootly will retry failed deliveries up to three times before abandoning the delivery.
  </Accordion>

  <Accordion title="I lost my signing secret" icon="key">
    You can regenerate the signing secret from the endpoint's edit form in **Settings → Webhooks**. Regenerating immediately invalidates the old secret, so update your server-side verification logic before regenerating.
  </Accordion>

  <Accordion title="How do I test my endpoint locally?" icon="laptop-code">
    Use a tool like [ngrok](https://ngrok.com) or [localtunnel](https://theboroer.github.io/localtunnel-www/) to expose a local port over a public HTTPS URL, then register that URL as a webhook endpoint in Rootly. Trigger a test event by creating or updating an incident, and inspect the delivery in the endpoint detail view.
  </Accordion>
</AccordionGroup>


# Contacting Support
Source: https://docs.rootly.com/contacting-support

Find all the ways to get help with Rootly, including email support, Slack commands, in-app chat, demo booking, and the customer community.

Do you have a question, a feature request, or a concern? We’re here to help!

You can reach us via email at [support@rootly.com](mailto:support@rootly.com), with the slash command **/rootly support** in Slack, or visit [Getting Help](https://rootly.com/help) to start a chat.

Check our [Status Page](https://status.rootly.com/) for platform status and ongoing incidents.


# Overview
Source: https://docs.rootly.com/edge-connectors

Securely integrate Rootly with internal systems that cannot accept inbound internet connections using outbound-only polling through the Edge Connector.

## Overview

The Rootly Edge Connector is a lightweight agent that enables secure, bidirectional integration between Rootly and internal or on-premises systems that cannot accept inbound internet connections. It uses an outbound-only polling model to listen for events from Rootly and execute local actions in response.

<Info>
  Edge Connectors are ideal for organizations with strict security requirements where opening inbound firewall ports is not permitted or desirable.
</Info>

## Key Benefits

* **Enhanced Security**: No inbound firewall rules required - only outbound HTTPS connections
* **Flexibility**: Execute any script or automation in response to Rootly events
* **Auditability**: Full Git-based configuration and comprehensive execution logs
* **Reliability**: Event queueing with retry logic ensures no missed actions
* **Seamless Integration**: Bridge cloud-based Rootly with on-premises systems

## How It Works

<Frame>
  <img alt="Edge Connector Architecture" />
</Frame>

```mermaid theme={null}
graph TD
    A[Rootly Cloud<br/>rec.rootly.com] -->|HTTPS Outbound Only<br/>Poll every N seconds| B[Corporate Firewall<br/>No inbound ports required]
    B --> C[Rootly Edge Connector]
    C -->|Polls for events| A
    C -->|Executes local scripts| D[Internal Systems]
    C -->|Reports results back| A

    subgraph "Internal Network / On-Premises"
        C
        D[Internal Systems<br/>• Monitoring tools<br/>• ITSM platforms<br/>• Automation scripts]
    end

    style A fill:#8b5cf6,stroke:#7c3aed,stroke-width:2px,color:#fff
    style B fill:#f3f4f6,stroke:#9ca3af,stroke-width:2px
    style C fill:#10b981,stroke:#059669,stroke-width:2px,color:#fff
    style D fill:#3b82f6,stroke:#2563eb,stroke-width:2px,color:#fff
```

### Communication Flow

1. **Polling**: The Edge Connector polls Rootly's API at regular intervals for new events
2. **Event Processing**: When events are received, the connector maps them to configured actions
3. **Execution**: Whitelisted scripts are executed with event context as parameters
4. **Reporting**: Results and logs are sent back to Rootly for visibility and audit

## Security Model

### Why Outbound-Only is More Secure

**Traditional Webhook Approach** (Inbound):

* Requires exposing an endpoint to the internet
* Must configure and maintain TLS termination
* Attack surface for scanning, probing, and DDoS
* Firewall changes and security reviews required

**Edge Connector Approach** (Outbound):

* Only outbound HTTPS (same as normal web browsing)
* No exposed endpoints for attackers to discover
* No firewall changes needed
* Cannot be directly targeted from the internet

### Additional Security Features

* **API Key Scoping**: Create Edge Connector-specific API keys with minimal permissions
* **Script Whitelisting**: Only approved, version-controlled scripts can execute
* **Team-based Authorization**: Map Rootly teams to allowed local actions
* **Audit Trail**: Every action logged with full context (who, what, when)
* **Network Isolation**: Run the connector on a dedicated, isolated host

## Getting Started

### Prerequisites

* Rootly team with Edge Connector feature enabled
* Ability to run a service in your internal network
* API key with Edge Connector permissions

### Request Access

<Note>
  Edge Connector is an enterprise feature that requires enablement by Rootly administrators.
</Note>

To request access:

1. Navigate to **Settings** → **Edge Connectors** in Rootly
2. Click **Request Access**
3. Your team administrators will be notified
4. Contact [sales@rootly.com](mailto:sales@rootly.com) for feature enablement

### Setup Overview

1. **Create an Edge Connector in Rootly**
   * Navigate to Settings → Edge Connectors
   * Click "Create Edge Connector"
   * Configure name and event subscriptions
   * Generate an API key

2. **Install the Edge Connector Agent**
   * See the [Installation & Deployment](/edge-connectors-installation) guide for detailed setup instructions

3. **Configure Actions**
   * See the [Action Configuration](/edge-connectors-actions) guide to define your automations

4. **Monitor and Maintain**
   * View connector status in Rootly dashboard
   * Review execution logs
   * Update scripts as needed

<Info>
  **Quick Links:**

  * [Installation & Deployment](/edge-connectors-installation) - Install and run the Edge Connector
  * [Action Configuration](/edge-connectors-actions) - Define script and HTTP actions
  * [Template Syntax](/edge-connectors-templates) - Use dynamic values in actions
  * [Event Examples](/edge-connectors-event-examples) - See example event payloads
</Info>

## Action Types

Edge Connector actions fall into two categories:

### Automatic Actions

These run automatically in response to system events, without user interaction. Configured in the `on:` section of `actions.yml`.

**Examples:** Auto-restart services when alerts fire, send notifications when incidents are created, collect diagnostics automatically.

### Callable Actions

These are triggered manually by users from the Rootly UI with interactive buttons and forms. Configured in the `callable:` section of `actions.yml`.

**Examples:** Manual service restart, deploy hotfix, scale infrastructure, clear cache on demand.

<Info>
  For a detailed comparison including UI behavior, registration process, and configuration differences, see the [Action Configuration Guide](/edge-connectors-actions#automatic-vs-callable-actions).
</Info>

## Supported Event Types

Edge Connectors support two categories of events:

### Automatic Event Types

These events are triggered automatically by system events and can be subscribed to when configuring your Edge Connector:

**Alert Events:**

* `alert.created` - New alert from monitoring system
* `alert.updated` - Alert properties changed
* `alert.acknowledged` - Alert acknowledged by a user
* `alert.resolved` - Alert marked as resolved
* `alert.deleted` - Alert removed

**Incident Events:**

* `incident.created` - New incident started
* `incident.updated` - Incident properties changed
* `incident.in_triage` - Incident moved to triage status
* `incident.mitigated` - Incident mitigated
* `incident.resolved` - Incident marked resolved
* `incident.cancelled` - Incident cancelled
* `incident.deleted` - Incident deleted

### Manual Trigger Event Types

These events are triggered by user actions and are configured per action:

* `action.triggered` - Standalone action triggered by a user
* `alert.action_triggered` - Action triggered from an alert context
* `incident.action_triggered` - Action triggered from an incident context

<Info>
  You can configure which automatic events your Edge Connector subscribes to when creating or editing it in the Rootly UI. Manual trigger events are configured in your action definitions. For detailed payload examples and templating patterns, see the [Event Examples](/edge-connectors-event-examples) page.
</Info>

## Use Cases

### Automated Remediation

Automatically restart services or run diagnostic scripts when critical alerts are detected. Perfect for known issues that have established remediation procedures.

### Internal System Integration

Create tickets in internal ITSM systems that aren't accessible from the internet. Bridge Rootly with on-premises Jira, ServiceNow, or custom ticketing systems.

### Hybrid Cloud Orchestration

Run Ansible playbooks or other automation tools in response to incident lifecycle events. Trigger infrastructure changes, scaling operations, or deployment rollbacks.

### Diagnostic Collection

Automatically collect logs, metrics, and diagnostics when incidents occur. Gather context automatically to speed up incident investigation.

<Note>
  See the [Action Configuration](/edge-connectors-actions) guide for detailed examples of these use cases with complete action definitions.
</Note>

## Managing Edge Connectors

### Viewing Connector Status

In the Rootly dashboard, you can monitor:

* **Online Status**: Whether the connector is actively polling
* **Last Poll Time**: When the connector last checked for events
* **Events Pending**: Number of events waiting to be processed
* **Recent Executions**: Logs of recently executed actions

### API Key Management

Each Edge Connector requires an API key:

1. Navigate to **Settings** → **API Keys**
2. Create a new key with type **Edge Connector**
3. Associate it with your Edge Connector
4. Store the key securely on your connector host

<Warning>
  API keys should be rotated regularly and stored securely. Never commit API keys to version control.
</Warning>

## Documentation

* **[Installation & Deployment](/edge-connectors-installation)** - Install and configure the Edge Connector in your environment
* **[Action Configuration](/edge-connectors-actions)** - Define script and HTTP actions to automate responses
* **[Template Syntax](/edge-connectors-templates)** - Use Liquid templates for dynamic values in actions
* **[Event Examples](/edge-connectors-event-examples)** - Reference for event payload structures and fields

## Best Practices

**Security:**

* Run the Edge Connector on a dedicated, isolated host
* Store secrets in environment variables, never in configuration files
* Version control all scripts and review through pull requests
* Rotate API keys periodically

**Reliability:**

* Configure appropriate polling intervals (typically 10-30 seconds)
* Set reasonable script timeouts based on expected execution time
* Implement retry logic in your scripts for transient failures
* Monitor connector health and set up downtime alerts

**Configuration:**

* Use descriptive names for connectors and actions
* Document script requirements and dependencies
* Test actions thoroughly before production deployment
* Keep the connector software updated

For detailed troubleshooting, see the [Installation & Deployment](/edge-connectors-installation#troubleshooting) guide.


# Action Configuration
Source: https://docs.rootly.com/edge-connectors-actions

Configure script and HTTP actions for Rootly Edge Connectors to automate responses to events from internal systems behind your firewall using outbound polling.

## Overview

Actions define what your Edge Connector executes in response to events. Each action specifies:

* **Type**: Script or HTTP request
* **Source Type**: Local scripts or Git-based scripts
* **Trigger**: Which events activate this action
* **Parameters**: User-configurable inputs (for manual triggers)
* **Execution details**: Scripts to run or HTTP requests to make

## Automatic vs Callable Actions

Edge Connector actions fall into two categories with different behaviors:

### Automatic Actions (`on:` section)

**What they are:**

* Execute automatically in response to Rootly system events
* Run without user interaction
* Configured in the `on:` section where the event type is the key

**When to use:**

* Auto-remediation (restart services when alerts fire)
* Notifications (send webhooks when incidents are created)
* Data collection (gather logs when alerts trigger)
* Monitoring integration (sync status to external systems)

**Configuration:**

```yaml theme={null}
on:
  alert.created:                    # Event type is the key
    script: /opt/scripts/handle-alert.sh
    parameters:
      alert_id: "{{ id }}"
      severity: "{{ labels.severity }}"
    timeout: 60
```

**Characteristics:**

* ✅ No `parameter_definitions` needed (no user input)
* ✅ Execute immediately when events occur
* ✅ Registered with backend for visibility/audit
* ✅ Appear in Rootly UI as read-only badges (visible but not clickable)
* ✅ Users can see what automations are configured

**How they appear in Rootly UI:**

* Badge: "🔄 Script: alert.created" or "🌐 HTTP: incident.created"
* Read-only display showing what's automated
* No interaction possible (run automatically only)

### Callable Actions (`callable:` section)

**What they are:**

* Triggered manually by users from the Rootly UI
* Require user input via parameter forms
* Configured in the `callable:` section where the action slug is the key

**When to use:**

* Manual remediation (restart specific services on demand)
* User-initiated operations (deploy hotfixes, scale infrastructure)
* Diagnostic tools (collect logs, run health checks)
* Administrative tasks (clear caches, trigger backups)

**Configuration:**

```yaml theme={null}
callable:
  restart_service:                  # Action slug is the key
    name: "Restart Service"         # Display name in UI (required)
    description: "Restart a production service with graceful shutdown"
    trigger: alert.action_triggered # Shows on alerts
    script: /opt/scripts/restart.sh
    parameter_definitions:          # Creates UI form
      - name: service_name
        type: string
        required: true
        description: "Service to restart"
    timeout: 120
```

**Characteristics:**

* ✅ Require `parameter_definitions` to create UI forms
* ✅ Users provide input values before execution
* ✅ Registered with backend to generate UI buttons
* ✅ Appear in Rootly UI as interactive buttons
* ✅ Can be triggered from alerts, incidents, or standalone

**How they appear in Rootly UI:**

* Button: "Restart Service" with form dialog
* Users click → fill out form → submit → action executes
* Real-time execution status and results shown

### Comparison Table

| Feature                    | Automatic Actions (`on:`)                             | Callable Actions (`callable:`)              |
| -------------------------- | ----------------------------------------------------- | ------------------------------------------- |
| **Trigger**                | System events (alert.created, incident.created, etc.) | User clicks button in Rootly UI             |
| **User Input**             | None - uses event data only                           | Yes - users fill out parameter forms        |
| **Config Section**         | `on:` (event type is key)                             | `callable:` (action slug is key)            |
| **parameter\_definitions** | Not needed                                            | Required to create UI forms                 |
| **name**                   | Optional                                              | Required for UI display                     |
| **UI Appearance**          | Read-only badge (visible, not clickable)              | Interactive button (clickable with form)    |
| **Registration**           | Registered for visibility                             | Registered to generate UI                   |
| **Execution**              | Immediate when event occurs                           | On-demand when user triggers                |
| **Use Cases**              | Auto-remediation, notifications, monitoring           | Manual operations, diagnostics, admin tasks |

### Registration Behavior

**Both automatic and callable actions are registered with the Rootly backend on connector startup:**

1. **Connector Startup:**
   * Reads `actions.yml` configuration
   * Sends all actions to `POST /rec/v1/actions` endpoint
   * Backend syncs actions for this connector

2. **Backend Processing:**
   * **Automatic actions** (no `parameter_definitions`):
     * Stored for visibility and audit
     * Displayed as read-only badges in UI
     * Users can see what automations exist
   * **Callable actions** (with `parameter_definitions`):
     * UI forms generated from parameter definitions
     * Displayed as interactive buttons
     * Users can click and provide inputs

3. **Sync Behavior:**
   * Backend matches actions by slug
   * Creates new actions not seen before
   * Updates existing actions with new configuration
   * Removes actions no longer in config

**What gets sent to backend:**

* Action slug, name, description (for UI display)
* Action type (script or HTTP) and timeout
* Trigger event types
* Parameter definitions (for callable actions only)

**What stays on connector:**

* Script paths and execution details
* HTTP URLs, headers, and body templates
* Security settings and environment variables

<Info>
  The presence of `parameter_definitions` is what tells the backend whether an action is automatic (read-only) or callable (interactive).
</Info>

## Action File Structure

Actions are defined in an `actions.yml` file with three main sections:

```yaml theme={null}
# Global defaults (optional)
defaults:
  timeout: 30
  source_type: local
  env:
    ENVIRONMENT: production

# Automatic actions - triggered by system events
on:
  alert.created:
    script: /path/to/script.sh
    # ...

# Manual actions - triggered by users from UI
callable:
  restart_service:
    name: "Restart Service"
    # ...
```

## Action Types

### Script Actions

Execute scripts from local filesystem or Git repositories.

#### Local Scripts

Execute scripts stored on the Edge Connector host:

```yaml theme={null}
callable:
  restart_service:
    name: "Restart Production Service"
    description: |
      Restarts the specified service with graceful shutdown.
      Use when service becomes unresponsive.
    trigger: alert.action_triggered
    script: /opt/scripts/restart-service.sh
    parameter_definitions:
      - name: service_name
        type: string
        required: true
        description: "Service to restart"
      - name: environment
        type: string
        required: false
        default: "production"
        options: ["development", "staging", "production"]
    timeout: 300
```

**Key Fields:**

* `script`: Absolute path to the script to execute
* `timeout`: Maximum execution time in seconds
* `parameter_definitions`: User inputs when triggered manually
* `trigger`: Specifies the event type (`alert.action_triggered`, `incident.action_triggered`, or defaults to `action.triggered`)
* `source_type`: `local` (default) or `git`

#### Git-Based Scripts

Execute scripts from a Git repository that the Edge Connector syncs automatically:

```yaml theme={null}
callable:
  run_playbook:
    name: "Run Incident Playbook"
    description: "Execute Ansible playbook from Git repository"
    trigger: incident.action_triggered
    source_type: git
    script: playbooks/incident-response.yml
    git_options:
      url: "https://github.com/your-org/runbooks.git"
      branch: main
      poll_interval_sec: 300
    parameter_definitions:
      - name: playbook
        type: list
        options: [database, network, application]
        required: true
        description: "Which playbook to run"
    parameters:
      incident_id: "{{ entity_id }}"
      severity: "{{ severity.slug }}"
    timeout: 600
```

**Git Options:**

* `url`: Git repository URL (HTTPS or SSH)
* `branch`: Branch to checkout (default: `main`)
* `poll_interval_sec`: How often to pull updates (default: 300)

<Info>
  Git-based scripts allow you to version control your automation scripts and update them without redeploying the Edge Connector.
</Info>

### HTTP Actions

Make HTTP/HTTPS requests to external APIs or webhooks.

```yaml theme={null}
on:
  alert.created:
    http:
      url: "https://example.com/webhook"
      method: POST
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ env.API_TOKEN }}"
      params:
        source: "rootly"
      body: |
        {
          "alert_id": "{{ id }}",
          "summary": "{{ summary }}",
          "severity": "{{ labels.severity }}",
          "services": "{{ services | map: 'name' | join: ', ' }}"
        }
    timeout: 30
```

**HTTP Configuration:**

* `url`: Target endpoint (supports templates)
* `method`: GET, POST, PUT, PATCH, DELETE
* `headers`: HTTP headers (supports templates)
* `params`: Query parameters
* `body`: Request body (supports templates for JSON/text)

## Action Triggers

### Automatic Event Triggers

These actions run automatically when system events occur. They are defined in the `on:` section where the event type is the key.

**Alert Events:**

```yaml theme={null}
on:
  alert.created:
    # Action configuration here
    script: /path/to/handle-alert.sh
```

**Incident Events:**

```yaml theme={null}
on:
  incident.mitigated:
    # Action configuration here
    script: /path/to/handle-mitigation.sh
```

**Available Automatic Triggers:**

* `alert.created`, `alert.updated`, `alert.acknowledged`, `alert.resolved`, `alert.deleted`
* `incident.created`, `incident.updated`, `incident.in_triage`, `incident.mitigated`, `incident.resolved`, `incident.cancelled`, `incident.deleted`

<Info>
  Automatic triggers do not require `parameter_definitions` - they execute automatically with event data.
</Info>

### Manual Trigger Events

These actions are triggered manually by users from the Rootly UI. They require `parameter_definitions` to create input forms.

**Action on Alert:**

```yaml theme={null}
callable:
  restart_affected_service:
    name: "Restart Affected Service"
    trigger: alert.action_triggered
    script: /opt/scripts/restart.sh
    parameter_definitions:
      - name: service_name
        type: string
        required: true
      - name: force_restart
        type: boolean
        default: false
```

**Action on Incident:**

```yaml theme={null}
callable:
  scale_infrastructure:
    name: "Scale Infrastructure"
    trigger: incident.action_triggered
    script: /opt/scripts/scale.sh
    parameter_definitions:
      - name: target_capacity
        type: number
        required: true
```

**Standalone Action:**

```yaml theme={null}
callable:
  clear_cache:
    name: "Clear Global Cache"
    # trigger defaults to: action.triggered
    http:
      url: "https://api.example.com/cache/clear"
      method: POST
    parameter_definitions:
      - name: cache_type
        type: string
        required: true
        options: ["redis", "memcached", "all"]
```

## Parameter Definitions

Parameters create user input forms for manually triggered actions.

### Parameter Types

**String:**

```yaml theme={null}
- name: service_name
  type: string
  required: true
  description: "Name of the service"
```

**Number:**

```yaml theme={null}
- name: capacity
  type: number
  required: true
  description: "Target capacity percentage"
```

**Boolean:**

```yaml theme={null}
- name: force_restart
  type: boolean
  default: false
  description: "Force restart without graceful shutdown"
```

**List (Dropdown):**

```yaml theme={null}
- name: cache_type
  type: list
  options: [redis, memcached, all]
  default: redis
  required: true
  description: "Which cache to clear"
```

<Note>
  Use `type: list` with `options` array for dropdown selections. This is preferred over `type: string` with `options` for clarity.
</Note>

### Parameter Fields

* `name`: Parameter identifier (used in templates as `{{ parameters.name }}`)
* `type`: Data type (string, number, boolean)
* `required`: Whether input is mandatory
* `default`: Default value if not provided
* `options`: List of allowed values (creates dropdown)
* `description`: Help text shown in UI

## Using Templates in Actions

Actions support Liquid templates for dynamic values. See the [Template Syntax](/edge-connectors-templates) guide for detailed documentation.

### Event Data Templates

Access event data in your action configuration:

```yaml theme={null}
parameters:
  alert_id: "{{ id }}"
  summary: "{{ summary }}"
  severity: "{{ labels.severity }}"
  service: "{{ services.first.name }}"
```

### User Parameter Templates

Access user inputs in manually triggered actions:

```yaml theme={null}
parameters:
  service: "{{ parameters.service_name }}"
  env: "{{ parameters.environment }}"
  force: "{{ parameters.force_restart }}"
```

### Environment Variables

Access environment variables securely:

```yaml theme={null}
headers:
  Authorization: "Bearer {{ env.API_TOKEN }}"
  X-API-Key: "{{ env.SECRET_KEY }}"
```

## Complete Examples

### Example 1: Automatic Alert Response

Automatically restart a service when critical alerts are detected:

```yaml theme={null}
on:
  alert.created:
    script: /opt/scripts/restart-service.sh
    parameters:
      service: "{{ services.first.slug }}"
      environment: "{{ environments.first.slug }}"
      alert_id: "{{ id }}"
      severity: "{{ labels.severity }}"
    timeout: 120
```

### Example 2: Manual Service Scaling

Allow users to manually scale services from incidents:

```yaml theme={null}
callable:
  scale_service:
    name: "Scale Service Capacity"
    description: |
      Manually scale service capacity.
      Use during incidents to increase capacity.
    trigger: incident.action_triggered
    script: /opt/scripts/scale-service.sh
    parameter_definitions:
      - name: target_capacity
        type: number
        required: true
        description: "Target capacity (50-200%)"
      - name: scaling_speed
        type: string
        required: false
        default: "normal"
        options: ["slow", "normal", "fast"]
        description: "Scaling speed"
    parameters:
      # User inputs: target_capacity and scaling_speed
      # are auto-available as {{ parameters.target_capacity }}, etc.
      # Add extra context here:
      incident_id: "{{ entity_id }}"
      triggered_by: "{{ triggered_by.email }}"
    timeout: 300
```

### Example 3: Webhook Notification

Send HTTP notification when incidents are mitigated:

```yaml theme={null}
on:
  incident.mitigated:
    http:
      url: "{{ env.SLACK_WEBHOOK_URL }}"
      method: POST
      headers:
        Content-Type: "application/json"
      body: |
        {
          "text": "Incident Mitigated",
          "attachments": [{
            "color": "good",
            "fields": [
              {"title": "Incident", "value": "{{ title }}", "short": false},
              {"title": "Severity", "value": "{{ severity.name }}", "short": true},
              {"title": "Services", "value": "{{ services | map: 'name' | join: ', ' }}", "short": true},
              {"title": "Duration", "value": "{{ mitigated_at | date: '%Y-%m-%d %H:%M' }}", "short": true}
            ]
          }]
        }
    timeout: 10
```

### Example 4: PagerDuty Integration

Create PagerDuty incidents for high-severity Rootly incidents:

```yaml theme={null}
on:
  incident.created:
    http:
      url: "https://api.pagerduty.com/incidents"
      method: POST
      headers:
        Authorization: "Token token={{ env.PAGERDUTY_TOKEN }}"
        Content-Type: "application/json"
        From: "{{ env.PAGERDUTY_FROM_EMAIL }}"
      body: |
        {
          "incident": {
            "type": "incident",
            "title": "[{{ severity.name }}] {{ title }}",
            "service": {
              "id": "{{ env.PAGERDUTY_SERVICE_ID }}",
              "type": "service_reference"
            },
            "urgency": "high",
            "body": {
              "type": "incident_body",
              "details": "{{ summary }}\n\nAffected services: {{ services | map: 'name' | join: ', ' }}"
            }
          }
        }
    timeout: 15
```

## Best Practices

### Security

* **Store secrets in environment variables**, never in action configuration
* **Use absolute paths** for scripts to prevent path traversal
* **Validate user inputs** in your scripts
* **Limit script permissions** - run with minimal privileges
* **Audit action execution logs** regularly

### Reliability

* **Set appropriate timeouts** based on expected execution time
* **Implement retry logic** in your scripts for transient failures
* **Handle errors gracefully** and return meaningful error messages
* **Test actions thoroughly** before deploying to production
* **Monitor action execution** via Rootly dashboard

### Configuration

* **Use descriptive IDs** (snake\_case: `restart_production_db`)
* **Provide clear names** for UI display
* **Write helpful descriptions** explaining when to use the action
* **Add parameter descriptions** to guide users
* **Use options** for parameters with limited valid values

### Templates

* **Use `default` filter** for optional fields: `{{ field | default: "N/A" }}`
* **Test templates** with sample event data before deploying
* **Keep templates simple** - complex logic belongs in scripts
* **Document template variables** in action descriptions

## Action Configuration File

Actions are defined in an `actions.yml` file with three main sections:

```yaml theme={null}
# Global defaults (optional) - applied to all actions
defaults:
  timeout: 30                        # Default timeout for all actions
  source_type: local                 # Default source: local or git
  env:                               # Environment variables for all actions
    ENVIRONMENT: production
    LOG_LEVEL: info

# Automatic actions - triggered by system events
# Event type is the KEY
on:
  alert.created:
    script: /path/to/handle-alert.sh
    parameters:
      alert_id: "{{ id }}"
      severity: "{{ labels.severity }}"
    timeout: 60

  incident.created:
    http:
      url: "{{ env.SLACK_WEBHOOK_URL }}"
      method: POST
      body: |
        {"text": "Incident: {{ title }}"}

# Manual actions - triggered by users from UI
# Action slug is the KEY
callable:
  restart_service:
    name: "Restart Service"
    description: "Restart a production service"
    trigger: alert.action_triggered  # Shows on alerts only
    script: /path/to/restart.sh
    parameter_definitions:
      - name: service_name
        type: string
        required: true
    parameters:
      # User inputs are auto-available as {{ parameters.service_name }}
      # This section adds EXTRA context beyond user inputs:
      alert_id: "{{ entity_id }}"
      triggered_by: "{{ triggered_by.email }}"
    timeout: 120

  clear_cache:
    name: "Clear Cache"
    description: "Clear application cache"
    # trigger defaults to: action.triggered (standalone action)
    script: /path/to/clear-cache.sh
    parameter_definitions:
      - name: cache_type
        type: list
        options: [redis, memcached, all]

  run_from_git:
    name: "Run Git-based Script"
    source_type: git                 # Override default source_type
    script: scripts/automation.sh
    git_options:
      url: "https://github.com/org/repo.git"
      branch: main
      poll_interval_sec: 300
```

The Edge Connector reads this file on startup and registers all actions with Rootly.

**Key Concepts:**

* `defaults:` section: Global settings applied to all actions unless overridden
* `on:` section: Automatic actions where event type is the **key**
* `callable:` section: Manual actions where action slug is the **key**
* `source_type`: `local` for filesystem scripts, `git` for repository-based scripts
* `parameter_definitions`: Create user input forms; auto-accessible as `{{ parameters.X }}`
* `parameters:` section: Adds **extra** parameters beyond user inputs
* Scripts receive all parameters as `REC_PARAM_*` environment variables

## Next Steps

* See [Event Examples](/edge-connectors-event-examples) for sample event payloads
* Learn [Template Syntax](/edge-connectors-templates) for dynamic values
* Review the main [Edge Connectors](/edge-connectors) documentation


# Event Examples
Source: https://docs.rootly.com/edge-connectors-event-examples

Real-world examples of event payloads received from Rootly Edge Connectors, showing JSON structures for testing actions, scripts, and Liquid template logic.

## Overview

This page provides real-world examples of event payloads that Edge Connectors receive when polling the Rootly API. These examples show the structure and data available for templating in your action configurations.

## Event Types

Edge Connector events are divided into two categories based on how actions are triggered:

<Info>
  **Understanding Action Types:** Automatic events trigger actions automatically (configured in `on:` section), while manual trigger events are user-initiated actions (configured in `callable:` section). See the [Automatic vs Callable Actions](/edge-connectors-actions#automatic-vs-callable-actions) guide for detailed comparison.
</Info>

### Automatic Event Types

These events are triggered automatically by system events and can be subscribed to by connectors for monitoring and notifications:

**Alert Events:**

* `alert.created` - New alert from monitoring system
* `alert.updated` - Alert properties changed
* `alert.acknowledged` - Alert acknowledged by a user
* `alert.resolved` - Alert marked as resolved
* `alert.deleted` - Alert removed

**Incident Events:**

* `incident.created` - New incident started
* `incident.updated` - Incident properties changed
* `incident.in_triage` - Incident moved to triage status
* `incident.mitigated` - Incident mitigated
* `incident.resolved` - Incident marked resolved
* `incident.cancelled` - Incident cancelled
* `incident.deleted` - Incident deleted

### Manual Trigger Event Types

These events are triggered by user actions and are managed by actions' `event_types_trigger` field, not connector subscriptions:

* `action.triggered` - Standalone action triggered by a user
* `alert.action_triggered` - Action triggered from an alert context
* `incident.action_triggered` - Action triggered from an incident context

<Info>
  Automatic events can be subscribed to when configuring your Edge Connector. Manual trigger events are configured per action and execute when users trigger them from the UI.
</Info>

## Event Payload Examples

Below are detailed examples of event payloads for each event type.

### alert.created - Production Database Alert

```json theme={null}
{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "event_id": "a3bb189e-8bf9-3888-9912-ace4e6543002",
  "event_type": "alert.created",
  "timestamp": "2025-10-26T21:30:00Z",
  "data": {
    "id": "6aeb35ae-ca31-4bcf-91bd-c4ecce44dedc",
    "source": "datadog",
    "summary": "High database latency detected",
    "status": "open",
    "labels": {
      "severity": "critical",
      "component": "database",
      "region": "us-west-2"
    },
    "data": {
      "host": "prod-db-01.example.com",
      "latency_ms": 1500,
      "threshold_ms": 500,
      "query_count": 342
    },
    "started_at": "2025-10-26T21:29:45Z",
    "ended_at": null,
    "created_at": "2025-10-26T21:29:50Z",
    "updated_at": "2025-10-26T21:29:50Z",
    "services": [
      {
        "id": "8e3f9c2a-1d5b-4e8f-9a3c-7b2d4e6f8a1c",
        "name": "DB - Production Database",
        "slug": "db-production"
      }
    ],
    "environments": [
      {
        "id": "2c4e6a8b-3f5d-4a7c-8b9e-1f3a5c7d9e2b",
        "name": "Production",
        "slug": "production",
        "color": "#E74C3C"
      }
    ]
  }
}
```

### Template Usage

```yaml theme={null}
parameters:
  alert_id: "{{ id }}"
  alert_summary: "{{ summary }}"
  severity: "{{ labels.severity }}"
  host: "{{ data.host }}"
  latency: "{{ data.latency_ms }}"
  service_name: "{{ services.0.name }}"      # First service
  environment: "{{ environments.0.slug }}"   # First environment
```

## alert.created - PagerDuty Integration

```json theme={null}
{
  "id": "9d4e2f1c-7a8b-4c3d-9e5f-6a7b8c9d0e1f",
  "event_id": "5c6d7e8f-9a0b-4c5d-8e9f-0a1b2c3d4e5f",
  "event_type": "alert.created",
  "timestamp": "2025-10-26T21:35:00Z",
  "data": {
    "id": "b8c9d0e1-f2a3-4b5c-6d7e-8f9a0b1c2d3e",
    "source": "pagerduty",
    "summary": "API service is down",
    "status": "open",
    "labels": {
      "severity": "high",
      "urgency": "high",
      "impact": "critical"
    },
    "data": {
      "incident_key": "PD-12345",
      "incident_url": "https://example.pagerduty.com/incidents/12345",
      "triggered_by": "monitoring_service",
      "escalation_policy": "Engineering On-Call"
    },
    "started_at": "2025-10-26T21:34:30Z",
    "ended_at": null,
    "created_at": "2025-10-26T21:34:35Z",
    "updated_at": "2025-10-26T21:34:35Z",
    "services": [
      {
        "id": "3f4e5d6c-7b8a-4c9d-0e1f-2a3b4c5d6e7f",
        "name": "API Gateway",
        "slug": "api-gateway"
      },
      {
        "id": "8a9b0c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d",
        "name": "Authentication Service",
        "slug": "auth-service"
      }
    ],
    "environments": [
      {
        "id": "1e2f3a4b-5c6d-7e8f-9a0b-1c2d3e4f5a6b",
        "name": "Production",
        "slug": "production",
        "color": "#E74C3C"
      }
    ]
  }
}
```

### Template Usage

```yaml theme={null}
parameters:
  pagerduty_key: "{{ data.incident_key }}"
  pagerduty_url: "{{ data.incident_url }}"
  urgency: "{{ labels.urgency }}"
  all_services: "{{ services | join:', ' }}"  # "API Gateway, Authentication Service"
```

## alert.updated - Status Change

```json theme={null}
{
  "id": "4d5e6f7a-8b9c-0d1e-2f3a-4b5c6d7e8f9a",
  "event_id": "7e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2b",
  "event_type": "alert.updated",
  "timestamp": "2025-10-26T22:00:00Z",
  "data": {
    "id": "6aeb35ae-ca31-4bcf-91bd-c4ecce44dedc",
    "source": "datadog",
    "summary": "High database latency detected",
    "status": "resolved",
    "labels": {
      "severity": "critical",
      "component": "database"
    },
    "data": {
      "host": "prod-db-01.example.com",
      "latency_ms": 150,
      "resolution": "auto-scaled database pool"
    },
    "started_at": "2025-10-26T21:29:45Z",
    "ended_at": "2025-10-26T21:59:30Z",
    "created_at": "2025-10-26T21:29:50Z",
    "updated_at": "2025-10-26T22:00:00Z",
    "services": [
      {
        "id": "8e3f9c2a-1d5b-4e8f-9a3c-7b2d4e6f8a1c",
        "name": "DB - Production Database",
        "slug": "db-production"
      }
    ],
    "environments": [
      {
        "id": "2c4e6a8b-3f5d-4a7c-8b9e-1f3a5c7d9e2b",
        "name": "Production",
        "slug": "production",
        "color": "#E74C3C"
      }
    ]
  }
}
```

## incident.created - Full Example

Based on `EdgeConnectors::IncidentSerializer`:

```json theme={null}
{
  "id": "c1d2e3f4-a5b6-7c8d-9e0f-1a2b3c4d5e6f",
  "event_id": "2b3c4d5e-6f7a-8b9c-0d1e-2f3a4b5c6d7e",
  "event_type": "incident.created",
  "timestamp": "2025-10-26T23:00:00Z",
  "data": {
    "id": "9f8e7d6c-5b4a-3210-fedc-ba9876543210",
    "sequential_id": 42,
    "title": "Production API Gateway Outage",
    "slug": "production-api-gateway-outage",
    "summary": "Complete outage affecting all customers",
    "status": "started",
    "kind": "normal",
    "private": false,
    "detected_at": "2025-10-26T22:58:00Z",
    "acknowledged_at": null,
    "started_at": "2025-10-26T22:58:00Z",
    "mitigated_at": null,
    "resolved_at": null,
    "cancelled_at": null,
    "created_at": "2025-10-26T22:59:00Z",
    "updated_at": "2025-10-26T23:00:00Z",
    "services": [
      {
        "id": "3f4e5d6c-7b8a-4c9d-0e1f-2a3b4c5d6e7f",
        "name": "API Gateway",
        "slug": "api-gateway"
      }
    ],
    "environments": [
      {
        "id": "1e2f3a4b-5c6d-7e8f-9a0b-1c2d3e4f5a6b",
        "name": "Production",
        "slug": "production",
        "color": "#E74C3C"
      }
    ],
    "functionalities": [
      {
        "id": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d",
        "name": "API Requests",
        "slug": "api-requests"
      }
    ],
    "severity": {
      "id": "5e4d3c2b-1a09-8f7e-6d5c-4b3a2910fedc",
      "name": "SEV1",
      "slug": "sev1",
      "color": "#FF0000"
    }
  }
}
```

## alert.action\_triggered - User-Initiated Restart on Alert

```json theme={null}
{
  "id": "e6f7a8b9-c0d1-2e3f-4a5b-6c7d8e9f0a1b",
  "event_id": "d5e6f7a8-b9c0-1d2e-3f4a-5b6c7d8e9f0a",
  "event_type": "alert.action_triggered",
  "timestamp": "2025-10-26T23:15:00Z",
  "action": {
    "id": "7a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2d",
    "name": "Restart Test Service",
    "slug": "restart_test_service"
  },
  "data": {
    "entity_id": "f0a1b2c3-d4e5-6f7a-8b9c-0d1e2f3a4b5c",
    "parameters": {
      "service_name": "api-gateway",
      "environment": "production",
      "force_restart": true,
      "drain_timeout": 30
    },
    "triggered_by": {
      "id": 50,
      "name": "Quentin Rousseau",
      "email": "quentin@rootly.com"
    }
  }
}
```

### Template Usage in Actions

```yaml theme={null}
# Script action for alert actions
- name: restart_test_service
  type: script
  script: /opt/scripts/restart-service.sh
  trigger:
    event_type: "alert.action_triggered"

  parameters:
    # Action metadata (from top-level action object)
    action_display_name: "{{ action.name }}"  # "Restart Test Service"
    action_slug: "{{ action.slug }}"          # "restart_test_service"

    # User inputs (from UI)
    service_name: "{{ parameters.service_name }}"
    environment: "{{ parameters.environment }}"
    force: "{{ parameters.force_restart }}"

    # Context data
    entity_id: "{{ entity_id }}"
    triggered_by_email: "{{ triggered_by.email }}"

    # Hardcoded
    region: "us-west-2"
    timeout: "60"
```

## incident.action\_triggered - Escalation on Incident

```json theme={null}
{
  "id": "b9c0d1e2-f3a4-5b6c-7d8e-9f0a1b2c3d4e",
  "event_id": "a8b9c0d1-e2f3-4a5b-6c7d-8e9f0a1b2c3d",
  "event_type": "incident.action_triggered",
  "timestamp": "2025-10-26T23:20:00Z",
  "action": {
    "id": "6c7d8e9f-0a1b-2c3d-4e5f-6a7b8c9d0e1f",
    "name": "Scale Infrastructure",
    "slug": "scale_infrastructure"
  },
  "data": {
    "entity_id": "d4e5f6a7-b8c9-0d1e-2f3a-4b5c6d7e8f9a",
    "parameters": {
      "target_capacity": 200,
      "scaling_policy": "aggressive"
    },
    "triggered_by": {
      "id": 42,
      "name": "Sarah Johnson",
      "email": "sarah@example.com"
    }
  }
}
```

## action.triggered - Standalone Action

```json theme={null}
{
  "id": "c3d4e5f6-a7b8-9c0d-1e2f-3a4b5c6d7e8f",
  "event_id": "b2c3d4e5-f6a7-8b9c-0d1e-2f3a4b5c6d7e",
  "event_type": "action.triggered",
  "timestamp": "2025-10-26T23:25:00Z",
  "action": {
    "id": "5f6a7b8c-9d0e-1f2a-3b4c-5d6e7f8a9b0c",
    "name": "Clear Global Cache",
    "slug": "clear_global_cache"
  },
  "data": {
    "parameters": {
      "cache_type": "redis",
      "scope": "global"
    },
    "triggered_by": {
      "id": 50,
      "name": "Quentin Rousseau",
      "email": "quentin@rootly.com"
    }
    // No entity_id - this is a standalone action
  }
}
```

## Edge Cases

### Alert with No Services

```json theme={null}
{
  "event_type": "alert.created",
  "data": {
    "id": "e9f0a1b2-c3d4-5e6f-7a8b-9c0d1e2f3a4b",
    "summary": "Orphaned alert",
    "status": "open",
    "services": [],        // ← Empty array
    "environments": []     // ← Empty array
  }
}
```

### Alert with Custom Data (Datadog)

```json theme={null}
{
  "event_type": "alert.created",
  "data": {
    "id": "d8e9f0a1-b2c3-4d5e-6f7a-8b9c0d1e2f3a",
    "source": "datadog",
    "summary": "CPU usage above 90%",
    "status": "open",
    "data": {
      "tags": ["env:production", "service:api", "host:prod-01"],
      "metric": "system.cpu.usage",
      "value": 94.2,
      "threshold": 90.0,
      "monitor_id": "12345678",
      "monitor_name": "High CPU Usage"
    }
  }
}
```

### Standalone Action with No Parameters

```json theme={null}
{
  "event_type": "action.triggered",
  "action": {
    "id": "c7d8e9f0-a1b2-3c4d-5e6f-7a8b9c0d1e2f",
    "name": "Clear Cache",
    "slug": "clear_cache"
  },
  "data": {
    "parameters": {},      // ← No user inputs required
    "triggered_by": {
      "id": 50,
      "name": "Quentin Rousseau",
      "email": "quentin@rootly.com"
    }
    // No entity_id - standalone action
  }
}
```

## HTTP Action Examples

### alert.created → Slack Notification

```yaml theme={null}
- name: notify_slack_alert
  type: http
  trigger:
    event_type: "alert.created"
  http:
    url: "{{ env.SLACK_WEBHOOK_URL }}"
    method: POST
    headers:
      Content-Type: "application/json"
    body: |
      {
        "text": ":warning: New Alert",
        "attachments": [{
          "color": "danger",
          "fields": [
            {"title": "Summary", "value": "{{ summary }}", "short": false},
            {"title": "Source", "value": "{{ source }}", "short": true},
            {"title": "Severity", "value": "{{ labels.severity }}", "short": true},
            {"title": "Host", "value": "{{ data.host }}", "short": true},
            {"title": "Environment", "value": "{{ environments.0.name }}", "short": true}
          ]
        }]
      }
  timeout: 10
```

### incident.created → PagerDuty Integration

```yaml theme={null}
- name: create_pagerduty_incident
  type: http
  trigger:
    event_type: "incident.created"
  http:
    url: "https://api.pagerduty.com/incidents"
    method: POST
    headers:
      Authorization: "Token token={{ env.PAGERDUTY_TOKEN }}"
      Content-Type: "application/json"
      From: "{{ env.PAGERDUTY_FROM_EMAIL }}"
    body: |
      {
        "incident": {
          "type": "incident",
          "title": "[{{ severity.name }}] {{ title }}",
          "service": {
            "id": "{{ env.PAGERDUTY_SERVICE_ID }}",
            "type": "service_reference"
          },
          "urgency": "high",
          "body": {
            "type": "incident_body",
            "details": "{{ summary }}\n\nAffected services: {{ services.0.name }}"
          }
        }
      }
  timeout: 15
```

### alert.action\_triggered → Restart Service API

```yaml theme={null}
- name: restart_service_api
  type: http
  trigger:
    event_type: "alert.action_triggered"
    action_name: "restart_service_api"
  parameter_definitions:
    - name: service_name
      type: string
      required: true
    - name: force_restart
      type: boolean
      default: false
  http:
    url: "https://api.example.com/v1/services/{{ parameters.service_name }}/restart"
    method: POST
    headers:
      Authorization: "Bearer {{ env.API_TOKEN }}"
      Content-Type: "application/json"
      X-Triggered-By: "{{ triggered_by.email }}"
    body: |
      {
        "force": {{ parameters.force_restart }},
        "reason": "Manual restart via Rootly",
        "alert_id": "{{ entity_id }}"
      }
  timeout: 60
```

### action.triggered → Clear Global Cache

```yaml theme={null}
- name: clear_cache_http
  type: http
  trigger:
    event_type: "action.triggered"
    action_name: "clear_cache_http"
  parameter_definitions:
    - name: cache_type
      type: string
      options: ["redis", "memcached", "all"]
      required: true
  http:
    url: "https://cache-api.example.com/v1/clear"
    method: POST
    headers:
      X-API-Key: "{{ env.CACHE_API_KEY }}"
    params:
      type: "{{ parameters.cache_type }}"
    body: |
      {
        "triggered_by": "{{ triggered_by.email }}",
        "scope": "global"
      }
  timeout: 30
```

**HTTP Action Behavior:**

* Exit code = HTTP status code (200, 404, 500, etc.)
* Stdout = Response body + status message
* Stderr = Error message (if request fails)
* Success = 2xx status codes
* Failure = 4xx, 5xx status codes

## Template Access Patterns

### Simple Fields

```yaml theme={null}
alert_id: "{{ id }}"
status: "{{ status }}"
summary: "{{ summary }}"
```

### Nested Objects

```yaml theme={null}
severity: "{{ labels.severity }}"
host: "{{ data.host }}"
metric_value: "{{ data.value }}"
```

### Arrays (First Element)

```yaml theme={null}
service_name: "{{ services.0.name }}"
service_slug: "{{ services.0.slug }}"
environment: "{{ environments.0.slug }}"
```

### Environment Variables

```yaml theme={null}
api_key: "{{ env.DATADOG_API_KEY }}"
region: "{{ env.AWS_REGION }}"
```

### Mixed

```yaml theme={null}
message: "[{{ labels.severity }}] {{ summary }} on {{ data.host }} in {{ environments.0.name }}"
# Result: "[critical] High database latency detected on prod-db-01.example.com in Production"
```

## Testing Locally

Create a test event payload file:

```bash theme={null}
# test-alert.json
{
  "events": [{
    "id": "b6c7d8e9-f0a1-2b3c-4d5e-6f7a8b9c0d1e",
    "event_id": "a5b6c7d8-e9f0-1a2b-3c4d-5e6f7a8b9c0d",
    "event_type": "alert.created",
    "timestamp": "2025-10-26T23:00:00Z",
    "data": {
      "id": "9e0f1a2b-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
      "source": "test",
      "summary": "Test alert for local development",
      "status": "open",
      "labels": {"severity": "critical"},
      "data": {"host": "localhost"},
      "services": [{"id": "8d9e0f1a-2b3c-4d5e-6f7a-8b9c0d1e2f3a", "name": "Test Service", "slug": "test"}],
      "environments": [{"id": "7c8d9e0f-1a2b-3c4d-5e6f-7a8b9c0d1e2f", "name": "Development", "slug": "dev"}]
    }
  }]
}
```

Then post to your local mock server to trigger actions.


# Installation & Deployment
Source: https://docs.rootly.com/edge-connectors-installation

Install and deploy the Rootly Edge Connector in your environment using Docker or supported orchestrators to securely poll Rootly without inbound connections.

## Overview

The Rootly Edge Connector is a lightweight agent that runs in your infrastructure to securely integrate with internal systems. This guide covers installation, configuration, and deployment for production environments.

## Prerequisites

Before installing the Edge Connector, ensure you have:

* **Operating System**: Linux (systemd-based distributions recommended)
* **Network Access**: Outbound HTTPS to `rec.rootly.com` (port 443)
* **API Key**: Edge Connector API key from Rootly (see [Getting Started](/edge-connectors#getting-started))
* **Permissions**: Root or sudo access for system installation

<Info>
  The Edge Connector only requires **outbound** network access. No inbound firewall rules are needed.
</Info>

## Installation Methods

Choose one of the following installation methods based on your environment:

### Option 1: Homebrew (Recommended for macOS/Linux)

```bash theme={null}
# Add Rootly tap
brew tap rootlyhq/tap

# Install Edge Connector
brew install rootly-edge-connector

# Verify installation
rootly-edge-connector --version
```

### Option 2: Go Install

If you have Go 1.24+ installed:

```bash theme={null}
# Install latest version
go install github.com/rootlyhq/rootly-edge-connector/cmd/rec@latest

# The binary will be installed to $GOPATH/bin/rec
```

### Option 3: Build from Source

```bash theme={null}
# Clone repository
git clone https://github.com/rootlyhq/rootly-edge-connector.git
cd rootly-edge-connector

# Build and install
make build
make install

# Verify installation
rootly-edge-connector --version
```

### Option 4: Pre-built Binaries

For enterprise customers with access to private releases:

<Note>
  Contact [support@rootly.com](mailto:support@rootly.com) for access to pre-built binaries and download credentials.
</Note>

## Quick Start (Development)

For testing and development, run the Edge Connector directly:

### 1. Create Configuration Files

**config.yml:**

```yaml theme={null}
app:
  name: "rootly-edge-connector"

rootly:
  api_url: "https://rec.rootly.com"
  api_path: "/v1"
  api_key: "YOUR_REC_API_KEY"

poller:
  polling_wait_interval_ms: 5000
  visibility_timeout_sec: 30

logging:
  level: "info"
  format: "json"

metrics:
  enabled: true
  port: 9090
```

**actions.yml:**

```yaml theme={null}
defaults:
  timeout: 30

on:
  alert.created:
    script: /path/to/test-script.sh
    parameters:
      alert_id: "{{ id }}"
      severity: "{{ labels.severity }}"
    timeout: 60
```

### 2. Set API Key

```bash theme={null}
export REC_API_KEY="your-api-key-here"
```

### 3. Run the Connector

```bash theme={null}
./rootly-edge-connector \
  -config config.yml \
  -actions actions.yml
```

You should see output indicating the connector is polling:

```
INFO Starting Rootly Edge Connector
INFO Registered actions with backend  action_count=1
INFO Polling for events  poll_interval=10s
```

## Production Installation (Linux/systemd)

For production deployments, install the Edge Connector as a systemd service.

### Step 1: Create System User

Create a dedicated user for the Edge Connector:

```bash theme={null}
sudo groupadd -r rootly
sudo useradd -r -g rootly -s /bin/false -d /opt/rootly-edge-connector rootly
```

### Step 2: Create Directories

Set up the directory structure:

```bash theme={null}
sudo mkdir -p /opt/rootly-edge-connector/bin
sudo mkdir -p /opt/rootly-edge-connector/scripts
sudo mkdir -p /etc/rootly-edge-connector
sudo mkdir -p /var/log/rootly-edge-connector
```

### Step 3: Install Binary

Copy the binary to the installation directory. The binary location depends on your installation method:

```bash theme={null}
# If you built from source or downloaded a binary directly:
sudo cp rootly-edge-connector /opt/rootly-edge-connector/bin/

# If you used Homebrew:
sudo cp $(which rootly-edge-connector) /opt/rootly-edge-connector/bin/

# If you used Go install:
sudo cp $GOPATH/bin/rec /opt/rootly-edge-connector/bin/rootly-edge-connector

# Set permissions
sudo chmod +x /opt/rootly-edge-connector/bin/rootly-edge-connector
```

### Step 4: Create Configuration

Create your configuration files in `/etc/rootly-edge-connector/`:

**`/etc/rootly-edge-connector/config.yml`:**

```yaml theme={null}
app:
  name: "rootly-edge-connector"

rootly:
  api_url: "https://rec.rootly.com"
  api_path: "/v1"
  api_key: "YOUR_REC_API_KEY"

poller:
  polling_wait_interval_ms: 10000
  visibility_timeout_sec: 30
  max_number_of_messages: 10

security:
  script_timeout: 300
  allowed_script_paths:
    - /opt/rootly-edge-connector/scripts

logging:
  level: "info"
  format: "json"
  output: "stdout"

metrics:
  enabled: true
  port: 9090
  path: "/metrics"
```

**`/etc/rootly-edge-connector/actions.yml`:**

```yaml theme={null}
# Automatic action - runs when incidents are created
on:
  incident.created:
    http:
      url: "{{ env.WEBHOOK_URL }}"
      method: POST
      headers:
        Content-Type: "application/json"
      body: |
        {
          "incident_id": "{{ id }}",
          "title": "{{ title }}",
          "severity": "{{ severity.name }}"
        }
    timeout: 30

# Manual action - triggered by users from Rootly UI
callable:
  restart_service:
    name: "Restart Service"
    trigger: alert.action_triggered
    script: /opt/rootly-edge-connector/scripts/restart.sh
    parameter_definitions:
      - name: service_name
        type: string
        required: true
    timeout: 120
```

### Step 5: Create Environment File

Store the API key and sensitive values securely:

```bash theme={null}
sudo tee /etc/rootly-edge-connector/environment > /dev/null <<EOF
REC_API_KEY=your-actual-api-key-here
REC_WEBHOOK_URL=https://example.com/webhook
EOF
```

### Step 6: Set Permissions

Secure the files with appropriate permissions:

```bash theme={null}
sudo chown -R rootly:rootly /opt/rootly-edge-connector
sudo chown -R rootly:rootly /etc/rootly-edge-connector
sudo chown -R rootly:rootly /var/log/rootly-edge-connector

# Protect sensitive files
sudo chmod 600 /etc/rootly-edge-connector/environment
sudo chmod 640 /etc/rootly-edge-connector/config.yml
sudo chmod 640 /etc/rootly-edge-connector/actions.yml
```

### Step 7: Create Systemd Service

Create `/etc/systemd/system/rootly-edge-connector.service`:

```ini theme={null}
[Unit]
Description=Rootly Edge Connector
Documentation=https://docs.rootly.com/edge-connectors
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=rootly
Group=rootly
EnvironmentFile=/etc/rootly-edge-connector/environment
ExecStart=/opt/rootly-edge-connector/bin/rootly-edge-connector \
  -config /etc/rootly-edge-connector/config.yml \
  -actions /etc/rootly-edge-connector/actions.yml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=rootly-edge-connector

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log/rootly-edge-connector

[Install]
WantedBy=multi-user.target
```

### Step 8: Enable and Start Service

```bash theme={null}
# Reload systemd
sudo systemctl daemon-reload

# Enable service to start on boot
sudo systemctl enable rootly-edge-connector

# Start the service
sudo systemctl start rootly-edge-connector

# Check status
sudo systemctl status rootly-edge-connector
```

## Configuration Reference

### config.yml

```yaml theme={null}
# Application settings
app:
  name: "rootly-edge-connector"

# Rootly API configuration (required)
rootly:
  api_url: "https://rec.rootly.com"  # API base URL
  api_path: "/v1"                     # API path prefix (default: /v1)
  api_key: "YOUR_REC_API_KEY"         # Set via REC_API_KEY env var (format: rec_xxxxx)

# Polling configuration
poller:
  polling_wait_interval_ms: 10000    # Polling interval in milliseconds (default: 5000)
  visibility_timeout_sec: 30         # Event visibility timeout (default: 30)
  max_number_of_messages: 10         # Max events per poll (default: 10)
  retry_on_error: true               # Retry on errors (default: true)
  retry_backoff: "exponential"       # Backoff: "exponential" or "linear"
  max_retries: 3                     # Max retry attempts (default: 3)

# Worker pool configuration
pool:
  max_number_of_workers: 10          # Maximum workers (default: 10)
  min_number_of_workers: 2           # Minimum workers (default: 2)
  queue_size: 1000                   # Event queue size (default: 1000)
  keep_alive_time_ms: 60000          # Worker keep-alive (default: 60000)
  monitoring_period_ms: 30000        # Monitoring interval (default: 30000)

# Security settings
security:
  script_timeout: 300                # Default script timeout in seconds (default: 300)
  allowed_script_paths:              # Restrict script execution (empty = allow all)
    - /opt/rootly-edge-connector/scripts
    - /usr/local/bin
  global_env:                        # Environment variables for all scripts
    ENVIRONMENT: "production"
    LOG_LEVEL: "info"

# Logging configuration
logging:
  level: "info"                      # Log level: trace, debug, info, warn, error
  format: "json"                     # Format: json, text, colored (default: text)
  output: "stdout"                   # Output: stdout or file path
  # Log rotation (only for file output)
  max_size_mb: 100                   # Max file size before rotation (default: 100)
  max_backups: 3                     # Old log files to retain (default: 3)
  max_age_days: 7                    # Days to retain old logs (default: 7)
  compress: true                     # Compress rotated logs (default: true)
  local_time: false                  # Use local time for filenames (default: false)

# Metrics configuration
metrics:
  enabled: true                      # Enable Prometheus metrics (default: true)
  port: 9090                         # Metrics HTTP server port (default: 9090)
  path: "/metrics"                   # Metrics endpoint path (default: /metrics)
  labels:                            # Custom labels for all metrics
    connector_id: "prod-us-east-1"   # Unique connector identifier
    environment: "production"        # Environment (production, staging, dev)
    region: "us-east-1"              # Geographic region or datacenter
```

### actions.yml

See the [Action Configuration](/edge-connectors-actions) guide for detailed action syntax.

## Management Commands

### Systemd Service Control

```bash theme={null}
# Start the service
sudo systemctl start rootly-edge-connector

# Stop the service
sudo systemctl stop rootly-edge-connector

# Restart the service
sudo systemctl restart rootly-edge-connector

# View service status
sudo systemctl status rootly-edge-connector

# Enable start on boot
sudo systemctl enable rootly-edge-connector

# Disable start on boot
sudo systemctl disable rootly-edge-connector
```

### Viewing Logs

```bash theme={null}
# Follow logs in real-time
sudo journalctl -u rootly-edge-connector -f

# View last 100 lines
sudo journalctl -u rootly-edge-connector -n 100

# View logs since 1 hour ago
sudo journalctl -u rootly-edge-connector --since "1 hour ago"

# View errors only
sudo journalctl -u rootly-edge-connector -p err

# Export logs to file
sudo journalctl -u rootly-edge-connector > connector-logs.txt
```

### Checking Metrics

If metrics are enabled (default port 9090):

```bash theme={null}
# View Prometheus metrics
curl http://localhost:9090/metrics

# Common metrics:
# - rec_events_polled_total: Total events polled
# - rec_actions_executed_total: Total actions executed
# - rec_action_duration_seconds: Action execution duration
# - rec_poll_errors_total: Polling errors
```

## Updating

### Update Binary

```bash theme={null}
# Stop the service
sudo systemctl stop rootly-edge-connector

# Backup current binary
sudo cp /opt/rootly-edge-connector/bin/rootly-edge-connector \
       /opt/rootly-edge-connector/bin/rootly-edge-connector.backup

# Install new binary
sudo cp new-rootly-edge-connector /opt/rootly-edge-connector/bin/rootly-edge-connector
sudo chmod +x /opt/rootly-edge-connector/bin/rootly-edge-connector
sudo chown rootly:rootly /opt/rootly-edge-connector/bin/rootly-edge-connector

# Start the service
sudo systemctl start rootly-edge-connector

# Verify
sudo systemctl status rootly-edge-connector
```

### Update Configuration

```bash theme={null}
# Edit configuration files
sudo vim /etc/rootly-edge-connector/config.yml
sudo vim /etc/rootly-edge-connector/actions.yml

# Validate configuration (optional)
sudo -u rootly /opt/rootly-edge-connector/bin/rootly-edge-connector \
  -config /etc/rootly-edge-connector/config.yml \
  -actions /etc/rootly-edge-connector/actions.yml \
  -validate

# Restart service to apply changes
sudo systemctl restart rootly-edge-connector
```

## Docker Deployment

For containerized environments:

**Dockerfile:**

```dockerfile theme={null}
FROM ubuntu:22.04

RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*

COPY rootly-edge-connector /usr/local/bin/
RUN chmod +x /usr/local/bin/rootly-edge-connector

USER 1000:1000

ENTRYPOINT ["/usr/local/bin/rootly-edge-connector"]
CMD ["-config", "/etc/rootly/config.yml", "-actions", "/etc/rootly/actions.yml"]
```

**docker-compose.yml:**

```yaml theme={null}
version: '3.8'

services:
  edge-connector:
    image: rootly-edge-connector:latest
    container_name: rootly-edge-connector
    restart: always
    environment:
      - REC_API_KEY=${REC_API_KEY}
    volumes:
      - ./config.yml:/etc/rootly/config.yml:ro
      - ./actions.yml:/etc/rootly/actions.yml:ro
      - ./scripts:/opt/scripts:ro
    ports:
      - "9090:9090"  # Metrics port
```

**Run with Docker:**

```bash theme={null}
# Build image
docker build -t rootly-edge-connector:latest .

# Run container
docker run -d \
  --name rootly-edge-connector \
  --restart always \
  -e REC_API_KEY="your-api-key" \
  -v $(pwd)/config.yml:/etc/rootly/config.yml:ro \
  -v $(pwd)/actions.yml:/etc/rootly/actions.yml:ro \
  -v $(pwd)/scripts:/opt/scripts:ro \
  -p 9090:9090 \
  rootly-edge-connector:latest

# View logs
docker logs -f rootly-edge-connector
```

## Troubleshooting

### Connector Won't Start

**Check configuration syntax:**

```bash theme={null}
sudo -u rootly /opt/rootly-edge-connector/bin/rootly-edge-connector \
  -config /etc/rootly-edge-connector/config.yml \
  -actions /etc/rootly-edge-connector/actions.yml \
  -validate
```

**Check permissions:**

```bash theme={null}
ls -la /opt/rootly-edge-connector/bin/
ls -la /etc/rootly-edge-connector/
```

**View detailed logs:**

```bash theme={null}
sudo journalctl -u rootly-edge-connector -n 50 --no-pager
```

### API Connection Issues

**Test network connectivity:**

```bash theme={null}
curl -v https://rec.rootly.com/health
```

**Verify API key:**

```bash theme={null}
# Check environment file
sudo cat /etc/rootly-edge-connector/environment

# Test with API key
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://rec.rootly.com/rec/v1/health
```

### Actions Not Executing

**Check action registration:**

```bash theme={null}
# Look for registration success in logs
sudo journalctl -u rootly-edge-connector | grep "Registered actions"
```

**Verify script permissions:**

```bash theme={null}
# Scripts must be executable
sudo chmod +x /opt/rootly-edge-connector/scripts/*.sh

# Check script ownership
ls -la /opt/rootly-edge-connector/scripts/
```

**Test script manually:**

```bash theme={null}
sudo -u rootly /opt/rootly-edge-connector/scripts/your-script.sh arg1 arg2
```

### High Memory/CPU Usage

**Check poll interval:**

* Increase `poller.polling_wait_interval_ms` in config.yml (e.g., from 5000 to 30000)

**Review action timeouts:**

* Ensure actions complete within their timeout values
* Check for hung processes

**Monitor metrics:**

```bash theme={null}
curl http://localhost:9090/metrics | grep rec_
```

## Security Best Practices

### 1. Run as Dedicated User

Always run the Edge Connector as a non-root user with minimal privileges.

### 2. Protect Sensitive Files

```bash theme={null}
# Environment file should be 600 (owner read/write only)
sudo chmod 600 /etc/rootly-edge-connector/environment

# Config files should be 640 (owner read/write, group read)
sudo chmod 640 /etc/rootly-edge-connector/*.yml
```

### 3. Network Isolation

* Run on a dedicated or isolated host
* Restrict outbound connections to rec.rootly.com only (if using firewall)
* Do not expose metrics port publicly

### 4. Audit Scripts

* Review all scripts before adding to actions.yml
* Use version control for scripts
* Implement pull request approval process

### 5. Rotate API Keys

* Rotate API keys periodically (e.g., quarterly)
* Use different keys for dev/staging/production
* Revoke old keys after rotation

### 6. Monitor Logs

* Set up log aggregation (e.g., to ELK, Splunk)
* Alert on errors and failures
* Review execution logs regularly

## Next Steps

* Configure [Actions](/edge-connectors-actions) for your use cases
* Learn [Template Syntax](/edge-connectors-templates) for dynamic values
* Review [Event Examples](/edge-connectors-event-examples) for payload structures
* See the main [Edge Connectors](/edge-connectors) documentation for architecture details


# Template Syntax
Source: https://docs.rootly.com/edge-connectors-templates

Use Liquid templates in Rootly Edge Connectors to dynamically insert event data, parameters, and secrets into HTTP and script actions during execution.

## Overview

Edge Connectors use **Liquid templates** to dynamically substitute values from events, user parameters, and environment variables into your action configurations.

Templates allow you to:

* Access event data (alerts, incidents, etc.)
* Use user-provided parameters from manual triggers
* Reference environment variables securely
* Transform data with filters

<Info>
  Edge Connectors use the [osteele/liquid](https://github.com/osteele/liquid) library, a Go implementation of Shopify's Liquid template language.
</Info>

## Basic Syntax

### Simple Fields

Access top-level fields directly:

```yaml theme={null}
{{ id }}              # Event ID
{{ summary }}         # Alert/incident summary
{{ status }}          # Current status
{{ title }}           # Incident title
```

### Nested Fields

Use dot notation for nested objects:

```yaml theme={null}
{{ labels.severity }}        # Alert severity label
{{ data.host }}              # Custom monitoring data
{{ severity.name }}          # Incident severity object
{{ triggered_by.email }}     # User who triggered action
```

### Array Access

Access array elements by index or using helpers:

```yaml theme={null}
{{ services[0].name }}       # First service (by index)
{{ services.first.name }}    # First service (helper)
{{ services.last.slug }}     # Last service (helper)
{{ environments[0].slug }}   # First environment
```

### Environment Variables

Securely access environment variables:

```yaml theme={null}
{{ env.API_KEY }}            # From REC_API_KEY or API_KEY
{{ env.AWS_REGION }}         # From REC_AWS_REGION or AWS_REGION
{{ env.WEBHOOK_URL }}        # From REC_WEBHOOK_URL or WEBHOOK_URL
```

<Warning>
  Store sensitive values like API keys and tokens in environment variables, never in action configuration files.
</Warning>

## Event Data Access

### Alert Events

Common fields available in alert events:

```yaml theme={null}
{{ id }}                      # Alert UUID
{{ summary }}                 # Alert summary text
{{ status }}                  # open, acknowledged, resolved
{{ source }}                  # datadog, pagerduty, etc.
{{ labels.severity }}         # Severity from monitoring system
{{ data.host }}               # Custom monitoring data
{{ services[0].name }}        # Affected service
{{ environments[0].slug }}    # Environment (production, etc.)
{{ started_at }}              # When alert started
```

### Incident Events

Common fields available in incident events:

```yaml theme={null}
{{ id }}                      # Incident UUID
{{ sequential_id }}           # Incident number (42, 43, etc.)
{{ title }}                   # Incident title
{{ summary }}                 # Incident summary
{{ status }}                  # started, mitigated, resolved
{{ severity.name }}           # SEV1, SEV2, etc.
{{ severity.slug }}           # sev1, sev2, etc.
{{ services | map: 'name' }}  # All affected services
{{ environments[0].name }}    # Environment name
{{ detected_at }}             # When detected
{{ mitigated_at }}            # When mitigated
{{ resolved_at }}             # When resolved
```

### Action Trigger Events

Fields available when users manually trigger actions:

```yaml theme={null}
{{ entity_id }}                   # Alert or incident ID
{{ action.name }}                 # Action display name
{{ action.slug }}                 # Action identifier
{{ parameters.service_name }}     # User input parameter
{{ parameters.environment }}      # User input parameter
{{ triggered_by.id }}             # User ID
{{ triggered_by.name }}           # User name
{{ triggered_by.email }}          # User email
```

## Filters

Filters transform values using the pipe (`|`) operator.

### Array Filters

**map** - Extract property from objects:

```yaml theme={null}
{{ services | map: "name" }}
# [{name: "DB"}, {name: "API"}] → ["DB", "API"]
```

**join** - Combine array elements:

```yaml theme={null}
{{ services | map: "name" | join: ", " }}
# ["DB", "API", "Cache"] → "DB, API, Cache"
```

**first** - Get first element:

```yaml theme={null}
{{ services | first }}
# Returns first service object
```

**last** - Get last element:

```yaml theme={null}
{{ services | last }}
# Returns last service object
```

**sort** - Sort alphabetically:

```yaml theme={null}
{{ names | sort }}
# ["charlie", "alice", "bob"] → ["alice", "bob", "charlie"]
```

**uniq** - Remove duplicates:

```yaml theme={null}
{{ items | uniq }}
# [1, 2, 2, 3, 1] → [1, 2, 3]
```

**compact** - Remove nil values:

```yaml theme={null}
{{ items | compact }}
# [1, nil, 2, nil, 3] → [1, 2, 3]
```

**reverse** - Reverse order:

```yaml theme={null}
{{ items | reverse }}
# [1, 2, 3] → [3, 2, 1]
```

### String Filters

**upcase** - Convert to uppercase:

```yaml theme={null}
{{ status | upcase }}
# "open" → "OPEN"
```

**downcase** - Convert to lowercase:

```yaml theme={null}
{{ severity | downcase }}
# "CRITICAL" → "critical"
```

**capitalize** - Capitalize first letter:

```yaml theme={null}
{{ name | capitalize }}
# "john doe" → "John doe"
```

**default** - Provide fallback value:

```yaml theme={null}
{{ field | default: "N/A" }}
# If field is empty → "N/A"
```

**truncate** - Shorten text:

```yaml theme={null}
{{ summary | truncate: 50 }}
# "Very long summary text..." → "Very long summary text..."
```

**replace** - Replace all occurrences:

```yaml theme={null}
{{ text | replace: "foo", "bar" }}
# "foo foo" → "bar bar"
```

**remove** - Remove all occurrences:

```yaml theme={null}
{{ severity | remove: "SEV" }}
# "SEV1" → "1"
```

**strip** - Remove whitespace:

```yaml theme={null}
{{ text | strip }}
# "  hello  " → "hello"
```

**append** - Add to end:

```yaml theme={null}
{{ name | append: ".txt" }}
# "file" → "file.txt"
```

**prepend** - Add to beginning:

```yaml theme={null}
{{ name | prepend: "prefix-" }}
# "name" → "prefix-name"
```

**split** - Split into array:

```yaml theme={null}
{{ "a,b,c" | split: "," }}
# "a,b,c" → ["a", "b", "c"]
```

### Number Filters

**plus** - Add:

```yaml theme={null}
{{ count | plus: 1 }}
# 5 → 6
```

**minus** - Subtract:

```yaml theme={null}
{{ count | minus: 2 }}
# 5 → 3
```

**times** - Multiply:

```yaml theme={null}
{{ value | times: 10 }}
# 5 → 50
```

**divided\_by** - Divide:

```yaml theme={null}
{{ value | divided_by: 2 }}
# 10 → 5
```

**modulo** - Remainder:

```yaml theme={null}
{{ value | modulo: 3 }}
# 10 → 1
```

**abs** - Absolute value:

```yaml theme={null}
{{ value | abs }}
# -5 → 5
```

**round** - Round number:

```yaml theme={null}
{{ value | round: 2 }}
# 3.14159 → 3.14
```

**ceil** - Round up:

```yaml theme={null}
{{ value | ceil }}
# 3.2 → 4
```

**floor** - Round down:

```yaml theme={null}
{{ value | floor }}
# 3.8 → 3
```

### Date Filters

**date** - Format timestamp:

```yaml theme={null}
{{ started_at | date: "%Y-%m-%d %H:%M:%S" }}
# "2025-10-26T21:30:00Z" → "2025-10-26 21:30:00"

{{ started_at | date: "%B %d, %Y" }}
# "2025-10-26T21:30:00Z" → "October 26, 2025"
```

Common date format codes:

* `%Y` - Year (2025)
* `%m` - Month (01-12)
* `%d` - Day (01-31)
* `%H` - Hour 24h (00-23)
* `%M` - Minute (00-59)
* `%S` - Second (00-59)
* `%B` - Full month name (January)
* `%b` - Short month name (Jan)

## Real-World Examples

### Example 1: Alert Notification

Format a Slack message with alert details:

```yaml theme={null}
body: |
  {
    "text": ":warning: New Alert",
    "attachments": [{
      "color": "danger",
      "fields": [
        {"title": "Summary", "value": "{{ summary }}", "short": false},
        {"title": "Severity", "value": "{{ labels.severity | upcase }}", "short": true},
        {"title": "Host", "value": "{{ data.host | default: 'unknown' }}", "short": true},
        {"title": "Services", "value": "{{ services | map: 'name' | join: ', ' }}", "short": false},
        {"title": "Environment", "value": "{{ environments.first.name }}", "short": true},
        {"title": "Time", "value": "{{ started_at | date: '%Y-%m-%d %H:%M' }}", "short": true}
      ]
    }]
  }
```

### Example 2: Incident Summary

Create a concise incident summary:

```yaml theme={null}
message: "[{{ severity.name }}] {{ title }} - {{ services | map: 'name' | join: ', ' }} ({{ environments.first.slug }})"
# Result: "[SEV1] API Gateway Outage - API Gateway, Auth Service (production)"
```

### Example 3: Script Parameters

Pass structured data to a script:

```yaml theme={null}
parameters:
  incident_id: "{{ id }}"
  incident_number: "{{ sequential_id }}"
  severity: "{{ severity.slug }}"
  services: "{{ services | map: 'slug' | join: ',' }}"
  environment: "{{ environments.first.slug }}"
  triggered_by: "{{ triggered_by.email | default: 'system' }}"
  timestamp: "{{ started_at | date: '%Y-%m-%d %H:%M:%S' }}"
```

### Example 4: Conditional Values

Use defaults for optional fields:

```yaml theme={null}
parameters:
  reason: "{{ parameters.reason | default: 'Manual action triggered' }}"
  environment: "{{ parameters.environment | default: 'production' }}"
  force: "{{ parameters.force_restart | default: false }}"
  host: "{{ data.host | default: 'localhost' }}"
```

### Example 5: Complex Transformation

Chain multiple filters:

```yaml theme={null}
# Extract, sort, and format service names
services_list: "{{ services | map: 'name' | sort | join: ' | ' | upcase }}"
# Result: "API GATEWAY | AUTH SERVICE | DATABASE"

# Format severity without prefix
severity_number: "{{ severity.name | remove: 'SEV' }}"
# "SEV1" → "1"
```

## Advanced Patterns

### Chaining Filters

Combine multiple filters in sequence:

```yaml theme={null}
{{ services | map: "name" | sort | uniq | join: ", " | upcase }}
# Extract names → sort → remove duplicates → join → uppercase
```

### Nested Array Access

Access deeply nested data:

```yaml theme={null}
{{ services[0].tags[0] }}              # First service's first tag
{{ data.metrics.values[5] }}           # Sixth metric value
{{ environments.first.config.region }} # Environment config
```

### Safe Navigation

Liquid handles missing values gracefully:

```yaml theme={null}
{{ missing.field }}                # Returns empty string ""
{{ array[999].name }}              # Returns "" (out of bounds)
{{ undefined | default: "N/A" }}   # Returns "N/A"
```

## Common Patterns

### Service List

```yaml theme={null}
services: "{{ services | map: 'name' | join: ', ' }}"
# "Database, API Gateway, Cache"
```

### Environment Detection

```yaml theme={null}
env: "{{ environments.first.slug | default: 'unknown' }}"
# "production"
```

### Severity Formatting

```yaml theme={null}
severity: "{{ labels.severity | upcase | default: 'UNKNOWN' }}"
# "CRITICAL"
```

### User Context

```yaml theme={null}
user: "{{ triggered_by.name }} ({{ triggered_by.email }})"
# "John Doe (john@example.com)"
```

### Timestamp Formatting

```yaml theme={null}
time: "{{ started_at | date: '%Y-%m-%d %H:%M:%S UTC' }}"
# "2025-10-26 21:30:00 UTC"
```

## Limitations

<Note>
  To keep templates simple and secure, the following Liquid features are **not** supported:
</Note>

* **No logic tags**: `{% if %}`, `{% unless %}`, `{% case %}` not supported
* **No loops**: `{% for %}` not supported - use filters like `map` and `join` instead
* **No custom tags**: Only `{{ }}` output tags are supported
* **No assignments**: `{% assign %}` not supported

Use filters and the `default` filter for conditional logic:

```yaml theme={null}
# Instead of {% if field %}{{ field }}{% else %}N/A{% endif %}
# Use:
{{ field | default: "N/A" }}
```

## Tips & Best Practices

### 1. Use Default Filter

Always provide fallback values for optional fields:

```yaml theme={null}
{{ data.host | default: "unknown" }}
{{ parameters.timeout | default: 30 }}
```

### 2. Extract Then Join

For arrays of objects, use `map` + `join`:

```yaml theme={null}
{{ services | map: "name" | join: ", " }}
```

### 3. Test Templates

Test with sample event data before deploying:

* Use the [Event Examples](/edge-connectors-event-examples) for reference payloads
* Verify templates produce expected output
* Handle edge cases (empty arrays, missing fields)

### 4. Keep It Simple

Complex logic belongs in scripts, not templates:

```yaml theme={null}
# Good: Simple data extraction
service: "{{ services.first.name }}"

# Bad: Complex transformation (do this in a script instead)
# Avoid overly complex filter chains
```

### 5. Environment Variables for Secrets

Never hardcode secrets in templates:

```yaml theme={null}
# Good
Authorization: "Bearer {{ env.API_TOKEN }}"

# Bad
Authorization: "Bearer sk-1234567890abcdef"
```

### 6. Format for Readability

Use multiline strings for JSON/YAML bodies:

```yaml theme={null}
body: |
  {
    "field1": "{{ value1 }}",
    "field2": "{{ value2 }}"
  }
```

## Troubleshooting

### Template Returns Empty String

* Check field name spelling
* Verify field exists in event payload (see [Event Examples](/edge-connectors-event-examples))
* Use `default` filter: `{{ field | default: "missing" }}`

### Array Access Fails

* Verify array is not empty
* Use `.first` or `.last` helpers for safety
* Check array index is in bounds

### Filter Not Working

* Verify filter name is correct
* Check filter arguments (some require arguments: `{{ value | round: 2 }}`)
* Ensure input type matches filter (can't `upcase` a number)

### Environment Variable Not Found

* Verify variable is set in environment
* Check variable name (case-sensitive)
* Edge Connector supports both `REC_` prefix and plain names

## Next Steps

* See [Action Configuration](/edge-connectors-actions) to use templates in actions
* Review [Event Examples](/edge-connectors-event-examples) for available fields
* Read the main [Edge Connectors](/edge-connectors) documentation


# Welcome to Rootly
Source: https://docs.rootly.com/help-and-documentation

Welcome to Rootly's comprehensive incident management platform. Find everything you need to manage incidents, on-call schedules, alerts, and more.

Use the navigation bar to explore our documentation, or try the search bar at the top to find specific topics.

Need additional help? Visit our [Help and Support](https://rootly.com/help) page for more resources.

<CardGroup>
  <Card icon="rocket" href="/quick-start-guide" title="Ready to Transform Your Incident Response?">
    Get up and running with Rootly in about 15 minutes - from signup to your first incident. Includes an introduction video and step-by-step setup process.
  </Card>
</CardGroup>

## Core Features

<CardGroup>
  <Card icon="triangle-exclamation" href="/incidents/incidents" title="Incident Management">
    Create, manage, and resolve incidents efficiently with comprehensive workflows.
  </Card>

  <Card icon="user-clock" href="/on-call/on-call" title="On-Call Management">
    Schedule on-call rotations, manage escalations, and ensure coverage 24/7.
  </Card>

  <Card icon="bell" href="/alerts" title="Alert Management">
    Route, prioritize, and manage alerts from your monitoring systems.
  </Card>

  <Card icon="brain" href="/ai/ai" title="AI & Intelligence">
    Leverage AI-powered incident summaries, title generation, and smart insights.
  </Card>

  <Card icon="bolt" href="/workflows/workflows" title="Automation & Workflows">
    Automate incident response with powerful workflow automation tools.
  </Card>

  <Card icon="mobile-screen-button" href="/on-call/mobile-app" title="Mobile App">
    Manage incidents and respond to alerts on the go with our mobile app.
  </Card>
</CardGroup>

## Quick Links

<CardGroup>
  <Card icon="plus-circle" href="/incidents/creating-incidents/creating-incidents-via-slack" title="Creating Your First Incident">
    Learn how to create incidents via Slack, web, or API.
  </Card>

  <Card icon="calendar" href="/on-call/schedules" title="Setting Up On-Call Schedules">
    Configure on-call rotations and coverage.
  </Card>

  <Card icon="route" href="/alerts/alert-routing" title="Configuring Alert Routing">
    Route alerts to the right teams and escalation policies.
  </Card>
</CardGroup>

## Configuration & Setup

<CardGroup>
  <Card icon="gear" href="/configuration/configuration" title="Configuration">
    Configure forms, fields, teams, services, and core Rootly settings.
  </Card>

  <Card icon="users" href="/managing-teams/managing-teams" title="Team & User Management">
    Manage user access, permissions, and team structures.
  </Card>
</CardGroup>

## Communication & Notifications

<CardGroup>
  <Card icon="comments" href="/notifications/getting-started" title="Getting Started with Notifications">
    Configure email, Slack, SMS, and push notifications for incidents and on-call alerts.
  </Card>

  <Card icon="desktop" href="/configuration/status-pages" title="Status Pages">
    Keep stakeholders informed with public and private status pages.
  </Card>
</CardGroup>

## Analysis & Improvement

<CardGroup>
  <Card icon="chart-column" href="/retrospectives/retrospectives" title="Analytics & Retrospectives">
    Analyze incident metrics and conduct post-incident reviews.
  </Card>

  <Card icon="list-check" href="/incidents/action-items/action-items" title="Action Items & Tasks">
    Track follow-up tasks and improvements from incidents.
  </Card>
</CardGroup>

## Popular Integrations

<CardGroup>
  <Card icon="slack" href="/integrations/slack/slack" title="Slack">
    Manage incidents directly from your Slack workspace.
  </Card>

  <Card icon="bell" href="/integrations/pagerduty/pagerduty" title="PagerDuty">
    Integrate with your existing PagerDuty alerts and schedules.
  </Card>

  <Card icon="jira" href="/integrations/jira/jira" title="Jira">
    Sync incidents with Jira issues for seamless project tracking.
  </Card>

  <Card icon="chart-line" href="/integrations/datadog/datadog" title="Datadog">
    Connect monitoring data and alerts from Datadog.
  </Card>

  <Card icon="cloud" href="/integrations/aws-cloudwatch" title="AWS CloudWatch">
    Route CloudWatch alarms and metrics directly to Rootly incidents.
  </Card>

  <Card icon="cloud" href="/integrations/aws-sns" title="AWS SNS">
    Send versioned SNS alert payloads to Rootly using a secure webhook endpoint.
  </Card>

  <Card icon="puzzle-piece" href="/integrations/overview" title="All Integrations">
    Browse our complete library of 50+ integrations.
  </Card>
</CardGroup>

## Developer Resources

<CardGroup>
  <Card icon="code" href="/api-reference/overview" title="API Reference">
    Comprehensive API documentation for custom integrations.
  </Card>

  <Card icon="code" href="/liquid/liquid" title="Liquid Templates">
    Customize notifications and workflows with our templating system.
  </Card>

  <Card icon="filter" href="/liquid/filters" title="Liquid Variables & Filters">
    Reference guide for all available Liquid variables and filters.
  </Card>
</CardGroup>

## Need Help?

<CardGroup>
  <Card icon="circle-question" href="/contacting-support" title="Contact Support">
    Get help from our support team or use `/rootly support` in Slack.
  </Card>
</CardGroup>


# Action Items Overview
Source: https://docs.rootly.com/incidents/action-items/action-items

Understand how action items—including tasks and follow-ups—help teams drive effective incident response and long-term reliability improvements.

### How Action Items Work

Action items are structured pieces of work created during or after an incident. They help teams capture urgent tasks, assign ownership, track accountability, and ensure important follow-up work is completed.

Action items live alongside the incident timeline, Slack workflows, retrospectives, and analytics—providing full visibility into what was done during an incident and what still needs to be done.

This page introduces how action items work, why they matter, and where they fit into the incident lifecycle.

***

### Why Action Items Matter

During fast-moving incidents, it’s easy for important work to be forgotten. Action items help by:

* Capturing tasks needed to investigate or mitigate the issue
* Tracking follow-up work after the incident to prevent recurrence
* Assigning clear ownership so nothing is lost
* Providing structure for retrospectives and improvement planning
* Enabling automation through workflows and integrations
* Improving accountability and long-term system reliability

Common examples include:

* **Task** – “Restart service X on cluster Y.”
* **Task** – “Verify the hotfix on canary pods.”
* **Follow-up** – “Add alerting for cache saturation.”
* **Follow-up** – “Update the API runbook with new mitigation steps.”

<Info>
  Action items are fully customizable and can be created from the Web UI, Slack, API, Workflows, or even tied to specific Incident Roles.
</Info>

***

### Types of Action Items

Action items come in two forms, each serving a different purpose in the response lifecycle.

#### **Tasks — Work During the Incident**

Tasks represent operational or investigative work that helps move the incident toward mitigation or resolution.

Tasks typically include:

* **Title** (required)
* Description (Markdown supported)
* **Assignee** (user or group)
* Priority (High, Medium, Low)
* Status (Open, In Progress, Done, Cancelled)
* Optional reminder (5–180 minutes)

#### **Follow-Ups — Work After the Incident**

Follow-ups help teams improve reliability after the incident is over. They are usually completed post-resolution.

Follow-ups include:

* **Title** (required)
* Description (Markdown supported)
* Priority
* **Assignee** (user or group)
* **Due date**
* Status

<Info>
  Follow-ups are often reviewed and assigned during retrospectives, making them a critical part of continuous improvement.
</Info>

***

### Where Action Items Live in Rootly

#### **On the Incident Timeline (Web UI)**

Every task or follow-up appears directly on the timeline, keeping work tied to the context of the incident. Responders can:

* Create or edit items
* Assign or reassign owners
* Update status or priority
* Open linked JIRA / Linear / GitHub issues (if integrated)

#### **In Slack**

If Slack is integrated, responders can create and manage action items without leaving the incident channel:

* `/rootly task`
* `/rootly followup`
* `/rootly add action item`
* `/rootly action items` (manage existing items)

Slack modals support assignment, priority, reminders, and descriptions.

#### **In the Web Interface**

Each incident has an **Action Items** section where teams can:

* Filter by priority, type, or status
* Bulk-review outstanding work
* Export action items to CSV, JSON, or XML
* Manage all items across all incidents from a global dashboard

#### **In Workflows**

Workflows can create tasks or follow-ups automatically based on:

* Severity
* Impacted services
* Incident type
* Sub-status changes
* Timeline events
* Role assignments
* Custom logic

Automation ensures important tasks are created consistently and early.

#### **Through the API**

Developers can programmatically create or update items:

```
POST /api/v1/teams/:team_id/incidents/:incident_id/action_items
```

The API supports full lifecycle management, including due dates, priority, and linking external issue IDs.

***

### How Action Items Support the Response Process

Action items help orchestrate the human work that happens around incidents:

* Timeline entries show when items were created, updated, or completed
* Slack channel summaries update dynamically as items change
* Workflow triggers can depend on action item status or presence
* Retrospectives include a full list of tasks and follow-ups for review
* Analytics dashboards help track overdue items, recurrence, and team performance
* Permissions determine who can create, edit, or complete action items

<Info>
  When paired with roles and workflows, action items create a structured, predictable response process across teams.
</Info>

***

### Where to Go Next

These pages will help you manage action items across all interfaces:

* **Add via Slack** – Create tasks or follow-ups using Slack commands
* **Add via Web Interface** – Add items directly from the incident page
* **Add via API** – Programmatically create items from external systems
* **Add via Email** – Append email-based action items when responding to incident emails
* **Incident Roles** – Automatically create action items based on role responsibilities
* **Workflows** – Generate tasks and follow-ups automatically based on incident conditions

***

### Best Practices

* **Create tasks early**\
  Capture investigative work as soon as it emerges.

* **Use follow-ups for durable improvements**\
  These often prevent recurrence.

* **Assign owners immediately**\
  Unassigned tasks often go stale.

* **Set due dates for follow-ups**\
  This increases accountability and helps with retrospective follow-through.

* **Use priorities intentionally**\
  High-priority follow-ups should be reviewed in retrospectives or weekly ops meetings.

* **Automate repetitive items**\
  Workflow-generated tasks ensure consistent coverage.

* **Review open follow-ups regularly**\
  Keeps your reliability improvement backlog healthy.

***

### FAQ

<AccordionGroup>
  <Accordion title="Do all incidents need action items?">
    No. Smaller or operationally simple incidents may not require tasks or follow-ups.
  </Accordion>

  <Accordion title="Can multiple people be assigned to a single action item?">
    One user may own the item, but **multiple groups** can also be assigned for shared accountability.
  </Accordion>

  <Accordion title="Can action items support Markdown formatting?">
    Yes. Descriptions fully support Markdown for links, formatting, and structured notes.
  </Accordion>

  <Accordion title="Can workflows automatically create tasks or follow-ups?">
    Yes. This is one of the most powerful features of Rootly’s workflows for predictable processes.
  </Accordion>

  <Accordion title="Do action items appear in retrospectives?">
    Yes. All tasks and follow-ups associated with an incident appear in the retrospective for review.
  </Accordion>

  <Accordion title="Can I integrate tasks with JIRA, Linear, GitHub, etc.?">
    Yes. Action items support external issue linking for teams who track work in external systems.
  </Accordion>

  <Accordion title="What happens when an incident is resolved?">
    Tasks may be completed, and remaining work typically becomes follow-ups. Some orgs disable new task creation after resolution.
  </Accordion>
</AccordionGroup>


# Creating Action Items via Automation & API
Source: https://docs.rootly.com/incidents/action-items/adding-action-items-via-api

Automate action item creation through workflows, incident roles, and direct API integration for scalable incident response processes.

### How Automation Creates Action Items

Action items—tasks and follow-ups—can be generated automatically through **Workflows**, **Incident Roles**, or the **Rootly API**. Automation ensures teams never miss a critical task, follow-up, or improvement opportunity during or after an incident.

Automation is especially powerful for:

* Enforcing consistent response processes
* Creating tasks or follow-ups automatically based on incident conditions
* Routing work to the correct owners
* Producing reliable audit trails
* Integrating with tools such as Jira, GitHub, and Slack

<Info>
  Automation reduces operational overhead and ensures every incident produces actionable, trackable work.
</Info>

***

### Action Items and Workflows

Workflows can both **create** and **react to** action items using a variety of triggers and conditions.

#### Supported Workflow Triggers (Action Item Category)

Rootly supports the following action-item–related triggers:

* `incident_updated`
* `action_item_created`
* `action_item_updated`
* `assigned_user_updated`
* `summary_updated`
* `description_updated`
* `status_updated`
* `priority_updated`
* `due_date_updated`
* `teams_updated`
* `slack_command`

#### Workflow Conditions

Workflows can filter based on:

* Action item type (Task / Follow-up)
* Status
* Priority
* Incident severity
* Visibility
* Incident kind
* Incident roles
* Other incident attributes (teams, services, etc.)

<Info>
  Conditions and triggers map directly to code-backed enums and workflow schemas, ensuring strict validation and predictable automation.
</Info>

***

#### Example: Workflow **creates** a task when the Security team is added

<Info>
  **Trigger**

  * Teams added

  **Conditions**

  * Kind → Incident
  * Team → is one of → Security

  **Action**

  * Create a task to alert the Legal team
</Info>

***

#### Example: Workflow **reacts to** a new action item

<Info>
  **Trigger**

  * Action item created

  **Conditions**

  * Type → Task
  * Priority → High

  **Action**

  * Create an external ticket (e.g., Jira, GitHub, GitLab, Linear)
</Info>

<Info>
  Workflow tasks are grouped by integration. Jira actions, for example, appear under the Jira task group and require the Jira integration to be enabled.
</Info>

***

### Action Items and Incident Roles

Incident Roles can include predefined tasks that are automatically converted into incident action items when an incident is created.

These role-based tasks carry:

* Summary
* Priority
* Role assignment metadata
* Ordering/position

### To configure:

1. Go to **Configuration → Roles**
2. Select a role
3. Open the **Tasks** tab
4. Add or reorder tasks

<Info>
  Role-based action items give each incident a predictable starting checklist and ensure operational discipline.
</Info>

Learn more about [Incident Roles](https://docs.rootly.com/configuration/incident-roles).

***

### Action Items and the API

The Rootly API allows programmatic creation, management, and retrieval of action items.

#### Endpoints

* **List incident action items**\
  [https://docs.rootly.com/api-reference/incidentactionitems/list-incident-action-items](https://docs.rootly.com/api-reference/incidentactionitems/list-incident-action-items)

* **Create an incident action item**\
  [https://docs.rootly.com/api-reference/incidentactionitems/creates-an-incident-action-item](https://docs.rootly.com/api-reference/incidentactionitems/creates-an-incident-action-item)

* **Retrieve an incident action item**\
  [https://docs.rootly.com/api-reference/incidentactionitems/retrieves-an-incident-action-item](https://docs.rootly.com/api-reference/incidentactionitems/retrieves-an-incident-action-item)

* **Update an incident action item**\
  [https://docs.rootly.com/api-reference/incidentactionitems/update-an-incident-action-item](https://docs.rootly.com/api-reference/incidentactionitems/update-an-incident-action-item)

* **Delete an incident action item**\
  [https://docs.rootly.com/api-reference/incidentactionitems/delete-an-incident-action-item](https://docs.rootly.com/api-reference/incidentactionitems/delete-an-incident-action-item)

* **List all action items for an organization**\
  [https://docs.rootly.com/api-reference/incidentactionitems/list-all-action-items-for-an-organization](https://docs.rootly.com/api-reference/incidentactionitems/list-all-action-items-for-an-organization)

### Supported API Fields (Create/Update)

* `kind` (`task` or `follow_up`)
* `summary` (required)
* `description` (Markdown supported)
* `assigned_to_user_id`
* `assigned_to_group_ids`
* `priority` (`high`, `medium`, `low`)
* `status` (`open`, `in_progress`, `done`, `cancelled`)
* `due_date` (ISO 8601)
* **Jira fields:**
  * `jira_issue_id`
  * `jira_issue_key`
  * `jira_issue_url`

### Response Fields Include

* Kind, priority, status
* Due date
* Assigned user & groups
* Integration URLs:
  * `jira_issue_url`
  * `github_issue_url`
  * `gitlab_issue_url`
  * `linear_issue_url`
* `url` and `short_url`
* Timestamps and metadata

<Info>
  The API follows the JSON:API spec and enforces the same validations as the Web UI and Slack.
</Info>

***

### Best Practices

* **Automate common tasks** to reduce manual work
* **Use role-based tasks** for consistent incident startup actions
* **Assign owners early** to prevent drift
* **Use priorities intentionally** to structure follow-up workflows
* **Integrate external systems** (Jira, GitHub, etc.) for centralized tracking
* **Review overdue follow-ups regularly** for reliability improvements

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="A workflow didn’t create an action item">
    Confirm the trigger conditions matched the incident and that the user/action had permission to create action items.
  </Accordion>

  <Accordion title="A role task did not appear during incident creation">
    Ensure the role is enabled and the role tasks themselves are active. Disabled tasks are not copied over.
  </Accordion>

  <Accordion title="The API returned a validation error">
    Make sure <code>summary</code> is present and enum fields (priority, status, kind) match allowed values. Check Jira fields if provided.
  </Accordion>

  <Accordion title="A follow-up could not be created">
    Some organizations disable task/follow-up creation after an incident is resolved, cancelled, or closed.
  </Accordion>

  <Accordion title="API-created items aren’t appearing in Slack">
    Slack notifications fire only when:
    <br />• The team has a Slack integration\
    <br />• The incident has a <code>slack\_summary\_timestamp</code>\
    <br />• Notifications aren’t suppressed

    <br />

    These notifications are not workflow-dependent.
  </Accordion>
</AccordionGroup>


# Creating Action Items in Slack
Source: https://docs.rootly.com/incidents/action-items/adding-action-items-via-slack

Create tasks and follow-ups in Slack using slash commands, emoji reactions, or message menus to convert incident discussions into actionable items.

### How Action Item Creation Works in Slack

Slack is where most real-time incident collaboration occurs, which makes it the perfect place to quickly capture tasks and follow-ups as they emerge. Rootly lets you turn conversations directly into structured action items so nothing is missed.

You can create action items using:

* **Slash commands**
* **Emoji reactions**
* **Slack’s More Actions message menu**

<Info>
  All of these features require that you are inside a **Rootly incident channel** and have permission to create or manage action items.\
  For private incidents, you must also have access to the incident itself.
</Info>

***

### Slash Commands

Slash commands are the fastest and most flexible way to create or update action items.

Run these commands **inside an incident channel**:

#### Create new items

**`/rootly task`**\
Creates a new task for the current incident.

**`/rootly followup`**\
Creates a new follow-up item intended for post-incident improvement work.

<Info>
  Slash-command creation opens a Slack modal, allowing you to set priority, assignee, description, reminders, and more before submitting.
</Info>

#### Manage or review items

**`/rootly action`**\
Opens the action-item management menu, allowing you to:

* View all action items for the incident
* Create a new task or follow-up
* Change the status
* Assign or reassign a user or group
* Edit descriptions or details
* Delete action items
* Convert between task ↔ follow-up

**`/rootly todo`**\
Displays tasks assigned **specifically to you**, making personal follow-up easy.

<Info>
  The `/rootly todo` command is especially helpful for engineers rotating through on-call — it ensures no assigned work is forgotten after the incident.
</Info>

***

### Emoji Reactions

Emoji reactions turn Slack messages directly into action items with minimal interruption to the conversation.

When enabled under **Configuration → Integrations → Slack**, reacting to a message triggers auto-creation:

#### Task creation

React with a ⭐️ **star emoji** to turn the message into a task.

<img alt="The star emoji reaction generates a task." title="A star emoji added to a Slack message" />

#### Follow-up creation

React with a 🔧 **wrench emoji** to convert the message into a follow-up.

<img alt="The wrench emoji creates a follow-up" title="A wrench emoji added to a Slack message" />

Rootly will add a **white check mark emoji** on success.

<Info>
  Emoji used for tasks and follow-ups must not overlap with emojis configured for:\
  **timeline events**, **incident follow-ups**, or **task creation**.\
  Rootly enforces this to ensure each emoji has a single clear purpose.
</Info>

***

### Slack “More Actions” Menu

You can also create action items using Slack’s built-in message menu:

1. Hover over any message in the incident channel.
2. Click **More actions** (•••).
3. Select **Add Action Item**.
4. A modal opens with the message text pre-filled as the summary.

<Info>
  This option is ideal when turning longer discussions, decisions, or troubleshooting notes into structured work without retyping.
</Info>

***

### What Happens When an Action Item Is Created

Action items created from Slack:

* Appear immediately on the **incident timeline**
* Include the original Slack message text when created from a message
* Support Markdown formatting in descriptions
* May trigger workflows (e.g., create Jira tickets, notify owners)
* Sync with retrospectives and analytics
* Can be assigned to users or groups

<Info>
  Some organizations restrict task creation after incidents are resolved or closed.\
  Follow-ups, however, typically remain available for use in post-incident improvement.
</Info>

***

### Best Practices

* **Capture tasks early**\
  Adding tasks in real time prevents important work from getting lost in conversation.

* **Assign owners immediately**\
  Tasks without owners are often forgotten — assignment drives accountability.

* **Use follow-ups for long-term improvements**\
  These items support durable reliability gains after the incident.

* **Use priorities intentionally**\
  High-priority items should be reviewed in retrospectives, weekly ops syncs, or technical leadership meetings.

* **Keep emoji intuitive**\
  Choose emojis your team naturally reaches for during conversations.

* **Leverage `/rootly todo`**\
  Helps responders keep track of what’s on their plate throughout and after the incident.

* **Automate recurring work**\
  Use workflows to auto-create tasks like “Prepare retrospective document” or “Notify customer support.”

<Info>
  The strongest incident programs treat action items as part of a continuous improvement loop — not just a list of things to do.
</Info>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="My emoji reaction didn't create an action item">
    Check the following:

    * You reacted **inside an incident channel**
    * The emoji is configured in the Slack integration settings
    * Emoji aren’t conflicting with other trigger types
    * Emoji ingestion is enabled for your Slack workspace
  </Accordion>

  <Accordion title="Slash commands show an error or do nothing">
    This usually means:

    * You don’t have permission to create or modify action items
    * The incident is in a state where new tasks are restricted
    * You're not inside a valid incident channel
  </Accordion>

  <Accordion title="The task or follow-up isn’t appearing in the timeline">
    * Confirm you created it in the **correct** incident channel
    * Ensure the Slack message wasn’t deleted
    * Verify the Rootly Slack app has permission to read and react to messages
  </Accordion>

  <Accordion title="The 'Add Action Item' menu option is missing">
    Often caused by:

    * Slack integration not fully installed
    * You're not in an incident channel
    * Your Slack role/user permissions limit access to message actions
  </Accordion>

  <Accordion title="Why is a white checkmark added after I react with an emoji?">
    The checkmark is Rootly’s confirmation reaction, letting you know your task or follow-up was created successfully.
  </Accordion>

  <Accordion title="Can I still create tasks after an incident is resolved?">
    This depends on your workspace settings. Some organizations disable new task creation after resolution to preserve process discipline, but follow-ups remain available.
  </Accordion>
</AccordionGroup>


# Creating Action Items in Web Interface
Source: https://docs.rootly.com/incidents/action-items/adding-action-items-via-web-ui

Add tasks and follow-ups to incidents through the web interface, with options for exporting to external tools and manual tracking.

### How Web-Based Action Items Work

From the incident page in the Rootly web app, you can create and manage **tasks** (work done during the incident) and **follow-ups** (work done after the incident to prevent recurrence).

Tasks and follow-ups live in dedicated tabs on the incident and are also reflected in retrospectives, exports, and integrations with external tools.

<Info>
  Use the web interface when you want a complete view of all action items for an incident, need richer editing controls, or want to export items to ticketing/project management tools.
</Info>

<img alt="Under the incident title there are tabs for Tasks and Follow-ups" title="Screenshot of an incident title" />

***

### Creating Tasks and Follow-Ups from an Incident

Add a task or follow-up directly from the incident page.

<Steps>
  <Step title="Open the incident">
    Open the incident in the Rootly web app from your incidents list or a direct link.
  </Step>

  <Step title="Choose Tasks or Follow-ups">
    Under the incident title, click either the <strong>Tasks</strong> tab (for work done during the incident) or the <strong>Follow-ups</strong> tab (for post-incident work).
  </Step>

  <Step title="Create a new item">
    Click <strong>+ New Task</strong> or <strong>+ New Followup</strong>.

    A form will appear where you can enter details such as:

    * <strong>Title</strong> (required)
    * Description
    * Assignee (person and/or team)
    * Priority
    * Status
    * Due date (especially for follow-ups)
    * Optional links to external systems (e.g., Jira issue URL)
  </Step>

  <Step title="Save the action item">
    Click <strong>Save</strong> to create the item.

    The task or follow-up will appear in the list on the tab and be associated with the incident timeline for future reference and retrospectives.
  </Step>
</Steps>

<Info>
  Depending on your workspace configuration, you may see slightly different fields (for example, required teams, custom fields, or external ticket links). Your admin controls these under <strong>Configuration</strong>.
</Info>

***

### Using Markdown in Action Item Descriptions

Action item descriptions support [Markdown](https://www.markdownguide.org/ "Markdown") so you can structure notes and instructions clearly.

You can use Markdown to:

* Add **bold** or *italic* emphasis
* Create bullet lists or numbered steps
* Insert links to dashboards, runbooks, or logs
* Highlight command snippets

<Info>
  Markdown makes it easier for assignees to understand exactly what needs to be done—especially for complex or multi-step work.
</Info>

***

### Exporting Action Items Automatically (Smart Defaults)

With **Smart Defaults**, you can configure Rootly to automatically export tasks to external tools for tracking—so responders don’t need to create tickets manually.

These settings live under integration pages such as Jira, Asana, Motion, or Linear.

Examples:

* Automatically create a Jira issue whenever a new follow-up is created
* Push all high-priority follow-ups to Linear as issues
* Create Asana tasks for follow-ups tied to specific services

<img alt="The settings for the Jira integration for automating tasks based on action items." />

<Info>
  Use Smart Defaults when you want **every** action item (or a filtered subset) to end up in your external tracker without manual effort.
</Info>

***

### Exporting Action Items Manually from an Incident

If you prefer more control, you can export action items manually from the **Tasks** and **Follow-ups** tabs.

1. Open the incident in the web app.
2. Go to the **Tasks** or **Follow-ups** tab.
3. Click the **Export to ticketing** button to send selected items to your configured tool (Jira, Linear, Asana, Trello, Zendesk, etc.).

<img alt="This button can be found under the tasks tab in an incident" title="Export to ticketing button" />

During export, you may need to select:

* Which integration to use
* Project, board, team, or workspace
* Issue type or workflow state
* Whether to create a **subtask/sub-issue** when an incident already has a linked parent ticket

<Info>
  Manual export is perfect when only some action items should be tracked externally.
</Info>

***

### Best Practices

* **Create tasks early** — capture investigation steps while context is fresh.
* **Use follow-ups for long-term improvements** — reliability work, runbook updates, etc.
* **Assign owners immediately** — unassigned items go stale.
* **Set due dates** — especially for follow-ups tied to retrospectives.
* **Use Markdown for clarity** — links and structured notes help assignees move faster.
* **Export to ticketing systems when appropriate** — keep work aligned with your team’s backlog.
* **Review open follow-ups regularly** — ensures continuous improvement.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="I don’t see the Tasks or Follow-ups tabs">
    Your workspace or role may have restricted access, or you may not have permission to manage action items for this incident.
    Check with your Rootly admin.
  </Accordion>

  <Accordion title="I can’t create a new task or follow-up">
    Some organizations disable new action items after certain incident lifecycle stages (e.g., after resolution or close).
    If the creation buttons are missing, your configuration may enforce these rules.
  </Accordion>

  <Accordion title="The Export button is missing">
    Exporting requires at least one ticketing integration (Jira, Linear, Asana, etc.) to be configured.
    Check <strong>Configuration → Integrations</strong>.
  </Accordion>

  <Accordion title="Export succeeded in Rootly but I don’t see the ticket">
    The external tool may have missing required fields or permission restrictions.
    Verify:

    * Project/workspace is valid
    * Issue type and fields are allowed
    * The integration user has permission to create tickets
  </Accordion>

  <Accordion title="Some fields look different from screenshots">
    Your admin may have enabled custom fields, required teams, or experimental improvements.
    These settings change which form fields appear.
  </Accordion>
</AccordionGroup>


# SLA Policies for Follow-Ups
Source: https://docs.rootly.com/incidents/action-items/sla-policies

Use SLA policies to set assignment and completion deadlines on follow-up action items, get notified before deadlines pass, and track violations.

## Overview

SLA policies let you define time-based expectations for follow-up action items. When a matching follow-up is created, Rootly automatically calculates its assignment and completion deadlines, sends notifications as those deadlines approach, and records a violation if the deadline is missed.

SLA policies apply exclusively to **follow-ups** — not to tasks. They are configured per team and evaluated against every follow-up that team creates.

<Info>
  SLA policies are managed under **Configuration → SLA Policies** in the web app.
</Info>

***

## Create an SLA Policy

<Steps>
  <Step title="Navigate to SLA Policies">
    Go to **Configuration → SLA Policies** and click **+ New SLA Policy**.
  </Step>

  <Step title="Name the policy">
    Give the policy a clear, descriptive name. Names must be unique within your team.

    Optionally add a description to explain when this policy applies or what it enforces.
  </Step>

  <Step title="Assign a manager">
    The manager is the person responsible for ensuring follow-ups covered by this policy are completed on time. Choose one of:

    <ParamField>
      The policy is managed by whoever holds a specific role on the incident (for example, the Incident Commander or the assigned engineer). This is the recommended option for most teams since it adapts dynamically to each incident.
    </ParamField>

    <ParamField>
      A named user is always the manager, regardless of who holds any particular role on the incident.
    </ParamField>

    <Note>
      You must set either a manager role or a specific user — not both.
    </Note>
  </Step>

  <Step title="Set deadlines">
    Configure the two deadlines Rootly tracks for each follow-up:

    <ParamField>
      How many days after a given incident status the follow-up must be assigned to someone.
    </ParamField>

    <ParamField>
      How many days after a given incident status the follow-up must be completed. When a policy applies, Rootly writes this computed date into the follow-up's **Due date** field — the same field you see when creating a follow-up manually. If a policy is applied, the Due date reflects the SLA deadline rather than a manually entered value.
    </ParamField>

    For each deadline, choose:

    * **Trigger status** — the incident status that starts the deadline clock. Options: `In Triage`, `Started`, `Mitigated`, `Resolved`, `Closed`, `Cancelled`
    * **Number of days** — 1, 2, 3, 4, 5, 6, 7, 14, 21, or 30 days

    <Tip>
      If your team uses custom lifecycle sub-statuses, you can anchor deadlines to a specific sub-status instead of a top-level status.
    </Tip>
  </Step>

  <Step title="Add conditions (optional)">
    By default, a policy applies to every follow-up the team creates. Add conditions to scope it to a subset.

    Conditions can be built on:

    * **Built-in incident fields** — severity, environment, service, functionality, incident type, team, cause, status, incident role, visibility, and timestamps
    * **Custom fields** — any select or multi-select custom field configured for your team

    Most conditions support the operators **is one of**, **is not one of**, **is set**, and **is not set**. Timestamp fields (such as `started_at` or `resolved_at`) only support **is set** and **is not set**, since specific datetime values cannot be selected from a list.

    Use the **Match** toggle to control whether the policy triggers when **Any** condition matches or when **All** conditions match.

    <Note>
      A policy can have up to 20 conditions.
    </Note>
  </Step>

  <Step title="Configure notifications">
    Add up to 5 notification rules that control when the policy's manager is notified about upcoming or overdue deadlines. Notifications are sent to the manager only — either the user in the configured incident role or the specific user assigned to the policy.

    Each rule fires independently for **both** the assignment deadline and the completion deadline. For example, a "1 day before due" rule will send one notification before the assignment deadline and another before the completion deadline.

    <ParamField>
      Send a notification X days before the deadline. Requires a minimum deadline of at least 2 days.
    </ParamField>

    <ParamField>
      Send a notification on the day the deadline falls.
    </ParamField>

    <ParamField>
      Send a notification X days after the deadline has passed (1–99 days). Use this to escalate violations that have not been resolved.
    </ParamField>
  </Step>

  <Step title="Save the policy">
    Click **Save**. The policy will immediately start applying to new follow-ups that match its conditions. Existing follow-ups are not retroactively affected.
  </Step>
</Steps>

***

## How Deadlines Are Calculated

When a follow-up is created, Rootly scans all active SLA policies for the team and applies the first matching policy. The deadline clock starts when the incident reaches the configured trigger status.

For example, if a policy sets a **7-day completion deadline from Resolved** and the incident resolves on Tuesday the 1st, the follow-up completion deadline is Tuesday the 8th.

<Warning>
  Deadlines are calculated once when the trigger status is reached. If the incident moves back through statuses (for example, from Resolved back to Started), the deadline is not recalculated.
</Warning>

***

## Violations

A **violation** is recorded when a deadline passes without the required action being taken. Rootly tracks two violation types:

* **Assignment overdue** — the follow-up had no assignee when the assignment deadline passed
* **Completion overdue** — the follow-up was not marked done when the completion deadline passed

Violations remain open until the follow-up is assigned or completed. Once resolved, the violation is marked as resolved with a timestamp.

You can view open violations and historical SLA data on the SLA Policies page under **Configuration**.

***

## Best Practices

* **Set completion deadlines relative to Resolved** for most follow-ups — this aligns accountability with the natural end of the incident lifecycle.
* **Use assignment deadlines** to catch follow-ups that get created but never picked up, especially across team handoffs.
* **Use conditions to differentiate by severity** — a P1 incident may warrant a 2-day completion SLA while a P3 can tolerate 14 days.
* **Add a before-due notification** so managers have time to act, not just receive a violation notice after the fact.
* **Keep policies simple** — one or two policies per team covering the most common cases is easier to maintain than a complex matrix.

***

## FAQ

<AccordionGroup>
  <Accordion title="Do SLA policies apply to tasks or only follow-ups?" icon="circle-question">
    Only follow-ups. Tasks are intended for work done during an incident and do not have SLA enforcement.
  </Accordion>

  <Accordion title="What happens if multiple policies match a follow-up?" icon="shuffle">
    The first matching policy (in the order they appear in the SLA Policies list) is applied. Only one policy is applied per follow-up.
  </Accordion>

  <Accordion title="Can I apply an SLA policy retroactively to existing follow-ups?" icon="clock-rotate-left">
    No. SLA policies are evaluated at follow-up creation time. Existing follow-ups are not affected when a new policy is created or an existing one is updated.
  </Accordion>

  <Accordion title="Who receives SLA notifications?" icon="bell">
    Notifications are sent only to the policy's configured manager — either the user currently holding the specified incident role on the incident, or the specific user assigned to the policy. No other users are notified.
  </Accordion>

  <Accordion title="Can I set different deadlines for different severities?" icon="sliders">
    Yes. Create separate SLA policies with conditions scoped to each severity level, each with different deadline values.
  </Accordion>

  <Accordion title="What statuses can trigger the deadline clock?" icon="circle-info">
    In Triage, Started, Mitigated, Resolved, Closed, and Cancelled. If your team uses custom sub-statuses, you can also anchor to a specific sub-status.
  </Accordion>
</AccordionGroup>


# Converting Existing Slack Channels to Incidents
Source: https://docs.rootly.com/incidents/creating-incidents/converting-existing-slack-channels-to-incidents

A step-by-step guide to converting an existing Slack channel into a Rootly incident channel without losing message history, members, or context.

### Overview

If your team begins investigating an issue in Slack before formally declaring an incident, you can convert that existing conversation into a Rootly incident channel.\
This ensures:

* No message history is lost
* All responders stay in the same channel
* Automated timelines, workflows, and notifications still run
* The incident is created with full context from the existing discussion

The `/incident convert` command transforms any standard Slack channel into a full Rootly incident channel.

### Convert an Existing Slack Channel

<Steps>
  <Step title="Run the Convert Command">
    In the Slack channel you want to convert, type:

    ```
    /incident convert
    ```

    Then press **Enter**.

    This opens the **Convert to Incident** modal.

    <Frame>
      <img alt="Convert Incidents Slack 1 Web" />
    </Frame>

    <Tip>
      You must run the command inside the channel you want to convert — it cannot be used from other channels or DMs.
    </Tip>
  </Step>

  <Step title="Fill Out the Incident Details">
    The modal includes the same configurable fields you see when creating a new incident:

    * **Title**
    * **Summary**
    * **Severity**
    * **Incident Type**
    * **Private Incident (optional)**
    * Any custom fields your workspace has configured

    <Frame>
      <img alt="Convert Incidents Slack 2 Web" />
    </Frame>
  </Step>
</Steps>

### What Happens After Conversion

Once submitted, Rootly will:

* Create a new incident in the Rootly platform
* Link the Slack channel to the incident
* Preserve **all** prior messages in the channel
* Generate initial timeline entries
* Trigger any incident-creation workflows
* Assign default roles or responders (if configured)
* Enable Slack commands such as `/rootly status`, `/rootly resolve`, etc.

From here, the channel behaves like any other incident channel created through Slack or the Web UI.

<Check>
  Conversion never deletes or archives the channel — all previous activity remains intact.
</Check>

### When to Use Conversion

Use `/incident convert` when:

* Responders start troubleshooting informally in Slack
* An issue escalates from a conversation into a true incident
* You want to preserve all investigative context without creating a new channel
* You want workflows, timelines, and notifications to begin after discussion has already started

### Troubleshooting

<AccordionGroup>
  <Accordion title="“The command didn’t work.”">
    Ensure:

    * You ran `/incident convert` **inside the Slack channel** to be converted
    * The Rootly Slack app has permission to access that channel
    * You are a user with permission to create incidents
  </Accordion>

  <Accordion title="“A required field is missing.”">
    Your workspace may enforce creation requirements.\
    Open **Configuration → Forms** to confirm what fields must be included.
  </Accordion>

  <Accordion title="“The channel didn’t become an incident channel.”">
    Confirm Slack channel conversions are enabled in your Rootly Slack Integration settings.
  </Accordion>
</AccordionGroup>

### Best Practices

* Convert as soon as a conversation becomes operational or time-sensitive
* Provide a clear incident title and summary to help responders ramp quickly
* Use severity to trigger correct workflows and escalation
* Avoid converting channels that contain unrelated historical content
* Use private incidents when the discussion involves sensitive data


# Creating Incidents via API
Source: https://docs.rootly.com/incidents/creating-incidents/creating-incidents-via-api

Create incidents programmatically using the Rootly API with supported fields, custom fields, sub-incidents, severity levels, and error handling.

### Overview

The Rootly API allows you to create incidents automatically from monitoring tools, CI/CD pipelines, internal services, or any external automation system. This is the preferred method when you need:

* Deterministic and repeatable incident creation
* Automated declarations from alerting or detection systems
* Consistent metadata applied across incidents
* The ability to create sub-incidents within orchestrated workflows
* Fully headless incident creation with no human intervention

API-based creation ensures incidents follow the same lifecycle rules, validations, and workflows as incidents created through Slack or the Web UI.

More details is available in the [API documentation](/api-reference/).

### Before You Begin

Before creating incidents via API, ensure you have:

* **A Rootly API token** with permissions to create incidents
* Knowledge of any **required fields** (severity, type, environments, etc.)
* IDs for any contextual fields you intend to populate:
  * Services
  * Functionalities
  * Environments
  * Groups
  * Incident types
  * Custom form fields
* The **Create Incident** endpoint reference:

  `POST /api/v1/incidents`

<Tip>
  To avoid validation failures, review which fields are required under **Configuration → Forms** and **Configuration → Required Fields.**
</Tip>

### Creating an Incident via API

<Steps>
  <Step title="Send a POST request to the Create Incident endpoint">
    Requests must include:

    ```
    POST /api/v1/incidents
    Authorization: Bearer <API_TOKEN>
    Content-Type: application/json

    ```

    Any HTTP client or automation system (Python, curl, Terraform, GitHub Actions, etc.) will work.
  </Step>

  <Step title="Include the required and optional fields">
    Below are the commonly used fields.

    **Core fields**

    * `title`
    * `summary`
    * `severity_id`
    * `incident_type_ids`
    * `private` (boolean)
    * `notify_emails` (array — used by workflows, not auto-emailed by default)

    **Contextual fields**

    * `service_ids`
    * `functionality_ids`
    * `environment_ids`
    * `group_ids`

    **Custom form fields**

    Use `form_field_selections_attributes` to populate custom data.

    Supports all field types: text, dropdowns, multi-select, relations, user selectors, catalog entities, etc.

    **Optional advanced fields**

    * `parent_incident_id` — creates a **sub-incident**
    * `create_test_incident` — only works if the **Test Incidents** feature is enabled
    * `mitigation_message`, `resolution_message`, `cancellation_message`
    * Lifecycle timestamps (advanced):
      * `in_triage_at`, `started_at`, `mitigated_at`, `resolved_at`, `closed_at`

    <Info>
      To create sub-incidents programmatically, provide `parent_incident_id`. Rootly automatically links the child to the parent.
    </Info>
  </Step>

  <Step title="Review the API response">
    A successful response includes:

    * The incident ID
    * Lifecycle status
    * Timestamps
    * A URL to open the incident in the web app
    * Slack channel details (if Slack is integrated + auto-create enabled)

    You can use these details to perform follow-up actions like:

    * Posting timeline entries
    * Updating lifecycle status
    * Attaching alerts
    * Triggering or monitoring workflows
  </Step>
</Steps>

### Example Request Payloads

**Basic example**

```
{
  "title": "API-declared service outage",
  "summary": "Automated alert from internal monitoring.",
  "severity_id": 1,
  "incident_type_ids": [3],
  "private": false
}
```

**With custom fields**

```
{
  "title": "Database latency above threshold",
  "summary": "DB p95 latency exceeded SLO for 10 minutes.",
  "severity_id": 0,
  "service_ids": [12],
  "environment_ids": [4],
  "form_field_selections_attributes": [
    {
      "form_field_id": 45,
      "value": "us-east-1"
    },
    {
      "form_field_id": 46,
      "selected_option_ids": [102]
    }
  ]
}
```

**Creating a sub-incident**

```
{
  "title": "Sub-incident: Cache layer investigation",
  "summary": "Investigating cache cluster behavior.",
  "severity_id": 2,
  "parent_incident_id": 1234,
  "service_ids": [18]
}
```

### Validation & Error Handling

Rootly returns standard error responses for debugging and automation safety.

**401 Unauthorized**

```
{
  "error": "unauthorized",
  "message": "Invalid or missing API token."
}
```

**403 Forbidden**

```
{
  "error": "forbidden",
  "message": "You do not have permission to create incidents."
}
```

**422 Validation Errors**

```
{
  "error": "unprocessable_entity",
  "message": "Validation failed.",
  "details": {
    "severity_id": ["can't be blank"],
    "title": ["can't be blank"]
  }
}
```

**Idempotency (Recommended)**

To prevent duplicate incidents during retries:

```
Idempotency-Key: <unique-key>
```

### Troubleshooting

<AccordionGroup>
  <Accordion title="“Missing required fields”">
    Ensure required fields in **Forms** or **Required Fields** are included.
  </Accordion>

  <Accordion title="“Workflows didn’t run”">
    Check that workflow conditions (severity, type, service, etc.) match the payload.
  </Accordion>

  <Accordion title="“Slack channel not created”">
    Verify:

    * Slack is connected
    * Auto-create channels is enabled
    * Incident is not private (depending on settings)
  </Accordion>

  <Accordion title="“Sub-incident didn’t link”">
    Make sure `parent_incident_id` is passed correctly.
  </Accordion>
</AccordionGroup>

### Best Practices

* Pre-fill key metadata to streamline response
* Use structured fields (services, environments, types) for better analytics
* Use private incidents for security-sensitive or customer-specific events
* Follow consistent naming conventions across automated incidents
* Use idempotency keys to prevent duplication
* Automate creation of sub-incidents for multi-team or multi-domain issues
* Avoid manually setting lifecycle timestamps unless necessary


# Creating Incidents via PagerDuty Integration
Source: https://docs.rootly.com/incidents/creating-incidents/creating-incidents-via-pagerduty

Create Rootly incidents from PagerDuty alerts with automatic service mapping, resolution sync, severity translation, and troubleshooting tips.

### Overview

Rootly can ingest alerts from PagerDuty to power a complete, end-to-end incident lifecycle. PagerDuty remains responsible for **alerting and escalation**, while Rootly handles **incident coordination, communication, workflows, timelines, and retrospectives**.

Use this integration when:

* Your alerts originate in PagerDuty
* You want Rootly to manage the lifecycle, collaboration, and post-incident processes
* You need Slack channels, workflows, automations, and retrospectives built off PD alerts

Rootly supports:

* Ingesting alerts directly from PagerDuty
* Creating Rootly incidents from PagerDuty alerts
* Linking Rootly incidents to PagerDuty incidents
* Syncing resolution back to PagerDuty when the Rootly incident is resolved

<Note>
  Resolving an incident in Rootly automatically resolves the linked PagerDuty incident and all associated PagerDuty alerts.
  Resolving directly in PagerDuty does *not* resolve the corresponding Rootly incident.
</Note>

### Before You Begin

Before creating incidents from PagerDuty, ensure:

* You have installed and authorized the Rootly ↔ PagerDuty integration
* Your PagerDuty services are mapped to Rootly services
* On-call coverage exists for the PagerDuty service (PagerDuty won’t trigger incidents without coverage)
* Your Rootly team is ready to ingest alerts under **Configuration → Alerts**

<Tip>
  Correct service mapping (via `pagerduty_id`) ensures alerts land in the right Rootly service. If mapping is missing or incorrect, incidents may not route as expected.
</Tip>

### Creating an Incident from PagerDuty

<Steps>
  <Step title="Trigger or Create an Incident in PagerDuty">
    You can use any method you normally use in PagerDuty:

    **Option 1 — Create an incident manually**

    1. Open PagerDuty and navigate to the New Incident flow by selecting the **New Incident** button from the top navigation.

    <Frame>
      <img alt="Pager 1 Web" />
    </Frame>

    2. In the Create New Incident dialog, select the **Impacted Service**, which should be one of the services you integrated earlier with Rootly. Add a descriptive Title, and fill in any other fields as needed.

    <Frame>
      <img alt="Pager 2 Web" />
    </Frame>

    3. Click *Create Incident*. PagerDuty will create the incident and redirect you to its detail page, where you can view the incident’s status, responders, and associated alerts.

    <Frame>
      <img alt="Pager 3 Web" />
    </Frame>
  </Step>

  <Step title="View the Ingested Alert in Rootly">
    After creating the incident in PagerDuty, log in to Rootly and navigate to:

    **Configuration → Alerts**

    Here, you’ll see:

    * All incoming alerts ingested from PagerDuty
    * Alerts routed to the Rootly services you previously mapped
    * A clear option to create a Rootly incident from any alert

    This view is your starting point for turning PagerDuty alerts into fully managed Rootly incidents.

    <Frame>
      <img alt="Pager 4 Web" />
    </Frame>
  </Step>

  <Step title="Create a Rootly Incident from the PagerDuty Alert">
    Locate the PagerDuty alert you want to escalate and click:

    **Create Incident**

    This opens Rootly’s standard incident creation workflow, where you can:

    * Set severity
    * Provide an incident summary
    * Choose the incident type
    * Mark the incident as private (if needed)
    * Trigger any relevant workflows

    When you submit the form, Rootly will:

    * Create the new incident
    * Generate initial timeline entries
    * Create and link a Slack incident channel (if configured)
    * Run any incident-creation workflows you have enabled
    * Attach and link the Rootly incident to the originating PagerDuty alert

    <Frame>
      <img alt="Pager 5 Web" />
    </Frame>

    <Check>
      Once created, the Rootly incident becomes the **source of truth** for lifecycle status, workflows, communication, timelines, and retrospectives.
    </Check>
  </Step>
</Steps>

### How Resolution Works

Resolution behavior between Rootly and PagerDuty is intentionally **one-directional**. This ensures that Rootly remains the authoritative system for lifecycle status, workflows, timelines, and retrospectives.

**Rootly → PagerDuty (Supported)**

Resolving the incident in Rootly will:

* Mark the linked PagerDuty incident as **Resolved**
* Resolve all associated PagerDuty alerts linked to that incident

**PagerDuty → Rootly (Not Supported)**

Resolving the incident directly in PagerDuty will **not** update or resolve the corresponding incident in Rootly.

This directional behavior ensures:

* Rootly timelines remain accurate and complete
* Required fields and lifecycle rules are enforced
* Retrospective and follow-up processes function properly

<Warning>
  Always resolve incidents in Rootly to maintain consistent lifecycle data, ensure workflows run correctly, and preserve accurate analytics.
</Warning>

### Additional Details & Behaviors

**Service Mapping**

PagerDuty alerts are routed into Rootly based on the `pagerduty_id` configured on each Rootly Service (and sometimes Teams).

Correct mapping ensures:

* Alerts appear under the correct Rootly service
* Workflows trigger for the right teams
* Rootly knows which PagerDuty incidents to update upon resolution

<Tip>
  If you recently migrated or reorganized services, re-run the Rootly PagerDuty import to refresh all mappings.
</Tip>

**On-Call Requirements (PagerDuty Behavior)**

PagerDuty only triggers incidents if **someone is on call** for the escalation policy tied to that service.

If a PagerDuty alert appears in Rootly but PD did not create an incident, verify that the correct on-call schedule was in place.

**Temporary Migration Flags (Advanced)**

For complex migrations, Rootly can temporarily allow overlapping PagerDuty IDs using:

* `disable_service_pagerduty_id_unique_validation`
* `disable_group_pagerduty_id_unique_validation`

These are advanced, temporary options—duplicate IDs can cause ambiguous routing.

### Troubleshooting

<AccordionGroup>
  <Accordion title="“PagerDuty alert shows up in Rootly but no incident was created.”">
    Rootly does not auto-create incidents from PD alerts unless you configure an Alert Workflow.\
    To proceed:

    * Click **Create Incident** manually, or
    * Enable an Alert Workflow to auto-create incidents for selected conditions
  </Accordion>

  <Accordion title="“Incident resolved in Rootly didn’t resolve in PagerDuty.”">
    Check that the Rootly incident is linked to a mapped PD service.\
    Resolution syncing only works when a valid mapping exists.
  </Accordion>

  <Accordion title="“Alerts appear under the wrong service.”">
    Verify and correct the `pagerduty_id` mapping under:

    **Services → Edit Service**
  </Accordion>

  <Accordion title="“Duplicate services appear in mapping.”">
    Your workspace may have temporarily disabled unique ID validation.\
    Re-enable uniqueness once the transition is complete.
  </Accordion>
</AccordionGroup>

### Best Practices

* Treat Rootly as the **source of truth** for lifecycle, communication, timelines, and analytics
* Use PagerDuty for **alerting and escalation only**
* Keep service mapping clean and up to date
* Automate incident creation via Alert Workflows for critical services
* Always resolve incidents in Rootly
* Avoid resolving directly from PagerDuty unless the alert is non-critical or PD-local


# Creating Incidents via Slack Interface
Source: https://docs.rootly.com/incidents/creating-incidents/creating-incidents-via-slack

Create incidents from Slack using slash commands or message actions with customizable fields, validation, severity, and channel auto-creation.

### Overview

Slack is one of the fastest and most natural places to declare an incident. Whether a responder notices an issue in conversation, spots a customer report, or sees a monitoring message posted into a channel, Rootly’s Slack integration lets you create an incident instantly — directly from where your team already works.

Use Slack when you need **speed**, **context**, and **collaboration without switching tools**.

Slack-based creation supports:

* Customizable incident fields
* Required-field validation
* Private incident creation
* Automated Slack channel creation
* Full integration with workflows and lifecycle updates

<Info>
  Need help installing the Rootly Slack app? See the **Slack Integration Guide**.
</Info>

### Create a New Incident in Slack

<Steps>
  <Step>
    **Method 1 — Use a Slash Command**

    1. Type:

       ```
       /rootly new

       ```

       in any Slack channel.
    2. Press **Enter** to open the New Incident form.

    This is the fastest way to start a new incident manually.

    **Method 2 — Create an Incident From a Slack Message**

    Use this when the trigger is a message, alert, screenshot, or customer report already posted in Slack.

    1. Hover over the message
    2. Click **More actions** (three dots)
    3. Select **Create an incident**

    The New Incident form will open **pre-filled with a link to the original message**, giving responders immediate context.

    <Tip>
      Message-based creation provides the clearest starting point for responders and is ideal for customer complaints, noisy alerts, or discussions that evolve into incidents.
    </Tip>
  </Step>

  <Step title="Fill In the Incident Details">
    The New Incident form appears as a Slack modal and includes the essential fields needed to start coordinated response.

    Most fields are customizable in **Configuration → Forms**.

    <img alt="New incident form in Slack." />

    **Default Fields**

    | Field               | Description                                                          |
    | :------------------ | :------------------------------------------------------------------- |
    | **Title**           | Title of the incident; also used to name the Slack incident channel. |
    | **Summary**         | A concise description of the issue.                                  |
    | **Severity**        | Default levels SEV3 → SEV0.                                          |
    | **Type**            | Default categories: Cloud, Security, Customer-Facing, Default.       |
    | **Mark as Private** | Restricts visibility to permitted users.                             |

    **Additional Notes**

    * Required fields are marked with a **\***
    * Leaving **Title** blank triggers the **Automatic Incident Title Generator**
    * Only privileged users can create or access **Private** incidents
    * Private mode is ideal for sensitive or security-related issues

    <Info>
      If your team uses **Mark as In Triage**, selecting it will start the incident in **Triage** instead of **Started**. See *Incident Lifecycle* for details.
    </Info>
  </Step>

  <Step title="Create the Incident">
    Click **Create**.

    Rootly will immediately:

    * Create a **dedicated Slack incident channel**
    * Post the initial system message
    * Log the creation event in the Timeline
    * Trigger any configured workflows
      * Role assignment
      * Stakeholder notifications
      * Ticket creation
      * Checklists
      * Channel topic updates

    <Frame>
      <img alt="Newslackincident2 Web" />
    </Frame>

    <Tip>
      Most teams automate channel setup, role assignments, and initial communication, so responders can focus on investigation — not coordination.
    </Tip>
  </Step>
</Steps>

### After the Incident Is Created

The Slack incident channel becomes your command center. From here you can:

* Update lifecycle status with `/rootly status`
* Resolve or cancel with `/rootly resolve` or `/rootly cancel`
* Add timeline events
* Modify fields using `/rootly edit`
* Run workflows using `/rootly workflow`
* Generate an AI summary using `/rootly summary`
* Invite responders and collaborate in real time

All changes sync automatically with the Rootly Web UI and appear in the Timeline.

### Customizing the Slack Incident Form

Your Slack form can be fully tailored to match your Web UI form.

<Steps>
  <Step title="Open Form Configuration">
    **To customize:**

    1. Go to **Configuration → Forms**
    2. Under **Default Forms**, click **Configure** on *New Incident*
    3. Select the **Slack** tab
    4. (Optional) Click **Copy fields from Web form**

    The editor shows:

    * Left side → the form structure
    * Right side → real-time preview

      <img alt="Edit new incident form for Slack." />
  </Step>

  <Step title="Edit and Manage Fields">
    **You can customize:**

    * Field order
    * Field visibility
    * Required fields
    * Custom field types (dropdowns, multi-selects, relations, etc.)

    **Controls:**

    * Drag handle → reorder
    * Pencil icon → edit
    * Minus icon → remove
    * **Add Fields** → add new fields

    Changes save automatically.

    <Tip>
      We recommend keeping Slack and Web forms aligned. This ensures responders have a consistent experience no matter where incidents originate.
    </Tip>
  </Step>
</Steps>

### Troubleshooting

<AccordionGroup>
  <Accordion title="“Commands aren’t working.”">
    Make sure you’re inside a **Rootly incident channel**, not a normal channel.
  </Accordion>

  <Accordion title="“I can't create or view a Private Incident.”">
    You need the correct permissions (owner/admin/private-incident access).
  </Accordion>

  <Accordion title="“/rootly mitigate doesn’t work.”">
    Your workspace likely uses **sub-statuses**, which disable the mitigate command.\
    Use `/rootly status` instead.
  </Accordion>

  <Accordion title="“The form won’t let me create the incident.”">
    Your workspace may enforce:

    * Required fields
    * Conditional fields
    * Required lifecycle metadata

    Check for missing fields marked with **\***.
  </Accordion>

  <Accordion title="“The Slack incident channel didn’t get created.”">
    Check:

    * Slack integration is connected
    * Auto-create channels is enabled
    * Private incident behavior matches workspace rules
  </Accordion>
</AccordionGroup>

### Best Practices

* Prefer **message-based creation** for rich context
* Keep fields minimal but meaningful
* Use Private mode for sensitive incidents
* Train responders to use `/rootly status` for lifecycle updates
* Align Slack + Web forms for consistency
* Automate repetitive tasks (channel setup, assignments, notifications)

High-quality incident creation through Slack accelerates response, reduces confusion, and keeps everyone aligned from the very first minute.


# Creating Incidents via Web Interface
Source: https://docs.rootly.com/incidents/creating-incidents/creating-incidents-via-web-ui

Create incidents through the Rootly web interface with customizable form fields, severity selection, validation rules, and post-creation automation triggers.

### Overview

The Rootly web interface provides the most complete and structured way to create an incident. It supports rich field configuration, required-field validation, access controls, and the full power of automations and workflows.

Use the web interface when you need clarity, accuracy, and full control over the incident creation experience.

<Tip>
  The Web UI is the most reliable way to create high-quality incidents. It enforces all required fields, validations, and permissions set by your workspace.
</Tip>

### Create a New Incident in the Web App

<Steps>
  <Step title="Open the New Incident Form">
    You can initiate a new incident from several locations:

    * **Dashboard → Create Incident** (top-right)
    * **Incidents → Create Incident** (top-right)

    **Global Action Menu → Create Incident** (bottom-left)

    This opens the full New Incident form.

    <img alt="images/createincidentweb1.jpg" />
  </Step>

  <Step title="Fill in the Incident Details">
    The New Incident form captures all core information needed to begin coordinated response and trigger automation.

    Most fields are customizable under **Configuration → Forms**.

    **Default fields include:**

    | Field               | Description                                                         |
    | :------------------ | :------------------------------------------------------------------ |
    | **Title**           | Name of the incident; also used to generate the Slack channel name. |
    | **Summary**         | Short description of what’s happening.                              |
    | **Severity**        | Defaults from SEV3 → SEV0.                                          |
    | **Type**            | Defaults: Cloud, Security, Customer-Facing, Default.                |
    | **Mark as Private** | Restricts visibility to permitted users.                            |

    <img alt="images/newincidentformweb2.jpg" />

    **Additional Notes**

    * Required fields are marked with a **\***
    * Leaving **Title** blank activates the **Automatic Incident Title Generator**
    * Only owners, admins, or privileged users can create/view private incidents
    * Private incidents are recommended for security-, privacy-, or customer-sensitive issues

    <Info>
      If your team uses **Mark as In Triage**, selecting this checkbox starts the incident in **Triage** instead of **Started**. See the *Incident Lifecycle* page for details on how these statuses differ.
    </Info>
  </Step>

  <Step title="Review Required Fields (If Applicable)">
    Your workspace may enforce:

    * Required fields on incident **creation**
    * Required fields for **specific lifecycle transitions**
    * Required fields based on **severity**, **incident type**, or **team**

    If you miss a required field, the Web UI will block submission and highlight the missing values.

    <Tip>
      Completing required metadata during creation prevents blockers later when moving the incident from Started → Mitigated → Resolved.
    </Tip>
  </Step>

  <Step title="(Optional) Add Additional Context">
    Depending on how your team configures the form, you may see optional sections such as:

    * Services
    * Functionalities
    * Environments
    * Groups
    * Incident Types
    * Labels
    * Notify Emails
    * Custom form fields
    * Test Incident checkbox (if enabled)

    Adding contextual metadata improves:

    * Automated routing
    * Workflow execution
    * Analytics and dashboards
    * Retrospective quality
  </Step>

  <Step title="Create the Incident">
    Click **Create Incident**.

    Upon creation, Rootly will automatically:

    * Create the incident record
    * Capture lifecycle timestamps (e.g., started\_at)
    * Trigger your incident-creation workflows
    * Create a Slack incident channel (if enabled)
    * Assign default responders or roles
    * Add initial timeline entries
    * Redirect you to the newly created incident page

    <Tip>
      Most teams automate channel creation, role assignment, and stakeholder notifications to reduce manual overhead and speed up initial response.**Customize the New Incident form in the Web app**
    </Tip>
  </Step>
</Steps>

### After the Incident Is Created

Once the incident is open, you can:

* Update lifecycle status (Triage → Started → Mitigated → Resolved → Closed)
* Assign roles and add responders
* Add timeline entries
* Attach or review alerts
* Trigger or monitor workflows
* Publish stakeholder updates
* Track action items and tasks
* Join the Slack channel associated with the incident

All changes are tracked automatically and appear in the Timeline for retrospective analysis.

### Customizing the New Incident Form

<Steps>
  <Step title="Open Form Configuration">
    Navigate to:

    **Configuration → Forms → New Incident → Configure**

    Then select the **Web** tab.

    <img alt="images/newincidentwebeditform.jpg" />

    You can optionally copy the structure from the Slack form using:

    **Copy fields from Slack form**

    * Left panel: current form structure
    * Right panel: real-time preview
  </Step>

  <Step title="Edit and Manage Fields">
    You can customize:

    * Field order
    * Field visibility
    * Required fields
    * Custom field types (dropdowns, multi-selects, relations, etc.)

    Use:

    * **Drag handle (six dots)** → reorder fields
    * **Pencil icon** → edit a field
    * **Minus icon** → remove a field
    * **Add Fields** → add new fields

    Changes save automatically.

    <Tip>
      We recommend keeping Slack and Web forms aligned so responders have a consistent experience regardless of where incidents are created.
    </Tip>
  </Step>
</Steps>

### Troubleshooting

<AccordionGroup>
  <Accordion title="“I can’t create an incident.”">
    Check for:

    * Missing required fields
    * Missing permissions
    * Private incident restrictions
  </Accordion>

  <Accordion title="“My workflows didn’t run.”">
    Confirm that workflow conditions match:

    * Severity
    * Type
    * Services
    * Environments
    * Groups
  </Accordion>

  <Accordion title="“Why is the form blocking me?”">
    Required-fields enforcement or conditional visibility rules may be preventing submission.
  </Accordion>

  <Accordion title="“Slack channel wasn’t created.”">
    Verify:

    * Slack integration is enabled
    * Auto-channel creation is turned on
    * The incident wasn’t created as private (depending on workspace rules)
  </Accordion>
</AccordionGroup>

### Best Practices

* Use structured fields (Severity, Services, Environments) for clarity & analytics
* Keep required fields minimal but meaningful
* Use Private mode for security or privacy-sensitive incidents
* Align Slack and Web forms for consistency
* Automate repetitive creation steps with workflows
* Provide descriptive titles and actionable summaries

High-quality incident creation dramatically accelerates response and improves clarity for everyone involved.


# Incident Title Generator
Source: https://docs.rootly.com/incidents/creating-incidents/incident-title-generator

Learn how Rootly automatically generates unique incident titles using random adjective–noun combinations while allowing full customization and manual editing.

### How the Incident Title Generator Works

Rootly can automatically generate a unique title for an incident when you leave the **Title** field blank. The generator creates a memorable two-word phrase by combining:

* An adjective
* A noun

Both words come from your organization’s **configurable word banks**.

This ensures that every incident—manual or automated—has a distinct title, even if responders forget to provide one. Users may edit the title at any time during the incident lifecycle.

<Info>
  If a user does not enter a title, Rootly automatically assigns one using the team’s configured adjective and noun lists.
</Info>

***

### Title Generation Logic

When Rootly generates a title:

1. It collects adjectives and nouns used in incident titles **within the last year**.
2. These recently used words are added to an exclusion list to reduce repeats.
3. Rootly selects a random adjective and noun from your team’s configured word banks.
4. The result is **titleized** (e.g., `"sleepy server"` → `"Sleepy Server"`).
5. The incident is marked with `title_autogenerated = true`.

This logic applies to:

* Incidents created in the Web UI
* Incidents created via Slack
* Incidents created via the API

<Info>
  API-created incidents also auto-generate titles if the payload omits the `title`.\
  The API response includes `title_autogenerated` so automation can detect system-generated titles.
</Info>

***

### Configuring the Word Banks

Admins may customize the adjective and noun lists used for generation.

You can update these from:

**Organization Settings → Show Advanced Settings → Incident Title Generator**

<Frame>
  <img alt="Organization Settings > Show Advanced Settings > Incident Title Generator" />
</Frame>

<Frame>
  <img alt="Organization Settings > Show Advanced Settings > Incident Title Generator" />
</Frame>

Configuration options include:

* **config\_adjectives** — list of allowed adjectives
* **config\_nouns** — list of allowed nouns
* Exclusion logic is automatic (based on 1 year of past incidents)

<Info>
  Customizing your word banks allows incident names to better reflect your organization’s culture, domains, and terminology.
</Info>

***

### Optional: AI-Generated Titles

Teams with Rootly AI enabled can use **Generate Title with Rootly AI** directly from the incident page.\
This feature:

* Suggests a clearer or more contextual title
* Uses incident metadata (summary, severity, type, services, timeline context)
* Is permission-gated based on AI configuration

<Info>
  AI title generation requires:

  * Rootly AI enabled for the team
  * AI title generation feature toggled on
  * Permission to generate titles (`:generate_title`)
</Info>

***

### Titles in External Integrations

When exporting incidents to tools like PagerDuty or Opsgenie:

* If the title was auto-generated, Rootly may prefer using the **summary** as the outbound title.
* Rootly prepends the **severity** to outbound titles when appropriate.

Example:

\[SEV2] Database Latency Degradation

This ensures external systems receive clear, actionable titles.

***

### Best Practices

* **Let Rootly auto-generate titles** when responders are busy—clean-up can happen later.
* **Customize your adjective/noun lists** to improve clarity and team culture.
* **Use AI generation** for complex or ambiguous incidents.
* **Edit titles manually** once the incident scope is understood.
* **Avoid relying solely on the title** for operational details—pair it with a strong summary.

***

### FAQ

<AccordionGroup>
  <Accordion title="Can I edit an automatically generated title?">
    Yes. Titles can be edited at any point during the incident lifecycle.
  </Accordion>

  <Accordion title="How does Rootly avoid repeating names?">
    Rootly excludes adjectives and nouns used in the past year to reduce duplication.
  </Accordion>

  <Accordion title="Do API-created incidents use the generator?">
    Yes. If `title` is omitted, Rootly generates one automatically and marks it as auto-generated (`title_autogenerated: true`).
  </Accordion>

  <Accordion title="Can the generator produce more than two-word titles?">
    Not currently. Titles always follow the adjective + noun format unless manually edited or overwritten by AI.
  </Accordion>

  <Accordion title="Does the generator affect external system titles (PagerDuty, Opsgenie)?">
    External integrations may use the summary instead when the title is autogenerated. Severity may also be prefixed automatically.
  </Accordion>
</AccordionGroup>


# Incident Lifecycle
Source: https://docs.rootly.com/incidents/incident-lifecycle

Understand each Rootly incident lifecycle stage from triage through closure, including status transitions, timestamps, and default fields.

### Overview

Rootly models every incident using a sequence of lifecycle stages that reflect how teams actually discover, assess, respond to, and close out operational issues. Each stage corresponds to an **incident status**, and Rootly automatically records timestamps as incidents progress. These statuses power automation, analytics, retrospectives, and help teams maintain a clean, consistent operational process.

<Info>
  Each lifecycle transition can be made from the web UI or via Slack commands such as `/rootly mitigate`, `/rootly resolve`, and `/rootly cancel`. Rootly automatically records the appropriate timestamp with every status change.
</Info>

### Triage

Incidents frequently begin with incomplete or ambiguous signals.\
The **Triage** status is designed for these early situations where something may be wrong, but responders are not yet certain. Entering Triage keeps notifications limited so teams can investigate without alarming broader stakeholders.

**How to enter Triage:**

* When creating an incident, select the **Mark as In Triage** checkbox
* Or update the status from Slack or the web UI

**Data value:** `in_triage`\
**Timestamp:** `in_triage_at` (only recorded if the incident actually enters Triage)

<Frame>
  <img alt="Document image" />
</Frame>

<Tip>
  Triage helps contain blast radius and ensures only key responders are involved before an issue is fully confirmed.
</Tip>

### Started

Once responders confirm the issue is real, the incident progresses to the **Started** status. This is the point where coordinated response begins—roles are assigned, communication channels open, and early hypotheses are formed.

**How to enter Started:**

* Leave **Mark as In Triage** **unchecked** during incident creation
* Or move from Triage → Started in the UI or via Slack

**Data value:** `started`\
**Timestamp:** `started_at`

<Frame>
  <img alt="Document image" />
</Frame>

<Check>
  If you skip Triage during creation, Rootly sets the incident directly to Started.
</Check>

### Detected *(Optional)*

Some teams track the moment an issue was first **noticed**, separate from when response formally began.

**Data value:** `detected`\
**Timestamp:** `detected_at`

<Info>
  Captured detection time supports metrics like MTTD (Mean Time To Detect).
</Info>

### Acknowledged *(Optional)*

Acknowledgement indicates a specific responder has taken ownership, which pauses escalations and clarifies responsibility even before major status transitions occur.

**Data value:** `acknowledged`\
**Timestamp:** `acknowledged_at`

### Mitigated

An incident becomes **Mitigated** when the immediate impact has been contained. Users may still be affected, but the issue is no longer actively worsening. This is common when temporary fixes, failovers, or emergency controls are applied.

**How to enter Mitigated:**

* Use the **Mitigate** button
* Or run `/rootly mitigate` in Slack

**Data value:** `mitigated`\
**Timestamp:** `mitigated_at`

<Frame>
  <img alt="Document image" />
</Frame>

<Tip>
  If the incident moves straight to Resolved without entering Mitigated, Rootly automatically sets `mitigated_at` equal to `resolved_at` so analytics remain accurate.
</Tip>

### Resolved

An incident is **Resolved** when the underlying issue has been fixed and service impact is no longer present.\
This moment typically triggers stakeholder updates and begins the retrospective process.

**How to enter Resolved:**

* Click **Resolve**
* Or run `/rootly resolve` in Slack

**Data value:** `resolved`\
**Timestamp:** `resolved_at`

<Frame>
  <img alt="Document image" />
</Frame>

<Check>
  Many teams configure workflows that automatically generate a Retrospective when an incident reaches Resolved.
</Check>

### Closed

While **Resolved** means “the system is fixed,” **Closed** means “all follow-up work is complete.”\
This includes finishing retrospectives, verifying action items, and closing out communications.

**Data value:** `closed`\
**Timestamp:** `closed_at`

<Info>
  Use Closed to separate **technical completion** from **process completion**.
</Info>

### Cancelled

A **Cancelled** incident represents a false positive or the identification of a duplicate.\
It prevents unnecessary responder work and keeps analytics clean.

**How to enter Cancelled:**

* Use the **Cancel Incident** button
* Or run `/rootly cancel`
* **Available only when the incident is in Triage**

**Data value:** `cancelled`\
**Timestamp:** `cancelled_at`

<Frame>
  <img alt="Document image" />
</Frame>

<Warning>
  Cancelled incidents do not continue through the lifecycle. Only cancel when the event is truly non-actionable or duplicated.
</Warning>

### Planned Maintenance *(Optional)*

Rootly can model planned or controlled [operational work.](https://rootly.com/changelog/planned-maintenance-made-easier)\
Scheduled incident lifecycle values include:

* **planning** — defining scope
* **scheduled** — approved window (`scheduled_for`, `scheduled_until`)
* **in\_progress** — work underway
* **completed** — work finished
* **verifying** — final checks

This allows scheduled maintenance to be tracked with the same rigor as unplanned incidents.

### Timeline

Every incident includes a **Timeline**, which organizes all key moments—status changes, role assignments, workflow actions, Slack updates, alerts, and manual entries—into a coherent narrative.

<Tip>
  Timeline entries can be added via Slack, the Rootly web UI, email-to-incident, or automations. This makes retrospectives dramatically easier.
</Tip>

### Status Overview

| Status         | Data Value     |  Timestamp Field  |
| :------------- | :------------- | :---------------: |
| Triage         | `in_triage`    |   `in_triage_at`  |
| Started        | `started`      |    `started_at`   |
| Detected\*     | `detected`     |   `detected_at`   |
| Acknowledged\* | `acknowledged` | `acknowledged_at` |
| Mitigated      | `mitigated`    |   `mitigated_at`  |
| Resolved       | `resolved`     |   `resolved_at`   |
| Closed         | `closed`       |    `closed_at`    |
| Cancelled      | `cancelled`    |   `cancelled_at`  |

\*Optional depending on workflow usage.

### FAQ

<AccordionGroup>
  <Accordion title="What status should I use when I'm not sure an issue is an incident yet?">
    Use **Triage**. It limits notifications and keeps early investigation to a small responder group.\
    Use **Started** only once you are confident the issue is real.
  </Accordion>

  <Accordion title="Can I start an incident directly in the Started status?">
    Yes. If you leave **Mark as In Triage** **unchecked** during creation, Rootly will set the incident directly to **Started**.
  </Accordion>

  <Accordion title="Do I have to use Mitigated?">
    No. Mitigated is optional, but recommended. If you skip it and go straight to **Resolved**, Rootly will automatically set `mitigated_at = resolved_at` to preserve accurate analytics.
  </Accordion>

  <Accordion title="What is the difference between Resolved and Closed?">
    * **Resolved** = the technical issue is fixed
    * **Closed** = all follow-up work (retrospectives, action items, communication, cleanup) is complete

    Teams often resolve incidents quickly but close them later.
  </Accordion>

  <Accordion title="Can I add custom lifecycle statuses?">
    Yes—Rootly supports additional operational statuses such as **Detected**, **Acknowledged**, and **Scheduled Maintenance** states (`planning`, `scheduled`, `in_progress`, etc.). These are optional and configurable based on your workflow.
  </Accordion>

  <Accordion title="Where should I track follow-up actions?">
    Use **Action Items** or attach tasks directly from the incident.\
    Once these are complete, set the incident to **Closed**.
  </Accordion>
</AccordionGroup>

|   |
| - |


# Creating Sub-Incidents
Source: https://docs.rootly.com/incidents/incident-operations/creating-sub-incident

Learn how to split large incidents into sub-incidents for better organization across multiple teams, with workflow automation support.

### Overview

For larger or cross-functional incidents, you may want to break work into **sub-incidents**.\
A sub-incident allows a team to investigate, coordinate, and track their scope independently—while maintaining shared context with the parent incident.

Each parent incident can have **multiple sub-incidents**.

<Frame>
  <img alt="Creating sub-incidents overview" />
</Frame>

***

### What Is a Sub-Incident?

A sub-incident is a normal incident that is linked to a parent using `parent_incident_id`.\
Rootly automatically assigns the sub-incident a kind based on its parent:

* `normal_sub`
* `test_sub`
* `scheduled_sub`

<Info>
  Sub-incidents are **not** the same as duplicate incidents.\
  Duplicates link via `duplicate_incident_id` and do *not* form a hierarchy.
</Info>

***

### Restrictions

* Sub-incidents **cannot be split further** (no nested sub-incidents).
* A sub-incident **must have** a parent incident.
* You cannot create a sub-incident **from an existing sub-incident**.
* Some UI options (like “Attach to Parent Incident”) only appear when:
  * The incident is not already a sub-incident
  * It has no existing sub-incidents
  * You have permission to create incidents

***

### Creating Sub-Incidents

Rootly supports creating sub-incidents through two interfaces:

1. **Slack** – Use commands such as `/rootly sub`, `/rootly split`, `/rootly fork`, or `/rootly swimlane`\
   → [**See the Slack guide →**](/incidents/incident-operations/slack-creating-a-sub-incident)
2. **Web** – Use **Create Sub-Incident** or **Attach to Parent Incident** from the incident menu\
   → [**See the Web guide →**](/incidents/incident-operations/web-creating-a-sub-incident)

***

#### Slack Creation

Use any of the following commands in the **parent incident’s Slack channel**:

```
/rootly split
/rootly sub
/rootly fork
/rootly swimlane
```

This opens the **Create Sub-Incident** modal, already linked to the parent.

Slack enforces:

* You must be in an incident channel
* The parent cannot itself be a sub-incident
* You must have permission to create incidents

<Info>
  Slack-created sub-incidents use the same logic as Web-created sub-incidents, including workflow triggers and automatic Slack-channel creation (when enabled).
</Info>

***

#### Web Creation

From the parent incident:

* Click **…** → **Create Sub-Incident**, or
* Use **Attach to Parent Incident** to convert an existing incident into a sub-incident

<Frame>
  <img alt="Creating sub-incident in web" />
</Frame>

When attaching an existing incident, Rootly updates its kind and sets its parent relationship.

***

### What Gets Inherited?

Depending on your configuration, sub-incidents may inherit:

* Severity
* Status
* Privacy settings
* Incident types
* Attached services, functionalities, environments
* Teams / groups
* Jira epic or Google Drive folder links
* Slack channel creation settings
* Parent → sub or sub → parent timeline syncing (feature-flag dependent)

<Info>
  When **timeline syncing** is enabled, updates may automatically propagate between related incidents—excluding internal-only events.
</Info>

***

### Configuring Workflows for Sub-Incidents

Sub-incidents are fully compatible with Rootly Workflows.

To target sub-incidents, set a workflow condition such as:

```
Kind → is one of → normal_sub, test_sub, scheduled_sub
```

Use cases include:

* Creating role assignments for sub-incident teams
* Syncing updates to the parent incident
* Auto-generating investigative tasks
* Auto-creating a Slack channel for each sub-incident

***

### Best Practices

* **Use sub-incidents to delegate ownership** to teams like SRE, Security, or Networking.
* **Keep the parent incident customer-facing**, using sub-incidents to track internal workstreams.
* **Use workflows to create structure**, such as templated tasks, roles, or Slack-channel creation.
  * Use the `Create a sub incident` Workflow Action to automatically create a sub-incident for specific scenarios, like being able to coordinate with stakeholders outside of your engineering response teams. [See this in action here](https://www.loom.com/share/e6f038a78d8e4dec8a51c06e557e4298).
* **Avoid unnecessary splitting**—small tasks can often stay in the parent incident.
* **Name sub-incidents cleanly and consistently**, reflecting the scope of work.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="I don’t see the option to create a sub-incident">
    This occurs when:

    * The incident is **already a sub-incident**
    * It has its **own sub-incidents**
    * You do not have **permission to create incidents**
  </Accordion>

  <Accordion title="Slack says the incident cannot be split">
    Slack prevents splitting when:

    * You are not in an incident channel
    * The incident is a **sub-incident**
    * You lack required permissions
  </Accordion>

  <Accordion title="My sub-incident didn’t inherit fields">
    Inheritance depends on:

    * Feature flags (parent/sub sync)
    * Workflows that override defaults
    * Creation method (Slack vs Web)
    * Privacy restrictions
  </Accordion>

  <Accordion title="Timeline updates are not syncing">
    Timeline syncing requires:

    * `enable_parent_and_sub_incident_sync` feature flag
    * `parent_to_sub_incident_sync` enabled on the incident\
      Only **non-internal** timeline events sync.
  </Accordion>

  <Accordion title="Unable to attach an existing incident as a sub-incident">
    This happens when:

    * The incident is already a sub-incident
    * It has existing sub-incidents
    * It is a scheduled maintenance incident
    * Permissions prevent linking
  </Accordion>
</AccordionGroup>


# Marking Incidents as Duplicate
Source: https://docs.rootly.com/incidents/incident-operations/marking-as-duplicate

Mark incidents as duplicates in Rootly to consolidate response efforts via the web UI, Slack, or API, with auto-cancellation support and parent linking.

### How Duplicate Incidents Work

During fast-moving operational issues, teams may accidentally create multiple incidents describing the same underlying problem. Rootly allows you to **mark one incident as the duplicate of another**, ensuring responders align around a single source of truth.

When an incident is marked as a duplicate:

* The *duplicate* incident is linked to a *canonical* (primary) incident
* The duplicate’s timeline records the change
* Workflows, alerts, and Slack channels can consolidate under the primary incident
* Optionally, the duplicate incident can be automatically **cancelled**

This helps reduce fragmentation, avoid duplicate work, and maintain accurate historical records.

<Info>
  Duplicate incidents use a dedicated field (`duplicate_incident_id`) and are **not** the same as sub-incidents, which use `parent_incident_id`.
</Info>

***

### Why Mark Incidents as Duplicate

Teams benefit from merging duplicates because it:

* Ensures responders focus on the correct incident
* Reduces conflicting updates or duplicated communication
* Clarifies ownership and priority
* Simplifies retrospectives and reporting
* Maintains a clean incident list without losing context

Typical scenarios include:

* Multiple teams declare the same outage simultaneously
* Monitoring tools trigger multiple detection paths
* Slack responders create overlapping incidents during triage

***

### What Happens When You Mark an Incident as Duplicate

When you mark Incident A as a duplicate of Incident B:

* Incident A becomes linked to Incident B
* A timeline entry is added to Incident A
* Slack responders receive a confirmation message
* (Optional) Incident A is automatically **cancelled** and any attached alerts are resolved
* The “Duplicate of …” banner appears in the duplicate incident UI

This ensures full transparency on how and why incidents were consolidated.

<Info>
  Auto-cancellation is enabled by default when marking a duplicate but can be turned off during the action.
</Info>

***

### Where You Can Manage Duplicates

#### **In the Web Interface**

From an incident, open the action menu and select **Mark as Duplicate**.\
You can then:

* Search for the canonical incident
* Choose whether to auto-cancel the duplicate
* Add a cancellation reason for context

A redirect takes you to the canonical incident after completion.

[Learn how to mark duplicates via Web →](/incidents/incident-operations/web-marking-as-duplicate)

***

#### **In Slack**

Use one of the supported commands:

* **`/rootly dup`**
* **`/rootly duplicate`**

This opens a modal where you can:

* Select the canonical incident
* Provide a cancellation reason
* Enable/disable auto-cancel

Slack posts a confirmation message to the duplicate’s channel when completed.

<Info>
  Duplicate marking is not available for scheduled maintenance incidents.
</Info>

[Learn how to mark duplicates via Slack →](/incidents/incident-operations/slack-marking-as-duplicate)

***

### API Support

You can also mark incidents as duplicates programmatically using:

```
POST /api/v1/incidents/:id/duplicate
```

Supported attributes include:

* `duplicate_incident_id`
* `auto_cancel_incident`
* `reason_for_cancellation`

Rootly updates the relationship and adds a timeline entry automatically.

<Info>
  API duplicate linking does not automatically resolve attached alerts—this behavior is only available via Slack or Web.
</Info>

***

### Best Practices

* **Always consolidate early**\
  Merge duplicate incidents as soon as duplication is detected to reduce confusion.

* **Use auto-cancel thoughtfully**\
  Cancelling duplicates keeps your incident list clean, but you may leave them open temporarily during complex triage.

* **Write clear cancellation reasons**\
  Adds helpful context for retrospectives and audit history.

* **Educate responders on Slack commands**\
  Many duplicates are resolved faster when responders use `/rootly dup`.

* **Review duplicate patterns**\
  Repeated duplicates may highlight monitoring or workflow tuning opportunities.

***

### FAQ

<AccordionGroup>
  <Accordion title="What is the difference between a duplicate and a sub-incident?">
    Duplicate incidents refer to the **same problem**, while sub-incidents represent **related but distinct workstreams**.
  </Accordion>

  <Accordion title="Can a duplicate be re-opened as a normal incident?">
    Yes. Edit the incident to remove the duplicate relationship and update the status.
  </Accordion>

  <Accordion title="Can I mark an incident as duplicate of a private incident?">
    Yes, but only if you have permission to view the target incident.
  </Accordion>

  <Accordion title="Who can mark incidents as duplicates?">
    Any responder with **update** permission on the incident (including private-incident permissions when relevant).
  </Accordion>

  <Accordion title="Does marking as duplicate merge timelines?">
    No. Timelines remain separate, but all future response activity should occur in the canonical incident.
  </Accordion>
</AccordionGroup>


# Scheduling Maintenance Incidents
Source: https://docs.rootly.com/incidents/incident-operations/scheduling-a-maintenance-incident

Learn how to schedule and manage maintenance incidents for planned service interruptions, including Slack channel creation and status page integration.

<iframe title="Loom video player" />

Maintenance incidents allow your teams to plan, coordinate, and communicate progress of your planned downtime and maintenance windows.

Create a Maintenance Incident in the Rootly web app under **Incidents** > **Maintenance**. 

<Info>
  Rootly does not automatically generate a Slack channel for Maintenance Incidents. Create one by selecting the Slack icon under the incident title in the web app.
</Info>

After the maintenance incident has been created, share it on your [Status Pages](https://docs.rootly.com/configuration/status-pages).

# Schedule a Maintenance Incident from the web app

<Steps>
  <Step title="Step 1">
    Go to **Incidents > Maintenance** and click **Schedule Maintenance** in the top-right corner.

    <img alt="Clean Shot2025 11 18at16 09 01@2x Pn" />
  </Step>

  <Step title="Step 2">
    Fill in the *Maintenance Incident* form. If you want to gather more details, the form can be completely customized in the **Configuration** > **Forms** section of the web application.

    <img alt="Maintenance incident web form." />

    The default *Maintenance Incident* form includes:

    | Field                                                               | Content                                                                                      |
    | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
    | Title                                                               | Title of the incident. This will be used to create the channel name along with today's date. |
    | Summary                                                             | A summary of the incident.                                                                   |
    | [Severity](https://docs.rootly.com/configuration/severities)        | Defaults: Severity level from SEV3 to SEV0.                                                  |
    | [Type](https://docs.rootly.com/configuration/incident-types)        | The type of incident. Defaults: Cloud, Security, Customer facing, Default.                   |
    | [Services](https://docs.rootly.com/configuration/services#services) | The service or services impacted.                                                            |
  </Step>

  <Step title="Step 3">
    Click **Create Incident** to save.

    <img alt="Clean Shot2025 11 18at16 11 18@2x Pn" />
  </Step>
</Steps>

# Schedule a Maintenance Incident from Slack

<Steps>
  <Step title="Step 1">
    Enter the Slack command **/rootly maintenance**. Press *enter* or click *the paper plane icon* to run the command and open the *maintenance incident* form.
  </Step>

  <Step title="Step 2">
    Fill in the *maintenance incident* form. *Scheduled for* and *Scheduled until* dates and times are required.

    <img alt="Maintenance incident Slack form." />

    Most of the fields in the *maintenance incident* form can be customized and new fields can be added. If you want to gather more details, the form can be completely customized in the **Configuration** > **Forms** section of the web application.

    The default *maintenance incident* form includes:

    | Field                                                               | Content                                                                                      |
    | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
    | Title                                                               | Title of the incident. This will be used to create the channel name along with today's date. |
    | Summary                                                             | A summary of the incident.                                                                   |
    | [Severity](https://docs.rootly.com/configuration/severities)        | Defaults: Severity level from SEV3 to SEV0.                                                  |
    | [Type](https://docs.rootly.com/configuration/incident-types)        | The type of incident. Defaults: Cloud, Security, Customer facing, Default.                   |
    | [Services](https://docs.rootly.com/configuration/services#services) | The service or services impacted.                                                            |
  </Step>

  <Step title="Step 3">
    Click **Schedule** to save.

    <img alt="New maintenance incident notification in Slack." />

    The maintenance incident is now available in the Rootly web app. To manage the incident in Slack, select *View in Rootly,* then click the Slack icon under the incident title.
  </Step>
</Steps>

# Update a maintenance incident

## **Change the status**

<img alt="Clean Shot2025 11 18at16 14 43@2x Pn" />

Maintenance incidents can have the following statuses:

* Planning
* Scheduled
* In Progress
* Verifying
* Completed
* Cancelled

Change the status by clicking **Incident Status** in the top-right corner, or in Slack using the `/rootly status` command.

## **Update details** 

Click **Edit** in the top-right corner to update the incident.

Default fields include:

| Field                                                                                    | Content                                                                                                                               |
| ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| Scheduled start and end time                                                             | The planned time for the maintenance to take place.                                                                                   |
| Title                                                                                    | The title of the maintenance incident. This will only be visible in the Rootly web app or the incident Slack channel (if applicable). |
| [Severity](https://docs.rootly.com/configuration/severities)                             | Defaults: Severity level from SEV3 to SEV0.                                                                                           |
| [Type](https://docs.rootly.com/configuration/incident-types)                             | The type of incident. Defaults: Cloud, Security, Customer facing, Default.                                                            |
| [Services](https://docs.rootly.com/configuration/services#services)                      | The service or services impacted.                                                                                                     |
| [Environments](https://docs.rootly.com/configuration/environments)                       | The environment the incident will impact. E.g. Dev or Production.                                                                     |
| [Functionalities](https://docs.rootly.com/configuration/functionalities#functionalities) | Specific functionalities impacted. E.g. Checkout or Search.                                                                           |
| [Teams](https://docs.rootly.com/configuration/teams#teams)                               | The relevant teams involved in this maintenance incident.                                                                             |

The form can be edited from **Configuration** > **Forms & Fields** > **Update Maintenance Incident.**

## **Assign Roles**

Pre-assign roles to this maintenance incident by selecting "Assign Roles" under the incident title.

<img alt="Clean Shot2025 11 18at16 16 42@2x Pn" />

## **Create a Slack channel**

Select the Slack icon under the incident title to create a Slack channel for this maintenance incident.

<img alt="Clean Shot2025 11 18at16 16 59@2x Pn" />

# Publish your maintenance incident to a status page

Communicate your upcoming and active maintenance windows to your stakeholders through the Rootly Status Page.

Navigate to your maintenance window, select the **Status Page** tab, then **Publish Incident**.

<img alt="Clean Shot2025 11 18at16 20 31@2x Pn" />

Select the status page you'd like to publish an update to and fill in the subsequent information to include in the update.

Rootly will automatically surface any Maintenance Windows at the top of the status page.

<img alt="Clean Shot2025 11 18at16 23 30@2x Pn" />

Further, any services attached to your Maintenance Window will automatically be shown as **In Maintenance** if the update published to the status page is either **In Progress** or **Verifying.**

<img alt="Clean Shot2025 11 18at16 24 14@2x Pn" />

<Info>
  To give you full control over how maintenance windows are communicated to your stakeholder, Rootly will not automatically update your status page based on the maintenance incident's current status: updates must be manually published to the status page.
</Info>

# Building workflows for maintenance incidents

You can build automations for your Maintenance Incidents using [Rootly's Workflow builder](/workflows/incident-workflows). Follow the instructions to create a workflow in the linked documentation.

To create a workflow specific to Maintenance Windows, ensure your workflow has a **Kind** condition set to **Scheduled Maintenance** so that the workflow will only fire on your maintenance incidents.

<img alt="Clean Shot2025 11 18at16 30 08@2x Pn" />

# Converting a maintenance incident

Sometimes, unexpected complexity might occur during your maintenance incident, and it requires a regular incident to be declared.

Rootly lets you convert an existing maintenance incident into a regular incident directly in Rootly Web, or via Slack.

## Converting to a regular incident on web

While viewing your Maintenance Incident on web, select (...), then **Convert to incident**.

<img alt="Clean Shot2025 06 18at13 52 12@2x Pn" />

Clicking on this button will trigger your Rootly **Create Incident** form, as well as a 'Reason for conversion' field for your commanders to fill out to give additional context for why the incident is being converted. The information provided in this field will be added to the incident's timeline.

## Converting to a regular incident on Slack

To convert your maintenance incident on Slack, in your maintenance incident's Slack channel use the `/rootly convert maintenance` command.

<img alt="Clean Shot2025 06 18at14 03 35@2x Pn" />

This will trigger your Rootly **Create Incident** form, as well as a 'Reason for conversion' field for your commanders to fill out to give additional context for why the incident is being converted. The information provided in this field will be added to the incident's timeline.

Once your maintenance incident is converted to a regular incident, all of your related automations and workflows will trigger much like they do when a new incident is created.


# Creating Sub-Incidents via Slack
Source: https://docs.rootly.com/incidents/incident-operations/slack-creating-a-sub-incident

Create sub-incidents directly from Slack incident channels using the /rootly sub command and interactive dialog to track related issues separately.

### Overview

Create sub-incidents directly from an incident’s Slack channel using Rootly slash commands.\
Sub-incidents help teams split large or cross-functional incidents into focused workstreams while keeping everything tied back to the parent incident.

***

### Restrictions

Sub-incident creation is only available when:

* You run the command **inside an incident channel**
* The incident is **not already a sub-incident**
* You have **permission to create incidents**
* The incident has no restrictions (e.g., cannot split a sub-incident)

If these conditions are not met, Slack will show an appropriate error.

***

### How to Create a Sub-Incident in Slack

#### 1. Run the sub-incident command

In the parent incident channel, type **any** of the following:

```
/rootly sub
/rootly split
/rootly fork
/rootly swimlane
```

These commands all trigger the **Create Sub-Incident** dialog.

<Frame>
  <img alt="Sub-incident Slack dialog" />
</Frame>

***

#### 2. Complete the creation dialog

Fill in the incident fields as you normally would.\
Rootly automatically links the new incident as a **sub-incident** of the channel you ran the command from.

After submitting, Slack will confirm that the sub-incident has been created:

<Frame>
  <img alt="Sub-incident created confirmation" />
</Frame>

You’ll then see a reference to the new sub-incident in the parent incident’s summary, Slack channel, and web interface.

***

### What Happens Behind the Scenes

Rootly automatically:

* Sets the new incident’s **parent\_incident\_id**
* Assigns a sub-incident kind (e.g., `normal_sub`, `scheduled_sub`)
* Attributes the creation to **Slack**
* Optionally creates a **Slack channel** for the sub-incident (team settings apply)
* Triggers any workflows conditioned on\
  `Kind → is one of → normal_sub / scheduled_sub / test_sub`

<Info>
  Sub-incidents created via Slack behave exactly the same as those created in the Web UI.\
  They inherit parent properties depending on your workspace configuration and feature flags.
</Info>

***

### Demo

<iframe />

***

### Best Practices

* **Use sub-incidents to divide ownership** across SRE, Security, Networking, or other teams.
* **Keep the parent incident customer-facing** while sub-incidents track internal or deep-dive workstreams.
* **Use workflows to automate structure**, such as creating roles or tasks for each new sub-incident.
* **Name sub-incidents clearly** to reflect their specific investigative track.
* Avoid splitting unless the scope is meaningfully distinct—small tasks are usually better captured as action items.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="“This command can only be used in an incident channel”">
    Slack restricts `/rootly sub` to **incident channels only**.\
    Run the command inside the relevant incident channel.
  </Accordion>

  <Accordion title="“Cannot split a sub-incident”">
    Sub-incidents cannot be split further.\
    Create sub-incidents **from parent incidents only**.
  </Accordion>

  <Accordion title="“Not authorized to create incidents”">
    Your role does not have permission to create incidents.\
    Contact your Rootly admin to update your permissions.
  </Accordion>

  <Accordion title="Nothing happens after submitting the dialog">
    This may occur if:

    * Required fields were left blank
    * Your Slack integration is temporarily disconnected
    * Your team has restricted sub-incident creation via feature flags
  </Accordion>

  <Accordion title="The sub-incident doesn’t show in the parent incident UI">
    Ensure that:

    * The originating channel was the correct **parent incident channel**
    * The parent incident is not archived or cancelled
    * The sub-incident was created successfully (Slack will show a confirmation)
  </Accordion>
</AccordionGroup>


# Marking Incidents as Duplicate via Slack
Source: https://docs.rootly.com/incidents/incident-operations/slack-marking-as-duplicate

Mark incidents as duplicates from Slack incident channels using the /rootly dup command to consolidate response efforts and avoid scattered chats.

You can mark an incident as a duplicate directly from Slack using a simple slash command. This helps consolidate related incidents quickly and keep responders aligned in a single source of truth.

<Info>
  This operation links the current incident to a **canonical incident** via `duplicate_incident_id`.\
  This is separate from **sub-incidents**, which use `parent_incident_id`.
</Info>

***

## Mark a Duplicate in Slack

In any **incident Slack channel**, type:

```
/rootly dup
```

or

```
/rootly duplicate
```

<Frame>
  <img alt="Slack duplicate modal" />
</Frame>

A modal opens allowing you to select the original incident and configure cancellation options.

***

## Modal Fields

The Slack modal includes:

* **Assign to Incident** — search for the canonical incident
* **Auto Cancel Current Incident** — optional toggle (on by default)
* **Summary (reason for cancellation)** — optional free text, added to the timeline

<Info>
  Slack enforces the same permissions as the web interface.\
  You must be able to **update** the incident to mark it as a duplicate.
</Info>

***

## What Happens After Submission

When you confirm the duplicate:

* The current incident is linked to the selected original incident
* A non-editable **timeline entry** is created
* Slack posts a confirmation message in the duplicate’s channel (if applicable)
* If **Auto Cancel** is enabled:
  * The duplicate is cancelled
  * Alerts attached to the duplicate are resolved automatically
  * Slack posts a “Duplicate incident detected” message

<Info>
  Rootly also updates Slack summaries and workflows that rely on incident lifecycle changes.
</Info>

***

## Best Practices

* **Run the command from the incident channel**\
  Slack automatically associates the action with the incident the channel is tied to.

* **Use the canonical incident with the most context**\
  Choose the incident that contains the most accurate investigation details or customer-facing messaging.

* **Provide a clear cancellation summary**\
  This helps responders understand why context moved and assists retrospectives.

* **Auto-cancel when appropriate**\
  This prevents duplicate incidents from remaining open and triggering unnecessary automations.

* **Avoid marking scheduled maintenance as duplicates**\
  Slack prevents this automatically, since maintenance incidents follow different lifecycle rules.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="“This command cannot be used here”">
    You must run `/rootly dup` inside a **Rootly incident Slack channel**.\
    The command will not work in normal or private Slack channels.
  </Accordion>

  <Accordion title="The modal does not open">
    Possible reasons:

    * You do not have **update** permissions on the incident
    * The incident is a **scheduled maintenance incident** (duplicates are disallowed)
    * The incident is **already marked as a duplicate**
  </Accordion>

  <Accordion title="The original incident doesn’t appear in the dropdown">
    Slack only shows incidents you have permission to view.\
    Private or restricted incidents may not appear unless you have the required access.
  </Accordion>

  <Accordion title="The incident did not auto-cancel">
    Common causes:

    * Auto-cancel was toggled **off**
    * The incident was already cancelled
    * Slack permissions prevented cancellation
    * Workflow or feature flags restricting cancellation were active
  </Accordion>

  <Accordion title="Slack did not post a confirmation message">
    This can occur when:

    * Slack is not integrated or connected for your team
    * The duplicate incident has **no Slack channel**
    * Notifications are suppressed by workspace settings
  </Accordion>
</AccordionGroup>


# Creating Sub-Incidents via Web Interface
Source: https://docs.rootly.com/incidents/incident-operations/web-creating-a-sub-incident

Create sub-incidents through the Rootly web interface using the incident menu and creation form to track related child issues under a parent incident.

### How It Works

You can create a sub-incident directly from an existing incident in the Rootly web interface.\
This is useful when multiple teams need to investigate different parts of a larger incident while keeping everything linked and coordinated.

***

### Step 1 — Open the Sub-Incident Action

In any parent incident, click the **⋯ (More)** menu next to the incident title or status.\
You will see **Create Sub-Incident** when:

* The incident is **not already a sub-incident**
* The incident is **not a scheduled maintenance incident**
* You have **permission to create incidents**

<Frame>
  <img alt="Create Sub-Incident from menu" />
</Frame>

***

### Step 2 — Complete the Sub-Incident Form

Selecting **Create Sub-Incident** opens the standard **New Incident** form.\
Rootly automatically injects a hidden `parent_incident_id`, ensuring the new incident is created as a sub-incident.

You can customize:

* Summary
* Severity
* Impacted services & functionalities
* Roles, assignees, and metadata
* Any fields defined in **Configuration → Forms & Fields**

<Frame>
  <img alt="Sub-incident creation form" />
</Frame>

Click **Create Incident** to finish.

***

### What Happens After Creation

Once saved:

* The new incident becomes a **sub-incident** of the parent
* Its **kind** is automatically derived (e.g., `normal_sub`, `scheduled_sub`)
* The parent incident displays a **Sub-Incidents** panel linking to all sub-incidents

<Info>
  Sub-incidents cannot themselves create further sub-incidents.\
  They represent the lowest level in an incident hierarchy.
</Info>

***

### Optional: Attach an Existing Incident as a Sub-Incident

If you already have an incident you want to convert into a sub-incident:

1. Open the child incident
2. Go to **⋯ → Attach to Parent Incident**
3. Choose a parent incident from the autocomplete search
4. Save

This option appears only when:

* The incident is **not already a sub-incident**
* It has **no sub-incidents of its own**
* You have permission to create incidents

***

### Best Practices

* **Use sub-incidents when multiple teams or domains are involved**\
  Helps isolate workstreams while maintaining a unified parent incident.

* **Keep naming clear and scoped**\
  Example: “Database Failover Sub-Incident (SRE)” or “Authentication Latency (Identity Team)”.

* **Enable workflows**\
  Many teams auto-assign roles, create tasks, or spin up Slack channels for sub-incidents.

* **Avoid unnecessary sub-incidents**\
  If the effort is small or tightly scoped, keep work in the main incident.

* **Review sub-incidents together during retrospectives**\
  They provide excellent insight into how different teams contributed to resolution.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="I don’t see the 'Create Sub-Incident' option">
    This usually occurs when:

    * The incident is **already a sub-incident**
    * The incident is a **scheduled maintenance incident**
    * You lack **create incident** permissions
    * Your team has feature restrictions
  </Accordion>

  <Accordion title="I can't attach an existing incident to a parent">
    This happens if:

    * The incident **already has a parent**
    * It has its **own sub-incidents** (nested sub-incidents are not allowed)
    * The incident was created as **scheduled maintenance**
    * You don’t have adequate permissions
  </Accordion>

  <Accordion title="The wrong fields were inherited">
    Inheritance varies depending on:

    * Workflow automation
    * Feature flags (e.g., parent/sub synchronization)
    * Privacy rules
    * Origin of creation (Slack vs Web)
  </Accordion>

  <Accordion title="Timeline syncing is not working">
    Timeline sync requires:

    * `enable_parent_and_sub_incident_sync` feature flag
    * `parent_to_sub_incident_sync` enabled on the incident\
      Only **non-internal** timeline events sync across related incidents.
  </Accordion>
</AccordionGroup>


# Marking Incidents as Duplicate via Web Interface
Source: https://docs.rootly.com/incidents/incident-operations/web-marking-as-duplicate

Learn how to mark incidents as duplicates in the Rootly web interface, including selecting the primary incident and optional auto-cancellation.

Marking an incident as a duplicate helps consolidate response efforts when multiple responders report the same issue. The Web UI provides a simple modal to link the current incident to its canonical incident and optionally auto-cancel it.

<Info>
  Duplicate incidents use a dedicated **duplicate\_incident\_id** relationship and are separate from sub-incidents, which use **parent\_incident\_id**.
</Info>

***

## Mark a Duplicate via the Web UI

<Steps>
  <Step title="Step 1 — Open the duplicate dialog">
    In the top-right corner of the incident page, click the **⋯** menu and select **Mark as Duplicate**.

    <Frame>
      <img alt="Open the Mark as Duplicate action" />
    </Frame>

    <Info>
      This option appears only when the incident is not already a duplicate and you have permission to update the incident.
    </Info>
  </Step>

  <Step title="Step 2 — Choose the original incident">
    In the modal, search for and select the **original (canonical)** incident.\
    This is the incident the current one will be linked to.

    You can also:

    * **Auto-cancel** the duplicate (enabled by default)
    * Provide a **reason for cancellation**, which appears in the timeline

    <Frame>
      <img alt="Duplicate modal with incident selector and auto-cancel toggle" />
    </Frame>
  </Step>

  <Step title="Step 3 — Confirm the action">
    Click **Confirm** to save your changes.

    Rootly will:

    * Link the incident as a duplicate
    * Add a timeline entry
    * Post a notification to the duplicate’s Slack channel (if Slack is connected)
    * Cancel the duplicate (if enabled)
    * Redirect you to the original incident
  </Step>
</Steps>

***

## What Happens After Marking a Duplicate

* The duplicate incident displays **“Duplicate of …”** at the top of the page
* A non-editable timeline entry records who performed the action and why
* Auto-cancel will:
  * Move the incident to **Cancelled**
  * Resolve all attached alerts automatically
* Slack responders are notified if the Slack integration is active

<Info>
  Auto-cancel is recommended to reduce noise in reports and Slack channels, but you may disable it when the duplicate incident still contains useful investigation context.
</Info>

***

## Best Practices

* **Use “Mark as Duplicate” early**\
  Consolidating incidents right away helps reduce confusion across teams and channels.

* **Always designate a canonical incident**\
  The canonical incident should contain the most accurate timeline and central communication thread.

* **Provide a clear cancellation reason**\
  This helps responders understand why context moved and ensures retrospectives remain accurate.

* **Auto-cancel duplicate incidents when appropriate**\
  This prevents “ghost incidents” from appearing unresolved in dashboards or workflow triggers.

* **Avoid marking scheduled maintenance incidents as duplicates**\
  Maintenance windows follow different lifecycle logic and should remain separate.

* **Review duplicate frequency**\
  Frequent duplicates may indicate alerting issues, unclear runbooks, or multiple teams raising incidents for the same symptom.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="I don't see the 'Mark as Duplicate' option">
    * You may not have **update permission** for the incident.
    * The incident may already be marked as a duplicate.
    * Scheduled maintenance incidents cannot be marked as duplicates.
  </Accordion>

  <Accordion title="The original incident doesn't appear in the selector">
    * The incident you're looking for may be private and you may not have permission to view it.
    * The selector excludes the current incident automatically.
    * Try searching by title or ID.
  </Accordion>

  <Accordion title="The duplicate did not auto-cancel">
    * The auto-cancel toggle may have been turned off.
    * The incident may have already been cancelled.
    * Workflow restrictions or permissions may prevent auto-cancel in rare cases.
  </Accordion>

  <Accordion title="Slack did not post a confirmation message">
    * Slack may not be integrated for your team.
    * The duplicate incident may not have a Slack channel.
    * Notification settings may restrict posting confirmations.
  </Accordion>

  <Accordion title="My dashboards still show both incidents">
    Auto-cancel removes the duplicate from most active incident metrics.\
    If auto-cancel was disabled, manually cancel or close the duplicate to prevent clutter.
  </Accordion>
</AccordionGroup>


# Incident Roles Overview
Source: https://docs.rootly.com/incidents/incident-roles/incident-roles

Understand how incident roles provide structure, clarity, and accountability during incidents, and how they are managed in the Rootly web interface and Slack.

### How Incident Roles Work

Incident roles give teams a clear operating structure during an incident. By defining **who is responsible for what**, roles reduce confusion, accelerate response, and help responders coordinate effectively across tools.

Roles are visible throughout Rootly—in the incident sidebar, Slack summaries, workflows, and retrospectives—providing consistent clarity for everyone involved in the response.

This page introduces how roles work, why they matter, and where they fit across the incident lifecycle.

***

### Why Roles Matter

Most teams benefit from having predictable responsibilities during an incident. Roles help by:

* Establishing clear ownership for critical responsibilities
* Reducing duplication, conflicting work, or unclaimed tasks
* Helping new responders understand the command structure instantly
* Powering workflow automation (e.g., “notify the Communications Lead”)
* Improving retrospective clarity and accountability

Common examples include:

* **Incident Commander** – Leads the response, drives decisions
* **Technical Lead** – Owns investigation and mitigation
* **Communications Lead** – Handles internal/external updates
* **Scribe** – Captures decisions and incident notes
* **Customer Support Liaison** – Bridges engineering and support

<Info>
  Rootly role definitions are fully customizable. You can match them to your organization’s processes, staffing patterns, and terminology.
</Info>

***

### Where Roles Live in Rootly

#### **On the Incident Detail Page (Web UI)**

The **Roles** section shows the full list of defined roles and current assignees. Responders can:

* Assign or reassign role owners
* Remove owners
* Review historical ownership via the timeline
* Update responsibilities as the incident evolves

#### **In Slack**

If Slack is integrated, responders can manage roles directly inside the incident channel using:

* Slash commands
* Contextual role dialogs
* Buttons in the pinned incident overview
* Workflow-triggered assignment prompts

This keeps role management close to where real-time communication happens.

#### **In Workflows**

Roles can be automatically assigned using rules based on:

* Severity
* Impacted services
* Incident type
* On-call schedule
* Custom logic

Automation ensures important roles are filled immediately and consistently.

***

### How Roles Support the Response Process

Role assignments shape how Rootly orchestrates incident response:

* Timeline entries track all role changes
* Status updates, notifications, and communications reference current role owners
* Slack channel summaries update automatically when roles shift
* Retrospectives include full role history
* Permissions or visibility rules may depend on roles
* Workflow logic can target role owners with precision

<Info>
  Consistent role assignment increases the value of automation, improves communication clarity, and strengthens the command structure across incidents.
</Info>

***

### Where to Go Next

These pages will help you use and manage roles more effectively:

* **Manage via Slack** – How to assign roles, reassign owners, and use role dialogs inside Slack
* **Manage via Web Interface** – How to manage roles on the incident detail page
* **Incident Access & Permissions** – How roles can influence who can update or view incident details
* **Workflows** – How to automate role assignment based on triggers or incident conditions

***

### Best Practices

* **Define roles clearly**\
  A brief description ensures responders know exactly what each role owns.

* **Use single-owner roles for critical responsibilities**\
  Avoid ambiguity by ensuring one clear decision-maker per key role.

* **Automate what’s predictable**\
  Use workflows to assign roles like Incident Commander or Communications Lead based on severity or team on-call.

* **Reassign roles as conditions change**\
  Ownership should shift naturally if workloads or expertise change.

* **Review role effectiveness after every incident**\
  Use retrospectives to refine your role model and identify process improvements.

* **Make role management part of responder onboarding**\
  Teams respond faster when everyone knows how to assign and update roles.

***

### FAQ

<AccordionGroup>
  <Accordion title="Do incidents require all roles to be filled?">
    No. Most teams define more roles than they need in every incident. You can assign only the roles that make sense for the severity, scope, and complexity of the situation.
  </Accordion>

  <Accordion title="Can multiple people hold the same role?">
    Yes, but it is recommended to keep **critical roles** (like Incident Commander) single-owned to avoid decision ambiguity. Supporting roles may have multiple contributors if needed.
  </Accordion>

  <Accordion title="Can we customize the roles to match our process?">
    Absolutely. Rootly allows you to add, rename, reorder, or remove roles entirely so they align with your organization’s terminology and response structure.
  </Accordion>

  <Accordion title="How do roles interact with access control?">
    Roles can influence visibility and editing permissions, especially in organizations that use private incidents or restricted access groups. See **Incident Roles & Access** for details.
  </Accordion>

  <Accordion title="Can workflows automatically assign roles?">
    Yes. Workflows are one of the most powerful ways to keep role assignments consistent—triggered by severity, incident type, service, or custom logic.
  </Accordion>

  <Accordion title="Where can I see who held a role earlier in the incident?">
    All role changes appear in the **incident timeline**, including assignments, reassignments, and removals. This history is preserved for retrospectives.
  </Accordion>

  <Accordion title="Can roles be assigned from Slack?">
    Yes. Responders can use Slack commands or modal dialogs inside the incident channel to assign or update roles without switching to the UI.
  </Accordion>

  <Accordion title="What happens if no one assigns any roles?">
    The incident can still proceed normally, but Rootly’s automation, ownership clarity, and structured workflows work best when key roles—such as Incident Commander—are filled.
  </Accordion>
</AccordionGroup>


# Managing Incident Roles Through Slack
Source: https://docs.rootly.com/incidents/incident-roles/managing-incident-roles-through-slack

Assign, update, and manage incident roles like Incident Commander and Comms Lead directly from Slack using slash commands and dialogs.

### Overview

Slack is often where incident response actually happens, so Rootly lets you assign and manage incident roles **directly inside the incident channel**, without switching back to the web interface.

This includes:

* Assigning yourself to a role
* Assigning or removing other responders
* Editing all incident roles in one modal
* Adding roles that aren't yet part of this incident
* Managing multi-user and single-user roles
* Enforcing permission checks for private incidents

To use these Slack capabilities, make sure the [Slack integration is installed](/integrations/slack).

<Info>
  Role management in Slack only works inside an **incident channel** and requires permission to assign incident roles.\
  For private incidents, users must also have update permission for private incidents.
</Info>

***

### Manage Roles via Slack

<Steps>
  <Step title="Open the Incident Channel">
    Navigate to the Slack channel for the incident.\
    Slack commands and buttons rely on the channel’s mapping to an active incident.
  </Step>

  <Step title="Open the Role Assignment Modal">
    You can open the Assign Roles modal in two ways:

    **Option A: Use the Assign Roles button**

    When an incident is created, the pinned incident summary includes an **:firefighter: Assign Roles** button.

    <Frame>
      <img alt="Assign roles from the incident summary" />
    </Frame>

    **Option B: Use the slash command**

    Run the command inside the incident channel:

    ```
    /rootly assign
    ```

    You may also use the aliases:

    * `/rootly role`
    * `/rootly roles`

    <Frame>
      <img alt="/rootly assign" />
    </Frame>
  </Step>

  <Step title="Assign or Remove Incident Roles">
    The modal displays every role available for this incident.\
    Each role has an associated menu or selector depending on how it was configured.

    Common actions include:

    * **Assign Myself**\
      Quickly take ownership of a role.

    * **Edit Assigned Users**\
      Add or remove specific responders.

    * **Remove Myself**\
      Step out of a role you previously held.

    <Frame>
      <img alt="Editing roles in Slack" />
    </Frame>

    <Info>
      If the role supports multiple assignees, you’ll see a **multi-select**.\
      If the role only allows one assignee, you’ll see a **single-select** dropdown.
    </Info>

    <Warning>
      Some roles may display a notice like:\
      **“Only users with an Incident Response seat can be assigned.”**\
      This appears when your organization enforces seat restrictions.
    </Warning>
  </Step>

  <Step title="Add Missing Roles (Optional)">
    If your team has defined incident roles that are **not yet added to this specific incident**, you’ll see an **Add Roles** banner.

    These roles must be added before responders can be assigned to them.
  </Step>

  <Step title="Save Your Changes">
    Click **Update** to apply all role assignments.\
    Rootly updates the incident immediately and posts relevant timeline entries.
  </Step>
</Steps>

***

### Best Practices

* **Assign roles early in the incident**\
  Clear ownership improves coordination and communication.

* **Use multi-assignee roles intentionally**\
  For example, an “On-call Engineer” role may allow multiple users, while “Incident Commander” should be single-assignee.

* **Review roles during major status transitions**\
  As the incident escalates, mitigation begins, or communications ramp up, ensure the right responders are assigned.

* **Use role automation where appropriate**\
  Workflows can auto-assign on-call responders, service owners, or leadership roles when an incident begins or severity increases.

* **Keep roles aligned with your process**\
  Customize roles in the web UI to match how your incident response team operates.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="The /rootly assign command didn’t work">
    Make sure you’re running it **inside an incident channel**.\
    Running the command in DMs or non-incident channels will fail.
  </Accordion>

  <Accordion title="I can’t see the Assign Roles button">
    You may not have permission to assign incident roles.\
    Check your incident role or RBAC configuration.
  </Accordion>

  <Accordion title="Some roles don’t allow multiple people">
    Roles are configured by your team.\
    If a role only allows one user, Slack will display a single-select field.
  </Accordion>

  <Accordion title="I see a message about Incident Response seats">
    Your organization enforces seat restrictions for role holders.\
    Only users with an available seat can be assigned.
  </Accordion>

  <Accordion title="A role is missing from the Slack modal">
    The role may not be added to this incident yet.\
    Use the “Add Roles” option if available.
  </Accordion>
</AccordionGroup>


# Managing Incident Roles Through the Web Interface
Source: https://docs.rootly.com/incidents/incident-roles/managing-incident-roles-through-the-web

Configure, assign, and manage incident response roles like Incident Commander and Comms Lead using the Rootly web interface for clear ownership.

### Overview

The Rootly web interface provides a full-featured way to configure and manage incident roles.\
From the **Incident Roles** settings page, you can create new roles, edit existing ones, define responsibilities, and control which users can perform specific actions during an incident.

These role definitions become available across your organization and determine which roles appear in Slack and in the incident detail page.

<Info>
  Role configuration is a workspace-level setting. Any changes you make here apply to all incidents going forward.
</Info>

***

### Manage Roles in the Web Interface

<Steps>
  <Step title="Open Incident Role Configuration">
    Navigate to:

    **Configuration → Incident Roles**

    This page lists all existing roles in your workspace.
  </Step>

  <Step title="Create or Edit a Role">
    Click:

    * **New Incident Role** to create a new role, or
    * The **edit (pencil)** icon next to an existing role to modify it.

    You’ll be taken to the role editor, where you can configure the role’s name, summary, responsibilities, and permissions.

    <Frame>
      <img alt="Document image" />
    </Frame>
  </Step>

  <Step title="Configure Role Details">
    Within the role editor, you can set:

    * **Name** – The title of the role (e.g., “Incident Commander”).
    * **Summary** – A short description shown in lists.
    * **Responsibilities** – A longer description outlining expectations for this role.
    * **Optional Role** – Specify whether this role must be assigned for every incident.
    * **Allow Multiple Assignees** – Enable if more than one user can hold this role at the same time.
    * **Permission Set** – Determine what actions assignees are allowed to perform on an incident (e.g., update status, manage roles, modify properties).

    These configuration options shape how the role behaves in both the web interface and Slack.
  </Step>

  <Step title="Save Changes">
    Click **Save** to apply your updates.

    Your new or updated role will now appear across all incident workflows and Slack role assignment modals.
  </Step>
</Steps>

***

### Best Practices

* **Use clear, action-oriented role names**\
  Roles like *Incident Commander*, *Communications Lead*, or *Ops Owner* help responders quickly understand responsibilities.

* **Limit multi-assignee roles**\
  Multi-user roles can be useful, but restricting some roles to a single owner helps maintain accountability.

* **Document responsibilities thoroughly**\
  Clear written expectations improve consistency across incidents and make onboarding easier.

* **Review role definitions periodically**\
  As your response process matures, update roles to reflect clearer responsibilities or new workflows.

* **Keep roles aligned with permissions**\
  Ensure each role’s permission set reflects what responders actually need to do during an incident.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="I don’t see the Incident Roles page">
    You may not have access to configuration settings.\
    Only workspace admins or users with the appropriate configuration permissions can view this page.
  </Accordion>

  <Accordion title="A role will not delete">
    Roles that are referenced by workflows or required by the workspace cannot be deleted until dependencies are removed.
  </Accordion>

  <Accordion title="Why can’t I assign multiple users to a role?">
    The role must have **Allow Multiple Assignees** enabled in the role configuration.
  </Accordion>

  <Accordion title="My role changes aren’t appearing in Slack">
    Slack surfaces the latest role definitions, but cached pinned blocks may refresh only after certain lifecycle actions.\
    Running `/rootly assign` will always fetch updated roles.
  </Accordion>
</AccordionGroup>


# Incident Status Pages
Source: https://docs.rootly.com/incidents/incident-status-pages

Learn how to publish incidents to status pages to communicate updates and resolution progress with external stakeholders and customers.

Status pages allow you to share incident details and updates with stakeholders. This provides transparency and keeps affected users informed about ongoing issues and their resolution progress.

[Learn more about status pages →](/configuration/status-pages)

## Publishing Incidents to Status Pages

You can publish incidents to status pages to communicate incident details, timeline updates, and resolution status with your external stakeholders such as customers, partners, or internal teams.

When you publish an incident to a status page, it will display:

* Incident title
* Affected Services, Functionalities & External Services
* Timeline of events
* Incident resolution status

<Frame>
  <img alt="Incident Status Page" />
</Frame>

## How to Publish Incidents

Rootly provides two main ways to publish incidents to status pages:

### Via Slack

Publish incidents directly from your incident channels using Slack commands and workflows.

[Learn how to publish incidents via Slack →](/configuration/publishing-incidents-via-slack)

### Via Web UI

Publish incidents through the Rootly web interface with full control over the incident details and status page presentation.

[Learn how to publish incidents via Web UI →](/configuration/publishing-incidents-via-web-ui)


# Adding Events to Timeline via Email
Source: https://docs.rootly.com/incidents/incident-timeline/adding-events-to-timeline-via-email

Add events to incident timelines by responding to incident emails through the Rootly Email integration, capturing context from external stakeholders.

### Overview

Using our [Email integration](/integrations/email), you can add timeline events simply by **replying to an incident email**.\
This makes it easy for stakeholders—especially those who don’t live in Slack or the web interface—to contribute updates directly to the incident record.

When you reply to an incident email, Rootly automatically logs that message as a timeline entry, preserving its content, sender information, and relevant metadata.

<Frame>
  <img alt="Adding an event using email" />
</Frame>

***

### How It Works

#### **Replying to an Existing Incident**

When you reply to an incident’s email thread:

* A new **Email** timeline event is automatically created
* The event includes:
  * The parsed message body
  * Sender information (matched to a Rootly user if possible)
  * The To/From header values
  * A permalink-style reference to the inbound message
* The event is timestamped using the time the email was received
* The event is **non-editable**, ensuring integrity

Rootly determines which incident the message belongs to by scanning the email’s **References** header, which preserves threading.

#### **Starting a New Incident by Email**

If an email is not part of an existing thread, Rootly can create a **new incident** using:

* The subject → incident title
* The body → summary
* Best-effort parsing to extract:
  * Severity
  * Services
  * Functionalities
  * Environments
  * Incident types

<Info>
  Metadata parsing works best when your teams follow consistent subject/body formatting conventions.
</Info>

***

### Setup Requirements

To ensure reliable processing of inbound email:

* Confirm the Email integration is **enabled**
* Ensure all expected sender domains are listed under **Allowed Domains**
* If provenance enforcement is enabled, only whitelisted domains may send emails
* Provide the incident thread’s email address to anyone who needs to contribute via email

<Warning>
  Emails from unapproved domains may be rejected when provenance checks are enabled.
</Warning>

***

### Behavior & Limitations

* Email-created timeline events are **not editable**
* Forwarded emails or replies that strip the **References** header cannot be attached to the existing incident
* If a sender’s email does not match any Rootly user, Rootly assigns attribution to the **Rootly bot**
* Email events default to **internal visibility**
* Attachments are not ingested as timeline files (only the text body is added)

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="My email reply didn’t create a timeline event">
    The reply may have lost the critical **References** header, which Rootly uses to link messages to incidents.\
    Other causes include:

    * Sender domain not whitelisted
    * Email integration disabled
    * Message rejected due to provenance enforcement
  </Accordion>

  <Accordion title="Why is the event authored by the Rootly bot?">
    This occurs when Rootly cannot match the sender’s email address to a user in your workspace.\
    In those cases, the system defaults to the Rootly bot.
  </Accordion>

  <Accordion title="Can I edit or change the visibility of email events?">
    No. Email-created timeline events are immutable and always internal.
  </Accordion>

  <Accordion title="Can I start incidents via email?">
    Yes. When an inbound message does not belong to an existing thread, Rootly creates a new incident using its subject, body, and any auto-parsed metadata.
  </Accordion>
</AccordionGroup>


# Adding Events to Timeline via Slack
Source: https://docs.rootly.com/incidents/incident-timeline/adding-events-to-timeline-via-slack

Add timeline events from Slack using the /rootly timeline command, message actions, or emoji reactions to capture key moments during incident response.

### Overview

Slack is one of the fastest ways to record timeline events during an incident.\
Rootly supports multiple Slack-based methods so responders can capture actions, observations, and decisions without leaving the incident channel.

You can add events using:

* The `/rootly timeline` slash command
* Message actions (the Slack **hamburger menu**)
* Configurable **pin or emoji reactions**

All Slack-created events appear instantly in the incident timeline.

***

### Methods for Adding Timeline Events

<Steps>
  <Step title="Use the /rootly timeline command">
    In the incident Slack channel, type:

    **`/rootly timeline <event>`**

    This opens the Add Event modal pre-filled with your text, allowing you to set visibility and optional details before submitting.
  </Step>

  <Step title="Use the message action (hamburger menu)">
    You can capture any message directly into the timeline:

    1. Hover over a message
    2. Click the **hamburger icon**
    3. Select **Add event**

    <Frame>
      <img alt="Adding an event using Slack" />
    </Frame>

    The modal will auto-fill the message content and attach a permalink back to Slack.
  </Step>

  <Step title="Use pin or emoji reactions">
    Rootly can automatically create timeline entries whenever specific reactions are added to a message.

    * **Pin reactions** (📌)
    * **Any custom emoji** your team configures for timeline ingestion

    <Frame>
      <img alt="Using the pin emoji to add an event" />
    </Frame>

    You can configure which emoji should create events in **Slack Integration Settings**.
  </Step>
</Steps>

***

### How Slack-Captured Events Behave

* Events created from a command or message action open a modal so you can review details
* Events created from pin/emoji reactions are added automatically — *no modal*
* Reaction-based events use the **original Slack message timestamp** as the event’s `occurred_at` value
* All entries include a Slack permalink and optional user-attribution
* Deduplication prevents duplicate events from repeat reactions

<Info>
  Emoji triggers, follow-up creation, and task creation each use separate emoji lists and **cannot overlap**. Configure them in *Integrations → Slack*.
</Info>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="The slash command didn’t open the modal">
    Make sure you ran the command **inside the incident channel**.\
    Running it anywhere else will result in a non-incident error.
  </Accordion>

  <Accordion title="My emoji reaction didn’t create a timeline event">
    Verify that:

    * Emoji ingestion is enabled
    * The emoji is included in the **Add to Timeline** emoji list
    * You are in a recognized incident channel
  </Accordion>

  <Accordion title="The event timestamp looks wrong">
    For emoji/pin reactions, occurred\_at is taken from the **Slack message timestamp**, not the moment you reacted.
  </Accordion>

  <Accordion title="A message action option isn’t appearing">
    You may not have permission to update the incident timeline, especially for private incidents.
  </Accordion>

  <Accordion title="Can't pin messages to incident timelines 📌">
    If you're on Slack Enterprise Grid and pinning messages to the incident timeline isn't working, this is a sign that your Slack integration was installed as a **non-Grid** (single-workspace) installation rather than at the organization level. \
    \
    **Solutions:** 

    * Disconnect the Slack integration from Rootly 
    * Reconnect it, making sure to select **Slack Enterprise Grid** during installation and authorize at the **organization level** (not a single workspace)
  </Accordion>
</AccordionGroup>


# Adding Events to Timeline via Web Interface
Source: https://docs.rootly.com/incidents/incident-timeline/adding-events-to-timelines-in-the-web-ui

Add timeline events directly from the Rootly web interface with markdown support for event descriptions, custom timestamps, and visibility controls.

### Overview

The Web interface provides the most structured and controlled way to add timeline events to an incident. It supports rich text formatting, attachments, timestamps, and granular visibility settings—making it ideal for adding clear, polished, retrospective-ready updates.

Events added through the Web UI are treated the same as those created via Slack, email, or API, and appear immediately in the incident’s chronological timeline.

***

### Adding a Timeline Event in the Web UI

<Steps>
  <Step title="Open the Incident">
    Navigate to the incident you want to update and scroll to the **Timeline** section.
  </Step>

  <Step title="Click “Add event”">
    Click the **Add event** button at the top of the timeline to open the event creation modal.

    <Frame>
      <img alt="Adding an event to a timeline" />
    </Frame>
  </Step>

  <Step title="Write Your Event Description">
    Enter the text you want recorded as a timeline event.

    Your description supports **Markdown formatting**, allowing you to add emphasis, structure, and links.\
    This is especially helpful when summarizing findings, outlining hypotheses, or highlighting important decisions.

    [Markdown](https://www.markdownguide.org/) syntax is supported in your event description.
  </Step>

  <Step title="Configure Optional Details">
    You can optionally customize:

    * **Occurred At** — set an exact timestamp or backfill earlier events
    * **Attachments** — upload logs, screenshots, or supporting documents

    These fields help maintain an accurate and high-quality incident timeline.
  </Step>

  <Step title="Save the Event">
    Click **Create event** to publish your entry to the timeline.\
    It will appear in chronological order based on the timestamp you provided.
  </Step>
</Steps>

***

### Tips for Creating Useful Timeline Entries

* Use Markdown to structure your updates for readability
* Write concise, factual observations and decisions
* Attach files instead of pasting long logs
* Record the *why* behind actions when possible
* Use accurate timestamps when reconstructing events

<Info>
  Well-written timeline entries significantly accelerate retrospective creation and help future responders understand what happened.
</Info>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="My event is appearing in the wrong order">
    Check the **Occurred At** field.\
    If left blank, Rootly uses the time you created the event.
  </Accordion>

  <Accordion title="My event isn’t showing on the public/external timeline">
    Make sure visibility is set to **External**, not Internal.
  </Accordion>

  <Accordion title="I can’t see the Add event button">
    You may not have permissions to update incidents or timeline entries.
  </Accordion>

  <Accordion title="Attachments won’t upload">
    Ensure the file type and size comply with your workspace’s attachment rules.
  </Accordion>
</AccordionGroup>

***

### Best Practices

* Keep entries focused and easy to scan
* Include decisions, not just actions
* Backdate events thoughtfully to maintain timeline accuracy
* Use Markdown headings, lists, and code formatting where helpful
* Add context such as impacted services or related systems


# Adding Events to Timeline via API
Source: https://docs.rootly.com/incidents/incident-timeline/adding-events-via-api

Add timeline events to incidents programmatically via the Rootly API with visibility controls, custom event fields, timestamps, and bulk import support.

### Overview

The Rootly API allows you to automatically add timeline events from monitoring tools, CI/CD pipelines, automation systems, or any service that needs to record activity during an incident. This is ideal when you want to:

* Ensure key system activity is captured automatically
* Add highly structured or machine-generated data
* Record actions taken outside Slack or the Web UI
* Maintain a complete and auditable incident history
* Integrate internal tools directly into your incident process

API-created timeline events behave exactly the same as those added through Slack, email, or the Web UI. They appear chronologically, support visibility controls, and participate in analytics, retrospective preparation, and exports.

More details are available in the [API documentation](/api-reference/).

***

### Before You Begin

Before adding events through the API, ensure you have:

* A **Rootly API token** with permission to update incidents
* The **incident ID** for the timeline you want to write to
* Any IDs for context you plan to add later (services, functionalities, etc.)
* Awareness of your team’s required fields for timeline events (if applicable)
* The **Incident Events** API endpoint reference:

  `/api/v1/teams/:team_id/incidents/:incident_id/events`

<Tip>
  If you are unsure which fields your team requires, check **Configuration → Required Fields** or the incident’s form configuration.
</Tip>

***

### Adding a Timeline Event via API

<Steps>
  <Step title="Identify the target incident">
    You must know the incident ID, which you can obtain from:

    * The Web UI URL
    * The list-incidents API
    * A previously created incident response
    * A workflow-driven or system-triggered context

    All events you create will attach directly to this incident’s timeline.
  </Step>

  <Step title="Prepare your event fields">
    The API supports several top-level fields for constructing timeline entries:

    **Core fields**

    * Event text (the message shown in the timeline)
    * Visibility (internal-only or external/public)
    * Occurred time (when the event actually happened)
    * Starring (optional highlighting)

    **Impact fields (set after creation)**\
    These can be added after the event exists:

    * Affected services
    * Affected functionalities

    <Info>
      If you do not provide an occurred time, Rootly uses the creation timestamp automatically, ensuring correct chronological ordering.
    </Info>
  </Step>

  <Step title="Submit the API request">
    Any workflow engine, monitoring tool, or automation system can make the call using standard HTTP—CI/CD pipelines, serverless functions, alert processors, or internal services.

    The API will return the full event record, including IDs you can use for follow-up actions.
  </Step>

  <Step title="Attach optional service or functionality impact">
    After the event is created, you may optionally attach:

    * Impacted services
    * Impacted functionalities

    These attributes enrich the incident story and make root-cause and impact analysis clearer.
  </Step>

  <Step title="Verify the event in the timeline">
    Once created, the event appears immediately:

    * In the incident’s timeline UI
    * In Slack (if the incident channel displays timeline messages)
    * In exports and retrospectives
    * In API queries and analytics

    You can edit, star, or delete the event later if needed.
  </Step>
</Steps>

***

### What You Can Include in an API Timeline Event

You can capture a wide range of structured information through API events:

* Deployment summaries
* Automated rollback notices
* Monitoring alerts or anomaly detections
* CI/CD pipeline results
* Runbook or playbook execution steps
* Health check transitions
* Logs or metrics snapshots
* Notifications from internal tooling

<Info>
  API events support both internal-only and externally visible visibility settings, making them suitable for both responder-facing and customer-facing communications.
</Info>

***

### Validation & Error Behavior

Rootly uses consistent validation rules across Slack, email, the Web UI, and the API. When submitting an event programmatically, you may encounter:

**Unauthorized access**\
Occurs when the API token is missing or invalid.

**Forbidden actions**\
Triggered when the token does not have permission to modify the incident.

**Validation errors**\
May occur if required fields are missing, formats are invalid, or the incident cannot accept changes in its current lifecycle state.

**Incorrect incident ID**\
If the incident does not exist or cannot be accessed by your integration.

<Tip>
  Most validation failures can be resolved by verifying that the target incident exists, your API token has the correct permissions, and event text and visibility values match expected formats.
</Tip>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="The event is not appearing in the timeline">
    Ensure the incident ID is correct and the API token has permission to update the incident.
  </Accordion>

  <Accordion title="The timeline order looks incorrect">
    Provide an explicit occurred time when backfilling or submitting historical events.
  </Accordion>

  <Accordion title="My system needs to attach impacted services">
    These are added after initial creation. First create the event, then attach services or functionalities using their respective endpoints.
  </Accordion>

  <Accordion title="The event does not appear on the external timeline">
    Verify that the visibility is set to external. Internal events are not displayed publicly.
  </Accordion>

  <Accordion title="I can’t delete or update events via API">
    Confirm that your token has update/delete permissions and that the event is editable (some system events are intentionally locked).
  </Accordion>
</AccordionGroup>

***

### Best Practices

* **Keep event messages concise**\
  The timeline should tell a clear, readable story.

* **Attach context after creation**\
  Tagging services and functionalities improves investigative clarity.

* **Automate high-frequency or system-driven updates**\
  Let your monitoring and tooling contribute directly to the timeline.

* **Avoid sending overly verbose machine logs**\
  Link to deeper logs instead of pasting large blocks of text.

* **Use explicit timestamps for backfilled entries**\
  This helps maintain an accurate historical sequence.

* **Maintain consistent formatting**\
  Standard phrasing (e.g., “Deployment started…”, “Alert triggered…”) improves readability in retrospectives.

* **Integrate with workflow-based automations**\
  API-created events can trigger or complement workflows for notifications, assignments, or analytics.


# Incident Timeline Overview
Source: https://docs.rootly.com/incidents/incident-timeline/incident-timeline

Understand how Rootly incident timelines capture key events, decisions, status changes, and system signals throughout the incident lifecycle for retrospectives.

### How Timelines Work

The incident timeline is the **authoritative record of what happened during an incident**. It brings together updates from people, systems, automations, and communication channels into one clear, chronological narrative.

Timelines help responders stay aligned during active incidents and make retrospectives far more accurate by capturing everything in one place.

This page introduces how timelines work, why they matter, and how they fit across the incident lifecycle.

***

### Why Timelines Matter

A well-maintained timeline supports every phase of the incident lifecycle. Timelines help teams:

* Build a shared understanding of what is happening
* Avoid losing critical context in Slack threads or meetings
* Track decisions and actions across engineering, support, and comms
* Maintain a consistent audit trail for compliance and reporting
* Strengthen retrospectives with accurate, timestamped history
* Align stakeholders with clear, trustworthy incident narratives

Rootly automatically logs many events, and responders can contribute additional context from wherever they work—Slack, email, the web UI, or automation.

<Info>
  Timelines ensure the full story of an incident is captured, even when many responders contribute different pieces of information.
</Info>

***

### What Appears in the Timeline

Timelines combine both **human-generated** and **system-generated** events.

Examples include:

* Status transitions (Triage → Mitigated → Resolved)
* Role assignments or reassignments
* Slack messages captured as timeline events
* Email replies
* Attachments or uploaded files
* Alert updates or linked monitoring signals
* Workflow-triggered actions
* Decisions, notes, and investigative steps
* System events such as channel membership changes

Each event includes:

* Event text or description
* Who performed the action (person or system)
* Timestamp of occurrence
* Source (Slack, Web, Email, API, etc.)
* Optional attachments
* Optional affected services/functionality
* Optional visibility (internal vs. external)

***

### Where Timelines Appear in Rootly

#### **On the Incident Detail Page (Web UI)**

The timeline appears as a chronological feed where responders can read, filter, star, export, and contribute events.

Responders can:

* Add structured events
* Upload attachments
* Adjust timestamps
* Star critical entries
* Filter system vs. responder events
* Export the timeline for reporting or retrospectives

#### **In Slack**

If Slack is integrated, responders can:

* Add events using modals
* Convert Slack messages into timeline events
* React to workflow prompts to supply investigation notes
* View system updates reflected in the timeline

This makes it easy to contribute during real-time response, when most work happens in chat.

#### **Via Email**

Replies to an incident email thread automatically appear in the timeline.\
This allows cross-functional teams (customer support, success, leadership) to contribute context from their preferred communication channel.

#### **Via API**

Engineering and SRE teams can integrate CI/CD systems, automated diagnostics, monitoring tools, or runbooks to create timeline entries programmatically.

***

### How Timelines Support the Response Process

Timelines are deeply connected to how Rootly orchestrates incident response:

* Retrospectives pull directly from timeline events
* Status changes, assignments, and communications are logged automatically
* Workflows rely on structured events for decision logic
* External timelines (if enabled) use timeline visibility settings
* Investigation notes help later teams onboard quickly
* Incident analytics leverage timeline data for MTTx measurements

<Info>
  High-quality timeline entries improve clarity during response and dramatically increase the usefulness of retrospectives afterward.
</Info>

***

### Where to Go Next

These pages explain how to add events through each method:

* **Add Events via Slack** – Capture notes, message actions, attachments, and updates
* **Add Events via Web Interface** – Use structured fields to record detailed events
* **Add Events via Email** – Ensure email replies are logged in the timeline
* **Add Events via API** – Automate system-generated timeline entries

***

### Best Practices

* **Capture important decisions explicitly**\
  Don’t rely on Slack threads—add events that explain key choices or pivots.

* **Add investigation updates as they happen**\
  Even brief notes improve clarity for downstream responders and retrospectives.

* **Use visibility settings intentionally**\
  Internal vs. external timeline events should align with your communication guidelines.

* **Star key milestones**\
  Highlight major actions like mitigations, rollbacks, or customer updates.

* **Automate system signals**\
  Use the API or workflows to consistently record deployments, alerts, or diagnostics.

* **Review the timeline during retrospectives**\
  The timeline often surfaces root causes, delayed decisions, or communication gaps.

***

### FAQ

<AccordionGroup>
  <Accordion title="Do I need to manually maintain the timeline?">
    No. Rootly logs many events automatically—status changes, alerts, workflow actions, role updates, and Slack channel events.\
    Responders simply add additional context as needed.
  </Accordion>

  <Accordion title="Why is my event out of order?">
    Timeline ordering is based on the **occurred\_at** timestamp.\
    If you adjust timestamps or add events retroactively, the position may shift.
  </Accordion>

  <Accordion title="Do Slack messages automatically become timeline events?">
    Only when captured intentionally—either using the event modal, message actions, or configured workflows.\
    Regular Slack messages are not automatically converted.
  </Accordion>

  <Accordion title="Can we hide internal-only notes from external audiences?">
    Yes. Timeline events can be marked **internal** or **external**.\
    Only external events appear on public or customer-facing timelines.
  </Accordion>

  <Accordion title="Can system-generated events be hidden?">
    Yes. You can toggle system events on/off in the timeline view to reduce noise.
  </Accordion>

  <Accordion title="How can I export the full timeline?">
    The Web UI includes an **Export Timeline** option, allowing you to download timeline data for retrospectives, compliance, or reporting.
  </Accordion>

  <Accordion title="Can automated tools send events to the timeline?">
    Yes. Using the Rootly API, workflows, or integrations, systems can add structured timeline events programmatically.
  </Accordion>
</AccordionGroup>


# Overview
Source: https://docs.rootly.com/incidents/incidents

Understand how Rootly streamlines incident response through automated detection, paging, triage, and response workflows across your entire incident lifecycle.

## How Rootly Works

Rootly provides an end-to-end incident management platform that helps your teams detect issues quickly, coordinate a response, and learn from every incident. This page walks through the main phases of the incident lifecycle in Rootly and points you to where each phase lives in the product and documentation.

### Incident Lifecycle at a Glance

Most teams move through a common flow:

1. Detect a potential issue from alerts.
2. Create an incident (manually or automatically).
3. Triage and understand impact.
4. Coordinate a response across teams.
5. Resolve the incident.
6. Run a retrospective and track follow-ups.
7. Use analytics to improve over time.

Each of these phases maps to specific areas in Rootly, described below.

### Detection & Alerting

Rootly starts working as soon as your monitoring or observability tools notice something is wrong. You can connect sources like Datadog, Grafana, Sentry, cloud provider alerts, or any system capable of sending webhooks.

Once connected, alerts flow into Rootly and can:

* Create incidents automatically based on your rules.
* Attach to existing incidents to provide additional context.
* Drive paging via your escalation policies.

To learn more about setting up detection, look for the [**Alert Sources**](/alerts/alerts) and [**Integrations**](https://docs.rootly.com/integrations/overview) documentation.

<Info>
  Use **Alert Sources** to connect monitoring tools and define which alerts should create or update incidents.
</Info>

### Creating Incidents

Incidents are the core record of “something is wrong” in Rootly. You can create them:

* Manually from the UI (for example when someone reports an issue in Slack or via support).
* Automatically from alerts when certain conditions are met.
* Via automations or external systems (Slack commands, CI/CD pipelines, etc.).

When a new incident is opened, Rootly prompts you for key **incident properties** such as severity, impacted service, type, and any custom fields your team has defined. These properties drive workflows, routing, and reporting later.

For more detail, see the [**Creating Incidents**](/incidents/creating-incidents/creating-incidents-via-web-ui) documentation.

### Triage & Assess

Once an incident exists, the first step is understanding how bad it is and who needs to be involved. On the incident detail page, responders can:

* Update **status** (for example: Open, In Triage, Mitigated, Resolved).
* Adjust **severity** and affected **services** to reflect impact.
* Attach related alerts and signals.
* Assign an **incident commander** and other roles.
* Capture notes, hypotheses, and decisions in one place.

This is also where you will see the evolving **incident timeline**, including changes, assignments, notifications, and actions taken.

Look for the [**Incident Lifecycle**](/incidents/incident-lifecycle) and **Triage Incidents** docs for a deeper dive into statuses, roles, and best practices.

<Info>
  Most lifecycle actions—status changes, severity updates, assignments, and alert attachments—live on the **Incident Detail** page.
</Info>

### Respond & Coordinate

During an active incident, Rootly helps keep everyone aligned and reduces manual coordination work.

Typical activities include:

* Synchronizing updates to Slack or other chat tools.
* Notifying stakeholders and leadership on a predictable cadence.
* Posting updates to status pages.
* Creating and tracking action items or tasks.
* Running automation (for example, calling runbooks or external tools).

This behavior is usually powered by **Workflows** that react to incident events (like “status changed to Mitigated” or “severity is SEV0”) and perform actions for you.

To see what’s possible, explore the [**Workflows**](https://docs.rootly.com/workflows/workflows) and [**Communication & Notifications** ](https://docs.rootly.com/notifications/getting-started)documentation.

<Info>
  Workflows are a powerful way to standardize how your organization responds to incidents, without responders having to remember every step manually.
</Info>

### Resolve the Incident

When the underlying issue has been mitigated or fully fixed, the incident is moved to a **Resolved** state.

At this point, Rootly can:

* Run “on-resolve” workflows (for example, notify stakeholders, close tickets, or clean up temporary channels).
* Enforce required fields, such as root cause, impact summary, or customer communication notes.
* Trigger the creation of a retrospective automatically based on your rules.

If you want to control what must be filled out before resolution, see the **Incident Properties** or **Required Fields** documentation.

<Info>
  Many teams configure a workflow that automatically creates a retrospective when an incident’s status changes to **Resolved**.
</Info>

### Retrospectives

After resolution, the focus shifts to learning. Rootly’s **Retrospectives** provide a structured way to:

* Document what happened and when.
* Capture contributing factors and underlying causes.
* Record customer impact and communication.
* Create and assign follow-up actions.
* Share outcomes with stakeholders.

Retrospectives are linked directly to the incident and use the same properties (like service and severity) so they can be analyzed alongside other incidents.

To learn more about templates, workflows, and best practices, see the [**Retrospectives**](/retrospectives/retrospectives) documentation.

<Info>
  Rootly uses the term **Retrospective** instead of “postmortem,” but you can mirror whatever language your team prefers in templates and forms.
</Info>

### Analytics & Insights

Rootly automatically records every incident, alert, and lifecycle change so you can answer questions like:

* How quickly do we detect and resolve incidents (MTTD, MTTR)?
* Which services or teams are seeing the most incidents?
* Are certain severities increasing over time?
* Are retrospectives being completed and action items followed up?

The **Incident Analytics** documentation explains the available dashboards, filters, and metrics, and how to slice your data by properties such as service, severity, or type.

### Incident Properties

Incident properties are the fields that describe an incident and drive automation. They can be:

* **Built-in fields** like title, severity, status, and impacted services.
* **Custom fields** defined by your organization (for example, customer segment, region, product area, or incident type).

These properties are used to:

* Categorize and filter incidents during triage.
* Power workflow conditions (for example, “page leadership when severity is SEV0”).
* Enforce required information at different lifecycle stages.
* Break down analytics by whichever dimensions matter to you.

You can manage and customize these fields in the **Incident Properties / Form Fields** settings, and you can read more in the dedicated [**Incident Properties** ](/configuration/configuration)documentation.

<Info>
  A common pattern is to start with a simple set of properties (severity, service, type) and expand over time as analytics needs become clearer.
</Info>

### Where to Go Next

If you’re just getting started, here are good follow-up pages to link from here:

* [**Incidents**](/incidents/creating-incidents/creating-incidents-via-web-ui) – how to create, view, and manage incidents.
* [**Alert Sources**](/integrations/datadog/alerts) – how to connect monitoring tools and route alerts.
* [**Workflows**](https://docs.rootly.com/workflows/workflows) – how to automate response and communications.
* [**Retrospectives**](/retrospectives/retrospectives) – how to document and learn from incidents.
* [**Incident Analytics**](/metrics/default-metrics) – how to measure and improve your reliability.
* [**Incident Properties** ](/configuration/configuration)– how to define the fields that structure your incidents.

### FAQ

<AccordionGroup>
  <Accordion title="How do incidents get created in Rootly?">
    Incidents can be created manually from the UI, automatically from alerts, through workflows, or from external tools like Slack or CI/CD pipelines. See **Incidents** or [**Alert Sources**](/alerts/alerts) to learn more.
  </Accordion>

  <Accordion title="When should I use workflows?">
    Use workflows to automate repetitive tasks—paging responders, posting Slack updates, syncing status pages, creating tickets, assigning roles, or creating retrospectives.
  </Accordion>

  <Accordion title="Do incidents have different severities or types?">
    Yes. Severity, type, impacted service, and other fields are all customizable through **Incident Properties** and can be used to drive workflows or analytics.
  </Accordion>

  <Accordion title="What is the difference between alerts and incidents?">
    Alerts are incoming signals from monitoring tools. Incidents are the structured record Rootly creates to track and manage an issue. Multiple alerts can attach to the same incident.
  </Accordion>
</AccordionGroup>


# Adding Incident Feedback
Source: https://docs.rootly.com/incidents/managing-incidents/adding-incident-feedback

Learn how to submit and manage incident feedback through both the Rootly web interface and Slack. Each user may submit feedback once per incident.

### Overview

Incident feedback helps teams capture what went smoothly during response and where improvements can be made.\
Rootly allows each user to submit **one feedback entry per incident**, either through Slack or the web interface, once the incident reaches **Mitigated** or **Resolved**.

Feedback becomes part of the incident record and is used in retrospectives, follow-up planning, and reliability improvements.

<Info>
  You can only submit feedback once per incident. If you need to update it, you may edit your existing entry through the web interface.
</Info>

***

### When Feedback Can Be Submitted

Feedback is available only after an incident has reached:

* **Mitigated** — customer impact has stopped
* **Resolved** — the root cause has been fixed

<Warning>
  If you attempt to submit feedback before the incident is Mitigated or Resolved, Rootly will block the submission and prompt you to try again later.
</Warning>

***

### Add Feedback Through the Web Interface

<Steps>
  <Step title="Open the Incident">
    Navigate to the incident where you want to leave feedback.
  </Step>

  <Step title="Find the Feedback Section">
    Scroll to the **Feedback** section on the incident page.\
    If no feedback exists yet, you will see an option to **Leave Feedback**.\
    If you have already submitted feedback, you can select **Edit**.

    <Frame>
      <img alt="Document image" />
    </Frame>
  </Step>

  <Step title="Submit Your Feedback">
    Provide your:

    * Rating
    * Written comments
    * Optional anonymity setting

    Click **Submit** to finalize your feedback.
  </Step>
</Steps>

***

### Add Feedback Through Slack

Responders can also submit feedback directly in the incident’s Slack channel.

<Steps>
  <Step title="Run the Feedback Command">
    In the incident channel, type:

    `/incident feedback`

    or

    `/rootly feedback`

    Rootly will open a feedback submission modal.
  </Step>

  <Step title="Complete the Feedback Form">
    Enter:

    * A rating
    * Written comments
    * Optional anonymity preference

    <Frame>
      <img alt="Document image" />
    </Frame>
  </Step>

  <Step title="Submit the Feedback">
    Once submitted, your feedback is saved and can be viewed from the web interface.
  </Step>
</Steps>

<Info>
  Slack feedback commands must be run **inside the incident channel**, as Rootly identifies the incident using the channel ID.
</Info>

***

### What Happens After Feedback Is Submitted

After your feedback is recorded:

* It is linked to your user and the incident
* You cannot submit a second feedback entry
* You *can* edit your existing feedback through the web interface
* Anonymous feedback hides your identity from other responders and stakeholders
* Feedback becomes available for retrospectives and process improvement reviews

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="I can’t submit feedback yet">
    The incident may still be active.\
    Feedback is only available after **Mitigated** or **Resolved**.
  </Accordion>

  <Accordion title="The Slack command didn’t work">
    Ensure you ran the command **inside the incident channel**.\
    Commands executed elsewhere cannot be mapped to an incident.
  </Accordion>

  <Accordion title="I already submitted feedback but want to edit it">
    You can edit feedback at any time from the **web interface**.\
    Slack does not support editing after submission.
  </Accordion>

  <Accordion title="Anonymous feedback looks incorrect">
    Verify whether the **anonymous** checkbox was selected during submission.\
    You can change this setting by editing the feedback on the web.
  </Accordion>

  <Accordion title="The Slack modal didn’t appear">
    Confirm:

    * The incident is Mitigated or Resolved
    * You have permission to submit feedback
    * The Rootly Slack app has access to the channel
    * You are running the command in the correct incident channel
  </Accordion>
</AccordionGroup>

***

### Best Practices

* **Submit feedback as close to resolution as possible**\
  Context fades quickly; timely feedback is more accurate.

* **Be specific and actionable**\
  Comments such as “unclear ownership during triage” or “alert was noisy” help teams make targeted improvements.

* **Use anonymity when necessary**\
  Anonymous submissions can encourage more candid insights.

* **Incorporate feedback into retrospectives**\
  Reviewing user feedback alongside incident timelines provides richer context.

* **Automate reminders to leave feedback**\
  Many teams configure workflows that prompt responders to submit feedback immediately after the incident transitions to Resolved.

* **Encourage all responders to participate**\
  Broader participation leads to more comprehensive insights across teams and roles.


# Managing Incident Status via Slack
Source: https://docs.rootly.com/incidents/managing-incidents/managing-incident-status-via-slack

Step-by-step guide to updating incident lifecycle status directly from an incident's Slack channel using Rootly slash commands and interactive status modals.

### Overview

Slack lets responders update incident status in real time—without switching to the web interface.\
Using `/rootly status` (and related quick actions), you can move an incident through its lifecycle, capture required context, and keep all Timeline entries accurate and audit-ready.

Use Slack status updates when your team needs fast, in-channel lifecycle changes during active response.

### Prerequisites

Before updating an incident via Slack:

* You **must run commands inside the incident’s Slack channel**\
  (Commands do not work from random channels or DMs.)
* You must have **permission to update incidents** based on your workspace’s roles and access settings.
* The Slack integration must be installed and Rootly must have access to the channel.

<Tip>
  If a command “does nothing,” you are likely not in an incident channel. Try again inside the correct channel.
</Tip>

### Updating Status with `/rootly status`

<Steps>
  <Step title="Open the Status Modal">
    In the incident’s Slack channel, type:

    ```
    /rootly status
    ```

    This opens a modal showing the available incident lifecycle statuses your team has enabled (Triage, Started, Mitigated, Resolved, Cancelled, etc.).

    <Frame>
      <img alt="Managing Incidents Via Slack Web" />
    </Frame>
  </Step>

  <Step title="Select the New Status">
    Choose the appropriate status for the incident, then click **Submit**.

    Rootly will:

    * Update the Incident Status
    * Record the change in the Timeline
    * Trigger any associated workflows (notifications, role assignment, stakeholder updates, etc.)
    * Sync the new status back to the web interface
  </Step>
</Steps>

### Supported Quick Actions

Slack also supports shortcut commands for common lifecycle operations:

| Command                              | Description                             | Where It Works                         |
| :----------------------------------- | :-------------------------------------- | :------------------------------------- |
| `/rootly resolve`                    | Resolve the incident                    | Must be inside incident channel        |
| `/rootly cancel`                     | Cancel the incident                     | Must be inside incident channel        |
| `/rootly mitigate`                   | Mark mitigated                          | May be blocked if sub-statuses enabled |
| `/rootly status`                     | Open modal to choose any allowed status | Must be inside incident channel        |
| `/rootly new` / `create` / `declare` | Create a new incident                   | Works in any channel                   |

<Info>
  If your workspace uses **Sub-Statuses**, `/rootly mitigate` will be blocked. Rootly will prompt you to use your sub-status flow instead.
</Info>

### Important Behavior & Guardrails

**Required Fields Enforcement**

If your workspace enforces required fields for lifecycle transitions, you may see an error when attempting to update status through Slack.

For example:

* Moving from Started → Resolved may require a Severity or Impact Summary
* Moving out of Triage may require Service or Environment

The Slack modal will clearly indicate what is missing.

**Sub-Statuses and Mitigation**

If your organization has Sub-Statuses enabled, Rootly disables `/rootly mitigate` to prevent conflicts.\
You’ll see a message indicating mitigation must be performed through the sub-status workflow.

**Scheduled Incidents**

Slack lifecycle commands (mitigate/resolve/cancel) are **not supported for scheduled incidents**.\
You must use the Web UI to update scheduled maintenance lifecycle states.

### Troubleshooting

<AccordionGroup>
  <Accordion title="“Nothing happens when I run the command.”">
    * You are likely not inside an incident channel.
    * Use `/rootly status` **inside the incident’s Slack channel**.
  </Accordion>

  <Accordion title="“I’m not authorized to update this incident.”">
    Check your incident role or team permissions:

    * Only authorized users may update incident status.
  </Accordion>

  <Accordion title="“The transition is blocked.”">
    Your workspace is enforcing **required fields** for the next lifecycle status.\
    Fill the missing fields in the Slack modal or in the Web UI.
  </Accordion>

  <Accordion title="“/rootly mitigate is blocked.”">
    Your workspace uses **Sub-Statuses**, so mitigation must be done via the sub-status flow.
  </Accordion>
</AccordionGroup>

### Best Practices

* Use `/rootly status` during response to maintain clean, accurate lifecycle transitions.
* Add short notes when submitting the modal—these appear in the Timeline and help with retrospective analysis.
* Use `/rootly resolve` when service is restored; complete post-incident tasks later in the Web UI.
* Keep lifecycle updates in Slack concise and consistent so responders always understand the current state.


# Resolving Incidents via Slack
Source: https://docs.rootly.com/incidents/managing-incidents/resolving-incidents-via-slack

Resolve incidents directly from Slack using Rootly's /rootly resolve command and status update modal to capture resolution context and trigger retrospectives.

### Overview

Slack allows responders to resolve incidents directly from the incident channel—no need to switch to the web interface.\
Using **`/rootly resolve`**, you can mark an incident as fully resolved, provide a short summary of the fix, and trigger any workflows your team has configured for this stage.

All actions performed in Slack are captured in the Timeline, synchronized to the web UI, and used for analytics and retrospectives.

***

### Prerequisites

Before resolving an incident through Slack:

* You must run commands **inside the incident’s Slack channel**.\
  Rootly identifies the incident by the channel ID; commands run in other channels or DMs won’t work.

* You must have permission to update incidents.\
  Organizations may restrict who can transition lifecycle states.

* Slack lifecycle commands are **not supported for scheduled incidents**.\
  Scheduled maintenance must be updated in the web interface.

<Tip>
  If `/rootly resolve` appears unresponsive, you are likely not inside an active incident channel.
</Tip>

***

### Resolving an Incident with `/rootly resolve`

<Steps>
  <Step title="Run the Resolve Command">
    In the incident’s Slack channel, type:

    **`/rootly resolve`**

    Rootly will display a confirmation dialog prompting you to provide a resolution summary and finalize the update.

    <Frame>
      <img alt="Resolving an incident using Slack" />
    </Frame>
  </Step>

  <Step title="Provide a Resolution Summary">
    Enter a concise explanation of the final fix or corrective action.

    This summary becomes part of the permanent Timeline and is often used in:

    * Retrospectives
    * Stakeholder communications
    * Status page updates (if configured)
    * Internal reporting

    <Info>
      Clear and direct resolution notes help responders and stakeholders understand what restored service.
    </Info>
  </Step>

  <Step title="Submit to Complete the Resolution">
    Click **Submit** to finalize.

    Once submitted, Rootly will:

    * Update the incident status to **Resolved**
    * Add a Timeline entry with your resolution note
    * Trigger any configured “on-resolve” workflows
    * Update analytics timestamps
    * Automatically set a mitigation timestamp if one was never recorded
    * Sync the new status back to the web interface and API
  </Step>
</Steps>

***

### Other Ways to Resolve via Slack

If you prefer a modal-based workflow—or need to review available lifecycle states—you can also resolve an incident using the full status picker.

**Using the Status Modal**

Run:

**`/rootly status`**

This opens the incident lifecycle dialog.\
Select **Resolved**, add any optional notes, and submit.

<Info>
  Both methods—`/rootly resolve` and selecting **Resolved** inside `/rootly status`—perform the same lifecycle transition.
</Info>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="“Nothing happens when I run /rootly resolve.”">
    * You are likely not inside the incident’s Slack channel.
    * Run the command again **inside the correct channel**, where Rootly can match the channel ID to an incident.
  </Accordion>

  <Accordion title="“You are not authorized to update this incident.”">
    You may not have sufficient role or team permissions to modify incident status.\
    Check with your Rootly administrator to confirm your permissions.
  </Accordion>

  <Accordion title="“The transition is blocked.”">
    Your workspace may enforce **required fields** before moving to Resolved.\
    The Slack modal clearly lists any fields that must be completed.
  </Accordion>

  <Accordion title="“Slack commands are disabled for this incident.”">
    Slack lifecycle commands do **not** support scheduled maintenance incidents.\
    Use the web interface to update scheduled incident lifecycle states.
  </Accordion>

  <Accordion title="“PagerDuty did not update when I resolved the incident.”">
    Rootly resolves linked PagerDuty incidents only if:

    * The incident is linked to a PagerDuty incident
    * The PagerDuty integration has **auto-resolve** enabled

    <Warning>
      Resolving an incident directly in PagerDuty does **not** update or resolve the incident in Rootly.
    </Warning>
  </Accordion>
</AccordionGroup>

***

### Best Practices

* **Add informative resolution notes.**\
  These appear in timelines, retrospectives, stakeholder notifications, and status pages.

* **Use Slack to move quickly during active response.**\
  Fast, in-channel updates help keep everyone aligned.

* **Resolve incidents through Rootly—not PagerDuty.**\
  Rootly syncs to PagerDuty, but PagerDuty does not sync back.

* **Automate repetitive actions.**\
  Use workflows to send final updates, publish status page events, initiate retrospectives, or archive Slack channels.

* **Check required fields early.**\
  Completing required information during the incident avoids blockers at resolution time.


# Resolving Incidents via Web Interface
Source: https://docs.rootly.com/incidents/managing-incidents/resolving-incidents-via-web-ui

Move incidents through the Mitigated and Resolved stages using the Rootly web interface to capture timestamps, mitigation notes, and resolution details.

### Overview

The Rootly web interface provides a guided, reliable way to move an incident toward closure. Whether you are stabilizing an issue or fully resolving it, the web UI ensures each lifecycle transition is documented, timestamped, and tied to the workflows and notifications your team depends on.

Status updates made through the interface become part of the incident’s permanent timeline, reinforcing transparency, improving retrospective accuracy, and standardizing how your organization reports and closes incidents.

***

### Marking an Incident as Mitigated

Mitigation communicates that the **immediate impact has been contained**, even if longer-term remediation is still underway.

Teams often use this step when a temporary fix, rollback, or workaround restores functionality while engineers continue to diagnose or implement a permanent solution.

<Steps>
  <Step title="Open the Incident">
    Navigate to the incident’s detail page in the Rootly web interface.\
    The status action buttons are displayed prominently in the incident toolbar.
  </Step>

  <Step title="Click Mark as Mitigated">
    Select **Mark as Mitigated** when customer impact has ended or stabilized.

    <Frame>
      <img alt="Marking as mitigated button" />
    </Frame>

    <Tip>
      Use Mitigated as soon as impact stops—even if engineering work continues behind the scenes.\
      This helps stakeholders understand that conditions have improved.
    </Tip>
  </Step>

  <Step title="Provide Mitigation Details">
    A dialog will appear prompting you to describe what actions were taken to stabilize the situation.

    These notes will appear in:

    * Incident timelines
    * Retrospectives
    * Status updates
    * Stakeholder notifications (if configured)

    <Frame>
      <img alt="Marking as mitigated dialog" />
    </Frame>

    <Note>
      Clear mitigation notes help downstream teams—support, customer success, leadership—understand when and how conditions improved.
    </Note>
  </Step>

  <Step title="Confirm Mitigation">
    Click **Mark as Mitigated** again to finalize the update.

    Rootly will:

    * Record the mitigation timestamp
    * Add a timeline entry
    * Trigger any mitigation workflows, such as Slack announcements or status page updates
    * Sync the change back to Slack and API clients
  </Step>
</Steps>

<Info>
  Mitigating an incident is optional. If your workflow does not require this intermediate state, you may proceed directly to resolution.
</Info>

***

### Marking an Incident as Resolved

Resolution indicates that the **underlying cause has been fully addressed** and no further customer impact is expected.\
This is the final lifecycle stage for most incidents before retrospective work begins.

<Steps>
  <Step title="Click Mark as Resolved">
    When the fix or corrective action is complete, click **Mark as Resolved** in the toolbar.

    <Frame>
      <img alt="Mark as resolved button" />
    </Frame>

    <Tip>
      It’s best to resolve only when the team is confident the issue will not recur under the current conditions.
    </Tip>
  </Step>

  <Step title="Describe the Final Resolution">
    A dialog will prompt you to summarize the final fix or corrective action.\
    This explanation becomes a key part of the incident’s historical record.

    <Frame>
      <img alt="Resolve an incident dialog" />
    </Frame>

    <Note>
      Resolution notes should briefly describe *what was done*, *why it worked*, and *any remaining follow-up*.
    </Note>
  </Step>

  <Step title="Confirm the Resolution">
    Click **Mark as Resolved** again to close the incident.

    Rootly will:

    * Record the resolution timestamp
    * Log a timeline entry
    * Trigger “on-resolve” workflows such as stakeholder announcements, ticket closures, or retrospective creation
    * Update any connected systems such as Slack or Status Pages
  </Step>
</Steps>

<Note>
  If an incident is resolved without being mitigated first, Rootly automatically assigns a mitigation time equal to the resolution time.\
  This keeps analytics—especially MTTR and phase durations—accurate and consistent.
</Note>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="“The Mitigate or Resolve button is disabled.”">
    This typically means:

    * Required fields have not been completed
    * You do not have permission to update lifecycle status

    The interface will highlight any missing fields.
  </Accordion>

  <Accordion title="“I can’t move the incident to the next stage.”">
    Your workspace may enforce structured lifecycle transitions.\
    You may need to advance through statuses in order or return to a previously visited state.
  </Accordion>

  <Accordion title="“PagerDuty didn’t update when I resolved the incident.”">
    Resolution syncing requires:

    * A linked PagerDuty incident
    * Auto-resolve enabled in the integration settings

    When configured, Rootly resolves both the PD incident and its alerts.
  </Accordion>

  <Accordion title="“The mitigation timestamp looks incorrect.”">
    If you resolve without mitigating, Rootly automatically sets the mitigation time to match the resolution time.\
    This ensures consistent and meaningful analytics.
  </Accordion>
</AccordionGroup>

***

### Best Practices

* **Write clear, concise mitigation and resolution notes**\
  These notes appear in timelines, retrospectives, Slack updates, and status pages. They help responders and stakeholders quickly understand what changed and why.

* **Use mitigation to separate “impact ended” from “work completed”**\
  This distinction improves customer communication, stakeholder clarity, and metrics.

* **Always resolve incidents through Rootly**\
  If PagerDuty auto-resolve is enabled, Rootly will update the PD incident automatically.\
  Resolving directly in PagerDuty does **not** update Rootly.

* **Automate repetitive closure activities**\
  Many teams use workflows to:
  * Send final Slack updates
  * Publish status page messages
  * Create retrospectives
  * Archive Slack channels
  * Notify leadership or customers

* **Complete required fields early**\
  Some organizations require specific information (e.g., customer impact, affected services, root cause category) before resolution.\
  Filling these fields earlier avoids blockers late in the incident.

* **Review the timeline after resolving**\
  Ensuring all key actions, decisions, and updates are recorded helps support strong retrospectives.


# Updating Incident Integration Links
Source: https://docs.rootly.com/incidents/managing-incidents/updating-incident-integration-links

View, edit, and update external integration links for incidents through both the Rootly web interface and Slack to keep Jira, ticketing, and docs in sync.

### Overview

Many incidents rely on external systems—ticketing tools, documentation platforms, notebooks, meeting links, and on-call providers.\
Rootly centralizes these external references by allowing teams to store and update integration links directly on the incident.

These links may be:

* Automatically created by integrations
* Generated through workflows
* Manually added or corrected by responders

You can update integration links through both the Rootly web interface and the Rootly Slack bot.

<Info>
  The list of editable links depends on which integrations your workspace has enabled. Only integrations your team has configured will appear in the editor.
</Info>

***

### Editing Integration Links via the Web UI

<Steps>
  <Step title="Open the Incident">
    Navigate to the incident whose integration links you want to modify.
  </Step>

  <Step title="Open the Edit Integrations Dialog">
    In the **Integrations** section of the incident page, click **Edit Integrations**.

    This opens a modal listing all editable integration link fields—for example, Jira, Asana, PagerDuty, Google Drive, Zoom, Confluence, and others.

    <Frame>
      <img alt="Edit integration dialog screenshot" />
    </Frame>
  </Step>

  <Step title="Update or Clear Links">
    Each field represents an external system link. You may:

    * Replace an existing URL
    * Add a missing link
    * Leave the field blank to remove it

    All links require a valid URL format.

    <Frame>
      <img alt="Integration link input view" />
    </Frame>
  </Step>

  <Step title="Save Changes">
    Click **Update** to apply your changes.

    Your updated links will immediately appear in the Integrations section of the incident.
  </Step>
</Steps>

<Tip>
  Use the web interface when updating multiple links at once or when cleaning up links after workflows or automations.
</Tip>

***

### Editing Integration Links via Slack

You can also update integration links without leaving Slack.\
This is useful during active response when responders are working primarily in the incident channel.

There are two ways to open the integration editor in Slack.

***

#### Option 1: Use the Pinned Incident Overview

When viewing an incident channel, the pinned incident summary includes an **Integrations** section with an **Edit** button.

Clicking **Edit** opens the same integration editor modal used in the web interface.

<Frame>
  <img alt="Slack pinned overview integration edit" />
</Frame>

***

#### Option 2: Use the Slash Command

You can also open the integration editor by typing:

<Code>
  /incident integration
</Code>

inside the incident channel.

Rootly will open a modal where you can update any of the available integration links.

<Frame>
  <img alt="Slack integration modal screenshot" />
</Frame>

<Info>
  Slack commands must be run inside the **incident channel**.\
  Rootly identifies the incident based on the channel ID.
</Info>

***

### Which Integrations Can Be Edited?

The integrations editor displays only the links that apply to the integrations your team has enabled.\
Common examples include:

* Jira
* Asana
* PagerDuty
* ServiceNow
* Zendesk
* GitHub
* Linear
* Confluence
* Google Drive / Google Docs / Google Meet / Google Calendar
* Zoom / Webex / GoToMeeting
* Trello
* Notion
* Shortcut
* Coda
* Airtable
* Datadog Notebook

<Tip>
  If an integration is installed but a link was not automatically created, you can manually add it here.
</Tip>

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="I don’t see any fields in the integrations editor">
    Your workspace may not have any integrations enabled for this incident type.\
    Only integrations your team has configured will appear.
  </Accordion>

  <Accordion title="The Slack command didn’t work">
    Make sure you are running the command **inside the incident channel**.\
    Commands sent from other channels or DMs cannot be mapped to an incident.
  </Accordion>

  <Accordion title="I can’t save my changes">
    Integration links must be valid URLs.\
    Invalid or improperly formatted URLs will cause a validation error.
  </Accordion>

  <Accordion title="I don’t see an Edit button in Slack or on the web">
    You may not have permission to update incidents.\
    Check your incident role or workspace access settings.
  </Accordion>

  <Accordion title="Some integrations I expected are missing">
    Only integrations with active workspace configuration appear.\
    Ensure the integration is fully set up under **Configuration → Integrations**.
  </Accordion>
</AccordionGroup>

***

### Best Practices

* **Use workflows to automatically generate links**\
  For example, create Jira issues or PagerDuty incidents automatically and populate the link fields.

* **Maintain consistency across incident types**\
  Standardizing where each system’s link is stored makes retrospectives and auditing much easier.

* **Remove outdated or incorrect links**\
  Leaving fields blank clears stale or incorrect values to avoid confusion later.

* **Encourage responders to update links early**\
  Accurate integration links ensure the right systems stay connected throughout the lifecycle.

* **Use Slack for quick updates, Web UI for bulk editing**\
  Slack is ideal during active response; the web interface is better for comprehensive cleanup.


# Updating Incident Timestamps
Source: https://docs.rootly.com/incidents/managing-incidents/updating-incident-timestamps

Update incident timestamps in Rootly for accurate event documentation, compliance tracking, retrospective analysis, and SLA reporting after the fact.

### Overview

Incident timestamps are crucial for accurately documenting events, enabling precise tracking and analysis of occurrences. Not only are incident timestamps essential for legal and compliance purposes, they are also the foundation to tracking the quality and efficiency of your incident response process.

<Frame>
  <img alt="Document image" />
</Frame>

***

### Available Timestamps

Each Rootly incident comes default with the following timestamps:

| Name         | Required? | Description                                                                                                                                                                                                                                                                                                                                                                                                                                    | Liquid Variable                  |
| ------------ | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| In Triage    | No        | Before an incident starts, it can go through a triage state. This timestamp is automatically logged when the incident enters the `in_triage` state.                                                                                                                                                                                                                                                                                            | `{{ incident.in_triage_at }}`    |
| Started      | Yes       | This marks the official start of an incident. This timestamp is automatically logged when the incident enters the `started` state.                                                                                                                                                                                                                                                                                                             | `{{ incident.started_at }}`      |
| Detected     | No        | This marks the time when the response team is informed. For many teams, the time in which the incident starts is also the time in which their responder team is informed. There is no "detected" state, so this timestamp is NOT automatically logged out of box. Teams can manually set it OR automatically set it through workflows.                                                                                                         | `{{ incident.detected_at }}`     |
| Acknowledged | No        | This marks the time when the response team acknowledges that they are looking into the incident. For many teams, this timestamp is often tied to when the first responder acknowledges the page through an on-call solution (e.g. Rootly On-Call, PagerDuty, Opsgenie, etc.). There is no "acknowledged" state, so this timestamp is NOT automatically logged out of box. Teams can manually set it OR automatically set it through workflows. | `{{ incident.acknowledged_at }}` |
| Mitigated    | Yes       | This marks the time in which the impact of the incident is halted. This does NOT signify the end of an incident. This timestamp is automatically logged when the incident enters the `mitigated` state.                                                                                                                                                                                                                                        | `{{ incident.mitigated_at }}`    |
| Resolved     | Yes       | This marks the time in which the incident is resolved and all systems are running as normal. This timestamp is automatically logged when the incident enters the `resolved` state.                                                                                                                                                                                                                                                             | `{{ incident.resolved_at }}`     |
| Cancelled    | No        | This marks the time in which the incident is cancelled. This timestamp is automatically logged when the incident enters the `cancelled` state.                                                                                                                                                                                                                                                                                                 | `{{ incident.cancelled_at }}`    |

***

### Updating Timestamps

#### Manually Via Slack

Timestamps can be updated through the Rootly Slack bot by using the /incident timestamps Slack command.

<Frame>
  <img alt="Document image" />
</Frame>

#### Manually Via Web UI

Timestamps can also be updated through the Rootly web UI from the Incident Details page.

Click on any timestamp at the top right hand corner of a specific incident.

<Frame>
  <img alt="Document image" />
</Frame>

A modal will pop up to allow you to edit each timestamp.

<Frame>
  <img alt="Document image" />
</Frame>

***

#### Automatically Via Workflow

By default, Rootly will automatically log the *In Triage*, *Started*, *Mitigated*, and *Resolved* timestamps when the incident cycle enters those corresponding states. For the timestamps that Rootly do not automatically log out of box (*Detected* and *Acknowledged*), you can use a workflow to automate the logging. This method will work with all timestamps.

To automate via workflow, you'll want to trigger a workflow following a specific event that updates the timestamp using the **Update Incident** workflow action

<Frame>
  <img alt="Document image" />
</Frame>

Then, use the following syntax in the Custom Field Mapping input textarea to systematically update the acknowledged timestamp.

```txt Custom Field Mapping theme={null}

{ "acknowledged_at": "<enter time value in ISO 8601 format>" }
```

<Note>
  **ISO 8601 Format:** YYYY-MM-DD HH:MM:ss +/-0X00

  Example:

  * 2024-07-26 16:07:46 -0400 means July 26, 2024 at 4:07PM in a timezone that is 4 hours behind UTC

  Liquid syntax is supported in this input text area so you can dynamically set the time by referencing a Liquid variable.
</Note>

***

### Metrics Calculations

Each timestamp plays an important role in calculating the metrics of an incident across the overall organization. The following are the math behind each calculated value:

| Value                                                      | Format             | Formula                                                                                                                          |
| ---------------------------------------------------------- | ------------------ | -------------------------------------------------------------------------------------------------------------------------------- |
| Time to Mitigation `{{ incident.time_to_mitigation }}`     | Integer in hours   | `{{ incident.mitigated_at }}` - `{{ incident.started_at }}`                                                                      |
| Mitigation Duration `{{ incident.mitigation_duration }}`   | Integer in seconds | `{{ incident.mitigated_at }}` - `{{ incident.started_at }}`                                                                      |
| Time to Detection `{{ incident.time_to_detection }}`       | Integer in hours   | `{{ incident.detected_at }}` - `{{ incident.started_at }}`                                                                       |
| Detection Duration `{{ incident.detection_duration }}`     | Integer in seconds | `{{ incident.detected_at }}` - `{{ incident.started_at }}`                                                                       |
| Time to Acknowledge `{{ incident.time_to_acknowledge }}`   | Integer in hours   | `{{ incident.acknowledged_at }}` - `{{ incident.started_at }}`                                                                   |
| Acknowledge Duration `{{ incident.acknowledge_duration }}` | Integer in seconds | `{{ incident.acknowledged_at }}` - `{{ incident.started_at }}`                                                                   |
| Time to Resolution `{{ incident.time_to_resolution }}`     | Integer in hours   | `{{ incident.resolved_at }}` - `{{ incident.started_at }}`                                                                       |
| Incident Duration `{{ incident.duration }}`                | Integer in seconds | If resolved, `{{ incident.resolved_at }}` - `{{ incident.started_at }}`<br /> If not resolved, `now - {{ incident.started_at }}` |

### Troubleshooting

<AccordionGroup>
  <Accordion title="A timestamp won’t update">
    The timestamp may conflict with another field. For example, a mitigation time cannot occur before the incident starts. Update related timestamps to maintain chronological order.
  </Accordion>

  <Accordion title="The Slack timestamp modal didn’t appear">
    You may not have run the command inside the incident’s Slack channel. Slack commands outside the incident channel cannot be mapped to an incident.
  </Accordion>

  <Accordion title="Some fields are missing from the modal">
    Certain timestamps only appear when the incident is in the corresponding lifecycle state. For example, Mitigated and Resolved timestamps appear only after those transitions occur.
  </Accordion>

  <Accordion title="I’m seeing scheduled timestamps instead of lifecycle timestamps">
    The incident is a scheduled maintenance event. Scheduled incidents use Scheduled From and Scheduled Until instead of lifecycle fields.
  </Accordion>

  <Accordion title="Analytics don’t reflect updated timestamps">
    Refresh the page and verify that all timestamps follow chronological order. Incorrect ordering may cause metrics to appear inconsistent.
  </Accordion>
</AccordionGroup>

***

### Best Practices

* **Align on timestamp definitions** to avoid interpretation differences across teams.
* **Use automation whenever possible** to promote consistent and reliable data.
* **Review timestamps during retrospectives** to ensure accuracy before finalizing the incident.
* **Maintain chronological order** so that insights and dashboards remain accurate.
* **Prefer the Web UI for bulk adjustments**, especially when updating several timestamps.
* **Update timestamps promptly** to avoid confusion around when key actions occurred.


# Managing Private Incident Access via Slack
Source: https://docs.rootly.com/incidents/private-incidents/manage-via-slack

Learn how to manage and control access to private incident channels directly through Slack using Rootly’s access management commands and modal.

### Overview

Private incidents allow teams to restrict who can see sensitive discussions, customer details, or internal system information.\
Using Rootly’s Slack integration, you can add or remove authorized responders directly from the incident’s Slack channel—without switching to the web interface.

The Slack access modal mirrors the same controls available in the Rootly UI and ensures only approved users can view or participate in private incident channels.

<Info>
  These actions only work inside a **private incident channel**, and require appropriate permissions to manage access.
</Info>

***

### Manage Access via Slack

<Steps>
  <Step title="Open the Incident Channel">
    Navigate to the private incident channel in Slack.\
    Access controls only work from within the correct incident channel.
  </Step>

  <Step title="Open the Access Management Modal">
    You can open the access modal in two ways:

    **Option A: Slash command**

    Type one of the following commands and press Enter:

    * `/rootly manage`
    * `/rootly access`
    * `/rootly users`

    **Option B: Button in the pinned incident summary**

    Click **Manage Access** in the pinned Rootly block at the top of the channel.

    <Frame>
      <img alt="Rootly incident in Slack showing the Manage Access button highlighted." />
    </Frame>
  </Step>

  <Step title="Add or Remove Users">
    The access modal displays:

    * A **multi-select list** showing all users who currently have access
    * A **search box** to add additional users
    * A **checkbox** titled **Remove Unauthenticated Users**

    **To add users:**\
    Start typing a name and select any user to grant them access immediately.

    **To remove users:**\
    Click the **×** next to their name in the selected users list.

    <Frame>
      <img alt="Manage users modal in Slack." />
    </Frame>

    <Warning>
      The checkbox **“Remove Unauthenticated Users”** does **not** remove all users you didn’t select.\
      Instead, it automatically removes *anyone who does not have permission to view private incidents* based on RBAC.
    </Warning>
  </Step>

  <Step title="Save Your Updates">
    Click **Update** to apply the changes.\
    Rootly will add or remove Slack channel members accordingly.
  </Step>
</Steps>

***

### What Happens After Updating Access

When you save changes:

* Users added gain access to the private incident immediately
* Users removed are removed from the Slack channel
* Removed users *may* receive a Slack notification depending on workspace settings
* Rootly updates the list of authorized incident subscribers
* Any user who lacks private-incident read permission can be automatically removed if the checkbox was selected

<Info>
  Slack may prevent automatic removal if your workspace restricts channel membership management.\
  In those cases, Rootly attempts removal but Slack may reject the action.
</Info>

<Frame>
  <img alt="Example Slackbot message when a user is removed." />
</Frame>

***

### Best Practices

* **Use the checkbox when cleaning up access**\
  It ensures only users with the correct private incident permissions remain in the channel.

* **Be intentional about adding observers**\
  Private incidents often involve sensitive operational or customer data.\
  Grant access sparingly.

* **Review access during major incident transitions**\
  For example, as roles shift or when incident severity changes.

* **Use workflows for structured access management**\
  Workflows can automatically add on-call engineers, service owners, or leadership groups.

* **Keep private incidents small and focused**\
  The fewer people involved, the faster and more aligned your response tends to be.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="The modal didn’t open when I ran the command">
    Make sure you ran the command **inside the private incident channel**.\
    Rootly identifies the incident by the Slack channel ID.
  </Accordion>

  <Accordion title="I don’t see the Manage Access button">
    You may not have permission to manage private incident access.\
    Only users with the required RBAC permissions will see the button.
  </Accordion>

  <Accordion title="Some users disappeared unexpectedly">
    The **Remove Unauthenticated Users** checkbox removes *anyone* who lacks private-incident read permission—even if you had selected them previously.
  </Accordion>

  <Accordion title="Slack wouldn’t remove a user">
    Some Slack workspaces restrict who can remove members from channels.\
    Rootly attempts removal, but Slack may reject it based on workspace policies.
  </Accordion>

  <Accordion title="A user is missing from the search list">
    The user must be a Slack workspace member and must have Rootly access in your organization.
  </Accordion>
</AccordionGroup>


# Managing Private Incident Access via Web Interface
Source: https://docs.rootly.com/incidents/private-incidents/manage-via-web

Manage and control access to private incidents in Rootly directly through the web interface, including viewer lists, RBAC overrides, and audit history.

### Overview

Private incidents restrict visibility to only the responders who need to see sensitive operational details, customer information, or internal system context.\
Using the Rootly web interface, you can add or remove authorized users from a private incident—without requiring Slack or modifying RBAC roles.

The **Manage Access** dialog provides full control over incident-level access, matching the functionality available in Slack.

<Info>
  Managing access requires the appropriate permissions.\
  Users with *private-incident read* permissions automatically have access; all others must be explicitly added as incident subscribers.
</Info>

***

### Manage Access via the Web Interface

<Steps>
  <Step title="Open the Incident">
    Navigate to the private incident you want to manage in the Rootly web application.
  </Step>

  <Step title="Open the Access Management Modal">
    Click **Manage access**, located directly beneath the incident title.

    <Frame>
      <img alt="Manage access button highlighted." />
    </Frame>
  </Step>

  <Step title="Add or Remove Users">
    The access modal includes:

    * A **multi-select list** showing all users who currently have access
    * A **search field** to add new users
    * A **checkbox** titled **Remove users**

    **To add users:**\
    Begin typing a user’s name. Select a user to immediately grant them access.

    **To remove users:**\
    Click the **×** beside a user’s name to remove their access.

    <Frame>
      <img alt="Web Manage Access modal showing user removal." />
    </Frame>

    <Warning>
      The checkbox **“Remove users”** does **not** simply remove everyone you didn’t select.\
      It removes *any subscriber who does not have private-incident read permission* according to RBAC.
    </Warning>
  </Step>

  <Step title="Save Your Updates">
    Click **Update users** to apply the changes.\
    Rootly will immediately grant or revoke incident-level access based on your selections.
  </Step>
</Steps>

***

### What Happens After Updating Access

After saving your changes:

* Newly added users gain access to the private incident immediately
* Removed users lose access to the incident in Rootly
* If Slack is connected, Rootly attempts to update channel membership accordingly
* Users lacking private-incident read permission may be automatically removed if the checkbox was used
* Access updates apply consistently across Rootly and any connected systems

<Info>
  If Slack workspace permissions prevent Rootly from removing a user from the channel, Rootly still revokes their access within the platform.
</Info>

***

### Best Practices

* **Use the Remove Users checkbox to clean up access**\
  This keeps private incidents restricted to only those with the correct RBAC permissions.

* **Limit access to essential responders**\
  Private incidents often contain sensitive or high-impact information; keep the participant list tight.

* **Review access as roles shift**\
  During long-running or high-severity incidents, revisit access when responsibilities change.

* **Automate access via workflows**\
  Workflows can automatically add on-call responders, service owners, or leadership when private incidents are created.

* **Ensure users have Rootly access first**\
  Only Rootly-enabled users can be added as private incident subscribers.

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="I don’t see the Manage access button">
    You may not have permission to manage private-incident access.\
    Only users with the required RBAC permissions or incident roles will see the button.
  </Accordion>

  <Accordion title="Some users disappeared unexpectedly">
    If the **Remove users** checkbox was selected, Rootly removes all subscribers who lack private-incident read permission—even if they previously had access.
  </Accordion>

  <Accordion title="A user is missing from the search field">
    They must be a member of your Rootly organization.\
    If they were recently added to Slack or your IdP, they may need to log into Rootly first.
  </Accordion>

  <Accordion title="Slack did not remove a user I removed in Rootly">
    Some Slack workspaces restrict channel member removal.\
    Rootly will try to remove them, but Slack may block the action.
  </Accordion>

  <Accordion title="Does access sync to sub-incidents?">
    Yes—if your workspace has parent→child sync enabled.\
    Access changes propagate automatically when this feature is turned on.
  </Accordion>
</AccordionGroup>


# Private Incidents Overview
Source: https://docs.rootly.com/incidents/private-incidents/private-incidents

Learn how private incidents in Rootly restrict access beyond RBAC with incident-level permissions managed through the web UI and Slack for sensitive cases.

### What Are Private Incidents?

Private incidents allow sensitive operational, customer, or security-related information to be restricted to a limited group of responders.\
Unlike standard incidents—where visibility is governed solely by workspace-wide RBAC—**private incidents add a second layer of access control**.

In Rootly, users may gain access to a private incident in two ways:

1. **RBAC permissions**\
   A user whose role grants *private incident read access* can view all private incidents.

2. **Incident-level invitation (subscriber-level access)**\
   Even if a user does *not* have role-based permission, they can still be added as a responder through the **Manage Access** dialog (Web or Slack).\
   This provides **incident-specific access on top of RBAC**.

<Info>
  Private incident access is additive.\
  A user either needs (A) role-based private-incident permissions **or** (B) to be explicitly added as a subscriber to the incident.
</Info>

Rootly exposes simple controls for managing access through both the Web interface and Slack. These tools allow incident commanders to invite additional responders quickly while maintaining strict visibility boundaries.

***

### When to Use Private Incidents

Private incidents are commonly used for:

* Security or privacy-related investigations
* Customer-impacting issues involving sensitive data
* Vendor or partner escalations
* Production outages requiring access to confidential systems or dashboards
* Internal-only discussions during high-severity events

Because access is tightly controlled, private incidents ensure the right responders are looped in without exposing sensitive information to the entire organization.

***

### How to Manage Access

Rootly provides dedicated access-management flows in **both the Web UI** and **Slack**, ensuring responders can add or remove users without breaking focus.

<CardGroup>
  <Card title="Manage Access via Web" icon="globe" href="/incidents/private-incidents/manage-via-web">
    Use the Web interface to add or remove subscribers, bulk-edit access, and review current authorized users.
  </Card>

  <Card title="Manage Access via Slack" icon="slack" href="/incidents/private-incidents/manage-via-slack">
    Update access directly from the incident channel using `/rootly manage`, `/rootly access`, or the Manage Access button.
  </Card>
</CardGroup>

***

### How Access Updates Work Behind the Scenes

Rootly performs several automated steps when you update access:

#### Adding a User

* They are added as an **authorized subscriber** to the private incident.
* If Slack is integrated, Rootly automatically attempts to **invite them to the incident channel**.
* They immediately gain permission to view private incident details in the Web UI and API.

#### Removing a User

* They are removed from the incident’s subscriber list.
* If Slack permissions allow it, they are **removed from the incident’s Slack channel**.
* They lose access to incident details, timeline, roles, and integrations.

<Warning>
  Slack workspace restrictions may prevent Rootly from removing users from channels.\
  In those cases, Rootly removes incident access but Slack may reject channel removal.
</Warning>

#### “Remove Unauthenticated Users”

If selected in Slack or the Web UI, Rootly will:

* Remove anyone who **does not have private-incident read permissions**,\
  *even if they were manually added previously*.

This is typically used to quickly sanitize membership during sensitive investigations.

***

### Best Practices for Private Incidents

* **Limit access to essential responders only**\
  Fewer participants reduce noise and risk when working with sensitive information.

* **Grant subscriber access proactively**\
  When involving teams like Legal, Security, or Support, add them early via the Manage Access dialog.

* **Use Slack for quick changes, Web UI for structured updates**\
  Slack is ideal for rapid response.\
  The Web UI is better for reviewing and bulk-editing access.

* **Regularly audit access during long-running incidents**\
  Make sure only the necessary responders continue to have access.

* **Use workflows for automatic access control**\
  Add on-call engineers, service owners, or leadership automatically for critical severities.

***

### FAQ

<AccordionGroup>
  <Accordion title="Do private incidents override RBAC?">
    No. Private incidents **add** incident-level permissions on top of RBAC.\
    Users with the correct role can see all private incidents. Others must be explicitly added.
  </Accordion>

  <Accordion title="Can someone without private-incident permissions join a private incident?">
    Yes—if they are added as a subscriber through the Manage Access dialog (Web or Slack).
  </Accordion>

  <Accordion title="Will Slack notify a user after they’re removed?">
    Slack may send a notification, but this depends on workspace settings.\
    Rootly attempts removal, but Slack may reject the action if workspace policies prevent it.
  </Accordion>

  <Accordion title="Why do some users appear or disappear from the Slack access modal?">
    The modal shows all current subscribers and allows searching for any workspace user.\
    Users may disappear automatically if “Remove Unauthenticated Users” was selected.
  </Accordion>

  <Accordion title="What happens if Slack cannot remove a user from the channel?">
    Rootly removes their incident access, but Slack may block channel removal based on workspace permissions.
  </Accordion>

  <Accordion title="Does access sync to sub-incidents?">
    If your workspace enables parent–child syncing, access changes (invites and removals) may propagate to linked sub-incidents.
  </Accordion>
</AccordionGroup>


# Microsoft Teams Integration
Source: https://docs.rootly.com/integrating-with-microsoft-teams

Set up the Microsoft Teams integration to create incident channels, send notifications, start meetings, and manage incident response directly from Teams.

Rootly's Microsoft Teams integration automates incident communication and collaboration. When an incident starts, Rootly can create a dedicated Teams channel, invite responders, and post real-time updates. You can also create Microsoft Teams meetings directly from incidents for live collaboration.

<CardGroup>
  <Card title="Incident Channels" icon="hashtag">
    Automatically create dedicated Teams channels for each incident with responders invited
  </Card>

  <Card title="Real-time Updates" icon="bolt">
    Post incident status changes, severity updates, and key events to Teams channels
  </Card>

  <Card title="Video Meetings" icon="video">
    Create Microsoft Teams meetings for live incident collaboration with one click
  </Card>

  <Card title="Custom Notifications" icon="bell">
    Control which events trigger Teams notifications using workflow conditions
  </Card>
</CardGroup>

***

## How It Works

<Steps>
  <Step title="Connect Microsoft Teams">
    Authorize Rootly to access your Teams workspace via OAuth.
  </Step>

  <Step title="Install the Rootly Bot">
    Add the Rootly app to your Teams workspace to enable channel creation and messaging.
  </Step>

  <Step title="Configure Workflows">
    Set up workflows to automatically create channels, send messages, or start meetings when incidents occur.
  </Step>
</Steps>

***

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/microsoft-teams/installation">
    Connect Microsoft Teams and install the Rootly bot
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/microsoft-teams/workflows">
    Configure channel creation, messaging, and meeting workflows
  </Card>
</CardGroup>


# Slack Integration
Source: https://docs.rootly.com/integrating-with-slack

Connect Slack to Rootly in just a few minutes to manage incidents directly from Slack with channels, slash commands, message actions, and notifications.

Rootly’s Slack integration brings incident management directly into Slack, so responders can create incidents, coordinate updates, manage channels, and run workflows without leaving the conversation.

<Note>
  For detailed installation instructions, screenshots, and video walkthroughs, see the [Slack Installation Guide](/integrations/slack/installation).
</Note>

## Before You Get Started

Before connecting Slack, confirm which Slack plan your organization uses. If you are unsure, click your organization name in the top-left corner of Slack. Your current plan appears below the organization name.

Supported Slack plans:

* **Slack Free, Pro, or Business+** — Install Rootly at the workspace level
* **Slack Enterprise Grid** — Install Rootly at the organization level across multiple workspaces using [Multi-Workspace Channels](https://slack.com/help/articles/115001399587-Add-a-channel-to-multiple-workspaces-in-your-Enterprise-Grid-organization)

<Accordion title="Data Permissions">
  Rootly requests different Slack scopes depending on your Slack plan and enabled features, such as AI. The list below reflects the full set of permissions you may be asked to approve.

  ### Bot Scopes

  **Core permissions**\
  **bookmarks:write:** Add bookmarks to incident channels for quick access to important resources.\
  **channels:manage:** Create public Slack channels for incidents.\
  **channels:read:** View basic information about public channels in a workspace.\
  **chat:write + chat:write.public:** Post messages in incident channels and respond to Slack actions.\
  **commands:** Enable `/rootly` and `/incident` slash commands.\
  **files:read:** Save files associated with pinned or reacted messages to the incident timeline.\
  **files:write:** Upload files, such as workflow output, directly into Slack. Rootly does not delete files in your Slack workspace.\
  **groups:read:** View basic information about private channels that Rootly has been added to.\
  **groups:write:** Create private Slack channels for sensitive incidents.\
  **pins:read:** Add pinned Slack messages to the incident timeline.\
  **pins:write:** Pin important messages in incident channels.\
  **reactions:read:** Add Slack messages to the incident timeline through reactions you configure.\
  **reactions:write:** React to messages after they are added to the incident timeline.\
  **usergroups:read:** View Slack user groups, such as `@security`.\
  **usergroups:write:** Manage on-call user groups for scheduling and rotation.\
  **users:read + users:read.email:** View workspace members and email addresses for one-click invitations. Rootly does not invite users automatically.\
  **users.profile:read:** Display full names instead of Slack usernames.

  **AI and assistant features**\
  **app\_mentions:read:** View messages that mention `@rootly`.\
  **channels:history:** Read message history in public channels for AI-powered features.\
  **groups:history:** Read message history in private channels for AI-powered features.\
  **assistant:write:** Enable Rootly AI Assistant capabilities.\
  **im:history:** Read direct message history for AI Assistant interactions.

  ### User Scopes

  **usergroups:write:** Required for on-call user group management using user permissions.

  ### Additional Scopes for Slack Enterprise Grid

  **conversations.connect:write:** Connect channels across multiple workspaces in Enterprise Grid organizations.\
  **admin.conversations:write:** Manage conversations at the organization admin level for Enterprise Grid.

  ### Additional User Scopes When Bot Channel Creation Is Restricted

  Some Slack workspaces allow only admins or owners to create channels. In those environments, Rootly may request additional user scopes from an admin or owner so it can create channels on their behalf.

  **channels:write:** Create and manage public channels on behalf of an admin or owner.\
  **groups:write:** Create and manage private channels on behalf of an admin or owner.
</Accordion>

## Quick Installation Steps

<Info>
  **Requirements:**

  * **Rootly account:** Admin or Owner
  * **Slack account:** Workspace Admin or Owner, or Organization Admin or Owner for Enterprise Grid
</Info>

### For Slack Free, Pro, or Business+

1. Go to **Configuration → Integrations**
2. Select **Setup** under the Slack integration
3. Choose **Other Slack Plans**
4. Select your Slack workspace and review permissions
5. Click **Allow** to authorize Rootly

### For Slack Enterprise Grid

1. Go to **Configuration → Integrations**
2. Select **Setup** under the Slack integration
3. Choose **Slack Enterprise Grid**
4. Authorize Rootly at the organization level
5. Add Rootly to the appropriate workspaces through **Organization settings → Integrations → Installed apps**

<Note>
  For step-by-step instructions with screenshots and videos, see the [Slack Installation Guide](/integrations/slack/installation).
</Note>

## Workspace Setup

After connecting Slack, go to **Configuration → Slack** to configure defaults and workspace behavior.

You can configure:

* **Default announcement channel** for new incidents
* **Default alerts channel** for notifications
* **Team notifications** for high-severity incidents or specific groups
* **Smart Reminders** to prompt responders to add roles, update the status page, and keep tasks moving
* **Incident updates** to keep stakeholders informed throughout the lifecycle
* **Incident Slack channel settings** such as naming conventions, bookmarks, and incident TPOC updates&#x20;
* **Interactions** using emoji to pin messages, create follow-up work, or add tasks
* **Channel archiving** for incident channels after resolution
* **Member settings** to require Slack connection or track incident access

## Channel Creation Restrictions

In some Slack workspaces, only admins or owners are allowed to create channels. When that restriction is enabled, Rootly may ask an admin or owner to grant additional permissions so it can create channels on their behalf.

In Rootly, this is managed through **Configuration → Slack**, where you may see options such as **Bypass Slack permissions** or **Elevate privileges**.

## Rootly AI Permissions

If you want to use Rootly AI features in Slack, your integration may need additional Slack scopes. In some cases, you may be asked to update or reinstall the Slack integration to grant the required permissions.

See the [Slack Installation Guide](/integrations/slack/installation) or use the in-app **Upgrade permissions** option if it appears.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Which Slack plans are supported?" icon="circle-question">
    Rootly supports Slack Free, Pro, Business+, and Slack Enterprise Grid. Standard workspaces install at the workspace level, while Enterprise Grid installs at the organization level.
  </Accordion>

  <Accordion title="Why does Rootly request so many Slack permissions?" icon="shield-check">
    Rootly uses Slack permissions to create and manage incident channels, send messages, power workflows, manage on-call user groups, and support AI features. The exact permissions requested depend on your Slack plan and enabled features.
  </Accordion>

  <Accordion title="What if Rootly cannot create Slack channels?" icon="triangle-exclamation">
    Some Slack workspaces restrict channel creation to admins or owners. In those cases, Rootly may request additional user scopes from an admin or owner so it can create channels on their behalf.
  </Accordion>

  <Accordion title="Where do I configure Slack behavior after installation?" icon="sliders">
    After installation, go to **Configuration → Slack** to manage default channels, notifications, reminders, incident channel settings, archiving, and member behavior.
  </Accordion>

  <Accordion title="Do I need to reinstall Slack to use AI features?" icon="sparkles">
    Sometimes. If your current Slack integration is missing the scopes required for AI features, Rootly may prompt you to upgrade permissions or reinstall the integration.
  </Accordion>
</AccordionGroup>


# Agent Plugins
Source: https://docs.rootly.com/integrations/agent-plugins

Bring Rootly incident management into AI coding agents like Claude Code and Cursor through Rootly's hosted MCP service, with no local setup required.

## Introduction

Rootly agent plugins bring incident response, on-call context, and retrospective generation directly into the AI coding agents where engineers already work. Each plugin ships with curated slash commands and automatic hooks, all backed by [Rootly's hosted MCP service](/integrations/mcp-server).

## Why Use an Agent Plugin

Incident response has always required switching contexts: from your editor to Slack, to your incident tool, back to your terminal. By the time you've caught up on what's happening, you've already lost the thread of what you were building. Rootly's agent plugins close that gap — incident context, on-call state, and retrospective generation are available from the same environment where you write and ship code.

## Common Workflows

Across all agent plugins, you can:

* **Investigate incidents** — pull full incident context and find similar past incidents
* **Check on-call** — see current on-call state, upcoming handoffs, and health risk indicators
* **Draft status updates** — generate stakeholder-ready incident summaries
* **Run handoffs** — produce structured handoff documents for incident commander transitions
* **Generate retrospectives** — turn incident data into structured retrospectives
* **Run deploy checks** — analyze git diffs against past incidents to catch risky changes

## Claude Code

The Rootly Claude Code plugin brings incident response workflows directly into [Claude Code](https://claude.com/claude-code).

### Slash Commands

The plugin ships with nine slash commands:

| Command                  | Description                                                                                      |
| ------------------------ | ------------------------------------------------------------------------------------------------ |
| `/rootly:deploy-check`   | Analyzes your git diff against past incidents and warns if similar changes caused outages before |
| `/rootly:respond [id]`   | Pulls full incident context, finds similar past incidents, and shows who's on-call               |
| `/rootly:oncall`         | On-call dashboard with shift metrics, upcoming handoffs, and health risk indicators              |
| `/rootly:retro [id]`     | Generates a structured retrospective from incident data                                          |
| `/rootly:status`         | All services with active incidents grouped by severity                                           |
| `/rootly:ask [question]` | Natural language queries over your incident history                                              |
| `/rootly:brief [id]`     | Executive-ready incident summary for stakeholder updates                                         |
| `/rootly:handoff`        | Structured handoff document for incident commander transitions                                   |
| `/rootly:setup`          | First-run configuration and API token validation                                                 |

### Automatic Hooks

The plugin includes two automatic hooks:

* **Session-start token check** — verifies your Rootly API token is valid when Claude Code starts
* **Pre-commit / pre-push warning** — alerts you if there's an active critical incident in progress before you ship code

### Installation

Install the plugin through Rootly's custom plugin marketplace:

```bash theme={null}
/plugin marketplace add Rootly-AI-Labs/rootly-claude-plugin
/plugin install rootly@rootly-plugins
/reload-plugins
```

Then run the setup command to configure your Rootly API token:

```bash theme={null}
/rootly:setup
```

## Cursor

The Rootly Cursor plugin brings the same Rootly workflows into [Cursor](https://cursor.com), so incident investigation, on-call context, status drafting, handoffs, retrospectives, and deploy checks are available directly in the editor.

### Installation

Install the Rootly plugin from the public GitHub plugin source in the [`rootly-cursor-plugin`](https://github.com/Rootly-AI-Labs/rootly-cursor-plugin) repository.

### Configuration

Make sure `ROOTLY_API_TOKEN` is available in the environment Cursor launches with:

```bash theme={null}
export ROOTLY_API_TOKEN="<YOUR_ROOTLY_API_TOKEN>"
```

Then run the setup command in Cursor to validate connectivity:

```bash theme={null}
/rootly-setup
```

## Getting an API Token

You'll need a Rootly API token for either plugin. Generate one in **Account** > **Manage API keys** > **Generate New API Key**.

<Callout icon="info-circle">
  All agent plugins are backed by Rootly's hosted MCP service. For direct MCP configuration with other clients (Windsurf, Gemini CLI, Claude Desktop, etc.), see the [MCP Server documentation](/integrations/mcp-server).
</Callout>

## Related

* [MCP Server](/integrations/mcp-server) — direct MCP configuration for any compatible client
* [Rootly CLI](/integrations/cli) — terminal-based access to Rootly resources


# Airtable
Source: https://docs.rootly.com/integrations/airtable

Automatically create and update Airtable records from Rootly incidents using workflow actions to track incidents, follow-ups, and metrics in your bases.

## Overview

Rootly's Airtable integration lets you push incident data directly into Airtable tables using workflow actions. When an incident is declared — or updated — Rootly can create or update a record in any base and table you choose, with full control over field mapping via Liquid variables.

<CardGroup>
  <Card title="Create Records" icon="plus">
    Automatically create a new Airtable record when an incident is declared, capturing key fields like title, summary, severity, and more.
  </Card>

  <Card title="Update Records" icon="pen-to-square">
    Update an existing Airtable record as the incident progresses — reflect status changes, resolution notes, or any custom field.
  </Card>

  <Card title="Custom Field Mapping" icon="sliders">
    Map any Rootly incident field to any Airtable column using JSON and [Liquid variables](/liquid/incident-variables).
  </Card>

  <Card title="Any Base & Table" icon="table">
    Target any base and table in your Airtable workspace — not limited to a single sheet.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You need an Airtable account with permission to create OAuth applications
* The Airtable base and table you want to write to must already exist

## Installation

Setting up the Airtable integration requires creating an OAuth application in Airtable and connecting it to Rootly.

<Steps>
  <Step title="Open the integration in Rootly">
    In Rootly, go to **Configuration → Integrations** and find **Airtable**. Click **Connect**.

    <Frame>
      <img alt="Airtable integration in Rootly" />
    </Frame>
  </Step>

  <Step title="Create an OAuth application in Airtable">
    In a new tab, go to [airtable.com/create/oauth](https://airtable.com/create/oauth) and create a new OAuth application.

    <Frame>
      <img alt="Create OAuth application in Airtable" />
    </Frame>

    Set the **Redirect URL** (callback URL) to:

    ```
    https://rootly.com/auth/airtable/callback
    ```

    <Frame>
      <img alt="Setting the callback URL in Airtable" />
    </Frame>
  </Step>

  <Step title="Configure required scopes">
    In the OAuth app settings, enable the required scopes:

    <Frame>
      <img alt="Airtable OAuth scopes" />
    </Frame>
  </Step>

  <Step title="Copy credentials into Rootly">
    Copy the **Client ID** and **Client Secret** from your Airtable OAuth app into Rootly and save.

    <Frame>
      <img alt="Entering Airtable credentials in Rootly" />
    </Frame>
  </Step>

  <Step title="Authorize">
    Click **Authorize** in Rootly. You'll be redirected to Airtable to grant access. Once approved, you'll return to Rootly with the integration connected.
  </Step>
</Steps>

<Note>
  When you connect Airtable, Rootly automatically creates a default **Create Airtable Record** workflow to get you started quickly.
</Note>

## Workflow Actions

### Create Airtable Record

Creates a new record in the specified Airtable base and table when the workflow triggers.

<ParamField type="string">
  The Airtable base to write the record to. Select from the dropdown populated from your connected account.
</ParamField>

<ParamField type="string">
  The table within the selected base. Populated dynamically based on the selected base.
</ParamField>

<ParamField type="json">
  A JSON object mapping Airtable column names to values. Supports [Liquid variables](/liquid/incident-variables).

  ```json theme={null}
  {
    "Name": "{{ incident.title }}",
    "Notes": "{{ incident.summary }}",
    "Started At": "{{ incident.started_at | date: '%FT%T%:z' }}",
    "Severity": "{{ incident.severity }}",
    "Link": "{{ incident.url }}"
  }
  ```
</ParamField>

### Update Airtable Record

Updates an existing record in Airtable. Use this after a record has been created to reflect incident updates.

<ParamField type="string">
  The Airtable base ID (e.g. `appXXXXXXXXXXXXXX`). Supports Liquid variables.
</ParamField>

<ParamField type="string">
  The name of the table containing the record to update. Supports Liquid variables.
</ParamField>

<ParamField type="string">
  The ID of the Airtable record to update (e.g. `recXXXXXXXXXXXXXX`). Supports Liquid variables.
</ParamField>

<ParamField type="json">
  A JSON object of fields to update. Same syntax as the Create action.
</ParamField>

## Uninstall

To remove the Airtable integration:

1. Go to **Configuration → Integrations** and find **Airtable**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="How do I find my Base Key and Record ID for the Update action?" icon="circle-question">
    The **Base Key** is visible in the URL when you open a base in Airtable: `airtable.com/appXXXXXXXXXXXXXX/...`. The **Record ID** (format: `recXXXXXXXXXXXXXX`) can be retrieved via the Airtable API or by expanding a record and copying the ID from the URL.
  </Accordion>

  <Accordion title="Can I map custom Rootly fields to Airtable columns?" icon="circle-question">
    Yes. Use the `incident.custom_fields` Liquid variable to access custom field values. For example: `{{ incident.custom_fields | find: 'custom_field.slug', 'your-slug' | get: 'selected_options' | map: 'value' }}`.
  </Accordion>

  <Accordion title="What happens if a mapped column doesn't exist in Airtable?" icon="circle-question">
    Airtable will return an error and the workflow action will fail. Make sure all column names in the mapping exactly match your Airtable table's field names (case-sensitive).
  </Accordion>

  <Accordion title="Can I create records in multiple tables from one incident?" icon="circle-question">
    Yes. Add multiple **Create Airtable Record** actions to the same workflow, each targeting a different base or table.
  </Accordion>
</AccordionGroup>


# Prometheus Alertmanager
Source: https://docs.rootly.com/integrations/alertmanager

Connect Prometheus Alertmanager to Rootly to ingest firing alerts, automatically resolve them when restored, and page on-call escalation targets.

## Introduction

The Prometheus Alertmanager integration connects Rootly with your existing Prometheus alerting pipeline so teams can receive alerts in Rootly and trigger on-call paging directly from Alertmanager.

This integration is a strong fit for teams already using Prometheus and Alertmanager for infrastructure monitoring who want Rootly to handle incident coordination and on-call response.

With the Prometheus Alertmanager integration, you can:

* Ingest Alertmanager firing alerts into Rootly as alerts
* Automatically resolve Rootly alerts when Alertmanager sends a resolved notification
* Page Rootly on-call targets directly from Alertmanager using webhook URLs or Prometheus rule annotations
* Use alert workflows to create incidents and automate follow-up actions

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with permission to manage integrations and alert sources
* Access to your Alertmanager configuration file (`alertmanager.yml`)
* The webhook URL and bearer token secret from the Rootly Alertmanager integration page

<Note>
  You can find your webhook URL and bearer token secret by navigating to **Integrations** > **Prometheus Alertmanager** > **Configure** in Rootly.
</Note>

## Installation

<Steps>
  <Step title="Open the Alertmanager integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Prometheus Alertmanager**. Copy the webhook URL and bearer token secret shown in the configuration modal.

    <Frame>
      <img alt="Alertmanager integration configuration modal" />
    </Frame>
  </Step>

  <Step title="Configure your alertmanager.yml" icon="code">
    Add a Rootly receiver to your `alertmanager.yml` configuration file. Set the `url` to the Rootly webhook URL and the `credentials` to your bearer token secret.

    ```yaml theme={null}
    route:
      receiver: default
      group_by:
        - job
      routes:
        - receiver: rootly
          match:
            alertname: Rootly
          repeat_interval: 1m

    receivers:
      - name: rootly
        webhook_configs:
          - url: 'https://webhooks.rootly.com/webhooks/incoming/alertmanager_webhooks'
            send_resolved: true
            http_config:
              authorization:
                type: Bearer
                credentials: <your-bearer-token-secret>
    ```

    Setting `send_resolved: true` is required for Rootly to automatically resolve alerts when Alertmanager sends a resolved notification.
  </Step>
</Steps>

## Page Rootly On-Call

Alertmanager can page Rootly on-call targets directly. There are two ways to configure this.

### Via Receiver URL

Append a notification target to the webhook URL in your `alertmanager.yml`. This routes the alert to the specified Rootly resource for paging.

```yaml theme={null}
receivers:
  - name: rootly
    webhook_configs:
      - url: 'https://webhooks.rootly.com/webhooks/incoming/alertmanager_webhooks/notify/<resource_type>/<resource_id>'
        send_resolved: true
        http_config:
          authorization:
            type: Bearer
            credentials: <your-bearer-token-secret>
```

Replace `<resource_type>` and `<resource_id>` with one of the following:

| Resource Type      | Description                |
| ------------------ | -------------------------- |
| `User`             | A specific Rootly user     |
| `Group`            | A Rootly team              |
| `EscalationPolicy` | A Rootly escalation policy |
| `Service`          | A Rootly service           |

The resource ID can be found by editing the resource in Rootly.

### Via Prometheus Rule Annotations

If you use Prometheus alerting rules, you can set the notification target through annotations in your `prometheus.rules.yml` file. This lets you define the paging target per rule rather than per receiver.

```yaml theme={null}
groups:
  - name: ./rules.conf
    rules:
      - alert: HighCPUUsage
        expr: cpu_usage > 90
        labels:
          severity: critical
        annotations:
          summary: "High CPU usage detected"
          rootly: '{"notification_target":{"type":"User","id":"<resource_id>"}}'
```

To page multiple targets from a single rule, use `alerting_targets` (an array) instead of `notification_target`:

```yaml theme={null}
rootly: '{"alerting_targets":[{"type":"User","id":"<user_id>"},{"type":"EscalationPolicy","id":"<policy_id>"}]}'
```

The `type` and `id` values follow the same options as the receiver URL approach above.

## How Alerts Are Mapped

Rootly extracts the following fields from each Alertmanager alert:

* **Summary** — taken from the alert's `alertname` label, falling back to `commonLabels.alertname`, then `commonLabels.description`
* **Labels** — all key-value pairs from `commonLabels` are attached as Rootly alert labels, making them available for routing, filtering, and display. Individual labels like `instance`, `dc`, `job`, and `status` are also extracted.
* **External ID** — the `alertname` label, used to deduplicate and match resolve events
* **External URL** — the `generatorURL` from the alert, or the `externalURL` from the webhook envelope

## How Auto-Resolution Works

When `send_resolved: true` is set in your Alertmanager configuration, Alertmanager sends a resolved notification to Rootly when a firing alert returns to a normal state. Rootly uses the `endsAt` timestamp in the resolved payload to mark the corresponding alert as resolved.

Alerts are matched by their external identifier — if an alert fires and resolves multiple times, Rootly updates the existing alert rather than creating duplicates.

You can also explicitly set the alert status by including `rootly_alert_status` in the webhook payload. Valid values are `open`, `triggered`, and `resolved`.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Alerts are not appearing in Rootly" icon="circle-exclamation">
    Verify that the webhook URL in your `alertmanager.yml` matches the one shown in your Rootly integration settings. Confirm that the bearer token secret is correctly set under `credentials` and that the Alertmanager receiver is being triggered by your routing rules.
  </Accordion>

  <Accordion title="Alerts are not being resolved automatically" icon="rotate">
    Confirm that `send_resolved: true` is set in your webhook configuration. Without this, Alertmanager will not send resolved notifications to Rootly and alerts will remain open until manually resolved.
  </Accordion>

  <Accordion title="On-call paging is not working via the receiver URL" icon="bell-slash">
    Check that the `resource_type` and `resource_id` in the notification target URL are correct. The resource ID can be found by editing the target resource in Rootly. Ensure the resource type is one of `User`, `Group`, `EscalationPolicy`, or `Service`.
  </Accordion>

  <Accordion title="On-call paging is not working via rule annotations" icon="code">
    Confirm the `rootly` annotation is valid JSON and that the `type` and `id` values match an existing Rootly resource. Invalid JSON or a missing resource will cause the notification target to be ignored.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Alertmanager integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Anthropic
Source: https://docs.rootly.com/integrations/anthropic

Connect your Anthropic account to Rootly to power AI-assisted incident workflows using Claude with your organization's own API key and data agreements.

## Introduction

The Anthropic integration lets you connect Rootly to your organization's Anthropic account, using your own API key to power AI-assisted incident workflows with Claude. This gives your team control over the model, data handling, and API usage under your organization's specific agreements with Anthropic. Usage is billed directly to your Anthropic account — not through Rootly — making this a good fit for organizations with data residency requirements or custom API agreements.

With the Anthropic integration, you can:

* Generate AI-powered summaries, analyses, and responses within incident workflows
* Send custom prompts to Claude with full Liquid template support for dynamic, incident-aware content
* Use a system prompt to define Claude's role, tone, or constraints for each workflow action
* Choose which Claude model to use based on your account's available models

## Before You Begin

Before setting up the Anthropic integration, make sure you have:

* A Rootly account with permission to manage integrations
* An [Anthropic API key](https://console.anthropic.com/settings/keys) with access to the models you want to use

We recommend creating a dedicated API key for Rootly rather than using a personal key — this makes it easier to rotate or revoke access independently. Your key is validated on save and encrypted at rest in Rootly.

<Callout icon="triangle-exclamation">
  API keys are validated against the Anthropic API when you save the integration. If the key is inactive, expired, or over its usage limit, the integration will not save.
</Callout>

## Installation

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **Anthropic**.
  </Step>

  <Step title="Enter your Anthropic API key" icon="key">
    Paste your Anthropic API key into the **API Key** field. You can generate or manage keys in the [Anthropic Console](https://console.anthropic.com/settings/keys).
  </Step>

  <Step title="Select a default model" icon="robot">
    Choose the Claude model you want to use for workflow actions. The available models are fetched dynamically from your Anthropic account. Common options include:

    * `claude-opus-4-5` — most capable, best for complex analysis
    * `claude-sonnet-4-5` — balanced performance and speed
    * `claude-haiku-4-5` — fastest, best for high-volume workflows
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      Your Anthropic integration is active. The **Create Anthropic Chat Completion** workflow action is now available in your incident and action item workflows.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Create Anthropic Chat Completion

Sends a prompt to Claude and captures the response as a workflow output. The response can be used in subsequent workflow steps, posted to Slack, or written to incident fields. Rootly uses a maximum output of **4,000 tokens** per request — for longer responses, consider breaking your workflow into multiple steps with more focused prompts.

| Field         | Description                                                             | Required |
| ------------- | ----------------------------------------------------------------------- | -------- |
| Model         | The Claude model to use — fetched from your Anthropic account           | Yes      |
| Prompt        | The user message sent to Claude — supports Liquid templating            | Yes      |
| System Prompt | Instructions for Claude's role or behavior — supports Liquid templating | No       |

The **System Prompt** field is useful for setting Claude's persona or output format. For example: *"You are an incident response assistant. Respond in bullet points. Be concise."*

<Callout icon="code">
  Use Liquid variables in your prompts to include live incident context — for example `{{ incident.title }}`, `{{ incident.severity }}`, and `{{ incident.description }}`. See the [Liquid variables reference](/liquid/incident-variables) for all available fields.
</Callout>

## Troubleshooting

<AccordionGroup>
  <Accordion title="The API key is rejected when saving the integration" icon="key">
    Rootly validates your API key by making a test request to the Anthropic API. If the key is rejected, confirm it is active and has not been revoked in the [Anthropic Console](https://console.anthropic.com/settings/keys). Also check that the key has not exceeded its usage limits.
  </Accordion>

  <Accordion title="The workflow action fails with an authentication error" icon="lock">
    If the integration was working and then stopped, the API key may have been rotated or revoked. Go to the integration settings in Rootly and update the API key — Rootly will re-validate on save.
  </Accordion>

  <Accordion title="The workflow action fails with a rate limit error" icon="gauge-high">
    Anthropic enforces rate limits based on your plan tier. If you are running many concurrent workflows, you may hit requests-per-minute or tokens-per-minute limits. Consider staggering workflows or upgrading your Anthropic plan. Rootly does not retry rate-limited requests automatically.
  </Accordion>

  <Accordion title="The model I want is not appearing in the model selector" icon="robot">
    The model list is fetched dynamically from your Anthropic account. If a model is not appearing, confirm that your API key has access to that model. Some models require a specific Anthropic tier or may not yet be available on your account.
  </Accordion>

  <Accordion title="Liquid variables are not rendering correctly in the prompt" icon="code">
    Check your Liquid syntax — unclosed tags or undefined variables can cause rendering failures or unexpected output. Use the [Liquid variables reference](/liquid/incident-variables) to confirm correct variable names and test your template in a low-stakes workflow first.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Build workflows that use Claude to analyze, summarize, or respond to incidents automatically.
  </Card>

  <Card title="Liquid Variables" icon="code" href="/liquid/incident-variables">
    Reference for all incident variables available in Liquid-templated prompts.
  </Card>

  <Card title="Rootly AI" icon="robot" href="/ai/ai">
    Learn about Rootly's built-in AI features for incident management.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/asana/installation

Install and configure the Rootly Asana integration to automatically create and update tasks from incidents and action items in your Asana workspace.

## Introduction

The Asana integration connects Rootly with your Asana workspace so teams can automatically create and update tasks through Genius workflows. Tasks can be assigned, linked to projects, given due dates, and populated with custom fields — all driven by incident data.

With the Asana integration, you can:

* Automatically create Asana tasks when incidents are declared or reach a certain state
* Create subtasks under an existing Asana task to track action items
* Update task title, completion status, assignee, and custom fields as incidents evolve
* Set task dependencies to model blocking relationships between tasks

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* An Asana account with access to the workspace you want to use

<Callout icon="user-shield">
  We recommend installing with a dedicated Asana service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the Asana integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Asana**.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Authorize Rootly with Asana" icon="key">
    You will be redirected to Asana to sign in and grant Rootly permission to access your workspace. Once authorized, the installation is complete.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    <Callout icon="circle-check">
      After authorization, the **Create an Asana Task**, **Create an Asana Subtask**, and **Update an Asana Task** workflow actions are available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

## Uninstall

To remove the Asana integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Workflows
Source: https://docs.rootly.com/integrations/asana/workflows

Configure Asana workflow actions in Rootly to create and update tasks from incidents, with project assignment, custom fields, and follow-up tracking.

## Overview

The Asana integration provides three workflow actions for managing tasks directly from Rootly incidents. If you are unfamiliar with how Genius workflows work, visit the [Workflows](/workflows) documentation first.

## Available Workflow Actions

### Create an Asana Task

This action creates a new task in a specified Asana project.

| Field                     | Description                                                                 | Required |
| ------------------------- | --------------------------------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                                       |          |
| **Workspace**             | Asana workspace where the task will be created                              | Yes      |
| **Team**                  | Asana team used to filter available projects                                |          |
| **Projects**              | One or more Asana projects to associate the task with                       | Yes      |
| **Title**                 | Task title. Defaults to `{{ incident.title }}`. Supports Liquid             | Yes      |
| **Notes**                 | Task description. Supports Liquid                                           |          |
| **Assign User Email**     | Email of the Asana user to assign the task to. Supports Liquid              |          |
| **Completion**            | Task completion status. **Auto** mirrors the incident or action item status | Yes      |
| **Due Date**              | Task due date. Supports Liquid                                              |          |
| **Custom Fields Mapping** | JSON mapping Asana custom field IDs to values. Supports Liquid              |          |
| **Dependency Direction**  | Whether this task is **blocking** or **blocked by** the dependent tasks     |          |
| **Dependent Task IDs**    | Asana task IDs that this task has a dependency relationship with            |          |

<Frame>
  <img alt="Document Image" />
</Frame>

<Callout icon="lightbulb">
  Use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer) to preview what Liquid variables return for your incidents.
</Callout>

***

### Create an Asana Subtask

This action creates a subtask under an existing Asana task.

<Callout icon="info">
  When a **Create an Asana Task** action runs, Rootly stores the resulting task ID on the incident record. Reference it in subsequent subtask actions using Liquid variables.
</Callout>

| Field                     | Description                                                                | Required |
| ------------------------- | -------------------------------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                                      |          |
| **Parent Task ID**        | Asana task ID of the parent task. Supports Liquid                          | Yes      |
| **Title**                 | Subtask title. Supports Liquid                                             | Yes      |
| **Notes**                 | Subtask description. Supports Liquid                                       |          |
| **Assign User Email**     | Email of the Asana user to assign the subtask to. Supports Liquid          |          |
| **Completion**            | Subtask completion status                                                  | Yes      |
| **Due Date**              | Subtask due date. Supports Liquid                                          |          |
| **Custom Fields Mapping** | JSON mapping Asana custom field IDs to values. Supports Liquid             |          |
| **Dependency Direction**  | Whether this subtask is **blocking** or **blocked by** the dependent tasks |          |
| **Dependent Task IDs**    | Asana task IDs this subtask depends on                                     |          |

<Frame>
  <img alt="Document Image" />
</Frame>

***

### Update an Asana Task

This action updates an existing Asana task with new values.

| Field                     | Description                                                       | Required |
| ------------------------- | ----------------------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                             |          |
| **Task ID**               | Asana task ID to update. Supports Liquid                          | Yes      |
| **Title**                 | Updated task title. Supports Liquid. Leave blank to keep existing |          |
| **Assign User Email**     | Updated assignee email. Supports Liquid                           |          |
| **Completion**            | Updated completion status                                         | Yes      |
| **Due Date**              | Updated due date. Supports Liquid                                 |          |
| **Custom Fields Mapping** | Updated custom field values as JSON. Supports Liquid              |          |
| **Dependency Direction**  | Updated dependency direction: **blocking** or **blocked by**      |          |
| **Dependent Task IDs**    | Updated list of dependent Asana task IDs                          |          |

<Frame>
  <img alt="Document Image" />
</Frame>

***

## Custom Fields

Use the **Custom Fields Mapping** field to set Asana custom field values using a JSON object. The key is the Asana custom field ID and the value depends on the field type.

**Text fields**

```json theme={null}
{
  "4578152156": "Not Started",
  "5678904321": "On Hold"
}
```

**Liquid syntax in text fields**

```json theme={null}
{
  "4578152156": "{{ incident.severity }}",
  "5678904321": "{{ incident.status }}"
}
```

**Single-select enum fields** — use the Asana enum option ID as the value:

```json theme={null}
{
  "5678904322": "1004598149"
}
```

**Multi-select enum fields** — use an array of enum option IDs:

```json theme={null}
{
  "5678904322": ["459021796", "1004598149"]
}
```

**Conditional enum mapping with Liquid**

```json theme={null}
{
  "4578152156": "{{ incident.severity }}",
  {% if incident.severity == "sev0" %}
  "5678904322": "1004598149"
  {% elsif incident.severity == "sev1" %}
  "5678904322": "2005678230"
  {% endif %}
}
```

<Callout icon="info">
  To find custom field IDs and enum option IDs, use the Asana API or inspect the URL when editing a custom field in Asana.
</Callout>


# AWS CloudWatch
Source: https://docs.rootly.com/integrations/aws-cloudwatch

Receive alerts from AWS CloudWatch in Rootly to trigger incidents, route notifications to on-call teams, and automatically resolve alerts when alarms recover.

## Overview

The AWS CloudWatch integration allows Rootly to treat CloudWatch alarms as a native alert source. The integration uses Amazon Simple Notification Service (SNS) to deliver CloudWatch alarm state change events to Rootly via HTTPS webhooks.

When a CloudWatch alarm transitions into the `ALARM` state, Rootly creates a new alert or updates an existing unresolved alert. When the same alarm transitions back into the `OK` state, Rootly automatically resolves the corresponding alert. This behavior enables CloudWatch alarms to participate fully in Rootly’s alert routing, on-call, and incident management workflows.

Alerts created from CloudWatch can be routed to services, escalation policies, or teams, enriched with labels derived from CloudWatch alarm tags, and customized using alert templates.

<Callout icon="repeat">
  CloudWatch alerts are stateful. Rootly creates alerts when alarms enter the ALARM state and resolves them automatically when the same alarms return to OK.
</Callout>

## How the Integration Works

CloudWatch alarms publish state change notifications to an SNS topic. Rootly subscribes to this SNS topic using an HTTPS webhook endpoint generated when you create a CloudWatch alert source in Rootly.

Each SNS notification contains information about the alarm, including its name, ARN, state, reason for the state change, and timestamp. Rootly uses the alarm ARN as the external identifier for the alert, ensuring that repeated alarm triggers update the same alert and that alerts are resolved when the alarm returns to an OK state.

## Prerequisites

Before configuring the integration, ensure that you have access to an AWS account with permissions to manage CloudWatch alarms and SNS topics. You must also have a Rootly account with access to Alert Sources.

## Setup Instructions

<Steps>
  <Step title="Create an Alert Source in Rootly">
    Begin by creating a CloudWatch alert source in Rootly. Navigate to **Settings** → **Alert Sources** and click **Add Alert Source**. Select **CloudWatch** and provide a descriptive name, such as “Production CloudWatch Alarms.”

    You may optionally configure default alert urgency, assign owner groups, or define an alert template. Once the alert source is saved, copy the webhook URL provided by Rootly.

    ```txt theme={null}
    https://webhooks.rootly.com/webhooks/incoming/cloud_watch_webhooks?secret=YOUR_SECRET_KEY
    ```

    <Callout icon="key">
      The webhook secret authenticates incoming requests from Amazon SNS. Treat this value as sensitive and rotate it if it is exposed.
    </Callout>
  </Step>

  <Step title="Create an SNS Topic">
    Create an Amazon SNS topic to receive CloudWatch alarm notifications. In the AWS SNS Console, create a new topic using the **Standard** topic type and give it a clear, descriptive name such as `rootly-cloudwatch-alerts`.

    This SNS topic acts as the delivery mechanism between CloudWatch and Rootly.
  </Step>

  <Step title="Subscribe Rootly to the SNS Topic">
    Open the SNS topic and navigate to the **Subscriptions** tab. Create a new subscription using the **HTTPS** protocol and paste the Rootly webhook URL into the endpoint field.

    AWS sends a subscription confirmation request to the webhook endpoint. Rootly automatically attempts to confirm this request, and the subscription typically transitions to **Confirmed** within a few seconds.

    <Info>
      If the subscription remains in a pending state, verify that the webhook endpoint is reachable and that no network restrictions are blocking AWS SNS traffic.
    </Info>
  </Step>

  <Step title="Configure a CloudWatch Alarm">
    In the CloudWatch Console, navigate to **All alarms** and create a new alarm. Select the metric to monitor and define the alarm conditions, including thresholds and evaluation periods.

    Configure the alarm to send notifications to the SNS topic for both the **In alarm** and **OK** states. This ensures alerts are created and resolved automatically in Rootly.
  </Step>

  <Step title="Test the Integration">
    Trigger the CloudWatch alarm or allow it to trigger naturally. Verify that a new alert appears in Rootly with the source set to CloudWatch.

    When the alarm returns to the `OK` state, confirm that the alert is automatically resolved.
  </Step>
</Steps>

## Alert Mapping and Behavior

Rootly extracts key fields from CloudWatch alarm notifications and maps them to alert attributes. The alarm ARN is used as the external identifier, which allows Rootly to deduplicate alerts and correctly match resolve events. The alarm name, metric name, and state change reason are included in the alert summary, while alarm tags are converted into alert labels.

The alert summary is generated automatically and typically follows the format shown below.

```txt theme={null}
{MetricName} - {NewStateReason}
```

For example:

```txt theme={null}
CPUUtilization - Threshold Crossed: 1 datapoint [85.5] was greater than the threshold (80.0).
```

If no tags are present on the CloudWatch alarm, Rootly applies default labels to ensure consistent alert metadata.

## Advanced Configuration

### Alert Templates

Alert templates allow you to control how CloudWatch alerts appear in Rootly. Templates are configured from the Alert Source settings and support Liquid templating, which makes it possible to dynamically generate alert content from the CloudWatch alarm payload.

Commonly used template variables include the alarm name, alarm ARN, metric name, state change reason, and timestamp. These variables can be combined to produce descriptive alert titles, detailed descriptions, and direct links back to the AWS Console.

### Alert Routing

CloudWatch alerts can be routed automatically using Rootly alert routes. Routing rules may be defined using alarm names, metric names, tags, or any other field included in the CloudWatch alarm payload. Routes can target services, escalation policies, or teams, ensuring that alerts are delivered to the appropriate responders without manual intervention.

### Deduplication and Resolution

Rootly deduplicates CloudWatch alerts using the alarm ARN as the external identifier. If an alarm triggers multiple times while an alert remains unresolved, Rootly updates the existing alert instead of creating duplicates. When the alarm transitions back to the `OK` state, Rootly automatically resolves the corresponding alert.

### Notification Targets

In addition to default routing rules, CloudWatch alarms can be sent directly to specific notification targets using a specialized webhook endpoint.

```txt theme={null}
https://webhooks.rootly.com/webhooks/incoming/cloud_watch_webhooks/notify/{notification_target_type}/{notification_target_id}?secret=YOUR_SECRET_KEY
```

The notification target type must be one of `Service`, `EscalationPolicy`, or `Group`. The notification target ID must be replaced with the UUID of the corresponding resource.

### Webhook Payload Structure

CloudWatch delivers alarm notifications to Amazon SNS, which then forwards them to Rootly. The SNS payload includes metadata about the message and a `Message` field containing a JSON-encoded representation of the CloudWatch alarm state change. Rootly automatically parses this message and extracts the relevant alarm data for alert creation and resolution.

### Security Considerations

Rootly webhook endpoints require HTTPS and use a secret key to authenticate incoming requests. SNS message signatures are verified to ensure authenticity. If IP allowlisting is enabled for your Rootly instance, ensure that AWS SNS IP ranges are permitted.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why are CloudWatch alerts not being created in Rootly?" icon="circle-exclamation">
    Verify that the SNS subscription is confirmed and that the webhook URL configured in SNS exactly matches the one provided by Rootly. Ensure that the CloudWatch alarm is actively entering the `ALARM` state and review the alert source status in Rootly to confirm whether recent events have been received.
  </Accordion>

  <Accordion title="Why are CloudWatch alerts not being resolved automatically?" icon="rotate">
    Ensure that the CloudWatch alarm is configured to send `OK` notifications to the same SNS topic used for alarm notifications. Rootly relies on the alarm ARN to match resolve events, so confirm that the alarm ARN has not changed since the alert was created.
  </Accordion>

  <Accordion title="Why is the SNS subscription stuck in Pending confirmation?" icon="signal">
    Confirm that the webhook endpoint is reachable over HTTPS and that no firewall rules or IP allowlisting restrictions are blocking AWS SNS traffic. Also verify that the webhook URL is correctly formatted and includes the required secret parameter.
  </Accordion>
</AccordionGroup>

## Best Practices

* Use clear and descriptive alarm names to make alerts easier to interpret.
* Apply CloudWatch tags consistently, as these tags are converted into alert labels and can be used for routing and filtering.
* Configure alert routing rules to ensure alerts reach the appropriate teams.
* Periodically test alarms to validate that the integration continues to function as expected.

For additional assistance, consult the Rootly documentation or contact Rootly Support. You may also refer to AWS CloudWatch and Amazon SNS documentation for more information about alarm and notification configuration.


# AWS Elastic Beanstalk
Source: https://docs.rootly.com/integrations/aws-elastic-beanstalk

Connect AWS Elastic Beanstalk to Rootly to log deployment pulses automatically during every application deploy using the Rootly CLI and .ebextensions hooks.

## Introduction

The AWS Elastic Beanstalk integration lets you record deployment activity as Rootly pulses every time your Elastic Beanstalk application deploys. It works by embedding the Rootly CLI into your `.ebextensions` deploy hooks — no separate service or OAuth connection required.

With this integration, you can:

* Automatically log a deployment pulse to Rootly every time a new version is deployed to an Elastic Beanstalk environment
* Tag pulses with the environment, service, and custom labels that matter to your team
* Surface deployment context on the incident timeline when an outage coincides with a recent deploy
* Use Rootly's API key and the CLI to fit naturally into your existing `.ebextensions` configuration

<Callout icon="info">
  This integration is **CLI-based** and does not require an OAuth connection in Rootly. You configure it entirely through your application's `.ebextensions` directory, using your Rootly API key to authenticate the CLI.
</Callout>

## Before You Begin

Before setting up the Elastic Beanstalk integration, make sure you have:

* A Rootly account and a **Rootly API key** (found under your account settings)
* An AWS Elastic Beanstalk application with access to modify `.ebextensions` configuration files
* The ability to set **environment configuration variables** in Elastic Beanstalk for your API key and environment name

<Callout icon="triangle-exclamation">
  Store your **Rootly API key** as an Elastic Beanstalk environment variable rather than hardcoding it in your `.ebextensions` config file. This keeps secrets out of your repository.
</Callout>

## Installation

<Steps>
  <Step title="Add environment variables to your Elastic Beanstalk environment" icon="key">
    In the AWS Console (or via the EB CLI), add the following environment configuration variables to your Elastic Beanstalk environment:

    | Variable         | Value                                               |
    | ---------------- | --------------------------------------------------- |
    | `rootly_api_key` | Your Rootly API key                                 |
    | `environment`    | The environment name (e.g. `production`, `staging`) |
    | `service`        | The service name as it appears in Rootly            |

    These values will be read by the deploy hook script at runtime using `get-config container`.
  </Step>

  <Step title="Create the .ebextensions config file" icon="file-code">
    In your application repository, create a file at `.ebextensions/rootly.config` (the filename does not have to be `rootly`).

    Add the following content to the file, adapting the `labels` value for your use case:

    ```shell theme={null}
    files:
      "/opt/elasticbeanstalk/hooks/appdeploy/pre/01rootly.sh":
        mode: "000775"
        owner: root
        group: users
        content: |
          #!/bin/bash

          rootly_api_key="$(/opt/elasticbeanstalk/bin/get-config container -k rootly_api_key)";
          environment="$(/opt/elasticbeanstalk/bin/get-config container -k environment)";
          service="$(/opt/elasticbeanstalk/bin/get-config container -k service)";
          labels="key=value,key2=value2"

          # install rootly cli
          curl -fsSL https://raw.githubusercontent.com/rootly-io/cli/main/install.sh | sh

          # log a pulse
          rootly pulse --api-key "${rootly_api_key}" --quiet --environments "${environment}" --services "${service}" --labels "${labels}" Deploy in progress...
    ```

    <Callout icon="lightbulb">
      The script is placed in `appdeploy/pre/` so it runs **before** the new application version is deployed. This means the pulse fires at the start of each deployment. You can duplicate the hook into `appdeploy/post/` to also log a pulse when the deployment completes.
    </Callout>
  </Step>

  <Step title="Customize labels for your team" icon="tag">
    Update the `labels` variable in the script to include any metadata your team finds useful. Labels are comma-separated key-value pairs:

    ```bash theme={null}
    labels="team=platform,region=us-east-1,app=api"
    ```

    Labels appear on the pulse in Rootly and make it easier to filter deployment activity across services and environments.
  </Step>

  <Step title="Deploy your application" icon="rocket">
    Commit the `.ebextensions/rootly.config` file and deploy your application. On the next deployment, the hook script will run, install the Rootly CLI, and log a pulse to your Rootly workspace.

    <Callout icon="circle-check">
      Verify the integration is working by navigating to **Pulses** in Rootly after your next deployment. You should see a pulse with the summary "Deploy in progress..." tagged with the environment and service you configured.
    </Callout>
  </Step>
</Steps>

## How Pulses Work

Each time the deploy hook runs, the Rootly CLI sends a pulse to your workspace with:

* **Summary:** The message passed to the `rootly pulse` command (e.g. "Deploy in progress...")
* **Environment:** The environment name from the `environment` variable
* **Service:** The service name from the `service` variable
* **Labels:** Any key-value labels you configured

Pulses are visible on the Rootly pulse feed and will appear on the timeline of any incident linked to the affected service or environment during the deployment window.

<Callout icon="link">
  If an incident is declared around the same time as a deployment, the deployment pulse will surface automatically on the incident timeline — giving responders immediate context about whether a recent deploy may have contributed to the issue.
</Callout>

## Customizing the Hook

### Log a pulse on deployment completion

To also record when a deployment finishes, create a second hook file at `appdeploy/post/`:

```shell theme={null}
files:
  "/opt/elasticbeanstalk/hooks/appdeploy/post/01rootly.sh":
    mode: "000775"
    owner: root
    group: users
    content: |
      #!/bin/bash

      rootly_api_key="$(/opt/elasticbeanstalk/bin/get-config container -k rootly_api_key)";
      environment="$(/opt/elasticbeanstalk/bin/get-config container -k environment)";
      service="$(/opt/elasticbeanstalk/bin/get-config container -k service)";

      curl -fsSL https://raw.githubusercontent.com/rootly-io/cli/main/install.sh | sh

      rootly pulse --api-key "${rootly_api_key}" --quiet --environments "${environment}" --services "${service}" Deploy complete
```

### Use the Rootly CLI for more than pulses

The Rootly CLI supports additional commands beyond `pulse`. You can also use it to declare incidents, update incident status, or trigger workflows from your deploy hooks. See the [Rootly CLI documentation](/integrations/cli) for the full command reference.

## Troubleshooting

<AccordionGroup>
  <Accordion title="No pulse appears in Rootly after a deployment" icon="eye-slash">
    Check the Elastic Beanstalk environment logs for the deploy hook output. Look for errors from the `curl` install command or the `rootly pulse` command. Common causes include network access restrictions that prevent the EC2 instance from reaching `raw.githubusercontent.com` or the Rootly API endpoint.
  </Accordion>

  <Accordion title="The API key variable is empty at runtime" icon="key">
    Confirm that the environment configuration variable `rootly_api_key` is set in your Elastic Beanstalk environment settings. Variables must be set in the environment itself (not just in the `.ebextensions` config) to be accessible via `get-config container`. Redeploy after adding variables.
  </Accordion>

  <Accordion title="The hook script runs but the CLI fails to install" icon="download">
    The install script requires `curl` and internet access from the EC2 instance. If your Elastic Beanstalk environment runs in a private subnet without internet access, the CLI install will fail. In this case, pre-install the Rootly CLI in a custom AMI or bundle it directly in your application artifact rather than downloading it at deploy time.
  </Accordion>

  <Accordion title="Pulses are not linked to the correct service or environment" icon="link-slash">
    The `--services` and `--environments` flags in the CLI command must match the exact names of the service and environment as they appear in Rootly. Names are case-sensitive. Check your Rootly services and environments configuration and update the `service` and `environment` variables in your Elastic Beanstalk environment settings accordingly.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Rootly CLI" icon="terminal" href="/integrations/cli">
    Full reference for the Rootly CLI, including all available commands and flags.
  </Card>

  <Card title="Pulses" icon="signal" href="/configuration/pulses">
    Learn how deployment pulses appear in Rootly and how they surface during incidents.
  </Card>

  <Card title="Services" icon="server" href="/configuration/services">
    Configure services in Rootly to link deployment pulses to the right team and context.
  </Card>
</CardGroup>


# AWS EventBridge
Source: https://docs.rootly.com/integrations/aws-eventbridge

Stream incident and alert lifecycle events from Rootly to AWS EventBridge for real-time event-driven integrations with Lambda and Step Functions.

## Overview

The AWS EventBridge integration allows Rootly to publish incident and alert lifecycle events directly to your AWS account through the [EventBridge partner event source](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-saas.html) model. Events are delivered in near real-time as incidents and alerts progress through their lifecycle, enabling you to build event-driven automations entirely within AWS.

Once configured, Rootly creates a partner event source in your AWS account. You associate this event source with an event bus in the EventBridge console, then create rules to route events to any EventBridge target — Lambda functions, Step Functions, SQS queues, SNS topics, API Gateway endpoints, and more.

<Info>
  This integration uses the AWS EventBridge partner event source model. Rootly pushes events to your account — no polling or webhook configuration is required on your side.
</Info>

<Info>
  Looking to send AWS events **into** Rootly to trigger alerts? Route EventBridge events to an SNS topic subscribed to Rootly's [AWS SNS](/integrations/aws-sns) alert source. Use an EventBridge [input transformer](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-transform-target-input.html) to format events into the [required payload schema](/integrations/aws-sns#supported-payload-schema). For CloudWatch alarms specifically, use the dedicated [AWS CloudWatch](/integrations/aws-cloudwatch) alert source instead.
</Info>

## Supported Event Types

You can subscribe to any combination of the following event types per integration:

**Alert Events:**

| Event Type           | Description                              |
| -------------------- | ---------------------------------------- |
| `alert.created`      | A new alert was created                  |
| `alert.updated`      | Alert properties were changed            |
| `alert.acknowledged` | An alert was acknowledged by a responder |
| `alert.resolved`     | An alert was resolved                    |

**Incident Events:**

| Event Type           | Description                      |
| -------------------- | -------------------------------- |
| `incident.created`   | A new incident was started       |
| `incident.updated`   | Incident properties were changed |
| `incident.mitigated` | An incident was mitigated        |
| `incident.resolved`  | An incident was resolved         |

<Tip>
  If no event subscriptions are selected, all event types are published. This is useful when you want to receive everything and filter using EventBridge rules instead.
</Tip>

## Prerequisites

Before configuring the integration, ensure that you have:

* A Rootly account with admin or owner permissions
* An AWS account ID (12-digit number)
* Access to the AWS EventBridge console in your target region

## Setup Instructions

<Steps>
  <Step title="Create the integration in Rootly">
    Navigate to **Settings** → **Integrations** → **AWS EventBridge** and click **Add Integration**.

    Fill in the following fields:

    * **Integration Name**: A friendly name (e.g., "Production Events")
    * **AWS Account ID**: Your 12-digit AWS account ID
    * **AWS Region**: The region where your event bus will be created
    * **Event Source Name**: A unique identifier (e.g., "production", "staging")
    * **Event Subscriptions**: Select which event types to stream (leave empty for all)

    Click **Create Integration**. Rootly creates a partner event source in your AWS account.

    Your new integration will appear on the index page with a **Pending** status until you complete the AWS setup.

    <Frame>
      <img alt="EventBridge integrations index" />
    </Frame>

    <Warning>
      The AWS Account ID, Region, and Event Source Name cannot be changed after creation. A new integration must be created if these values need to change.
    </Warning>
  </Step>

  <Step title="Associate the event source in AWS">
    Open the [AWS EventBridge console](https://console.aws.amazon.com/events/) in the region you selected.

    1. Go to **Partner event sources** in the left navigation
    2. Find your event source — it will be named `aws.partner/rootly.com/<your-team-slug>/<event-source-name>`
    3. Select the event source and click **Associate with event bus**
    4. Confirm the association

    <Frame>
      <img alt="AWS EventBridge partner event sources console" />
    </Frame>

    This creates a partner event bus in your account that receives events from Rootly.
  </Step>

  <Step title="Activate the integration in Rootly">
    Return to Rootly and edit your EventBridge integration. Check **Mark as Active** and save.

    You can also configure **Event Subscriptions** to select which event types to stream.

    <Frame>
      <img alt="Edit AWS EventBridge integration form" />
    </Frame>

    <Info>
      The integration must be activated after associating the event source in AWS. Events are only published to active integrations.
    </Info>
  </Step>

  <Step title="Create EventBridge rules">
    In the AWS EventBridge console, navigate to **Rules** and select your partner event bus.

    Create rules to route events to your targets. Use event patterns to filter by event type:

    ```json theme={null}
    {
      "detail-type": ["incident.created", "incident.resolved"]
    }
    ```

    Or match all Rootly events:

    ```json theme={null}
    {
      "source": [{
        "prefix": "aws.partner/rootly.com"
      }]
    }
    ```
  </Step>

  <Step title="Test the integration">
    Create a test incident in Rootly and verify that events appear in your EventBridge targets. Check the EventBridge monitoring tab for delivery metrics.
  </Step>
</Steps>

## Event Payload Structure

Events are published using the [EventBridge event format](https://docs.aws.amazon.com/eventbridge/latest/userguide/aws-events.html). Each event contains:

| Field         | Description                                        |
| ------------- | -------------------------------------------------- |
| `source`      | The full partner event source name                 |
| `detail-type` | The event type (e.g., `incident.created`)          |
| `detail`      | JSON object containing the entity data             |
| `time`        | ISO 8601 timestamp of when the event was published |
| `resources`   | Array containing the resource ARN                  |

### Incident Event Detail

```json theme={null}
{
  "id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
  "sequential_id": 42,
  "title": "Database outage in us-east-1",
  "slug": "database-outage-in-us-east-1",
  "summary": "Production database is experiencing connection timeouts",
  "status": "started",
  "kind": "normal",
  "private": false,
  "detected_at": "2026-01-15T10:30:00Z",
  "acknowledged_at": null,
  "started_at": "2026-01-15T10:30:00Z",
  "mitigated_at": null,
  "resolved_at": null,
  "cancelled_at": null,
  "created_at": "2026-01-15T10:30:00Z",
  "updated_at": "2026-01-15T10:30:00Z",
  "services": [
    { "id": "abc-123", "name": "API Service", "slug": "api-service" }
  ],
  "environments": [
    { "id": "def-456", "name": "Production", "slug": "production" }
  ],
  "functionalities": [
    { "id": "ghi-789", "name": "Authentication", "slug": "authentication" }
  ],
  "severity": {
    "id": "jkl-012", "name": "Critical", "slug": "critical", "color": "#FF0000"
  }
}
```

### Alert Event Detail

```json theme={null}
{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "source": "pagerduty",
  "summary": "High CPU usage on web-server-01",
  "status": "triggered",
  "labels": { "env": "production", "service": "web" },
  "started_at": "2026-01-15T10:30:00Z",
  "ended_at": null,
  "created_at": "2026-01-15T10:30:00Z",
  "updated_at": "2026-01-15T10:30:00Z",
  "services": [
    { "id": "abc-123", "name": "Web Service", "slug": "web-service" }
  ],
  "environments": [
    { "id": "def-456", "name": "Production", "slug": "production" }
  ]
}
```

## Multiple Integrations

You can create multiple EventBridge integrations for the same team. This is useful for:

* **Multi-region delivery**: Stream events to different AWS regions
* **Multi-account delivery**: Send events to separate AWS accounts (e.g., production vs. staging)
* **Selective subscriptions**: Send only alert events to one bus and only incident events to another

Each integration operates independently with its own event source, subscriptions, and active status.

## Managing Integrations

### Editing

You can update the integration name, event subscriptions, and active status at any time. AWS Account ID, Region, and Event Source Name are locked after creation.

### Deleting

Deleting an integration in Rootly stops event delivery. The partner event source remains in your AWS account and can be cleaned up from the EventBridge console.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Events are not appearing in EventBridge" icon="circle-exclamation">
    1. Verify the integration is marked as **Active** in Rootly
    2. Confirm the partner event source is **Associated** in the AWS EventBridge console
    3. Check that the event type is included in the integration's subscriptions (or that subscriptions are empty for all events)
    4. Verify your EventBridge rules are targeting the correct partner event bus
  </Accordion>

  <Accordion title="Partner event source not found in AWS" icon="magnifying-glass">
    Ensure you are looking in the correct AWS region. The event source is created in the region selected when configuring the integration. Also verify the AWS Account ID is correct.
  </Accordion>

  <Accordion title="Some event types are missing" icon="filter">
    Check the **Event Subscriptions** setting on your integration. If specific events are selected, only those events will be published. Clear all subscriptions to receive all event types.
  </Accordion>

  <Accordion title="Events are delayed" icon="clock">
    Events are published asynchronously via background jobs. Under normal conditions, events are delivered within a few seconds. If you observe persistent delays, contact Rootly Support.
  </Accordion>
</AccordionGroup>

## Best Practices

* **Use event subscriptions** to limit events to only what you need, reducing noise and cost
* **Create separate integrations** for different environments or AWS accounts
* **Use EventBridge rules** for fine-grained filtering beyond what subscriptions provide
* **Monitor delivery** using EventBridge metrics in CloudWatch
* **Test in staging first** by creating a separate integration pointed at a non-production AWS account


# AWS SNS
Source: https://docs.rootly.com/integrations/aws-sns

Receive alerts from Amazon SNS topics in Rootly using a versioned payload schema to create, route, deduplicate, and automatically resolve alerts.

## Overview

The AWS SNS integration allows Rootly to treat Amazon Simple Notification Service (SNS) messages as a native alert source. Rootly subscribes to an SNS topic using an HTTPS webhook endpoint and processes SNS `Notification` messages that contain a supported Rootly alert payload.

Unlike AWS CloudWatch, Amazon SNS is a transport layer rather than a fixed alert producer. To keep alert creation and resolution predictable, Rootly expects a versioned JSON schema inside the SNS `Message` field. This schema defines the alert status, summary, external identifier, and any optional metadata used for routing, urgency, labels, and enrichment.

When Rootly receives an SNS payload with `status: "triggered"`, it creates a new alert. When Rootly receives a payload with `status: "resolved"` and the same `external_id`, it resolves the corresponding alert.

Alerts created from SNS can be routed to services, escalation policies, or teams, enriched with labels and metadata, customized with alert fields, and sent directly to specific notification targets using Rootly's specialized webhook endpoint format.

<Callout icon="code">
  AWS SNS does not define a native alert schema. Rootly requires a versioned payload contract inside the SNS <code>Message</code> body so alerts can be created and resolved consistently.
</Callout>

<Callout icon="flask">
  AWS SNS alert-source support is currently in beta. We recommend validating your payloads, routing rules, urgency configuration, and resolve behavior in a non-production environment before rolling the integration out broadly.
</Callout>

## How the Integration Works

Amazon SNS publishes messages to a Rootly-managed HTTPS webhook endpoint generated when you create an AWS SNS alert source in Rootly.

When Amazon SNS sends a `SubscriptionConfirmation` request, Rootly automatically attempts to confirm the subscription. After the subscription is confirmed, SNS delivers `Notification` messages to the Rootly webhook endpoint.

For each incoming notification, Rootly reads the SNS envelope and parses the JSON content stored in the `Message` field. Rootly validates that message against the supported versioned schema and then uses the following fields to determine behavior:

* `version` identifies which Rootly payload contract is being used.
* `status` determines whether the alert should be triggered or resolved.
* `summary` becomes the alert title unless overridden by alert fields.
* `external_id` is used to match trigger and resolve events for the same alert.

## Prerequisites

Before configuring the integration, ensure that you have access to an AWS account with permissions to manage SNS topics and subscriptions. You must also have a Rootly account with access to Alert Sources.

## Setup Instructions

<Steps>
  <Step title="Create an Alert Source in Rootly">
    Begin by creating an AWS SNS alert source in Rootly. Navigate to **Settings** → **Alert Sources** and click **Add Alert Source**. Select **AWS SNS** and provide a descriptive name, such as “Production SNS Alerts.”

    You may optionally configure default alert urgency, owner groups, alert fields, or deduplication settings. Once the alert source is saved, copy the webhook URL provided by Rootly.

    ```txt theme={null}
    https://webhooks.rootly.com/webhooks/incoming/aws_sns_webhooks?secret=YOUR_SECRET_KEY
    ```

    <Callout icon="key">
      The webhook secret authenticates incoming requests from Amazon SNS. Treat this value as sensitive and rotate it if it is exposed.
    </Callout>
  </Step>

  <Step title="Create an SNS Topic">
    In the AWS SNS Console, create a new topic using the **Standard** topic type and give it a clear, descriptive name such as `rootly-aws-sns-alerts`.

    This SNS topic acts as the delivery mechanism between your alert publisher and Rootly.
  </Step>

  <Step title="Subscribe Rootly to the SNS Topic">
    Open the SNS topic and navigate to the **Subscriptions** tab. Create a new subscription using the **HTTPS** protocol and paste the Rootly webhook URL into the endpoint field.

    AWS sends a subscription confirmation request to the webhook endpoint. Rootly automatically attempts to confirm this request, and the subscription typically transitions to **Confirmed** within a few seconds.

    <Info>
      If the subscription remains in a pending state, verify that the webhook endpoint is reachable and that no network restrictions are blocking AWS SNS traffic.
    </Info>
  </Step>

  <Step title="Publish a Test Message">
    In the AWS SNS Console, open the topic and click **Publish message**. Paste a valid Rootly SNS schema payload into the message body.

    For a minimal trigger test, publish the following JSON as the SNS message body:

    ```json theme={null}
    {
      "version": 1,
      "status": "triggered",
      "summary": "SNS staging validation trigger",
      "description": "trigger test",
      "external_id": "sns-staging-validation-1"
    }
    ```

    Rootly receives this JSON inside the SNS `Message` field and validates it before creating the alert.
  </Step>

  <Step title="Test Resolution">
    To resolve the alert, publish another SNS message with the same `external_id` and `status: "resolved"`.

    ```json theme={null}
    {
      "version": 1,
      "status": "resolved",
      "summary": "SNS staging validation trigger",
      "description": "resolve test",
      "external_id": "sns-staging-validation-1"
    }
    ```

    After the message is received, Rootly resolves the matching unresolved alert.
  </Step>
</Steps>

## Supported Payload Schema

Rootly currently supports **version 1** of the AWS SNS alert payload schema.

<Callout icon="triangle-exclamation">
  If an SNS notification does not follow the supported schema, Rootly responds with an HTTP <code>200</code> status and ignores the payload. This prevents Amazon SNS from repeatedly retrying malformed messages under a retry policy. Rootly still records a validation error for debugging, so you can correct the payload and republish it.
</Callout>

### Required Fields

* `version`
* `status`
* `summary`
* `external_id`

### Supported Status Values

* `triggered`
* `resolved`

### Optional Fields

* `noise`
* `description`
* `service_ids`
* `group_ids`
* `environment_ids`
* `external_url`
* `alert_urgency_id`
* `labels`
* `data`
* `started_at`
* `ended_at`

### Version 1 Example

```json theme={null}
{
  "version": 1,
  "noise": null,
  "status": "triggered",
  "summary": "High CPU usage on web-server-01",
  "description": "CPU usage exceeded 95% for 5 minutes",
  "service_ids": ["550e8400-..."],
  "group_ids": ["660e8400-..."],
  "environment_ids": [],
  "external_id": "alert-12345",
  "external_url": "https://acme.com/alerts/1",
  "alert_urgency_id": "880e8400-...",
  "labels": [
    { "key": "region", "value": "us-east-1" }
  ],
  "data": { "metric": "cpu.usage" },
  "started_at": "2026-03-11T10:00:00Z",
  "ended_at": null
}
```

<Callout icon="repeat">
  Use the same <code>external\_id</code> for the triggered and resolved messages that represent the same alert. Rootly uses this value to match resolve events to the correct alert.
</Callout>

## Alert Mapping and Behavior

Rootly maps SNS schema fields to alert attributes as follows:

* `summary` becomes the alert title.
* `description` becomes the alert description.
* `external_id` is used to correlate trigger and resolve events.
* `external_url` becomes the source link.
* `labels` are attached to the alert as Rootly labels.
* `data` is stored as alert payload metadata and can be used in alert fields, urgency rules, and routing conditions.
* `service_ids`, `group_ids`, and `environment_ids` can associate the alert with existing Rootly resources.

If you configure alert fields for the source, those fields can override the title, description, and source link shown in Rootly.

## Advanced Configuration

### Alert Fields

Alert fields allow you to transform the incoming SNS payload into alert fields using Liquid templates. These fields can be used to customize the alert title, description, and source link, as well as create additional custom fields for routing, urgency, filtering, and reporting.

Because SNS messages are stored as alert payload data in Rootly, you can inspect a sample alert from the source and use the alert payload viewer to copy Liquid variables and JSONPath selectors for field configuration.

### Alert Urgency

AWS SNS alerts can be assigned urgency dynamically using Rootly alert urgency rules. Rules may be based on raw payload JSONPath values or on alert field values generated from the SNS message.

If no rule matches, Rootly applies the source's fallback alert urgency.

### Deduplication and Resolution

Rootly uses `external_id` to match trigger and resolve events for the same SNS alert. If you want to suppress repeated notifications that represent the same incoming event, you can also configure a unique identifier in the **Events** tab and enable duplicate alert suppression.

This deduplication setting is separate from the required `external_id` field:

* `external_id` matches triggered and resolved events for the same alert.
* the **Events** tab unique identifier can suppress repeated create events before additional alerts are created.

### Notification Targets

In addition to default routing rules, SNS alerts can be sent directly to specific notification targets using a specialized webhook endpoint.

```txt theme={null}
https://webhooks.rootly.com/webhooks/incoming/aws_sns_webhooks/notify/{notification_target_type}/{notification_target_id}?secret=YOUR_SECRET_KEY
```

The notification target type must be one of `Service`, `EscalationPolicy`, or `Group`. The notification target ID must be replaced with the UUID of the corresponding resource.

### Webhook Payload Structure

Amazon SNS delivers a standard SNS envelope to Rootly. The Rootly alert payload is expected inside the `Message` field as JSON.

At delivery time, the full payload sent by SNS resembles the following structure:

```json theme={null}
{
  "Type": "Notification",
  "MessageId": "11111111-1111-1111-1111-111111111111",
  "Message": "{\"version\":1,\"status\":\"triggered\",\"summary\":\"SNS staging validation trigger\",\"description\":\"trigger test\",\"external_id\":\"sns-staging-validation-1\"}"
}
```

When publishing from the SNS Console, you normally provide only the inner JSON object. Amazon SNS wraps it in the outer envelope automatically.

### Security Considerations

Rootly webhook endpoints require HTTPS and use a secret key to authenticate incoming requests. SNS subscription confirmation requests are automatically handled by Rootly. If IP allowlisting is enabled for your Rootly instance, ensure that AWS SNS traffic is permitted.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why are AWS SNS alerts not being created in Rootly?" icon="circle-exclamation">
    Verify that the SNS subscription is confirmed and that the webhook URL configured in SNS exactly matches the one provided by Rootly. Confirm that the published SNS message contains valid JSON in the <code>Message</code> field and includes the required Rootly schema fields: <code>version</code>, <code>status</code>, <code>summary</code>, and <code>external\_id</code>.
  </Accordion>

  <Accordion title="Why are AWS SNS alerts not being resolved automatically?" icon="rotate">
    Ensure that the resolved SNS message uses <code>status: "resolved"</code> and the same <code>external\_id</code> used when the alert was first triggered. If the <code>external\_id</code> differs, Rootly will treat the resolution as unrelated to the original alert.
  </Accordion>

  <Accordion title="Why is the SNS subscription stuck in Pending confirmation?" icon="signal">
    Confirm that the webhook endpoint is reachable over HTTPS and that no firewall rules or IP allowlisting restrictions are blocking AWS SNS traffic. Also verify that the webhook URL is correctly formatted and includes the required secret parameter.
  </Accordion>

  <Accordion title="Why is Rootly ignoring my SNS message?" icon="circle-exclamation">
    Rootly validates SNS messages against the supported versioned payload schema. Messages that do not conform to the schema are ignored to prevent repeated SNS retries. Start with the minimal valid payload and then add optional fields incrementally.
  </Accordion>
</AccordionGroup>

## Best Practices

* Start with the minimal required schema and add optional fields gradually as you validate your integration.
* Use a stable and descriptive `external_id` for every alert lifecycle so Rootly can reliably match trigger and resolve events.
* Store additional contextual metadata under `data` so it can be reused in alert fields, urgency rules, and routing conditions.
* Use alert fields and the payload viewer in Rootly to validate Liquid variables and JSONPath selectors before depending on them for routing or urgency.
* Periodically publish a trigger and resolve test pair to validate that the integration continues to function as expected.

For additional assistance, consult the Rootly documentation or contact Rootly Support. You may also refer to AWS SNS documentation for more information about topic, subscription, and delivery behavior.


# Azure OpenAI
Source: https://docs.rootly.com/integrations/azure-openai

Connect Rootly to Azure-hosted OpenAI deployments for AI-assisted incident workflows under your own compliance and data residency rules.

## Introduction

The Azure OpenAI integration lets you connect Rootly to AI models running inside your organization's Azure subscription. Rather than using Rootly's default OpenAI account, requests are routed through your own Azure OpenAI resource — giving you control over data residency, compliance posture, content filtering policies, and the specific model deployment your team has provisioned.

With the Azure OpenAI integration, you can:

* Generate AI-powered summaries, analyses, and responses within incident workflows
* Send custom prompts to your Azure-deployed GPT models with full Liquid template support
* Use a system prompt to define the model's role, tone, or output constraints
* Satisfy data residency and enterprise compliance requirements by keeping requests within Azure infrastructure

## Before You Begin

Before setting up the Azure OpenAI integration, make sure you have:

* A Rootly account with permission to manage integrations
* An active [Azure OpenAI resource](https://portal.azure.com) with at least one model deployed
* Your Azure OpenAI **API key**, **resource name**, and **deployment name** (details below)

<Callout icon="triangle-exclamation">
  Azure OpenAI resources are not automatically created with your Azure subscription. You must request access and deploy a model in the Azure Portal before connecting to Rootly.
</Callout>

### Finding Your Credentials

**API Key**

1. Go to the [Azure Portal](https://portal.azure.com) and open your Azure OpenAI resource.
2. Select **Keys and Endpoint** from the left menu.
3. Copy either **KEY 1** or **KEY 2**.

**Resource Name**

Your resource name is the subdomain portion of your Azure OpenAI endpoint URL. For example, if your endpoint is:

```
https://my-company-openai.openai.azure.com/
```

Your resource name is `my-company-openai`.

**Deployment Name**

1. In the Azure Portal, open your Azure OpenAI resource.
2. Select **Model deployments** or **Deployments** from the left menu.
3. Copy the name of the deployment you want Rootly to use (for example, `gpt-4o` or `gpt-35-turbo`).

## Installation

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **Azure OpenAI**.
  </Step>

  <Step title="Enter your credentials" icon="key">
    Enter your **API Key**, **Resource Name**, and **Deployment Name** into the respective fields. Rootly constructs your Azure OpenAI endpoint as:

    ```
    https://{resource_name}.openai.azure.com/openai/deployments/{deployment_name}
    ```

    Your API key is encrypted at rest in Rootly.
  </Step>

  <Step title="Save and connect" icon="circle-check">
    <Callout icon="circle-check">
      Your Azure OpenAI integration is active. The **Create OpenAI Chat Completion** workflow action is now available in your incident and action item workflows, routing requests through your Azure deployment.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Create OpenAI Chat Completion

Sends a prompt to your Azure-deployed model and captures the response as a workflow output. This is the same action used by the standard OpenAI integration — when Azure OpenAI is connected, Rootly routes requests through your Azure resource automatically.

| Field         | Description                                                                | Required |
| ------------- | -------------------------------------------------------------------------- | -------- |
| Model         | Your configured Azure deployment — set by the deployment name you provided | Yes      |
| Prompt        | The user message — supports Liquid templating                              | Yes      |
| System Prompt | Instructions for the model's role or behavior — supports Liquid templating | No       |
| Temperature   | Sampling temperature between `0.0` and `2.0` — controls randomness         | No       |
| Max Tokens    | Maximum number of tokens in the response                                   | No       |
| Top P         | Nucleus sampling probability between `0.0` and `1.0`                       | No       |

<Callout icon="code">
  Use Liquid variables in your prompts to include live incident context — for example `{{ incident.title }}`, `{{ incident.severity }}`, and `{{ incident.description }}`. See the [Liquid variables reference](/liquid/incident-variables) for all available fields.
</Callout>

The **System Prompt** field sets the model's persona or output format — for example: *"You are an incident response assistant. Respond in bullet points. Be concise."*

## Troubleshooting

<AccordionGroup>
  <Accordion title="The API key is rejected on save" icon="key">
    Confirm that the API key is active and has not been revoked. In the Azure Portal, go to **Keys and Endpoint** and verify the key is still valid. Also confirm that the resource name matches the Azure OpenAI resource the key belongs to — using a key from a different resource will cause authentication to fail.
  </Accordion>

  <Accordion title="The workflow action fails with an authentication error" icon="lock">
    If the integration was working and then stopped, the API key may have been rotated in Azure. Update the key in the integration settings. Also check that the deployment name has not been renamed or deleted in the Azure Portal.
  </Accordion>

  <Accordion title="The workflow action fails with a rate limit error" icon="gauge-high">
    Azure OpenAI enforces rate limits based on your provisioned capacity (tokens per minute and requests per minute). Running many concurrent Rootly workflows may exceed these limits. Consider staggering workflows, reducing token usage with more focused prompts, or increasing your Azure OpenAI quota in the Azure Portal.
  </Accordion>

  <Accordion title="The model is not responding as expected" icon="robot">
    The model behavior is determined by the deployment you configured — Rootly uses your deployment name directly and does not select a model. If you need a different model, create a new deployment in the Azure Portal and update the deployment name in Rootly.
  </Accordion>

  <Accordion title="Liquid variables are not rendering correctly in the prompt" icon="code">
    Check your Liquid syntax — unclosed tags or undefined variables can cause rendering failures. Use the [Liquid variables reference](/liquid/incident-variables) to confirm variable names and test your template in a low-stakes workflow first.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="OpenAI" icon="robot" href="/integrations/openai">
    Use Rootly's standard OpenAI integration if you don't need Azure-specific data residency or compliance controls.
  </Card>

  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Build workflows that use Azure OpenAI models to analyze, summarize, or respond to incidents.
  </Card>

  <Card title="Liquid Variables" icon="code" href="/liquid/incident-variables">
    Reference for all incident variables available in Liquid-templated prompts.
  </Card>
</CardGroup>


# Backstage
Source: https://docs.rootly.com/integrations/backstage/installation

Integrate Rootly with Spotify's Backstage developer portal to enhance service catalog management, ownership tracking, and incident response visibility.

<Frame>
  <iframe />
</Frame>

## Rootly plugin for Backstage

Cf. [https://github.com/rootlyhq/backstage-plugin](https://github.com/rootlyhq/backstage-plugin "https://github.com/rootlyhq/backstage-plugin")


# BambooHR
Source: https://docs.rootly.com/integrations/bamboohr

Connect BambooHR to Rootly via iCal to overlay employee time off and company holidays on on-call schedules, surfacing coverage gaps early.

## Overview

BambooHR exposes your team's time-off and holiday calendar as an iCal feed. Point Rootly at that feed and vacations, PTO, and company holidays appear directly on top of your on-call schedule timeline. Shifts that overlap with someone's leave are highlighted, making it easy to create an override before the next page fires.

This is a read-only overlay. BambooHR stays the source of truth for time off; Rootly polls the feed in the background and keeps the schedule view current.

***

## Exporting the Calendar Feed from BambooHR

BambooHR maintains its own walkthrough for generating a time-off calendar URL, including which permissions are required and where the feed link is surfaced in the UI.

Follow [BambooHR's help article](https://help.bamboohr.com/s/article/587318) to copy the iCal URL for your time-off calendar, then bring it back to Rootly for the next step.

***

## Adding the Feed to Rootly

Once you have the BambooHR iCal URL, the rest of the setup happens inside Rootly's schedules view.

<Steps>
  <Step title="Open The Holiday Calendars Menu">
    In the Rootly dashboard, go to **On-Call → Schedules**. In the calendar preview area, open the **Holiday calendars** dropdown.
  </Step>

  <Step title="Add A Holiday Calendar">
    Select **Add your team's holiday calendar**, then choose **Add a holiday calendar**.
  </Step>

  <Step title="Paste The BambooHR Feed URL">
    Paste the iCal URL you copied from BambooHR into the URL field.
  </Step>

  <Step title="Name The Calendar And Pick A Timezone">
    Give the calendar a descriptive name (for example, `BambooHR — Engineering PTO`) so teammates know what it represents. Select the appropriate timezone, or leave it blank to let Rootly infer it from the feed.
  </Step>

  <Step title="Save And Toggle On">
    Click **Add**. Rootly fetches the calendar and begins syncing automatically. Back in the schedule view, select the new feed from the **Holiday calendars** dropdown to overlay BambooHR time off on the on-call timeline.
  </Step>
</Steps>

<Tip>
  For the full behavior of holiday calendars in Rootly — conflict highlighting, recurring events, multi-region setups — see [Adding a Holiday Calendar](/on-call/holiday-calendar).
</Tip>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="BambooHR time off isn't appearing in the schedule view" icon="eye-slash">
    The feed has to be toggled on per schedule preview. Open the **Holiday calendars** dropdown above the schedule and confirm the BambooHR feed is selected.
  </Accordion>

  <Accordion title="Events appear at the wrong times or on the wrong day" icon="clock">
    The calendar timezone determines how all-day events align with on-call shifts. Remove the calendar and re-add it with the correct timezone, or leave the timezone field blank to let Rootly infer it from the feed.
  </Accordion>

  <Accordion title="Recent changes in BambooHR aren't reflected in Rootly" icon="rotate">
    Rootly resyncs feeds periodically in the background, so a change made seconds ago may take a few minutes to appear.
  </Accordion>
</AccordionGroup>

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does this change my on-call schedule automatically?" icon="shield-check">
    No. Holiday calendars are read-only previews — they surface conflicts so you can decide whether to override, but they never reassign shifts.
  </Accordion>

  <Accordion title="Can I add more than one BambooHR feed?" icon="layer-group">
    Yes. If your team uses separate BambooHR calendars per department or region, add each as its own feed and toggle them on per schedule.
  </Accordion>

  <Accordion title="Does adding the feed require BambooHR admin access?" icon="user-shield">
    On the Rootly side, anyone with the **On-Call Admin** or **On-Call User** role can add a holiday calendar feed — see [Schedule Permissions](/on-call/schedules#permissions-access). The BambooHR side depends on your BambooHR account configuration; refer to the BambooHR help article for the specifics.
  </Accordion>
</AccordionGroup>


# Integrations Catalog
Source: https://docs.rootly.com/integrations/catalog

Browse every Rootly integration. Find the tools you need for alerting, communication, deployment tracking, monitoring, and ticketing.

## Featured

<CardGroup>
  <Card title="AWS CloudWatch" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/CloudWatch.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=1e18d540efaf13ff87b077603320721d" href="/integrations/aws-cloudwatch">
    Connect Rootly to AWS CloudWatch to turn alarms, metrics, and infrastructure signals into faster incident detection, alerting, and response.
  </Card>

  <Card title="AWS EventBridge" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/aws-eventbridge.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f33736f24f221e69e513d9d879d21e3e" href="/integrations/aws-eventbridge">
    Connect Rootly to AWS EventBridge to stream incident and alert events into AWS and route them to Lambda, SNS, SQS, Step Functions, and other event-driven workflows.
  </Card>

  <Card title="Anthropic" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/anthropic-1.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f4735f47a303783c29cff647b7677ffb" href="/integrations/anthropic">
    Connect Claude to Rootly to power AI-assisted incident workflows, automate response tasks, and enhance incident management with intelligent support.
  </Card>

  <Card title="Cortex" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/cortex.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=af075c9be65655cda86de96388504b3f" href="/integrations/cortex/overview">
    Connect Cortex to Rootly to sync service ownership and engineering context so responders can act faster with the right systems and teams in view.
  </Card>

  <Card title="Datadog" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/datadog-customized.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f15f3a2e0728c3e67a30443a1410df8b" href="/integrations/datadog/datadog">
    Connect Datadog to Rootly to turn monitoring, logs, and alerting signals into faster incident detection, response, and coordination.
  </Card>

  <Card title="GitHub" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/github-light.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=bda79a00a7e510cf54e77f273b8cde76" href="/integrations/github/github">
    Connect GitHub to Rootly to tie code changes, deployments, and engineering workflows directly into incident response and follow-up.
  </Card>

  <Card title="Linear" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/linear-dark.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=133ec4d98d3f0f92bd0d68908cf19737" href="/integrations/linear/linear">
    Connect Linear to Rootly to turn incident follow-up work into issues and keep engineering teams aligned from response through resolution.
  </Card>

  <Card title="Notion" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/notion.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=e1e1dbd7cdec33d18bf45db21d270387" href="/integrations/notion/workflows">
    Connect Rootly to Notion to automatically create and update incident documentation so teams stay aligned during response, retrospectives, and follow-up.
  </Card>

  <Card title="PagerDuty" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/pagerduty-icon.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=bf0acf5e28675a27c857f189c563bdd4" href="/integrations/pagerduty/pagerduty">
    Connect PagerDuty to Rootly to page responders, sync alert activity, and coordinate incident response across both platforms.
  </Card>

  <Card title="Sentry" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/sentry.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=b121b91d38f2a37f9d89ea367d80fbad" href="/integrations/sentry">
    Connect Sentry to Rootly to turn application errors into actionable alerts and speed up incident detection and response.
  </Card>

  <Card title="Slack" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/slackcolor.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=6acf9bf79dd7a0929e7e5786af1132d2" href="/integrations/slack/slack">
    Connect Slack to Rootly to declare, manage, and coordinate incidents directly from chat while keeping responders aligned in real time.
  </Card>

  <Card title="Zoom" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/zoom.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=6f9f2b2a927df77ec498b780698cac20" href="/integrations/zoom/zoom">
    Connect Zoom to Rootly to launch incident meetings quickly and keep responders aligned in a shared collaboration space.
  </Card>
</CardGroup>

## Alerting

<CardGroup>
  <Card title="Generic Webhook Alert Source" icon="webhook" href="/integrations/generic-webhook-alert-source/generic-webhook-alert-source">
    Connect Rootly to any monitoring or observability tool that can send webhooks, then route alerts, trigger escalations, and automate response from a single alert pipeline.
  </Card>

  <Card title="Google Cloud" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/Cloud%20Monitoring.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=aec20866199ba9a7427fbef8e074aa1b" href="/integrations/google-cloud-monitoring">
    Connect Google Cloud to Rootly to turn cloud alerts, events, and infrastructure signals into faster incident detection, response, and coordination.
  </Card>

  <Card title="Opsgenie (end of life)" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/opsgenie.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=8a4b68993fb57a8c2135a83cbe2d8bb1" href="/integrations/opsgenie">
    Migrate from Opsgenie to Rootly On-Call to modernize alerting, paging, and incident response in a single platform.
  </Card>

  <Card title="PagerDuty" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/pagerduty-icon.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=bf0acf5e28675a27c857f189c563bdd4" href="/integrations/pagerduty/pagerduty">
    Connect PagerDuty to Rootly to page responders, sync alert activity, and coordinate incident response across both platforms.
  </Card>

  <Card title="PagerTree" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/pagertree.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=15cb393fcfe29535d88cddebac30608d" href="/integrations/pager-tree">
    Connect PagerTree to Rootly to sync alert activity, page responders, and automate incident escalation across both platforms.
  </Card>

  <Card title="Prometheus Alertmanager" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/prometheus.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=637a3b23a0142404ab0babe8d7e5e770" href="/integrations/alertmanager">
    Connect Prometheus Alertmanager to Rootly to turn alerting signals into actionable incidents and speed up detection, response, and coordination.
  </Card>

  <Card title="VictorOps" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/victorops-icon.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=951d9d482eada8492db62b767f4f3762" href="/integrations/victor-ops">
    Connect VictorOps to Rootly to escalate incidents, sync alert activity, and keep responders aligned across both platforms.
  </Card>
</CardGroup>

## Automation

<CardGroup>
  <Card title="AWS EventBridge" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/aws-eventbridge.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f33736f24f221e69e513d9d879d21e3e" href="/integrations/aws-eventbridge">
    Connect Rootly to AWS EventBridge to stream incident and alert events into AWS and route them to Lambda, SNS, SQS, Step Functions, and other event-driven workflows.
  </Card>

  <Card title="Anthropic" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/anthropic-1.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f4735f47a303783c29cff647b7677ffb" href="/integrations/anthropic">
    Connect Claude to Rootly to power AI-assisted incident workflows, automate response tasks, and enhance incident management with intelligent support.
  </Card>

  <Card title="Email" icon="envelope" href="/integrations/email">
    Connect Email to Rootly to send incident notifications, updates, and communications through email during response and recovery.
  </Card>

  <Card title="Fivetran" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/fivetran.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=5a67f1927a38849aba18f59125b410c9" href="/integrations/fivetran">
    Connect Fivetran to Rootly to sync incident data into your warehouse and make reliability insights easier to analyze across your business.
  </Card>

  <Card title="Glean" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/glean.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=27f6ed7165904b626e8c5e6bbcb9fd4c" href="/integrations/glean">
    Sync Rootly incident data with Glean to make incident context easier to search, discover, and use across your organization.
  </Card>

  <Card title="Google Gemini" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/google-gemini.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=3ba80f9a9de45c51615b979eebe3c125" href="/integrations/google-gemini">
    Connect Google Gemini to Rootly to power AI-driven workflows, automate incident tasks, and bring Gemini's multimodal intelligence into your incident response process.
  </Card>

  <Card title="Mistral AI" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/mistral-ai.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=b72467982e0ea8870211b6b30c35c1ad" href="/integrations/mistral">
    Connect Mistral AI to Rootly to power AI-assisted workflows, automate incident tasks, and bring large language model capabilities into your incident response process.
  </Card>

  <Card title="OpenAI" icon="https://mintcdn.com/rootly/J6xkgs4zpD3u-bJG/images/integrations/logos/openai-light.svg?fit=max&auto=format&n=J6xkgs4zpD3u-bJG&q=85&s=d3edd34aaf59e119bcef6d9e89c328fc" href="/integrations/openai">
    Connect OpenAI to Rootly to power AI-assisted workflows, automate incident tasks, and bring intelligent support into every stage of incident response.
  </Card>

  <Card title="SMTP" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/smtp.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=3fbaa9dc86e2f31a506ead8d015e48c7" href="/integrations/smtp">
    Connect SMTP to Rootly to send incident notifications and email-based communications through your own mail infrastructure.
  </Card>

  <Card title="SendGrid" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/sendgrid.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=d9dbad7cf0bf56660aa70b4e512c7235" href="/integrations/sendgrid">
    Connect SendGrid to Rootly to send incident notifications and email-based communications reliably during response and recovery.
  </Card>

  <Card title="ServiceNow" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/servicenow.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=8d9ca49e6550a7a3b4fb1ecc8cc092ce" href="/integrations/service-now/installation">
    Connect ServiceNow to Rootly to turn incident follow-up work into trackable records and keep response, operations, and support teams aligned.
  </Card>

  <Card title="Zapier" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/zapier.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=9683952142c4e63de9f3f486aef0bc56" href="/integrations/zapier">
    Connect Zapier to Rootly to automate incident workflows and connect Rootly with thousands of apps without writing custom code.
  </Card>
</CardGroup>

## Catalog

<CardGroup>
  <Card title="Backstage" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/backstage.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=6440e61ae57033d0e582277b754a5389" href="/integrations/backstage/installation">
    Connect Backstage to Rootly to bring service ownership and developer portal context into incident response so teams can act faster with the right information.
  </Card>

  <Card title="Cortex" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/cortex.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=af075c9be65655cda86de96388504b3f" href="/integrations/cortex/overview">
    Connect Cortex to Rootly to sync service ownership and engineering context so responders can act faster with the right systems and teams in view.
  </Card>
</CardGroup>

## Communication

<CardGroup>
  <Card title="AWS SNS" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/Simple%20Notification%20Service.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=c19aeee7f2b5eb87ab7cbf1e95c0b042" href="/integrations/aws-sns">
    Connect Rootly to AWS SNS to publish incident notifications and operational updates so teams and systems can subscribe and respond automatically.
  </Card>

  <Card title="Google Meet" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/google-meet.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f230e8cc391d7c09c507a6c8a405585a" href="/integrations/google-meet/google-meet">
    Connect Rootly to Google Meet to launch incident meetings quickly and keep responders aligned in a shared collaboration space.
  </Card>

  <Card title="Mattermost" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/mattermost.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=ff9e5149baf0244dc3bc278d605ca8e4" href="/integrations/mattermost">
    Connect Mattermost to Rootly to declare, manage, and coordinate incidents directly from chat while keeping responders aligned in real time.
  </Card>

  <Card title="Microsoft Teams" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/microsoftteams.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=a960ad5b08f6534eb066b647220d7179" href="/integrations/microsoft-teams">
    Connect Microsoft Teams to Rootly to declare, manage, and coordinate incidents directly from chat while keeping responders aligned in real time.
  </Card>

  <Card title="Slack" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/slackcolor.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=6acf9bf79dd7a0929e7e5786af1132d2" href="/integrations/slack/slack">
    Connect Slack to Rootly to declare, manage, and coordinate incidents directly from chat while keeping responders aligned in real time.
  </Card>

  <Card title="Webex" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/webex.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=ae41b150a2b0bc74ba6afa6d609891cd" href="/integrations/webex/webex">
    Connect Rootly to Webex to launch incident meetings quickly and keep responders aligned in a shared collaboration space.
  </Card>

  <Card title="X" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/x-light.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f43f4ca56c30be951f328ac48a481527" href="/integrations/twitter">
    Connect X to Rootly to share incident updates publicly and keep external communications aligned during outages and recovery.
  </Card>

  <Card title="Zoom" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/zoom.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=6f9f2b2a927df77ec498b780698cac20" href="/integrations/zoom/zoom">
    Connect Zoom to Rootly to launch incident meetings quickly and keep responders aligned in a shared collaboration space.
  </Card>

  <Card title="Statuspage.io" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/statuspage.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=337bcc2e796d7d1fafb91d72aa1ea07f" href="/integrations/status-page-io/importing-status-pages">
    Connect Statuspage.io to Rootly to publish updates externally and keep customers informed with consistent status communications.
  </Card>
</CardGroup>

## Deployment

<CardGroup>
  <Card title="AWS Elastic Beanstalk" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/aws-elastic-beanstalk-1%20(1).svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=68deff8399753f1fa12547a980056ab0" href="/integrations/aws-elastic-beanstalk">
    Connect AWS Elastic Beanstalk to Rootly to turn deployment and environment events into faster incident detection, alerting, and response.
  </Card>

  <Card title="GitHub" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/github-light.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=bda79a00a7e510cf54e77f273b8cde76" href="/integrations/github/github">
    Connect GitHub to Rootly to tie code changes, deployments, and engineering workflows directly into incident response and follow-up.
  </Card>

  <Card title="GitLab" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/gitlab.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=b6d32a517d4c7e568502921f4d56e190" href="/integrations/gitlab">
    Connect GitLab to Rootly to tie deployments, code changes, and engineering workflows directly into incident response and follow-up.
  </Card>

  <Card title="Heroku" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/heroku.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=47babc6d072b5554f9902b4c49559491" href="/integrations/heroku">
    Connect Heroku to Rootly to turn app and deployment events into faster incident detection, response, and coordination.
  </Card>

  <Card title="Kubernetes" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/kubernetes.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=b2f35acdb177baa6c8e3c1bafa68ff3b" href="/integrations/kubernetes">
    Connect Kubernetes to Rootly to turn cluster events and infrastructure issues into faster incident detection, response, and coordination.
  </Card>

  <Card title="Pulumi" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/pulumi.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=ea1b2c5e0de58bc7e32b6b2c33231094" href="/integrations/pulumi">
    Connect Pulumi to Rootly to automate infrastructure-aware incident workflows and keep incident response aligned with infrastructure changes.
  </Card>

  <Card title="Terraform" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/hashicorp-terraform.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=7446b9cfb856aaf7d79867b2015c51f7" href="/integrations/terraform">
    Connect Terraform to Rootly to automate infrastructure-aware incident workflows and keep incident response aligned with infrastructure changes.
  </Card>
</CardGroup>

## Monitoring

<CardGroup>
  <Card title="AWS CloudWatch" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/CloudWatch.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=1e18d540efaf13ff87b077603320721d" href="/integrations/aws-cloudwatch">
    Connect Rootly to AWS CloudWatch to turn alarms, metrics, and infrastructure signals into faster incident detection, alerting, and response.
  </Card>

  <Card title="Datadog" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/datadog-customized.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f15f3a2e0728c3e67a30443a1410df8b" href="/integrations/datadog/datadog">
    Connect Datadog to Rootly to turn monitoring, logs, and alerting signals into faster incident detection, response, and coordination.
  </Card>

  <Card title="Grafana" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/grafana.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=cc7704e5b9e4e82aa62f385f63c9a592" href="/integrations/grafana/grafana">
    Connect Grafana to Rootly to turn metrics, dashboards, and alerting signals into faster incident detection and response.
  </Card>

  <Card title="Honeycomb" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/honeycomb.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=1e07e5adb5cf38f99f1a5812ecfb75d5" href="/integrations/honeycomb">
    Connect Honeycomb to Rootly to turn observability signals into actionable alerts and help teams investigate incidents with richer production context.
  </Card>

  <Card title="New Relic" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/newrelic.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=004ee1ec4ed25e8a33ceb0652ac40cf4" href="/integrations/new-relic/installation">
    Connect New Relic to Rootly to turn observability signals into actionable alerts and speed up incident detection and response.
  </Card>

  <Card title="Rollbar" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/rollbar.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=911287550f1fe6b66aa380c4ced912b2" href="/integrations/rollbar">
    Connect Rollbar to Rootly to turn application errors into actionable alerts and speed up incident detection and response.
  </Card>

  <Card title="Sentry" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/sentry.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=b121b91d38f2a37f9d89ea367d80fbad" href="/integrations/sentry">
    Connect Sentry to Rootly to turn application errors into actionable alerts and speed up incident detection and response.
  </Card>

  <Card title="Splunk" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/splunk.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=5586734bc96ae3a496c0387b00b62f3f" href="/integrations/splunk">
    Connect Splunk to Rootly to turn logs, events, and observability signals into actionable alerts and speed up incident response.
  </Card>
</CardGroup>

## Retrospectives

<CardGroup>
  <Card title="Airtable" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/airtable.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=5c20ce2454f154d92ddb09da1697d8cc" href="/integrations/airtable">
    Connect Airtable to Rootly to sync incident data into flexible tables and workflows so teams can track, organize, and act on response information.
  </Card>

  <Card title="Coda" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/coda.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=00afe229850f69eb9c11774b3cc24c14" href="/integrations/coda/coda">
    Connect Coda to Rootly to automatically create and update incident documents in shared Coda pages and keep responders aligned with live incident context.
  </Card>

  <Card title="Confluence Cloud" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/confluence.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=161cf0e40ebe835c9b27a6df8ff65ddf" href="/integrations/confluence/confluence">
    Connect Confluence Cloud to Rootly to automatically create and update incident documentation so teams stay aligned during response, retrospectives, and follow-up.
  </Card>

  <Card title="Dropbox Paper" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/dropbox.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=4f9aa36dfc5fccc0e4670e3e72bb99b1" href="/integrations/dropbox-paper/installation">
    Connect Dropbox Paper to Rootly to automatically create and update shared incident documents so teams stay aligned during response and follow-up.
  </Card>

  <Card title="Google Docs" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/google-docs.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=799913909f66c8fabb3c614ee5e97fc4" href="/integrations/google-docs/installation">
    Connect Rootly to Google Docs to automatically create and update incident documentation so teams stay aligned during response, retrospectives, and follow-up.
  </Card>

  <Card title="Notion" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/notion.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=e1e1dbd7cdec33d18bf45db21d270387" href="/integrations/notion/workflows">
    Connect Rootly to Notion to automatically create and update incident documentation so teams stay aligned during response, retrospectives, and follow-up.
  </Card>

  <Card title="Outlook" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/microsoft-outlook.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=2486c9b838e7882b1bc9e6383169581c" href="/integrations/outlook">
    Connect Rootly to Outlook to send incident notifications, coordinate communications, and keep responders aligned through email and calendar workflows.
  </Card>

  <Card title="Quip" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/quip.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=e6e3d763506c1ed456091862441b39ef" href="/integrations/quip">
    Connect Quip to Rootly to automatically create and update shared incident documents so teams stay aligned with live response context.
  </Card>

  <Card title="SharePoint" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/microsoft-sharepoint.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=b9880ea47e4cc7319aa61672ff85d3c4" href="/integrations/sharepoint">
    Connect Rootly to SharePoint to automatically create and update incident documentation so teams stay aligned during response, retrospectives, and follow-up.
  </Card>
</CardGroup>

## Ticketing

<CardGroup>
  <Card title="Asana" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/asana.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=16ffc134266abada567ea40ef71bc950" href="/integrations/asana/installation">
    Connect Asana to Rootly to turn incident follow-up work into trackable tasks and keep teams aligned after the incident.
  </Card>

  <Card title="ClickUp" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/clickup.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=d248865e8dffd09585b814e2f62ef825" href="/integrations/clickup/installation">
    Connect ClickUp to Rootly to turn incident follow-up work into trackable tasks and keep response actions moving across teams.
  </Card>

  <Card title="Freshservice" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/freshservice.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=1dfbc9732bd31d58001a57b523e2bf79" href="/integrations/freshservice/installation">
    Connect Freshservice to Rootly to turn customer support issues into coordinated incident response and keep teams aligned during escalations.
  </Card>

  <Card title="Jira Cloud" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/jira.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=c664293ba0c6af899ec72d1e8a3566cf" href="/integrations/jira/jira">
    Connect Jira Cloud to Rootly to turn incident follow-up work into trackable issues and keep teams aligned from response through resolution.
  </Card>

  <Card title="Linear" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/linear-dark.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=133ec4d98d3f0f92bd0d68908cf19737" href="/integrations/linear/linear">
    Connect Linear to Rootly to turn incident follow-up work into trackable issues and keep engineering teams aligned from response through resolution.
  </Card>

  <Card title="Shortcut" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/shortcut.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=dd12158189111ec9133e6fb1328747c7" href="/integrations/shortcut">
    Connect Shortcut to Rootly to turn incident follow-up work into trackable tasks and keep engineering teams aligned after an incident.
  </Card>

  <Card title="Trello" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/atlassian-trello.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=77faa7088360d2007767f14a95356180" href="/integrations/trello/installation">
    Connect Trello to Rootly to turn incident follow-up work into organized boards and track response tasks across teams.
  </Card>

  <Card title="Zendesk" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/zendesk.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=a52afab493442157d52f0517722917a6" href="/integrations/zendesk">
    Connect Zendesk to Rootly to turn customer support issues into coordinated incident response and keep teams aligned during escalations.
  </Card>
</CardGroup>

## Everything Else

<CardGroup>
  <Card title="GoToMeeting" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/gotomeeting.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=f3541726a638ae80197ca5fe1a012514" href="/integrations/go-to-meeting">
    Connect GoToMeeting to Rootly to launch incident meetings quickly and keep responders aligned in a shared collaboration space.
  </Card>

  <Card title="Google Calendar" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/google-calendar.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=db5c21edb1c65bb2b3a836a9da27a968" href="/integrations/google-calendar/installation">
    Connect Rootly to Google Calendar to schedule incident meetings, coordinate responders, and keep response workflows aligned with calendar events.
  </Card>

  <Card title="HashiCorp Vault" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/hashicorp-vault.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=e93ec0aabb9416e6355675ed1b93b153" href="/integrations/hashicorp-vault">
    Connect HashiCorp Vault to Rootly to securely retrieve secrets, rotate sensitive credentials, and support safer incident automation.
  </Card>

  <Card title="Looker" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/looker.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=6d354f23ee495c072b7b4102dcf43b00" href="/integrations/looker">
    Connect Looker to Rootly to share incident data in analytics workflows and give teams better visibility into reliability trends and operational performance.
  </Card>

  <Card title="SSO/SCIM" icon="key" href="/integrations/sso">
    Set up SSO and SCIM with Rootly to streamline authentication, automate user provisioning, and keep access aligned with your identity provider.
  </Card>

  <Card title="Workday" icon="building" href="/integrations/google-directory-sync">
    Connect Workday to Rootly to sync employee and organizational data so the right users, teams, and escalation paths stay up to date.
  </Card>
</CardGroup>


# CharlieHR
Source: https://docs.rootly.com/integrations/charliehr

Connect CharlieHR to Rootly to overlay employee time off and vacations on on-call schedule timelines, surfacing coverage gaps before pages fire.

## Overview

CharlieHR exposes your team's time-off calendar as a subscribe-able URL. Point Rootly at that URL and vacations and PTO appear directly on top of your on-call schedule timeline. Shifts that overlap with someone's leave are highlighted, making it easy to create an override before the next page fires.

This is a read-only overlay. CharlieHR stays the source of truth for time off; Rootly polls the feed in the background and keeps the schedule view current.

***

## Exporting the Calendar Feed from CharlieHR

CharlieHR's own walkthrough covers both the user-level and admin-level flows for generating a time-off calendar URL.

Follow [CharlieHR's help article](https://help.charliehr.com/en/articles/839648-importing-your-time-off-calendar-to-google-calendar) to copy the calendar URL. The article is framed around Google Calendar, but the URL it produces is a standard subscribe-able feed that Rootly accepts directly — there's no need to route through Google Calendar first.

<Note>
  CharlieHR's feed covers a rolling 6-month window (past 6 months plus upcoming 6 months), and updates can take up to 48 hours to propagate.
</Note>

***

## Adding the Feed to Rootly

Once you have the CharlieHR feed URL, the rest of the setup happens inside Rootly's schedules view.

<Steps>
  <Step title="Open The Holiday Calendars Menu">
    In the Rootly dashboard, go to **On-Call → Schedules**. In the calendar preview area, open the **Holiday calendars** dropdown.
  </Step>

  <Step title="Add A Holiday Calendar">
    Select **Add your team's holiday calendar**, then choose **Add a holiday calendar**.
  </Step>

  <Step title="Paste The CharlieHR Feed URL">
    Paste the URL you copied from CharlieHR into the URL field.
  </Step>

  <Step title="Name The Calendar And Pick A Timezone">
    Give the calendar a descriptive name (for example, `CharlieHR — Team PTO`) so teammates know what it represents. Select the appropriate timezone, or leave it blank to let Rootly infer it from the feed.
  </Step>

  <Step title="Save And Toggle On">
    Click **Add**. Rootly fetches the calendar and begins syncing automatically. Back in the schedule view, select the new feed from the **Holiday calendars** dropdown to overlay CharlieHR time off on the on-call timeline.
  </Step>
</Steps>

<Tip>
  For the full behavior of holiday calendars in Rootly — conflict highlighting, recurring events, multi-region setups — see [Adding a Holiday Calendar](/on-call/holiday-calendar).
</Tip>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="CharlieHR time off isn't appearing in the schedule view" icon="eye-slash">
    The feed has to be toggled on per schedule preview. Open the **Holiday calendars** dropdown above the schedule and confirm the CharlieHR feed is selected.
  </Accordion>

  <Accordion title="Events appear at the wrong times or on the wrong day" icon="clock">
    The calendar timezone determines how all-day events align with on-call shifts. Remove the calendar and re-add it with the correct timezone, or leave the timezone field blank to let Rootly infer it from the feed.
  </Accordion>

  <Accordion title="A recent CharlieHR change isn't reflected in Rootly" icon="hourglass-half">
    CharlieHR feeds can take up to 48 hours to update on their side, and Rootly resyncs periodically on top of that. Give the change time to propagate before troubleshooting further.
  </Accordion>
</AccordionGroup>

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does this change my on-call schedule automatically?" icon="shield-check">
    No. Holiday calendars are read-only previews — they surface conflicts so you can decide whether to override, but they never reassign shifts.
  </Accordion>

  <Accordion title="Can I add more than one CharlieHR feed?" icon="layer-group">
    Yes. If different teams or regions maintain separate CharlieHR feeds, add each as its own calendar and toggle them on per schedule.
  </Accordion>

  <Accordion title="Do I need to be a CharlieHR admin?" icon="user-shield">
    No — regular CharlieHR users can generate their own time-off feed URL from the Time view. Admins have an additional org-wide feed available under Integrations.
  </Accordion>
</AccordionGroup>


# CLI
Source: https://docs.rootly.com/integrations/cli

Manage Rootly incidents, alerts, services, teams, on-call schedules, and workflows from your terminal with the official Rootly command-line interface.

<Warning>
  Early Preview

  The Rootly CLI is currently in **early preview**. Features may change and some functionality may be limited. We welcome feedback and bug reports on [GitHub](https://github.com/rootlyhq/rootly-cli/issues).
</Warning>

The Rootly CLI is a command-line interface for managing Rootly resources directly from your terminal. Built for engineers who prefer working in the terminal, it provides fast access to incidents, alerts, services, teams, and on-call schedules.

## Features

* **Incidents**: Full CRUD operations with filtering by status, severity, and more
* **Alerts**: Create, acknowledge, and resolve alerts with source tracking
* **Services & Teams**: Manage your service catalog and team structure
* **On-Call**: Query schedules, view shifts, and see who is on-call right now
* **Pulses**: Track events and wrap command execution with automatic pulse recording
* **Multiple Output Formats**: Table, JSON, YAML, and Markdown
* **TTY-Aware Output**: Table format in terminal, JSON when piped
* **Shell Completions**: Bash, Zsh, Fish, and PowerShell
* **Pagination & Filtering**: Server-side filtering with paginated results

## Installation

### Using Homebrew (macOS/Linux)

```bash theme={null}
brew install rootlyhq/tap/rootly-cli
```

### Using Go

```bash theme={null}
go install github.com/rootlyhq/rootly-cli/cmd/rootly@latest
```

### Download Binary

Download the latest release from [GitHub Releases](https://github.com/rootlyhq/rootly-cli/releases).

Available for Linux (amd64/arm64), macOS (Intel/Apple Silicon), and Windows (amd64).

## Quick Start

1. **Set your API key**:
   ```bash theme={null}
   export ROOTLY_API_TOKEN="your-api-key"
   ```

2. **List your incidents**:
   ```bash theme={null}
   rootly incidents list
   ```

3. **Get incident details**:
   ```bash theme={null}
   rootly incidents get INC-123
   ```

## Configuration

Set your API token via environment variable or config file:

```bash theme={null}
# Environment variable (recommended for CI/scripts)
export ROOTLY_API_TOKEN="your-api-key"
```

Or create a config file at `~/.rootly-cli/config.yaml`:

```yaml theme={null}
api_token: "your-api-key"
endpoint: "api.rootly.com"  # Optional, defaults to api.rootly.com
```

### Getting an API Key

1. Log in to your Rootly account
2. Navigate to **Settings** > **API Keys**
3. Create a new API key with appropriate permissions

## Commands

### Incidents

```bash theme={null}
# List incidents
rootly incidents list

# List with filters
rootly incidents list --status=started --severity=critical

# Get incident details
rootly incidents get INC-123

# Create a new incident
rootly incidents create --title="Database outage" --severity=critical

# Update an incident
rootly incidents update INC-123 --status=mitigated

# Delete an incident
rootly incidents delete INC-123
```

### Alerts

```bash theme={null}
# List alerts
rootly alerts list

# Get alert details
rootly alerts get ALR-123

# Create a new alert
rootly alerts create --summary="High CPU usage" --source=datadog

# Acknowledge an alert
rootly alerts ack ALR-123

# Resolve an alert
rootly alerts resolve ALR-123 --message="Issue fixed"
```

### Services

```bash theme={null}
# List services
rootly services list

# Get service details
rootly services get api-gateway

# Create a service
rootly services create --name="api-gateway"

# Update a service
rootly services update api-gateway --description="Main API gateway"

# Delete a service
rootly services delete api-gateway
```

### Teams

```bash theme={null}
# List teams
rootly teams list

# Get team details
rootly teams get engineering

# Create a team
rootly teams create --name="Platform"

# Update a team
rootly teams update engineering --color="#FF5733"

# Delete a team
rootly teams delete engineering
```

### On-Call

```bash theme={null}
# List on-call schedules
rootly oncall list

# View upcoming shifts (next 7 days)
rootly oncall shifts

# View shifts for next 14 days
rootly oncall shifts --days=14

# See who is on-call right now
rootly oncall who

# Filter shifts by schedule
rootly oncall shifts --schedule="Primary On-Call"
```

### Pulses

```bash theme={null}
# Send a pulse event
rootly pulse create "Deploy v1.2.3"

# With labels and services
rootly pulse create "Deploy v1.2.3" --labels="version=1.2.3,team=backend" --services=api-gateway

# Wrap a command and automatically record timing and exit code
rootly pulse run -- make deploy

# Wrap with summary and metadata
rootly pulse run --summary="Deploy to prod" --services=api-gateway --labels="env=prod" -- make deploy
```

The `pulse run` variant automatically captures the wrapped command's exit code as a label (`exit_status`).

| Flag             | Short | Env Variable          | Description                                  |
| ---------------- | ----- | --------------------- | -------------------------------------------- |
| `--labels`       | `-l`  | `ROOTLY_LABELS`       | Key=value pairs, comma-separated             |
| `--services`     | `-s`  | `ROOTLY_SERVICES`     | Service slugs or IDs, comma-separated        |
| `--environments` | `-e`  | `ROOTLY_ENVIRONMENTS` | Environment slugs or IDs, comma-separated    |
| `--source`       |       | `ROOTLY_SOURCE`       | Source identifier (default: `cli`)           |
| `--refs`         | `-r`  | `ROOTLY_REFS`         | Reference key=value pairs, comma-separated   |
| `--summary`      |       | `ROOTLY_SUMMARY`      | Summary (alternative to positional argument) |

## Output Formats

The CLI supports multiple output formats via the `--format` flag:

| Format     | Description                                |
| ---------- | ------------------------------------------ |
| `table`    | Human-readable table (default in terminal) |
| `json`     | JSON output (default when piped)           |
| `yaml`     | YAML output                                |
| `markdown` | Markdown table                             |

```bash theme={null}
# Table (default in terminal)
rootly incidents list

# JSON (default when piped, or explicit)
rootly incidents list --format=json

# Pipe JSON to jq for processing
rootly incidents list --format=json | jq '.[].title'

# YAML
rootly incidents get INC-123 --format=yaml

# Markdown
rootly incidents list --format=markdown
```

## Pagination & Filtering

```bash theme={null}
# Pagination
rootly incidents list --limit=50 --page=2

# Filtering
rootly incidents list --status=started --severity=critical
rootly alerts list --source=datadog
rootly services list --name=api

# Sorting
rootly incidents list --sort=created_at --order=desc
```

## Global Flags

| Flag          | Description                                                           |
| ------------- | --------------------------------------------------------------------- |
| `--api-token` | Rootly API token (env: `ROOTLY_API_TOKEN`)                            |
| `--endpoint`  | Rootly API endpoint (default: `api.rootly.com`)                       |
| `--format`    | Output format: `table`, `json`, `yaml`, `markdown` (default: `table`) |
| `--no-color`  | Disable colored output                                                |
| `--help`      | Show help for any command                                             |

## Shell Completions

Generate shell completion scripts for tab-completion support:

```bash theme={null}
# Bash
rootly completion bash > /etc/bash_completion.d/rootly

# Zsh
rootly completion zsh > "${fpath[1]}/_rootly"

# Fish
rootly completion fish > ~/.config/fish/completions/rootly.fish

# PowerShell
rootly completion powershell > rootly.ps1
```

## Feedback & Support

* **Issues**: [GitHub Issues](https://github.com/rootlyhq/rootly-cli/issues)
* **Source Code**: [GitHub Repository](https://github.com/rootlyhq/rootly-cli)


# Installation
Source: https://docs.rootly.com/integrations/clickup/installation

Install and configure the ClickUp integration with Rootly to create tasks from incidents and receive ClickUp events as alerts in your incident response process.

## Introduction

The ClickUp integration connects Rootly with your ClickUp workspace so teams can automatically create and update tasks through Genius workflows. Rootly also receives task events from ClickUp as alerts, enabling bidirectional workflows between the two systems.

With the ClickUp integration, you can:

* Automatically create ClickUp tasks when incidents are declared or reach a certain state
* Create tasks as subtasks of an existing ClickUp task using a parent task ID
* Update task title, description, priority, and custom fields as incidents evolve
* Receive ClickUp task events (created, updated, deleted) as Rootly alerts

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A ClickUp account with access to the workspace you want to use
* A ClickUp Personal API Token (PAT)

<Callout icon="triangle-exclamation">
  This integration requires a **Personal API Token (PAT)**, not an OAuth app token. You can generate one from your ClickUp account settings under **Apps > API Token > Generate**.
</Callout>

<Callout icon="user-shield">
  We recommend installing with a dedicated ClickUp service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the ClickUp integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **ClickUp**.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Enter your Personal API Token" icon="key">
    Paste your ClickUp Personal API Token into the **API Key** field and select **Connect**.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Rootly validates the token and registers a webhook with ClickUp to receive task events. Once connected, the installation is complete.

    <Callout icon="circle-check">
      After installation, the **Create a ClickUp Task** and **Update a ClickUp Task** workflow actions are available in your Genius workflows. ClickUp task events will also appear as alerts in Rootly.
    </Callout>
  </Step>
</Steps>

## Uninstall

To remove the ClickUp integration, open the integrations panel in Rootly and select **Configure > Delete**. Rootly will also remove the registered ClickUp webhook on deletion.


# Workflows
Source: https://docs.rootly.com/integrations/clickup/workflows

Configure ClickUp workflow actions to create and update tasks from Rootly incidents and action items, and map ClickUp events back to Rootly.

<Callout icon="ℹ️">
  To use these workflow actions, you must first connect ClickUp to Rootly. See [ClickUp Installation](/integrations/clickup/installation).
</Callout>

ClickUp organizes content in a hierarchy: **Workspaces (Teams) → Spaces → Folders → Lists**. When configuring workflow actions, select each level in order to narrow down the target list.

## Outbound Actions (Rootly → ClickUp)

<Callout icon="ℹ️">
  The actions in this section are used in **Incident Workflows**. They execute on changes to the Rootly incident or action item.
</Callout>

### Create a ClickUp Task for Incident

Creates a new task in a ClickUp list, linked to the Rootly incident.

| Field                     | Description                                                                     | Required |
| ------------------------- | ------------------------------------------------------------------------------- | -------- |
| **Team**                  | ClickUp workspace (Team) to use                                                 | Yes      |
| **Space**                 | ClickUp space within the selected team                                          | Yes      |
| **Folder**                | Folder within the selected space. Leave blank if the list is at the space level |          |
| **List**                  | ClickUp list where the task will be created                                     | Yes      |
| **Title**                 | Task title. Defaults to `{{ incident.title }}`. Supports Liquid                 | Yes      |
| **Description**           | Task description. Supports Liquid                                               |          |
| **Priority**              | Task priority. **Auto** mirrors the incident severity                           |          |
| **Due Date**              | Task due date. Supports Liquid                                                  |          |
| **Tags**                  | Comma-separated tags to apply to the task                                       |          |
| **Custom Fields Mapping** | JSON mapping ClickUp custom field IDs to values. Supports Liquid                |          |
| **Task Payload**          | Advanced JSON merged into the task creation request. Supports Liquid            |          |

**Priority mapping (Auto)**

| Rootly Severity | ClickUp Priority |
| --------------- | ---------------- |
| Critical        | Urgent (1)       |
| High            | High (2)         |
| Medium          | Normal (3)       |
| Low             | Low (4)          |

<Frame>
  <img alt="Document Image" />
</Frame>

***

### Create a ClickUp Subtask for Action Item

Creates a new task as a subtask of an existing ClickUp task, linked to a Rootly action item.

<Callout icon="ℹ️">
  When a **Create a ClickUp Task for Incident** action runs, Rootly stores the resulting task ID on the incident record. Reference it in the **Parent Task ID** field using Liquid to nest this subtask under the incident task.
</Callout>

| Field                     | Description                                                        | Required |
| ------------------------- | ------------------------------------------------------------------ | -------- |
| **Team**                  | ClickUp workspace (Team) to use                                    | Yes      |
| **Space**                 | ClickUp space within the selected team                             | Yes      |
| **Folder**                | Folder within the selected space                                   |          |
| **List**                  | ClickUp list where the subtask will be created                     | Yes      |
| **Parent Task ID**        | ID of the ClickUp task to nest this subtask under. Supports Liquid | Yes      |
| **Title**                 | Subtask title. Supports Liquid                                     | Yes      |
| **Description**           | Subtask description. Supports Liquid                               |          |
| **Completion**            | Subtask completion. **Auto** mirrors the action item status        | Yes      |
| **Due Date**              | Subtask due date. Supports Liquid                                  |          |
| **Tags**                  | Comma-separated tags to apply                                      |          |
| **Custom Fields Mapping** | JSON mapping ClickUp custom field IDs to values. Supports Liquid   |          |

<Frame>
  <img alt="Document Image" />
</Frame>

***

### Update a ClickUp Task

Updates an existing ClickUp task linked to a Rootly incident.

| Field                     | Description                                                        | Required |
| ------------------------- | ------------------------------------------------------------------ | -------- |
| **Task ID**               | ClickUp task ID to update. Supports Liquid                         | Yes      |
| **Title**                 | Updated task title. Supports Liquid. Leave blank to keep existing  |          |
| **Description**           | Updated task description. Supports Liquid                          |          |
| **Priority**              | Updated priority                                                   |          |
| **Due Date**              | Updated due date. Supports Liquid                                  |          |
| **Tags**                  | Updated tags                                                       |          |
| **Custom Fields Mapping** | Updated custom field values as JSON. Supports Liquid               |          |
| **Task Payload**          | Advanced JSON merged into the task update request. Supports Liquid |          |

<Frame>
  <img alt="Document Image" />
</Frame>

***

### Update a ClickUp Subtask

Updates an existing ClickUp subtask linked to a Rootly action item.

| Field                     | Description                                                        | Required |
| ------------------------- | ------------------------------------------------------------------ | -------- |
| **Task ID**               | ClickUp subtask ID to update. Supports Liquid                      | Yes      |
| **Title**                 | Updated subtask title. Supports Liquid                             |          |
| **Description**           | Updated subtask description. Supports Liquid                       |          |
| **Completion**            | Updated completion status. **Auto** mirrors the action item status | Yes      |
| **Due Date**              | Updated due date. Supports Liquid                                  |          |
| **Tags**                  | Updated tags                                                       |          |
| **Custom Fields Mapping** | Updated custom field values as JSON. Supports Liquid               |          |

***

### Update a ClickUp Action Item

Updates a ClickUp task that represents a Rootly action item.

| Field                     | Description                                                        | Required |
| ------------------------- | ------------------------------------------------------------------ | -------- |
| **Task ID**               | ClickUp task ID to update. Supports Liquid                         | Yes      |
| **Title**                 | Updated title. Supports Liquid                                     |          |
| **Description**           | Updated description. Supports Liquid                               |          |
| **Completion**            | Updated completion status. **Auto** mirrors the action item status | Yes      |
| **Due Date**              | Updated due date. Supports Liquid                                  |          |
| **Custom Fields Mapping** | Updated custom field values as JSON. Supports Liquid               |          |

<Frame>
  <img alt="Document Image" />
</Frame>

***

## Inbound Events (ClickUp → Rootly)

<Callout icon="ℹ️">
  The actions in this section are used in **Alert Workflows**. They execute on update events sent from ClickUp via webhook.
</Callout>

When the integration is installed, Rootly registers a webhook with ClickUp to receive task events. The following events create alerts in Rootly:

| ClickUp Event | Description              |
| ------------- | ------------------------ |
| `taskCreated` | A new task was created   |
| `taskUpdated` | A task field was changed |
| `taskDeleted` | A task was deleted       |

Each event creates a Rootly alert with the following labels:

| Label      | Source                                                   |
| ---------- | -------------------------------------------------------- |
| `task_id`  | ClickUp task ID                                          |
| `event`    | Event type (`taskCreated`, `taskUpdated`, `taskDeleted`) |
| `field`    | The field that changed (for `taskUpdated` events)        |
| `username` | The user who made the change                             |
| `id`       | The history item ID (for `taskUpdated` events)           |

### Update Action Item

Use an **Alert Workflow** with the **Update Action Item** action to sync ClickUp task changes back to Rootly action items.

<Frame>
  <img alt="Document Image" />
</Frame>

<Frame>
  <img alt="Document Image" />
</Frame>

### Data Mapping Syntax

Use the following Liquid template in the **Data Mapping** field to map ClickUp task update fields to Rootly action item fields:

```json theme={null}
{
  {% if alert.data.history_items[0].field == 'name' %}
    "title": "{{ alert.data.history_items[0].after }}"
  {% endif %}

  {% if alert.data.history_items[0].field == 'status' %}
    {% if alert.data.history_items[0].after.status == 'complete' %}
      "status": "done"
    {% else %}
      "status": "open"
    {% endif %}
  {% endif %}

  {% if alert.data.history_items[0].field == 'priority' %}
    {% if alert.data.history_items[0].after == null %}
      "priority": "medium"
    {% elsif alert.data.history_items[0].after.priority == 'urgent' %}
      "priority": "high"
    {% elsif alert.data.history_items[0].after.priority == 'high' %}
      "priority": "high"
    {% elsif alert.data.history_items[0].after.priority == 'normal' %}
      "priority": "medium"
    {% else %}
      "priority": "low"
    {% endif %}
  {% endif %}

  {% if alert.data.history_items[0].field == 'due_date' %}
    {% if alert.data.history_items[0].after != null %}
      {% assign date = alert.data.history_items[0].after %}
      {% assign dateInSeconds = date | divided_by: 1000 %}
      "due_date": "{{ dateInSeconds | date: "%Y-%m-%d" }}"
    {% endif %}
  {% endif %}
}
```

<Callout icon="ℹ️">
  ClickUp sends due dates as Unix timestamps in milliseconds. Divide by 1000 and apply the `date` filter to convert to a readable format.
</Callout>


# Coda
Source: https://docs.rootly.com/integrations/coda/coda

Streamline incident retrospectives with the Rootly Coda integration, featuring pre-built templates, automated workflow creation, and document linking.

## Overview

Rootly's Coda integration helps streamline the process of completing incident retrospectives. By leveraging pre-built templates and workflows, teams can automate their retrospective creation - saving hours of manual work, per incident.

Some key features of this integration includes:

1. **Customizable templates**
   * Rootly enables teams to pre-define retrospective templates in both Rootly and Coda. If you're looking for a semi-custom retrospective that follows industry best practices, you can simply define the retrospective body in Rootly and we will take care of the rest. If you want a fully customized retrospective, you can build your template in Coda and we will generate the retrospective accordingly.
2. **Liquid variable support**
   * Liquid variables can be referenced in both templates created in Rootly or Coda.
3. **Timeline Visualization:**
   * Incident timelines are automatically generated for templates created in Rootly.
   * [Custom Liquid syntax](/liquid/incident-variables) can be used to generate timelines for templates created in Coda
4. **Action Item Tracking:**
   * Follow-ups are automatically recorded when Rootly-hosted templates are used.
   * [Custom Liquid syntax](/liquid/incident-variables "Custom Liquid syntax") can be used to list out follow-ups in templates hosted on Coda.

## Installation

Please see the [**Installation** page](/integrations/coda/installation "Installation") to get started with your Coda integration.

## Workflows

Rootly relies on workflows to automate interactions with Coda. The [**Workflows** page](/integrations/coda/workflows "Workflows") will walk you through how to set up commonly used workflows involving Coda.


# Installation
Source: https://docs.rootly.com/integrations/coda/installation

Install and set up the Coda integration with Rootly to automate retrospective document creation, page management, and template-based incident reporting.

## Installing Coda on Rootly

<Note>
  We recommend you perform the installation with a **service account** to ensure the integration doesn't break, should the installing user leave the company.

  Ensure that you are **logged in as an Admin user** in Rootly.
</Note>

Locate **Coda** on the [Integrations catalog](https://rootly.com/account/integrations "Integrations catalog") and select `Setup`.

<Frame>
  <img alt="Document Image" />
</Frame>

You'll be prompted to enter your Coda API Key

<Frame>
  <img alt="Document Image" />
</Frame>

# Uninstall

You can **uninstall** this integration in the integrations panel by clicking **Configure > Delete.**


# Workflows
Source: https://docs.rootly.com/integrations/coda/workflows

Configure Coda workflows in Rootly to automatically generate retrospective pages, manage document creation, and apply incident-aware templates.

## Overview

Our Coda integration leverages workflows to automatically generate retrospective pages in Coda. If you are unfamiliar with how Workflows function please visit our [Workflows](/workflows "Workflows") documentation first.

<Frame>
  <img alt="Document Image" />
</Frame>

## Available Workflow Actions

### Create a Coda Page

This action allows you to create an incident retrospective into a Coda Doc.

<Frame>
  <img alt="Document Image" />
</Frame>

#### Title

This field is automatically set for you. You can rename this field to whatever best describes your action. The value in this field does not affect how the workflow action behaves.

#### Subtitle

This field is automatically set for you. You can rename this field to whatever best describes your action. The value in this field does not affect how the workflow action behaves.

#### Page ID

This field allows you to enter the Coda `Page ID` under which the retrospective will be created. The Page ID can be found in the URL when viewing a specific page in your Coda doc.

#### Title

This field allows you to define the title of the Coda page. You can use `{{ incident.title }}` to match the title of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Custom Retrospective Template

This field allows you to define the body content of the Coda page. You can use `{{ incident.summary }}` to match the summary of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Retrospective Template

This field allows you to use a predefined retrospective template to create the body content of the Coda page. The list of selectable templates can be defined in the [Retrospective Templates page](https://rootly.com/account/retrospective-steps?tab=documents "Retrospective Templates page").

<Warning>
  If a template is selected in this field, the content defined in the `Custom Retrospective Template` field will be overridden.
</Warning>

#### Mark Post Mortem as Published

This field allows you to define the status of the retrospective. A retrospective can be in either a `draft` or `published` status. This is typically used if you have automated notification workflows that are only triggered when the retrospective status is `published`.

#### Coda Template

This field allows you to select a predefined template from your Coda Doc. Please see [Setting Up Retro Templates in Coda](/integrations/coda/installation "Setting Up Retro Templates in Coda") to learn how to set up a retrospective template in Coda.

<Warning>
  If a template is selected in this field, the content defined in the `Custom Retrospective Template` field and `Retrospective Template` field will be overridden.
</Warning>

### Update a Coda Page

This action allows you to create an incident retrospective into a Coda Doc.

<Frame>
  <img alt="Document Image" />
</Frame>

#### Doc ID

This field is automatically set for you. You can rename this field to whatever best describes your action. The value in this field does not affect how the workflow action behaves.

#### Page ID

This field allows you to enter the Coda `Page ID` under which the retrospective will be created. The Page ID can be found in the URL when viewing a specific page in your Coda doc.

#### Title

This field allows you to define the title of the Coda page. You can use `{{ incident.title }}` to match the title of your incident. This field supports Liquid syntax.

#### Subtitle

This field is automatically set for you. You can rename this field to whatever best describes your action. The value in this field does not affect how the workflow action behaves.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Custom Retrospective Template

This field allows you to define the body content of the Coda page. You can use `{{ incident.summary }}` to match the summary of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Retrospective Template

This field allows you to use a predefined retrospective template to create the body content of the Coda page. The list of selectable templates can be defined in the [Retrospective Templates page](https://rootly.com/account/retrospective-steps?tab=documents "Retrospective Templates page").

<Warning>
  If a template is selected in this field, the content defined in the `Custom Retrospective Template` field will be overridden.
</Warning>

#### Mark Post Mortem as Published

This field allows you to define the status of the retrospective. A retrospective can be in either a `draft` or `published` status. This is typically used if you have automated notification workflows that are only triggered when the retrospective status is `published`.

#### Coda Template

This field allows you to select a predefined template from your Coda Doc. Please see [Setting Up Retro Templates in Coda](/integrations/coda/installation "Setting Up Retro Templates in Coda") to learn how to set up a retrospective template in Coda.

<Warning>
  If a template is selected in this field, the content defined in the `Custom Retrospective Template` field and `Retrospective Template` field will be overridden.
</Warning>


# Confluence
Source: https://docs.rootly.com/integrations/confluence/confluence

Automate incident retrospectives with Confluence integration, featuring customizable templates, Liquid variable support, and automated page creation.

## Overview

Rootly's Confluence integration automates the creation of retrospective pages after incidents. When an incident resolves or a retrospective is started, Rootly creates a new Confluence page in your specified space and populates it with incident data — including the timeline, affected services, teams involved, and follow-up action items.

Both **Confluence Cloud** (OAuth) and **Confluence Server / Data Center** (Basic auth or Personal Access Token) are supported.

<Frame>
  <iframe />
</Frame>

## Features

<CardGroup>
  <Card title="Automated Page Creation" icon="file-lines">
    Create Confluence pages automatically when incidents resolve or retrospectives begin.
  </Card>

  <Card title="Page Updates" icon="pen-to-square">
    Update existing Confluence pages with new incident data as the incident progresses.
  </Card>

  <Card title="Dynamic Content" icon="code">
    Populate pages with incident data using Liquid variables — timeline, services, teams, and action items.
  </Card>

  <Card title="Template Support" icon="table-columns">
    Use Rootly's built-in retrospective templates or your own templates built directly in Confluence.
  </Card>
</CardGroup>

## Template Options

You have two approaches for retrospective content:

* **Rootly templates** — Use pre-built retrospective templates defined in Rootly. These automatically include timeline visualization and follow-up action item tracking with no additional setup.
* **Confluence templates** — Build fully custom templates directly in Confluence using Liquid variables for dynamic content. Rootly fetches templates from your Confluence space via the API and applies them when creating pages.

<Callout icon="circle-info">
  If a Confluence template is selected in the workflow action, it overrides both the Custom Retrospective Template and the Rootly Retrospective Template fields.
</Callout>

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/confluence/installation">
    Connect your Confluence workspace to Rootly.
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/confluence/workflows">
    Configure automated retrospective page creation.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/confluence/installation

Connect your Confluence account to Rootly to automate incident documentation, retrospective page creation, and runbook linking from Slack and workflows.

## Before You Begin

<Callout icon="triangle-exclamation">
  We recommend performing the installation with a **service account** to ensure the integration does not break if the installing user leaves the company. Ensure you are logged in as an **Admin** in Rootly.
</Callout>

Rootly supports two Confluence deployment types:

| Type                                | Authentication                            |
| ----------------------------------- | ----------------------------------------- |
| **Confluence Cloud**                | OAuth 2.0 (recommended)                   |
| **Confluence Server / Data Center** | Basic auth or Personal Access Token (PAT) |

## Confluence Cloud

<Steps>
  <Step title="Open Rootly Integrations">
    Navigate to **Configuration → Integrations** in your Rootly dashboard.

    <Frame>
      <img alt="Rootly sidebar showing Configuration and Integrations menu" />
    </Frame>
  </Step>

  <Step title="Find and set up Confluence">
    Search for **Confluence** and click **Setup**.

    <Frame>
      <img alt="Integrations page with Confluence search result" />
    </Frame>
  </Step>

  <Step title="Authorize in Confluence">
    You will be redirected to Confluence to grant Rootly permission. Rootly requests the following OAuth scopes:

    * `read:user:confluence` — Read your user profile
    * `read:content-details:confluence` — Read page content
    * `write:content:confluence` — Create and update pages
    * `read:template:confluence` — Read Confluence templates
    * `read:space:confluence` — Read spaces
    * `write:page:confluence` — Create pages

    <Frame>
      <img alt="Confluence OAuth authorization page" />
    </Frame>
  </Step>

  <Step title="Accept permissions">
    Click **Accept** to authorize Rootly.

    <Frame>
      <img alt="Confluence permissions acceptance screen" />
    </Frame>
  </Step>

  <Step title="Confirm connection">
    You will be redirected back to Rootly with a confirmation message. The integration status will show **Connected**.

    <Frame>
      <img alt="Rootly confirmation showing Confluence connected successfully" />
    </Frame>
  </Step>
</Steps>

## Confluence Server / Data Center

For on-premise deployments, Rootly supports authentication via **Basic auth** or a **Personal Access Token (PAT)**.

1. Navigate to **Configuration → Integrations** and search for **Confluence Server**.
2. Click **Setup** and enter your Confluence Server URL (e.g. `https://confluence.yourcompany.com`).
3. Enter your credentials:
   * **Basic auth**: Username and password
   * **PAT**: Generate a token in Confluence under **Profile → Personal Access Tokens** and paste it into the Token field
4. Click **Save** and **Test Connection** to verify.

<Callout icon="circle-info">
  Personal Access Tokens expire after 90 days by default. Rootly will notify you when a token is approaching expiry. Rotate the token in Confluence and update it in Rootly to avoid workflow failures.
</Callout>

## Setting Up Retrospective Templates in Confluence

You can create custom templates in Confluence that Rootly will apply when generating retrospective pages. Rootly fetches available templates from your Confluence space via the API.

<Steps>
  <Step title="Open your Confluence space">
    Navigate to the Space in which you want to create the template and open **Space Settings**.
  </Step>

  <Step title="Access templates">
    Under **Look and Feel**, select **Templates**.
  </Step>

  <Step title="Create a new template">
    Click **Create New Template** and build out your template content. Liquid syntax is fully supported — use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables.
  </Step>

  <Step title="Save the template">
    Save the template. It will appear in the Confluence Template dropdown when configuring a Create Confluence Page workflow action.
  </Step>
</Steps>

## Uninstall

To remove the Confluence integration:

1. Go to **Configuration → Integrations** and find **Confluence**
2. Click the **Connected** button to reveal the disconnect option
3. Click **Delete**

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>

<Callout icon="circle-info">
  Disconnecting the integration does not delete existing Confluence pages created by Rootly. Those pages remain in your Confluence space.
</Callout>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Confluence spaces not appearing during authorization" icon="magnifying-glass">
    Ensure you have **Create** or **Edit** permissions in the Confluence spaces you want Rootly to use. Ask an admin to check **Space Settings → Permissions**. If the issue persists, disconnect and reconnect the integration to refresh permissions.
  </Accordion>

  <Accordion title="Authorization succeeds but integration does not complete" icon="circle-exclamation">
    Check if your organization restricts external apps under **Atlassian Admin → Security → App Access**. Confirm the installing user is not limited to read-only access. Retry the installation in an incognito window to avoid stale credentials.
  </Accordion>

  <Accordion title="Server / Data Center connection fails" icon="server">
    Verify the Confluence Server URL is reachable from Rootly's servers — check any firewall or allowlist rules. Confirm SSL certificates are valid. For PAT authentication, ensure the token has not expired and has the required permissions.
  </Accordion>
</AccordionGroup>


# Workflows
Source: https://docs.rootly.com/integrations/confluence/workflows

Automate Confluence page creation, updates, and labelling for incident retrospectives using Rootly workflow actions with parent page and template support.

## Overview

Workflows let you automate Confluence page creation and control exactly what information Rootly publishes during an incident. You can trigger a page creation when an incident resolves, when a retrospective begins, or on any other workflow event — and use Liquid variables to populate pages with live incident data.

<Frame>
  <iframe />
</Frame>

<Callout icon="circle-info">
  If you do not need advanced trigger or condition logic, skip to [Step 3](#step-3-add-the-create-confluence-page-action) to add the action directly.
</Callout>

## Step 1: Create a Workflow

<Steps>
  <Step title="Open workflow creation">
    Navigate to **Workflows** in the Rootly sidebar and click **Create Workflow**.

    <Frame>
      <img alt="Rootly workflows page" />
    </Frame>

    <Frame>
      <img alt="Create workflow button" />
    </Frame>
  </Step>

  <Step title="Choose a workflow type">
    Select the workflow type that matches your use case:

    * **Incident** — trigger actions during active incidents
    * **Retrospective** — trigger actions when a retrospective begins or changes status
    * **Pulse** — trigger actions on a schedule

    <Frame>
      <img alt="Workflow type selection" />
    </Frame>
  </Step>
</Steps>

## Step 2: Configure Triggers

Triggers define when the workflow runs.

<Frame>
  <img alt="Workflow trigger configuration" />
</Frame>

| Trigger                          | When it fires                                               |
| -------------------------------- | ----------------------------------------------------------- |
| **Incident Created**             | A new incident is opened                                    |
| **Incident Updated**             | A field like severity or status changes                     |
| **Incident Status Changed**      | The incident moves into a specific status                   |
| **Retrospective Status Changed** | The retrospective status changes (e.g., Started, Published) |
| **Manual Trigger**               | An operator runs the workflow manually from the UI          |

<Callout icon="circle-info">
  For retrospective pages, use **Retrospective Status Changed** with a condition of **Status equals Started** so pages are created when a retrospective kicks off.
</Callout>

## Step 3: Add Conditions

Conditions let you refine when the workflow executes after a trigger fires.

<Frame>
  <img alt="Workflow conditions panel" />
</Frame>

Common condition patterns:

* **Severity filter** — only create a page for SEV-1 or SEV-2 incidents
* **Team or service filter** — scope page creation to incidents affecting specific teams or services
* **Incident type** — ensure the workflow only runs when Kind is set to **Incident**
* **Environment** — only generate pages for production or customer-impacting issues

## Step 4: Add the Create Confluence Page Action

<Steps>
  <Step title="Add an action">
    Click **Add Action** and search for **Confluence**.

    <Frame>
      <img alt="Add action dialog with Confluence search" />
    </Frame>
  </Step>

  <Step title="Select Create Confluence Page">
    Choose **Create Confluence Page** from the results.

    <Frame>
      <img alt="Create Confluence Page action selected" />
    </Frame>

    <Frame>
      <img alt="Confluence action configuration panel" />
    </Frame>
  </Step>

  <Step title="Configure the action">
    Fill in the fields using the table below.
  </Step>

  <Step title="Save the workflow">
    Click **Add**, enter a workflow name, and click **Create Workflow**.
  </Step>
</Steps>

### Action Fields

| Field                               | Required | Description                                                                                                            |
| ----------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------- |
| **Space Key**                       | Yes      | The Confluence space where the page will be created. Find this under **Space Settings → Space Details** in Confluence. |
| **Title**                           | Yes      | The page title. Supports Liquid syntax (e.g., `{{ incident.title }}`).                                                 |
| **Ancestor**                        | No       | Page ID of a parent page. If blank, the page is created at the root of the space.                                      |
| **Confluence Template**             | No       | A template fetched from your Confluence space. Overrides both retrospective template fields.                           |
| **Custom Retrospective Template**   | No       | Define page content directly using Liquid variables. Overrides the Retrospective Template field.                       |
| **Retrospective Template**          | No       | A pre-built template from [Retrospective Templates](https://rootly.com/account/retrospective-steps?tab=documents).     |
| **Mark Retrospective as Published** | No       | Publish the page immediately rather than leaving it as a draft.                                                        |

<Callout icon="triangle-exclamation">
  If a **Confluence Template** is selected, it overrides both the **Custom Retrospective Template** and **Retrospective Template** fields.
</Callout>

## Update an Existing Confluence Page

In addition to creating pages, Rootly can update pages that already exist. Add an **Update Confluence Page** action and configure the following fields:

| Field                   | Required | Description                                                                                                  |
| ----------------------- | -------- | ------------------------------------------------------------------------------------------------------------ |
| **Page ID**             | Yes      | The ID of the Confluence page to update. Supports Liquid syntax to reference a page created in a prior step. |
| **Title**               | No       | Updated page title. Leave blank to keep the existing title.                                                  |
| **Content**             | No       | Updated page content using Liquid variables.                                                                 |
| **Confluence Template** | No       | Re-apply a Confluence template when updating the page.                                                       |

## Creating a Confluence Template

Rootly fetches page templates directly from your Confluence space via the API. Templates you create in Confluence appear automatically in the **Confluence Template** dropdown within the workflow action.

<Steps>
  <Step title="Open your Confluence space">
    Navigate to the space where you want to create the template and open **Space Settings**.

    <Frame>
      <img alt="Confluence space selection" />
    </Frame>
  </Step>

  <Step title="Access template settings">
    Under **Look and Feel**, select **Templates**.

    <Frame>
      <img alt="Confluence space settings showing Templates option" />
    </Frame>
  </Step>

  <Step title="Create the template">
    Click **Create New Template** and add your content. Liquid syntax is fully supported.

    <Frame>
      <img alt="Create new template button" />
    </Frame>

    <Frame>
      <img alt="Template editor with Liquid variables" />
    </Frame>
  </Step>

  <Step title="Save the template">
    Click **Save**. The template will appear in the **Confluence Template** dropdown the next time you configure a Create Confluence Page action.
  </Step>
</Steps>

## Template Examples

Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables before deploying templates in production.

<Tabs>
  <Tab title="Standard Retrospective">
    ```markdown theme={null}
    # Retrospective: {{ incident.title }}

    **Date:** {{ incident.started_at | date: "%Y-%m-%d" }}
    **Severity:** {{ incident.severity }}
    **Status:** {{ incident.status }}

    ## Summary
    {{ incident.summary }}

    ## Timeline
    {{ incident.timeline_table_markdown }}

    ## Services Affected
    {% for service in incident.services %}
    - {{ service }}
    {% endfor %}

    ## Teams Involved
    {% for group in incident.groups %}
    - {{ group.name }}
    {% endfor %}

    ## Follow-Up Items
    {% for action_item in incident.action_items %}
    - {{ action_item.summary }} ({{ action_item.status }})
    {% endfor %}

    ## Lessons Learned
    [To be completed by the team]
    ```
  </Tab>

  <Tab title="Executive Summary">
    ```markdown theme={null}
    # Executive Summary: {{ incident.title }}

    **Date:** {{ incident.started_at | date: "%B %d, %Y" }}
    **Severity:** {{ incident.severity }}
    **Duration:** {{ incident.duration }} minutes

    ## What Happened
    {{ incident.summary }}

    ## Resolution
    {{ incident.resolution_message }}

    ## Key Metrics
    - Services Affected: {{ incident.services | size }}
    - Time to Resolution: {{ incident.duration }} minutes

    ## Next Steps
    {% for action_item in incident.action_items %}
    - {{ action_item.summary }}
    {% endfor %}
    ```
  </Tab>

  <Tab title="Technical RCA">
    ```markdown theme={null}
    # Root Cause Analysis: {{ incident.title }}

    **Started:** {{ incident.started_at | date: "%Y-%m-%d %H:%M %Z" }}
    **Resolved:** {{ incident.resolved_at | date: "%Y-%m-%d %H:%M %Z" }}
    **Duration:** {{ incident.duration }} minutes

    ## Affected Services
    {% for service in incident.services %}
    - {{ service }}
    {% endfor %}

    ## Detailed Timeline
    {{ incident.timeline_table_markdown }}

    ## Root Cause
    [To be completed by engineering team]

    ## Resolution Steps
    {{ incident.resolution_message }}

    ## Preventive Measures
    {% for action_item in incident.action_items %}
    - {{ action_item.summary }} ({{ action_item.status }})
    {% endfor %}
    ```
  </Tab>
</Tabs>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="My Confluence template is not appearing in the dropdown" icon="magnifying-glass">
    Rootly fetches templates from your Confluence space via the API. Ensure the template was saved in the correct space and that your Rootly integration has access to that space. Try disconnecting and reconnecting the integration to refresh the template list.
  </Accordion>

  <Accordion title="The workflow ran but no Confluence page was created" icon="circle-exclamation">
    Check the workflow run log in Rootly for error details. Common causes include an invalid Space Key, a missing or incorrect Ancestor page ID, or a Liquid variable that returned an empty value for the Title field (Title is required). Verify the Space Key matches exactly what appears in **Space Settings → Space Details** in Confluence.
  </Accordion>

  <Accordion title="Liquid variables are rendering as blank on the page" icon="code">
    Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to verify that the variable returns a value for your incident. Some variables like `incident.resolved_at` will be empty if the incident has not yet resolved. Add a fallback using Liquid filters (e.g., `{{ incident.resolved_at | default: "TBD" }}`).
  </Accordion>

  <Accordion title="Can I create a page in multiple spaces from one workflow?" icon="layer-group">
    Add multiple **Create Confluence Page** actions to the same workflow, each configured with a different Space Key. Each action runs sequentially and creates an independent page.
  </Accordion>

  <Accordion title="How do I reference a page created earlier in the same workflow?" icon="link">
    Use the **Update Confluence Page** action after a **Create Confluence Page** action. Reference the created page ID via Liquid using the output of the prior step.
  </Accordion>
</AccordionGroup>


# Cortex to Rootly
Source: https://docs.rootly.com/integrations/cortex/cortex-to-rootly

Sync your service catalog from Cortex into Rootly to keep service definitions, ownership, and metadata consistent across your incident workflow and on-call.

This integration imports your service catalog from Cortex into Rootly, making Cortex the source of truth for service definitions.

## Prerequisites

* **Cortex account** with API access
* **Rootly admin or owner** permissions
* **Cortex API key** (you'll generate this below)

## Installation

### Step 1: Generate a Cortex API Key

1. Log into your **Cortex** account
2. Navigate to **Settings** > **API Tokens**
3. Click **Create API Token**
4. Give it a descriptive name like "Rootly Integration"
5. Copy the generated API key

<Info>
  We recommend using a service account token to ensure uninterrupted access if team members change roles.
</Info>

<Warning>
  Make sure to copy the API key immediately - Cortex will only show it once for security purposes.
</Warning>

### Step 2: Connect Cortex to Rootly

1. Log into your **Rootly** account as an Admin
2. Navigate to **Configurations** > **Integrations** > **Cortex**
3. Click **Setup** to open the configuration modal
4. Enter your configuration:

| Field            | Description                                                                               |
| ---------------- | ----------------------------------------------------------------------------------------- |
| **Instance URL** | Your Cortex instance URL (defaults to `https://api.getcortexapp.com` for cloud instances) |
| **API Key**      | The API token you generated in Step 1                                                     |

5. Click **Connect**

If successful, you'll see a confirmation message and the Cortex integration card will show as **Connected**.

### Step 3: Enable Service Sync (Optional)

By default, the integration connects to Cortex but doesn't automatically sync services.

To enable automatic synchronization:

1. Navigate to your Cortex integration settings in Rootly
2. Toggle **Sync Services** to enabled
3. Click **Save**

<Info>
  Service sync runs automatically in the background. New services will be imported and existing services will be updated to match their Cortex definitions.
</Info>

## What Gets Synced

When service sync is enabled, Rootly imports:

* **Service entities** from your Cortex catalog
* **Service names** and **descriptions**
* **Service tags** used as identifiers

Archived services in Cortex are automatically excluded from sync.

## Using Synced Services

Once services are synced from Cortex:

* They appear in your Rootly service catalog with a Cortex badge
* You can link them to incidents during incident creation or updates
* Service ownership and metadata from Cortex is available in incident context
* Workflows can reference Cortex-linked services for automated actions

## Uninstall

To disconnect the Cortex integration:

1. Navigate to **Configurations** > **Integrations** > **Cortex**
2. Click **Delete** or **Disconnect**
3. Confirm the removal

<Warning>
  Removing the integration will stop service synchronization. Existing services imported from Cortex will remain in Rootly but will no longer update automatically.
</Warning>


# Cortex
Source: https://docs.rootly.com/integrations/cortex/overview

Integrate Rootly with the Cortex Internal Developer Portal to combine service insights, ownership data, and automated incident management in one workflow.

## What is Cortex?

Cortex is the Engineering Operations Platform that enables organizations to continuously improve their operational maturity and reduce developer friction. With centralized visibility, clear ownership, automated Scorecards, and golden paths, we help engineering organizations operate as one.

## Integration Overview

The Rootly + Cortex integration is **bidirectional**, meaning data flows in both directions to create a seamless experience:

<CardGroup>
  <Card title="Cortex to Rootly" icon="download" href="/integrations/cortex/cortex-to-rootly">
    Sync your service catalog from Cortex into Rootly
  </Card>

  <Card title="Rootly to Cortex" icon="upload" href="/integrations/cortex/rootly-to-cortex">
    Display Rootly incident data within Cortex portal
  </Card>
</CardGroup>

## How It Works

### Cortex → Rootly (Service Sync)

Rootly imports your service catalog from Cortex, making Cortex the **source of truth for services**.

**What gets synced:**

* Service entities from your Cortex catalog
* Service names and descriptions
* Service metadata and tags

[Set up Cortex → Rootly integration →](/integrations/cortex/cortex-to-rootly)

***

### Rootly → Cortex (Incident Display)

Cortex pulls incident data from Rootly and displays it within your Internal Developer Portal.

**What you can do:**

* View active incidents on service pages in Cortex
* Create Rootly incidents directly from Cortex
* Build scorecards based on Rootly incident metrics
* Track service reliability using incident data

[Learn about Rootly → Cortex integration →](/integrations/cortex/rootly-to-cortex)

## Key Benefits

### Unified Service Catalog

Use Cortex as your single source of truth for service definitions. When you update a service in Cortex, the changes automatically flow to Rootly, ensuring consistency across your incident management workflow.

### Reduced Context Switching

Developers and on-call engineers can stay in Cortex while accessing incident information. Create incidents, check incident history, and view operational metrics without switching tools.

### Automated Service Ownership

Leverage Cortex's ownership data to automatically route incidents to the right teams. When an incident affects a service, Rootly knows exactly who owns it based on Cortex's catalog.

### Data-Driven Reliability

Build Cortex scorecards using Rootly incident data to measure and improve service reliability. Track MTTR, incident frequency, and operational maturity across all your services.

## Which Integration Do I Need?

**Both!** The integrations work together to provide the complete experience:

| If you want to...                 | You need...                                                                  |
| --------------------------------- | ---------------------------------------------------------------------------- |
| Keep service definitions in sync  | [Cortex → Rootly](/integrations/cortex/cortex-to-rootly)                     |
| View incidents in Cortex portal   | [Rootly → Cortex](https://docs.cortex.io/docs/reference/integrations/rootly) |
| Link incidents to Cortex services | [Cortex → Rootly](/integrations/cortex/cortex-to-rootly)                     |
| Create incidents from Cortex      | [Rootly → Cortex](https://docs.cortex.io/docs/reference/integrations/rootly) |
| Build reliability scorecards      | [Rootly → Cortex](https://docs.cortex.io/docs/reference/integrations/rootly) |

<Info>
  The **Cortex → Rootly** integration is configured in Rootly. The **Rootly → Cortex** integration is configured in Cortex and maintained by the Cortex team.
</Info>

## Getting Started

### Step 1: Sync Services from Cortex

Start by [setting up the Cortex → Rootly integration](/integrations/cortex/cortex-to-rootly) to import your service catalog. This ensures incidents can be properly linked to services.

### Step 2: Display Incidents in Cortex

Next, configure the [Rootly → Cortex integration](https://docs.cortex.io/docs/reference/integrations/rootly) in Cortex to display incident data within your portal.

### Step 3: Leverage the Combined Power

Once both directions are configured:

* Services in Rootly stay in sync with Cortex
* Incidents in Rootly appear on service pages in Cortex
* Teams can work from either tool seamlessly

## Support

### For Service Sync (Cortex → Rootly)

This integration is built and maintained by Rootly.

* Contact Rootly support through your account
* Visit [Rootly documentation](https://docs.rootly.com)

### For Incident Display (Rootly → Cortex)

This integration is built and maintained by Cortex.

* Email: [help@cortex.io](mailto:help@cortex.io)
* Visit [Cortex integration docs](https://docs.cortex.io/docs/reference/integrations/rootly)


# Rootly to Cortex
Source: https://docs.rootly.com/integrations/cortex/rootly-to-cortex

View Rootly incident data inside Cortex and trigger incidents directly from your Internal Developer Portal to keep developers in their day-to-day tooling.

This integration brings incident management capabilities directly into your Cortex Internal Developer Portal.

<Info>
  This integration is built and maintained by the Cortex team. For setup instructions, visit [Cortex's integration documentation](https://docs.cortex.io/docs/reference/integrations/rootly).
</Info>

## Setup

This integration is configured entirely within Cortex. Visit the [Cortex integration setup guide](https://docs.cortex.io/docs/reference/integrations/rootly) for detailed installation instructions.

**You'll need:**

* Cortex admin permissions
* Rootly admin or owner permissions
* A Rootly API key (generated during Cortex setup)

## Features

### Trigger Incidents from Cortex

Create Rootly incidents directly from service pages in Cortex without switching tools.

**How it works:**
From any service page in Cortex, click the Rootly action to create a new incident. The incident is created in Rootly with the service context already attached.

### View Incident Data in Cortex

See real-time incident information directly on service entity pages in your Cortex catalog.

**What you can see:**

* Active incidents affecting the service
* Recent incident history
* Incident severity and status
* Links to detailed incident pages in Rootly

### Build Scorecards with Incident Data

Create custom scorecards and write CQL queries using Rootly incident data to measure service reliability.

**Example use cases:**

* Track MTTR (Mean Time to Resolution) per service
* Measure incident frequency and severity trends
* Score services based on operational maturity
* Set goals for reducing critical incidents

### Incident Catalog View

Rootly is the only incident management platform that appears in Cortex's catalog list view, giving you a unified perspective of both services and active incidents.

## Use Cases

### Platform Engineering Teams

Your platform team maintains dozens of internal services. When checking service health in Cortex, you want to immediately see if there are any active incidents.

**Solution**: Incident status appears directly on service pages. If an issue arises, you can create a Rootly incident without leaving Cortex.

### SRE Teams

You're conducting a service reliability review and need to understand incident patterns across services.

**Solution**: Use Cortex scorecards powered by Rootly data to visualize MTTR, incident frequency, and severity trends. Create CQL queries to track improvement over time.

### On-Call Engineers

You're paged about a service issue and need to quickly understand service dependencies and recent incident history.

**Solution**: Open the service in Cortex to see ownership, dependencies, and recent Rootly incidents all in one place. Create follow-up incidents directly from the context you're already in.

## Best Practices

### Keep Service Mappings Accurate

Ensure services in Cortex are properly mapped to services in Rootly for accurate incident association. Consistent naming helps maintain the connection.

### Leverage Scorecards

Create scorecards that track operational metrics like:

* Incidents per service per week
* Mean time to resolution
* Percentage of incidents with retrospectives
* Critical incident frequency

### Use Incident Context

When creating incidents from Cortex, include relevant service context in the incident description to help responders quickly understand the situation.

### Review Historical Trends

Regularly review incident data in Cortex to identify services that may need architectural improvements or additional monitoring.

## Support

The Cortex team built and actively maintains this integration.

**For help:**

* Email: [help@cortex.io](mailto:help@cortex.io)
* Documentation: [Cortex Rootly Integration Docs](https://docs.cortex.io/docs/reference/integrations/rootly)

**For Rootly API questions:**

* Visit the [Rootly API documentation](https://rootly.com/docs/api)
* Contact Rootly support through your account


# Alerts
Source: https://docs.rootly.com/integrations/datadog/alerts

Configure Datadog webhook contact points to forward monitor alerts to Rootly for on-call paging, automated incident creation, and bidirectional resolution.

## Overview

Once Datadog is connected to Rootly, you can forward monitor alerts to Rootly via a webhook. Alerts received in Rootly can be routed to a Slack channel, used to page on-call responders, or trigger incident workflows automatically.

<Callout icon="triangle-exclamation">
  Complete the [Installation](/integrations/datadog/installation) before configuring alerts. You must have Datadog connected to Rootly before webhooks will authenticate.
</Callout>

## Step 1: Set Up the Webhook in Datadog

<Steps>
  <Step title="Install the Webhooks integration">
    In Datadog, navigate to **Integrations**, search for **Webhooks**, and click **Install**.

    <Frame>
      <img alt="Installing the Webhooks integration in Datadog" />
    </Frame>
  </Step>

  <Step title="Create a new webhook">
    Switch to the **Configuration** tab and click **+ New** to add a webhook.

    <Frame>
      <img alt="Configuration tab in Datadog Webhooks showing the New button" />
    </Frame>
  </Step>

  <Step title="Configure the webhook">
    Fill in the following fields:

    **Name** — give the webhook a descriptive name (e.g., `Rootly_Alerts`)

    **URL** — enter:

    ```text theme={null}
    https://webhooks.rootly.com/webhooks/incoming/datadog_webhooks
    ```

    **Payload** — choose based on your use case:

    <Tabs>
      <Tab title="General Alert">
        Use this payload for standard alerts that appear in Rootly's Alerts page without paging anyone.

        ```json theme={null}
        {
          "id": "$ID",
          "body": "$EVENT_MSG",
          "last_updated": "$LAST_UPDATED",
          "event_type": "$EVENT_TYPE",
          "title": "$EVENT_TITLE",
          "alert_id": "$ALERT_ID",
          "alert_metric": "$ALERT_METRIC",
          "alert_priority": "$ALERT_PRIORITY",
          "alert_query": "$ALERT_QUERY",
          "alert_scope": "$ALERT_SCOPE",
          "alert_status": "$ALERT_STATUS",
          "alert_title": "$ALERT_TITLE",
          "alert_transition": "$ALERT_TRANSITION",
          "alert_type": "$ALERT_TYPE",
          "date": "$DATE",
          "org": {"id": "$ORG_ID", "name": "$ORG_NAME"}
        }
        ```
      </Tab>

      <Tab title="Page On-Call">
        Use this payload to page a specific user, team, escalation policy, or service when the alert fires. Replace `<TYPE>` and `<ID>` with your target resource.

        ```json theme={null}
        {
          "id": "$ID",
          "body": "$EVENT_MSG",
          "last_updated": "$LAST_UPDATED",
          "event_type": "composite_monitor",
          "title": "Datadog webhook alert",
          "alert_id": "$ALERT_ID",
          "alert_metric": "$ALERT_METRIC",
          "alert_priority": "$ALERT_PRIORITY",
          "alert_query": "$ALERT_QUERY",
          "alert_scope": "$ALERT_SCOPE",
          "alert_status": "$ALERT_STATUS",
          "alert_title": "$ALERT_TITLE",
          "alert_transition": "$ALERT_TRANSITION",
          "alert_type": "$ALERT_TYPE",
          "date": "$DATE",
          "org": {"id": "$ORG_ID", "name": "$ORG_NAME"},
          "rootly": {
            "notification_target": {
              "type": "<TYPE>",
              "id": "<ID>"
            }
          }
        }
        ```

        | Field  | Values                                                    |
        | ------ | --------------------------------------------------------- |
        | `type` | `User`, `Group`, `EscalationPolicy`, or `Service`         |
        | `id`   | The resource ID — found by editing the resource in Rootly |

        <Frame>
          <img alt="Finding the ID of a Rootly resource" />
        </Frame>
      </Tab>
    </Tabs>

    <Callout icon="circle-info">
      The only difference between these payloads is the `notification_target` object. Including it tells Rootly who to page when the alert is received.
    </Callout>
  </Step>

  <Step title="Add the custom header">
    Check the **Custom Headers** box and add the following, replacing the value with your Rootly webhook secret:

    ```json theme={null}
    {
      "secret": "<YOUR_ROOTLY_WEBHOOK_SECRET>"
    }
    ```

    To find your secret:

    1. In Rootly, go to **Alerts → Sources → Datadog** and click **Configure**

    <Frame>
      <img alt="Configure button on the Datadog alert source in Rootly" />
    </Frame>

    2. Find the **Connection Instructions** panel on the right

    <Frame>
      <img alt="Connection Instructions panel showing the webhook URL and secret" />
    </Frame>

    3. Copy the **secret** value from the Custom Headers section

    <Frame>
      <img alt="Custom Headers section showing the secret to copy" />
    </Frame>
  </Step>

  <Step title="Save the webhook">
    Click **Save**.
  </Step>
</Steps>

## Step 2: Attach the Webhook to a Monitor

<Steps>
  <Step title="Open a monitor">
    In Datadog, navigate to **Monitors → New Monitor** and choose a monitor type, or open an existing monitor to edit it.
  </Step>

  <Step title="Add the webhook to notifications">
    In the **Configure notifications and automations** section, reference your webhook using `@webhook-<WEBHOOK_NAME>` syntax (e.g., `@webhook-Rootly_Alerts`).
  </Step>

  <Step title="Test and save">
    Click **Test Notifications** to confirm the alert reaches Rootly, then save the monitor.

    <Frame>
      <img alt="Datadog monitor notification configuration with webhook" />
    </Frame>

    <Frame>
      <img alt="Successful test notification in Datadog" />
    </Frame>

    Verify the alert appeared on the [Alerts page](https://rootly.com/account/alerts) in Rootly.
  </Step>
</Steps>

## Step 3: Build Alert Workflows in Rootly

With alerts flowing into Rootly, create a workflow that reacts to them. Alert workflows let you check alert fields, apply conditions, and trigger automated actions like creating an incident or notifying responders.

<Steps>
  <Step title="Open Workflows">
    Navigate to **Workflows** in Rootly and click **Create Workflow**.

    <Frame>
      ![Create Workflow button in Rootly's Workflows page](https://ik.imagekit.io/scdd/Create-workflow.png)
    </Frame>
  </Step>

  <Step title="Choose Alert workflow type">
    Select **Alert** as the workflow type. This workflow triggers whenever Rootly receives an alert from Datadog.

    <Frame>
      ![Selecting Alert as the workflow type in Rootly](https://ik.imagekit.io/scdd/triggered-by-alerts.png)
    </Frame>
  </Step>

  <Step title="Set the trigger">
    Select **Alert Created** to fire on new alerts, or **Alert Status Updated** to react when an existing alert changes.

    <Callout icon="circle-info">
      Available triggers: **Alert Created** fires when a new alert is received. **Alert Status Updated** fires when an existing alert changes state.
    </Callout>
  </Step>

  <Step title="Add conditions">
    Filter which alerts should trigger this workflow. Common patterns:

    <Tabs>
      <Tab title="Match by source">
        Add a condition where **Source is Datadog** to scope the workflow to Datadog alerts only.
      </Tab>

      <Tab title="Match by payload">
        Use payload field conditions to filter further — for example:

        * `alert_priority` equals `P1`
        * `alert_title` contains `CRITICAL`
        * `alert_transition` equals `Triggered`
      </Tab>
    </Tabs>

    <Callout icon="circle-info">
      Use Datadog payload fields like `alert_priority`, `alert_status`, `alert_type`, and `alert_title` to build precise conditions.
    </Callout>
  </Step>

  <Step title="Add actions">
    Add one or more actions to execute when the workflow fires:

    | Action                  | Use case                                       |
    | ----------------------- | ---------------------------------------------- |
    | **Create Incident**     | Auto-create an incident from the alert         |
    | **Page Rootly On-Call** | Page the responsible team or escalation policy |
    | **Send Slack Message**  | Notify a channel about the alert               |
    | **Send SMS or Email**   | Alert responders directly                      |

    <Callout icon="circle-info">
      You can chain multiple actions for a complete response process — for example, create an incident and then send a Slack message in the same workflow.
    </Callout>
  </Step>

  <Step title="Save the workflow">
    Name the workflow (e.g., `Create Incident from Datadog P1 Alert`) and click **Create Workflow**.

    <Frame>
      ![Save and create the alert workflow in Rootly](https://ik.imagekit.io/scdd/create-sentry-workflow.png)
    </Frame>
  </Step>
</Steps>

## Verify the Workflow

After saving the workflow:

1. Return to Datadog and trigger a test alert from your monitor by clicking **Test Notifications**
2. Confirm the workflow activates in Rootly and performs the expected actions
3. View the run log under **Workflows → History** in Rootly

<Callout icon="circle-check">
  You have successfully built a Datadog alert workflow in Rootly!
</Callout>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Alerts are not appearing in Rootly" icon="circle-exclamation">
    Verify the webhook URL is exactly `https://webhooks.rootly.com/webhooks/incoming/datadog_webhooks`. Confirm the Custom Headers `secret` value matches what is shown in **Alerts → Sources → Datadog → Configure** in Rootly. Check that the Datadog integration is still connected under **Configuration → Integrations**.
  </Accordion>

  <Accordion title="How do I find the ID for the notification_target?" icon="magnifying-glass">
    Open the resource (User, Team, Escalation Policy, or Service) in Rootly and click **Edit**. The resource ID appears in the URL or in the edit form. Copy it and paste it into the `id` field of the paging payload.
  </Accordion>

  <Accordion title="Can I send alerts from multiple Datadog monitors to Rootly?" icon="layer-group">
    Yes. Create one webhook and attach it to as many monitors as needed by adding `@webhook-<WEBHOOK_NAME>` to each monitor's notification body. Each alert will appear separately in Rootly's Alerts page.
  </Accordion>

  <Accordion title="What alert workflow triggers are available?" icon="bolt">
    Alert workflows in Rootly support **Alert Created** (fires on new alerts) and **Alert Status Updated** (fires when an existing alert changes). Use conditions to filter by source (Datadog), payload fields like `alert_priority` or `alert_title`, or alert status.
  </Accordion>

  <Accordion title="Why aren't my WARNING alerts paging me?" icon="shield-exclamation">
    By default, Rootly will only page for CRITICAL alerts from Datadog. If your team would like to enable paging for WARNING alerts, contact Rootly Support to have the feature enabled.
  </Accordion>
</AccordionGroup>


# Datadog
Source: https://docs.rootly.com/integrations/datadog/datadog

Ingest Datadog alerts to auto-create incidents, page on-call, and trigger workflow actions for notebooks, snapshots, and dashboards.

## Overview

Rootly's Datadog integration connects your monitoring stack to your incident response process. When a Datadog monitor fires, Rootly can receive the alert, route it to the right team, and automatically kick off an incident — all without manual intervention. During incidents, Rootly workflows can also pull Datadog notebooks, graph snapshots, and dashboards directly into the incident record.

## Features

<CardGroup>
  <Card title="Alert Ingestion" icon="bell">
    Receive Datadog monitor alerts in Rootly via webhooks and route them to on-call or incident workflows.
  </Card>

  <Card title="On-Call Paging" icon="phone">
    Page a specific user, team, escalation policy, or service directly from a Datadog alert payload.
  </Card>

  <Card title="Notebook Automation" icon="book-open">
    Create Datadog notebooks automatically from Rootly workflow actions during incidents.
  </Card>

  <Card title="Snapshot & Dashboard Retrieval" icon="camera">
    Pull Datadog graph snapshots and dashboards into incident records via workflow actions.
  </Card>
</CardGroup>

## Requirements

* Datadog account with Admin access
* Rootly account with Owner or Admin role

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/datadog/installation">
    Connect Datadog to Rootly using API and Application keys.
  </Card>

  <Card title="Alerts" icon="bell" href="/integrations/datadog/alerts">
    Set up webhooks to forward Datadog alerts to Rootly.
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/datadog/workflows">
    Use Datadog actions in Rootly incident workflows.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/datadog/installation

Connect your Datadog account to Rootly using API and Application keys to enable monitor alert ingestion, snapshots, and workflow actions.

## Before You Begin

<Callout icon="triangle-exclamation">
  We recommend performing the installation with a **service account** to ensure the integration does not break if the installing user leaves the company. Ensure you are logged in as an **Admin** in Rootly.
</Callout>

You will need three pieces of information from Datadog:

* **Host** — your Datadog account's API hostname
* **API Key** — authenticates Rootly with your Datadog organization
* **Application Key** — grants Rootly permission to read dashboards

## Set Up the Datadog Integration

<Steps>
  <Step title="Open Rootly Integrations">
    Navigate to **Configuration → Integrations** in Rootly, search for **Datadog**, and click **Setup**.

    <Frame>
      <img alt="Datadog integration card in Rootly's integrations catalog" />
    </Frame>
  </Step>

  <Step title="Create an API Key in Datadog">
    In Datadog, navigate to **Organization Settings → API Keys** and click **+ New Key**.

    <Frame>
      <img alt="Creating a new API key in Datadog organization settings" />
    </Frame>

    Name the key (e.g., `Rootly Integration`) and click **Create Key**. Copy the key immediately.

    <Callout icon="triangle-exclamation">
      The API key value is only shown once at creation. Copy it before closing the dialog — not the Key ID.
    </Callout>
  </Step>

  <Step title="Create an Application Key in Datadog">
    In Datadog, navigate to **Personal Settings → Security → Application Keys** and click **+ New Key**.

    <Frame>
      <img alt="Creating a new application key in Datadog personal settings" />
    </Frame>

    Name the key (e.g., `Rootly Integration`), then edit its scope to include **Read** permission for **Dashboards**.

    <Frame>
      <img alt="Adding dashboard read scope to the Datadog application key" />
    </Frame>

    Copy the application key.

    <Callout icon="circle-info">
      Rootly only requires `dashboard_read` scope. You can add more permissions if needed for other integrations, but this is the minimum required.
    </Callout>
  </Step>

  <Step title="Enter credentials in Rootly">
    Back in the Rootly setup form, enter:

    * **Host** — your Datadog API hostname. Common values:

      | Region        | Host                    |
      | ------------- | ----------------------- |
      | US1 (default) | `api.datadoghq.com`     |
      | US3           | `api.us3.datadoghq.com` |
      | US5           | `api.us5.datadoghq.com` |
      | EU            | `api.eu.datadoghq.com`  |
      | Gov           | `api.ddog-gov.com`      |

    * **API Key** — paste the API key you created

    * **Application Key** — paste the application key you created

    Click **Connect**.

    <Frame>
      <img alt="Datadog integration configuration form in Rootly" />
    </Frame>
  </Step>

  <Step title="Confirm connection">
    Datadog will appear as **Connected** in your integrations list.

    <Frame>
      <img alt="Datadog showing as connected in Rootly's integrations list" />
    </Frame>
  </Step>
</Steps>

## Uninstall

To remove the Datadog integration:

1. Go to **Configuration → Integrations** and find **Datadog**
2. Click the **Connected** button to reveal the disconnect option
3. Click **Delete**

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>


# Workflows
Source: https://docs.rootly.com/integrations/datadog/workflows

Use Datadog workflow actions in Rootly to create notebooks, retrieve graph snapshots, fetch dashboards, and pull metric data automatically during incidents.

## Overview

Rootly workflows can interact with Datadog during an incident. You can create Datadog notebooks to capture investigation notes, pull graph snapshots to attach signal data to the incident record, and fetch dashboards for situational awareness — all triggered automatically or on demand.

<Callout icon="circle-info">
  These workflow actions require the Datadog integration to be connected. See [Installation](/integrations/datadog/installation) if you have not yet set it up.
</Callout>

## Available Datadog Workflow Actions

| Action                         | Description                                                                                  |
| ------------------------------ | -------------------------------------------------------------------------------------------- |
| **Create Datadog Notebook**    | Creates a new notebook in your Datadog account, optionally pre-populated with incident data  |
| **Get Datadog Graph Snapshot** | Retrieves a point-in-time snapshot of a Datadog metric graph and attaches it to the incident |
| **Get Datadog Dashboard**      | Fetches a Datadog dashboard URL and surfaces it in the incident timeline                     |

## Create Datadog Notebook

Use this action to automatically create a Datadog notebook when an incident starts or reaches a specific status. Notebooks are useful for capturing investigation notes, timelines, and graphs in a single Datadog-native view.

<Steps>
  <Step title="Open workflow creation">
    Navigate to **Workflows** in Rootly and click **Create Workflow**, or open an existing workflow to edit it.
  </Step>

  <Step title="Add the action">
    Click **Add Action**, search for **Datadog**, and select **Create Datadog Notebook**.
  </Step>

  <Step title="Configure the action">
    | Field             | Required | Description                                                                                                                                                     |
    | ----------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
    | **Name**          | No       | A label for this action step. Does not affect behavior.                                                                                                         |
    | **Notebook Name** | Yes      | The title of the notebook. Supports Liquid syntax — use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to build dynamic names. |
  </Step>

  <Step title="Save the workflow">
    Click **Add**, name the workflow, and click **Create Workflow**.
  </Step>
</Steps>

## Get Datadog Graph Snapshot

Use this action to capture a point-in-time graph from Datadog and attach it to the incident. This is useful for preserving the state of a metric at the time an incident was declared or escalated.

<Steps>
  <Step title="Add the action">
    In your workflow, click **Add Action**, search for **Datadog**, and select **Get Datadog Graph Snapshot**.
  </Step>

  <Step title="Configure the action">
    | Field            | Required | Description                                                                                             |
    | ---------------- | -------- | ------------------------------------------------------------------------------------------------------- |
    | **Metric Query** | Yes      | The Datadog metric query to snapshot — for example `avg:system.cpu.user` with an optional scope filter. |
    | **Start**        | No       | Snapshot start time in Unix epoch seconds. Supports Liquid syntax.                                      |
    | **End**          | No       | Snapshot end time in Unix epoch seconds. Defaults to the current time if blank.                         |
  </Step>
</Steps>

## Get Datadog Dashboard

Use this action to retrieve a Datadog dashboard and surface its URL in the incident timeline. This gives responders quick access to the relevant monitoring view without leaving Rootly.

<Steps>
  <Step title="Add the action">
    In your workflow, click **Add Action**, search for **Datadog**, and select **Get Datadog Dashboard**.
  </Step>

  <Step title="Configure the action">
    | Field            | Required | Description                                                                                 |
    | ---------------- | -------- | ------------------------------------------------------------------------------------------- |
    | **Dashboard ID** | Yes      | The ID of the Datadog dashboard to fetch. Found in the dashboard URL (e.g., `abc-123-xyz`). |
  </Step>
</Steps>

## Alert Workflows

In addition to incident workflow actions, you can build **Alert workflows** in Rootly that trigger automatically when a Datadog alert arrives. These are separate from incident workflows and configured under **Workflows → Alert**.

Common patterns:

* **Auto-create an incident** when a SEV-1 Datadog alert fires
* **Page on-call** for alerts with `alert_priority` of `P1` or `P2`
* **Send a Slack message** to a channel when a monitor transitions to `ALERT`
* **Resolve the alert** automatically when Datadog sends a `RECOVERY` transition

To scope workflows to Datadog only, add a condition where **Source is Datadog**, or filter on payload fields like `alert_priority`, `alert_title`, or `alert_transition`. See the [Alerts](/integrations/datadog/alerts) page for a full walkthrough.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="The Create Notebook action ran but no notebook appeared in Datadog" icon="circle-exclamation">
    Check the workflow run log in Rootly for error details. Confirm the Datadog Application Key has sufficient permissions and that the integration is still connected under **Configuration → Integrations**.
  </Accordion>

  <Accordion title="Can I chain Datadog actions with other workflow steps?" icon="link">
    Yes. Datadog actions can be combined with any other Rootly workflow actions in the same workflow — for example, create a Datadog notebook and then send a Slack message with the notebook link.
  </Accordion>

  <Accordion title="What Liquid variables can I use in notebook names or metric queries?" icon="code">
    Any incident Liquid variable is supported. Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to browse available variables and preview their values.
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/dropbox-paper/installation

Install and configure the Dropbox Paper integration with Rootly to enable automated retrospective document creation and incident documentation workflows.

## Introduction

The Dropbox Paper integration connects Rootly with your Dropbox account so teams can automatically create and update retrospective documents during and after incidents through Genius workflows.

With the Dropbox Paper integration, you can:

* Automatically create retrospective documents in Dropbox Paper from incident workflows
* Populate documents using Rootly retrospective templates or custom Liquid templates
* Update existing Paper documents as an incident progresses
* Attach created documents directly to the incident record

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A Dropbox or Dropbox Business account

<Callout icon="user-shield">
  We recommend installing the integration with a **service account** so it does not break if the installing user leaves your organization.
</Callout>

<Callout icon="info">
  Access level depends on your Dropbox account type:

  * **Dropbox Paper** (personal) — non-admin access is sufficient, but you will only have access to your personal folders
  * **Dropbox Paper Business** — admin-level access is required to access team folders and namespaces
</Callout>

## Installation

<Steps>
  <Step title="Open the Dropbox Paper integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Dropbox Paper**.

    <Frame>
      <img alt="Dropbox Paper integration on the integrations page" />
    </Frame>
  </Step>

  <Step title="Authorize Rootly in Dropbox" icon="key">
    You will be prompted to sign in to Dropbox and grant Rootly permission to access your account.

    Once confirmed, the installation is complete and Dropbox Paper workflow actions become available.

    <Callout icon="circle-check">
      After authorization, the **Create a Dropbox Paper** and **Update a Dropbox Paper** workflow actions are immediately available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

## Uninstall

To remove the Dropbox Paper integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Workflows
Source: https://docs.rootly.com/integrations/dropbox-paper/workflows

Configure Dropbox Paper workflow actions in Rootly to automatically create and update retrospective documents from incidents using Liquid templates.

## Overview

The Dropbox Paper integration provides two workflow actions for creating and updating Paper documents from incidents. If you are unfamiliar with how workflows function, see the [Workflows](/workflows) documentation first.

<Frame>
  <img alt="Dropbox Paper workflow actions" />
</Frame>

## Create a Dropbox Paper Document

This action creates a new Paper document in a specified Dropbox folder.

<Frame>
  <img alt="Create Dropbox Paper action configuration" />
</Frame>

### Fields

**Name**
The display name for this workflow action. Rename it to describe what the action does — the value does not affect behavior.

**Namespace**
Only available when integrated with **Dropbox Paper Business**. Selects the team namespace from which the parent folder list is populated.

<Callout icon="info">
  If you integrated with personal Dropbox Paper, the Namespace field is not shown and folders are limited to your personal folders.
</Callout>

**Parent Folder**
The folder in which the Paper document will be created.

* **Dropbox Paper** (personal) — shows your personal folders
* **Dropbox Paper Business** — shows folders within the selected Namespace

**Title**
The title of the Paper document. Defaults to `{{ incident.title }}`. Supports Liquid syntax.

<Callout icon="lightbulb">
  Use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer) to preview what Liquid variables return for your incidents.
</Callout>

**Retrospective Template**
Select a predefined retrospective template to populate the document body. Templates are managed on the [Retrospective Templates page](https://rootly.com/account/retrospective-steps?tab=documents).

<Callout icon="triangle-exclamation">
  If a Retrospective Template is selected, it overrides any content defined in the Custom Retrospective Template field.
</Callout>

**Custom Retrospective Template**
Define the body content of the Paper document manually. Supports Liquid syntax. Used only when no Retrospective Template is selected.

**Mark Post Mortem as Published**
When enabled, marks the retrospective status as `published` after the document is created. Use this when you have follow-up notification workflows that trigger on published retrospectives.

## Update a Dropbox Paper Document

This action updates an existing Paper document with new content.

### Fields

**Name**
The display name for this workflow action.

**File ID**
The Dropbox file ID of the Paper document to update. Supports Liquid syntax. Use `{{ incident.retrospective_url }}` or a stored file ID variable to reference the document created earlier in the workflow.

<Callout icon="info">
  When a **Create a Dropbox Paper** action runs, Rootly stores the resulting document URL and file ID on the incident record. You can reference the file ID in subsequent update actions using Liquid variables.
</Callout>

**Title**
The updated title for the document. Supports Liquid syntax. Leave blank to keep the existing title.

**Content**
Additional HTML content to append to the document. Supports Liquid syntax.

**Retrospective Template**
Select a predefined retrospective template to re-render the document body.


# Dynatrace
Source: https://docs.rootly.com/integrations/dynatrace

Set up Dynatrace as an alert source in Rootly to route problem notifications, configure urgency rules, page on-call teams, and auto-resolve alerts on recovery.

## Setup instructions

<Steps>
  <Step title="Create an Alert Source in Rootly">
    Begin by creating a Dynatrace alert source in Rootly. Navigate to **Settings** → **Alert Sources** and click **Add Alert Source**. Select **Dynatrace**.

    You may optionally configure default alert urgency, owner groups, alert fields, or deduplication settings. Once the alert source is saved, copy the webhook URL provided by Rootly.

    ```txt theme={null}
    https://webhooks.rootly.com/webhooks/incoming/dynatrace_webhooks?secret=YOUR_SECRET_KEY
    ```

    <Callout icon="key">
      The webhook secret authenticates incoming requests from Dynatrace. Treat this value as sensitive and rotate it if it is exposed.
    </Callout>
  </Step>

  <Step title="Create Dynatrace workflow">
    <Callout icon="warning">
      This step is for **Dynatrace Generation 3**.

      If using **Dynatrace Generation 2**, follow Dynatrace's [instructions](https://docs.dynatrace.com/docs/analyze-explore-automate/notifications-and-alerting/problem-notifications/webhook-integration) to send notifications via webhook, using the webhook URL provided by Rootly.
    </Callout>

    Create a new workflow in your Dynatrace environment.

    Select a **Problem** trigger. Choose "active or closed" for the "Event state" field. Configure any additional categories or tags.

    Add an **HTTP Request** task. Choose "POST" method, use the webhook URL provided in the Rootly alert source connection instructions. Copy and paste the following request payload:

    ```text theme={null}
    {
      "PID": "{{ event()['event.id'] }}",
      "Problem URL": "{{ environment()['url'] }}/ui/apps/dynatrace.davis.problems/problem/{{ event()['event.id'] }}",
      "ProblemTitle": {{ event()['event.name'] | to_json }},
      "ProblemDetailsHTML": {{ event()['event.description'] | to_json }},
      "State": "{{ event()['event.status'] }}"
    }
    ```

    Save the workflow.
  </Step>

  <Step title="Send a test alert">
    Run the workflow using an active problem event. You should see the alert in Rootly. When the problem is closed, the alert should auto-resolve in Rootly.
  </Step>
</Steps>

## Advanced Configuration

### Alert Fields

Alert fields allow you to transform the incoming Dynatrace request into alert fields using Liquid templates. These fields can be used to customize the alert title, description, and source link, as well as create additional custom fields for routing, urgency, filtering, and reporting.

Because the raw Dynatrace requests is stored in alert data in Rootly, you can inspect a sample alert from the source and use the alert payload viewer to copy Liquid variables and JSONPath selectors for field configuration.

### Alert Urgency

Dynatrace alerts can be assigned urgency dynamically using Rootly alert urgency rules. Rules may be based on raw payload JSONPath values or on alert field values generated from the request.

If no rule matches, Rootly applies the source's fallback alert urgency.

### Deduplication and Resolution

Rootly uses `external_id` to match trigger and resolve events for the same Dynatrace problem. If you want to suppress repeated notifications that represent the same incoming event, you can also configure a unique identifier in the **Events** tab and enable duplicate alert suppression.

This deduplication setting is separate from the required `external_id` field:

* `external_id` matches triggered and resolved events for the same alert.
* the **Events** tab unique identifier can suppress repeated create events before additional alerts are created.

### Notification Targets

In addition to default routing rules, Dynatrace alerts can be sent directly to specific notification targets using a specialized webhook endpoint.

```txt theme={null}
https://webhooks.rootly.com/webhooks/incoming/dynatrace_webhooks/notify/{notification_target_type}/{notification_target_id}?secret=YOUR_SECRET_KEY
```

The notification target type must be one of `Service`, `EscalationPolicy`, or `Group`. The notification target ID must be replaced with the UUID of the corresponding resource.


# Email
Source: https://docs.rootly.com/integrations/email

Create incidents by sending emails to your team's Rootly inbound alias, and send templated email notifications from workflows with Liquid and CC support.

## Overview

Rootly's Email integration works in both directions. Inbound emails to your team's generated alias automatically open new incidents, while the **Send an email** workflow action lets you notify stakeholders at any point during an incident.

<CardGroup>
  <Card title="Email-to-Incident" icon="envelope-open-text">
    Send an email to your Rootly alias to instantly create an incident — no login required.
  </Card>

  <Card title="Severity Detection" icon="triangle-exclamation">
    Rootly automatically maps severity from the email subject line using tags like `[SEV0]` or `sev1`.
  </Card>

  <Card title="Reply to Timeline" icon="reply">
    Reply to an incident notification email and Rootly adds your reply to the incident timeline.
  </Card>

  <Card title="Workflow Notifications" icon="paper-plane">
    Send fully templated emails to any address from a workflow, with Liquid variables, CC, BCC, and custom branding.
  </Card>
</CardGroup>

## Installation

The Email integration provisions automatically — there are no API keys or OAuth flows to complete.

<Steps>
  <Step title="Connect the integration">
    Go to **Configuration → Integrations**, find **Email**, and click **Setup**.

    <Frame>
      <img alt="Email integration in the Available Integrations list" />
    </Frame>

    Rootly immediately generates a unique email alias for your team.
  </Step>

  <Step title="Copy your alias">
    After connecting, click **Settings** to view your team's alias. It looks like:

    ```
    incidents-{secret}@email.rootly.io
    ```

    <Frame>
      <img alt="Email Account Settings showing the generated alias" />
    </Frame>

    Copy this address — you'll send incident-creating emails to it and can share it with monitoring tools or on-call rotation scripts.
  </Step>
</Steps>

## Creating Incidents via Email

To open an incident, send an email to your alias. The email subject becomes the incident title and the body becomes the initial description.

<Frame>
  <img alt="Gmail compose window sending an email to the Rootly alias" />
</Frame>

### Automatic Severity Detection

Rootly parses the subject line for severity tags and maps them to your configured severities. Supported formats:

| Subject format                                         | Mapped severity       |
| ------------------------------------------------------ | --------------------- |
| `[SEV0] Shopping cart is showing empty items`          | SEV0                  |
| `Shopping cart is showing empty items [SEV1]`          | SEV1                  |
| `Shopping cart is showing empty items, this is a sev1` | SEV1                  |
| `Shopping cart is showing empty items`                 | *(none — not mapped)* |

<Note>
  Severity tags are only matched if the corresponding severity exists in your Rootly configuration. If no match is found, the incident is created without a severity.
</Note>

## Replying to Incidents via Email

When Rootly sends an email notification for an incident, you can reply to it directly. Rootly detects the reply and appends it to the incident timeline.

<Frame>
  <img alt="Incident timeline showing an email reply added as a timeline entry" />
</Frame>

## Workflow Action

### Send an Email

Sends a fully templated email from a workflow. All text fields support [Liquid variables](/liquid/incident-variables).

<ParamField type="string">
  The sender address displayed to recipients. Defaults to `Rootly <workflows@rootly.com>`. You can override this with a custom address.
</ParamField>

<ParamField type="array">
  One or more recipient email addresses. Supports Liquid — for example, `{{ incident.commander.email }}` to notify the incident commander.
</ParamField>

<ParamField type="array">
  Email addresses to copy on the message.
</ParamField>

<ParamField type="array">
  Email addresses to blind-copy. Maximum 10 BCC recipients on trial plans.
</ParamField>

<ParamField type="string">
  The email subject line. Defaults to `{{ incident.title }} is on fire`. Supports Liquid.
</ParamField>

<ParamField type="string">
  The email body. Supports Markdown formatting and Liquid variables.
</ParamField>

<ParamField type="string">
  Short preview text that appears in the recipient's inbox next to the subject line. Supports Liquid.
</ParamField>

<ParamField type="string">
  A URL pointing to an image to use as the email header logo. Overrides the default Rootly logo.
</ParamField>

<ParamField type="boolean">
  Whether to include the email header section. Defaults to `true`.
</ParamField>

<ParamField type="boolean">
  Whether to include the email footer section. Defaults to `true`.
</ParamField>

<Tip>
  Set the **To** field to `{{ incident.commander.email }}` or `{{ incident.subscribers | map: 'email' | join: ',' }}` to dynamically address emails based on who is assigned to the incident.
</Tip>

## Uninstall

To remove the Email integration:

1. Go to **Configuration → Integrations** and find **Email**
2. Click **Settings**
3. Click **Delete**

<Warning>
  Deleting the integration permanently removes your alias. Any monitoring tools or scripts sending emails to the old alias will stop creating incidents. You will receive a new alias if you reconnect.
</Warning>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I use my own email domain for the alias?" icon="circle-question">
    No. The inbound alias is always on Rootly's domain (`email.rootly.io`). If you need to route from your own domain, set up email forwarding from your mail provider to the Rootly alias.
  </Accordion>

  <Accordion title="Can multiple monitoring tools share the same alias?" icon="circle-question">
    Yes. Any email sent to your alias creates an incident, regardless of the sender. You can configure as many tools as needed to send alerts to the same address.
  </Accordion>

  <Accordion title="What happens if the To field resolves to empty?" icon="circle-question">
    The workflow action is skipped and a log entry is recorded. No email is sent. This can happen if a Liquid expression resolves to an empty value — double-check your template variables if emails aren't being delivered.
  </Accordion>

  <Accordion title="Is there a limit on recipients?" icon="circle-question">
    On trial plans, BCC is capped at 10 recipients and total recipients (To + CC + BCC) at 50. Paid plans do not have these restrictions.
  </Accordion>
</AccordionGroup>


# Fivetran
Source: https://docs.rootly.com/integrations/fivetran

Sync Rootly incident, alert, and metrics data to your data warehouse via Fivetran for custom analytics, BI dashboards, and long-term reliability reporting.

## Overview

Fivetran is a no-code data movement platform that syncs your Rootly incident data directly into your data warehouse. Once connected, you can query incident data alongside the rest of your business metrics in any BI tool.

<CardGroup>
  <Card title="Warehouse Sync" icon="database">
    Pull Rootly incidents, workflows, roles, and more into Snowflake, BigQuery, Redshift, or any Fivetran-supported destination.
  </Card>

  <Card title="Custom Dashboards" icon="chart-bar">
    Build tailored visualizations and executive reports in your BI tool of choice — beyond what Rootly's built-in analytics provide.
  </Card>

  <Card title="Cross-Data Analysis" icon="arrows-split-up-and-left">
    Join Rootly incident data with other business metrics for deeper trend analysis and forecasting.
  </Card>

  <Card title="Automated Syncing" icon="rotate">
    Fivetran handles scheduling and incremental syncs — historical data is captured on first run, then kept up to date automatically.
  </Card>
</CardGroup>

## Synced Data

Fivetran syncs the following tables from Rootly into your destination:

| Table           | Contents                                                    |
| --------------- | ----------------------------------------------------------- |
| **Incidents**   | Core incident records — title, severity, status, timestamps |
| **Cause**       | Root cause data attached to incidents                       |
| **Roles**       | User role assignments per incident                          |
| **Form Fields** | Custom form field values                                    |
| **Workflows**   | Workflow definitions and run history                        |
| **Audit**       | Audit log entries                                           |

## Before You Begin

* You need a Fivetran account with a configured destination (Snowflake, BigQuery, Redshift, etc.)
* You need Rootly admin or owner access to generate an API key

## Installation

Setup is handled entirely in Fivetran. Rootly only needs to provide an API key.

<Steps>
  <Step title="Generate a Rootly API key">
    In Rootly, go to **Organization Settings → API Keys** and create a new API key. Copy it — you'll paste it into Fivetran.
  </Step>

  <Step title="Create a Rootly connector in Fivetran">
    In Fivetran, navigate to **Connectors** and add a new connector. Search for **Rootly** and select it.

    Enter your destination schema name and paste in your Rootly API key, then click **Save & Test**.

    <Info>
      For detailed field-by-field setup instructions, see [Fivetran's Rootly setup guide](https://fivetran.com/docs/connectors/applications/rootly/setup-guide).
    </Info>
  </Step>

  <Step title="Initial sync">
    Fivetran performs a full historical sync on first run, then syncs incrementally on a schedule based on your Fivetran plan.
  </Step>
</Steps>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="How often does Fivetran sync Rootly data?" icon="circle-question">
    Sync frequency is determined by your Fivetran plan and connector settings. Fivetran manages the schedule — there are no sync controls in Rootly.
  </Accordion>

  <Accordion title="Will historical incident data be included?" icon="circle-question">
    Yes. The initial sync captures all historical data available via the Rootly API. Subsequent syncs are incremental.
  </Accordion>

  <Accordion title="Where can I find the schema for the synced tables?" icon="circle-question">
    Fivetran maintains the full entity-relationship diagram at the [Rootly connector ERD](https://fivetran.com/connector-erd/rootly).
  </Accordion>

  <Accordion title="Do I need to do anything in Rootly after connecting?" icon="circle-question">
    No. The integration is managed entirely from Fivetran. As long as your Rootly API key remains valid, syncs will continue automatically.
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/freshservice/installation

Install and configure the Freshservice integration in Rootly to automatically create tickets and tasks from incidents in your IT service management workspace.

## Introduction

The Freshservice integration connects Rootly with your Freshservice instance so teams can automatically create and update tickets and tasks through Genius workflows. Tickets are created using Freshservice's ticket API with full support for priority, status, tags, CC recipients, and custom fields.

With the Freshservice integration, you can:

* Automatically create Freshservice tickets when incidents are declared or reach a certain state
* Create tasks within a Freshservice ticket to track action items
* Update ticket and task fields as incidents evolve
* Map incident severity and status to Freshservice priority and ticket status automatically

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A Freshservice account with admin access
* Your Freshservice subdomain (the part before `.freshservice.com`)
* A Freshservice API key

<Callout icon="info">
  To find your Freshservice API key, log in to Freshservice and go to **Profile Settings > API Key**. The key is shown at the bottom of the page.
</Callout>

<Callout icon="user-shield">
  We recommend installing with a dedicated Freshservice service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the Freshservice integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Freshservice**.
  </Step>

  <Step title="Enter your Freshservice credentials" icon="key">
    Provide the following:

    * **Domain Name** — your Freshservice subdomain (e.g. `yourcompany` for `yourcompany.freshservice.com`)
    * **API Key** — the API key from your Freshservice profile settings

    Select **Connect** to validate the credentials and complete installation.

    <Callout icon="circle-check">
      After installation, the **Create a Freshservice Ticket**, **Update a Freshservice Ticket**, **Create a Freshservice Task**, and **Update a Freshservice Task** workflow actions are available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

## Uninstall

To remove the Freshservice integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Workflows
Source: https://docs.rootly.com/integrations/freshservice/workflows

Configure Freshservice workflow actions in Rootly to create and update tickets and tasks from incidents with assignment, status, and category controls.

## Overview

The Freshservice integration provides four workflow actions for managing tickets and tasks. If you are unfamiliar with how Genius workflows work, visit the [Workflows](/workflows) documentation first.

## Available Workflow Actions

### Create a Freshservice Ticket

This action creates a new ticket in Freshservice.

| Field                     | Description                                                             | Required |
| ------------------------- | ----------------------------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                                   |          |
| **Request User Email**    | Email of the requester. Must exist in Freshservice. Supports Liquid     | Yes      |
| **Subject**               | Ticket subject line. Supports Liquid                                    | Yes      |
| **Description**           | Ticket body. Supports Liquid                                            |          |
| **Tags**                  | Comma-separated tags to apply to the ticket. Supports Liquid            |          |
| **CC Emails**             | Additional email addresses to CC on the ticket                          |          |
| **Priority**              | Ticket priority. **Auto** mirrors the incident severity                 |          |
| **Status**                | Ticket status. **Auto** mirrors the incident status                     |          |
| **Custom Fields Mapping** | JSON mapping Freshservice custom field names to values. Supports Liquid |          |

**Priority mapping (Auto)**

| Rootly Severity | Freshservice Priority |
| --------------- | --------------------- |
| Critical        | Urgent (4)            |
| High            | High (3)              |
| Medium          | Medium (2)            |
| Low             | Low (1)               |

**Status mapping (Auto)**

| Rootly Status | Freshservice Status |
| ------------- | ------------------- |
| Started       | Open (2)            |
| Mitigated     | Open (2)            |
| Resolved      | Resolved (4)        |

***

### Update a Freshservice Ticket

This action updates an existing Freshservice ticket.

<Callout icon="info">
  When a **Create a Freshservice Ticket** action runs, Rootly stores the resulting ticket ID on the incident record. Reference it in subsequent update actions using Liquid variables.
</Callout>

| Field                     | Description                                          | Required |
| ------------------------- | ---------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                |          |
| **Ticket ID**             | Freshservice ticket ID to update. Supports Liquid    | Yes      |
| **Subject**               | Updated ticket subject. Supports Liquid              | Yes      |
| **Description**           | Updated ticket description. Supports Liquid          |          |
| **Tags**                  | Updated tags. Supports Liquid                        |          |
| **Priority**              | Updated priority                                     |          |
| **Status**                | Updated ticket status                                |          |
| **Custom Fields Mapping** | Updated custom field values as JSON. Supports Liquid |          |

***

### Create a Freshservice Task

This action creates a task within an existing Freshservice ticket.

| Field                | Description                                                      | Required |
| -------------------- | ---------------------------------------------------------------- | -------- |
| **Name**             | Display name for this workflow action                            |          |
| **Parent Ticket ID** | Freshservice ticket ID to create the task under. Supports Liquid | Yes      |
| **Title**            | Task title. Supports Liquid                                      | Yes      |
| **Description**      | Task description. Supports Liquid                                |          |
| **Status**           | Task status. **Auto** mirrors the incident or action item status | Yes      |

**Task status mapping (Auto)**

| Rootly Status    | Freshservice Task Status |
| ---------------- | ------------------------ |
| Open             | Open (1)                 |
| In Progress      | In Progress (2)          |
| Done / Cancelled | Completed (3)            |

***

### Update a Freshservice Task

This action updates an existing task within a Freshservice ticket.

| Field                | Description                                                 | Required |
| -------------------- | ----------------------------------------------------------- | -------- |
| **Name**             | Display name for this workflow action                       |          |
| **Parent Ticket ID** | Freshservice ticket ID containing the task. Supports Liquid | Yes      |
| **Task ID**          | Freshservice task ID to update. Supports Liquid             | Yes      |
| **Title**            | Updated task title. Supports Liquid                         |          |
| **Description**      | Updated task description. Supports Liquid                   |          |
| **Status**           | Updated task status                                         | Yes      |

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Ticket creation fails with a requester not found error" icon="circle-exclamation">
    The email provided in the **Request User Email** field must correspond to an existing Freshservice contact or agent. Verify the email address exists in your Freshservice account before creating tickets.
  </Accordion>

  <Accordion title="Custom fields are not being set" icon="sliders">
    Custom field names in the **Custom Fields Mapping** JSON must match the field names as they appear in the Freshservice API (typically snake\_case). Check your Freshservice admin settings under **Admin > Custom Fields** to confirm the correct field names.
  </Accordion>
</AccordionGroup>


# Auto-Resolution
Source: https://docs.rootly.com/integrations/generic-webhook-alert-source/auto-resolution

Configure auto-resolution for the Generic Webhook Alert Source so Rootly can match recovery events to alerts using the identifiers and rules you define.

## Overview

Auto-resolution allows Rootly to update alerts when your external system sends a recovery or resolved-style webhook event.

This is useful when your monitoring or observability platform sends one event when an issue starts and another when that issue clears. By configuring the correct identifier and state fields, Rootly can use those follow-up webhook events to recognize the related alert and apply the resolution logic you defined.

## Before You Begin

Before configuring auto-resolution, make sure you already have a **Generic Webhook Alert Source** set up and that you understand which fields in your incoming webhook payload identify:

* The alert itself
* The current state of the alert

In most cases, you will need:

* An **external identifier** field that stays consistent across trigger and recovery events
* A **state** field that changes when the issue is resolved or cleared

If you have not configured those field mappings yet, start with the [Installation page](/integrations/generic-webhook-alert-source/installation).

## How It Works

Auto-resolution depends on the resolution configuration stored on the source.

For the Generic Webhook Alert Source, that configuration is based on:

* The field that identifies the alert
* The field that represents its state
* The value that should be treated as resolved

These settings allow Rootly to handle follow-up webhook events consistently when your source sends a recovery or cleared event.

## Configure Auto-Resolution

<Steps>
  <Step title="Map the identifier field" icon="fingerprint">
    Configure a field mapping for the external identifier in your webhook payload.

    This value should stay consistent across events for the same alert so Rootly can associate follow-up webhook events with the correct alert.
  </Step>

  <Step title="Map the state field" icon="wave-square">
    Configure a field mapping for the alert state in your webhook payload.

    This field should represent whether the alert is active, cleared, resolved, or in another lifecycle state used by your source system.
  </Step>

  <Step title="Define the resolved state value" icon="circle-check">
    Set the state value that Rootly should treat as resolved.

    In most cases, this is an exact match against the value you configure, such as `resolved`, `recovered`, or `ok`.
  </Step>

  <Step title="Enable auto-resolution" icon="arrows-rotate">
    Turn on auto-resolution for the Generic Webhook Alert Source after your identifier and state mappings are configured.

    Once enabled, Rootly uses those mappings and the resolved-state value as part of the source’s resolution configuration.
  </Step>
</Steps>

## Important Notes

* Auto-resolution depends on the field mappings configured for the source
* The identifier field and state field should be stable and predictable in your incoming webhook payload
* If your payload does not include the expected values, Rootly may still ingest the alert event, but it may not resolve the alert the way you intend
* Some teams may also use payload-driven alert status fields separately from auto-resolution mapping
* Teams using newer alert field or resolution-rule configuration may manage this behavior through that newer configuration path instead of the legacy generic webhook mapping flow

## Related Configuration

Auto-resolution is closely related to your webhook field mappings and alert automation setup.

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/generic-webhook-alert-source/installation">
    Set up the source, configure authentication, and map the incoming webhook payload fields.
  </Card>

  <Card title="Alert Workflows" icon="bolt" href="/workflows/alert-workflows">
    Automate incident creation, notifications, and other alert-driven actions after alerts are received.
  </Card>
</CardGroup>


# Generic Webhook Alert Source
Source: https://docs.rootly.com/integrations/generic-webhook-alert-source/generic-webhook-alert-source

Ingest alerts from any monitoring, observability, or security tool into Rootly via webhook — works with any system that can POST JSON to a URL.

The **Generic Webhook Alert Source** lets Rootly ingest alerts from any tool that can fire HTTP webhooks. If your monitoring, observability, security, or data-quality platform can send a POST with a JSON body, Rootly can turn that event into an alert, route it to the right responder, and trigger downstream automation.

Use it when your alerting tool doesn't have a dedicated Rootly integration, when you're ingesting alerts from custom or internal services, or when you want a single, unified pattern for handling webhook-based signals across multiple sources.

***

## Compatible Alerting Tools

If a tool can send an HTTP POST with a JSON body, it works with Rootly. The Generic Webhook Alert Source is the standard way to wire up alerts from:

* **Application performance & error tracking** — BugSnag, AppOptics, Coralogix
* **Infrastructure & log monitoring** — Sumo Logic, Elastic, Chronosphere, Nagios, PRTG
* **Uptime & synthetic monitoring** — Pingdom, StatusCake, uptime.com, Checkly, Cronitor, Runscope
* **Security & threat detection** — Crowdstrike, Expel
* **Data quality & observability** — Monte Carlo

It also works for internal services, custom monitoring jobs, scheduled scripts, and any system you build in-house that needs to page an on-call responder.

If your tool has a [dedicated Rootly integration](/integrations/overview), prefer that — native sources reduce setup time and ship with vendor-specific field mappings. The Generic Webhook Alert Source is the right choice when no native integration exists.

***

## How It Works

The Generic Webhook Alert Source gives you a webhook endpoint URL that your external system POSTs alert events to. When a request arrives, Rootly:

1. **Authenticates the request** using the Bearer Token or HMAC signature you configured for the source.
2. **Parses the JSON body** and extracts the fields you mapped — title, description, identifier, state, routing target.
3. **Creates or updates an alert** based on the External Identifier. If Rootly already has an alert with the same identifier, follow-up events update it; otherwise a new alert is created.
4. **Routes the alert** to the target you specified, either from the URL or from the payload itself.
5. **Triggers alert workflows**, which can create incidents, page on-call, post to Slack, or run any other downstream action you've configured.

Webhook events are processed asynchronously. The POST returns quickly; the alert appears in Rootly shortly after.

***

## Authentication

Rootly supports two authentication models. Pick based on how sensitive the alert data is and how much setup the sending system can absorb.

### Bearer Token (default)

A static secret sent in the `Authorization` header, or as a `secret` query string parameter on the webhook URL. Prefer the header form when your sending tool supports it — query parameters tend to be captured in proxy and load-balancer access logs, so they're more exposure-prone than a header. Either form is simple to set up: paste the secret into your sending tool and you're done.

### HMAC Signature

The sender signs the raw request body with a shared secret using HMAC-SHA256, and Rootly verifies the signature in the `X-Webhook-Signature-256` header using a timing-safe comparison. The signing secret never travels over the wire. Use this when the sending system can compute HMAC signatures and you want stronger tamper-evidence on every request.

<Note>
  HMAC must be enabled by Rootly support before you can select it during source creation. The Bearer Token stays required in HMAC mode — Rootly uses the bearer to identify the source and the HMAC signature to verify the request body.
</Note>

Code samples for both methods, including Python and Node.js HMAC signing examples, live on the [Installation](/integrations/generic-webhook-alert-source/installation) page.

***

## Mapping Payload Fields

Rootly doesn't require a specific JSON shape. You map fields from your sending tool's payload to Rootly's alert fields during source creation.

A typical payload from a monitoring tool:

```json theme={null}
{
  "alert_title": "High CPU on web-01",
  "alert_description": "CPU > 90% for 5 minutes",
  "external_id": "monitor-12345",
  "state": "triggered",
  "service": "web-api"
}
```

Map those fields to Rootly's alert fields in the source configuration:

| Rootly Field        | Mapped From         | Purpose                                                                |
| ------------------- | ------------------- | ---------------------------------------------------------------------- |
| Title               | `alert_title`       | Headline shown on the alert                                            |
| Description         | `alert_description` | Body text on the alert                                                 |
| External Identifier | `external_id`       | Stable key Rootly uses to match follow-up events to the same alert     |
| State               | `state`             | Lifecycle state — drives auto-resolution when a recovery event arrives |
| Routing Target      | `service`           | Which service, team, or escalation policy receives the alert           |

The **External Identifier** is what Rootly uses to match recovery events back to the original alert when [auto-resolution](/integrations/generic-webhook-alert-source/auto-resolution) is configured. Map it to whatever field your sending tool uses as the alert's persistent ID (`monitor_id`, `incident_id`, `alert_uuid`, etc.) so that a follow-up "resolved" event can close the original alert instead of being ignored.

See the [Installation](/integrations/generic-webhook-alert-source/installation) guide for the field-mapping UI walkthrough.

***

## Routing Alerts

There are two ways to tell Rootly where an alert should go. You can mix both across sources, but a single source typically uses one or the other.

<Steps>
  <Step title="Route By URL" icon="link">
    Include the target type and ID directly in the webhook URL Rootly generates:

    ```
    POST https://webhooks.rootly.com/webhooks/incoming/generic_webhooks/notify/<type>/<id>
    ```

    Use this when every alert from this source should always route to the same target — one service, one team, or one escalation policy. Cleanest setup, no payload mapping required for the target.
  </Step>

  <Step title="Route By Payload" icon="shuffle">
    Send the target type and ID in the JSON body and let Rootly extract them via field mappings:

    ```json theme={null}
    {
      "alert_title": "Database slow query",
      "notification_target_type": "service",
      "notification_target_id": "8c4a5e91-1b2d-4c3e-9f6a-7d8b2c5e9a01"
    }
    ```

    The `notification_target_id` is the Rootly resource's internal ID — open the service, team, or escalation policy in Rootly and copy the ID from its edit page. Names and slugs aren't accepted in this field.

    Use this when a single source needs to route alerts to different targets depending on the event — useful when your monitoring tool already tags events by service or team and you want that metadata to drive routing.
  </Step>
</Steps>

Common target types: `service`, `group` (or `team`), `escalationPolicy`.

***

## Auto-Resolution

When your sending tool fires a recovery or "cleared" event, Rootly can transition the original alert to resolved automatically. The match happens on the External Identifier, and the trigger is an exact-match value in the State field (typically `resolved`, `recovered`, or `ok`).

Configure auto-resolution after you've set up the source and its field mappings. The dedicated [Auto-Resolution](/integrations/generic-webhook-alert-source/auto-resolution) page covers the matching rules, payload requirements, and how to define the resolved-state value.

***

## From Alert to Incident

Alerts created through this source behave like any other Rootly alert — they're regular signals you can drive any of Rootly's alert-driven automation off of:

* **Create incidents** automatically based on alert content, severity, or service
* **Page on-call responders** through escalation policies
* **Post notifications** to Slack, Microsoft Teams, or email
* **Trigger downstream workflows** that update runbooks, status pages, ticketing systems, or run custom scripts

The webhook source ingests the alert; [alert workflows](/workflows/alert-workflows) decide what the alert *means* and what should happen next.

***

## Installation

The full step-by-step setup — creating the source, copying the endpoint URL, configuring authentication, mapping payload fields, configuring routing, and testing the integration — lives on the dedicated [Installation](/integrations/generic-webhook-alert-source/installation) page. It includes Python and Node.js code samples for HMAC signing and screenshots of the source-creation UI.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Rootly returns 401 Unauthorized" icon="lock">
    The most common cause is a missing or mismatched Bearer token. Confirm:

    * The `Authorization: Bearer <secret>` header is present on the request (or the `secret` query string parameter is set)
    * The secret matches the one shown in the source configuration in Rootly
    * If you're using HMAC, the `X-Webhook-Signature-256` header is also present and computed over the **raw** request body — not a re-serialized or pretty-printed version
  </Accordion>

  <Accordion title="The webhook returns 200 but no alert appears in Rootly" icon="ghost">
    Webhooks process asynchronously, so check again after a few seconds. If the alert still doesn't appear:

    * Verify the Title field mapping points at a non-empty field in the payload
    * Check the source's recent activity in Rootly to confirm the payload was received
    * Confirm the routing target referenced in the URL or payload exists and isn't archived
  </Accordion>

  <Accordion title="Alerts appear but the fields are empty" icon="square-question">
    The field mapping is pointing at JSON paths that don't exist in the incoming payload. Capture a real payload using a request inspector (RequestBin, webhook.site, or a local server), compare it against your mapping, and update the JSON paths to match the actual structure.
  </Accordion>

  <Accordion title="Recoveries create new alerts instead of closing the original" icon="copy">
    The External Identifier isn't mapped to a stable, unique value, so the resolved event can't be matched back to the original alert. Map it to whatever field your sending tool uses as the persistent ID (`monitor_id`, `incident_id`, `alert_uuid`, etc.) so trigger and recovery events share the same identifier.
  </Accordion>

  <Accordion title="Recovery events don't resolve the original alert" icon="arrows-rotate">
    Either the recovery payload has a different External Identifier than the original alert, or the State field isn't mapping to the exact resolved value you configured. See the [Auto-Resolution](/integrations/generic-webhook-alert-source/auto-resolution) page for the matching rules.
  </Accordion>

  <Accordion title="One source needs to route to multiple teams" icon="shuffle">
    Switch from URL-based routing to payload-based routing. Map the target type and target ID fields from the incoming JSON so the routing decision lives in the event itself.
  </Accordion>
</AccordionGroup>

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does my monitoring tool need a native Rootly integration?" icon="plug">
    No. If your tool can send an HTTP POST with a JSON body, the Generic Webhook Alert Source can ingest its alerts. Native integrations are nicer when they exist because they ship with vendor-specific field mappings and reduce setup time, but they're not required.
  </Accordion>

  <Accordion title="What's the difference between an alert and an incident in Rootly?" icon="circle-info">
    Alerts are signals — discrete events from your monitoring stack. Incidents are coordinated response — the war room, the timeline, the postmortem. One incident may be informed by many alerts. The webhook source creates alerts; [alert workflows](/workflows/alert-workflows) decide when an alert should escalate to an incident.
  </Accordion>

  <Accordion title="Can I use one webhook source for multiple tools?" icon="layer-group">
    You can, but it's cleaner to create one source per sending tool. Separate sources make it easier to route alerts differently per tool, attribute issues during troubleshooting, and manage authentication independently.
  </Accordion>

  <Accordion title="How do I send the same alert to multiple targets?" icon="arrows-split-up-and-left">
    Route the alert to a single target with the webhook, then use an alert workflow to fan out the response — page on-call, post to Slack, create an incident, update a status page. The webhook ingests the alert; the workflow decides what should happen next.
  </Accordion>

  <Accordion title="What if my tool only supports query-string secrets, not Authorization headers?" icon="circle-question">
    Both work. Rootly accepts the Bearer secret either as the `Authorization: Bearer <secret>` header or as a `secret` query string parameter on the webhook URL.
  </Accordion>

  <Accordion title="Can I customize the alert title beyond what the payload contains?" icon="pen">
    The webhook source maps from existing payload fields, and alert workflows fire after an alert is created and routed — not before. To compose a richer title (combining service name, severity, and a summary, for example), construct the title in your sending system before the webhook is sent and map the prepared field as the Title.
  </Accordion>

  <Accordion title="What payload shape does Rootly expect?" icon="brackets-curly">
    Any valid JSON. Rootly doesn't require a specific schema — instead you map your tool's existing fields to Rootly's alert fields during source setup. Most monitoring tools work out of the box; you just point them at the webhook URL and configure the mapping.
  </Accordion>
</AccordionGroup>

***

## Related Pages

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/generic-webhook-alert-source/installation">
    Step-by-step setup with code samples, payload mapping, routing, and testing.
  </Card>

  <Card title="Auto-Resolution" icon="arrows-rotate" href="/integrations/generic-webhook-alert-source/auto-resolution">
    Match recovery events to the original alert and resolve automatically.
  </Card>

  <Card title="Alert Workflows" icon="bolt" href="/workflows/alert-workflows">
    Turn alerts into incidents, page on-call, post notifications, and run custom automation.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/generic-webhook-alert-source/installation

Set up a Generic Webhook Alert Source to ingest alerts from any tool that sends webhooks, with authentication, payload mapping, and routing.

Use the Generic Webhook Alert Source when your monitoring or observability tool can send webhook events to Rootly but does not have a dedicated Rootly integration.

<Frame>
  <iframe />
</Frame>

## Before You Begin

Before creating a Generic Webhook Alert Source, make sure you have:

* Access to create alert sources in Rootly
* A tool that can send `POST` requests with a JSON body
* A plan for how alerts should be routed after ingestion
* The fields you want Rootly to extract, such as:
  * Alert title
  * Description
  * External identifier
  * Alert state
  * Routing target

For best results, send requests with `Content-Type: application/json`.

In production, the Generic Webhook Alert Source uses these endpoint patterns:

* Base endpoint: `POST https://webhooks.rootly.com/webhooks/incoming/generic_webhooks`
* Fixed target endpoint: `POST https://webhooks.rootly.com/webhooks/incoming/generic_webhooks/notify/<type>/<id>`

Use the **base endpoint** when routing will be determined from the incoming payload. Use the **notify** endpoint only when both the target type and target ID are included in the URL.

## Create and Configure the Source

<Steps>
  <Step title="Create the Generic Webhook Alert Source" icon="plus">
    Go to the [new alert source page](https://rootly.com/account/integrations) and locate **Generic Webhook Alert Source**.

    <Frame>
      <img alt="Generic Webhook Alert Source on the alert source page" />
    </Frame>

    You will be prompted to name the source.

    <Frame>
      <img alt="Name your Generic Webhook Alert Source" />
    </Frame>
  </Step>

  <Step title="Authenticate incoming requests" icon="shield-check">
    Rootly supports two authentication methods for incoming generic webhook requests: **Bearer Token** and **HMAC Signature**.

    ### Bearer Token (default)

    With Bearer Token authentication, Rootly verifies the request using a static secret. You can provide the secret in either of these ways:

    * `Authorization: Bearer <secret>`
    * `secret` as a query string or request parameter

    If the secret is missing or invalid, Rootly rejects the request.

    ### HMAC Signature

    <Note>HMAC signature authentication must be enabled for your organization. Contact Rootly support to enable it.</Note>

    HMAC provides a stronger authentication model where the signing secret never travels over the wire. Instead, the sender signs the request body and Rootly verifies the signature.

    When you select **HMAC Signature** as the authentication type during source creation, Rootly generates a signing secret for you. Your external system must use this secret to sign every request.

    To configure HMAC authentication:

    1. Select **HMAC Signature** as the authentication type when creating or editing the source
    2. Copy the **HMAC Signing Secret** shown in the setup instructions
    3. For each request, compute the signature over the raw request body:
       ```
       sha256=HMAC-SHA256(<signing_secret>, <raw_request_body>)
       ```
    4. Include the signature in the `X-Webhook-Signature-256` header

    <Warning>
      The `Authorization: Bearer <secret>` header is still required when using HMAC authentication. Rootly uses the Bearer token to identify the alert source, and the HMAC signature to verify the request body has not been tampered with.
    </Warning>

    Rootly verifies the signature using a timing-safe comparison. If the `X-Webhook-Signature-256` header is missing or the signature does not match, Rootly returns a `401 Unauthorized` response.

    **Example (Python):**

    ```python theme={null}
    import hmac
    import hashlib
    import requests

    signing_secret = "your_hmac_signing_secret"
    payload = '{"title": "High CPU usage", "state": "triggered"}'

    signature = "sha256=" + hmac.new(
        signing_secret.encode(),
        payload.encode(),
        hashlib.sha256
    ).hexdigest()

    requests.post(
        "https://webhooks.rootly.com/webhooks/incoming/generic_webhooks",
        headers={
            "Authorization": "Bearer <your_bearer_secret>",
            "Content-Type": "application/json",
            "X-Webhook-Signature-256": signature,
        },
        data=payload,
    )
    ```

    **Example (Node.js):**

    ```javascript theme={null}
    const crypto = require("crypto");

    const signingSecret = "your_hmac_signing_secret";
    const payload = JSON.stringify({ title: "High CPU usage", state: "triggered" });

    const signature =
      "sha256=" +
      crypto.createHmac("sha256", signingSecret).update(payload).digest("hex");

    fetch("https://webhooks.rootly.com/webhooks/incoming/generic_webhooks", {
      method: "POST",
      headers: {
        Authorization: "Bearer <your_bearer_secret>",
        "Content-Type": "application/json",
        "X-Webhook-Signature-256": signature,
      },
      body: payload,
    });
    ```
  </Step>

  <Step title="Map the incoming payload fields" icon="code-branch">
    Generic webhook sources do not require a strict vendor-specific payload shape. Instead, you configure how Rootly should interpret the incoming JSON by mapping fields from the webhook payload.

    At a minimum, you should map a field for the alert title so alerts are easy to identify in Rootly.

    Depending on your use case, you may also want to map:

    * Alert description
    * External URL
    * External identifier
    * Alert state
    * Notification target type
    * Notification target ID

    Follow the instructions shown on the Generic Webhook creation page to configure these mappings.
  </Step>
</Steps>

## Configure Routing Targets

There are two main ways to tell Rootly where an alert should route.

<Steps>
  <Step title="Set the target in the webhook URL" icon="link">
    This is the simplest option when each webhook should always route to the same target.

    With this approach, you include the target type and target ID in the webhook URL. This is useful when alerts from a given source should always be associated with the same service, team, escalation policy, or other supported target.

    Common target types include:

    * `service`
    * `group` or `team`
    * `escalationPolicy`

    <Frame>
      <img alt="Webhook URL configuration with notification target" />
    </Frame>

    When the target is defined in the webhook URL, you do not need to separately map the target type and target ID in the payload mapping step.
  </Step>

  <Step title="Set the target from the incoming payload" icon="shuffle">
    This option is more flexible when the same webhook source may need to route alerts to different targets.

    With this approach, your external system sends the target information in the webhook JSON body, and Rootly extracts it using your configured field mappings.

    Use this option when:

    * A single source may route alerts to different services or teams
    * Your observability tool already includes routing metadata in the webhook body
    * You want the routing decision to come from the event payload itself

    Advanced payloads can also include a Rootly notification target object directly in the JSON body when needed.
  </Step>
</Steps>

## Test the Source

<Steps>
  <Step title="Send a test alert" icon="flask">
    After setup, send a test alert from your observability provider and confirm that Rootly receives and processes it as expected.

    <Frame>
      <img alt="Testing a Generic Webhook Alert Source" />
    </Frame>
  </Step>

  <Step title="Confirm the alert was processed correctly" icon="circle-check">
    A successful test should confirm that:

    * The webhook request reaches Rootly
    * The payload is parsed correctly
    * The alert title and other mapped fields are populated as expected
    * The alert routes to the correct target
    * The alert appears in Rootly

    Rootly processes webhook events asynchronously, so the alert may appear shortly after a successful request.

    If the request is authenticated correctly but the payload is missing expected fields, Rootly may still ingest the event, but the alert may not contain the data you intended.
  </Step>
</Steps>

## Next Steps

<CardGroup>
  <Card title="Auto-Resolution" icon="arrows-rotate" href="/integrations/generic-webhook-alert-source/auto-resolution">
    Configure Rootly to resolve alerts automatically when your source sends recovery events.
  </Card>

  <Card title="Alert Workflows" icon="bolt" href="/workflows/alert-workflows">
    Automate incidents, notifications, and follow-up actions for alerts created through this source.
  </Card>
</CardGroup>


# Workflows & Features
Source: https://docs.rootly.com/integrations/github/functionalities

Create and update GitHub issues, fetch commit details, track pull request enrichment, and receive deployment events as Rootly pulses for incident context.

<Callout icon="ℹ️">
  To use these features, you must first connect GitHub to Rootly. See [GitHub Installation](/integrations/github/github).
</Callout>

## Workflow Actions

These actions are available in **Incident Workflows** and **Alert Workflows**.

### Create a GitHub Issue

Creates a new issue in the specified GitHub repository and links it to the Rootly incident or action item.

| Field                   | Description                                                             | Required |
| ----------------------- | ----------------------------------------------------------------------- | -------- |
| **Repository**          | The GitHub repository where the issue will be created (e.g. `org/repo`) | Yes      |
| **Title**               | Issue title. Supports Liquid templating (e.g. `{{ incident.title }}`)   | Yes      |
| **Body**                | Issue body/description. Supports Liquid templating                      | No       |
| **Labels**              | Comma-separated list of label names to apply to the issue               | No       |
| **Issue Type**          | The type of issue to create (e.g. `Bug`, `Feature`, `Task`)             | No       |
| **Parent Issue Number** | Issue number of the parent issue. Use this to create a sub-issue        | No       |

### Update a GitHub Issue

Updates an existing GitHub issue linked to the incident or action item.

| Field          | Description                                                                                                                                 | Required |
| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
| **Issue ID**   | The ID of the GitHub issue to update. Use the stored ID from a prior Create Issue action                                                    | Yes      |
| **Title**      | New title for the issue. Supports Liquid templating                                                                                         | No       |
| **Body**       | New body/description. Supports Liquid templating                                                                                            | No       |
| **Labels**     | Comma-separated list of label names to apply                                                                                                | No       |
| **Issue Type** | Updated issue type                                                                                                                          | No       |
| **Completion** | Set to **Auto** to mirror the incident or action item status. Closes the issue when the incident resolves or the action item is marked done | No       |

<Callout icon="ℹ️">
  When **Completion** is set to **Auto**, Rootly will automatically close the GitHub issue when the linked incident is resolved or the linked action item is completed.
</Callout>

### Get Commits

Fetches recent commits from one or more GitHub repositories and optionally posts them to the incident timeline or a Slack channel.

| Field                             | Description                                                                                                                                                          | Required    |
| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| **Services Impacted by Incident** | When enabled (default), automatically queries the GitHub repositories linked to the services impacted by the incident. Disable this to specify repositories manually | No          |
| **Service IDs**                   | Rootly service IDs whose linked GitHub repositories will be queried. Required when **Services Impacted by Incident** is disabled and **Repository Names** is not set | Conditional |
| **Repository Names**              | Explicit list of GitHub repository names to query (e.g. `org/repo`). Required when **Services Impacted by Incident** is disabled and **Service IDs** is not set      | Conditional |
| **Branch**                        | The branch to fetch commits from. Defaults to `master`                                                                                                               | No          |
| **Past Duration**                 | How far back to look for commits (e.g. `1h`, `30m`)                                                                                                                  | No          |
| **Post to Incident Timeline**     | When enabled, appends fetched commits as an event in the incident timeline                                                                                           | No          |
| **Post to Slack Channels**        | Slack channel names to post the commit list to                                                                                                                       | No          |

<Callout icon="ℹ️">
  When **Services Impacted by Incident** is disabled, either **Service IDs** or **Repository Names** must be provided. Each service used must have a GitHub repository configured in its settings.
</Callout>

## PR Link Enrichment

When an engineer pastes a GitHub PR URL into the incident's Slack channel, Rootly automatically:

1. Detects the PR link and attaches it to the incident
2. Tracks the PR status (open, approved, merged) in real time
3. Posts status updates in Slack as the PR progresses
4. Adds each status change as an event in the incident timeline

<Frame>
  <iframe />
</Frame>

## Inbound Events (Pulses)

Rootly receives GitHub webhook events and stores them as **pulses** — timestamped signals you can correlate with incidents.

### Supported Events

| Event                      | Trigger                                     |
| -------------------------- | ------------------------------------------- |
| **Push**                   | Any push to any repository branch           |
| **Pull Request: Opened**   | A new pull request is opened                |
| **Pull Request: Closed**   | A pull request is closed without merging    |
| **Pull Request: Merged**   | A pull request is merged                    |
| **Pull Request: Approved** | A pull request review approval is submitted |
| **Issues**                 | A GitHub issue is opened, closed, or edited |

### Pulse Labels

Each pulse includes the following labels for filtering and routing:

| Label        | Description                                | Events                |
| ------------ | ------------------------------------------ | --------------------- |
| `action`     | Event action (e.g. `push`, `pr_merged`)    | All                   |
| `repository` | Repository name where the event originated | All                   |
| `ref`        | Branch or tag ref (e.g. `refs/heads/main`) | Push, Pull Request    |
| `base`       | Target branch of the pull request          | Pull Request (merged) |
| `merged_by`  | GitHub login of the user who merged the PR | Pull Request (merged) |

## Secret Scanning

GitHub scans public repositories for known secret patterns, including Rootly API tokens.

Rootly has partnered with GitHub's secret scanning program. When a Rootly token is detected in a public repository, GitHub notifies Rootly, which then alerts workspace owners and allows them to revoke the token within seconds.

GitHub Advanced Security customers can additionally enable [push protection](https://github.blog/changelog/2022-04-04-secret-scanning-prevents-secret-leaks-with-protection-on-push/) to block Rootly tokens from entering repositories at push time.

* [Learn more about secret scanning](https://docs.github.com/en/github/administering-a-repository/about-secret-scanning)
* [Partner with GitHub on secret scanning](https://docs.github.com/en/developers/overview/secret-scanning/)

## Troubleshooting

<AccordionGroup>
  <Accordion title="Issues are not being created" icon="circle-exclamation">
    * Confirm the repository name is in `org/repo` format
    * Verify the connected GitHub account has write access to the target repository
    * Check that the **rootlyhq** GitHub App is still installed and has access to the repository
  </Accordion>

  <Accordion title="Get Commits returns no results" icon="code-commit">
    * Confirm the branch name is correct and exists in the repository
    * Check that the **Past Duration** window is wide enough to include recent commits
    * When using Service IDs, verify each service has a GitHub repository configured in its settings
  </Accordion>

  <Accordion title="PR enrichment is not working" icon="code-pull-request">
    * The incident must have an active Slack channel
    * The PR URL must be pasted directly in the incident Slack channel (not a thread)
    * Confirm the GitHub App has **Read** access to pull requests
  </Accordion>

  <Accordion title="Pulses are not appearing" icon="bolt">
    * Navigate to the Rootly integrations page and verify the GitHub connection is active
    * Re-authenticate if the OAuth token has expired
    * Confirm the **rootlyhq** GitHub App is installed and the webhook is active in your GitHub organization settings
  </Accordion>
</AccordionGroup>


# GitHub
Source: https://docs.rootly.com/integrations/github/github

Track deployments, create and update issues, fetch commits, and enrich PR links with automatic status tracking for incident management.

Connect GitHub to Rootly to automate issue tracking, surface commit context during incidents, and capture deployment signals as they happen.

**This integration allows you to:**

* Create and update GitHub issues from incident workflows
* Fetch recent commits across repositories during an incident
* Receive push, pull request, and issue events as Rootly pulses
* Automatically enrich GitHub PR links shared in Slack with live status updates

## Before You Begin

<Callout icon="⚠️">
  You must be an **Owner** of your GitHub organization and an **Admin** of your Rootly account to complete this installation.

  We recommend using a **service account** so the integration continues to work if a user leaves your organization.
</Callout>

This integration uses a two-step process:

1. Install the **rootlyhq** GitHub App from the GitHub Marketplace
2. Connect GitHub to Rootly via OAuth

## Permissions

The following GitHub App permissions are required:

| Permission    | Access Level |
| ------------- | ------------ |
| Checks        | Read         |
| Code          | Read         |
| Deployments   | Read         |
| Metadata      | Read         |
| Pull Requests | Read         |
| Issues        | Read + Write |

## Installation

### Step 1: Install the GitHub Marketplace App

<Steps>
  <Step title="Open your organization's GitHub Apps page">
    Navigate to the GitHub Apps page for your organization. Replace `<your-organization-name>` with your organization's name:

    ```
    https://github.com/organizations/<your-organization-name>/settings/installations
    ```

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Click **GitHub Marketplace**.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Find and add the Rootly app">
    Search for **rootly** and click on the Rootly app.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Click **Add** to begin the installation.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Select the correct organization">
    If you belong to multiple GitHub organizations, select the correct one and click **Install it for free**.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Confirm the correct organization is selected. Check **Allow my billing information to be linked with this organization** and click **Save**.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Click **Complete order and begin installation**.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Set repository scope and install">
    Select the desired **scope of access** (all repositories or specific repositories) and click **Install**.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Log out of GitHub">
    Log out of your GitHub account before proceeding. This is required so Rootly can re-establish the connection under the correct account.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>
</Steps>

### Step 2: Connect GitHub to Rootly

<Steps>
  <Step title="Find GitHub in Rootly Integrations">
    Navigate to the [Integrations](https://rootly.com/account/integrations) page in Rootly and search for **github**.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Authorize the connection">
    You'll be prompted to sign in to GitHub to authorize the connection to your organization.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Save the integration">
    Click **Save** to complete the setup.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    <Callout icon="✅">
      GitHub is now connected. You can use the **Create Issue**, **Update Issue**, and **Get Commits** workflow actions, and GitHub events will begin flowing in as pulses.
    </Callout>
  </Step>
</Steps>

## Uninstall

Uninstalling requires two steps — removing the integration from Rootly and uninstalling the GitHub App.

<Steps>
  <Step title="Delete from Rootly">
    Delete the GitHub integration from Rootly via the **Integrations** page.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Uninstall from GitHub">
    Uninstall the **rootlyhq** app from your organization's GitHub Apps page.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>
</Steps>


# GitLab
Source: https://docs.rootly.com/integrations/gitlab

Connect GitLab to Rootly to track deployments and merge requests as pulses, create issues from incidents, and enrich GitLab links in Slack.

## Introduction

The GitLab integration connects Rootly with GitLab through OAuth so your team can surface engineering context during incidents and automate issue tracking across both platforms.

With the GitLab integration, you can:

* Fetch recent commits from GitLab repositories through incident workflows
* Automatically track push events, merged merge requests, and deployment events as Rootly pulses
* Create and update GitLab issues directly from incident and action item workflows
* Enrich GitLab merge request links pasted into incident Slack channels with live status cards
* Connect to self-hosted GitLab instances in addition to gitlab.com

<Callout icon="code-branch">
  GitLab issues can be created from both incident workflows and action item workflows, making it easy to turn follow-up work into trackable GitLab tasks automatically.
</Callout>

## Before You Begin

Before setting up the GitLab integration, make sure you have:

* A Rootly account with permission to manage integrations
* A GitLab account with **admin access** to create OAuth applications
* The GitLab instance URL if you are using a self-hosted GitLab instance (must use HTTPS)

<Callout icon="triangle-exclamation">
  This integration uses OAuth 2.0. You will need to create an OAuth application in GitLab and paste the credentials into Rootly. Keep your application secret secure — it is encrypted at rest in Rootly.
</Callout>

## Installation

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **GitLab**.

    <Frame>
      <img alt="GitLab integration on the Rootly integrations page" />
    </Frame>
  </Step>

  <Step title="Create an OAuth application in GitLab" icon="key">
    In GitLab, go to **User Settings → Applications** (or **Admin Area → Applications** for instance-wide access) and create a new OAuth application.

    <Frame>
      <img alt="Creating a new OAuth application in GitLab" />
    </Frame>

    Enter the following values:

    | Field        | Value                                     |
    | ------------ | ----------------------------------------- |
    | Redirect URI | `https://rootly.com/auth/gitlab/callback` |
    | Scopes       | `api` or `read_api`                       |

    <Callout icon="info">
      Use the `api` scope to let Rootly automatically create webhooks on your repositories. If you prefer to manage webhooks yourself, use `read_api` instead.
    </Callout>

    <Frame>
      <img alt="GitLab OAuth application form with redirect URI and scopes filled in" />
    </Frame>
  </Step>

  <Step title="Paste your credentials into Rootly" icon="copy">
    After saving your GitLab application, copy the **Application ID** and **Secret** and paste them into Rootly.

    <Frame>
      <img alt="Rootly integration settings with Application ID and Secret fields" />
    </Frame>

    If you are using a self-hosted GitLab instance, enter your instance URL (must start with `https://`). The default is `https://gitlab.com`.
  </Step>

  <Step title="Select repositories to track" icon="list-check">
    Optionally, specify the repository names you want Rootly to track for pulse events. If you leave this blank, Rootly will track all repositories accessible to the connected account.

    <Callout icon="lightbulb">
      Limiting tracked repositories reduces noise. Only pushes, merge requests, and deployments from listed repositories will appear as Rootly pulses.
    </Callout>
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      Your GitLab integration is live. Rootly will begin tracking events from your repositories and the workflow actions below will be available in your incident and action item workflows.
    </Callout>
  </Step>
</Steps>

## Pulse Events

Rootly automatically ingests the following GitLab webhook events and records them as pulses on the incident timeline and service activity feed.

### Push Events

When a commit is pushed to any tracked repository, Rootly creates a pulse with:

* **Summary:** `[GitLab][Push] Commit: {commit message}`
* **Labels:** repository name, action (push)
* **Refs:** commit SHA, short SHA, branch ref

### Merge Request Events

When a merge request is merged, Rootly creates a pulse and posts an enriched card to any linked incident Slack channel with merge request details and status.

* **Summary:** `[GitLab][MR] Merged: {source branch}`
* **Labels:** repository name, action (pr\_merged)
* **Refs:** merge commit SHA, base branch

<Callout icon="link">
  Even if an MR is not merged during an active incident, Rootly will enrich any GitLab merge request URL pasted into an incident Slack channel with a live status card showing the MR title, author, and current state.
</Callout>

### Deployment Events

When a deployment event is received, Rootly creates a pulse tied to the associated environment.

* **Summary:** `[GitLab][Deploy] Commit: {title} | {status}`
* **Labels:** repository name, action (deploy)
* **Refs:** short commit SHA

### Issue Events

GitLab issue events are also ingested and converted to Rootly alerts with severity, state, and a link back to the GitLab issue.

## Workflow Actions

GitLab workflow actions are available in both incident workflows and action item workflows.

### Create a GitLab Issue

Creates a new issue in a specified GitLab repository. Available in incident and action item workflows.

| Field       | Description                                                            | Required |
| ----------- | ---------------------------------------------------------------------- | -------- |
| Repository  | The GitLab repository to create the issue in                           | Yes      |
| Issue Type  | Type of issue: `issue`, `incident`, `test_case`, or `task`             | No       |
| Title       | Issue title — supports Liquid templating (e.g. `{{ incident.title }}`) | Yes      |
| Description | Issue body — supports Liquid templating                                | No       |
| Labels      | Comma-separated labels to apply                                        | No       |
| Due Date    | Due date — supports Liquid templating                                  | No       |

<Callout icon="code">
  Use Liquid variables like `{{ incident.title }}`, `{{ incident.severity }}`, and `{{ incident.url }}` in the title and description to automatically populate issues with live incident context.
</Callout>

### Update a GitLab Issue

Updates an existing GitLab issue. Commonly used to close or reopen issues when an incident changes state.

| Field       | Description                                                                        | Required |
| ----------- | ---------------------------------------------------------------------------------- | -------- |
| Issue ID    | ID of the GitLab issue to update — supports Liquid templating                      | Yes      |
| Issue Type  | Type of issue to update                                                            | No       |
| Title       | Updated title                                                                      | No       |
| Description | Updated body                                                                       | No       |
| Labels      | Updated labels                                                                     | No       |
| Due Date    | Updated due date                                                                   | No       |
| Completion  | Whether to close or reopen the issue — can be set to auto-map from incident status | Yes      |

<Callout icon="repeat">
  Set **Completion** to auto-map from incident status so GitLab issues close automatically when the linked Rootly incident is resolved, and reopen if the incident is reopened.
</Callout>

### Get GitLab Commits

Fetches recent commits from one or more repositories and posts them to a Slack channel. Useful for surfacing recent code changes during incident investigation.

| Field                  | Description                                                          | Required |
| ---------------------- | -------------------------------------------------------------------- | -------- |
| Services               | Services to fetch commits for (uses the service's linked repository) | No\*     |
| Repository Names       | Specific GitLab repository names to query                            | No\*     |
| Branch                 | Branch to fetch commits from                                         | Yes      |
| Past Duration          | How far back to look (e.g. `2 hours`, `1 day`)                       | Yes      |
| Post to Slack Channels | Slack channels to post results to                                    | No       |

\* At least one of **Services** or **Repository Names** is required.

## Default Workflows

When GitLab is connected, Rootly can create the following default workflows to get you started:

* **Create a GitLab issue when an incident is declared** — automatically opens a GitLab issue tied to the incident
* **Update the GitLab issue when the incident is resolved** — closes the linked issue when the incident closes
* **Create a GitLab issue for each action item** — turns follow-up tasks into GitLab issues automatically
* **Update the GitLab issue when an action item is completed** — keeps GitLab in sync as action items are closed

Review and customize these workflows after installation to match your team's process.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Webhooks are not being created for my repositories" icon="webhook">
    Rootly automatically creates webhooks when you add repository names to the integration settings. If webhooks are not appearing in GitLab, confirm that the OAuth application was created with the `api` scope. The `read_api` scope does not allow Rootly to create webhooks on your behalf — you will need to create them manually if you use `read_api`.
  </Accordion>

  <Accordion title="Pulses are not appearing for push or merge request events" icon="eye-slash">
    Check that the repository name is listed in the integration's **Repository Names** field. Only events from listed repositories are tracked. Also verify that the GitLab webhook is active by checking **Repository → Settings → Webhooks** in GitLab and confirming the Rootly webhook URL appears there with recent delivery history.
  </Accordion>

  <Accordion title="GitLab merge request links are not being enriched in Slack" icon="link">
    Link enrichment applies to merge request URLs pasted into incident Slack channels. Confirm that the GitLab integration is connected and that the URL format matches a GitLab merge request (the path should contain `/merge_requests/`). Personal or group access tokens are not supported — the integration must be connected via OAuth.
  </Accordion>

  <Accordion title="Workflow actions fail with a repository not found error" icon="triangle-exclamation">
    The OAuth token must have access to the repository you are targeting. If the repository is in a group or namespace the connected user cannot access, the action will fail. Re-authenticate with a user or service account that has the appropriate permissions.
  </Accordion>

  <Accordion title="The integration disconnected after the connecting user left the team" icon="user-slash">
    GitLab OAuth tokens are tied to the user who authorized the application. If that user is removed from your GitLab instance, the token becomes invalid. Reconnect the integration using a GitLab service account or bot user to avoid this in the future.
  </Accordion>

  <Accordion title="Self-hosted GitLab instance is not connecting" icon="server">
    Make sure your instance URL starts with `https://` and does not have a trailing slash. Rootly does not support HTTP-only GitLab instances. Also confirm that your GitLab instance is reachable from the public internet, as Rootly needs to send webhook deliveries to it.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the GitLab integration, go to the integrations page in Rootly, find the GitLab account, and select **Configure → Delete**. This will disconnect the account and remove all Rootly-managed webhooks from your repositories.

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Automate GitLab issue creation and updates using incident workflow triggers.
  </Card>

  <Card title="Action Item Workflows" icon="list-check" href="/workflows/action-item-workflows">
    Automatically create and close GitLab issues as action items move through their lifecycle.
  </Card>

  <Card title="Pulses" icon="signal" href="/configuration/pulses">
    Learn how deployment and commit events appear as pulses in Rootly.
  </Card>
</CardGroup>


# Glean
Source: https://docs.rootly.com/integrations/glean

Sync Rootly incident data to Glean so your team can search incidents, schedules, alerts, and retrospectives alongside the rest of your company knowledge.

## Introduction

The Rootly–Glean connector is an open-source Python project that syncs Rootly data into Glean's unified search index. Once running, your team can search for incidents, on-call schedules, alerts, escalation policies, and retrospectives directly in Glean alongside all other company knowledge.

The connector syncs the following Rootly data types:

| Data Type               | What's included                                                        |
| ----------------------- | ---------------------------------------------------------------------- |
| **Incidents**           | Active and resolved incidents with severity, status, and timeline data |
| **Alerts**              | Alert configurations and monitoring rules                              |
| **Schedules**           | On-call schedules with rotations, shifts, and user assignments         |
| **Escalation Policies** | Escalation rules and notification chains                               |
| **Retrospectives**      | Post-incident analysis links                                           |

<Callout icon="circle-info">
  This is a connector-based integration — data flows from Rootly into Glean for search purposes. It runs as a standalone Python service, separate from the Rootly web UI. There is no account setup required within Rootly.
</Callout>

## Before You Begin

Before setting up the connector, make sure you have:

* **Python 3.13 or higher** — install via Homebrew on macOS: `brew install python@3.13`
* A **Rootly API token** — generate one in **Account** > **Manage API keys** > **Generate New API Key**
* A **Glean API token** — obtain from your Glean admin
* Your **Glean API host** — the hostname of your Glean instance (for example, `your-company-be.glean.com`)

## Installation

<Steps>
  <Step title="Clone the connector repository" icon="code-branch">
    ```bash theme={null}
    git clone https://github.com/rootlyhq/rootly-glean-connector.git
    cd rootly-glean-connector
    ```
  </Step>

  <Step title="Set up a Python virtual environment" icon="terminal">
    ```bash theme={null}
    python -m venv venv
    source venv/bin/activate
    ```
  </Step>

  <Step title="Install dependencies" icon="download">
    ```bash theme={null}
    pip install -r requirements.txt
    ```
  </Step>

  <Step title="Create your secrets file" icon="key">
    Create a `secrets.env` file in the project root with your API tokens:

    ```bash theme={null}
    GLEAN_API_TOKEN=your_glean_api_token_here
    ROOTLY_API_TOKEN=your_rootly_api_token_here
    ```

    This file is not committed to version control.
  </Step>

  <Step title="Configure the connector" icon="gear">
    Edit `config.json` to match your environment. At minimum, update the `glean.api_host` value to your Glean instance hostname:

    ```json theme={null}
    {
      "glean": {
        "api_host": "support-lab-be.glean.com"
      }
    }
    ```

    See [Configuration](#configuration) below for all available options.
  </Step>

  <Step title="Run the connector" icon="circle-check">
    ```bash theme={null}
    python app.py
    ```

    <Callout icon="circle-check">
      The connector is running and syncing Rootly data to Glean. Your team can now search for incidents, schedules, and more directly in Glean.
    </Callout>
  </Step>
</Steps>

## Configuration

All configuration lives in two files:

* **`config.json`** — non-sensitive settings (data types, limits, sync behavior)
* **`secrets.env`** — API tokens (keep this out of version control)

Key `config.json` options:

| Setting                    | Description                                                                                         |
| -------------------------- | --------------------------------------------------------------------------------------------------- |
| `glean.api_host`           | Your Glean instance hostname (default: `support-lab-be.glean.com`)                                  |
| Data type toggles          | Enable or disable syncing for incidents, alerts, schedules, escalation policies, and retrospectives |
| Item limits                | Maximum items to sync per data type                                                                 |
| Enhanced incident features | Include timeline events and action items in incident documents                                      |
| Logging level              | Set verbosity for debugging                                                                         |
| Sync interval              | How frequently the connector polls Rootly for updates                                               |

## Searching Rootly Data in Glean

Once the connector has synced, your team can search for Rootly data in Glean using natural language:

**Incidents**

* *"Find incidents with timeline events"*
* *"Show high severity resolved incidents"*

**Schedules & On-Call**

* *"Show the latest on-call schedule in Rootly"*

**Alerts**

* *"Show the latest alerts in Rootly"*

## Architecture

The connector is organized into four modules:

| Module              | Purpose                                                        |
| ------------------- | -------------------------------------------------------------- |
| `data_fetchers/`    | API clients that pull each Rootly data type via the Rootly API |
| `document_mappers/` | Converts Rootly data into the Glean document format            |
| `processors/`       | Coordinates sync orchestration across data types               |
| `glean_schema/`     | Glean document schema definitions                              |

This structure makes it straightforward to extend the connector — for example, to add a new Rootly data type, add a fetcher and a mapper for it.

## Troubleshooting

<AccordionGroup>
  <Accordion title="The connector fails to start" icon="terminal">
    Confirm Python 3.13+ is installed (`python --version`) and the virtual environment is activated (`source venv/bin/activate`). Make sure dependencies are installed with `pip install -r requirements.txt`.
  </Accordion>

  <Accordion title="Authentication errors on startup" icon="key">
    Confirm that `secrets.env` exists in the project root and contains valid values for both `GLEAN_API_TOKEN` and `ROOTLY_API_TOKEN`. Check that neither token has been revoked.
  </Accordion>

  <Accordion title="Data is not appearing in Glean search" icon="magnifying-glass">
    Allow a few minutes for Glean to index synced documents. If data still doesn't appear, check the connector logs for errors. Confirm `glean.api_host` in `config.json` matches your Glean instance hostname exactly.
  </Accordion>

  <Accordion title="Some data types are missing" icon="table">
    Each data type (incidents, alerts, schedules, etc.) can be individually enabled or disabled in `config.json`. Confirm the relevant data type is enabled and that your Rootly API token has access to it.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Rootly API" icon="code" href="/api-reference/overview">
    The connector uses the Rootly API to fetch data. See the API reference for available endpoints and token setup.
  </Card>

  <Card title="Connector on GitHub" icon="github" href="https://github.com/rootlyhq/rootly-glean-connector">
    Source code, issues, and release notes for the Rootly–Glean connector.
  </Card>

  <Card title="Rootly AI" icon="robot" href="/ai/ai">
    Learn about Rootly's built-in AI features for incident management.
  </Card>
</CardGroup>


# GoToMeeting
Source: https://docs.rootly.com/integrations/go-to-meeting

Automatically create GoToMeeting sessions for Rootly incidents and share meeting links in Slack channels for quick responder collaboration during outages.

## Overview

Rootly's GoToMeeting integration automatically creates a meeting bridge for each incident via a workflow action. Meeting links are shared directly to Slack channels so responders can join immediately.

<CardGroup>
  <Card title="Automatic Meeting Creation" icon="video">
    Spin up a GoToMeeting session the moment an incident is declared — no manual setup required.
  </Card>

  <Card title="Flexible Audio" icon="phone">
    Choose from PSTN, free conference call, hybrid, or VoIP audio depending on your team's setup.
  </Card>

  <Card title="Slack-Native" icon="hashtag">
    Meeting links are automatically posted to incident Slack channels so responders can join without leaving Slack.
  </Card>

  <Card title="Timeline Integration" icon="clock">
    Attach the meeting link to the incident timeline to keep a record of collaboration during the response.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You need a GoTo developer account to create an OAuth application at [developer.goto.com](https://developer.goto.com/)
* Use a **service account** rather than a personal account to prevent the integration from breaking if a user leaves

## Installation

Setting up GoToMeeting requires creating an OAuth application at GoTo's developer portal and connecting it to Rootly.

<Steps>
  <Step title="Create an OAuth app in GoTo Developer Portal">
    Go to [developer.goto.com](https://developer.goto.com/) and create a new OAuth application.

    <Frame>
      <img alt="GoTo Developer Portal OAuth app creation" />
    </Frame>

    Set the **Redirect URI** to:

    ```
    https://rootly.com/auth/go_to_meeting/callback
    ```

    <Frame>
      <img alt="Setting redirect URI in GoTo developer portal" />
    </Frame>
  </Step>

  <Step title="Configure required permissions">
    In the OAuth app settings, enable at least one of the following product scopes:

    * **GoToMeeting**
    * **GoToWebinar**
    * **GoToTraining**

    <Frame>
      <img alt="GoTo OAuth app permissions" />
    </Frame>
  </Step>

  <Step title="Connect in Rootly">
    In Rootly, go to **Configuration → Integrations** and find **GoToMeeting**. Click **Connect**, then enter your **Client ID** and **Client Secret** from the GoTo developer portal and authorize.

    <Note>
      After connecting, Rootly automatically creates a default workflow that triggers on incident creation (status: **Started**, priority: **High**) and creates a GoToMeeting session linked to the incident.
    </Note>
  </Step>
</Steps>

## Joining a Meeting

Once a GoToMeeting session is created for an incident, the meeting link appears in the **Integrations** section of the Rootly Slack bot message in the incident channel. Responders can click it to join without leaving Slack.

<Frame>
  <img alt="GoToMeeting link in Slack incident channel" />
</Frame>

## Workflow Action

### Create GoToMeeting

Creates a GoToMeeting session for the incident and optionally shares the link to Slack or the incident timeline.

<ParamField type="string">
  The meeting title. Supports [Liquid variables](/liquid/incident-variables) — for example, `{{ incident.title }}`. Maximum 200 characters.
</ParamField>

<ParamField type="enum">
  The audio conferencing mode for the meeting:

  * `ptsn` — PSTN dial-in number
  * `free` — Free conference call number
  * `hybrid` — Both PSTN and VoIP
  * `voip` — VoIP only
</ParamField>

<ParamField type="boolean">
  When enabled, GoToMeeting will require a password to join the session.
</ParamField>

<ParamField type="boolean">
  Attaches the meeting link to the incident timeline as a logged event.
</ParamField>

<ParamField type="array">
  One or more Slack channels to share the meeting link to. Use `{{ incident.slack_channel_id }}` to target the incident's dedicated channel.
</ParamField>

## Uninstall

To remove the GoToMeeting integration:

1. Go to **Configuration → Integrations** and find **GoToMeeting**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I create multiple GoToMeeting sessions for one incident?" icon="circle-question">
    No. Rootly stores one GoToMeeting session per incident — once a meeting has been created for an incident, subsequent **Create GoToMeeting** workflow actions will be skipped. If you need a new session, disconnect and reconnect the integration or create the meeting manually.
  </Accordion>

  <Accordion title="Which audio mode should I choose?" icon="circle-question">
    Choose **hybrid** if your team has a mix of office and remote participants — it provides both dial-in and VoIP options. Use **voip** for fully remote teams to avoid dial-in costs.
  </Accordion>

  <Accordion title="What happens if the OAuth token expires?" icon="circle-question">
    Rootly automatically refreshes the OAuth token in the background. If refresh fails (e.g., the connected account is deactivated), the integration will stop working. Use a service account to minimize this risk.
  </Accordion>

  <Accordion title="Do I need GoToMeeting specifically, or will GoToWebinar work?" icon="circle-question">
    Any of the three GoTo product scopes (GoToMeeting, GoToWebinar, GoToTraining) are supported. The workflow action creates a standard GoToMeeting session regardless of which scope is enabled.
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/google-calendar/installation

Connect Google Calendar to Rootly via OAuth or service account JSON credentials to enable event-based workflow actions, meeting creation, and calendar reads.

## Installing Google Calendar on Rootly

<Note>
  We recommend you perform the installation with a **service account** to ensure the integration doesn't break, should the installing user leave the company.

  Ensure that you are **logged in as an Admin user** in Rootly.
</Note>

Locate **Google Calendar** on the [Integrations catalog](https://rootly.com/account/integrations "Integrations catalog") and click on Setup.

<Frame>
  <img alt="Document Image" />
</Frame>

You'll be prompted to **choose a connection method** to your Google Meet:

* Connect through OAuth credentials
* Connect through JSON file credentials

<Frame>
  <img alt="Document Image" />
</Frame>

### Integrating via OAuth

<Note>
  This integration method is used for **non-GCP service accounts**. This is the simplest and the recommended approach to integrating with Google Meet.

  1. You can first create a Google account with a generic email (e.g. `acme_rootly@company.com`).
  2. Then log into that Google account on your browser.
  3. Add `acme_rootly@company.com` as a member in your Rootly organization.
  4. Follow the instructions below to integrate as `acme_rootly@company.com`.
</Note>

Click on `Setup` to start the integration process. You'll be prompted to select a Google account.

<Frame>
  <img alt="Document Image" />
</Frame>

After selecting a Google account, you'll be prompted to **grant Rootly permission** to integrate with your Google account.

<Frame>
  <img alt="Document Image" />
</Frame>

Select `Allow` and you'll be redirected back to Rootly and the installation is considered complete!

<Frame>
  <img alt="Document Image" />
</Frame>

### Integrating via GCP Service Account

<Note>
  This integration method is used for **GCP Service Accounts**. You can click [here](https://cloud.google.com/iam/docs/service-account-overview "here") to learn more about GCP Service Accounts.
</Note>

Navigate to your [Google Cloud](https://console.cloud.google.com/ "Google Cloud") Console, and click on `IAM & Admin`.

<Frame>
  <img alt="Document Image" />
</Frame>

Next, navigate to `Service Accounts` and create a new service account by clicking on `Create Service Account`.

<Frame>
  <img alt="Document Image" />
</Frame>

Fill in the Service account details, your `Service Account ID` will be automatically generated. Click on `Done` when you have completed the form.

<Frame>
  <img alt="Document Image" />
</Frame>



Next, Navigate to the `Keys` tab and click on `Add a Key`.

<Frame>
  <img alt="Document Image" />
</Frame>

Create a key and download the JSON format.

<Frame>
  <img alt="Document Image" />
</Frame>

Next, navigate back to the Rootly integration page and upload the JSON file.

<Frame>
  <img alt="Document Image" />
</Frame>

Now in [https://admin.google.com](https://admin.google.com/ "https://admin.google.com") > Security > [Api Controls](https://admin.google.com/ac/owl "Api Controls") > [Domain Wide Delegation](https://admin.google.com/ac/owl/domainwidedelegation "Domain Wide Delegation")

Select your service account and add the scope below:

* [https://www.googleapis.com/auth/calendar.readonly](https://www.googleapis.com/auth/calendar.readonly "https://www.googleapis.com/auth/calendar.readonly")
* [https://www.googleapis.com/auth/calendar.events](https://www.googleapis.com/auth/calendar.events "https://www.googleapis.com/auth/calendar.events")

<Frame>
  <img alt="Document Image" />
</Frame>

Now in [https://admin.google.com](https://admin.google.com/ "https://admin.google.com") > Google Workspace > [Core Google Workspace.](https://admin.google.com/ac/appslist/core "Core Google Workspace.")

Select Google Calendar.

* Configure External sharing options for primary calendar like below:
  <Frame>
    <img alt="Document Image" />
  </Frame>
* Configure Internal sharing options for primary calendar like below:
  <Frame>
    <img alt="Document Image" />
  </Frame>

Now go in your own calendar > Settings and share your calendar with the service account email with **make changes to events** permission.

<Frame>
  <img alt="Document Image" />
</Frame>

Make sure to enter the email of the user you want to schedule meetings as in the Rootly integration:

<Frame>
  <img alt="Document Image" />
</Frame>

Click `Save` and you should be all set!

## Uninstall

You can **uninstall** this integration in the integrations panel by clicking **Configure > Delete.**

***

## Importing a Google Calendar as a PTO Feed

The OAuth integration above is for event-based workflow actions. If your goal is instead to **overlay** holidays on your Rootly on-call schedules — for example, a shared team calendar tracking company holidays — no OAuth is required. Rootly accepts a Google Calendar's iCal URL as a holiday calendar feed.

<Warning>
  Use the calendar's **Secret address in iCal format** for any calendar containing HR or PTO data. The secret address works without making the calendar publicly readable on the internet. Reserve the **Public address** for calendars that are already meant to be shareable, such as a company-wide holidays calendar.
</Warning>

<Steps>
  <Step title="Open The Calendar's Settings">
    In Google Calendar, hover over the calendar in the left sidebar, click the overflow menu, and choose **Settings and sharing**.
  </Step>

  <Step title="Copy The iCal URL">
    Scroll to the **Integrate calendar** section and copy the URL that fits your use case:

    * For private or sensitive calendars, copy the URL under **Secret address in iCal format**. Treat this URL as a credential — anyone with it can subscribe to the calendar.
    * For calendars already intended to be public (like company holidays), copy the URL under **Public address in iCal format**. This option requires the calendar to be set as public under **Access permissions**.

    <Warning>
      Do not use the **Embed code** or the **Public URL to this calendar**. Those are for embedding the calendar on a webpage and will not work as a feed. Only the iCal URLs end in `.ics`.
    </Warning>
  </Step>

  <Step title="Add The Feed To Rootly">
    In the Rootly dashboard, go to **On-Call → Schedules**, open the **Holiday calendars** dropdown, and select **Add a holiday calendar**. Paste the iCal URL, give the calendar a descriptive name, and save.
  </Step>
</Steps>

<Tip>
  For the full behavior of holiday calendars in Rootly — conflict highlighting, recurring events, multi-region setups — see [Adding a Holiday Calendar](/on-call/holiday-calendar).
</Tip>


# Workflows
Source: https://docs.rootly.com/integrations/google-calendar/workflows

Use workflow actions in Rootly to create Google Calendar events with Google Meet links for incidents, with configurable attendees, time zones, and reminders.

## Overview

Our Google Meet integration leverages workflows to automatically schedule Google Calendar events. If you are unfamiliar with how Workflows function please visit our [Workflows](/workflows "Workflows") documentation first.

<Frame>
  <img alt="Document Image" />
</Frame>

## Available Workflow Actions

### Create a Google Calendar Event

This action allows you to **schedule a Google Meet meeting** on Google Calendar.

<Frame>
  <img alt="Document Image" />
</Frame>

#### Name

This field is automatically set for you. You can rename this field to whatever best describes your action. The value in this field does not affect how the workflow action behaves.

#### Summary

This field allows you to define the title of the Google Calendar event. The default value is `{{ incident.title }}` to match the title of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Description

This field allows you to define a description for the Google Calendar event. You can use `{{ incident.summary }}` to match the summary of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Attendees

This field allows you to provide the email addresses of the attendees to your Google Calendar event. You can also provide the attendees' email addresses from the incident by selecting on the of the dropdown values.

<Frame>
  <img alt="Document Image" />
</Frame>

#### Conference Type

This field allows you to select a conference type to attach a video meeting to your Google Calendar event using the selected option. Ensure that you select `Hangout`.

#### Time Zone

This field allows you to select a timezone for scheduling your Google Calendar event.

#### Days Until Meeting

This field allows you to specify the date of the Google Calendar event by providing the number of days left until the event.

#### Meeting Duration

This field allows you to define the duration of your Google Calendar event. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Time of Meeting

This field allows you to specify the start time of your Google Calendar event. Make sure you have selected the right timezone in the `Time Zone` field.

#### Slack Channels

This field is a dropdown that allows you to select one or more Slack channels from your Slack Workspace. If provided, the output will be sent to the Slack channel(s). You can use `{{ incident.slack_channel_id }}` or `{{ parent_incident.slack_channel_id }}` to notify your incident channel or the parent incident channel, respectively.

### Update a Google Calendar Event

This action allows you to **update an existing Google Calendar event**. This action will only update fields that you specify. Unspecified fields will keep existing values.

<Frame>
  <img alt="Document Image" />
</Frame>

#### Name

This field is automatically set for you. You can rename this field to whatever best describes your action. The value in this field does not affect how the workflow action behaves.

#### Event

This field allows you to specify the Google Calendar Event ID of the event you want to update. The default is set to `{{ incident.google_calendar_event_id }}` to match the event ID of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Summary

This field allows you to define the title of the Google Calendar event. You can use `{{ incident.title }}` to match the title of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Description

This field allows you to define a description for the Google Calendar event. You can use `{{ incident.summary }}` to match the summary of your incident. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Conference Type

This field allows you to select a conference type to attach a video meeting to your Google Calendar event using the selected option.

#### Attendees

This field allows you to provide the email address of the attendees to your Google Calendar event. You can also get the attendees' email addresses from the incident by selecting on the of the dropdown values. This field will only overwrite the previous list of attendees of the event if the Replace attendees box is checked.

<Frame>
  <img alt="Document Image" />
</Frame>

#### Adjustment

This field is a dropdown that allows you to specify the type of date-and-time adjustment you want to perform on your Google Calendar event, if any.

<Frame>
  <img alt="Document Image" />
</Frame>

#### Adjustment Days

This field is a dropdown that allows you to specify the number of days by which you want to adjust your Google Calendar event, if any.

#### Meeting Duration

This field allows you to define the duration of your Google Calendar event. This field supports Liquid syntax.

<Tip>
  **TIP:** You can use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer "Incident Variable Explorer") to test out what value each liquid variable returns.
</Tip>

#### Time of Meeting

This field allows you to specify the start time of your Google Calendar event. Make sure you have selected the right timezone in the `Time Zone` field.

#### Slack Channels

This field is a dropdown that allows you to select one or more Slack channels from your Slack Workspace. If provided, the output will be sent to the Slack channel(s). You can use `{{ incident.slack_channel_id }}` or `{{ parent_incident.slack_channel_id }}` to notify your incident channel or the parent incident channel, respectively.


# Google Cloud Monitoring
Source: https://docs.rootly.com/integrations/google-cloud-monitoring

Forward alerts from Google Cloud Monitoring to Rootly for escalation, Slack routing, on-call paging, and automated incident response across GCP workloads.

## Overview

Google Cloud Monitoring can be configured as an alert source that sends webhook notifications to Rootly whenever an alert fires in your GCP environment. Once alerts arrive in Rootly, they can trigger incident workflows, page on-call responders, or route notifications to Slack.

## Before You Begin

<Callout icon="triangle-exclamation">
  We recommend performing the installation with a **service account** to ensure the integration does not break if the installing user leaves the company. You will need a GCP account with access to Google Cloud Monitoring and a Rootly account with Admin permissions.
</Callout>

## Setting Up the Integration

To integrate Google Cloud Monitoring with Rootly, you will create a webhook notification channel in GCP that forwards alert notifications to Rootly. These alerts can then be used in Rootly for automation and incident response.

Follow these steps to set up the integration:

## Step 1: Choose Your Webhook Endpoint

You will first retrieve the appropriate Rootly webhook endpoint URL where GCP will send its alerts. Rootly provides two types of webhook endpoints: **Non-paging** and **Paging**. Depending on how you want to handle alerts from GCP, you can choose either type. Below is a summary of both options:

| Endpoint Type  | Behavior                                                                    | URL                                                                                      |
| -------------- | --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| **Non-paging** | Alert appears in Rootly for visibility and automation without paging anyone | `https://webhooks.rootly.com/webhooks/incoming/google_cloud_webhooks`                    |
| **Paging**     | Alert is received in Rootly **and** pages a specific resource you specify   | `https://webhooks.rootly.com/webhooks/incoming/google_cloud_webhooks/notify/<TYPE>/<ID>` |

<Callout icon="triangle-exclamation">
  For paging URLs, replace `<TYPE>` and `<ID>` with the resource you want to page:

  | Parameter | Allowed values                                                          | Example     |
  | --------- | ----------------------------------------------------------------------- | ----------- |
  | `TYPE`    | `User`, `Group`, `EscalationPolicy`, `Service`                          | `Service`   |
  | `ID`      | The unique ID of the resource in Rootly — found by editing the resource | `svc_12345` |
</Callout>

Copy the URL you need — you will use it in [Step 3](#step-3-create-the-webhook-notification-channel-in-gcp).

## Step 2: Retrieve Your Auth Password

Google Cloud Monitoring authenticates to Rootly using HTTP Basic Auth. The username is always `rootly` — the password is an organization-specific secret you retrieve from Rootly.

<Steps>
  <Step title="Open Alert Sources">
    Go to **Alerts → Sources** in Rootly and click **Add Source**, then select **Google Cloud Platform**.

    ![Add GCP as an alert source in Rootly](https://ik.imagekit.io/scdd/add-gcp.png?updatedAt=1763080096489)
  </Step>

  <Step title="Fill in the source details">
    Provide an **Alert Source Name** (e.g., `GCP – Production Alerts`) and select an **Owning Team**, then click **Add Source**.

    ![Add GCP Alert Source form](https://ik.imagekit.io/scdd/add-source.png?updatedAt=1763080278692)
  </Step>

  <Step title="Copy the Auth Password">
    On the **Google Cloud Setup** page, find **Step 5** and copy the **Auth Password**.

    ![Copy Auth Password from Rootly GCP setup](https://ik.imagekit.io/scdd/save-password.png?updatedAt=1763080511611)

    <Callout icon="triangle-exclamation">
      This password authenticates GCP to Rootly. Keep it secure and do not share it publicly.
    </Callout>
  </Step>
</Steps>

## Step 3: Create the Webhook Notification Channel in GCP

Now that you have:

* The **Rootly Webhook URL** from [Step 1](#step-1-choose-your-webhook-endpoint)
* The **Auth Password** from [Step 2](#step-2-retrieve-your-auth-password)

You can now use these values to create a Webhook Notification Channel in Google Cloud Monitoring.

<Steps>
  <Step title="Navigate to Alerting">
    In the Google Cloud Console, go to **Monitoring → Alerting**.

    ![Monitoring and Alerting page in GCP Console](https://ik.imagekit.io/scdd/alerting.png?updatedAt=1763080693197)
  </Step>

  <Step title="Edit notification channels">
    Click **Edit Notification Channels** at the top of the Alerting page.

    ![Edit Notification Channels in GCP Console](https://ik.imagekit.io/scdd/edit-notif-channel.png?updatedAt=1763080821318)
  </Step>

  <Step title="Add a new webhook">
    Scroll to the **Webhooks** section and click **Add New**.

    ![Add Webhook in GCP Console](https://ik.imagekit.io/scdd/webhooks-add.png?updatedAt=1763080957707)
  </Step>

  <Step title="Configure the webhook">
    Fill in the form using the values gathered in the previous steps:

    | Field                   | Value                                                                      |
    | ----------------------- | -------------------------------------------------------------------------- |
    | **Endpoint URL**        | The Rootly webhook URL from [Step 1](#step-1-choose-your-webhook-endpoint) |
    | **Display Name**        | A descriptive name, e.g. `Rootly – Production Alerts`                      |
    | **Use HTTP Basic Auth** | Enabled                                                                    |
    | **Username**            | `rootly`                                                                   |
    | **Password**            | The Auth Password from [Step 2](#step-2-retrieve-your-auth-password)       |
  </Step>

  <Step title="Test and save">
    Click **Test Connection** to verify GCP can reach Rootly.

    ![Test connection with Rootly webhook in GCP Console](https://ik.imagekit.io/scdd/test-connection.png?updatedAt=1763081495878)

    * If successful: click **Save** to create the notification channel.
    * If unsuccessful:
      * Verify the URL is correct
      * Confirm you used `rootly` as the username
      * Re-copy the Auth Password from Rootly

    <Callout icon="circle-check">
      Your integration is now active. Alerts from Google Cloud Monitoring will be delivered to Rootly and routed based on your paging or automation configuration.
    </Callout>
  </Step>
</Steps>

## Step 4: Verify the Test Alert in Rootly

After running **Test Connection**, a test notification is sent from GCP to Rootly. Confirm it arrived on the [Alerts page](https://rootly.com/account/alerts) in Rootly.

![GCP test alert appearing in Rootly](https://ik.imagekit.io/scdd/alert-from-gcp.png?updatedAt=1763081778856)

<Callout icon="triangle-exclamation">
  The GCP test payload differs from real alert payloads. Test with actual alerts in your environment to verify end-to-end functionality before relying on this in production.
</Callout>

<AccordionGroup>
  <Accordion title="View GCP test alert payload" icon="code">
    ```json theme={null}
    {
      "ID": "d7cdb19e-381e-4b72-8066-8691ac011529",
      "rootly": {
        "title": "Test Incident",
        "description": null,
        "alert_source_url": "http://www.example.com"
      },
      "version": "test",
      "incident": {
        "url": "http://www.example.com",
        "state": "OPEN",
        "metric": {
          "type": "test.googleapis.com/metric",
          "labels": { "example": "label" },
          "displayName": "Test Metric"
        },
        "summary": "Test Incident",
        "ended_at": 0,
        "metadata": {
          "user_labels": { "example": "label" },
          "system_labels": { "example": "label" }
        },
        "resource": {
          "type": "example_resource",
          "labels": { "example": "label" }
        },
        "condition": {
          "name": "projects/12345/alertPolicies/12345/conditions/12345",
          "displayName": "Example condition",
          "conditionThreshold": {
            "filter": "metric.type=\"test.googleapis.com/metric\" resource.type=\"example_resource\"",
            "trigger": { "count": 1 },
            "duration": "0s",
            "comparison": "COMPARISON_GT",
            "thresholdValue": 0.5
          }
        },
        "started_at": 0,
        "incident_id": "12345",
        "policy_name": "projects/12345/alertPolicies/12345",
        "condition_name": "Example condition",
        "observed_value": "1.0",
        "threshold_value": "0.5",
        "documentation": {
          "content": "TEST ALERT",
          "subject": "ALERT - No severity",
          "mime_type": "text/markdown"
        }
      },
      "rootly_alert_status": "open"
    }
    ```
  </Accordion>
</AccordionGroup>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="GCP test connection fails" icon="circle-exclamation">
    Verify the Endpoint URL is correct and matches your intended alert type (paging or non-paging). Confirm the username is exactly `rootly` (lowercase). Re-copy the Auth Password from **Alerts → Sources → Google Cloud Platform → Configure** in Rootly — passwords can change if the source is recreated.
  </Accordion>

  <Accordion title="Alerts are not appearing in Rootly" icon="magnifying-glass">
    Confirm the webhook notification channel is attached to an active alerting policy in GCP. Check that the alert policy has fired by reviewing **Monitoring → Alerting → Incidents** in GCP. Verify the webhook URL and credentials in the notification channel settings.
  </Accordion>

  <Accordion title="How do I find the ID for a paging target?" icon="link">
    Open the resource (User, Team, Escalation Policy, or Service) in Rootly and click **Edit**. The resource ID appears in the URL or in the edit form. Use this ID in the paging URL path.
  </Accordion>
</AccordionGroup>


# Google Directory Sync
Source: https://docs.rootly.com/integrations/google-directory-sync

Automatically sync users and groups from Google Workspace to Rootly using the Google Admin Directory API to keep team membership and roles up to date.

<Frame>
  <img alt="Google Directory Sync integration tile" />
</Frame>

## Introduction

Google Directory Sync provides automatic user and group provisioning from Google Workspace into Rootly. Unlike [SCIM](/integrations/scim) (which relies on push events from an identity provider), Google Directory Sync periodically polls the Google Admin Directory API — approximately every 30 minutes — to keep your Rootly organization in sync with your Google Workspace directory.

<Callout icon="triangle-exclamation">
  Google Directory Sync and SCIM are **mutually exclusive**. You cannot enable both on the same organization. If SCIM provisioning is currently active on your team, you must disable it before enabling Google Directory Sync.
</Callout>

With Google Directory Sync, Rootly automatically:

* **Provisions users** — New Google Workspace users are added as Rootly members with first name, last name, email, phone numbers, profile photo, and timezone
* **Updates users** — Name and contact changes in Google Workspace are reflected in Rootly
* **Deprovisions users** — Users suspended or deleted in Google Workspace are soft-deleted in Rootly
* **Syncs groups** — Google Groups are mapped to Rootly Groups, with membership kept up to date
* **Assigns roles** — Rootly roles and on-call roles are assigned based on Google Group membership and Google role (Owner, Manager, Member)
* **Protects against mass deletion** — A configurable safeguard (default: 20%) prevents accidental bulk deprovisioning if the API returns partial results

## Before You Begin

Before setting up Google Directory Sync, make sure you have:

* A Google Workspace account with **super admin** access
* One of the following authentication methods:
  * **OAuth** — Recommended for smaller organizations. Uses a familiar Google sign-in flow.
  * **Service account with domain-wide delegation** — Recommended for enterprises with strict admin policies.

## Installation

Navigate to **Integrations** in your Rootly dashboard, find **Google Directory Sync**, and click **Setup**.

<Frame>
  <img alt="Google Directory Sync setup dialog" />
</Frame>

### Option A: OAuth Authentication

<Steps>
  <Step title="Connect with Google" icon="google">
    Click **Sign in with Google** and authenticate with a Google Workspace **super admin** account. Grant the following permissions when prompted:

    * `admin.directory.user.readonly`
    * `admin.directory.group.readonly`
    * `admin.directory.group.member.readonly`
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      You'll be redirected back to Rootly with the integration active. The first sync will run within 30 minutes, or you can click **Sync Now** to trigger it immediately.
    </Callout>
  </Step>
</Steps>

### Option B: Service Account Authentication

Use this method if your organization requires service accounts or restricts OAuth consent flows.

<Steps>
  <Step title="Create a service account" icon="key">
    In [Google Cloud Console](https://console.cloud.google.com/), go to **IAM & Admin > Service Accounts**. Click **Create Service Account**, name it (e.g., `rootly-directory-sync`), and click **Done**. Then open the service account, go to **Keys > Add Key > Create new key > JSON**, and download the key file.
  </Step>

  <Step title="Enable domain-wide delegation" icon="shield">
    In the service account details page, expand **Advanced Settings** and copy the **Client ID**. In [Google Admin Console](https://admin.google.com/), navigate to **Security > Access and data control > API controls > Domain-wide delegation**, click **Add new**, and enter the Client ID with the following scopes:

    ```
    https://www.googleapis.com/auth/admin.directory.user.readonly
    https://www.googleapis.com/auth/admin.directory.group.readonly
    https://www.googleapis.com/auth/admin.directory.group.member.readonly
    ```

    Click **Authorize**.
  </Step>

  <Step title="Configure in Rootly" icon="gear">
    In Rootly, select **Service Account** as the authentication method, upload the JSON key file, and enter the **impersonation email** — the email address of a Google Workspace super admin.

    <Callout icon="triangle-exclamation">
      The impersonation email must belong to an **active super admin**. The service account technically impersonates this user when calling the Google Directory API. If this user is suspended or deleted, syncing will fail. Use a dedicated service account admin that won't be deactivated.
    </Callout>

    You must also provide the **domain** — your Google Workspace primary domain (e.g., `yourcompany.com`). Click **Save** to validate the connection.
  </Step>
</Steps>

## What Gets Synced

### User Field Mappings

When Rootly provisions or updates a user, it maps the following fields from the Google Directory:

| Google Field          | Rootly Field      | Notes                                                              |
| --------------------- | ----------------- | ------------------------------------------------------------------ |
| `primary_email`       | `user.email`      | Used for matching — case-insensitive                               |
| `name.given_name`     | `user.first_name` |                                                                    |
| `name.family_name`    | `user.last_name`  |                                                                    |
| `phones[*].value`     | Phone numbers     | Normalized with US as default country code; all marked as verified |
| `thumbnail_photo_url` | Profile photo     | Downloaded and attached; skipped if user already has an avatar     |
| N/A                   | Timezone          | Set from the team's timezone for newly created users               |
| N/A                   | Membership role   | Set to the team's default SSO role on first provision              |
| N/A                   | On-call role      | Set to the team's default SSO on-call role on first provision      |

New users provisioned by Google Directory Sync receive the organization's configured **default SSO role** and **default SSO on-call role**. You can adjust these under your team's SSO settings.

### User Deprovisioning

When a Google Workspace user is suspended, archived, or deleted, their Rootly membership is soft-deleted. If the user has no other Rootly team memberships, the user record itself is also soft-deleted. This is reversible — if the user is reactivated in Google Workspace, they will be re-provisioned on the next sync cycle.

## Configuring Group Sync

<Steps>
  <Step title="Open the Groups tab" icon="users">
    Navigate to **Integrations > Google Directory Sync** and click the **Groups** tab.
  </Step>

  <Step title="Choose a sync mode" icon="list-check">
    Select one of two modes:

    * **Sync all groups** — All Google Groups in your directory are automatically mapped to Rootly Groups. Mappings are kept up to date as groups are added or removed in Google Workspace.
    * **Sync selected groups** — Only the groups you explicitly select are synced. Use the search box to find groups by name.

    <Frame>
      <img alt="Google Directory Sync group selection" />
    </Frame>
  </Step>

  <Step title="Configure per-group role mapping" icon="user-shield">
    For each synced group, you can configure how Google Group roles map to Rootly group admin status:

    * **Map Owners as admins** (default: on) — Google group OWNER role → Rootly group admin
    * **Map Managers as admins** (default: on) — Google group MANAGER role → Rootly group admin
    * Google group MEMBER role always maps to a regular group member

    You can also assign a **Rootly Role** and **On-Call Role** to be applied to all members of a specific group.
  </Step>
</Steps>

When using "sync all" mode, Rootly automatically creates group mappings for every Google Group in your directory and removes mappings for groups that no longer exist. When a Google Group is renamed, the linked Rootly Group name is updated to match.

Group members are resolved with nested group flattening — members of sub-groups are included. If a user appears via multiple paths with different roles, the highest role takes precedence (Owner > Manager > Member).

## Sync Status & Monitoring

The **Sync** tab shows the current status for both user and group sync, including last sync time, counts of users created/updated/deprovisioned, and any per-user or per-group errors.

<Frame>
  <img alt="Google Directory Sync status dashboard" />
</Frame>

Click **Sync Now** to trigger an immediate sync without waiting for the next scheduled run. Rootly prevents concurrent sync executions — if a sync is already running, a new one will not start.

Each sync produces a log entry with:

* Start and completion timestamps
* Counts: users created, updated, deprovisioned; group members added, updated, removed
* Per-item error details for any failures (individual failures do not abort the overall sync)

## Mass Deletion Safeguard

Rootly includes a configurable safeguard to prevent accidental bulk deprovisioning. By default, if a single sync cycle would deprovision more than **20%** of your current Rootly members, or remove more than 20% of a group's members, the deletions are skipped and logged as errors rather than executed.
All sync operations are logged and visible under the sync history section. Each log entry includes:

* Timestamp
* Operation type (user created, user removed, group updated, etc.)
* Affected user or group
* Success or error status

The threshold is always bypassed if the number of deletions is **5 or fewer**, regardless of percentage.

| Issue                                    | Cause                                                                         | Resolution                                                                                        |
| ---------------------------------------- | ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| "403 Forbidden" during setup             | Impersonation email doesn't have admin privileges                             | Ensure the impersonation email belongs to a Google Workspace admin                                |
| Users from secondary domains not syncing | Integration is using `domain` filter instead of `customer` parameter          | Contact Rootly support to verify configuration                                                    |
| Sync shows 0 users                       | Service account scopes not properly delegated                                 | Re-check domain-wide delegation settings in Google Admin Console                                  |
| "Mass deletion safeguard triggered"      | Google API returned partial results that would remove a large number of users | This is a safety feature. Check Google Workspace status and retry. Contact support if persistent. |
| Phone numbers not syncing                | Phone fields not populated in Google Workspace                                | Ensure users have phone numbers set in their Google Workspace profile                             |

## Troubleshooting

<AccordionGroup>
  <Accordion title="403 Forbidden error during setup or sync" icon="lock">
    For service account auth, the impersonation email must belong to an active super admin with Google Directory access. For OAuth, confirm you authenticated with a super admin account. Also verify that domain-wide delegation is configured with all three required scopes in Google Admin Console.
  </Accordion>

  <Accordion title="Sync shows 0 users" icon="circle-exclamation">
    The service account scopes may not be properly delegated. Re-check the domain-wide delegation settings in Google Admin Console and confirm all three required scopes are authorized for the service account's Client ID. Also ensure the `domain` field in Rootly matches your primary Google Workspace domain exactly.
  </Accordion>

  <Accordion title="Users from secondary domains are not syncing" icon="users">
    By default the integration queries by primary domain. If your organization has multiple domains, contact Rootly support — the integration may need to be configured to query by `customer` parameter instead of domain.
  </Accordion>

  <Accordion title="Mass deletion safeguard triggered" icon="shield">
    A single sync cycle attempted to remove more than 20% of your members or group membership, which exceeded the safety threshold. Check Google Workspace API status and verify the sync results are complete. If the removals are intentional (e.g., after a large offboarding), contact Rootly support to bypass the threshold for your organization.
  </Accordion>

  <Accordion title="Phone numbers are not syncing" icon="phone">
    Confirm that users have phone numbers set in their Google Workspace profiles. Rootly reads from the `phones` array in the Google Directory response — if this field is empty, no phone number will be synced. Phone numbers are normalized with US as the default country code; numbers in other formats may need to include a country code prefix.
  </Accordion>

  <Accordion title="Groups are not appearing in the group selector" icon="users">
    The group list is fetched via the Google Directory API. Confirm the connected account (OAuth user or service account impersonation target) has permission to view groups in your directory. Groups are paginated at 200 per request — all pages are fetched automatically.
  </Accordion>

  <Accordion title="Sync stopped working after an admin account change" icon="triangle-exclamation">
    For service account auth, syncing stops if the impersonation email belongs to a user who is suspended, deleted, or had their admin role removed. Update the impersonation email in the integration settings to a current active super admin.
  </Accordion>
</AccordionGroup>

If you encounter any issues not covered above, contact Rootly support at [support@rootly.com](mailto:support@rootly.com).

## Related Pages

<CardGroup>
  <Card title="SCIM" icon="users" href="/integrations/scim">
    Push-based provisioning from Okta, Entra, and other SCIM-compatible identity providers.
  </Card>

  <Card title="SSO" icon="lock" href="/integrations/sso">
    Configure SAML 2.0 single sign-on — required before enabling SCIM provisioning.
  </Card>

  <Card title="On-Call Schedules" icon="calendar" href="/on-call/schedules">
    Manage on-call schedules once users and groups are synced from Google Workspace.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/google-docs/installation

Connect Google Docs to Rootly for automated document generation, retrospective creation, and incident note management with OAuth and service account support.

Connect Google Docs to Rootly so workflows can automatically generate retrospectives, runbooks, and other incident documents from your templates. Setup takes 2 minutes via OAuth or about 10 minutes via a service account.

## Before You Begin

<Warning>
  You must be an **Admin or Owner** in Rootly to install integrations.

  * **OAuth:** Requires a Google account with access to Google Drive
  * **Service Account:** Requires Google Workspace admin access and a Google Cloud project
</Warning>

Choose your setup method based on your environment:

<CardGroup>
  <Card title="OAuth (Personal Account)" icon="user">
    **Best for:** Testing, evaluation, or personal use

    Connects your personal Google account. If that account loses access or the person leaves, the integration breaks.
  </Card>

  <Card title="Service Account (Recommended)" icon="building">
    **Best for:** Teams and production environments

    Uses a dedicated service account that isn't tied to any individual. More resilient and easier to manage at scale.
  </Card>
</CardGroup>

## Quick Setup (OAuth)

OAuth connects your personal Google account in about 2 minutes.

<Steps>
  <Step title="In Rootly, go to Configuration → Integrations">
    Use the search bar to find **Google Docs** among the available integrations.

    <Frame>
      <img alt="Rootly sidebar showing Configuration and Integrations menu" />
    </Frame>

    <Frame>
      <img alt="Integrations page with Google Docs search result" />
    </Frame>
  </Step>

  <Step title="Click Setup and choose OAuth">
    Select the OAuth connection method, then choose which Google account to connect.

    <Frame>
      <img alt="Google Docs setup button" />
    </Frame>
  </Step>

  <Step title="Approve the requested permissions">
    Google will ask Rootly to access Google Drive and Docs on your behalf. Approve to complete the connection.

    You'll be redirected back to Rootly once the authorization completes.
  </Step>
</Steps>

<Tip>
  Google Docs is now connected. You can create templates and wire them up in workflows — head to the [Workflows](/integrations/google-docs/workflows) page to get started.
</Tip>

## Production Setup (Service Account)

A service account keeps the integration running independent of any individual's Google account. This setup involves creating the account in Google Cloud, uploading its credentials to Rootly, and granting it domain-wide delegation.

<Steps>
  <Step title="In Google Cloud Console, go to IAM & Admin → Service Accounts">
    If you don't have a project yet, create one first. You'll create the service account inside an existing project.

    <Frame>
      <img alt="Google Cloud IAM Service Accounts page" />
    </Frame>
  </Step>

  <Step title="Create a new Service Account">
    Click **Create Service Account**, fill in a name and description, then click **Done**.

    <Frame>
      <img alt="Create service account form in Google Cloud" />
    </Frame>

    <Frame>
      <img alt="Service account created confirmation" />
    </Frame>

    After creating the account, click on its email address to open its details.

    <Frame>
      <img alt="Service account list — click email to open details" />
    </Frame>
  </Step>

  <Step title="Create a JSON key for the service account">
    Go to the **Keys** tab → **Add Key** → **Create new key**. Select **JSON** as the key type and click **Create**.

    <Frame>
      <img alt="Keys tab in service account details" />
    </Frame>

    <Frame>
      <img alt="Create new JSON key dialog" />
    </Frame>

    A `.json` file will download automatically — keep it safe, you'll need it in the next step.
  </Step>

  <Step title="Upload the JSON key to Rootly">
    In Rootly, go to **Configuration → Integrations → Google Docs → Setup**. Choose the **Service Account** connection method and upload the JSON file you just downloaded.

    <Frame>
      <img alt="Upload JSON key to Rootly setup screen" />
    </Frame>

    You should see a success message confirming the integration is active.
  </Step>

  <Step title="Enable Domain-wide Delegation">
    The service account needs domain-wide delegation to create documents on behalf of users in your Google Workspace.

    In [Google Admin Console](https://admin.google.com), go to **Security → API Controls → Domain-wide Delegation** and click **Add new**. Enter your service account's Client ID (found in GCP Console under the service account details), then add these OAuth scopes:

    ```
    https://www.googleapis.com/auth/drive.file
    https://www.googleapis.com/auth/drive.appdata
    https://www.googleapis.com/auth/documents
    ```

    Click **Authorize**.

    <Frame>
      <img alt="Domain-wide delegation setup in Google Admin Console" />
    </Frame>
  </Step>
</Steps>

<Warning>
  Without domain-wide delegation, the service account can't create documents on behalf of users. If you skip this step, document creation will fail silently in workflows.
</Warning>

## Verify the Connection

Once connected, confirm the integration is working before building templates and workflows.

<Tabs>
  <Tab title="OAuth">
    1. The integration should show **Connected** status with your Google account email
    2. Try creating a test document in Google Drive to confirm access is working
  </Tab>

  <Tab title="Service Account">
    1. The integration should show **Connected** status with the service account email
    2. Confirm domain-wide delegation is active — changes can take up to 15 minutes to propagate
    3. Run a test workflow (see the [Workflows](/integrations/google-docs/workflows) page) to validate end-to-end
  </Tab>
</Tabs>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Authentication failed" icon="circle-x">
    **OAuth:** Try signing in again using a different browser or an incognito window.

    **Service Account:** Verify the JSON key file is valid and hasn't been corrupted or truncated.
  </Accordion>

  <Accordion title="403 Forbidden when creating documents" icon="ban">
    This is almost always a domain-wide delegation issue. Check that:

    * The Client ID in Google Admin matches your service account exactly
    * All three OAuth scopes are entered as shown (no extra spaces or typos)
    * You've waited at least 15 minutes for Google to propagate the changes
  </Accordion>

  <Accordion title="Integration shows connected but documents aren't created" icon="triangle-exclamation">
    **OAuth:** Re-authenticate to refresh your access token.

    **Service Account:** Confirm the service account has **Editor** access to the target folder in Google Drive.
  </Accordion>
</AccordionGroup>

***

## Uninstall

To remove the Google Docs integration, go to **Configuration → Integrations**, find **Google Docs**, and click the **Connected** button to reveal the disconnect option.

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>

<Warning>
  Disconnecting stops Rootly from creating new documents. Documents already generated by Rootly are not affected.
</Warning>

***

## Next Steps

<CardGroup>
  <Card title="Create Templates & Workflows" icon="diagram-project" href="/integrations/google-docs/workflows">
    Set up a Liquid template and wire it to a workflow to auto-generate documents on incident events
  </Card>

  <Card title="View Examples" icon="book" href="/integrations/google-docs/workflows#template-examples">
    Browse ready-to-use template examples for retrospectives and executive summaries
  </Card>
</CardGroup>


# Google Docs
Source: https://docs.rootly.com/integrations/google-docs/overview

Auto-generate retrospectives and incident documentation with Liquid templates directly in Google Docs using Rootly's Google Docs integration.

Rootly's Google Docs integration automates the creation of incident documentation. When an incident resolves or a retrospective begins, Rootly generates a Google Doc from your template and populates it with incident data, timeline events, affected services, and follow-up items — eliminating manual copy-paste work and ensuring consistent documentation across every incident.

You create a template document once with Liquid variables as placeholders. Rootly copies that template for each incident and replaces the variables with actual data. The generated document is saved to your specified Google Drive folder and can be automatically shared with the right people.

## Document Types

<CardGroup>
  <Card title="Retrospectives" icon="magnifying-glass-chart">
    Post-incident analysis with timeline, root cause, and follow-up action items
  </Card>

  <Card title="Executive Summaries" icon="briefcase">
    High-level incident overviews for stakeholder communication
  </Card>

  <Card title="Runbooks" icon="list-check">
    Step-by-step response procedures generated on incident creation
  </Card>

  <Card title="Status Updates" icon="bullhorn">
    Stakeholder communication templates auto-populated with incident data
  </Card>
</CardGroup>

## Next Steps

<CardGroup>
  <Card title="Installation" icon="download" href="/integrations/google-docs/installation">
    Connect your Google account and set up your template
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/google-docs/workflows">
    Use your template to auto-generate documents
  </Card>
</CardGroup>


# Workflows
Source: https://docs.rootly.com/integrations/google-docs/workflows

Use workflow actions in Rootly to create and manage Google Docs for incident retrospectives with Liquid templates, folder placement, and permission controls.

Rootly can automatically generate Google Docs from your templates when incidents are created, updated, or resolved. This page walks through creating a template, sharing it with Rootly, and wiring it up in a workflow.

## Step 1: Create Your Template Document

<Note>
  You create **one template document** with Liquid variable placeholders. Each time the workflow fires, Rootly copies that template and replaces the variables with real incident data — so you never manually copy-paste incident details again.
</Note>

### Create the Document

<Steps>
  <Step title="Open Google Drive and create a new Google Doc">
    Go to **New → Google Docs**. Give it a clear, descriptive name so it's easy to find later — for example:

    * "Rootly Retrospective Template"
    * "Executive Summary Template"
    * "Incident Runbook Template"

    <Frame>
      <img alt="Create new Google Doc in Google Drive" />
    </Frame>
  </Step>

  <Step title="Add structure and Liquid variables">
    Design your document the way you'd want every generated doc to look. Use Liquid variables anywhere you want incident data to appear. See the template examples below for a starting point.
  </Step>
</Steps>

### Template Examples

<Tabs>
  <Tab title="Standard Retrospective">
    ```liquid theme={null}
    # Retrospective: {{ incident.title }}

    **Date:** {{ incident.started_at | date: "%B %d, %Y" }}
    **Severity:** {{ incident.severity }}
    **Status:** {{ incident.status }}

    ## What Happened
    {{ incident.summary }}

    ## Timeline
    - Started: {{ incident.started_at | date: "%I:%M %p" }}
    - Mitigated: {{ incident.mitigated_at | date: "%I:%M %p" | default: "In progress" }}
    - Resolved: {{ incident.resolved_at | date: "%I:%M %p" | default: "In progress" }}
    - Total Duration: {{ incident.duration | divided_by: 60 }} minutes

    ## Services Affected
    {{ incident.services | join: ", " }}

    ## Team
    - Created By: {{ incident.creator.name }}

    ## Communication
    Slack Channel: #{{ incident.slack_channel_name }}
    ```
  </Tab>

  <Tab title="Detailed Retrospective">
    ```liquid theme={null}
    # Retrospective: {{ incident.title }}

    ## Incident Overview
    - **ID:** #{{ incident.id }}
    - **Date:** {{ incident.started_at | date: "%B %d, %Y" }}
    - **Duration:** {{ incident.duration | divided_by: 3600 }} hours {{ incident.duration | modulo: 3600 | divided_by: 60 }} minutes
    - **Severity:** {{ incident.severity }}

    ## Summary
    {{ incident.summary }}

    ## Impact
    - **Services:** {{ incident.services | join: ", " }}
    - **Groups:** {% for group in incident.groups %}{{ group.name }}{% unless forloop.last %}, {% endunless %}{% endfor %}
    - **Environments:** {{ incident.environments | join: ", " }}

    ## Timeline of Events
    {{ incident.timeline_table_markdown }}

    ## Root Cause Analysis
    [To be completed during review]

    ## What Went Well
    - [Add items]

    ## What Could Be Improved
    - [Add items]

    ## Action Items
    [To be added during review]

    ## Participants
    {% for role in incident.roles %}
    {%- if role.user -%}
    - {{ role.incident_role.name }}: {{ role.user.full_name }}
    {%- else -%}
    - {{ role.incident_role.name }}: Unassigned
    {%- endif -%}
    {% endfor %}
    ```
  </Tab>

  <Tab title="Executive Summary">
    ```liquid theme={null}
    # Executive Brief: {{ incident.title }}

    **Incident Duration:** {{ incident.duration | divided_by: 60 }} minutes
    **Customer Impact:** [To be assessed]

    ## What Happened
    {{ incident.summary }}

    ## Current Status
    {{ incident.status }} as of {{ "now" | date: "%I:%M %p" }}

    ## Services Affected
    {{ incident.services | join: ", " }}

    ## Next Steps
    1. [Add next steps]
    2. [Add next steps]

    **Created By:** {{ incident.creator.name }}
    **Full Report:** {{ incident.url }}
    ```
  </Tab>
</Tabs>

### Common Liquid Variables

<Tip>
  For the full variable reference, see [Rootly's Liquid documentation](https://docs.rootly.com/liquid/incident-variables). Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables against real incident data before committing them to your template.
</Tip>

```liquid theme={null}
# Basic Info
{{ incident.id }}                  # Incident ID
{{ incident.title }}               # Title
{{ incident.summary }}             # Description
{{ incident.severity }}            # SEV1, SEV2, etc.
{{ incident.status }}              # Current status

# Timestamps
{{ incident.started_at }}          # Start time
{{ incident.mitigated_at }}        # Mitigation time
{{ incident.resolved_at }}         # Resolution time
{{ incident.duration }}            # Duration in seconds

# People
{{ incident.creator.name }}        # Creator name
{{ incident.creator.email }}       # Creator email

# Services & Groups
{{ incident.services }}            # Array of services
{{ incident.groups }}              # Array of groups (teams)
{{ incident.environments }}        # Array of environments

# Communication
{{ incident.slack_channel_name }}  # Slack channel
{{ incident.url }}                 # Rootly incident URL
```

## Step 2: Share Your Template with Rootly

Before Rootly can use your template, it needs read access to the document.

<Tabs>
  <Tab title="OAuth Users">
    Nothing to do here — the Google account you connected in the installation step already has access to documents you own.
  </Tab>

  <Tab title="Service Account Users">
    You need to explicitly share the template with the service account email.

    <Steps>
      <Step title="Find your service account email">
        The email follows the pattern `name@project.iam.gserviceaccount.com`. You can find it in Google Cloud Console under **IAM & Admin → Service Accounts**.

        <Frame>
          <img alt="Service account email in Google Cloud Console" />
        </Frame>
      </Step>

      <Step title="Share the template with the service account">
        Open your template document, click **Share**, add the service account email, and set the permission to **Editor**.

        <Frame>
          <img alt="Share button in Google Docs" />
        </Frame>

        <Frame>
          <img alt="Add service account email to share dialog" />
        </Frame>

        <Frame>
          <img alt="Set Editor permission for service account" />
        </Frame>
      </Step>
    </Steps>

    <Warning>
      The permission must be **Editor**, not Viewer or Commenter. Rootly needs write access to copy and populate the template — anything less will cause workflow failures.
    </Warning>
  </Tab>
</Tabs>

## Step 3: Create a Workflow

With the template ready and shared, create a workflow that triggers document generation automatically.

<Steps>
  <Step title="Navigate to Workflows and create a new workflow">
    Go to **Rootly → Workflows → Create Workflow**.

    <Frame>
      <img alt="Rootly Workflows page" />
    </Frame>
  </Step>

  <Step title="Select a trigger">
    Choose the event that should kick off document creation:

    * **Incident** — triggers on incident events like creation or resolution
    * **Retrospective** — triggers when retrospective status changes
    * **Action Item** — for follow-up documentation

    <Frame>
      <img alt="Workflow trigger type selection" />
    </Frame>
  </Step>

  <Step title="Add a Google Docs action">
    Click **Add Action → Google Docs → Create Doc**.

    <Frame>
      <img alt="Add Action button in workflow editor" />
    </Frame>

    <Frame>
      <img alt="Google Docs Create Doc action selected" />
    </Frame>
  </Step>

  <Step title="Select your template">
    Choose the template document you created in Step 1 from the dropdown.

    <Frame>
      <img alt="Select template document dropdown" />
    </Frame>
  </Step>

  <Step title="Configure the workflow settings">
    Set any additional options — a descriptive name, conditions to filter which incidents trigger the workflow, and a destination folder in Google Drive.

    <Frame>
      <img alt="Workflow configuration settings" />
    </Frame>
  </Step>

  <Step title="Activate the workflow">
    Save and toggle the workflow to active. It will fire on the next matching event.
  </Step>
</Steps>

## Configuration Reference

| Setting         | Description                                      | Example                                |
| --------------- | ------------------------------------------------ | -------------------------------------- |
| **Template**    | The Google Doc to use as the source template     | Select from dropdown                   |
| **Trigger**     | When to generate a document                      | Incident Created, Incident Resolved    |
| **Conditions**  | Optional filters to narrow which incidents apply | `Severity = SEV1`, `Duration > 30 min` |
| **Folder**      | Where to save the generated doc in Drive         | `/Incidents/2024`                      |
| **Permissions** | Who can access the generated doc                 | Domain, Team, Private                  |
| **Delay**       | Wait before generating                           | 24 hours (useful for retrospectives)   |

## Troubleshooting

<AccordionGroup>
  <Accordion title="Document wasn't created" icon="circle-x">
    * Is the workflow toggled to active?
    * Does the incident meet all the workflow conditions?
    * Is your template shared with Rootly? (Service Account only)
    * Check the workflow execution log for errors
  </Accordion>

  <Accordion title="Variables aren't being replaced" icon="code">
    * Double-check variable spelling — Liquid is case-sensitive
    * Test the variable in the [Liquid Explorer](https://rootly.com/account/help/liquid-explorer)
    * Make sure the field has data on the incident (e.g., `mitigated_at` won't exist on an unmitigated incident)
    * Use `| default: "N/A"` to handle missing values gracefully
  </Accordion>

  <Accordion title="Permission errors during document creation" icon="ban">
    * OAuth: Re-authenticate if your access token has expired
    * Service Account: Confirm the template is shared with the service account as **Editor**
    * Confirm domain-wide delegation is still active in Google Admin
  </Accordion>

  <Accordion title="Document saved to the wrong folder" icon="folder-open">
    * Folder paths use forward slashes — confirm the path is correct
    * Parent folders must already exist in Drive; Rootly won't create them
    * Test any Liquid expressions in the folder path separately
  </Accordion>
</AccordionGroup>

## Best Practices

* **Test with a real incident** before relying on the workflow in production
* **One template per document type** — keep retrospective, runbook, and executive summary templates separate
* **Use `| default:` for optional fields** so missing data doesn't leave blank placeholders in your docs
* **Version your templates** by keeping a dated copy before making significant changes

## Next Steps

<CardGroup>
  <Card title="Test Your Workflow" icon="flask">
    Create a test incident to confirm the workflow fires and the document generates correctly
  </Card>

  <Card title="Liquid Explorer" icon="code" href="https://rootly.com/account/help/liquid-explorer">
    Test Liquid variables against real incident data before adding them to your template
  </Card>
</CardGroup>


# Google Gemini
Source: https://docs.rootly.com/integrations/google-gemini

Connect Rootly to Google Gemini to send prompts to Gemini models from incident and action item workflows for AI-assisted summaries and triage.

## Introduction

The Google Gemini integration lets you connect Rootly to your organization's Google Gemini API account. Once connected, a new **Gemini Chat Completion** workflow action becomes available, allowing you to send prompts to Gemini models and capture their responses — directly within your incident and action item workflows.

With the Google Gemini integration, you can:

* Generate AI-powered incident summaries, analyses, and recommendations
* Send custom prompts to Gemini models with full Liquid template support
* Use a system prompt to define the model's role, tone, or output constraints
* Choose from any Gemini model available on your API account

## Before You Begin

Before setting up the Google Gemini integration, make sure you have:

* A Rootly account with permission to manage integrations
* A [Google AI Studio API key](https://aistudio.google.com/app/apikey) with access to Gemini models

<Callout icon="triangle-exclamation">
  Your API key is validated against the Gemini API when you save the integration. If validation fails, confirm the key is active and has access to at least one Gemini model.
</Callout>

## Installation

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **Google Gemini**.
  </Step>

  <Step title="Enter your API key" icon="key">
    Paste your Google AI Studio API key into the **API Key** field. Rootly validates the key by fetching your available Gemini models before saving. Your key is encrypted at rest in Rootly.
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      Your Google Gemini integration is active. The **Gemini Chat Completion** workflow action is now available in your incident and action item workflows.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Gemini Chat Completion

Sends a prompt to a Gemini model and captures the response as a workflow output. The model list is fetched dynamically from your API account.

| Field         | Description                                                                | Required |
| ------------- | -------------------------------------------------------------------------- | -------- |
| Model         | The Gemini model to use — fetched from your account                        | Yes      |
| Prompt        | The user message — supports Liquid templating                              | Yes      |
| System Prompt | Instructions for the model's role or behavior — supports Liquid templating | No       |

<Callout icon="code">
  Use Liquid variables in your prompts to include live incident context — for example `{{ incident.title }}`, `{{ incident.severity }}`, and `{{ incident.description }}`. See the [Liquid variables reference](/liquid/incident-variables) for all available fields.
</Callout>

The **System Prompt** field sets the model's persona or output format — for example: *"You are an incident response assistant. Respond in bullet points. Be concise."*

## Troubleshooting

<AccordionGroup>
  <Accordion title="The API key is rejected on save" icon="key">
    Rootly validates your API key by fetching the list of available Gemini models when you save. If validation fails, confirm the key is active in [Google AI Studio](https://aistudio.google.com/app/apikey) and has not been revoked or restricted.
  </Accordion>

  <Accordion title="The workflow action fails with an authentication error" icon="lock">
    If the integration was working and then stopped, the API key may have been revoked or rotated. Update the key in the integration settings — Rootly re-validates on save.
  </Accordion>

  <Accordion title="The workflow action fails with a rate limit error" icon="gauge-high">
    Google Gemini enforces rate limits based on your API tier. Running many concurrent workflows may exceed requests-per-minute limits. Consider staggering workflows or upgrading your Google AI Studio plan for higher quota.
  </Accordion>

  <Accordion title="A model is not appearing in the model selector" icon="robot">
    The model list is fetched dynamically from your API account and is filtered to Gemini models. If a model you expect is missing, confirm your API key has access to it — some models may require specific API tiers or allowlisting.
  </Accordion>

  <Accordion title="Liquid variables are not rendering correctly in the prompt" icon="code">
    Check your Liquid syntax — unclosed tags or undefined variables can cause rendering failures. Use the [Liquid variables reference](/liquid/incident-variables) to confirm variable names and test your template in a low-stakes workflow first.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Build workflows that use Gemini models to analyze, summarize, or respond to incidents.
  </Card>

  <Card title="Liquid Variables" icon="code" href="/liquid/incident-variables">
    Reference for all incident variables available in Liquid-templated prompts.
  </Card>

  <Card title="Rootly AI" icon="robot" href="/ai/ai">
    Learn about Rootly's built-in AI features for incident management.
  </Card>
</CardGroup>


# Google Meet
Source: https://docs.rootly.com/integrations/google-meet/google-meet

Automatically create Google Meet rooms and calendar events for real-time incident collaboration, with meeting links shared in Slack and Teams channels.

Rootly's Google Meet integration eliminates the friction of setting up incident calls. When an incident is declared, Rootly automatically creates a Google Meet room, sends calendar invites to the right people, and posts the link to your Slack channel.

The integration supports both personal OAuth connections for quick setup and Google Cloud Service Accounts for production environments where you need domain-wide access and stability.

<Frame>
  <img alt="Google Meet integration in action" />
</Frame>

## Features

<CardGroup>
  <Card title="Automatic Meeting Creation" icon="video">
    Instantly create a Google Meet room when an incident is declared, no manual setup required.
  </Card>

  <Card title="Slack Integration" icon="slack">
    The Meet link is automatically posted to your incident Slack channel so responders can join immediately.
  </Card>

  <Card title="Calendar Invites" icon="calendar">
    Send calendar invites to incident responders so everyone has the meeting on their schedule.
  </Card>

  <Card title="AI Meeting Capture" icon="microchip-ai">
    Enable automatic recording, transcription, and AI-generated summaries of incident calls.
  </Card>
</CardGroup>

## How It Works

<Steps>
  <Step title="Incident Triggers Workflow">
    When an incident is created, your configured workflows run automatically based on severity, type, or team ownership.
  </Step>

  <Step title="Google Meet Room Created">
    A meeting is generated with the incident details added to the title and description.
  </Step>

  <Step title="Calendar Invites Sent">
    Everyone who needs to join gets a calendar invite automatically.
  </Step>

  <Step title="Links Shared Everywhere">
    The Meet link is posted to your Slack channel, status pages, and other configured tools.
  </Step>
</Steps>

## Next Steps

<CardGroup>
  <Card title="Installation" icon="download" href="/integrations/google-meet/installation">
    Connect your Google Meet account to Rootly
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/google-meet/workflows">
    Configure automated meeting creation
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/google-meet/installation

Connect your Google Meet account to Rootly via OAuth to create meetings automatically during incidents and share links in Slack and Teams channels.

You can use OAuth for quick setup with a personal account, or a Google Cloud Service Account for production environments that need domain-wide access. After completing these steps, you can configure workflows to automatically create Google Meet rooms when incidents are declared.

## Before You Begin

<Warning>
  **Before you start, you'll need:**

  * A Rootly account with Admin permissions to manage integrations
  * **For OAuth:** A Google account with Google Meet enabled
  * **For Service Account:** Access to Google Cloud Console and Google Admin Console
</Warning>

<Note>
  We recommend integrating with a **service account** rather than a personal account. This ensures the integration continues to work even if a user leaves your organization.
</Note>

## OAuth Setup

Best for quick testing or evaluating Rootly before a full organizational rollout.

<Steps>
  <Step title="Open the Integrations Catalog">
    Navigate to **Configuration → Integrations** in the Rootly sidebar.

    <Frame>
      <img alt="Rootly sidebar showing Configuration and Integrations menu" />
    </Frame>
  </Step>

  <Step title="Find and Set Up Google Meet">
    Search for **Google Meet** and click **Setup**.

    <Frame>
      <img alt="Google Meet in the integrations catalog" />
    </Frame>
  </Step>

  <Step title="Choose OAuth and Select Your Google Account">
    Select **OAuth** as your connection method, then choose the Google account you want to connect.

    <Frame>
      <img alt="Google account selection screen" />
    </Frame>
  </Step>

  <Step title="Grant Permissions and Complete Setup">
    Approve the requested permissions. You'll be redirected back to Rootly once the connection is established.

    <Frame>
      <img alt="Google OAuth permission request" />
    </Frame>
  </Step>
</Steps>

<Check>Your Google Meet account is now connected. Head to the [Workflows page](/integrations/google-meet/workflows) to configure automated meeting creation.</Check>

## Service Account Setup

Use a [Google Cloud Service Account](https://cloud.google.com/iam/docs/service-account-overview) if you're connecting on behalf of your entire organization. This method ensures the integration keeps running even if a user leaves the company.

<Steps>
  <Step title="Create a Service Account in Google Cloud Console">
    In Google Cloud Console, navigate to **IAM & Admin → Service Accounts** and click **Create Service Account**.

    <Frame>
      <img alt="Google Cloud Console IAM and Admin menu" />
    </Frame>

    <Frame>
      <img alt="Service Accounts list in Google Cloud Console" />
    </Frame>
  </Step>

  <Step title="Fill In Service Account Details">
    Enter the service account name and ID. Click **Done** to create the account, then click on the new account's email to open its details.

    <Frame>
      <img alt="Create service account form" />
    </Frame>

    <Frame>
      <img alt="Service account details page" />
    </Frame>

    <Frame>
      <img alt="Service account email selected to open details" />
    </Frame>
  </Step>

  <Step title="Generate a JSON Key">
    Navigate to the **Keys** tab and click **Add Key → Create New Key**. Select **JSON** as the key type and click **Create**. A `.json` file will be downloaded — keep this safe.

    <Frame>
      <img alt="Service account Keys tab" />
    </Frame>

    <Frame>
      <img alt="Create new key dialog with JSON selected" />
    </Frame>
  </Step>

  <Step title="Upload the JSON Key to Rootly">
    Return to Rootly's Google Meet setup screen and upload the `.json` file you just downloaded.

    <Frame>
      <img alt="JSON key upload screen in Rootly" />
    </Frame>

    Once uploaded, you'll see a confirmation that your Google Meet account has been connected.

    <Frame>
      <img alt="Google Meet integration connected successfully" />
    </Frame>

    <Warning>
      Domain-wide delegation of authority has not yet been configured. Without granting the necessary domain-wide access, API requests will fail with a **403 Forbidden** error.
    </Warning>
  </Step>

  <Step title="Configure Domain-Wide Delegation">
    In [Google Admin Console](https://admin.google.com), go to **Security → API Controls → Domain-wide Delegation**. Select your service account and add a new API client.

    Enter your service account's **Client ID** (found in GCP Console under the service account's details) and add the following OAuth scopes:

    ```
    https://www.googleapis.com/auth/meetings.space.created
    https://www.googleapis.com/auth/calendar.events
    https://www.googleapis.com/auth/calendar
    ```

    <Info>
      The calendar scopes are required for creating calendar events with Meet links attached.
    </Info>
  </Step>

  <Step title="Authorize Domain-Wide Delegation">
    Click **Authorize** to save the configuration. Changes may take 10–15 minutes to propagate through Google's systems.
  </Step>
</Steps>

<Check>Your Google Meet integration is now fully configured. Head to the [Workflows page](/integrations/google-meet/workflows) to set up automated meeting creation.</Check>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Authentication Failed" icon="circle-exclamation">
    **Error:** "Failed to authenticate with Google"

    * Verify you're using the correct Google account
    * Check that your account has Google Meet enabled
    * For OAuth: Try incognito mode to avoid account conflicts
    * For Service Account: Verify the JSON key file is valid and not expired
  </Accordion>

  <Accordion title="403 Forbidden — Insufficient Permissions" icon="ban">
    **Error:** "API requests fail with 403 error"

    1. Verify domain-wide delegation is enabled in Google Admin Console
    2. Confirm all three OAuth scopes are added exactly as shown
    3. Check the Client ID matches your service account
    4. Ensure the subject email belongs to your domain
    5. Wait 10–15 minutes for Google to propagate changes
  </Accordion>

  <Accordion title="Service Account Key Invalid" icon="triangle-exclamation">
    **Error:** "Invalid JSON key file"

    * Ensure you downloaded the JSON (not P12) format
    * Check the file hasn't been modified or corrupted
    * Verify the service account still exists in GCP Console
    * Generate a new key if the current one is older than 90 days
  </Accordion>

  <Accordion title="Cannot Find Client ID" icon="circle-question">
    **Error:** "Where to find Client ID for domain delegation"

    1. Go to Google Cloud Console
    2. Select your project
    3. Navigate to **IAM & Admin → Service Accounts**
    4. Click on your service account
    5. Find **Unique ID** or **Client ID** in the details section
  </Accordion>

  <Accordion title="Integration Shows Connected But Doesn't Work" icon="plug-circle-exclamation">
    **Error:** "Setup complete but workflows fail"

    * For Service Account: Domain delegation is likely missing or incomplete
    * For OAuth: Re-authenticate and ensure all permissions were granted
    * Check that Google Meet is enabled in your Google Workspace
    * Verify the integration shows **Active** status in Rootly
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Google Meet integration:

1. Go to **Configuration → Integrations** and find **Google Meet**
2. Click the **Connected** button to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>

<Warning>
  Disconnecting will prevent Rootly from creating new Google Meet rooms. Existing meetings and calendar events are not affected.
</Warning>


# Workflows
Source: https://docs.rootly.com/integrations/google-meet/workflows

Automate Google Meet room and calendar event creation for incident collaboration using Rootly workflow actions with attendees, calendars, and time zones.

Rootly's Google Meet integration leverages workflows to automatically create meeting rooms when incidents occur. If you are unfamiliar with how Workflows function, please visit our [Workflows](/workflows) documentation first.

## Automation Options

You can automate Google Meet room creation in two ways:

<CardGroup>
  <Card title="Auto-Create Incident Call" icon="bolt">
    Automatically create a Google Meet room at incident start using built-in settings — no workflow required.
  </Card>

  <Card title="Custom Workflow" icon="bars-staggered">
    Use workflows for conditional or advanced meeting automation with full control over triggers and actions.
  </Card>
</CardGroup>

## Option 1: Auto-Create Incident Call

The Auto-Create Incident Call panel lets you automatically generate a Google Meet room whenever an incident begins, without building a workflow from scratch.

<Frame>
  <img alt="Auto-Create Incident Call panel in Rootly" />
</Frame>

It includes a full set of configuration options so you can control how the room is created, where it's shared, and what Google Meet features are enabled.

These settings let you control exactly how Google Meet call meetings behave during incidents.

<AccordionGroup>
  <Accordion title="Create Google Meet Call on Incident Start" icon="video">
    Automatically spin up a meeting the moment an incident opens.

    <Frame>
      <img alt="Toggle for creating Google Meet call on incident start" />
    </Frame>
  </Accordion>

  <Accordion title="Bookmark Google Meet Call in Slack" icon="bookmark">
    Add the meeting link as a bookmark in the incident's Slack channel.

    <Frame>
      <img alt="Toggle for bookmarking Google Meet call in Slack" />
    </Frame>
  </Accordion>

  <Accordion title="Notify Slack Channels" icon="bell">
    Announce new incident calls in specific Slack channels.

    <Frame>
      <img alt="Slack channel notification settings for Google Meet" />
    </Frame>
  </Accordion>

  <Accordion title="Meeting Transcript & Summary" icon="microchip-ai">
    Enable AI-powered recording, transcription, and summary generation.

    <Frame>
      <img alt="Meeting transcript and summary settings" />
    </Frame>
  </Accordion>
</AccordionGroup>

<Note>
  Use Auto-Create when you want instant, zero-configuration Google Meet automation. Build a custom workflow when you need conditions, multiple actions, or advanced routing logic.
</Note>

## Option 2: Creating a Custom Workflow

For teams that need conditional logic — such as only creating calls for SEV-1 incidents or specific teams — a custom workflow gives you full control.

<Steps>
  <Step title="Open Workflows">
    Go to **Rootly → Workflows → Create Workflow**.

    <Frame>
      <img alt="Rootly workflows page" />
    </Frame>

    <Frame>
      <img alt="Create workflow button" />
    </Frame>
  </Step>

  <Step title="Choose Workflow Type">
    Select your workflow type — typically **Incident** for meeting automation.

    <Frame>
      <img alt="Workflow type selection showing Incident, Retrospective, and Pulse options" />
    </Frame>
  </Step>

  <Step title="Configure Triggers">
    Triggers define when this workflow should run. Choose the event that should kick off your Google Meet room creation.

    <Frame>
      <img alt="Workflow trigger configuration options" />
    </Frame>

    | Trigger                     | What It Does                                                   |
    | --------------------------- | -------------------------------------------------------------- |
    | Incident Created            | Creates a Google Meet room as soon as a new incident is opened |
    | Incident Updated            | Fires when fields like severity or status change               |
    | Incident Status Changed     | Starts a call when the incident moves into a specific status   |
    | Incident Commander Assigned | Creates a meeting once someone takes ownership                 |
    | Manual Trigger              | Run the workflow manually from the incident UI                 |
  </Step>

  <Step title="Add Conditions (Optional)">
    Conditions control when the workflow should or shouldn't run after being triggered. Use conditions to narrow the scope of your automation.

    <Frame>
      <img alt="Workflow conditions panel showing filter options" />
    </Frame>

    Examples:

    * **Severity-based** — Only create calls for SEV-1 or SEV-2 incidents
    * **Team or service filters** — Only for incidents impacting specific teams
    * **Incident type filtering** — Only when the incident kind is set to Incident (not Maintenance)
  </Step>

  <Step title="Add Google Meet Action">
    Click **Add Action → Google Meet → Create Room**. Configure the action settings that appear.

    <Frame>
      <img alt="Add action button in workflow editor" />
    </Frame>

    <Frame>
      <img alt="Google Meet Create room action in action picker" />
    </Frame>

    <Frame>
      <img alt="Google Meet action configuration with AI Meeting Capture option" />
    </Frame>

    Enable **AI Meeting Capture** to have Rootly AI automatically capture and summarize the meeting.
  </Step>

  <Step title="Save the Workflow">
    Click **Add**, give your workflow a descriptive name, and click **Create Workflow**.
  </Step>
</Steps>

## Variable Reference

Use these variables in workflow notifications, Slack messages, and calendar event templates.

### Google Meet Variables

| Variable                      | Description                           | Available                |
| ----------------------------- | ------------------------------------- | ------------------------ |
| incident.google\_meeting\_url | The link to join the Google Meet room | After meeting is created |
| incident.google\_meeting\_id  | The unique ID of the Google Meet      | After meeting is created |

### Incident Variables

| Variable                      | Description                                 |
| ----------------------------- | ------------------------------------------- |
| incident.title                | Incident title                              |
| incident.summary              | Incident summary or description             |
| incident.severity             | Severity level (e.g., SEV1)                 |
| incident.status               | Current incident status                     |
| incident.started\_at          | Timestamp when the incident started         |
| incident.creator.name         | Name of the person who created the incident |
| incident.creator.email        | Email of the incident creator               |
| incident.slack\_channel\_name | Name of the incident's Slack channel        |
| incident.url                  | Link to the incident in Rootly              |

<Tip>
  Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables with real incident data before using them in production.
</Tip>

## Example Templates

<Tabs>
  <Tab title="Slack Notification">
    Include the Google Meet link in a Slack message automatically when an incident is created:

    ```liquid theme={null}
    Incident {{ incident.title }} started

    Join Google Meet: {{ incident.google_meeting_url }}
    Severity: {{ incident.severity }}

    Please confirm when you've joined.
    ```
  </Tab>

  <Tab title="Calendar Event">
    Use Google Meet variables to automatically populate calendar event details for your team:

    ```liquid theme={null}
    Title: Incident {{ incident.title }}
    Started: {{ incident.started_at | date: "%Y-%m-%d %H:%M" }}
    Join Google Meet: {{ incident.google_meeting_url }}
    Description: {{ incident.summary }}

    Please join the meeting on time.
    ```
  </Tab>
</Tabs>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I create multiple Google Meet rooms for a single incident?" icon="layer-group">
    Each incident is associated with one Google Meet room by default. If you need additional rooms, you can create sub-incidents and configure workflows to create separate rooms for each sub-incident.
  </Accordion>

  <Accordion title="What happens to the Google Meet room when an incident is resolved?" icon="circle-question">
    Rootly does not automatically end or delete the Google Meet room when an incident is resolved. The room remains accessible through the meeting link until it expires naturally per Google Meet's settings.
  </Accordion>

  <Accordion title="Can I use this with both OAuth and Service Account connections?" icon="key">
    Yes. The workflow actions work the same regardless of which connection method you used during installation. The integration handles authentication transparently.
  </Accordion>

  <Accordion title="Why isn't the Google Meet link appearing in Slack?" icon="circle-exclamation">
    Ensure the **Slack Channels** field is configured in your workflow action and that the channel reference is correct. You can use `{{ incident.slack_channel_id }}` to target the incident's dedicated channel automatically.
  </Accordion>
</AccordionGroup>


# Alerts
Source: https://docs.rootly.com/integrations/grafana/alerts

Configure Grafana webhook contact points to send alert events into Rootly for general alert ingestion and on-call paging workflows across dashboards.

## Introduction

Grafana can send alert events into Rootly as alerts using a webhook contact point. Once alerts are flowing into Rootly, you can use alert workflows to create incidents, notify Slack channels, or page on-call targets.

With Grafana alerts in Rootly, you can:

* Receive Grafana alert events as Rootly alerts
* Route alerts to services, teams, or escalation policies
* Page Rootly on-call targets directly from Grafana alert rules
* Use alert workflows to automate incident creation and follow-up actions

## Before You Begin

Before configuring alert ingestion, make sure you have:

* The Grafana integration already installed in Rootly — see the [Installation](/integrations/grafana/grafana) page
* Access to configure contact points and alert rules in Grafana

<Callout icon="triangle-exclamation">
  You must install the Grafana integration in Rootly before configuring webhook contact points. The webhook secret is generated during installation and is required for authentication.
</Callout>

## Configure a Webhook Contact Point in Grafana

<Steps>
  <Step title="Navigate to Contact Points in Grafana" icon="bell">
    Log into your Grafana instance and navigate to **Alerting > Contact points**.

    <Frame>
      <img alt="Grafana contact points page" />
    </Frame>

    Select **+ Add contact point**.

    <Frame>
      <img alt="Add contact point button" />
    </Frame>
  </Step>

  <Step title="Configure the contact point" icon="webhook">
    Fill in the contact point details:

    * **Name** — give the contact point a descriptive name
    * **Integration** — select **Webhook**
    * **HTTP Method** — select **POST**

    <Frame>
      <img alt="Contact point configuration form" />
    </Frame>
  </Step>

  <Step title="Set the webhook URL" icon="link">
    The URL format depends on whether you want a general alert or want to page an on-call target.

    **For a general alert** (appears in Rootly Alerts, does not page anyone):

    ```
    https://webhooks.rootly.com/webhooks/incoming/grafana_webhooks/?secret=<your-secret>
    ```

    <Frame>
      <img alt="General alert webhook URL" />
    </Frame>

    **To page a Rootly on-call target**, append a notification target to the URL:

    ```
    https://webhooks.rootly.com/webhooks/incoming/grafana_webhooks/notify/<resource_type>/<resource_id>?secret=<your-secret>
    ```

    <Callout icon="info">
      Supported resource types are `User`, `Group` (team), `EscalationPolicy`, and `Service`. The resource ID can be found by editing the resource in Rootly.
    </Callout>

    <Frame>
      <img alt="On-call paging webhook URL" />
    </Frame>

    Your webhook URL and secret are available in Rootly under **Integrations > Grafana > Configure**.
  </Step>

  <Step title="Test and save the contact point" icon="circle-check">
    Select **Test** to send a test alert to Rootly. A test alert should appear on your [Rootly Alerts page](https://rootly.com/account/alerts).

    <Frame>
      <img alt="Test alert result in Rootly" />
    </Frame>

    Once the test succeeds, select **Save contact point**.
  </Step>
</Steps>

## Attach the Contact Point to Alert Rules

A contact point only receives alerts when it is attached to an active alert rule.

Navigate to **Alerting > Alert rules** and select **+ New alert rule**, or edit an existing rule. In the rule configuration, set the **Contact point** to the one you just created.

<Frame>
  <img alt="Attaching contact point to an alert rule" />
</Frame>

<Callout icon="lightbulb">
  You can attach the same Rootly contact point to multiple alert rules. Use different contact point URLs (with different notification targets) to route different rules to different on-call targets.
</Callout>

<Frame>
  <img alt="Alert rule with contact point configured" />
</Frame>

## How Alerts Are Mapped

Rootly extracts the following fields from each Grafana webhook payload:

* **Summary** — the `title` field from the Grafana alert payload
* **External ID** — the `ruleId`, used to deduplicate alerts from the same rule
* **External URL** — the `ruleUrl`, linking back to the Grafana alert rule
* **Labels** — all key-value pairs from `commonLabels` are attached as Rootly alert labels, making them available for routing and filtering

<Callout icon="tag">
  Grafana `commonLabels` map directly to Rootly alert labels. You can use these labels in alert routing rules and workflow conditions to control how different Grafana alerts are handled.
</Callout>

## Troubleshooting

<AccordionGroup>
  <Accordion title="No alerts are appearing in Rootly after a Grafana alert fires" icon="circle-exclamation">
    Confirm the contact point is correctly attached to the alert rule that fired. Verify the webhook URL is correct and the secret matches what is shown in your Rootly Grafana integration settings. Use the **Test** button in the contact point configuration to confirm delivery.
  </Accordion>

  <Accordion title="The test alert works but real alerts do not appear" icon="triangle-exclamation">
    Check that the alert rule is in a firing state and that the contact point is set as the notification destination for that rule. Grafana alert rules that use notification policies rather than direct contact point assignment may route differently than expected.
  </Accordion>

  <Accordion title="On-call paging is not triggering" icon="bell-slash">
    Verify that the `resource_type` and `resource_id` in the notification target URL are correct and that the resource exists in Rootly. Ensure the resource type is one of `User`, `Group`, `EscalationPolicy`, or `Service`.
  </Accordion>
</AccordionGroup>


# Grafana
Source: https://docs.rootly.com/integrations/grafana/grafana

Connect Grafana to Rootly to capture dashboard and panel snapshots during incidents through Genius workflows, with Slack and retrospective sharing.

## Introduction

The Grafana integration connects Rootly with your Grafana instance so teams can capture dashboard and panel snapshots directly from incident workflows. This provides point-in-time visibility into your metrics during an incident without leaving the incident response flow.

With the Grafana integration, you can:

* Capture Grafana dashboard snapshots from Genius workflows during incidents
* Capture individual panel snapshots for targeted metric visibility
* Attach snapshot links to incident timelines for post-incident review
* Ingest Grafana alert events into Rootly as alerts — see the [Alerts](/integrations/grafana/alerts) page for setup

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with permission to manage integrations
* A Grafana instance accessible over HTTPS
* Permission to create service accounts in Grafana

<Callout icon="user-shield">
  Rootly requires a Grafana service account with an **Admin** role to create dashboard snapshots. We recommend a dedicated service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the Grafana integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Grafana**.

    <Frame>
      <img alt="Grafana integration on the integrations page" />
    </Frame>
  </Step>

  <Step title="Create a service account in Grafana" icon="user-shield">
    In your Grafana instance, navigate to **Administration > Service Accounts**.

    <Frame>
      <img alt="Grafana service accounts page" />
    </Frame>

    Select **Add service account** and create it with an **Admin** role.

    <Frame>
      <img alt="Service account role configuration" />
    </Frame>

    <Callout icon="triangle-exclamation">
      Grafana service accounts with roles lower than Admin cannot create snapshots. The integration will fail silently if the role is insufficient.
    </Callout>
  </Step>

  <Step title="Generate a service account token" icon="key">
    Open the service account and select **Add Service Account token**. Enter a display name, set the token expiration, and generate the token.

    <Frame>
      <img alt="Token generation form" />
    </Frame>

    <Callout icon="key">
      Copy the token immediately — Grafana will not show it again after you leave this page.
    </Callout>

    <Frame>
      <img alt="Copy service account token" />
    </Frame>
  </Step>

  <Step title="Connect Grafana to Rootly" icon="link">
    Enter your Grafana **instance URL** and the **service account token** into the Rootly integration settings and save.

    <Callout icon="code">
      The instance URL must use HTTPS. HTTP URLs are not accepted.
    </Callout>

    <Frame>
      <img alt="Rootly Grafana integration settings" />
    </Frame>
  </Step>
</Steps>

## Capture Snapshots in Workflows

Once the integration is connected, two new tasks are available in your Genius workflows:

* **Capture Grafana Dashboard Snapshot** — captures a snapshot of a full dashboard
* **Capture Grafana Panel Snapshot** — captures a snapshot of a specific panel

<Callout icon="camera">
  Snapshots are point-in-time captures. The snapshot link is attached to the incident timeline so you can reference exactly what your dashboards looked like when the incident occurred.
</Callout>

## Uninstall

To remove the Grafana integration, open the integrations panel in Rootly and select **Configure > Delete**.


# HashiCorp Vault
Source: https://docs.rootly.com/integrations/hashicorp-vault

Securely read secrets from HashiCorp Vault and inject them into Rootly workflow actions using Liquid templates with KV v1, KV v2, and namespace support.

## Introduction

The HashiCorp Vault integration lets Rootly securely read secrets from your Vault cluster and make them available in workflow actions via Liquid templating. Instead of hardcoding sensitive values — API keys, tokens, passwords — in your workflow configurations, you define named secret references that are resolved at runtime from Vault.

<Callout icon="circle-info">
  Rootly only supports the **KV Secrets Engine version 2**. KV v1 and other secret engines (AWS, PKI, Transit, etc.) are not currently supported.
</Callout>

## Before You Begin

Before setting up the HashiCorp Vault integration, make sure you have:

* A Rootly account with owner or admin permissions
* A running HashiCorp Vault cluster accessible over HTTPS (or HTTP for internal deployments)
* An **AppRole** configured in Vault with a `role_id` and `secret_id` — Rootly authenticates exclusively via the AppRole auth method
* The **namespace** your AppRole is configured in (enterprise Vault deployments)
* The **mount path** and **path** of the KV v2 secrets you want to expose to Rootly

<Callout icon="triangle-exclamation">
  Only the AppRole auth method is supported. If you need another auth method (token, Kubernetes, AWS IAM, etc.), contact [support@rootly.com](mailto:support@rootly.com).
</Callout>

## Installation

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **HashiCorp Vault**.

    <Frame>
      <img alt="HashiCorp Vault integration setup" />
    </Frame>
  </Step>

  <Step title="Enter your Vault credentials" icon="key">
    Fill in the following fields:

    | Field            | Description                                                                                                 |
    | ---------------- | ----------------------------------------------------------------------------------------------------------- |
    | **Instance URL** | Your Vault server URL — e.g., `https://vault.yourcompany.com`. Trailing slashes are stripped automatically. |
    | **Namespace**    | Your Vault namespace. For Vault Enterprise, this is typically `admin` or a child namespace. Required.       |
    | **Role ID**      | The `role_id` from your AppRole configuration in Vault. Encrypted at rest in Rootly.                        |
    | **Secret ID**    | The `secret_id` from your AppRole configuration in Vault. Encrypted at rest in Rootly.                      |

    <Frame>
      <img alt="HashiCorp Vault credentials configuration" />
    </Frame>

    Rootly validates the credentials by attempting an AppRole login against your Vault instance before saving. If the login fails, you'll see: *"cannot access Vault service. Please check your credentials."*
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      Your HashiCorp Vault integration is active. You can now define named secrets under **Account > Secrets** and reference them in any workflow action.
    </Callout>
  </Step>
</Steps>

## Defining Secrets

Once the Vault integration is connected, you create named **secret references** in Rootly that point to specific paths in your Vault KV store. These references are what you use in Liquid templates — Rootly fetches the actual secret value from Vault at workflow runtime.

<Callout icon="triangle-exclamation">
  By default, only Rootly **owners and admins** can create and manage secret definitions. You can adjust this via Rootly's RBAC settings.
</Callout>

Navigate to **Account > Secrets** and define a new HashiCorp Vault secret:

<Frame>
  <img alt="Defining a HashiCorp Vault secret in Rootly" />
</Frame>

| Field       | Description                                                                                                              |
| ----------- | ------------------------------------------------------------------------------------------------------------------------ |
| **Name**    | A unique name for this secret reference in Rootly (e.g., `pagerduty_key`). This is the name you use in Liquid templates. |
| **Mount**   | The KV v2 mount path in Vault (default: `secret`).                                                                       |
| **Path**    | The path to the secret within the mount (e.g., `integrations/pagerduty`).                                                |
| **Version** | The KV v2 version number to read. Set to `0` to always read the latest version.                                          |

## Using Secrets in Workflows

Once a secret is defined, you can reference it in any workflow action that supports Liquid templating using the following syntax:

```liquid theme={null}
{{ secrets.SECRET_NAME.KEY_NAME }}
```

Where `SECRET_NAME` is the name you gave the secret in Rootly, and `KEY_NAME` is the key within the Vault secret JSON.

For example, given a Vault secret at `integrations/pagerduty` containing:

```json theme={null}
{
  "api_key": "pd_key_abc123",
  "webhook_token": {
    "value": "wh_secret_xyz789"
  }
}
```

You can reference it in a workflow action as:

```liquid theme={null}
{{ secrets.pagerduty_key.api_key }}
{{ secrets.pagerduty_key.webhook_token.value }}
```

Nested secret keys are supported — use dot notation to traverse the JSON structure.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Credentials are rejected on save" icon="key">
    Rootly validates credentials by attempting an AppRole login at `{instance_url}/v1/auth/AppRole/login`. Confirm that:

    * The instance URL is reachable from Rootly's servers (check any firewall or allowlist rules)
    * The namespace is correct — for HCP Vault, this is typically `admin`
    * The `role_id` and `secret_id` are both valid and haven't expired or been rotated
    * The AppRole auth method is enabled at the path `auth/AppRole` in Vault
  </Accordion>

  <Accordion title="Secret value is empty or null at runtime" icon="circle-exclamation">
    Check that:

    * The **mount** and **path** in the Rootly secret definition match the actual path in Vault
    * The **version** is set to `0` (latest) or a specific version that exists
    * The AppRole has a policy granting `read` access to the secret path in KV v2 format: `secret/data/your/path`
    * The KV engine is version 2 — KV v1 paths have a different structure and are not supported
  </Accordion>

  <Accordion title="Nested key is not resolving" icon="code">
    Rootly uses dot notation to traverse JSON secret values. Ensure the key path in your Liquid template matches the JSON structure exactly, including case. For example, `{{ secrets.my_secret.nested.foo }}` requires a JSON structure of `{"nested": {"foo": "value"}}`.
  </Accordion>

  <Accordion title="Secret access is denied by Vault policy" icon="lock">
    The AppRole's attached Vault policy must explicitly grant `read` capability on the KV v2 data path. KV v2 paths follow the pattern `secret/data/<path>` (not `secret/<path>`). A minimal policy granting read access looks like:

    ```hcl theme={null}
    path "secret/data/integrations/*" {
      capabilities = ["read"]
    }
    ```
  </Accordion>

  <Accordion title="I cannot create or see secrets in Rootly" icon="users">
    Secret definitions are restricted to Rootly owners and admins by default. If you have a lower permission level, ask an admin to create the secret reference for you, or ask an admin to adjust the RBAC settings to allow your role to manage secrets.
  </Accordion>
</AccordionGroup>

## Uninstall

To disconnect the integration, navigate to the integrations panel, open the Vault integration, and click **Configure > Delete**.

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Use Vault secrets in workflow actions to authenticate with external systems during incidents.
  </Card>

  <Card title="Liquid Variables" icon="code" href="/liquid/incident-variables">
    Reference for all Liquid variables available in workflow actions alongside secrets.
  </Card>

  <Card title="Terraform" icon="code" href="/integrations/terraform">
    Manage Rootly resources as infrastructure as code with the Rootly Terraform provider.
  </Card>
</CardGroup>


# Heroku
Source: https://docs.rootly.com/integrations/heroku

Track Heroku builds and releases as pulses in Rootly, and run commands on dynos directly from incident workflows for deployment context and rollback.

## Overview

The Heroku integration connects Rootly to your Heroku apps via OAuth. Build and release events are automatically tracked as pulses so your team can correlate deployments with incidents — and the **Run Command on Heroku** workflow action lets you execute rollbacks or diagnostic scripts on a live dyno without leaving the incident response flow.

<CardGroup>
  <Card title="Deployment Pulses" icon="rocket">
    Build starts, completions, and release events are automatically tracked as Rootly pulses and linked to matching services.
  </Card>

  <Card title="Run Commands on Dynos" icon="terminal">
    Execute one-off commands on a Heroku dyno from a workflow — output is streamed and posted to Slack.
  </Card>

  <Card title="Service Correlation" icon="link">
    Pulses are automatically associated with Rootly services that have a matching Heroku app name configured.
  </Card>

  <Card title="Scoped Monitoring" icon="filter">
    Choose which Heroku apps to monitor — Rootly only creates webhooks on the apps you explicitly list.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You need a Heroku account with access to the apps you want to monitor

<Warning>
  Connect using a **Heroku service account** rather than a personal user account. If the connecting user leaves your organization, the OAuth token becomes invalid and the integration will stop working.
</Warning>

## Installation

<Steps>
  <Step title="Open the Heroku integration in Rootly">
    Go to **Configuration → Integrations**, find **Heroku**, and click **Setup**.

    <Frame>
      <img alt="Heroku integration in the integrations list" />
    </Frame>
  </Step>

  <Step title="Authorize Rootly in Heroku">
    Click **Connect Heroku Account**. You'll be redirected to Heroku to authorize Rootly's OAuth application. After approving, you'll be returned to Rootly with the integration connected.

    <Frame>
      <img alt="Heroku OAuth authorization screen" />
    </Frame>
  </Step>

  <Step title="Select apps to monitor">
    In the integration settings, add the names of the Heroku apps you want to track. Rootly creates webhooks on each listed app to receive build and release events.

    <Note>
      If you leave the app list empty, no webhooks are created and no pulses will be tracked. Add app names to enable pulse tracking.
    </Note>
  </Step>
</Steps>

## Pulse Events

Rootly ingests Heroku webhook events and records them as pulses on the incident timeline and service activity feed. Pulses are automatically linked to Rootly services with a matching **Heroku App Name** field.

### Build Events

| Event           | Pulse Summary                          |
| --------------- | -------------------------------------- |
| Build started   | `[Heroku][Build] {app_name} pending`   |
| Build succeeded | `[Heroku][Build] {app_name} succeeded` |
| Build failed    | `[Heroku][Build] {app_name} failed`    |

Each pulse includes the build ID, commit SHA, and the email of the user who triggered the build.

### Release Events

| Event            | Pulse Summary                             |
| ---------------- | ----------------------------------------- |
| Release deployed | `[Heroku][Release] {release description}` |

Each pulse includes the release version, status, commit SHA, and app name. Rootly filters out non-current release updates to avoid duplicate pulses from Heroku's release phase behavior.

<Note>
  Rootly tracks `api:build` and `api:release` webhook events. Dyno events (`api:dyno`) are received but not currently converted into pulses.
</Note>

## Workflow Action

### Run Command on Heroku

Executes a one-off command on a Heroku dyno and streams the output to Slack. Useful for running rollbacks, querying database state, or executing diagnostic scripts mid-incident.

<ParamField type="string">
  The command to run on the dyno. Supports [Liquid variables](/liquid/incident-variables) — for example, use `{{ incident.title }}` to reference the active incident.
</ParamField>

<ParamField type="string">
  The name of the Heroku app to run the command against.
</ParamField>

<ParamField type="enum">
  The size of the one-off dyno to spin up:

  * `standard-1X`
  * `standard-2X`

  Defaults to `standard-1X`.
</ParamField>

<ParamField type="integer">
  Maximum run time for the command in seconds. Capped at **1800 seconds (30 minutes)** regardless of the value set. Defaults to `1800`.
</ParamField>

<ParamField type="boolean">
  When enabled, records the command run as an event on the incident timeline.
</ParamField>

<ParamField type="array">
  One or more Slack channels to receive the command output as a file attachment once execution completes.
</ParamField>

<Tip>
  Rootly connects to the dyno over TLS using the Rendezvous protocol, streams all output lines, and posts the collected output to Slack once the command completes or the dyno exits.
</Tip>

## Uninstall

To remove the Heroku integration:

1. Go to **Configuration → Integrations** and find **Heroku**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

Disconnecting removes the integration and deletes all Rootly-managed webhooks from your Heroku apps.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Build and release events are not appearing as pulses" icon="eye-slash">
    Confirm the app names are listed in the integration settings. Rootly only creates webhooks on explicitly listed apps. Also check that the connected Heroku account still has access to those apps — if permissions have changed, webhooks may have been removed.
  </Accordion>

  <Accordion title="Pulses are not linked to a service" icon="link-slash">
    Rootly links Heroku pulses to services by matching the **Heroku App Name** field on each service. Go to the affected service and confirm the field exactly matches the Heroku app name (case-sensitive).
  </Accordion>

  <Accordion title="Run Command fails or produces no output" icon="terminal">
    Confirm the app name is correct and the connected OAuth account has permission to create dynos on that app. If the command exits immediately, check that it's compatible with the app's runtime environment, buildpack, and Procfile.
  </Accordion>

  <Accordion title="The integration disconnected unexpectedly" icon="plug-circle-xmark">
    Heroku OAuth tokens can expire or be revoked if the authorizing user's account access changes. Reconnect using a service account to prevent future disruption. After reconnecting, verify webhooks have been re-created on your monitored apps.
  </Accordion>

  <Accordion title="Duplicate pulses are appearing for the same release" icon="copy">
    Heroku sends multiple webhook events during the release phase. Rootly filters out non-current updates, but each pipeline promotion generates its own release event — so deploys through multiple pipeline stages will produce multiple pulses by design.
  </Accordion>
</AccordionGroup>


# HiBob
Source: https://docs.rootly.com/integrations/hibob

Sync HiBob time off into Rootly via calendar feed to overlay vacations and PTO on on-call schedules and spot coverage gaps before pages fire.

## Overview

HiBob exposes your team's time-off data as a subscribe-able calendar feed. Point Rootly at that feed and vacations and PTO appear directly on top of your on-call schedule timeline. Shifts that overlap with someone's leave are highlighted, making it easy to create an override before the next page fires.

This is a read-only overlay. HiBob stays the source of truth for time off; Rootly polls the feed in the background and keeps the schedule view current.

***

## Exporting the Calendar Feed from HiBob

HiBob's calendar export is generated from a filtered view of the People's Time-Off page, so you can scope the feed to a specific team, department, or set of people before sharing it with Rootly.

<Steps>
  <Step title="Open The People's Time Off View">
    From the HiBob sidebar, navigate to the **People's Time Off** view.
  </Step>

  <Step title="Filter The View">
    In the top right, click **Filters** and choose which parts of the organization or which people you want the feed to cover.

    <Tip>
      If you want a feed of every person's time off, add the **"None"** filter. Without it, HiBob generates a feed of company events only and strips out individual names.
    </Tip>
  </Step>

  <Step title="Sync With An External Calendar">
    In the top right, click **Sync with external calendar**, then pick **Filtered view** and copy the URL HiBob generates.
  </Step>
</Steps>

Keep the URL handy — you'll paste it into Rootly next.

***

## Adding the Feed to Rootly

Once you have the HiBob feed URL, the rest of the setup happens inside Rootly's schedules view.

<Steps>
  <Step title="Open The Holiday Calendars Menu">
    In the Rootly dashboard, go to **On-Call → Schedules**. In the calendar preview area, open the **Holiday calendars** dropdown.
  </Step>

  <Step title="Add A Holiday Calendar">
    Select **Add your team's holiday calendar**, then choose **Add a holiday calendar**.
  </Step>

  <Step title="Paste The HiBob Feed URL">
    Paste the URL you copied from HiBob into the URL field.
  </Step>

  <Step title="Name The Calendar And Pick A Timezone">
    Give the calendar a descriptive name (for example, `HiBob — Engineering PTO`) so teammates know what it represents. Select the appropriate timezone, or leave it blank to let Rootly infer it from the feed.
  </Step>

  <Step title="Save And Toggle On">
    Click **Add**. Rootly fetches the calendar and begins syncing automatically. Back in the schedule view, select the new feed from the **Holiday calendars** dropdown to overlay HiBob time off on the on-call timeline.
  </Step>
</Steps>

<Tip>
  For the full behavior of holiday calendars in Rootly — conflict highlighting, recurring events, multi-region setups — see [Adding a Holiday Calendar](/on-call/holiday-calendar).
</Tip>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="HiBob events show up without people's names" icon="user-slash">
    HiBob strips names from the feed unless the filtered view includes a **"None"** filter. Re-generate the URL after adding **"None"** to the filter set.
  </Accordion>

  <Accordion title="HiBob time off isn't appearing in the schedule view" icon="eye-slash">
    The feed has to be toggled on per schedule preview. Open the **Holiday calendars** dropdown above the schedule and confirm the HiBob feed is selected.
  </Accordion>

  <Accordion title="Events appear at the wrong times or on the wrong day" icon="clock">
    The calendar timezone determines how all-day events align with on-call shifts. Remove the calendar and re-add it with the correct timezone, or leave the timezone field blank to let Rootly infer it from the feed.
  </Accordion>
</AccordionGroup>

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does this change my on-call schedule automatically?" icon="shield-check">
    No. Holiday calendars are read-only previews — they surface conflicts so you can decide whether to override, but they never reassign shifts.
  </Accordion>

  <Accordion title="Can I add more than one HiBob feed?" icon="layer-group">
    Yes. Generate a separate filtered view per team or region in HiBob, copy each URL, and add them to Rootly as independent feeds.
  </Accordion>

  <Accordion title="Will the feed include personal time-off categories or just public holidays?" icon="filter">
    The feed mirrors whatever your filtered view includes in HiBob. Use the HiBob filters to control whether the feed contains PTO, sick days, public holidays, or all of the above.
  </Accordion>
</AccordionGroup>


# Honeycomb
Source: https://docs.rootly.com/integrations/honeycomb

Receive Honeycomb alerts in Rootly to trigger incidents, notify Slack, page your on-call team, and automatically resolve alerts when triggers clear.

## Overview

Rootly receives alerts from Honeycomb via webhooks. When Honeycomb detects anomalies like latency spikes, error rate increases, or threshold breaches, it sends an alert to Rootly. From there, Rootly can create an incident, notify Slack, or page your on-call team automatically.

## Before You Begin

<Callout icon="triangle-exclamation">
  You will need a Honeycomb account with admin access to create API keys and alert policies, and a Rootly account with Admin permissions to create integrations.
</Callout>

## Step 1: Get Your API Key from Honeycomb

You will first create a Configuration API key in Honeycomb. Rootly uses this key to authenticate your environment and generate the webhook URL and secret needed in the next steps.

<Steps>
  <Step title="Open your Honeycomb environment">
    Log into Honeycomb and select the environment you want to integrate with Rootly.

    <Frame>
      <img alt="Honeycomb environments list" />
    </Frame>
  </Step>

  <Step title="Create a Configuration API Key">
    Go to **Settings → API Keys** and click **Create a Configuration API Key**.

    <Frame>
      <img alt="Honeycomb Settings menu with API Keys option" />
    </Frame>

    <Callout icon="triangle-exclamation">
      Honeycomb has two types of API keys: **Configuration** and **Management**. Rootly requires a **Configuration** (environment-level) key.
    </Callout>
  </Step>

  <Step title="Save the API Key">
    Name the key, set any permissions, and click **Create Key**. Copy the key immediately — you will need it in the next step.

    <Frame>
      <img alt="Create Configuration API Key dialog in Honeycomb" />
    </Frame>

    <Frame>
      <img alt="Copy API Key from Honeycomb" />
    </Frame>

    <Callout icon="circle-info">
      The API key is used only to authenticate Rootly to your Honeycomb environment and generate a webhook URL and secret. Rootly does not make direct calls to Honeycomb to read or write data.
    </Callout>
  </Step>
</Steps>

## Step 2: Connect Honeycomb in Rootly

Now that you have your Honeycomb API key, connect the integration in Rootly to generate the webhook URL and secret you will configure in Honeycomb.

<Steps>
  <Step title="Open Integrations">
    In Rootly, navigate to **Configuration → Integrations** and search for **Honeycomb**.

    <Frame>
      <img alt="Rootly sidebar showing Configuration and Integrations menu" />
    </Frame>

    <Frame>
      <img alt="Integrations page with Honeycomb search result" />
    </Frame>
  </Step>

  <Step title="Enter your API Key">
    Click **Setup**, paste your Honeycomb API key, and click **Connect**.

    <Frame>
      <img alt="Honeycomb integration setup modal in Rootly" />
    </Frame>
  </Step>

  <Step title="Copy your Webhook URL and Secret">
    After connecting, Rootly displays a **Webhook URL** and **Secret**. Copy both — you will need them in Step 3.

    <Frame>
      <img alt="Honeycomb integration connected showing webhook URL and secret" />
    </Frame>
  </Step>
</Steps>

## Step 3: Create a Webhook in Honeycomb

Now that you have the Webhook URL and Secret from Rootly, go back to Honeycomb and create a webhook integration that forwards alerts to Rootly. The webhook URL format depends on whether you want to page someone or just surface alerts.

<Steps>
  <Step title="Open Team Settings">
    In Honeycomb, navigate to **Account → Team Settings → Integrations**.

    <Frame>
      <img alt="Honeycomb Account menu with Team Settings" />
    </Frame>

    <Frame>
      <img alt="Honeycomb Integrations page with Add Integration button" />
    </Frame>
  </Step>

  <Step title="Add a Webhook integration">
    Click **Add Integration**, select **Webhook** as the provider, and give it a descriptive name (e.g., `Rootly Alerts` or `Page On-Call`).

    <Frame>
      <img alt="Webhook provider selection in Honeycomb" />
    </Frame>
  </Step>

  <Step title="Configure the Webhook URL">
    Choose the alert type and enter the appropriate URL:

    <Tabs>
      <Tab title="General Alerts">
        Alerts appear in Rootly's Alerts page without paging anyone. Use this for low-priority or informational notifications.

        ```
        https://webhooks.rootly.com/webhooks/incoming/honeycomb_webhooks?secret=YOUR_SECRET
        ```

        Replace `YOUR_SECRET` with the secret from Rootly.

        <Frame>
          <img alt="Webhook URL field in Honeycomb for general alerts" />
        </Frame>
      </Tab>

      <Tab title="Paging Alerts">
        Alerts trigger an on-call notification for a specific Rootly resource. Replace `RESOURCE_TYPE` and `RESOURCE_ID` with your target.

        ```
        https://webhooks.rootly.com/webhooks/incoming/honeycomb_webhooks/notify/RESOURCE_TYPE/RESOURCE_ID?secret=YOUR_SECRET
        ```

        | Parameter       | Allowed values                                 |
        | --------------- | ---------------------------------------------- |
        | `RESOURCE_TYPE` | `User`, `Group`, `EscalationPolicy`, `Service` |
        | `RESOURCE_ID`   | Found by editing the resource in Rootly        |
      </Tab>
    </Tabs>

    <Callout icon="triangle-exclamation">
      The secret must appear in both the Webhook URL query string **and** the Shared Secret field. They must match exactly.
    </Callout>
  </Step>

  <Step title="Save the integration">
    Click **Add** to create the webhook integration.

    <Frame>
      <img alt="Save webhook integration in Honeycomb" />
    </Frame>
  </Step>
</Steps>

<Callout icon="circle-check">
  Your webhook is now active. Any Honeycomb alert policy using this integration will send alerts to Rootly.
</Callout>

## Verify Installation

1. Go to the [Alerts page](https://rootly.com/account/alerts) in Rootly
2. Trigger a test alert in Honeycomb
3. Confirm the alert appears in Rootly within a few seconds

## Uninstall

To remove the Honeycomb integration:

1. Go to **Configuration → Integrations** and find **Honeycomb**
2. Click the **Connected** button to reveal the disconnect option
3. Click **Delete**

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>

<Callout icon="triangle-exclamation">
  Disconnecting in Rootly does not stop Honeycomb from sending alerts. Delete the webhook in Honeycomb under **Team Settings → Integrations** to stop alert delivery.
</Callout>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Alerts are not appearing in Rootly" icon="circle-exclamation">
    Verify the webhook URL includes the secret as a query parameter (`?secret=...`). Confirm the Shared Secret field in Honeycomb matches the URL secret exactly. Check that the alert policy in Honeycomb is using this webhook integration.
  </Accordion>

  <Accordion title="403 or authentication errors" icon="lock">
    The secret in the URL must match the Shared Secret field exactly — regenerate the secret in Rootly and update both places in Honeycomb if needed. Also verify you are using a **Configuration** API key, not a Management key.
  </Accordion>

  <Accordion title="Paging alerts are not triggering on-call" icon="phone">
    Verify you are using the `/notify/RESOURCE_TYPE/RESOURCE_ID` URL format. Confirm the resource type is one of `User`, `Group`, `EscalationPolicy`, or `Service`, and that the resource ID exists in Rootly.
  </Accordion>
</AccordionGroup>


# IP Whitelist
Source: https://docs.rootly.com/integrations/ip-whitelist

Whitelist Rootly's outbound IP addresses for integrations and webhook delivery to ensure secure network communication through firewalls and proxies.

## Overview

When connecting Rootly to your internal systems or third-party services, you may need to allow traffic from Rootly’s outbound IP addresses.

Rootly uses a fixed set of outbound IP addresses for:

* Integration traffic
* Outbound webhook delivery

If your infrastructure restricts inbound traffic by source IP, add the addresses below to your firewall, security group, or allowlist configuration.

## Security Considerations

IP whitelisting adds an extra layer of network security by helping you:

* Restrict access to trusted IP addresses
* Prevent unauthorized connections from unknown sources
* Meet internal security or compliance requirements
* Protect systems that receive data from Rootly

## Rootly Outbound IP Addresses

Add the following IPv4 addresses to your allowlist:

### Production IP Addresses

```text theme={null}
34.232.217.139/32
18.213.181.255/32
```

<Note>
  These addresses are used for both integration traffic and outbound webhook delivery.
</Note>

<Note>
  **IP Address Stability:** These production IP addresses are permanent and will not change. You can safely use them in long-term firewall rules and security policies.
</Note>

## Common Use Cases

### Webhook Endpoints

If Rootly sends webhooks to your systems:

* Whitelist both IP addresses on the receiving endpoint
* Ensure your endpoint accepts HTTPS traffic
* Verify your SSL certificates are valid

### API Access

If Rootly makes API calls to your services:

* Update firewall or load balancer rules to allow these IPs
* Confirm your API gateway accepts traffic from both addresses
* Test connectivity after making changes

## Testing Your Configuration

After updating your allowlist:

1. Verify integration connectivity in Rootly
2. Check integration or delivery logs for connection errors
3. Test webhook delivery if applicable
4. Review firewall or security logs to confirm traffic is allowed

<Warning>
  If these IP addresses are not properly allowlisted, integrations may fail, webhooks may not be delivered, and data synchronization may be incomplete.
</Warning>

## Getting IP Ranges via API

You can also retrieve the current IP ranges programmatically using Rootly’s IP ranges API.

The API returns:

* `integrations_ipv4`
* `integrations_ipv6`
* `webhooks_ipv4`
* `webhooks_ipv6`

This is useful if you want to automate allowlist updates or verify the current published ranges from code instead of hardcoding them.

## IPv6

Rootly also exposes IPv6 fields in the IP ranges API. If IPv6 ranges are added in the future, they will be reflected there alongside the IPv4 ranges.

## Need Help?

If you run into issues with IP allowlisting, contact [support@rootly.com](mailto:support@rootly.com) and include your integration details and network configuration.


# Jira (On-Premise)
Source: https://docs.rootly.com/integrations/jira-on-premise

Connect Rootly with your Jira Data Center or on-premise instance using URL, username/password, or Personal Access Token authentication.

## Introduction

The Jira On-Premise integration connects Rootly with your self-hosted Jira Data Center instance. It supports the same workflow actions as [Jira Cloud](/integrations/jira) — creating issues, subtasks, and syncing status — but authenticates directly against your instance URL rather than through OAuth.

You can connect with **username + password** (Basic Auth) or a **Personal Access Token (PAT)**. Multiple instances are supported, allowing you to connect more than one Jira Data Center environment to a single Rootly organization.

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* Your Jira Data Center instance URL (publicly accessible or network-reachable from Rootly)
* A Jira account with the following permissions: Create Issues, Edit Issues, Assign Issues, Transition Issues, Close Issues, Link Issues
* Username + password **or** a Personal Access Token

<Callout icon="user-shield">
  We recommend installing with a dedicated Jira service account so the integration does not break if an individual user leaves your organization.
</Callout>

<Callout icon="triangle-exclamation">
  If your Jira instance is in a private network, you must whitelist Rootly's IP addresses before installation. See [IP Allowlist](#ip-allowlist) below.
</Callout>

## Installation

<Steps>
  <Step title="Open the Jira (On-Premise) integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Jira (On-Premise)**.
  </Step>

  <Step title="Enter your instance details" icon="server">
    Provide the following:

    **Instance URL**
    The base URL of your Jira Data Center instance (e.g. `https://jira.yourcompany.com`).

    **Internal URL** *(optional)*
    An internal network URL for Rootly to use when calling your instance. If set, Rootly uses this URL for API calls while displaying the public Instance URL in the UI.

    **SSL Verify Mode** *(optional)*
    Controls how Rootly verifies your instance's SSL certificate. Leave blank to use the default (`VERIFY_PEER`). Options:

    | Mode                          | Behavior                                  |
    | ----------------------------- | ----------------------------------------- |
    | `VERIFY_PEER`                 | Default — verifies the server certificate |
    | `VERIFY_CLIENT_ONCE`          | Verifies the client certificate only once |
    | `VERIFY_FAIL_IF_NO_PEER_CERT` | Fails if no peer certificate is provided  |
    | `VERIFY_NONE`                 | Disables certificate verification         |

    <Callout icon="triangle-exclamation">
      Only use `VERIFY_NONE` if your instance uses a self-signed certificate in a trusted internal network. Disabling verification exposes you to man-in-the-middle attacks.
    </Callout>
  </Step>

  <Step title="Authenticate" icon="key">
    Provide either a **username + password** or a **Personal Access Token** — not both.

    * **Username + Password** — use your Jira Data Center account credentials
    * **Personal Access Token** — generate a PAT from your Jira profile under **Profile > Personal Access Tokens**

    <Callout icon="info">
      Rootly automatically refreshes Personal Access Tokens when they are within 5 days of expiry. Tokens are assumed to have a 30-day lifetime.
    </Callout>

    Select **Connect** to validate the connection and complete installation.

    <Callout icon="circle-check">
      After installation, the same workflow actions available for Jira Cloud are available for your on-premise instance: **Create a Jira Issue**, **Create a Jira Subtask**, and **Update a Jira Issue**.
    </Callout>
  </Step>
</Steps>

## IP Allowlist

If your Jira instance is hosted in a private network or behind a firewall, allowlist the following Rootly IP addresses so our servers can reach your instance:

<Callout icon="shield">
  * `34.232.217.139`
  * `18.213.181.255`
</Callout>

## Workflow Actions

The Jira On-Premise integration shares the same workflow actions as Jira Cloud. Refer to the [Jira Cloud documentation](/integrations/jira) for the full reference on:

* Create a Jira Issue
* Create a Jira Subtask
* Update a Jira Issue

When configuring workflow actions, select your on-premise instance from the **Account** dropdown.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Rootly cannot connect to my Jira instance" icon="circle-exclamation">
    Verify that your instance URL is publicly accessible or that Rootly's IP addresses (`34.232.217.139` and `18.213.181.255`) are allowlisted in your firewall. Confirm the URL includes the correct port if your instance does not run on the default HTTPS port.
  </Accordion>

  <Accordion title="SSL certificate errors during installation" icon="lock">
    If your instance uses a self-signed or internal CA certificate, try setting the **SSL Verify Mode** to `VERIFY_NONE` as a temporary test. For production use, configure your instance with a certificate that Rootly can verify, or use `VERIFY_PEER` with a certificate from a trusted CA.
  </Accordion>

  <Accordion title="Personal Access Token is being rejected" icon="key">
    Confirm the token has not expired and that it was generated by a user with the required Jira permissions. If the token was recently rotated, update the integration credentials in Rootly under **Configure**.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Jira On-Premise integration, open the integrations panel in Rootly and select **Configure > Delete**. Removing the integration disables any internal workflows associated with this instance.


# Installation
Source: https://docs.rootly.com/integrations/jira/installation

Connect your Jira Cloud instance to Rootly for bidirectional incident and issue synchronization, custom field mapping, and automatic ticket creation.

Setting up the Jira integration involves two parts: connecting your Jira account via OAuth and configuring a webhook so Jira can send events back to Rootly. Both are required for full bidirectional sync.

## Prerequisites

<Warning>
  **Before you start, you'll need:**

  * A Rootly account with **Admin** or **Owner** permissions
  * A **Jira Cloud** account with admin rights to your instance
</Warning>

## Required Jira Permissions

The Jira account you use to install must have these permissions:

| Permission            | Description                                   |
| --------------------- | --------------------------------------------- |
| **Assign issues**     | Ability to assign issues to users             |
| **Close issues**      | Ability to close issues                       |
| **Create issues**     | Ability to create new issues                  |
| **Delete issues**     | Ability to delete issues                      |
| **Edit issues**       | Ability to edit existing issues               |
| **Link issues**       | Ability to link issues to one another         |
| **Transition issues** | Ability to transition issues between statuses |

<Info>
  Learn more about Jira permissions in [Atlassian's documentation](https://confluence.atlassian.com/adminjiraserver073/managing-project-permissions-861253293.html).
</Info>

## Required OAuth Scopes

Rootly requests these OAuth scopes during installation:

<Accordion title="View all 28 OAuth scopes">
  **Read permissions:**

  * `read:application-role:jira`
  * `read:avatar:jira`
  * `read:field-configuration:jira`
  * `read:group:jira`
  * `read:issue:jira`
  * `read:issue-status:jira`
  * `read:issue-meta:jira`
  * `read:issue-security-level:jira`
  * `read:issue-type:jira`
  * `read:issue-type-hierarchy:jira`
  * `read:issue.changelog:jira`
  * `read:issue.transition:jira`
  * `read:issue.vote:jira`
  * `read:priority:jira`
  * `read:project:jira`
  * `read:project-category:jira`
  * `read:project-version:jira`
  * `read:project.component:jira`
  * `read:project.property:jira`
  * `read:status:jira`
  * `read:user:jira`
  * `read:user.property:jira`

  **Write permissions:**

  * `write:attachment:jira`
  * `write:comment:jira`
  * `write:comment.property:jira`
  * `write:issue:jira`
  * `write:issue.property:jira`
</Accordion>

## Connect Jira to Rootly

The OAuth flow connects your Jira Cloud instance to Rootly. You'll be redirected to Jira to authorize the connection, then returned to Rootly automatically.

<Steps>
  <Step title="Go to Configuration → Integrations">
    In the Rootly sidebar, click **Configuration → Integrations**.

    <img alt="Rootly integrations menu" />
  </Step>

  <Step title="Find Jira Cloud and click Setup">
    Search for **Jira Cloud** and click **Setup**.

    <img alt="Jira Cloud integration setup" />
  </Step>

  <Step title="Authorize in Jira">
    You'll be redirected to Jira. Verify you're installing on the correct instance, then click **Accept**.

    <img alt="Jira OAuth authorization" />

    <img alt="Jira permissions acceptance" />
  </Step>

  <Step title="Installation complete">
    You'll be redirected back to Rootly with a success message confirming the connection.

    <img alt="Jira installation success" />
  </Step>
</Steps>

<Check>Your Jira Cloud instance is now connected to Rootly.</Check>

## Installing Additional Instances

If your organization uses multiple Jira Cloud instances, you can connect them separately.

<Note>
  A Jira Cloud **instance** is not the same as a Jira **project**. An instance is a separate domain (e.g., `company.atlassian.net`). You can have multiple projects within one instance — most organizations have a single instance with multiple projects.
</Note>

To add another instance:

1. Go to **Integrations** and search for **Jira Cloud**
2. Click **Set up another instance**
3. Follow the same authorization flow

<Warning>
  Make sure you're logged into the correct Jira instance in your browser before starting the authorization flow.
</Warning>

## Setting Up the Jira Webhook

To enable **Jira → Rootly sync**, you must configure a webhook in Jira. This allows Rootly to receive events when Jira issues are created or updated. Without this step, changes in Jira won't reflect back in Rootly.

<Steps>
  <Step title="Open Jira Webhooks">
    In Jira, navigate to **Settings → System → WebHooks**.

    <img alt="Jira system settings" />

    <img alt="Jira webhooks menu" />
  </Step>

  <Step title="Create a new webhook">
    Click **Create a WebHook**.

    <img alt="Create webhook button" />
  </Step>

  <Step title="Configure the webhook">
    Give it a descriptive name (e.g., "Rootly Webhook Listener") and ensure the status is set to **Enabled**.

    <img alt="Webhook name and status" />
  </Step>

  <Step title="Add the Rootly webhook URL">
    In Rootly, go to **Integrations → Jira → Configure** and copy the webhook URL. Paste it into the **URL** field in Jira.

    <img alt="Rootly webhook URL" />

    <img alt="Webhook URL field in Jira" />
  </Step>

  <Step title="Filter by project (optional)">
    To limit which projects send events to Rootly, add a JQL filter under **Issue related events**. Leave this blank to receive events from all projects.

    <img alt="JQL filter for projects" />
  </Step>

  <Step title="Select events">
    Choose the Jira events you want Rootly to receive — at minimum, select **issue created** and **issue updated**.

    <img alt="Webhook event selection" />
  </Step>

  <Step title="Keep request body enabled">
    Ensure **Exclude body** is **not** checked. Jira may enable this by default, but Rootly requires the full event payload to process events correctly.

    <img alt="Exclude body checkbox" />
  </Step>

  <Step title="Save the webhook">
    Click **Create** to save your webhook configuration.

    <img alt="Save webhook" />

    <img alt="Webhook created confirmation" />
  </Step>
</Steps>

<Check>Your Jira webhook is now configured for bidirectional sync.</Check>

## Verify Installation

Once connected, confirm the integration is working end-to-end:

1. **Check integration status** — The Jira tile in Rootly should show **Connected**.
2. **Test Rootly → Jira** — Create a test incident and verify that a Jira issue is created in the expected project.
3. **Test Jira → Rootly** — Create or update a Jira issue, then check the [Alerts page](https://rootly.com/account/alerts) in Rootly to confirm the event arrived.

<Tip>
  If events appear on the Alerts page, your webhook is configured correctly.
</Tip>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Jira integration not appearing after OAuth" icon="circle-x">
    **Issue:** After completing OAuth, Jira doesn't show under Connected Apps.

    **Solutions:**

    * Ensure you completed the full OAuth consent flow without navigating away
    * Confirm your Jira user has **admin** or **manage apps** permissions
    * Log out of other Jira accounts and retry authorization
    * Revoke the app in Jira (**Settings → Apps → Manage Apps**) and reconnect
  </Accordion>

  <Accordion title="Rootly cannot access Jira projects" icon="circle-x">
    **Issue:** Jira connects but no projects appear in Rootly.

    **Solutions:**

    * Verify your Jira account has **Browse Projects** permission
    * Check project-level permissions for **Create Issues**, **Edit Issues**, and **Add Comments**
    * Re-authenticate to refresh your permission scopes
  </Accordion>

  <Accordion title="Issue creation fails" icon="circle-x">
    **Issue:** Integration connects but Rootly can't create issues in Jira.

    **Solutions:**

    * Verify your Jira user has: Create Issues, Edit Issues, Assign Issues, Add Comments
    * Check for required custom fields in Jira that aren't being populated by Rootly
    * Confirm the issue type exists in the selected project
    * Review Jira workflow validators that may block external issue creation
  </Accordion>

  <Accordion title="Webhook events not appearing in Rootly" icon="circle-x">
    **Issue:** Jira events don't show on Rootly's Alerts page.

    **Solutions:**

    * Verify the webhook URL in Jira matches the one from Rootly
    * Ensure **Exclude body** is NOT checked in the Jira webhook settings
    * Confirm the webhook status is **Enabled**
    * Check that your JQL filter (if used) includes the project you're testing with
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Jira integration:

1. Go to **Configuration → Integrations** and find **Jira**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

<Warning>
  Disconnecting Rootly does **not** remove the webhook from Jira. To stop Jira from sending events, you must also delete the webhook in Jira under **Settings → System → WebHooks**.
</Warning>


# Jira
Source: https://docs.rootly.com/integrations/jira/jira

Set up bidirectional sync between Rootly incidents and Jira issues with field mapping, automated ticket creation, status updates, and custom workflows.

Rootly's Jira integration keeps incidents and Jira issues in sync. When an incident is declared, a Jira issue is automatically created. Updates flow both ways: incident changes update Jira, and Jira changes can update incidents.

<CardGroup>
  <Card title="Smart Defaults" icon="bolt">
    Auto-create Jira issues at incident start without building workflows
  </Card>

  <Card title="Custom Workflows" icon="diagram-project">
    Advanced automation with triggers, conditions, and multiple actions
  </Card>

  <Card title="Field Mapping" icon="table-columns">
    Map incident data to Jira native and custom fields
  </Card>

  <Card title="Action Items → Subtasks" icon="list-tree">
    Follow-up tasks become Jira subtasks linked to the parent issue
  </Card>
</CardGroup>

***

## How It Works

<Steps>
  <Step title="Connect Jira">
    Authenticate via OAuth and configure webhooks for bidirectional sync.
  </Step>

  <Step title="Configure Automation">
    Use Smart Defaults for instant setup, or build custom workflows for conditional logic.
  </Step>

  <Step title="Incident Declared">
    When an incident is created, Rootly automatically creates a Jira issue.
  </Step>

  <Step title="Updates Flow Both Ways">
    Changes to incidents update Jira. Jira events can trigger incident updates.
  </Step>
</Steps>

***

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/jira/installation">
    Connect Jira and set up webhooks
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/jira/workflows">
    Configure Smart Defaults and custom workflows
  </Card>

  <Card title="Jira → Rootly" icon="arrow-left" href="/integrations/jira/jira-to-rootly-sync">
    Create incidents from Jira events
  </Card>
</CardGroup>


# Jira to Rootly Sync
Source: https://docs.rootly.com/integrations/jira/jira-to-rootly-sync

Create and update Rootly incidents automatically from Jira events using alert workflows, with field mapping, status sync, and custom routing logic.

When a Jira issue is created or updated, Rootly can automatically create or update a corresponding incident. This enables bidirectional sync between the two systems — Jira events flow in through the webhook you configured during installation, appear as alerts in Rootly, and are processed by alert workflows.

<Warning>
  **Webhook Required** — You must first [set up a webhook](/integrations/jira/installation#setting-up-the-jira-webhook) in Jira to send events to Rootly before this will work.
</Warning>

***

## How It Works

1. Jira sends events to Rootly via webhook
2. Events appear as alerts on Rootly's **[Alerts page](https://rootly.com/account/alerts)**
3. Alert workflows process these events and create or update incidents

***

## Create an Alert Workflow

<Steps>
  <Step title="Create a new workflow">
    Go to **Workflows → Create Workflow** and select **Alert** as the workflow type.
  </Step>

  <Step title="Set the trigger">
    Select **Alert Created** as the trigger. This fires whenever a new alert arrives in Rootly — including events from Jira.
  </Step>

  <Step title="Add conditions">
    Filter to only process Jira alerts so the workflow doesn't fire on unrelated alert sources. You can filter by source and by label:

    * Set **Source** equals `Jira`
    * Use label filters to narrow by event type or project:
      * `event:jira:issue_created` — responds to new Jira issues
      * `event:jira:issue_updated` — responds to Jira issue updates
      * `project_key:YOUR_PROJECT` — (optional) limits to a specific Jira project

    For more targeted filtering, use the **Payload** condition with JSON path syntax (e.g., `$.issue.fields.issuetype.name`). You can preview your syntax using the [JSON Path Explorer](https://rootly.com/account/help/json-path-explorer).

    <Note>
      Only a single payload field can be filtered at a time. Use label conditions as much as possible before falling back to payload filtering.
    </Note>
  </Step>

  <Step title="Add an action">
    Choose **Create Incident** or **Update Incident** from the action picker depending on whether you want to open a new incident or update an existing one.
  </Step>
</Steps>

***

## Actions

<Tabs>
  <Tab title="Create Incident">
    Creates a new Rootly incident from a Jira alert.

    Use `{{ alert.data.* }}` to reference Jira fields when populating incident properties:

    | Incident Field | Jira Source                                 |
    | -------------- | ------------------------------------------- |
    | Title          | `{{ alert.data.issue.fields.summary }}`     |
    | Summary        | `{{ alert.data.issue.fields.description }}` |

    **Link back to Jira** — Add this to Custom Field Mapping so Rootly knows which Jira issue this incident came from. This mapping is required if you later want to update the incident when the Jira issue changes.

    ```json theme={null}
    {
      "jira_issue_id": "{{ alert.data.issue.id }}",
      "jira_issue_url": "https://your-instance.atlassian.net/browse/{{ alert.data.issue.key }}"
    }
    ```
  </Tab>

  <Tab title="Update Incident">
    Updates an existing Rootly incident based on a Jira update. Rootly needs to know which incident corresponds to the incoming Jira event — configure these fields to match them:

    | Field              | Value                       |
    | ------------------ | --------------------------- |
    | Attribute to Match | `jira_issue_id`             |
    | Attribute Value    | `{{ alert.data.issue.id }}` |
  </Tab>
</Tabs>

***

## Field Mapping Examples

Use Custom Field Mapping to dynamically set incident properties from Jira data.

<AccordionGroup>
  <Accordion title="Set Severity from Jira Priority">
    Maps Jira priority levels to Rootly severity IDs. Adjust the priority names to match your Jira configuration.

    ```json theme={null}
    {
      {% if alert.data.issue.fields.priority.name == 'Highest' %}
        "severity_id": "SEV0"
      {% elsif alert.data.issue.fields.priority.name == 'High' %}
        "severity_id": "SEV1"
      {% elsif alert.data.issue.fields.priority.name == 'Medium' %}
        "severity_id": "SEV2"
      {% else %}
        "severity_id": "SEV3"
      {% endif %}
    }
    ```
  </Accordion>

  <Accordion title="Set Status from Jira Status">
    Maps Jira workflow statuses to Rootly incident statuses. Replace the Jira status names with your actual values.

    ```json theme={null}
    {
      {% if alert.data.issue.fields.status.name == 'To Do' %}
        "status": "in_triage"
      {% elsif alert.data.issue.fields.status.name == 'In Progress' %}
        "status": "active"
      {% elsif alert.data.issue.fields.status.name == 'Done' %}
        "status": "resolved"
      {% else %}
        "status": "cancelled"
      {% endif %}
    }
    ```

    <Info>
      Valid Rootly statuses: `in_triage`, `active`, `resolved`, `closed`, `cancelled`
    </Info>
  </Accordion>

  <Accordion title="Set Custom Field (Hardcoded)">
    Sets a Rootly custom field to a fixed value. Replace `form_field_id` with your actual field ID.

    ```json theme={null}
    {
      "form_field_selections_attributes": [{
        "form_field_id": "YOUR_FIELD_ID",
        "value": "Production"
      }]
    }
    ```
  </Accordion>

  <Accordion title="Set Custom Field (From Jira)">
    Pulls a value from a Jira custom field and sets it on the Rootly incident. Inspect the alert payload to find the correct field path.

    ```json theme={null}
    {
      "form_field_selections_attributes": [{
        "form_field_id": "YOUR_FIELD_ID",
        "value": "{{ alert.data.issue.fields.customfield_10001 }}"
      }]
    }
    ```

    <Tip>
      Find the correct JSON path by inspecting alert payloads on the **Alerts** page in Rootly.
    </Tip>
  </Accordion>

  <Accordion title="Set Multi-Select Custom Field">
    For single or multi-select Rootly custom fields, use `selected_option_ids` instead of `value`.

    ```json theme={null}
    {
      "form_field_selections_attributes": [{
        "form_field_id": "YOUR_FIELD_ID",
        "selected_option_ids": ["option_id_1", "option_id_2"]
      }]
    }
    ```
  </Accordion>
</AccordionGroup>

***

## Debugging

| Error                            | Cause                              | Fix                                              |
| -------------------------------- | ---------------------------------- | ------------------------------------------------ |
| `unknown attribute for Incident` | Invalid field name or wrong syntax | Verify the field is enabled for workflow updates |
| `unexpected token`               | Invalid JSON in custom mapping     | Check your JSON syntax                           |

<Tip>
  View error details: **Workflows → Your Workflow → ... → View Runs → View**
</Tip>


# Rootly to Jira Sync
Source: https://docs.rootly.com/integrations/jira/rootly-to-jira-sync

Configure Rootly workflows to create and update Jira issues from incidents with native and custom field mapping, project routing, and assignee logic.

This page covers the Rootly workflow actions for writing to Jira — creating issues, updating them, and creating subtasks. For the reverse direction (Jira events updating Rootly), see [Jira → Rootly Sync](/integrations/jira/jira-to-rootly-sync).

## Workflow Actions

<AccordionGroup>
  <Accordion title="Create Jira Issue" icon="plus">
    Creates a new ticket in a Jira project. You must select the **Project Key** and **Issue Type** for the ticket to be created correctly.

    This action can be used for both incidents and action items. For action items, using **Create Jira Subtask** is recommended if your team uses subtasks — but if not, this action works as well.

    <Frame>
      <img alt="Create Jira Issue action" />
    </Frame>

    <ParamField type="select">
      The Jira project where the issue will be created.
    </ParamField>

    <ParamField type="select">
      The type of Jira issue to create. Options are pulled from the selected project.
    </ParamField>

    <ParamField type="string">
      The title of the Jira issue. Supports Liquid syntax (e.g., `{{ incident.title }}`).
    </ParamField>

    <ParamField type="string">
      The description of the Jira issue. Supports Liquid syntax (e.g., `{{ incident.summary }}`).
    </ParamField>

    <ParamField type="string">
      Assign the Jira issue to a user by email. Supports Liquid syntax.
    </ParamField>
  </Accordion>

  <Accordion title="Update Jira Issue" icon="pen-to-square">
    Updates an existing ticket in Jira. You must reference the issue in the **Jira Issue to Update** field using `{{ incident.jira_issue_id }}`.

    <Frame>
      <img alt="Update Jira Issue action" />
    </Frame>

    <Warning>
      This action only works if a Jira issue has already been created and linked to the incident.
    </Warning>

    <ParamField type="string">
      Reference to the existing Jira issue. Use `{{ incident.jira_issue_id }}` to dynamically target the issue linked to the current incident.
    </ParamField>

    <ParamField type="string">
      Updated title of the Jira issue. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      Updated description. Supports Liquid syntax.
    </ParamField>

    <ParamField type="select">
      Transition the issue to a new status. Options are pulled from the selected project and issue type.
    </ParamField>

    <ParamField type="string">
      Reassign the Jira issue to a different user. Supports Liquid syntax.
    </ParamField>
  </Accordion>

  <Accordion title="Create Jira Subtask" icon="list-tree">
    Creates a subtask under an existing Jira issue. Intended for **action items** or **sub-incidents**. The **Project Key** must match the one used when creating the parent issue.

    <Frame>
      <img alt="Create Jira Subtask action" />
    </Frame>

    <ParamField type="string">
      Reference to the parent Jira issue. Use `{{ incident.jira_issue_id }}` to link the subtask to the current incident's issue.
    </ParamField>

    <ParamField type="select">
      Must match the project used to create the parent issue.
    </ParamField>

    <ParamField type="string">
      Title of the subtask. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      Description of the subtask. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      Assign the subtask to a user by email. Supports Liquid syntax.
    </ParamField>
  </Accordion>
</AccordionGroup>

***

## Jira Native Field Mapping

Some Jira fields behave differently than standard custom fields.

<Warning>
  These mappings go in the **Custom Fields Mapping** section of the Jira action, not the API Payload section.
</Warning>

<AccordionGroup>
  <Accordion title="Labels (Native Jira Field)">
    Jira's native Labels field uses a different syntax than custom label-type fields.

    <Frame>
      <img alt="Labels native field mapping" />
    </Frame>

    ```json theme={null}
    // Rootly native multi-select → Jira native Labels
    "customfield_12345": {{ incident.service_slugs | join: ","}}

    // Rootly custom multi-select → Jira native Labels
    "customfield_10033": {{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options' | map: 'value' | join: "," }}
    ```
  </Accordion>

  <Accordion title="Team (Native Jira Field)">
    Jira's native Team field is stored as a custom field and only allows a single team selection.

    ```json theme={null}
    // Static Jira Team ID
    "customfield_10001": "<jira_team_id>"

    // Dynamic: Rootly team → Jira Team (using description field to store the Jira team ID)
    "customfield_10001": "{{ incident.raw_groups[0] | get: 'description' }}"
    ```
  </Accordion>
</AccordionGroup>

***

## Custom Fields Mapping

The **Custom Fields Mapping** section lets you map Rootly incident data to Jira custom fields dynamically. To access it, open the **Advanced** tab in any Jira workflow action.

<Frame>
  <img alt="Advanced tab for custom field mapping" />
</Frame>

To use custom field mapping, you'll need to know:

* The **custom field ID** in Jira (e.g., `customfield_12345`)
* The **field type** in Jira
* The **incident property** in Rootly to map from

<Note>
  Find Jira custom field IDs with this [Atlassian article](https://confluence.atlassian.com/jirakb/how-to-find-id-for-custom-field-s-744522503.html). Browse Rootly's available Liquid variables in the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer).
</Note>

<AccordionGroup>
  <Accordion title="Text and Paragraph Fields">
    ```json theme={null}
    // Rootly native field → Jira text
    "customfield_12345": "{{ incident.functionalities }}"

    // Rootly custom field → Jira text
    "customfield_12345": "{{ incident.custom_fields | find: 'custom_field.slug', 'your-slug' | get: 'selected_options' | map: 'value' }}"
    ```
  </Accordion>

  <Accordion title="Single Select Fields">
    Note the `{ "value": ... }` wrapper required by Jira:

    ```json theme={null}
    // Rootly team name → Jira single select
    "customfield_12345": { "value": "{{ incident.raw_groups | first | get: 'name' }}" }

    // Rootly custom field → Jira single select
    "customfield_12345": { "value": "{{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options' | map: 'value' }}" }
    ```
  </Accordion>

  <Accordion title="Multi-Select Fields">
    **Simple approach (Rootly custom multi-select):**

    ```json theme={null}
    "customfield_12345": {{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options' | to_values }}
    ```

    **Manual array building (Rootly native fields):**

    ```liquid theme={null}
    {% assign functions = incident.functionalities %}
    {% assign array = "" %}
    {% for function in functions %}
      {% assign item = '{"value":"' | append: function | append: '"}' %}
      {% assign array = array | append: item | append: "," %}
    {% endfor %}
    {% capture final_array %}[{{ array | remove_last: ',' }}]{% endcapture %}
    "customfield_12345": {{ final_array }}
    ```
  </Accordion>

  <Accordion title="Labels Fields (Custom)">
    For Jira custom fields of type "Labels" (different from the native Labels field):

    ```json theme={null}
    // Rootly native multi-select → Jira labels
    "customfield_12345": {{ incident.service_slugs | to_json }}

    // Rootly custom multi-select → Jira labels
    "customfield_10033": {{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options' | map: 'value' | to_json }}
    ```
  </Accordion>

  <Accordion title="Number Fields">
    ```json theme={null}
    "customfield_26117": {{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options.value' }}
    ```
  </Accordion>

  <Accordion title="Date/Time Fields">
    Must use ISO 8601 format:

    ```json theme={null}
    // Rootly incident start time → Jira datetime
    "customfield_10030": "{{ incident.started_at | date: '%FT%T%:z' }}"

    // Rootly custom datetime → Jira datetime
    "customfield_26218": "{{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options.value' | date: '%Y-%m-%dT%H:%M:%S.%d%z' }}"
    ```
  </Accordion>

  <Accordion title="User Fields">
    **Single user:**

    ```json theme={null}
    {% assign jira_email = incident.roles | find: 'incident_role.slug', 'incident-commander' | get: 'user.email' %}
    "customfield_20825": { "id": "{{ team.jira_users | where: 'email', jira_email | first | get: 'account_id' }}" }
    ```

    **Multiple users:**

    ```json theme={null}
    {% assign jira_email = incident.roles | find: 'incident_role.slug', 'incident-commander' | get: 'user.email' %}
    "customfield_20825": [{ "id": "{{ team.jira_users | where: 'email', jira_email | first | get: 'account_id' }}" }]
    ```
  </Accordion>
</AccordionGroup>

***

## API Payload

The **API Payload** section provides direct access to Jira's REST API for advanced field updates not available through Custom Fields Mapping.

<AccordionGroup>
  <Accordion title="Set Priority Based on Severity">
    ```liquid theme={null}
    {% if incident.severity_slug == 'sev0' %}
      { "priority": [ { "set": { "name" : "High" } } ] }
    {% elsif incident.severity_slug == 'sev1' %}
      { "priority": [ { "set": { "name" : "Medium" } } ] }
    {% elsif incident.severity_slug == 'sev2' %}
      { "priority": [ { "set": { "name" : "Low" } } ] }
    {% endif %}
    ```
  </Accordion>

  <Accordion title="Add a Comment">
    Add a comment to an existing Jira issue. Only works with the **Update Jira Issue** action.

    ```json theme={null}
    {
      "comment": [
        {
          "add": {
            "body": "Enter your message here. Liquid syntax is supported."
          }
        }
      ]
    }
    ```
  </Accordion>

  <Accordion title="Link Issues Together">
    Link a Jira issue (e.g., for an action item) to the parent incident issue.

    **"Relates to" link:**

    ```json theme={null}
    {
      "issuelinks": [
        {
          "add": {
            "type": { "name": "Relates", "outward": "relates to" },
            "outwardIssue": { "id": "{{ incident.jira_issue_id }}" }
          }
        }
      ]
    }
    ```

    **Custom "Action item for" link:**

    ```json theme={null}
    {
      "issuelinks": [
        {
          "add": {
            "type": { "name": "Action", "outward": "action item for" },
            "outwardIssue": { "id": "{{ incident.jira_issue_id }}" }
          }
        }
      ]
    }
    ```
  </Accordion>

  <Accordion title="Set Native Labels Field">
    ```json theme={null}
    {
      "labels": [{ "set": ["label1", "label2"] }]
    }
    ```
  </Accordion>

  <Accordion title="Set Components Field">
    Maps Rootly services to Jira Components. Service names in Rootly must match component names in Jira exactly.

    ```liquid theme={null}
    {% assign components = incident.services %}
    {
      "components": [
        {
          "set": [
          {% for component in components %}
            { "name": "{{ component }}" }{% unless forloop.last %},{% endunless %}
          {% endfor %}
          ]
        }
      ]
    }
    ```

    <Warning>
      If a component name doesn't exist in Jira, the update will fail.
    </Warning>
  </Accordion>
</AccordionGroup>

***

## Debugging

To view error details, locate the workflow in Rootly, then select **... → View Runs → View**.

| Error                                              | Cause                                                         | Fix                                                       |
| -------------------------------------------------- | ------------------------------------------------------------- | --------------------------------------------------------- |
| `issue_id cannot be null.`                         | The Jira issue you're trying to update doesn't exist yet      | Ensure the Create action runs before the Update action    |
| `"customfield_12345": "Custom Field is required."` | A required Jira custom field isn't being populated            | Add a mapping for the field, or make it optional in Jira  |
| `unexpected token at '{ "customfield_10032": }'`   | Custom mapping syntax is invalid                              | Fix your JSON syntax                                      |
| `Specify a valid project ID or key`                | The selected Project Key isn't available in the Jira instance | Reselect the Jira instance, then reselect the Project Key |
| `The issue type selected is invalid.`              | The selected issue type doesn't exist in the project          | Reselect the Project Key, then reselect the Issue Type    |


# Workflows
Source: https://docs.rootly.com/integrations/jira/workflows

Automate Jira issue creation and updates from Rootly incidents using Smart Defaults or custom workflow automation with project, fields, and label support.

Rootly gives you two ways to automate Jira issue creation and updates. Smart Defaults provides instant, zero-configuration automation. Custom Workflows let you add conditions, multiple actions, and advanced routing logic.

## Automation Options

<CardGroup>
  <Card title="Smart Defaults" icon="bolt">
    **Setup fast and effortless**

    Automatically create and manage Jira issues at incident start using pre-configured settings
  </Card>

  <Card title="Custom Workflow" icon="bars-staggered">
    Use workflows for conditional or advanced Jira issue automation
  </Card>
</CardGroup>

***

## Smart Defaults

Smart Defaults let you automatically generate a Jira issue whenever an incident begins — without building a workflow. New Rootly accounts have Smart Defaults enabled automatically. Existing accounts have it off by default to avoid conflicting with existing workflows.

To configure Smart Defaults, go to **Integrations → Jira → Configure**.

<AccordionGroup>
  <Accordion title="Webhook" icon="webhook">
    Configure webhooks in your Jira Admin using this endpoint to allow updates made in Jira to reflect back in Rootly.

    <Note>
      See [Setting Up Jira Webhook](/integrations/jira/installation#setting-up-the-jira-webhook) for detailed steps.
    </Note>

    <img alt="Jira webhook URL configuration in Rootly" />
  </Accordion>

  <Accordion title="Jira Ticket for Incidents" icon="ticket">
    This section controls how Jira tickets are created from Rootly incidents.

    <img alt="Jira ticket configuration panel for incidents" />

    <ParamField type="toggle">
      Automatically create a Jira ticket in the specified project as soon as an incident is declared in Rootly.
    </ParamField>

    <ParamField type="select">
      The Jira project where tickets will be created. If you need to route tickets to different projects based on conditions, disable this and use custom workflows instead.
    </ParamField>

    <ParamField type="select">
      The type of Jira issue to create. Options are pulled from the project specified in Project Key.
    </ParamField>

    <ParamField type="select">
      The initial status of the new ticket. Options are pulled from the selected project and issue type.
    </ParamField>

    <ParamField type="string">
      The Summary field of the Jira ticket. Defaults to `{{ incident.title }}`. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      The Description field of the Jira ticket. Defaults to `{{ incident.summary }}`. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      Assign the Jira ticket to a user by email address. If blank, the ticket is assigned to the incident creator. Supports Liquid syntax.
    </ParamField>

    <ParamField type="toggle">
      Automatically create a bookmark to the Jira ticket in the incident's Slack channel for quick access.
    </ParamField>

    <ParamField type="toggle">
      Automatically update the matching Jira ticket whenever the incident is updated. This is one-way: changes flow from Rootly to Jira only.
    </ParamField>
  </Accordion>

  <Accordion title="Jira Ticket for Action Items" icon="list-check">
    This section controls how Jira subtasks are created from Rootly action items.

    <img alt="Jira subtask configuration for action items" />

    <ParamField type="toggle">
      Automatically create a Jira subtask under the parent Jira ticket every time a new action item is created in Rootly.
    </ParamField>

    <ParamField type="select">
      Leave this field **blank**. Jira subtasks can only be one type. This field will be expanded in a future release.
    </ParamField>

    <ParamField type="select">
      The initial status of the new subtask. Options are pulled from the project specified in Project Key.
    </ParamField>

    <ParamField type="toggle">
      Automatically update the matching Jira subtask whenever an action item is updated. This is one-way: changes flow from Rootly to Jira only.
    </ParamField>

    <ParamField type="toggle">
      Automatically set the Jira subtask priority to match the action item priority in Rootly.
    </ParamField>
  </Accordion>
</AccordionGroup>

<Note>
  Use Smart Defaults when you want instant, built-in Jira issue automation without touching workflows. Build a workflow when you need conditions, custom triggers, multiple actions, or more advanced issue routing.
</Note>

***

## Custom Workflows

Custom workflows give you full control over when and how Jira issues are created or updated. You can filter by severity, service, environment, and more — or chain multiple Jira actions together in a single workflow.

<Steps>
  <Step title="Create a new workflow">
    Open **Rootly → Workflows → Create Workflow** and choose the workflow type that matches your use case.

    <img alt="Rootly workflows page" />

    <img alt="Create workflow button" />

    <img alt="Workflow type selection showing Incident, Retrospective, and Pulse options" />
  </Step>

  <Step title="Configure triggers">
    Triggers define when the workflow runs. Choose the event that should create or update a Jira issue.

    <img alt="Workflow trigger configuration options" />

    | Trigger                         | What it does                                             |
    | ------------------------------- | -------------------------------------------------------- |
    | **Incident Created**            | Creates a Jira issue as soon as a new incident is opened |
    | **Incident Updated**            | Fires when fields like severity or status change         |
    | **Incident Status Changed**     | Triggers when the incident moves to a specific status    |
    | **Incident Commander Assigned** | Fires once someone takes ownership                       |
    | **Manual Trigger**              | Run manually from the UI when needed                     |

    <Tip>
      Choose the trigger that fires only when you actually need a Jira issue. Avoid creating issues earlier than necessary.
    </Tip>
  </Step>

  <Step title="Add conditions">
    Conditions let you control when the workflow should run after it's been triggered. This keeps your Jira project clean by limiting automation to the incidents that matter.

    <img alt="Workflow conditions panel showing filter options" />

    Common condition setups:

    * **Severity-based** — Only create Jira issues for SEV-1 or SEV-2 incidents
    * **Team or service filters** — Only fire for incidents impacting specific teams or services
    * **Incident type** — Ensure the workflow only runs when the Kind is set to Incident
    * **Environment** — Trigger only for customer-facing or production-impacting incidents

    <Tip>
      Use conditions to avoid unnecessary Jira issues and keep the workflow focused.
    </Tip>
  </Step>

  <Step title="Add a Jira action">
    Actions are the steps that run when the workflow fires. Click **Add Action**, then search for **Jira** to see the available actions.

    <img alt="Add action button in workflow editor" />

    <img alt="Jira action search in action picker" />

    #### Create Jira Issue

    Creates a new Jira issue for an incident or retrospective.

    <img alt="Create Jira Issue action configuration" />

    <ParamField type="string">
      Optional label for this action. Does not affect behavior.
    </ParamField>

    <ParamField type="select">
      The Jira project where the issue will be created.
    </ParamField>

    <ParamField type="select">
      The type of Jira issue to create (e.g., Bug, Task, Story). Options are pulled from the selected project.
    </ParamField>

    <ParamField type="string">
      Title of the Jira issue. Supports Liquid syntax (e.g., `{{ incident.title }}`).
    </ParamField>

    <ParamField type="string">
      Detailed description. Supports Liquid syntax (e.g., `{{ incident.summary }}`).
    </ParamField>

    <ParamField type="select">
      Priority of the Jira issue (e.g., High, Medium, Low).
    </ParamField>

    <ParamField type="select">
      Initial status of the issue. Options are pulled from the selected project and issue type.
    </ParamField>

    <ParamField type="array">
      Jira labels to categorize the issue. Supports multiple values.
    </ParamField>

    <ParamField type="string">
      Optional due date. Supports Liquid syntax or fixed dates.
    </ParamField>

    <ParamField type="string">
      The reporter for the Jira issue. Defaults to the incident creator. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      The assignee for the Jira issue. Supports Liquid syntax.
    </ParamField>

    <ParamField type="toggle">
      Prevents the workflow from stopping if this action fails.
    </ParamField>

    <ParamField type="toggle">
      Toggle this action on or off, useful when testing.
    </ParamField>

    <Info>
      Use Rootly's [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables before using them in your workflow.
    </Info>

    #### Update Jira Issue

    Updates an existing Jira issue. You must reference the issue using `{{ incident.jira_issue_id }}` in the **Jira Issue to Update** field.

    <Warning>
      This action only works if a Jira issue has already been created and linked to the incident.
    </Warning>

    #### Create Jira Subtask

    Creates a subtask under an existing Jira issue. Reference the parent issue using `{{ incident.jira_issue_id }}` in the **Parent Jira Issue** field. The **Project Key** must match the one used to create the parent issue.

    <Note>
      This action is intended for action items or sub-incidents.
    </Note>
  </Step>

  <Step title="Name and save the workflow">
    Give your workflow a descriptive name (e.g., "Create Jira Issue on SEV-1 Incident"), then click **Create Workflow**.
  </Step>
</Steps>

***

## Jira Native Field Mapping

Some Jira fields behave differently than standard custom fields. This section explains how to correctly map Rootly fields to Jira's **native** fields.

<Warning>
  These mappings go in the **Custom Fields Mapping** section of the Jira action, not the API Payload section.
</Warning>

<AccordionGroup>
  <Accordion title="Labels (Native Jira Field)">
    Jira's native Labels field uses a different syntax than custom label-type fields.

    **Map Rootly services to Jira Labels:**

    ```json theme={null}
    "customfield_12345": {{ incident.service_slugs | join: ","}}
    ```

    **Map a Rootly custom multi-select to Jira Labels:**

    ```json theme={null}
    "customfield_10033": {{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options' | map: 'value' | join: "," }}
    ```

    <Note>
      Replace `customfield_12345` with your actual Jira field ID. Find field IDs in **Jira Settings → Issues → Custom Fields**.
    </Note>
  </Accordion>

  <Accordion title="Team (Native Jira Field)">
    Jira's native Team field is stored as a custom field but only allows a single team selection.

    **Map a static Jira Team ID:**

    ```json theme={null}
    "customfield_10001": "<jira_team_id>"
    ```

    **Map Rootly's first team dynamically:**

    ```json theme={null}
    "customfield_10001": "{{ incident.raw_groups[0] | get: 'description' }}"
    ```

    <Info>
      This example assumes you store the corresponding Jira Team ID in the Rootly team's description field. Adjust based on how your teams are configured.
    </Info>
  </Accordion>
</AccordionGroup>

***

## Custom Fields Mapping

The **Custom Fields Mapping** section lets you map Rootly incident data to Jira custom fields dynamically.

<img alt="Advanced tab for custom field mapping in Jira action" />

### What You Need

| Item                | Where to Find It                                                                             |
| ------------------- | -------------------------------------------------------------------------------------------- |
| **Jira Field ID**   | Jira Settings → Issues → Custom Fields → Click field → ID in URL (e.g., `customfield_12345`) |
| **Field Type**      | Same location, check the field type (text, select, multi-select, etc.)                       |
| **Rootly Property** | Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer)          |

<Info>
  For detailed instructions on finding Jira field IDs, see [Atlassian's documentation](https://confluence.atlassian.com/jirakb/how-to-find-id-for-custom-field-s-744522503.html).
</Info>

### Field Type Mappings

<AccordionGroup>
  <Accordion title="Text and Paragraph Fields">
    ```json theme={null}
    // Rootly native field → Jira text
    "customfield_12345": "{{ incident.functionalities }}"

    // Rootly custom field → Jira text
    "customfield_12345": "{{ incident.custom_fields | find: 'custom_field.slug', 'your-slug' | get: 'selected_options' | map: 'value' }}"
    ```
  </Accordion>

  <Accordion title="Single Select Fields">
    Note the `{ "value": ... }` wrapper required by Jira:

    ```json theme={null}
    // Rootly team name → Jira single select
    "customfield_12345": { "value": "{{ incident.raw_groups | first | get: 'name' }}" }

    // Rootly custom field → Jira single select
    "customfield_12345": { "value": "{{ incident.custom_fields | find: 'custom_field.slug', 'your_slug' | get: 'selected_options' | map: 'value' }}" }
    ```
  </Accordion>

  <Accordion title="Multi-Select Fields">
    **Simple approach (Rootly custom multi-select):**

    ```json theme={null}
    "customfield_12345": {{ incident.custom_fields | find: 'custom_field.slug', 'your_slug' | get: 'selected_options' | to_values }}
    ```

    **Manual array building (Rootly native fields):**

    ```liquid theme={null}
    {% assign functions = incident.functionalities %}
    {% assign array = "" %}
    {% for function in functions %}
    {% assign item = '{"value":"' | append: function | append: '"}' %}
    {% assign array = array | append: item | append: "," %}
    {% endfor %}
    {% capture final_array %}[{{ array | remove_last: ',' }}]{% endcapture %}
    "customfield_12345": {{ final_array }}
    ```
  </Accordion>

  <Accordion title="Labels Fields (Custom)">
    For Jira custom fields of type "Labels" (different from the native Labels field):

    ```json theme={null}
    // Rootly services → Jira custom labels
    "customfield_12345": {{ incident.service_slugs | to_json }}

    // Rootly custom multi-select → Jira custom labels
    "customfield_10033": {{ incident.custom_fields | find: 'custom_field.slug', 'your_slug' | get: 'selected_options' | map: 'value' | to_json }}
    ```
  </Accordion>

  <Accordion title="Number Fields">
    ```json theme={null}
    "customfield_26117": {{ incident.custom_fields | find: 'custom_field.slug', 'your_slug' | get: 'selected_options.value' }}
    ```
  </Accordion>

  <Accordion title="Date/Time Fields">
    Must use ISO 8601 format:

    ```json theme={null}
    // Rootly incident start time → Jira datetime
    "customfield_10030": "{{ incident.started_at | date: '%FT%T%:z' }}"

    // Rootly custom datetime → Jira datetime
    "customfield_26218": "{{ incident.custom_fields | find: 'custom_field.slug', 'your_slug' | get: 'selected_options.value' | date: '%Y-%m-%dT%H:%M:%S.%d%z' }}"
    ```
  </Accordion>

  <Accordion title="User Fields">
    **Single user:**

    ```json theme={null}
    {% assign jira_email = incident.roles | find: 'incident_role.slug', 'incident-commander' | get: 'user.email' %}
    "customfield_20825": { "id": "{{ team.jira_users | where: 'email', jira_email | first | get: 'account_id' }}" }
    ```

    **Multiple users:**

    ```json theme={null}
    {% assign jira_email = incident.roles | find: 'incident_role.slug', 'incident-commander' | get: 'user.email' %}
    "customfield_20825": [{ "id": "{{ team.jira_users | where: 'email', jira_email | first | get: 'account_id' }}" }]
    ```
  </Accordion>
</AccordionGroup>

### How to Test Your Mapping

1. Create a test incident in Rootly
2. Run your workflow manually
3. Check the Jira issue to verify fields are populated correctly
4. If errors occur, go to **Workflows → Your Workflow → ... → View Runs** to see the error details

***

## API Payload

The **API Payload** section provides direct access to Jira's REST API for advanced field updates not available through Custom Fields Mapping.

<Info>
  API Payload uses Jira's [update issue REST API](https://developer.atlassian.com/server/jira/platform/updating-an-issue-via-the-jira-rest-apis-6848604/). Fields use verb-based operations: `set`, `add`, and `remove`.
</Info>

### When to Use API Payload

| Use Case                 | Use API Payload                     |
| ------------------------ | ----------------------------------- |
| Set priority dynamically | Yes                                 |
| Add comments             | Yes (Update Jira Issue action only) |
| Link issues together     | Yes                                 |
| Set native Labels field  | Yes                                 |
| Set Components field     | Yes                                 |
| Map custom fields        | No, use Custom Fields Mapping       |

### API Payload Examples

<AccordionGroup>
  <Accordion title="Set Priority Based on Severity">
    ```liquid theme={null}
    {% if incident.severity_slug == 'sev0' %}
      { "priority": [ { "set": { "name" : "High" } } ] }
    {% elsif incident.severity_slug == 'sev1' %}
      { "priority": [ { "set": { "name" : "Medium" } } ] }
    {% elsif incident.severity_slug == 'sev2' %}
      { "priority": [ { "set": { "name" : "Low" } } ] }
    {% endif %}
    ```
  </Accordion>

  <Accordion title="Add Comments">
    Add a comment to an existing Jira issue. Only works with the **Update Jira Issue** action.

    ```json theme={null}
    {
      "comment": [
        {
          "add": {
            "body": "Incident {{ incident.title }} has been updated. Current status: {{ incident.status }}"
          }
        }
      ]
    }
    ```

    <Warning>
      Comments can only be added to existing issues. Use this with the Update Jira Issue action, not Create.
    </Warning>
  </Accordion>

  <Accordion title="Link Issues Together">
    **"Relates to" link:**

    ```json theme={null}
    {
      "issuelinks": [
        {
          "add": {
            "type": { "name": "Relates", "outward": "relates to" },
            "outwardIssue": { "id": "{{ incident.jira_issue_id }}" }
          }
        }
      ]
    }
    ```

    **Custom "Action item for" link:**

    ```json theme={null}
    {
      "issuelinks": [
        {
          "add": {
            "type": { "name": "Action", "outward": "action item for" },
            "outwardIssue": { "id": "{{ incident.jira_issue_id }}" }
          }
        }
      ]
    }
    ```
  </Accordion>

  <Accordion title="Set Native Labels Field">
    ```json theme={null}
    {
      "labels": [{ "set": ["incident", "production", "{{ incident.severity }}"] }]
    }
    ```
  </Accordion>

  <Accordion title="Set Components Field">
    ```liquid theme={null}
    {% assign components = incident.services %}
    {
      "components": [
        {
          "set": [
          {% for component in components %}
            { "name": "{{ component }}" }{% unless forloop.last %},{% endunless %}
          {% endfor %}
          ]
        }
      ]
    }
    ```

    <Warning>
      Component names must match exactly between Rootly and Jira. If a component doesn't exist in Jira, the update will fail.
    </Warning>
  </Accordion>
</AccordionGroup>

### API Payload Verbs

| Verb     | Description               | Example                                          |
| -------- | ------------------------- | ------------------------------------------------ |
| `set`    | Replace the current value | `{ "labels": [{ "set": ["label1"] }] }`          |
| `add`    | Add to current values     | `{ "comment": [{ "add": { "body": "text" } }] }` |
| `remove` | Remove specific values    | `{ "labels": [{ "remove": "old-label" }] }`      |

***

## Debugging

To view error details, locate the workflow in Rootly, then select **... → View Runs → View**.

| Error                                              | Cause                                                         | Fix                                                       |
| -------------------------------------------------- | ------------------------------------------------------------- | --------------------------------------------------------- |
| `issue_id cannot be null.`                         | The Jira issue you're trying to update doesn't exist yet      | Ensure the Create action runs before the Update action    |
| `"customfield_12345": "Custom Field is required."` | A required Jira custom field isn't being populated            | Add a mapping for the field, or make it optional in Jira  |
| `unexpected token at '{ "customfield_10032": }'`   | Custom mapping syntax is invalid                              | Fix your JSON syntax                                      |
| `Specify a valid project ID or key`                | The selected Project Key isn't available in the Jira instance | Reselect the Jira instance, then reselect the Project Key |
| `The issue type selected is invalid.`              | The selected issue type doesn't exist in the project          | Reselect the Project Key, then reselect the Issue Type    |

***

## Best Practices

* **Name workflows clearly.** Use names like `Create Bug on High-Priority Incident` or `Update Jira Issue on Resolution` so the intent is obvious.
* **Keep logic simple.** Avoid overly complex conditions or chained automations — simpler workflows are easier to debug.
* **Test in a sandbox project.** Before applying to production, trigger test incidents to verify issues are created and updated as expected.


# Kubernetes
Source: https://docs.rootly.com/integrations/kubernetes

Connect Kubernetes to Rootly to monitor cluster events across pods, deployments, and services, and surface them as pulses during incidents.

## Introduction

The Kubernetes integration connects Rootly with your Kubernetes clusters using an inbound webhook. Cluster events are captured via [kubewatch](https://github.com/robusta-dev/kubewatch) and forwarded to Rootly, where they appear as pulses on your incident timelines and service activity feeds.

With the Kubernetes integration, you can:

* Automatically track events from across your cluster as Rootly pulses in real time
* Correlate Kubernetes events with active incidents to surface infrastructure context fast
* Monitor a wide range of resource types including pods, deployments, services, nodes, and more
* Associate cluster events with Rootly services by matching the Kubernetes deployment name

<Callout icon="info">
  This integration uses a **static webhook secret** rather than OAuth. Rootly generates a unique webhook URL and signing secret for your workspace — kubewatch sends events to this URL and Rootly verifies the signature on each request.
</Callout>

## Before You Begin

Before setting up the Kubernetes integration, make sure you have:

* A Rootly account with permission to manage integrations
* Access to your Kubernetes cluster to deploy or configure kubewatch
* `kubectl` or Helm available to apply configuration to your cluster

<Callout icon="triangle-exclamation">
  The Kubernetes integration relies on **kubewatch** to watch cluster events and forward them to Rootly. You will need to deploy and configure kubewatch in your cluster as part of the setup process.
</Callout>

## Installation

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **Kubernetes**.

    <Frame>
      <img alt="Kubernetes integration setup page in Rootly showing the webhook URL" />
    </Frame>

    Rootly will generate a unique **webhook URL** and **signing secret** for your workspace. Copy both — you will need them when configuring kubewatch.
  </Step>

  <Step title="Deploy kubewatch to your cluster" icon="server">
    Kubewatch is an open-source Kubernetes watcher maintained by Robusta. It watches for cluster events and forwards them to webhook endpoints.

    An example ConfigMap is available at:

    [kubewatch webhook config example](https://github.com/robusta-dev/kubewatch/blob/master/examples/conf/kubewatch.conf.webhook.yaml)

    <Callout icon="lightbulb">
      You only need to configure the **webhook handler** portion of kubewatch to integrate with Rootly. Other notification handlers (Slack, Teams, etc.) can be disabled.
    </Callout>
  </Step>

  <Step title="Configure the kubewatch webhook URL" icon="webhook">
    In your kubewatch configuration, set the webhook URL to the one displayed in Rootly after creating the integration.

    ```yaml theme={null}
    handler:
      webhook:
        url: "https://rootly.com/webhooks/kubernetes/YOUR_WEBHOOK_URL"
    ```

    <Callout icon="triangle-exclamation">
      The webhook URL is unique to your Rootly workspace and contains your signing secret. Copy it directly from the Rootly integrations page after connecting — do not use a placeholder URL.
    </Callout>
  </Step>

  <Step title="Select resource types to monitor" icon="list-check">
    In your kubewatch configuration, enable the Kubernetes resource types you want to track. Rootly supports events from all of the following:

    | Resource Type           | Description                               |
    | ----------------------- | ----------------------------------------- |
    | `deployment`            | Deployment creates, updates, and deletes  |
    | `replicationcontroller` | Replication controller events             |
    | `replicaset`            | Replica set scaling and status events     |
    | `daemonset`             | DaemonSet updates across nodes            |
    | `services`              | Service creation and changes              |
    | `pod`                   | Pod scheduling, crashes, and terminations |
    | `job`                   | Batch job completions and failures        |
    | `node`                  | Node readiness and condition changes      |
    | `clusterrole`           | RBAC cluster role changes                 |
    | `serviceaccount`        | Service account events                    |
    | `persistentvolume`      | PersistentVolume binding and release      |
    | `namespace`             | Namespace creation and deletion           |
    | `secret`                | Secret creation and updates               |
    | `configmap`             | ConfigMap changes                         |
    | `ingress`               | Ingress rule updates                      |
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      Once kubewatch is running and pointing at your Rootly webhook URL, cluster events will begin appearing as pulses in Rootly. You can verify delivery by checking the pulse feed or the incident timeline for any linked services.
    </Callout>
  </Step>
</Steps>

## How Pulses Work

When kubewatch forwards a Kubernetes event to Rootly, it is recorded as a pulse with the following structure:

* **Source:** `k8s`
* **Summary:** `[k8s][{resource kind}] {event text}`
* **Labels:** resource kind, reason, action (update)
* **Refs:** resource name, namespace

Pulses are automatically associated with Rootly services where the service's **Kubernetes Deployment Name** field matches the event's resource name. Rootly uses a partial match, so a service named `api-server` will match events from deployments containing `api-server` in the name.

<Callout icon="link">
  To link Kubernetes pulses to a service, set the **Kubernetes Deployment Name** field on the service in Rootly. This enables automatic correlation between cluster events and the services they affect.
</Callout>

## Troubleshooting

<AccordionGroup>
  <Accordion title="No events are appearing in Rootly" icon="eye-slash">
    First, verify that kubewatch is running and healthy in your cluster (`kubectl get pods -n kubewatch`). Then check that the webhook URL in your kubewatch config matches exactly what is shown in Rootly — including the path and any query parameters. You can test delivery by checking kubewatch logs for outbound HTTP requests and any error responses.
  </Accordion>

  <Accordion title="Events are arriving but not linked to a service" icon="link-slash">
    Rootly matches events to services using the **Kubernetes Deployment Name** field. Navigate to the service in Rootly and confirm this field is populated with the deployment name you expect. The match is a partial text search, so the deployment name does not need to be an exact match, but it must be a substring of the resource name in the event.
  </Accordion>

  <Accordion title="Rootly is returning 401 errors to kubewatch" icon="lock">
    A 401 response means the webhook secret does not match. The signing secret is embedded in the webhook URL — make sure you are using the full URL copied from the Rootly integrations page without modification. If you regenerate the integration, the URL will change and you will need to update kubewatch.
  </Accordion>

  <Accordion title="Too many events are creating noise in Rootly" icon="bell-slash">
    If pulse volume is too high, narrow down the resource types you have enabled in kubewatch. For example, disabling `secret` and `configmap` events will significantly reduce low-signal noise. You can also use kubewatch namespace filters to restrict monitoring to specific namespaces.
  </Accordion>

  <Accordion title="Pod crash events are not appearing" icon="triangle-exclamation">
    Kubewatch watches Kubernetes events — not container logs or crash states directly. Pod crash loops may or may not generate Kubernetes events depending on the crash behavior and your cluster version. For deeper crash detection, consider pairing this integration with a monitoring tool like Datadog or Prometheus Alertmanager.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Kubernetes integration, navigate to the integrations page in Rootly, find the Kubernetes account, and select **Configure → Delete**. After removing the integration in Rootly, update or remove the kubewatch webhook configuration in your cluster to stop sending events to the now-inactive URL.

## Related Pages

<CardGroup>
  <Card title="Pulses" icon="signal" href="/configuration/pulses">
    Learn how Kubernetes cluster events appear as pulses in Rootly.
  </Card>

  <Card title="Services" icon="server" href="/configuration/services">
    Set the Kubernetes Deployment Name on a service to link cluster events automatically.
  </Card>

  <Card title="Prometheus Alertmanager" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/prometheus.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=637a3b23a0142404ab0babe8d7e5e770" href="/integrations/alertmanager">
    Pair Kubernetes monitoring with Alertmanager for alert-driven incident response.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/linear/installation

Connect your Linear workspace to Rootly via OAuth to enable automated issue creation, label management, and team-based routing from incidents.

Connecting Linear to Rootly is a one-time OAuth setup that takes a few minutes. Once complete, Rootly can create and update Linear issues on your behalf as incidents move through their lifecycle — no manual copy-pasting between tools.

<Frame>
  <iframe />
</Frame>

## Before You Begin

This setup involves authorizing Rootly inside your Linear workspace. Make sure you have the right access in both systems before starting — the OAuth flow will fail silently if your Linear account doesn't have the correct permissions.

<Warning>
  You need:

  * **Rootly:** Admin or Owner role to create and manage integrations
  * **Linear:** Membership in at least one team with write permissions — read-only roles cannot create issues
</Warning>

## Connect Your Linear Account

The connection is established through Linear's OAuth flow — Rootly redirects you to Linear, you approve access, and you're brought back to Rootly with the integration active. You won't need to handle any API keys or tokens manually.

<Steps>
  <Step title="Open Rootly Integrations">
    Navigate to **Configuration → Integrations** in your Rootly dashboard. This is where all third-party integrations are managed.

    <Frame>
      <img alt="Rootly sidebar showing Configuration and Integrations menu" />
    </Frame>
  </Step>

  <Step title="Find Linear and click Setup">
    Search for **Linear** in the integrations catalog and click **Setup** to begin the OAuth authorization flow.

    <Frame>
      <img alt="Integrations page with Linear search result" />
    </Frame>
  </Step>

  <Step title="Authorize Rootly in Linear">
    You'll be redirected to Linear's authorization page. Review the requested permissions — Rootly needs write access to create and update issues on your behalf. Click **Allow Access** to proceed.

    <Frame>
      <img alt="Linear OAuth authorization page" />
    </Frame>
  </Step>

  <Step title="Select your workspace">
    If you belong to multiple Linear workspaces, choose the one you want to connect to Rootly and click **Authorize**. You can only connect one workspace per Rootly account.

    <Frame>
      <img alt="Linear workspace selection screen" />
    </Frame>
  </Step>

  <Step title="Confirm the connection">
    You'll be redirected back to Rootly and see a confirmation: *"Great! We've added that Linear account to your Rootly account!"* The integration is now active.

    <Frame>
      <img alt="Rootly confirmation showing Linear connected successfully" />
    </Frame>
  </Step>
</Steps>

<Tip>
  Linear is now connected. Head to the [Workflows page](/integrations/linear/workflows) to configure automated issue creation for your incidents.
</Tip>

## Verify the Connection

Once connected, it's worth confirming the integration is active on both sides before building workflows.

**In Rootly:** The integration should show **Connected** status on the Integrations page.

**In Linear:** Open your workspace menu, go to **Settings → Integrations**, and confirm Rootly appears in your connected apps list. If it's missing, the OAuth flow may not have completed successfully — try reconnecting.

<Frame>
  <img alt="Linear workspace settings menu" />
</Frame>

<Frame>
  <img alt="Linear integrations list showing Rootly connected" />
</Frame>

<Frame>
  <img alt="Rootly listed as a connected app in Linear" />
</Frame>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Rootly not appearing in Linear integrations" icon="circle-x">
    Confirm you completed the OAuth flow and granted Rootly access to your workspace. In Linear, go to **Settings → Integrations** and verify Rootly is listed and enabled. If it's missing or showing an error, disconnect the integration in Rootly and reconnect from scratch — the OAuth token may have expired or been revoked.
  </Accordion>

  <Accordion title="No teams or projects available during setup" icon="triangle-exclamation">
    You must be a member of at least one Linear team with write permissions — read-only roles won't allow issue creation. If your workspace uses restricted teams, a Linear admin needs to add you before you can proceed. After your permissions are updated, restart the authorization flow so Linear returns the correct team list.
  </Accordion>
</AccordionGroup>

***

## Uninstall

To remove the Linear integration, go to **Configuration → Integrations**, find **Linear**, and click the **Connected** button to reveal the disconnect option.

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>

<Warning>
  Disconnecting stops all Linear-related workflows from running. Existing Linear issues created by Rootly are not affected.
</Warning>


# Linear
Source: https://docs.rootly.com/integrations/linear/linear

Sync Rootly incidents to Linear issues for seamless issue tracking, follow-up management, and engineering context from incident response to delivery.

Rootly's Linear integration connects your incident workflow to Linear. When an incident is declared, a Linear issue is automatically created. As the incident progresses, the issue stays in sync. When resolved, the Linear issue moves to Done.

Follow-up action items become Linear sub-issues under the parent incident issue, keeping post-incident work organized in one place.

## What You Can Do

<CardGroup>
  <Card title="Incidents → Linear Issues" icon="arrow-right">
    Automatically create a Linear issue when an incident is declared, with title, description, severity, and assignee populated from incident data
  </Card>

  <Card title="Action Items → Sub-Issues" icon="list-tree">
    Every follow-up action item created during an incident becomes a Linear sub-issue under the parent incident issue
  </Card>

  <Card title="Status Sync" icon="rotate">
    When an incident resolves in Rootly, the linked Linear issue automatically moves to Done
  </Card>

  <Card title="On-Call → Triage" icon="user-clock">
    Connect Rootly on-call schedules to Linear's Triage Responsibility so new issues auto-assign to whoever is on call
  </Card>
</CardGroup>

## How It Works

<Steps>
  <Step title="Incident declared">
    An incident is created in Rootly, either manually or via an alert from PagerDuty, Datadog, or another source.
  </Step>

  <Step title="Workflow runs">
    Your configured workflow fires and creates a Linear issue in the specified team and project, with fields populated from incident data.
  </Step>

  <Step title="Issue linked">
    The Linear issue URL is automatically attached to the incident in Rootly. Teams can navigate between both systems.
  </Step>

  <Step title="Updates flow">
    As the incident progresses, action items become sub-issues. When the incident resolves, the Linear issue status updates automatically.
  </Step>
</Steps>

## Workflow Actions

| Action                      | Trigger                      | What It Does                                                               |
| --------------------------- | ---------------------------- | -------------------------------------------------------------------------- |
| **Create Linear Issue**     | Incident created             | Creates a new issue in your specified Linear team with incident details    |
| **Update Linear Issue**     | Incident updated or resolved | Changes the status, assignee, or other fields on the linked issue          |
| **Create Linear Sub-Issue** | Action item created          | Creates a sub-issue under the parent incident issue for follow-up tracking |

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/linear/installation">
    Connect your Linear workspace to Rootly via OAuth
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/linear/workflows">
    Configure when and how Linear issues are created and updated
  </Card>
</CardGroup>


# Workflows
Source: https://docs.rootly.com/integrations/linear/workflows

Automate Linear issue creation, updates, and sub-issues based on incident events in Rootly using workflow actions with team, label, and assignee controls.

Once Linear is connected, you configure workflows that automatically create and update Linear issues as incidents move through their lifecycle. This page covers the three main workflow actions — creating issues, updating them, and creating sub-issues for action items — as well as setting up Triage Responsibility to keep your Linear queue synced with whoever is on call.

## Create a Linear Issue Workflow

This is the core workflow: whenever an incident is declared in Rootly, a corresponding Linear issue is created automatically with incident data populated into the fields you configure.

<Steps>
  <Step title="Open Workflows and create a new workflow">
    Go to **Rootly → Workflows → Create Workflow**.

    <Frame>
      <img alt="Rootly Workflows page" />
    </Frame>

    <Frame>
      <img alt="Create Workflow button" />
    </Frame>
  </Step>

  <Step title="Choose a workflow type">
    Select the event type that should trigger this workflow — for example, **Incident**, **Retrospective**, or **Pulse**.

    <Frame>
      <img alt="Workflow type selection showing Incident, Retrospective, and Pulse options" />
    </Frame>
  </Step>

  <Step title="Configure triggers">
    Triggers define when this workflow fires. Choose the event that should kick off Linear issue creation.

    <Frame>
      <img alt="Workflow trigger configuration options" />
    </Frame>

    | Trigger                         | When It Fires                            |
    | ------------------------------- | ---------------------------------------- |
    | **Incident Created**            | A new incident opens                     |
    | **Incident Updated**            | Severity, status, or other fields change |
    | **Incident Commander Assigned** | Someone takes ownership of the incident  |
    | **Manual Trigger**              | Run on demand from the Rootly UI         |
  </Step>

  <Step title="Add conditions (optional)">
    Conditions let you filter which incidents trigger the workflow — for example, only SEV-1 incidents, only specific teams, or only production environments.

    <Frame>
      <img alt="Workflow conditions panel showing filter options" />
    </Frame>
  </Step>

  <Step title="Add a Linear action">
    Click **Add Action**, search for **Linear**, and select **Create Linear Issue**.

    <Frame>
      <img alt="Add Action button with Linear search" />
    </Frame>

    <Frame>
      <img alt="Linear action picker showing Create Linear Issue option" />
    </Frame>

    <Frame>
      <img alt="Create Linear Issue action configuration panel" />
    </Frame>
  </Step>

  <Step title="Configure the action fields">
    Fill in the fields to control how the Linear issue is created:

    <ParamField type="required">
      The Linear team where the issue will be created.
    </ParamField>

    <ParamField type="string">
      The initial workflow state for the issue — for example, **Todo** or **In Progress**.
    </ParamField>

    <ParamField type="string">
      Optional. Associate the issue with a specific Linear project.
    </ParamField>

    <ParamField type="array">
      Add labels to the issue for filtering and triage.
    </ParamField>

    <ParamField type="string">
      The issue title. Supports Liquid — use `{{ incident.title }}` to default to the incident title.
    </ParamField>

    <ParamField type="string">
      The issue body. Supports Liquid — use `{{ incident.summary }}` to populate with the incident summary.
    </ParamField>

    <ParamField type="string">
      The issue priority. Select **Auto** to automatically map incident severity to a corresponding Linear priority, or choose **Urgent**, **High**, **Medium**, or **Low** manually.
    </ParamField>

    <ParamField type="string">
      Email address of the Linear user to assign the issue to.
    </ParamField>
  </Step>

  <Step title="Save the workflow">
    Click **Add**, give your workflow a name, and click **Create Workflow**.
  </Step>
</Steps>

## Update a Linear Issue

Use the **Update Linear Issue** action to keep the Linear issue in sync as the incident progresses — for example, moving it to Done when the incident resolves, or updating priority when severity changes.

<Warning>
  Create a **separate workflow** for updates. Do not add the Update action to your Create workflow — they need to trigger on different events.
</Warning>

Configure the action with:

<ParamField type="string">
  Use `{{ incident.linear_issue_id }}` to reference the issue that was created when the incident was declared.
</ParamField>

Common use cases:

* Move to **Done** when the incident is resolved
* Update **priority** when severity escalates
* Change **assignee** as ownership transfers

## Create Linear Sub-Issues

To track action items as Linear sub-issues, create a separate workflow triggered by **Action Item Created** and use the **Create Linear Sub-Issue** action.

<ParamField type="string">
  Use `{{ incident.linear_issue_id }}` to nest the sub-issue under the parent incident issue.
</ParamField>

<ParamField type="string">
  Use `{{ action_item.summary }}` to populate the sub-issue title from the action item.
</ParamField>

This keeps all follow-up work organized under the parent incident issue in Linear.

***

## Triage Responsibility

Connect Linear's [Triage Responsibility](https://linear.app/docs/triage#triage-responsibility) feature to your Rootly on-call schedules so new Linear issues are automatically assigned to whoever is currently on call. This keeps your triage queue aligned with your incident response rotation.

<Steps>
  <Step title="Create a schedule in Rootly">
    Go to **Schedules** and click **Create Schedule**.

    <Frame>
      <img alt="Rootly Schedules page" />
    </Frame>

    <Frame>
      <img alt="Create Schedule button" />
    </Frame>
  </Step>

  <Step title="Enable Linear sync on the schedule">
    In the **Integrations** tab, toggle on **Sync with Linear**.

    <Frame>
      <img alt="Integrations tab in schedule creation" />
    </Frame>

    <Frame>
      <img alt="Sync with Linear toggle enabled" />
    </Frame>
  </Step>

  <Step title="Configure and save the schedule">
    Give the schedule a name, add members, and click **Save**.

    <Frame>
      <img alt="Schedule name and members configuration" />
    </Frame>

    <Frame>
      <img alt="Add members to the schedule" />
    </Frame>
  </Step>

  <Step title="Open your team settings in Linear">
    In Linear, navigate to **Settings → Teams** and select the team you want to configure.

    <Frame>
      <img alt="Linear Settings menu" />
    </Frame>

    <Frame>
      <img alt="Linear Teams section in administration" />
    </Frame>

    <Frame>
      <img alt="Team selection in Linear settings" />
    </Frame>
  </Step>

  <Step title="Set Triage Responsibility to your Rootly schedule">
    Under **Workflow → Triage**, find **Triage responsibility** and select **Use schedule**. Choose the Rootly schedule you just created.

    <Frame>
      <img alt="Workflow Triage settings in Linear" />
    </Frame>

    <Frame>
      <img alt="Triage responsibility assignment settings" />
    </Frame>

    <Frame>
      <img alt="Rootly schedule selected for triage responsibility" />
    </Frame>
  </Step>
</Steps>

<Tip>
  New Linear issues in triage will now be automatically assigned to whoever is on call in Rootly — no manual triage queue management needed.
</Tip>


# Looker
Source: https://docs.rootly.com/integrations/looker

Capture and share Looker dashboard snapshots directly in Rootly incident workflows and Slack channels to give responders fast access to business context.

## Overview

Rootly's Looker integration lets you capture snapshots of Looker dashboards during an incident and share them directly to the incident timeline or Slack channels. This keeps your team grounded in data during the response without leaving their incident workflow.

<CardGroup>
  <Card title="Dashboard Snapshots" icon="camera">
    Capture a point-in-time snapshot of any Looker dashboard and attach it to the incident.
  </Card>

  <Card title="Post to Slack" icon="hashtag">
    Automatically share dashboard snapshots to incident Slack channels so responders have the data they need instantly.
  </Card>

  <Card title="Timeline Integration" icon="clock">
    Post snapshots directly to the incident timeline to create a visual record of system state during the incident.
  </Card>

  <Card title="Workflow Automation" icon="diagram-project">
    Trigger snapshot capture automatically via workflows — on incident creation, severity change, or any other event.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You need a Looker instance URL and API credentials (Client ID and Client Secret)
* Use a **service account** in Looker rather than a personal account to prevent the integration from breaking if a user leaves

## Installation

<Steps>
  <Step title="Open the integration in Rootly">
    In Rootly, go to **Configuration → Integrations** and find **Looker**. Click **Connect**.

    <Frame>
      <img alt="Looker integration in Rootly integrations page" />
    </Frame>
  </Step>

  <Step title="Generate API credentials in Looker">
    In your Looker instance, navigate to **Admin → Users** and select the user (or service account) you want to use for the integration.

    <Frame>
      <img alt="Looker Users admin page" />
    </Frame>

    Scroll down to **API Keys** and click **New API Key** to generate a Client ID and Client Secret.

    <Frame>
      <img alt="Generating a new API key in Looker" />
    </Frame>

    <Note>
      We recommend using a **service account** rather than a personal user account to ensure the integration stays active if someone leaves your team.
    </Note>
  </Step>

  <Step title="Enter credentials in Rootly">
    Back in Rootly, enter your **Instance URL**, **Client ID**, and **Client Secret**, then click **Connect**.

    <Frame>
      <img alt="Entering Looker credentials in Rootly" />
    </Frame>

    Rootly will validate the credentials against your Looker instance before saving.
  </Step>
</Steps>

## Workflow Action

### Snapshot Looker Dashboard

Captures a snapshot of one or more Looker dashboards and optionally posts them to Slack or the incident timeline.

<Frame>
  <img alt="Snapshot Looker Dashboard workflow action" />
</Frame>

<ParamField type="array">
  Select one or more Looker dashboards to snapshot. Populated from your connected Looker instance.
</ParamField>

<ParamField type="boolean">
  When enabled, attaches the snapshot to the incident timeline for a visual record of system state at the time of the snapshot.
</ParamField>

<ParamField type="array">
  Select one or more Slack channels to share the snapshot to. Use `{{ incident.slack_channel_id }}` to target the incident's dedicated channel.
</ParamField>

## Uninstall

To remove the Looker integration:

1. Go to **Configuration → Integrations** and find **Looker**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Where do I find my Looker Instance URL?" icon="circle-question">
    Your instance URL is the base URL you use to access Looker, for example `https://yourcompany.looker.com`. Remove any trailing slashes before entering it in Rootly.
  </Accordion>

  <Accordion title="What permissions does the Looker API user need?" icon="circle-question">
    The API user needs at minimum **see\_looks\_and\_dashboards** and **access\_data** permissions to allow Rootly to list and snapshot dashboards. For user-defined dashboards, **see\_user\_dashboards** is also required.
  </Accordion>

  <Accordion title="Can I snapshot multiple dashboards in one workflow action?" icon="circle-question">
    Yes. The **Dashboards** field supports selecting multiple dashboards. Each selected dashboard will be snapshotted and shared.
  </Accordion>

  <Accordion title="Why is my dashboard not appearing in the dropdown?" icon="circle-question">
    The dropdown is populated from your Looker instance at the time the workflow is configured. If a dashboard was recently created, try reconnecting the integration or refreshing the page. Also confirm the API user has access to view the dashboard.
  </Accordion>
</AccordionGroup>


# Mattermost
Source: https://docs.rootly.com/integrations/mattermost

Connect Mattermost to Rootly so responders can declare, manage, and coordinate incidents directly from Mattermost with channels and slash commands.

## Introduction

The Mattermost integration connects Rootly with your Mattermost workspace so responders can work from chat while Rootly keeps the incident record up to date.

This integration is best for teams that use Mattermost as a primary collaboration tool and want to manage incidents without constantly switching between Mattermost and the Rootly web app.

With the Mattermost integration, you can:

* Declare incidents directly from Mattermost with slash commands
* Automatically create a dedicated Mattermost channel for each incident
* Mitigate and resolve incidents from the incident channel
* Guide responders through a consistent incident workflow from chat
* Keep Rootly and Mattermost in sync during the incident lifecycle

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with permission to manage integrations
* Access to your Mattermost workspace
* Permission to create and configure an OAuth 2.0 application in Mattermost

You will need to register **both** of the following redirect URLs in Mattermost:

* `https://rootly.com/auth/mattermost/callback`\
  Used when an admin installs the Mattermost integration in Rootly

* `https://rootly.com/auth/sign_in_mattermost/callback`\
  Used when individual users connect their Mattermost account with `/incident connect`

## Installation

<Steps>
  <Step title="Create an OAuth 2.0 application in Mattermost" icon="key">
    In Mattermost, navigate to **Menu > Integrations**, then open **OAuth 2.0** and create a new OAuth application.

    <Frame>
      <img alt="" />
    </Frame>

    <Frame>
      <img alt="" />
    </Frame>

    <Frame>
      <img alt="" />
    </Frame>
  </Step>

  <Step title="Add Rootly callback URLs" icon="link">
    In the Mattermost OAuth application, add both of the following redirect URLs:

    `https://rootly.com/auth/mattermost/callback`

    `https://rootly.com/auth/sign_in_mattermost/callback`

    The first URL is used when an admin installs the Mattermost integration in Rootly. The second is used when individual users connect their Mattermost account with `/incident connect`.
  </Step>

  <Step title="Copy the OAuth credentials into Rootly" icon="copy">
    After saving the OAuth application in Mattermost, copy the **client\_id** and **client\_secret** into the Mattermost integration settings in Rootly.

    <Frame>
      <img alt="" />
    </Frame>
  </Step>
</Steps>

## Configuration

<Steps>
  <Step title="Open the Mattermost integration settings in Rootly" icon="sliders">
    In Rootly, navigate to **Configuration** > **Integrations** > **Mattermost** > **Configure**.

    <img alt="Mattermost integration settings" />
  </Step>

  <Step title="Review channel and incident creation settings" icon="gear">
    In the configuration panel, you can define how Rootly works with Mattermost during incident creation and response.

    Available options include:

    * **Channel title** for incident channels
    * Whether to **automatically create a Mattermost channel** when an incident is declared
    * Whether incident channels should always be **private**
    * Which fields appear in the **incident creation wizard**
    * Which incident events should be posted into the Mattermost channel, including:
      * Incident created
      * Incident mitigated
      * Incident resolved
      * Incident cancelled

    You can also control what data responders are asked to provide during incident creation so the Mattermost experience matches your team’s incident process.

    <img alt="Mattermost configuration options" />
  </Step>
</Steps>

## Connect Your Mattermost Account

<Note>
  Each user who wants to manage incidents from Mattermost must complete this step.
</Note>

<Steps>
  <Step title="Run the connect command in Mattermost" icon="link">
    After the integration is installed, run `/incident connect` in Mattermost to start linking your Mattermost account to Rootly.
  </Step>

  <Step title="Open the authorization flow" icon="bolt">
    Rootly will respond with a bot message that includes a **Connect now** action.

    <img alt="Mattermost connect prompt" />
  </Step>

  <Step title="Authorize access to complete the connection" icon="shield-check">
    Click **Connect now**, then click **Allow** to authorize access and finish linking your Mattermost account.

    <img alt="Mattermost authorize access" />

    Once connected, you are ready to manage incidents in Rootly through Mattermost.
  </Step>
</Steps>

## Managing Incidents from Mattermost

Once your Mattermost account is connected, you can use slash commands to declare incidents, update incident status, and move through the incident workflow directly from Mattermost.

### Declare an Incident

<Steps>
  <Step title="Declare an incident from Mattermost" icon="triangle-exclamation">
    To declare a new incident from Mattermost, use one of the following commands:

    * `/incident new`
    * `/incident create`
    * `/incident declare`

    <Note>
      You can run these commands in any Mattermost channel.
    </Note>

    Mattermost prompts you to enter the incident details.

    <img alt="Create an incident from Mattermost" />

    When the incident is created:

    * A new incident is created in Rootly
    * A dedicated Mattermost channel can be created automatically, depending on your configuration
  </Step>
</Steps>

### Mitigate an Incident

<Step title="Mitigate an incident from Mattermost" icon="life-ring">
  To mark an incident as mitigated, run either of the following commands in the incident-specific Mattermost channel:

  * `/incident mitigate`
  * `/incident mitigated`

  <Note>
    These commands must be run from the Mattermost channel created for that incident.
  </Note>

  <img alt="Mitigate an incident from Mattermost" />
</Step>

### Resolve an Incident

<Step title="Resolve an incident from Mattermost" icon="circle-check">
  To resolve an incident, run either of the following commands in the incident-specific Mattermost channel:

  * `/incident resolve`
  * `/incident resolved`

  <Note>
    These commands must be run from the Mattermost channel created for that incident.
  </Note>

  <img alt="Resolve an incident from Mattermost" />
</Step>

### View Available Commands

<Step title="View available Mattermost commands" icon="terminal">
  If you need a reminder of the available Mattermost commands, run:

  * `/incident help`

  This shows the current list of supported commands.

  <img alt="Mattermost incident help command" />
</Step>

## Uninstall

To remove the Mattermost integration, go to the integrations panel and select **Configure** > **Delete**.


# MCP Server
Source: https://docs.rootly.com/integrations/mcp-server

Use the Rootly MCP Server to manage incidents directly from your IDE or AI assistant, with no context switching and hosted or self-hosted deployment options.

## Introduction

The Rootly MCP Server implements the [Model Context Protocol](https://modelcontextprotocol.io) to expose Rootly incident data and actions as tools that any MCP-compatible client can use. This means you can query incidents, check on-call schedules, find similar past incidents, and take action — all from within Cursor, Windsurf, Claude Code, Gemini CLI, or any other MCP-compatible environment.

The server dynamically generates tools from Rootly's OpenAPI specification, so it always reflects the current API surface. It also includes a set of intelligent tools built on top of that foundation:

* **`find_related_incidents`** — uses TF-IDF similarity analysis to surface historically similar incidents
* **`suggest_solutions`** — mines past incident resolutions to recommend actionable next steps
* **`get_oncall_shift_metrics`** — shift counts, hours, and days on-call grouped by user, team, or schedule
* **`get_oncall_handoff_summary`** — current and next on-call plus incidents during shifts, with optional regional filtering
* **`get_shift_incidents`** — incidents during a time window, filterable by severity, status, and tags

## Before You Begin

Before connecting the Rootly MCP Server, make sure you have a Rootly API token. Generate one in **Account** > **Manage API keys** > **Generate New API Key**.

Choose the token type based on your needs:

| Token Type                       | Access Level                                           |
| -------------------------------- | ------------------------------------------------------ |
| **Global API Key** (recommended) | Full access across all teams, schedules, and incidents |
| **Team API Key**                 | Full read/write access scoped to a single team         |
| **Personal API Key**             | Inherits the permissions of the user who created it    |

<Callout icon="triangle-exclamation">
  Tools like `get_oncall_handoff_summary` and `get_oncall_shift_metrics` require organization-wide visibility. A Global API Key is recommended for full functionality.
</Callout>

For local installation, you also need:

* Python 3.12 or higher
* The `uv` package manager

## Installation

Choose the deployment option that fits your team. The hosted option is the fastest way to get started and requires no local setup.

### Hosted (recommended)

Connect to Rootly's managed MCP server — always up to date, zero maintenance.

**Transport Options:**

* **Streamable HTTP:** `https://mcp.rootly.com/mcp`
* **SSE:** `https://mcp.rootly.com/sse`
* **Code Mode:** `https://mcp.rootly.com/mcp-codemode`

**Default Configuration (Streamable HTTP):**

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "url": "https://mcp.rootly.com/mcp",
      "headers": {
        "Authorization": "Bearer <YOUR_ROOTLY_API_TOKEN>"
      }
    }
  }
}
```

**SSE Alternative:**

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "url": "https://mcp.rootly.com/sse",
      "headers": {
        "Authorization": "Bearer <YOUR_ROOTLY_API_TOKEN>"
      }
    }
  }
}
```

**Code Mode:**

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "url": "https://mcp.rootly.com/mcp-codemode",
      "headers": {
        "Authorization": "Bearer <YOUR_ROOTLY_API_TOKEN>"
      }
    }
  }
}
```

### Client-Specific Setup

#### Claude Code

**Streamable HTTP:**

```bash theme={null}
claude mcp add --transport http rootly https://mcp.rootly.com/mcp \
  --header "Authorization: Bearer YOUR_ROOTLY_API_TOKEN"
```

**Code Mode:**

```bash theme={null}
claude mcp add rootly-codemode --transport http https://mcp.rootly.com/mcp-codemode \
  --header "Authorization: Bearer YOUR_ROOTLY_API_TOKEN"
```

**SSE Alternative:**

```bash theme={null}
claude mcp add --transport sse rootly-sse https://mcp.rootly.com/sse \
  --header "Authorization: Bearer YOUR_ROOTLY_API_TOKEN"
```

**Manual Configuration** - Create `.mcp.json` in your project root:

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "type": "http",
      "url": "https://mcp.rootly.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_ROOTLY_API_TOKEN"
      }
    }
  }
}
```

#### Cursor

Add to `.cursor/mcp.json` or `~/.cursor/mcp.json`:

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "url": "https://mcp.rootly.com/mcp",
      "headers": {
        "Authorization": "Bearer <YOUR_ROOTLY_API_TOKEN>"
      }
    }
  }
}
```

#### Windsurf

Add to `~/.codeium/windsurf/mcp_config.json`:

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "serverUrl": "https://mcp.rootly.com/mcp",
      "headers": {
        "Authorization": "Bearer <YOUR_ROOTLY_API_TOKEN>"
      }
    }
  }
}
```

#### Codex

Add to `~/.codex/config.toml`:

```toml theme={null}
[mcp_servers.rootly]
url = "https://mcp.rootly.com/mcp"
bearer_token_env_var = "ROOTLY_API_TOKEN"
```

#### Claude Desktop

Add to `claude_desktop_config.json`:

<Callout icon="info-circle">
  The `--transport http` flag ensures HTTP streamable transport is used instead of auto-falling back to SSE.
</Callout>

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.rootly.com/mcp",
        "--transport",
        "http",
        "--header",
        "Authorization: Bearer <YOUR_ROOTLY_API_TOKEN>"
      ]
    }
  }
}
```

#### Gemini CLI

Install as an extension:

```bash theme={null}
gemini extensions install https://github.com/Rootly-AI-Labs/Rootly-MCP-server
```

Or configure manually in `~/.gemini/settings.json`:

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "command": "uvx",
      "args": ["--from", "rootly-mcp-server", "rootly-mcp-server"],
      "env": {
        "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>"
      }
    }
  }
}
```

### Local Installation

The package is downloaded automatically when you first open your editor. Local installation provides additional security controls not available in the hosted version.

**With `uv`:**

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "command": "uv",
      "args": ["tool", "run", "--from", "rootly-mcp-server", "rootly-mcp-server"],
      "env": {
        "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>",
        "ROOTLY_MCP_ENABLE_WRITE_TOOLS": "true"
      }
    }
  }
}
```

**With `uvx`:**

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "command": "uvx",
      "args": ["--from", "rootly-mcp-server", "rootly-mcp-server"],
      "env": {
        "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>"
      }
    }
  }
}
```

#### Security Controls (Local Only)

Local installations support granular permission controls through environment variables:

**Default Mode (All Tools):**

```json theme={null}
{
  "env": {
    "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>"
    // All tools available by default, matching hosted behavior
  }
}
```

**Read-Only Mode (Restricted):**

```json theme={null}
{
  "env": {
    "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>",
    "ROOTLY_MCP_ENABLE_WRITE_TOOLS": "false"
  }
}
```

**Restrict to Specific Tools:**

```json theme={null}
{
  "env": {
    "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>",
    "ROOTLY_MCP_ENABLE_WRITE_TOOLS": "true",
    "ROOTLY_MCP_ENABLED_TOOLS": "createIncident,getIncident,listTeams,getCurrentUser"
  }
}
```

<Callout icon="info-circle">
  **Full Access by Default** — Local installations match hosted behavior with all tools available. Use `ROOTLY_MCP_ENABLE_WRITE_TOOLS=false` to restrict to read-only mode.
</Callout>

**Environment Variables:**

| Variable                        | Description                                 | Default             |
| ------------------------------- | ------------------------------------------- | ------------------- |
| `ROOTLY_API_TOKEN`              | Your Rootly API authentication token        | Required            |
| `ROOTLY_MCP_ENABLE_WRITE_TOOLS` | Enable write operations (create, update)    | `true`              |
| `ROOTLY_MCP_ENABLED_TOOLS`      | Comma-separated allowlist of specific tools | All available tools |

**Example: Minimal Write Access for Automation:**

```json theme={null}
{
  "env": {
    "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>",
    "ROOTLY_MCP_ENABLE_WRITE_TOOLS": "true",
    "ROOTLY_MCP_ENABLED_TOOLS": "createIncidentActionItem,updateIncidentFormFieldSelection,listIncidents,getIncident"
  }
}
```

This configuration allows only creating action items and updating form fields — perfect for automation that needs to add findings without modifying incident status or severity.

**Discovering Available Tools:**

To see all available tool names for your configuration:

```bash theme={null}
ROOTLY_API_TOKEN=<YOUR_TOKEN> \
uvx --from rootly-mcp-server rootly-mcp-server --list-tools
```

With write tools enabled:

```bash theme={null}
ROOTLY_API_TOKEN=<YOUR_TOKEN> \
ROOTLY_MCP_ENABLE_WRITE_TOOLS=true \
uvx --from rootly-mcp-server rootly-mcp-server --list-tools
```

### Self-Hosted

For organizations that need full control over infrastructure or data flow:

```bash theme={null}
git clone https://github.com/Rootly-AI-Labs/Rootly-MCP-server
cd Rootly-MCP-server
uv pip install .
```

Both hosted and self-hosted deployments expose the same curated tool surface by default, including write-enabled tools. To restrict to read-only tools, start the server with `--no-enable-write-tools` or set `ROOTLY_MCP_ENABLE_WRITE_TOOLS=false`.

To expose only a specific subset of MCP tools, set `ROOTLY_MCP_ENABLED_TOOLS` (or pass `--enabled-tools`) with a comma-separated allowlist of exact tool names.

**Discover available tool names:**

```bash theme={null}
ROOTLY_API_TOKEN=<YOUR_TOKEN> \
uv run python -m rootly_mcp_server --list-tools
```

**Smoke-test a self-hosted allowlist:**

```bash theme={null}
ROOTLY_API_TOKEN=<YOUR_TOKEN> \
ROOTLY_MCP_ENABLED_TOOLS=list_incidents,getIncident,get_server_version \
uv run python -m rootly_mcp_server --transport streamable-http --log-level ERROR
```

Then connect an MCP client to `http://127.0.0.1:8000/mcp` and verify `tools/list` returns only the specified tools.

**Run with Docker (Streamable HTTP):**

```bash theme={null}
docker run -p 8000:8000 \
  -e ROOTLY_TRANSPORT=streamable-http \
  -e ROOTLY_API_TOKEN=<YOUR_ROOTLY_API_TOKEN> \
  -e ROOTLY_MCP_ENABLE_WRITE_TOOLS=true \
  rootly-mcp-server
```

**Run with Docker (SSE):**

```bash theme={null}
docker run -p 8000:8000 \
  -e ROOTLY_TRANSPORT=sse \
  -e ROOTLY_API_TOKEN=<YOUR_ROOTLY_API_TOKEN> \
  rootly-mcp-server
```

**Run with Docker (Dual Transport + Code Mode):**

```bash theme={null}
docker run -p 8000:8000 \
  -e ROOTLY_TRANSPORT=both \
  -e ROOTLY_API_TOKEN=<YOUR_ROOTLY_API_TOKEN> \
  rootly-mcp-server
```

<Callout icon="circle-check">
  The MCP server is now connected. Your MCP client can call Rootly tools to list incidents, check on-call schedules, find related incidents, and more.
</Callout>

<Callout icon="info-circle">
  **Alternative: Rootly CLI** — For terminal-based workflows, check out the [Rootly CLI](/integrations/cli) which provides direct command-line access to incidents, alerts, and on-call operations.
</Callout>

## Available Tools

The MCP server exposes **150+ tools** dynamically generated from Rootly's OpenAPI specification, plus custom agentic tools for intelligent incident analysis.

### Custom Agentic Tools

* **`check_oncall_health_risk`** — detects workload health risk in scheduled responders
* **`check_responder_availability`** — checks responder availability
* **`collect_incidents`** — collects incident data with filtering
* **`createIncident`** — create incidents with scoped fields for agent workflows
* **`create_override_recommendation`** — suggests on-call override recommendations
* **`find_related_incidents`** — uses TF-IDF similarity to find historically similar incidents
* **`getIncident`** — retrieve single incidents with PIR-related fields
* **`get_alert_by_short_id`** — get alerts using short IDs
* **`get_oncall_handoff_summary`** — complete handoff information
* **`get_oncall_schedule_summary`** — schedule overview
* **`get_oncall_shift_metrics`** — comprehensive shift analytics
* **`get_server_version`** — server version information
* **`get_shift_incidents`** — incidents during specific time periods
* **`list_endpoints`** — available API endpoints
* **`list_incidents`** — incident listing with filters
* **`list_shifts`** — on-call shift information
* **`search_incidents`** — advanced incident search
* **`suggest_solutions`** — mines past resolutions for actionable recommendations
* **`updateIncident`** — scoped incident updates for summary and retrospective progress

### OpenAPI-Generated Tools

The server also includes all standard Rootly API operations — covering alerts, escalation policies, schedules, services, teams, workflows, dashboards, playbooks, post-incident reviews, and more. Security-sensitive operations (API key management, user creation/deletion, role management, webhook configuration) and delete operations are excluded from the default tool surface.

To see the exact tools available under your configuration:

```bash theme={null}
ROOTLY_API_TOKEN=<YOUR_TOKEN> \
uvx --from rootly-mcp-server rootly-mcp-server --list-tools
```

For the complete tool inventory and pre-built workflow subsets (Incident Response, On-Call Management, Monitoring & Alerting, Post-Incident Analysis, Analytics & Reporting), see the [README on GitHub](https://github.com/Rootly-AI-Labs/Rootly-MCP-server#supported-tools).

## Workflow-Focused Tool Subsets

With 150+ tools available, you can configure focused subsets for optimal AI agent performance using `ROOTLY_MCP_ENABLED_TOOLS`. Pre-built subsets are available for:

| Subset                     | Tools | Use Case                                          |
| -------------------------- | ----- | ------------------------------------------------- |
| **Incident Response**      | 25    | Emergency responders and incident commanders      |
| **On-Call Management**     | 35    | Schedule coordinators and on-call managers        |
| **Monitoring & Alerting**  | 41    | Platform teams setting up observability           |
| **Post-Incident Analysis** | 30    | SREs doing retrospectives and process improvement |
| **Analytics & Reporting**  | 15    | Leadership and metrics teams (read-only)          |

Copy-paste ready tool lists for each subset are maintained in the [GitHub README](https://github.com/Rootly-AI-Labs/Rootly-MCP-server#workflow-focused-tool-subsets).

You can also run multiple MCP instances with different tool subsets for different teams:

```json theme={null}
{
  "mcpServers": {
    "rootly-incident-response": {
      "command": "uvx",
      "args": ["--from", "rootly-mcp-server", "rootly-mcp-server"],
      "env": {
        "ROOTLY_API_TOKEN": "<YOUR_ROOTLY_API_TOKEN>",
        "ROOTLY_MCP_ENABLED_TOOLS": "<paste subset from GitHub README>"
      }
    }
  }
}
```

## MCP Resources

AI agents can access these resources for situational awareness:

| Resource                   | Description                                          |
| -------------------------- | ---------------------------------------------------- |
| `incident://{incident_id}` | Detailed incident information for specific incidents |
| `team://{team_id}`         | Team details including name, color, and metadata     |
| `rootly://incidents`       | List of recent incidents for quick reference         |
| `rootly://oncall-status`   | Current on-call status across all schedules          |
| `rootly://workflow-guide`  | Step-by-step workflow guidance for common operations |

Example usage: *"Check the current on-call status"* → AI reads `rootly://oncall-status` resource.

## Example Skills

### Rootly Incident Responder

The MCP server includes a pre-built [Rootly Incident Responder skill](https://github.com/Rootly-AI-Labs/rootly-mcp-server/blob/main/examples/skills/rootly-incident-responder.md) for Claude Code that demonstrates a complete incident response workflow:

* Analyzes production incidents with full context
* Finds similar historical incidents using ML-based similarity matching
* Suggests solutions based on past successful resolutions
* Coordinates with on-call teams across timezones
* Correlates incidents with recent code changes and deployments
* Creates action items and remediation plans
* Provides confidence scores and time estimates

**Quick Start:**

```bash theme={null}
# Copy the skill to your project
mkdir -p .claude/skills
curl -o .claude/skills/rootly-incident-responder.md \
  https://raw.githubusercontent.com/Rootly-AI-Labs/rootly-mcp-server/main/examples/skills/rootly-incident-responder.md

# Then in Claude Code, invoke it:
# @rootly-incident-responder analyze incident #12345
```

## Example Tools

### On-Call Shift Metrics

Get shift counts, hours, and days on-call for any time period, grouped by user, team, or schedule:

```
get_oncall_shift_metrics(
    start_date="2025-10-01",
    end_date="2025-10-31",
    group_by="user"
)
```

### On-Call Handoff Summary

Get current and next on-call responders plus incidents that occurred during their shifts. Supports optional regional filtering to show only responders on-call during business hours in a given timezone:

```python theme={null}
get_oncall_handoff_summary(
    team_ids="team-1,team-2",
    timezone="America/Los_Angeles"
)

# Show only APAC on-call during APAC business hours
get_oncall_handoff_summary(
    timezone="Asia/Tokyo",
    filter_by_region=True
)
```

### Shift Incidents

Incidents during a time window, filterable by severity, status, and tags. Returns an incident list plus a summary with counts and average resolution time:

```python theme={null}
get_shift_incidents(
    start_time="2025-10-20T09:00:00Z",
    end_time="2025-10-20T17:00:00Z",
    severity="critical",
    status="resolved",
    tags="database,api"
)
```

## On-Call Health Integration

The MCP server integrates with [On-Call Health](https://oncallhealth.ai) to detect workload health risk in scheduled responders. Set the `ONCALLHEALTH_API_KEY` environment variable to enable it:

```json theme={null}
{
  "mcpServers": {
    "rootly": {
      "command": "uvx",
      "args": ["--from", "rootly-mcp-server", "rootly-mcp-server"],
      "env": {
        "ROOTLY_API_TOKEN": "your_rootly_token",
        "ONCALLHEALTH_API_KEY": "och_live_your_key"
      }
    }
  }
}
```

Then call:

```
check_oncall_health_risk(
    start_date="2026-02-09",
    end_date="2026-02-15"
)
```

Returns at-risk users who are scheduled on-call, recommended safe replacements, and action summaries.

## Troubleshooting

<AccordionGroup>
  <Accordion title="The server connects but tools are not appearing" icon="wrench">
    Some MCP clients require a restart after adding a new server configuration. Fully restart your editor or AI assistant after saving the configuration. Also confirm that the JSON configuration is valid — a missing comma or bracket will silently prevent the server from loading.
  </Accordion>

  <Accordion title="Authentication errors when calling tools" icon="lock">
    Confirm that the API token is active and has not been revoked. Go to **Account** > **Manage API keys** in Rootly and verify the key exists. Also check that the token is passed correctly — for hosted configurations it goes in the `Authorization` header as `Bearer <token>`, and for local/self-hosted it goes in the `ROOTLY_API_TOKEN` environment variable.
  </Accordion>

  <Accordion title="Organization-wide tools return incomplete data" icon="magnifying-glass">
    Tools like `get_oncall_handoff_summary` and `get_oncall_shift_metrics` require visibility across all teams. If results are incomplete, your API token may be scoped to a single team. Switch to a Global API Key for full access.
  </Accordion>

  <Accordion title="The local server fails to start" icon="terminal">
    Confirm that Python 3.12 or higher is installed (`python --version`) and that `uv` is available (`uv --version`). If using `uvx`, the package is downloaded on first run — ensure you have network access. For proxy environments, you may need to configure `uv` proxy settings.
  </Accordion>

  <Accordion title="On-Call Health tools are not available" icon="heart-pulse">
    The `check_oncall_health_risk` tool only appears when `ONCALLHEALTH_API_KEY` is set. Confirm the environment variable is present in your MCP server configuration and that the key is valid at oncallhealth.ai.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="API Reference" icon="code" href="/api-reference/overview">
    Browse the full Rootly API — all endpoints exposed by the MCP server come from here.
  </Card>

  <Card title="Rootly AI" icon="robot" href="/ai/ai">
    Learn about Rootly's built-in AI features for incident management.
  </Card>

  <Card title="MCP Server on GitHub" icon="github" href="https://github.com/Rootly-AI-Labs/Rootly-MCP-server">
    Source code, issues, and release notes for the Rootly MCP Server.
  </Card>
</CardGroup>


# Microsoft Teams
Source: https://docs.rootly.com/integrations/microsoft-teams

Set up the Microsoft Teams integration with Rootly to create incident channels, send notifications, and start meetings for live incident response.

Rootly's Microsoft Teams integration automates incident communication and collaboration. When an incident starts, Rootly can create a dedicated Teams channel, invite responders, and post real-time updates. You can also create Microsoft Teams meetings directly from incidents for live collaboration.

<CardGroup>
  <Card title="Incident Channels" icon="hashtag">
    Automatically create dedicated Teams channels for each incident with responders invited
  </Card>

  <Card title="Real-time Updates" icon="bolt">
    Post incident status changes, severity updates, and key events to Teams channels
  </Card>

  <Card title="Video Meetings" icon="video">
    Create Microsoft Teams meetings for live incident collaboration with one click
  </Card>

  <Card title="Custom Notifications" icon="bell">
    Control which events trigger Teams notifications using workflow conditions
  </Card>
</CardGroup>

***

## How It Works

<Steps>
  <Step title="Connect Microsoft Teams">
    Authorize Rootly to access your Teams workspace via OAuth.
  </Step>

  <Step title="Install the Rootly Bot">
    Add the Rootly app to your Teams workspace to enable channel creation and messaging.
  </Step>

  <Step title="Configure Workflows">
    Set up workflows to automatically create channels, send messages, or start meetings when incidents occur.
  </Step>
</Steps>

***

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/microsoft-teams/installation">
    Connect Microsoft Teams and install the Rootly bot
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/microsoft-teams/workflows">
    Configure channel creation, messaging, and meeting workflows
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/microsoft-teams/installation

Connect Microsoft Teams to Rootly by authorizing OAuth access and installing the Rootly bot for incident channel creation, notifications, and meetings.

Setting up the Microsoft Teams integration involves two steps that work together. First, you authorize Rootly via OAuth so it can call the Microsoft Teams API on your behalf. Then, you install the Rootly bot directly inside Teams so it can create channels and post messages. Both steps are required — OAuth alone isn't enough to create channels or send messages.

## Prerequisites

<Warning>
  **Before you start:**

  * Rootly account with Admin permissions
  * Microsoft Teams account with access to the workspace you want to connect
  * Ability to install apps in your Teams workspace (or admin approval from your Microsoft 365 admin)
</Warning>

<Note>
  We recommend connecting with a **service account** rather than a personal account. This ensures the integration stays active if team members leave your organization.
</Note>

***

## Part 1: Connect via OAuth

The OAuth flow grants Rootly permission to interact with your Microsoft Teams workspace through the API. You'll be redirected to Microsoft to sign in and approve the required permissions, then returned to Rootly automatically.

<Steps>
  <Step title="Open Integrations">
    In Rootly, go to **Configuration → Integrations** and search for **Microsoft Teams**.

    <img alt="Rootly integrations page with Microsoft Teams search" />
  </Step>

  <Step title="Start Setup">
    Click **Setup** on the Microsoft Teams integration to begin the OAuth flow.

    <img alt="Microsoft Teams integration setup button" />
  </Step>

  <Step title="Sign in to Microsoft">
    You'll be redirected to Microsoft. Select your Microsoft 365 work account — this should be the service account you intend to use for the integration.

    <img alt="Microsoft account selection screen" />
  </Step>

  <Step title="Review and approve permissions">
    Microsoft will show you the permissions Rootly is requesting. Review them and click **Accept** to grant access.

    <img alt="Microsoft Teams permission approval screen" />

    <img alt="Microsoft Teams consent confirmation" />
  </Step>

  <Step title="Confirm connection">
    After approving, you'll be redirected back to Rootly. A success message confirms the integration is connected.

    <img alt="Rootly showing Microsoft Teams connected successfully" />
  </Step>
</Steps>

<Check>Microsoft Teams is now connected to Rootly.</Check>

### Required OAuth Permissions

<Accordion title="View all OAuth scopes">
  | Permission                                  | Purpose                                                     |
  | ------------------------------------------- | ----------------------------------------------------------- |
  | `offline_access`                            | Keeps the Rootly → Teams connection active between sessions |
  | `User.Read`                                 | Identifies the account connecting to Rootly                 |
  | `Team.ReadBasic.All`                        | Lets Rootly see your Teams and channels                     |
  | `ChatMessage.Send`                          | Rootly can post messages in chats and channels              |
  | `Channel.Create`                            | Rootly can create incident channels                         |
  | `Channel.ReadBasic.All`                     | Read channel names and descriptions                         |
  | `ChannelMessage.Send`                       | Rootly can send channel messages                            |
  | `ChannelMessage.ReadWrite`                  | Rootly can update messages it posts                         |
  | `ChannelSettings.ReadWrite.All`             | Allows Rootly to manage channel settings                    |
  | `ChannelMember.ReadWrite.All`               | Rootly can add and remove users in incident channels        |
  | `TeamsTab.ReadWriteSelfForChat`             | Rootly can install tabs in chats                            |
  | `TeamsTab.ReadWriteSelfForTeam`             | Rootly can install tabs in teams                            |
  | `TeamsAppInstallation.ReadWriteSelfForTeam` | Rootly can install itself in teams                          |
  | `TeamsAppInstallation.ReadWriteSelfForChat` | Rootly can install itself in chats                          |
  | `Chat.Create`                               | Rootly can create group and one-on-one chats                |
  | `Chat.ReadWrite`                            | Rootly can read and send messages in chats                  |
</Accordion>

***

## Part 2: Install the Rootly Bot

OAuth gives Rootly API access, but channel creation and messaging also require the Rootly bot to be present inside Microsoft Teams. Without the bot installed, workflows that create channels or send messages will fail. You install it directly from the Teams app store.

<Steps>
  <Step title="Open Apps in Teams">
    In Microsoft Teams, click **Apps** in the left sidebar and search for **Rootly**.

    <img alt="Microsoft Teams Apps store with Rootly search" />
  </Step>

  <Step title="Add Rootly">
    Click **Add** on the Rootly app listing.

    <img alt="Rootly app in Teams store with Add button" />
  </Step>

  <Step title="Choose a team">
    Select the team where you want to install Rootly. We recommend starting with the General channel of your primary incident response team.

    <img alt="Team selection for Rootly bot installation" />
  </Step>

  <Step title="Installation complete">
    The Rootly bot is now installed in your team and ready to create channels and send messages.

    <img alt="Rootly bot installation confirmation" />
  </Step>
</Steps>

<Note>
  You'll need to repeat the bot installation for each team where you want Rootly to create incident channels. The service account must be a member of each team.
</Note>

***

## Verify Installation

Once both parts are complete, confirm everything is working before setting up workflows:

1. **Check Rootly** — The integration status shows **Connected** on the integrations page
2. **Check Teams** — The Rootly app appears in your team's installed apps
3. **Test end-to-end** — Create a test incident in Rootly and verify a Teams channel is created automatically

<Tip>
  If channels aren't being created, check your workflow configuration first. The bot must be installed in the specific team referenced in the workflow action.
</Tip>

***

## Microsoft Teams Meeting

The **Microsoft Teams Meeting** integration is a separate OAuth connection that enables creating video meetings directly from Rootly incidents. It uses a different set of permissions than the main Teams integration and must be connected independently — even if you've already set up the main Teams integration.

Once connected, a **Create a Microsoft meeting** button appears in the incident header, letting anyone on the response team spin up a live video call with one click.

### Setup

1. Go to **Configuration → Integrations** and search for **Microsoft Teams Meeting**
2. Click **Setup** and sign in with your Microsoft 365 work account
3. Approve the requested permissions
4. Once connected, the **Create a Microsoft meeting** button will appear on every incident

<Note>
  We recommend connecting with a **service account** so the meeting integration stays active if a user leaves your organization.
</Note>

### Required OAuth Permissions

| Permission                 | Purpose                                                                    |
| -------------------------- | -------------------------------------------------------------------------- |
| `offline_access`           | Required for OAuth authentication                                          |
| `User.Read`                | Identifies the account connecting to Rootly                                |
| `OnlineMeetings.ReadWrite` | Allows Rootly to create online meetings on behalf of the connected account |

### Uninstall

1. Log into your **Microsoft Teams Meeting** account
2. Click **Manage → Installed Apps** or search for the **Rootly** app
3. Click the **Rootly** app and click **Uninstall**

***

## Uninstall

To remove the main Microsoft Teams integration from Rootly:

1. Go to **Configuration → Integrations** and find **Microsoft Teams**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

<Warning>
  Disconnecting from Rootly does not remove the Rootly bot from Teams. To fully uninstall, open **Microsoft Teams → Apps → Manage your apps**, find **Rootly**, and click **Uninstall**.
</Warning>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Rootly not showing in Microsoft Teams" icon="circle-x">
    After completing OAuth, Rootly doesn't appear as a connected app in Teams.

    **Solutions:**

    * Verify you completed OAuth using the same email as your Teams account
    * Make sure Rootly was installed in a specific team, not just your personal app space
    * Try uninstalling and reinstalling the Rootly app from the Teams store
    * Check if your organization restricts third-party app installations — a Microsoft 365 admin may need to approve Rootly
  </Accordion>

  <Accordion title="Cannot add Rootly to a team" icon="circle-x">
    Teams shows an error when trying to add Rootly to a team.

    **Solutions:**

    * Ensure you have owner or admin permissions in the team
    * Ask a Team Owner or Microsoft 365 admin to approve the Rootly app
    * Verify that third-party app installations are enabled in your Microsoft 365 admin center
  </Accordion>

  <Accordion title="Email not associated with account" icon="circle-x">
    Teams reports that the signed-in email isn't linked to a Rootly account.

    **Solutions:**

    * Verify the OAuth email matches exactly the email registered in Rootly
    * Confirm this email exists as a user in Rootly
    * Add the email under **Rootly → Organization Settings → Members** if needed
    * Disconnect and reconnect the Microsoft Teams integration
  </Accordion>

  <Accordion title="Channels not being created" icon="circle-x">
    Workflows run successfully but no Teams channels appear.

    **Solutions:**

    * Verify the Rootly bot is installed in the specific team referenced in the workflow action
    * Check workflow run logs for errors: **Workflows → Your Workflow → ... → View Runs**
    * Confirm the team name in the workflow action exactly matches the team in Teams
  </Accordion>
</AccordionGroup>


# Workflows
Source: https://docs.rootly.com/integrations/microsoft-teams/workflows

Automate Microsoft Teams channel creation, messaging, and meetings from Rootly incidents using workflow actions with mention, adaptive card, and topic support.

Workflows let you automate Microsoft Teams actions during incidents: create channels, send messages, rename or archive channels, and start video meetings. If you're unfamiliar with how Workflows work, see the [Workflows](/workflows/workflows) documentation first.

## Automation Options

<CardGroup>
  <Card title="Smart Defaults" icon="bolt">
    Auto-create Teams channels at incident start using built-in settings
  </Card>

  <Card title="Custom Workflows" icon="diagram-project">
    Build workflows with triggers, conditions, and multiple Teams actions
  </Card>
</CardGroup>

***

## Available Actions

| Action                                      | What It Does                                                   |
| ------------------------------------------- | -------------------------------------------------------------- |
| **Create Microsoft Teams Channel**          | Creates a new channel for the incident                         |
| **Create Microsoft Teams Chat**             | Creates a group or one-on-one chat                             |
| **Add Microsoft Teams Tab**                 | Adds a tab to the incident channel                             |
| **Archive Microsoft Teams Channel**         | Archives the incident channel                                  |
| **Rename Microsoft Teams Channel**          | Changes the channel name                                       |
| **Invite Users to Microsoft Teams Channel** | Invites users to a private incident channel                    |
| **Send Microsoft Teams Message**            | Posts a message to a Teams channel                             |
| **Send Microsoft Teams Attachments**        | Sends attachments to a Teams channel                           |
| **Create Microsoft Teams Meeting**          | Starts a video meeting (requires separate Meeting integration) |

***

## Create a Workflow

<Steps>
  <Step title="Open Workflows">
    Go to **Rootly → Workflows → Create Workflow**.

    <img alt="Rootly workflows page" />

    <img alt="Create workflow button" />
  </Step>

  <Step title="Choose workflow type">
    Select the workflow type that matches your use case (e.g., Incident, Retrospective, or Pulse).

    <img alt="Workflow type selection" />
  </Step>

  <Step title="Configure triggers">
    Triggers define when this workflow runs.

    <img alt="Workflow trigger configuration" />

    | Trigger                         | When It Fires                       |
    | ------------------------------- | ----------------------------------- |
    | **Incident Created**            | New incident opens                  |
    | **Incident Updated**            | Severity, status, or fields change  |
    | **Incident Status Changed**     | Incident moves to a specific status |
    | **Incident Commander Assigned** | Someone takes ownership             |
    | **Incident Resolved**           | Incident is resolved                |
    | **Manual Trigger**              | Run on demand from the UI           |
  </Step>

  <Step title="Add conditions (optional)">
    Conditions filter when the workflow should run after it's been triggered — keeping Teams activity focused on the incidents that matter.

    <img alt="Workflow conditions panel" />

    Examples:

    * Only for SEV-1 or SEV-2 incidents
    * Only for specific teams or services
    * Only for production environments
  </Step>

  <Step title="Add a Microsoft Teams action">
    Click **Add Action** and search for **Microsoft Teams** to see all available actions.

    <img alt="Add action button with Microsoft Teams search" />
  </Step>
</Steps>

***

## Actions

<AccordionGroup>
  <Accordion title="Create Microsoft Teams Channel" icon="hashtag">
    Creates a dedicated Teams channel for the incident. Use this as your first action when an incident opens to give responders a central place to coordinate.

    <img alt="Create Microsoft Teams Channel action" />

    <img alt="Channel configuration options" />

    <ParamField type="select">
      The Microsoft Teams workspace where the channel will be created.
    </ParamField>

    <ParamField type="string">
      The channel name. Supports Liquid syntax (e.g., `{{ incident.title }}`).

      <Note>
        Channel names are automatically lowercased, parameterized, and truncated to 50 characters.
      </Note>
    </ParamField>

    <ParamField type="string">
      An optional description for the channel. Supports Liquid syntax.
    </ParamField>

    <ParamField type="select">
      Controls channel visibility:

      * **auto** — Private for private incidents, public for non-private incidents
      * **true** — Always private
      * **false** — Always public
    </ParamField>

    <Note>
      If the incident already has a Teams channel, this action skips creation to avoid duplicates.
    </Note>
  </Accordion>

  <Accordion title="Create Microsoft Teams Chat" icon="comments">
    Creates a group or one-on-one chat for the incident. Once created, the chat ID and URL are stored on the incident for use in subsequent actions.

    <ParamField type="select">
      * **group** — Creates a group chat with multiple members and an optional topic
      * **oneOnOne** — Creates a one-on-one chat between exactly two members
    </ParamField>

    <ParamField type="string">
      A topic for the chat. Only used for group chats. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      A JSON array of members to add. Each member requires an `email` field. Supports Liquid syntax.

      ```json theme={null}
      [
        {"email": "alice@company.com"},
        {"email": "bob@company.com", "roles": ["guest"]}
      ]
      ```

      <Note>
        Group chats require at least three members (including the service account). One-on-one chats require exactly two.
      </Note>
    </ParamField>
  </Accordion>

  <Accordion title="Add Microsoft Teams Tab" icon="browser">
    Adds a tab to the incident Teams channel. Use this to give responders quick access to dashboards, runbooks, or the Rootly incident page directly within the channel.

    <ParamField type="select">
      The team that contains the channel.
    </ParamField>

    <ParamField type="string">
      The channel to add the tab to. Use `{{ incident.microsoft_teams_channel_id }}` to target the incident's channel.
    </ParamField>

    <ParamField type="string">
      The display name shown on the tab. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      The URL the tab should point to. Supports Liquid syntax.
    </ParamField>

    <ParamField type="select">
      Optionally select a playbook to add as a dedicated playbook tab. When a playbook is selected, the tab renders only the playbook checklist — it is a distinct tab type and does not include the Rootly incident dashboard. Leave this empty to use the Title and Link fields to add a URL-based tab, such as a link to the incident page or an external runbook.
    </ParamField>

    <Note>
      The Rootly app must be installed in the target team for this action to work.
    </Note>
  </Accordion>

  <Accordion title="Archive Microsoft Teams Channel" icon="box-archive">
    Archives the incident channel when it's no longer needed. Keeps the workspace clean while preserving conversation history.

    <ParamField type="select">
      The team that contains the channel.
    </ParamField>

    <ParamField type="string">
      The channel(s) to archive. Use `{{ incident.microsoft_teams_channel_id }}` to target the incident's channel.
    </ParamField>

    **Common trigger:** Incident Status Changed to "Closed"
  </Accordion>

  <Accordion title="Rename Microsoft Teams Channel" icon="pen-to-square">
    Renames an existing Teams channel. Use this to reflect status changes — for example, prefixing resolved incidents with `[RESOLVED]`.

    <ParamField type="select">
      The team that contains the channel.
    </ParamField>

    <ParamField type="string">
      The channel to rename. Use `{{ incident.microsoft_teams_channel_id }}` to target the incident's channel.
    </ParamField>

    <ParamField type="string">
      The new channel name. Supports Liquid syntax.

      ```liquid theme={null}
      [RESOLVED] {{ incident.title }}
      ```
    </ParamField>

    **Common trigger:** Incident Resolved
  </Accordion>

  <Accordion title="Invite Users to Microsoft Teams Channel" icon="user-plus">
    Invites users to a private incident channel by email. Use this to automatically add on-call responders when they're assigned a role.

    <ParamField type="select">
      The team that contains the channel.
    </ParamField>

    <ParamField type="string">
      The private channel to invite users to. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      Comma-separated list of email addresses to invite. Supports Liquid syntax.
    </ParamField>

    <Warning>
      This action only works with **private** channels. Public channels are accessible to all team members by default.
    </Warning>

    **Common triggers:** Incident Created, Incident Commander Assigned
  </Accordion>

  <Accordion title="Send Microsoft Teams Channel Message" icon="message">
    Posts a message to a Teams channel using the Rootly bot. Use Liquid variables to include dynamic incident details in the message.

    <ParamField type="select">
      The channel(s) to post to. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      The message content. Supports Liquid variables.

      ```liquid theme={null}
      🚨 **Incident Update**

      **Title:** {{ incident.title }}
      **Severity:** {{ incident.severity }}
      **Status:** {{ incident.status }}
      **Commander:** {{ incident.commander.name | default: "Unassigned" }}

      {{ incident.summary }}
      ```
    </ParamField>

    <Note>
      If the message text is empty, the action will be skipped.
    </Note>

    **Common triggers:** Incident Created, Incident Updated, Status Changed
  </Accordion>

  <Accordion title="Send Microsoft Teams Attachments" icon="paperclip">
    Sends Adaptive Card attachments to one or more Teams channels. Use this to send richly formatted, interactive content such as structured incident summaries.

    <ParamField type="select">
      The channel(s) to send the attachments to. Supports Liquid syntax.
    </ParamField>

    <ParamField type="string">
      A JSON payload defining the Adaptive Card content. Supports Liquid syntax. Follows the [Microsoft Adaptive Card schema](https://adaptivecards.io/).
    </ParamField>
  </Accordion>

  <Accordion title="Create Microsoft Teams Meeting" icon="video">
    Creates a Microsoft Teams video meeting for live incident collaboration. The meeting link is automatically stored on the incident.

    <Note>
      This action requires the **Microsoft Teams Meeting** integration to be installed separately.
    </Note>

    <ParamField type="string">
      The meeting title. Supports Liquid syntax (e.g., `{{ incident.title }}`).
    </ParamField>

    **Common trigger:** Incident Created (for high-severity incidents)
  </Accordion>
</AccordionGroup>

***

## Liquid Variables

<Tip>
  Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables with real incident data.
</Tip>

### Incident Variables

| Variable                         | Description                    |
| -------------------------------- | ------------------------------ |
| `{{ incident.title }}`           | Incident title                 |
| `{{ incident.summary }}`         | Incident summary               |
| `{{ incident.severity }}`        | Severity level (e.g., "SEV1")  |
| `{{ incident.status }}`          | Current status                 |
| `{{ incident.started_at }}`      | When the incident started      |
| `{{ incident.commander.name }}`  | Incident commander name        |
| `{{ incident.commander.email }}` | Incident commander email       |
| `{{ incident.url }}`             | Link to the incident in Rootly |

### Microsoft Teams Variables

| Variable                                     | Description                           |
| -------------------------------------------- | ------------------------------------- |
| `{{ incident.microsoft_teams_channel_id }}`  | ID of the incident's Teams channel    |
| `{{ incident.microsoft_teams_channel_url }}` | URL to the Teams channel              |
| `{{ incident.microsoft_teams_chat_id }}`     | ID of the incident's Teams chat       |
| `{{ incident.microsoft_teams_meeting_url }}` | URL to the Teams meeting (if created) |


# Mistral AI
Source: https://docs.rootly.com/integrations/mistral

Connect Rootly to Mistral AI to send prompts to Mistral models from incident and action item workflows for AI-assisted summaries, drafts, and triage.

## Introduction

The Mistral AI integration lets you connect Rootly to your organization's Mistral AI API account. Once connected, a new **Mistral Chat Completion** workflow action becomes available, allowing you to send prompts to Mistral models and capture their responses — directly within your incident and action item workflows.

With the Mistral AI integration, you can:

* Generate AI-powered incident summaries, analyses, and recommendations
* Send custom prompts to Mistral and Codestral models with full Liquid template support
* Use a system prompt to define the model's role, tone, or output constraints
* Control response style with temperature, max tokens, and nucleus sampling parameters

## Before You Begin

Before setting up the Mistral AI integration, make sure you have:

* A Rootly account with permission to manage integrations
* A [Mistral AI API key](https://console.mistral.ai/) with access to at least one model

<Callout icon="triangle-exclamation">
  Your API key is validated against the Mistral API when you save the integration. If validation fails, confirm the key is active and has not been revoked in the Mistral console.
</Callout>

## Installation

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **Mistral AI**.
  </Step>

  <Step title="Enter your API key" icon="key">
    Paste your Mistral AI API key into the **API Key** field. Rootly validates the key by fetching your available models before saving. Your key is encrypted at rest in Rootly.
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      Your Mistral AI integration is active. The **Mistral Chat Completion** workflow action is now available in your incident and action item workflows.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Mistral Chat Completion

Sends a prompt to a Mistral model and captures the response as a workflow output. The model list is fetched dynamically from your API account and includes `mistral-`, `codestral-`, and `open-` model families.

| Field         | Description                                                                | Required |
| ------------- | -------------------------------------------------------------------------- | -------- |
| Model         | The Mistral model to use — fetched from your account                       | Yes      |
| Prompt        | The user message — supports Liquid templating                              | Yes      |
| System Prompt | Instructions for the model's role or behavior — supports Liquid templating | No       |
| Temperature   | Sampling temperature between `0.0` and `1.5` — controls randomness         | No       |
| Max Tokens    | Maximum number of tokens in the response                                   | No       |
| Top P         | Nucleus sampling probability between `0.0` and `1.0`                       | No       |

<Callout icon="code">
  Use Liquid variables in your prompts to include live incident context — for example `{{ incident.title }}`, `{{ incident.severity }}`, and `{{ incident.description }}`. See the [Liquid variables reference](/liquid/incident-variables) for all available fields.
</Callout>

The **System Prompt** field sets the model's persona or output format — for example: *"You are an incident response assistant. Respond in bullet points. Be concise."*

## Troubleshooting

<AccordionGroup>
  <Accordion title="The API key is rejected on save" icon="key">
    Rootly validates your API key by fetching the list of available models when you save. If validation fails, confirm the key is active in the [Mistral console](https://console.mistral.ai/) and has not been revoked or restricted.
  </Accordion>

  <Accordion title="The workflow action fails with an authentication error" icon="lock">
    If the integration was working and then stopped, the API key may have been rotated or revoked. Update the key in the integration settings — Rootly re-validates on save.
  </Accordion>

  <Accordion title="The workflow action fails with a rate limit error" icon="gauge-high">
    Mistral AI enforces rate limits based on your API tier. Running many concurrent workflows may exceed requests-per-minute limits. Consider staggering workflows, reducing token usage with more focused prompts, or upgrading your Mistral plan for higher quota.
  </Accordion>

  <Accordion title="A model is not appearing in the model selector" icon="robot">
    The model list is fetched dynamically from your API account and is filtered to `mistral-`, `codestral-`, and `open-` model families. If a model you expect is missing, confirm your API key has access to it — some models may require specific Mistral tiers or allowlisting.
  </Accordion>

  <Accordion title="Liquid variables are not rendering correctly in the prompt" icon="code">
    Check your Liquid syntax — unclosed tags or undefined variables can cause rendering failures. Use the [Liquid variables reference](/liquid/incident-variables) to confirm variable names and test your template in a low-stakes workflow first.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Build workflows that use Mistral models to analyze, summarize, or respond to incidents.
  </Card>

  <Card title="Liquid Variables" icon="code" href="/liquid/incident-variables">
    Reference for all incident variables available in Liquid-templated prompts.
  </Card>

  <Card title="Rootly AI" icon="robot" href="/ai/ai">
    Learn about Rootly's built-in AI features for incident management.
  </Card>
</CardGroup>


# Alerts
Source: https://docs.rootly.com/integrations/new-relic/alerts

Configure New Relic to send alert events into Rootly using a webhook notification channel with bearer token authentication, routing, and resolution sync.

## Introduction

New Relic can send alert events into Rootly as alerts using a webhook notification channel. Once alerts are flowing into Rootly, you can use alert workflows to create incidents, notify Slack channels, or page on-call targets.

With New Relic alerts in Rootly, you can:

* Receive New Relic issue events as Rootly alerts
* Filter and route alerts using workflow conditions on fields like `priority`, `state`, and `workflowName`
* Use alert workflows to automate incident creation and follow-up actions

## Before You Begin

Before configuring alert ingestion, make sure you have:

* The New Relic integration already installed in Rootly — see the [Installation](/integrations/new-relic/installation) page
* Access to configure notification channels or destinations in New Relic
* The bearer token from your Rootly New Relic integration settings

<Callout icon="triangle-exclamation">
  You must install the New Relic integration in Rootly before setting up the webhook. The bearer token is generated during installation and is required for authentication.
</Callout>

## Configure a Webhook in New Relic

<Steps>
  <Step title="Open notification channels in New Relic" icon="bell">
    In New Relic, navigate to **Alerts > Notification channels** and create a new channel.

    <Frame>
      <img alt="New Relic notification channels page" />
    </Frame>
  </Step>

  <Step title="Create a Rootly webhook channel" icon="webhook">
    Select **Webhook** as the channel type and configure it with the following values:

    * **Webhook URL**: `https://webhooks.rootly.com/webhooks/incoming/new_relic_webhooks`
    * **Auth type**: Bearer token
    * **Token**: the bearer token shown in your Rootly New Relic integration settings

    <Frame>
      <img alt="New Relic webhook channel configuration" />
    </Frame>

    <Frame>
      <img alt="New Relic webhook bearer token field" />
    </Frame>

    <Callout icon="key">
      Your bearer token is available in Rootly under **Integrations > New Relic > Configure**.
    </Callout>

    <Frame>
      <img alt="Bearer token in Rootly integration settings" />
    </Frame>
  </Step>

  <Step title="Test the webhook" icon="circle-check">
    Click **Test Notification** in New Relic. A test alert should appear on your [Rootly Alerts page](https://rootly.com/account/alerts).

    <Frame>
      <img alt="Test alert appearing in Rootly" />
    </Frame>

    <Callout icon="circle-check">
      If the test alert appears in Rootly, the integration is working correctly. You can now attach this channel to New Relic alert policies.
    </Callout>
  </Step>
</Steps>

## How Alerts Are Mapped

Rootly extracts the following fields from each New Relic alert payload:

* **Summary** — the `title` field from the New Relic issue
* **External ID** — the issue `id`, used to deduplicate alerts
* **External URL** — the `issueUrl`, linking back to the New Relic issue
* **Labels** — `state`, `trigger`, `priority`, and `workflowName` are attached as Rootly alert labels

<Callout icon="tag">
  New Relic `priority` and `state` values are available as alert labels in Rootly. You can use these in workflow run conditions to handle critical vs warning alerts differently.
</Callout>

## Troubleshooting

<AccordionGroup>
  <Accordion title="No alerts are appearing in Rootly after a New Relic alert fires" icon="circle-exclamation">
    Verify that the webhook URL and bearer token are correct. Use the **Test Notification** button in New Relic to confirm delivery. Ensure the notification channel is attached to the alert policy that fired.
  </Accordion>

  <Accordion title="Alerts appear but are missing fields" icon="file-circle-question">
    Rootly extracts fields from the standard New Relic issue payload. If your New Relic account uses a customized payload template for the webhook channel, ensure it still includes the standard fields: `title`, `id`, `issueUrl`, `state`, `priority`, and `createdAt`.
  </Accordion>

  <Accordion title="The bearer token is not being accepted" icon="key">
    Confirm you are using the token from the Rootly New Relic integration settings, not your New Relic API key. These are different credentials — the bearer token is generated by Rootly for authenticating inbound webhooks.
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/new-relic/installation

Connect New Relic to Rootly to capture metric and chart snapshots during incidents through Genius workflows for dashboards, alerts, and applications.

## Introduction

The New Relic integration connects Rootly with your New Relic account so teams can capture metric and chart snapshots directly from incident workflows. This provides point-in-time visibility into your observability data without leaving the incident response flow.

With the New Relic integration, you can:

* Capture New Relic chart snapshots from Genius workflows during incidents
* Attach snapshot links to incident timelines for post-incident review
* Ingest New Relic alert events into Rootly as alerts — see the [Alerts](/integrations/new-relic/alerts) page for setup

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with permission to manage integrations
* A New Relic account with permission to create API keys
* Your New Relic **Account ID**

<Callout icon="user-shield">
  We recommend integrating with a dedicated service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the New Relic integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **New Relic**.

    <Frame>
      <img alt="New Relic integration on the integrations page" />
    </Frame>
  </Step>

  <Step title="Generate a New Relic API key" icon="key">
    In New Relic, navigate to your API keys settings.

    <Frame>
      <img alt="New Relic API keys page" />
    </Frame>

    <Frame>
      <img alt="New Relic API key list" />
    </Frame>

    Generate a new **User** key and copy it.

    <Frame>
      <img alt="Generate New Relic API key" />
    </Frame>

    <Callout icon="key">
      Copy the API key immediately after generating it — New Relic will not show the full key again.
    </Callout>
  </Step>

  <Step title="Enter your credentials in Rootly" icon="link">
    Paste your **API key** and **Account ID** into the New Relic integration settings in Rootly and save.

    <Frame>
      <img alt="Enter New Relic credentials in Rootly" />
    </Frame>
  </Step>
</Steps>

## Capture Snapshots in Workflows

Once the integration is connected, a new task is available in your Genius workflows to capture New Relic chart snapshots during incidents.

<Frame>
  <img alt="New Relic snapshot task in Genius workflows" />
</Frame>

<Callout icon="camera">
  Snapshots are point-in-time captures attached to the incident timeline, so you can reference exactly what your metrics looked like when the incident occurred.
</Callout>

## Uninstall

To remove the New Relic integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Nobl9
Source: https://docs.rootly.com/integrations/nobl9

Receive alerts in Rootly when SLO error budgets are breached in Nobl9, with routing to on-call teams, Slack channels, and incident creation workflows.

## Overview

Rootly's Nobl9 integration turns SLO alert policy violations into Rootly alerts. When Nobl9 detects that a service's error budget has been exhausted or an SLO objective has been breached, it fires a webhook to Rootly which creates an alert automatically.

Alerts created from Nobl9 include contextual labels pulled directly from the payload — service, project, severity, SLO name, alert policy, and organization — making it easy to route and filter alerts in Rootly.

<CardGroup>
  <Card title="SLO-Driven Alerting" icon="chart-line">
    Alerts fire automatically when error budgets are breached or SLO objectives are violated.
  </Card>

  <Card title="Rich Labels" icon="tag">
    Each alert carries service, project, severity, SLO, alert policy, and organization labels from Nobl9.
  </Card>

  <Card title="Alert Routing" icon="route">
    Route Nobl9 alerts to services, escalation policies, or teams based on label values.
  </Card>

  <Card title="Incident Escalation" icon="triangle-exclamation">
    Escalate Nobl9 alerts into full incidents when SLO violations require immediate response.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You must have access to Nobl9 with permissions to create **Alert Methods** and **Alert Policies**

## Installation

<Steps>
  <Step title="Add the integration in Rootly">
    In Rootly, go to **Configuration → Integrations** and find **Nobl9**. Click **Connect**.

    <Frame>
      <img alt="Nobl9 integration in Rootly integrations page" />
    </Frame>

    Rootly will generate a unique webhook URL tied to your team. Copy this URL — you'll need it in the next step.

    <Frame>
      <img alt="Nobl9 webhook URL in Rootly" />
    </Frame>
  </Step>

  <Step title="Create an Alert Method in Nobl9">
    In Nobl9, navigate to **Integrations → Alert Methods** and click **+ Add Alert Method**.

    <Frame>
      <img alt="Nobl9 Integrations page" />
    </Frame>

    Click **Alert Methods** and create a new alert method.

    <Frame>
      <img alt="Creating a new alert method in Nobl9" />
    </Frame>
  </Step>

  <Step title="Configure as Webhook type">
    Select **Webhook** as the alert method type.

    <Frame>
      <img alt="Selecting webhook type in Nobl9" />
    </Frame>

    Paste the webhook URL from Rootly into the URL field and save.

    <Frame>
      <img alt="Pasting Rootly webhook URL into Nobl9" />
    </Frame>
  </Step>

  <Step title="Attach to an Alert Policy">
    In Nobl9, open or create an **Alert Policy** and attach the Rootly alert method to it. Any SLO that uses this alert policy will now send alerts to Rootly when violated.
  </Step>
</Steps>

## Alert Labels

When Nobl9 fires an alert, Rootly automatically extracts the following labels from the payload:

| Label          | Source             |
| -------------- | ------------------ |
| `service`      | Nobl9 service name |
| `project`      | Nobl9 project name |
| `severity`     | Alert severity     |
| `slo`          | SLO name           |
| `alert_policy` | Alert policy name  |
| `organization` | Nobl9 organization |

These labels can be used in Rootly to route alerts, set urgency, and filter in dashboards.

## Uninstall

To remove the Nobl9 integration:

1. Go to **Configuration → Integrations** and find **Nobl9**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

<Warning>
  After disconnecting, update or remove any Nobl9 alert methods that reference the Rootly webhook URL. Nobl9 will continue attempting to deliver webhooks to a disconnected endpoint.
</Warning>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Do Nobl9 alerts auto-resolve in Rootly?" icon="circle-question">
    No. Nobl9 webhooks are fire-and-forget — they don't send a resolve signal when the SLO recovers. Alerts created from Nobl9 must be resolved manually in Rootly or via a separate automation.
  </Accordion>

  <Accordion title="Can I route different Nobl9 alerts to different teams?" icon="circle-question">
    Yes. Use Rootly's alert routing rules to match on labels like `service`, `project`, or `alert_policy` and route to the appropriate team or escalation policy.
  </Accordion>

  <Accordion title="Can I use one Rootly webhook for multiple Nobl9 alert policies?" icon="circle-question">
    Yes. The same webhook URL can be attached to multiple alert methods and policies in Nobl9. All alerts will flow into the same Rootly integration.
  </Accordion>

  <Accordion title="What does the alert summary look like in Rootly?" icon="circle-question">
    The alert summary is set from the `message` field in the Nobl9 payload, which typically describes the SLO violation (e.g., "Error budget exhausted for checkout-latency SLO").
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/notion/installation

Connect your Notion workspace to Rootly via OAuth to enable automated retrospective page creation, incident documentation, and database population.

## Before You Begin

<Callout icon="triangle-exclamation">
  We recommend performing the installation with a **service account** to ensure the integration does not break if the installing user leaves the company. Ensure you are logged in as an **Admin** in Rootly. You will also need Editor or Owner access to the parent Notion page where Rootly will create pages.
</Callout>

## Connect Notion

To connect Notion to Rootly, you will authorize via OAuth and select which Notion pages Rootly is allowed to access. Rootly can only create pages within the pages you explicitly grant access to during this step.

<Steps>
  <Step title="Open Rootly Integrations">
    In Rootly, navigate to **Configuration → Integrations** and search for **Notion**.

    <Frame>
      <img alt="Rootly integrations page with Notion search" />
    </Frame>

    <Frame>
      <img alt="Notion integration setup button" />
    </Frame>
  </Step>

  <Step title="Authorize in Notion">
    Click **Setup**. You will be redirected to Notion. Click **Select pages** to choose which pages Rootly can access.

    <Frame>
      <img alt="Notion OAuth authorization page" />
    </Frame>
  </Step>

  <Step title="Select Pages">
    Choose the parent pages where you want Rootly to create incident retrospective pages, then click **Allow access**.

    <Frame>
      <img alt="Notion page selection screen" />
    </Frame>
  </Step>

  <Step title="Confirm Connection">
    You will be redirected back to Rootly with a success message confirming the integration is connected.

    <Frame>
      <img alt="Rootly showing Notion connected successfully" />
    </Frame>
  </Step>
</Steps>

<Callout icon="circle-check">
  Your Notion workspace is now connected. You can verify the connection in Notion under **Settings and Members → Connections** — Rootly should appear in the list.
</Callout>

## Verify the Connection

After connecting, confirm in Notion that Rootly has been granted access:

1. Open the parent page you selected during authorization
2. Click the **⋯** menu → **Connections**
3. Confirm Rootly appears in the list

<Frame>
  <img alt="Notion connections panel showing Rootly" />
</Frame>

## Uninstall

**In Rootly:**

1. Go to **Configuration → Integrations** and find **Notion**
2. Click the **Connected** button to reveal the disconnect option
3. Click **Delete**

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>

**In Notion** (to fully revoke access):

1. Go to **Settings and Members → Connections**
2. Find **Rootly** and click **Disconnect**

<Callout icon="circle-info">
  Disconnecting from Rootly does not remove existing Notion pages created by Rootly. Those pages remain in your Notion workspace.
</Callout>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Rootly is not showing in Notion Connections" icon="circle-exclamation">
    Ensure you granted access to the specific page during OAuth. Go to **Settings and Members → Connections** in Notion to confirm Rootly is listed. If missing, disconnect and reconnect the integration in Rootly. Also check that the page is not in a private or restricted workspace.
  </Accordion>

  <Accordion title="No pages are available during setup" icon="magnifying-glass">
    Notion only shows pages you have Editor or Owner access to. If the workspace has restricted pages, an admin must grant you access first. Try expanding parent pages in the selector to see nested pages, then restart the authorization flow.
  </Accordion>

  <Accordion title="Pages are not being created after running a workflow" icon="triangle-exclamation">
    Verify the parent page selected in the workflow action is one you granted access to during installation. Check workflow run logs under **Workflows → Your Workflow → View Runs** for error details. Re-authorize the integration if the connection has expired.
  </Accordion>
</AccordionGroup>


# Notion
Source: https://docs.rootly.com/integrations/notion/overview

Automatically create and update incident retrospective pages in Notion with timeline, action items, and custom templates synced from Rootly workflows.

## Overview

Rootly's Notion integration automatically creates retrospective pages when incidents occur. Each page is populated with incident details, timeline, and action items — giving your team a single source of truth without manual documentation.

## Features

<CardGroup>
  <Card title="Auto-Create Pages" icon="file-plus">
    Retrospective pages are created automatically when incidents resolve or retrospectives begin.
  </Card>

  <Card title="Timeline and Action Items" icon="list-check">
    Incident timeline and follow-up action items are included in every page.
  </Card>

  <Card title="Custom Templates" icon="file-lines">
    Use your own retrospective templates with Liquid variables for dynamic content.
  </Card>

  <Card title="Update Pages" icon="pen">
    Re-generate pages with the latest incident data at any point via workflows.
  </Card>
</CardGroup>

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/notion/installation">
    Connect your Notion workspace to Rootly.
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/notion/workflows">
    Configure automated page creation and updates.
  </Card>
</CardGroup>


# Workflows
Source: https://docs.rootly.com/integrations/notion/workflows

Automate Notion page creation and updates for incident retrospectives using Rootly workflows with parent page, database, and Liquid template controls.

## Overview

Workflows let you automate Notion page creation and updates for incident retrospectives. You can trigger page creation when an incident resolves or a retrospective begins, and populate the page with timeline data, action items, and custom template content using Liquid variables.

## Available Actions

| Action                 | Description                                                        |
| ---------------------- | ------------------------------------------------------------------ |
| **Create Notion Page** | Creates a new retrospective page in a specified Notion parent page |
| **Update Notion Page** | Overwrites an existing Notion page with the latest incident data   |

## Create a Workflow

<Steps>
  <Step title="Open Workflow Creation">
    Navigate to **Workflows** in Rootly and click **Create Workflow**.

    <Frame>
      <img alt="Rootly workflows page" />
    </Frame>

    <Frame>
      <img alt="Create workflow button" />
    </Frame>
  </Step>

  <Step title="Choose Workflow Type">
    Select the workflow type that matches your use case — **Incident**, **Retrospective**, or **Pulse**.

    <Frame>
      <img alt="Workflow type selection" />
    </Frame>
  </Step>

  <Step title="Configure Triggers">
    Triggers define when the workflow runs. Choose the event that should kick off page creation.

    <Frame>
      <img alt="Workflow trigger configuration" />
    </Frame>

    | Trigger                     | When it fires                            |
    | --------------------------- | ---------------------------------------- |
    | **Incident Created**        | A new incident opens                     |
    | **Incident Updated**        | Severity, status, or other fields change |
    | **Incident Status Changed** | The incident moves to a specific status  |
    | **Incident Resolved**       | The incident is resolved                 |
    | **Retrospective Started**   | The retrospective process begins         |
    | **Manual Trigger**          | Run on demand from the UI                |
  </Step>

  <Step title="Add Conditions (Optional)">
    Use conditions to control when the workflow fires after the trigger. For example, only create a Notion page for SEV-1 or SEV-2 incidents, or only for specific teams or environments.

    <Frame>
      <img alt="Workflow conditions panel" />
    </Frame>
  </Step>

  <Step title="Add the Notion Action">
    Click **Add Action** and search for **Notion**.

    <Frame>
      <img alt="Add action with Notion search" />
    </Frame>
  </Step>
</Steps>

## Create Notion Page

Use this action to create a new retrospective page in Notion for an incident. The page is created under a parent page you select and is populated using the template and fields you configure.

<Frame>
  <img alt="Create Notion Page action" />
</Frame>

<Frame>
  <img alt="Notion page action configuration" />
</Frame>

| Field                             | Description                                                                                                                                                        |
| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Page**                          | The parent Notion page where the new page will be created. Must be a page Rootly was granted access to during installation.                                        |
| **Title**                         | The page title. Supports Liquid syntax — use the incident title or any other variable.                                                                             |
| **Post Mortem Template**          | A pre-built retrospective template from [Retrospective Templates](https://rootly.com/account/retrospective-steps?tab=documents).                                   |
| **Mark Post Mortem as Published** | Set the retrospective status to `published` immediately rather than leaving it as `draft`.                                                                         |
| **Show Timeline as Table**        | Include the incident timeline. Uncheck if you want images to appear inline — Notion does not support images in tables.                                             |
| **Show Action Items as Table**    | Include follow-up action items. Only `follow-up` type items are included — tasks are excluded as they are completed during the incident, before the retrospective. |
| **Skip on Failure**               | Prevent the workflow from stopping if this action fails.                                                                                                           |
| **Enabled**                       | Toggle this action on or off for testing.                                                                                                                          |

## Update Notion Page

Use this action to overwrite an existing Notion page with the latest incident data. This is useful for keeping the retrospective page current as the incident progresses.

<Frame>
  <img alt="Update Notion Page action" />
</Frame>

<Callout icon="triangle-exclamation">
  This is an overwrite operation. Any manual changes made to the Notion page will be replaced when this action runs.
</Callout>

| Field                          | Description                                                                                                    |
| ------------------------------ | -------------------------------------------------------------------------------------------------------------- |
| **File**                       | The Notion page to update. Use `incident.notion_page_id` via Liquid to reference the incident's existing page. |
| **Title**                      | Updated page title. Leave blank to keep the existing title.                                                    |
| **Post Mortem Template**       | Template to apply when updating. Overwrites existing content.                                                  |
| **Show Timeline as Table**     | Include the incident timeline.                                                                                 |
| **Show Action Items as Table** | Include follow-up action items.                                                                                |
| **Skip on Failure**            | Prevent the workflow from stopping if this action fails.                                                       |
| **Enabled**                    | Toggle this action on or off for testing.                                                                      |

## Variable Reference

Use these variables in page titles and templates. Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables with real incident data.

### Incident Variables

| Variable                  | Description                    |
| ------------------------- | ------------------------------ |
| `incident.title`          | Incident title                 |
| `incident.summary`        | Incident summary               |
| `incident.severity`       | Severity level (e.g., SEV1)    |
| `incident.status`         | Current status                 |
| `incident.started_at`     | When the incident started      |
| `incident.resolved_at`    | When the incident was resolved |
| `incident.commander.name` | Incident commander name        |
| `incident.url`            | Link to the incident in Rootly |

### Notion Variables

| Variable                   | Description                                                  |
| -------------------------- | ------------------------------------------------------------ |
| `incident.notion_page_id`  | ID of the incident's Notion page — used in the Update action |
| `incident.notion_page_url` | URL to the Notion page                                       |

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="The workflow ran but no Notion page was created" icon="circle-exclamation">
    Check the workflow run log under **Workflows → Your Workflow → View Runs** for error details. Confirm the parent page selected in the action is one Rootly was granted access to during installation. Re-authorize the integration if the connection has expired.
  </Accordion>

  <Accordion title="Manual edits to my Notion page keep getting overwritten" icon="triangle-exclamation">
    The Update Notion Page action is a full overwrite. If you need to preserve manual edits, disable any workflows that trigger an update on that page, or add conditions to prevent them from running after a certain point in the incident lifecycle.
  </Accordion>

  <Accordion title="Can I use custom Liquid templates for the page content?" icon="code">
    Yes — define a custom retrospective template in [Retrospective Templates](https://rootly.com/account/retrospective-steps?tab=documents) and select it in the Post Mortem Template field. Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to build and test your template.
  </Accordion>

  <Accordion title="Why are images not appearing in the timeline?" icon="image">
    Notion does not support images inside tables. Uncheck **Show Timeline as Table** to render the timeline inline, which will allow images to display correctly.
  </Accordion>
</AccordionGroup>


# OpenAI
Source: https://docs.rootly.com/integrations/openai

Connect your OpenAI account to Rootly to power AI-assisted incident workflows using your own API key, data agreements, and regional endpoint.

## Introduction

The OpenAI integration lets you connect Rootly to your organization's OpenAI account, using your own API key and Organization ID to power AI-assisted incident workflows. This gives your team control over model selection, data handling, and API usage under your organization's specific agreements with OpenAI — including data retention policies that may differ from Rootly's default OpenAI configuration.

With the OpenAI integration, you can:

* Generate AI-powered summaries, analyses, and responses within incident workflows
* Send custom prompts to GPT and reasoning models with full Liquid template support
* Use a system prompt to define the model's role, tone, or output constraints
* Route requests through a regional OpenAI endpoint to meet data residency requirements
* Access OpenAI's reasoning models (`o1`, `o3`) with configurable reasoning effort and summary output

## Before You Begin

Before setting up the OpenAI integration, make sure you have:

* A Rootly account with permission to manage integrations
* An [OpenAI API key](https://platform.openai.com/api-keys) with the following permissions:
  * **Models** permission set to `Read`
  * **Model Capabilities** permission set to `Write`
* Your [OpenAI Organization ID](https://platform.openai.com/settings/organization/general)

We recommend creating a dedicated API key for Rootly rather than using a personal key. Your key is validated on save and encrypted at rest in Rootly.

## Installation

<Frame>
  <iframe />
</Frame>

<Steps>
  <Step title="Open the integrations page in Rootly" icon="plug">
    Navigate to the integrations page in your Rootly workspace and select **OpenAI**.
  </Step>

  <Step title="Enter your API key and Organization ID" icon="key">
    Paste your OpenAI API key and Organization ID into the respective fields. Rootly validates the credentials against the OpenAI API before saving.

    <Frame>
      <img alt="OpenAI integration setup in Rootly showing API key and Organization ID fields" />
    </Frame>
  </Step>

  <Step title="Select a regional host" icon="globe">
    Choose the OpenAI API host for your requests. The default is `api.openai.com`. If your organization requires data to stay within a specific region, select the appropriate regional endpoint:

    | Host                | Region         |
    | ------------------- | -------------- |
    | `api.openai.com`    | Default (US)   |
    | `us.api.openai.com` | United States  |
    | `eu.api.openai.com` | Europe         |
    | `gb.api.openai.com` | United Kingdom |
    | `ae.api.openai.com` | UAE            |
    | `au.api.openai.com` | Australia      |
    | `ca.api.openai.com` | Canada         |
    | `jp.api.openai.com` | Japan          |
    | `in.api.openai.com` | India          |
    | `sg.api.openai.com` | Singapore      |
    | `kr.api.openai.com` | South Korea    |
  </Step>

  <Step title="Integration connected" icon="circle-check">
    <Callout icon="circle-check">
      Your OpenAI integration is active. The **Create OpenAI Chat Completion** workflow action is now available in your incident and action item workflows.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Create OpenAI Chat Completion

Sends a prompt to an OpenAI model and captures the response as a workflow output. Supports both standard GPT models via the Chat Completions API and reasoning models (`o1`, `o3`) via the Responses API.

| Field             | Description                                                                | Required |
| ----------------- | -------------------------------------------------------------------------- | -------- |
| Model             | The OpenAI model to use — fetched from your account                        | Yes      |
| Prompt            | The user message — supports Liquid templating                              | Yes      |
| System Prompt     | Instructions for the model's role or behavior — supports Liquid templating | No       |
| Temperature       | Sampling temperature between `0.0` and `2.0` — controls randomness         | No       |
| Max Tokens        | Maximum number of tokens in the response                                   | No       |
| Top P             | Nucleus sampling probability between `0.0` and `1.0`                       | No       |
| Reasoning Effort  | For reasoning models: `minimal`, `low`, `medium`, or `high`                | No       |
| Reasoning Summary | For reasoning models: `auto`, `concise`, or `detailed`                     | No       |

<Callout icon="code">
  Use Liquid variables in your prompts to include live incident context — for example `{{ incident.title }}`, `{{ incident.severity }}`, and `{{ incident.description }}`. See the [Liquid variables reference](/liquid/incident-variables) for all available fields.
</Callout>

The **System Prompt** field sets the model's persona or output format — for example: *"You are an incident response assistant. Respond in bullet points. Be concise."*

**Reasoning models** (`o1-*`, `o3-*`) use the OpenAI Responses API instead of the Chat Completions API. When using these models, use **Reasoning Effort** to control how much compute the model uses before responding, and **Reasoning Summary** to control how much of that reasoning is surfaced in the output.

## Troubleshooting

<AccordionGroup>
  <Accordion title="The API key or Organization ID is rejected on save" icon="key">
    Rootly validates your credentials by making a test request to OpenAI. Confirm that the API key is active, has not been revoked, and has the correct permissions: **Models** set to `Read` and **Model Capabilities** set to `Write`. Also verify that the Organization ID matches the organization the API key belongs to.
  </Accordion>

  <Accordion title="The workflow action fails with an authentication error" icon="lock">
    If the integration was working and then stopped, the API key may have been rotated or revoked. Update the key in the integration settings — Rootly re-validates on save. Also confirm the Organization ID has not changed.
  </Accordion>

  <Accordion title="The workflow action fails with a rate limit error" icon="gauge-high">
    OpenAI enforces rate limits based on your usage tier. Running many concurrent workflows may exceed requests-per-minute or tokens-per-minute limits. Consider staggering workflows, reducing token usage with more focused prompts, or upgrading your OpenAI tier.
  </Accordion>

  <Accordion title="A model is not appearing in the model selector" icon="robot">
    The model list is fetched dynamically from your OpenAI account. Rootly filters for `gpt-*`, `o1-*`, and `o3-*` models. If a model you expect to see is missing, confirm your API key has access to it — some models require specific OpenAI tiers.
  </Accordion>

  <Accordion title="Reasoning model parameters are being ignored" icon="brain">
    Reasoning effort and reasoning summary only apply to `o1-*` and `o3-*` models using the Responses API. If you select a standard GPT model, these fields are ignored and only the Chat Completions parameters (temperature, max tokens, top p) apply.
  </Accordion>

  <Accordion title="Liquid variables are not rendering correctly in the prompt" icon="code">
    Check your Liquid syntax — unclosed tags or undefined variables can cause rendering failures. Use the [Liquid variables reference](/liquid/incident-variables) to confirm variable names and test your template in a low-stakes workflow first.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Build workflows that use OpenAI models to analyze, summarize, or respond to incidents.
  </Card>

  <Card title="Liquid Variables" icon="code" href="/liquid/incident-variables">
    Reference for all incident variables available in Liquid-templated prompts.
  </Card>

  <Card title="Rootly AI" icon="robot" href="/ai/ai">
    Learn about Rootly's built-in AI features for incident management.
  </Card>
</CardGroup>


# Opsgenie
Source: https://docs.rootly.com/integrations/opsgenie

Connect Opsgenie to Rootly to import services, sync alerts and incidents, automate response workflows, and gradually migrate from Opsgenie to Rootly On-Call.

<Warning>
  Atlassian has announced end of life for Opsgenie. If you're evaluating alternatives, see [how Rootly compares to Opsgenie](https://rootly.com/comparisons/opsgenie-vs-rootly-on-call).
</Warning>

## Introduction

The Opsgenie integration connects Rootly with your existing alerting and on-call workflows so teams can coordinate incidents across both platforms.

This integration is a strong fit for teams that already use Opsgenie for paging or alerting and want Rootly to act as the central system for incident coordination and response.

With the Opsgenie integration, you can:

* Import Opsgenie services into Rootly
* Create Rootly alerts from supported Opsgenie webhook events
* Create and update Opsgenie **alerts** from Rootly workflows, with automatic severity-to-priority mapping
* Create and update Opsgenie incidents from Rootly workflows and escalation actions
* Resolve linked Opsgenie incidents from Rootly
* Page Opsgenie teams from Slack when the Slack integration is enabled

## Before You Begin

Before installing the integration, make sure you have:

* A Rootly account with permission to manage integrations
* An Opsgenie account on a supported plan, such as Standard or Enterprise
* Access to create a **global** Opsgenie API integration key
* The correct Opsgenie API host for your workspace:
  * `api.opsgenie.com`
  * `api.eu.opsgenie.com`

<Note>
  We recommend using a dedicated service account so the integration does not break if an individual user leaves your organization.
</Note>

## Installation

<Steps>
  <Step title="Open the Opsgenie integration in Rootly" icon="plug">
    You can install the integration from the Rootly integrations page as a logged-in admin user.

    <Frame>
      <img alt="Opsgenie integration on the integrations page" />
    </Frame>
  </Step>
</Steps>

## Import or Link Services

<Steps>
  <Step title="Import or link Opsgenie services" icon="arrows-rotate">
    You can import your current Opsgenie services into Rootly or link existing Rootly services to Opsgenie services from the **Services** page.

    When a Rootly service is linked to Opsgenie, Rootly can use that relationship during incident escalation and sync workflows.

    <Frame>
      <img alt="Import or link Opsgenie services" />
    </Frame>
  </Step>
</Steps>

## Configure Opsgenie

To complete setup, create an API integration in Opsgenie and copy its credentials into Rootly.

<Steps>
  <Step title="Create a new Opsgenie integration" icon="plus">
    In Opsgenie, navigate to **Settings > Integrations > New Integration**.

    <Frame>
      <img alt="Opsgenie integrations page" />
    </Frame>

    Select the **API** integration tile.

    <Frame>
      <img alt="Opsgenie API integration tile" />
    </Frame>
  </Step>

  <Step title="Configure API access" icon="key">
    The API integration should include the access required for Rootly to read, create, and update incidents and related data.

    The API key must be a **global** key and cannot be scoped only to a single team.

    <Frame>
      <img alt="Opsgenie API integration configuration" />
    </Frame>
  </Step>

  <Step title="Copy the API key into Rootly" icon="copy">
    After saving the integration in Opsgenie, copy the API key into the Opsgenie integration settings in Rootly.

    <Frame>
      <img alt="Copy Opsgenie API key into Rootly" />
    </Frame>
  </Step>
</Steps>

## Configure Webhooks

Rootly can receive supported Opsgenie webhook events and turn them into alerts or linked incident activity.

Supported webhook actions include:

* `Create`
* `Acknowledge`
* `AssignOwnership`
* `Close`

<Steps>
  <Step title="Open webhook configuration in Opsgenie" icon="webhook">
    To configure webhook delivery in Opsgenie, add the Rootly webhook configuration shown during setup.

    <Frame>
      <img alt="Opsgenie webhook configuration" />
    </Frame>

    <Frame>
      <img alt="Opsgenie webhook settings" />
    </Frame>

    <Frame>
      <img alt="Opsgenie webhook details" />
    </Frame>
  </Step>
</Steps>

<Note>
  The webhook secret used for Rootly webhook delivery is separate from your Opsgenie API key. Make sure you copy the correct value into the webhook configuration.
</Note>

## How Sync Works

The Opsgenie integration supports both inbound and outbound workflows.

### Opsgenie to Rootly

When Opsgenie sends supported webhook events to Rootly, Rootly can create alerts and update linked incident activity.

In most cases, the `Create` action creates a Rootly alert from the Opsgenie alert payload. The `Acknowledge`, `AssignOwnership`, and `Close` actions can also add incident activity when the Opsgenie event is linked to a Rootly incident.

If an incoming Opsgenie event is already tied to a synced Rootly incident, Rootly may skip creating a duplicate alert.

### Rootly to Opsgenie

Rootly can create or update both Opsgenie **alerts** and **incidents** through workflows and escalation actions.

**Alerts** — Rootly can create and update Opsgenie alerts directly, targeting specific teams, users, escalation policies, or schedules. Rootly incident severity is automatically mapped to Opsgenie priority:

| Rootly Severity | Opsgenie Priority |
| --------------- | ----------------- |
| Critical        | P1                |
| High            | P2                |
| Medium          | P3                |
| Low             | P4                |
| Informational   | P5                |

**Incidents** — Rootly can also create or update Opsgenie incidents. This is commonly used when a Rootly incident needs to page an Opsgenie team or when a linked Opsgenie incident should be resolved after the Rootly incident is resolved.

## Default Workflows

When the integration is connected, Rootly can create default workflows to support common Opsgenie actions, such as:

* Adding Opsgenie on-call responders into the incident workflow
* Automatically resolving linked Opsgenie incidents when the Rootly incident is resolved

Review these workflows after installation so they match your team’s process.

## Auto Assign On-Calls to Incident Roles

If you want to automatically assign the on-call user from an Opsgenie schedule to an Incident Role, such as Commander, follow the setup guidance on the [PagerDuty integration page](/integrations/pagerduty).

## Re-Paging Existing Responders

By default, Rootly will not re-page responders who are already on an active Opsgenie alert or incident. If you want Rootly to re-page existing responders, enable **Re-page existing responders** in the Opsgenie integration settings.

## Paging Automatically via Workflows

You can use workflows to page different Opsgenie schedules and escalation policies based on incident conditions.

For example, you might page Infrastructure for SEV1 incidents and Security for incidents tagged with a security-related incident type.

<Steps>
  <Step title="Use workflows to automate Opsgenie paging" icon="bolt">
    Configure workflows to notify the correct Opsgenie targets based on incident severity, type, team, or other conditions.

    <Frame>
      <iframe />
    </Frame>
  </Step>
</Steps>

## Paging from Slack

If the Slack integration is enabled, responders can page Opsgenie teams directly from Slack.

<Steps>
  <Step title="Page Opsgenie from Slack" icon="slack">
    Use the Slack integration to trigger Opsgenie paging directly from the incident workflow in Slack.

    <Frame>
      <img alt="Page Opsgenie from Slack" />
    </Frame>
  </Step>
</Steps>

## Notes

* Large imports and webhook volume may be affected by Opsgenie API rate limits.
* Incoming webhook-created alerts are also subject to your Rootly alert limits.

## Uninstall

To remove the Opsgenie integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Outlook
Source: https://docs.rootly.com/integrations/outlook

Automatically schedule Microsoft Outlook calendar events from incident workflows — ideal for retrospectives, reviews, and follow-ups.

## Overview

Rootly's Outlook integration lets you schedule calendar events directly from incident workflows. The most common use case is automatically booking a retrospective meeting when an incident resolves, with attendees, description, and timing all populated from incident data.

<CardGroup>
  <Card title="Automated Scheduling" icon="wand-magic-sparkles">
    Trigger calendar event creation at any workflow step — on incident creation, escalation, or resolution.
  </Card>

  <Card title="Liquid Templating" icon="brackets-curly">
    Populate event titles, descriptions, and attendees dynamically using incident variables.
  </Card>

  <Card title="Smart Date Scheduling" icon="business-time">
    Schedule events a set number of days out, with optional weekend exclusion, so meetings always land on business days.
  </Card>

  <Card title="Teams Meeting Link" icon="link">
    Optionally attach a Microsoft Teams meeting link to the calendar event so attendees can join online.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You do **not** need to be an admin of your company's Microsoft account

<Warning>
  Use a **service account** rather than a personal Microsoft account. If the connected user leaves or loses access, the integration will stop creating calendar events.
</Warning>

## OAuth Permissions

When connecting, Rootly requests the following Microsoft permissions:

| Permission                   | Purpose                                                                                                        |
| ---------------------------- | -------------------------------------------------------------------------------------------------------------- |
| `offline_access`             | Keeps the integration connected without requiring re-authentication                                            |
| `User.Read`                  | Reads the connected account's profile and organization info                                                    |
| `Calendars.ReadWrite.Shared` | Creates and manages events across calendars the account has access to, including shared and delegate calendars |

## Installation

<Steps>
  <Step title="Open the Outlook integration in Rootly">
    Go to **Configuration → Integrations**, find **Outlook**, and click **Setup**.

    <Frame>
      <img alt="Outlook integration in the Integrations page" />
    </Frame>
  </Step>

  <Step title="Authorize with Microsoft">
    You'll be redirected to Microsoft to sign in. Review the permissions Rootly is requesting and click **Accept**.

    <Frame>
      <img alt="Microsoft OAuth permissions screen for Rootly Outlook" />
    </Frame>

    After authorizing, you'll be returned to Rootly and the integration will show as connected under the account's email address.
  </Step>
</Steps>

## Workflow Action

### Create an Outlook Event

Schedules a calendar event on the connected Outlook account. Commonly used to book a retrospective after incident resolution.

<Frame>
  <img alt="Create Outlook Event workflow action form" />
</Frame>

<ParamField type="select">
  The Outlook calendar to create the event on. Rootly fetches the list of available calendars from your connected account.
</ParamField>

<ParamField type="string">
  The event title. Supports [Liquid variables](/liquid/incident-variables) — for example, `Retrospective for {{ incident.title }}`. Maximum 200 characters.
</ParamField>

<ParamField type="string">
  The event body. Supports Liquid and Markdown. Maximum 200 characters.
</ParamField>

<ParamField type="array">
  Email addresses to invite. Supports Liquid — for example, `{{ incident.incident_lead | get: "email" }}` or `{{ incident.subscribers | map: "email" | join: "," }}`.
</ParamField>

<ParamField type="select">
  The timezone for the event's start and end times. The **Time of Meeting** value will be interpreted in this timezone.
</ParamField>

<ParamField type="integer">
  How many days from the workflow run to schedule the event. Range: 0–31. A value of `0` schedules the event for today.
</ParamField>

<ParamField type="string">
  The length of the event. Minimum 15 minutes. Accepts natural language — for example, `30min`, `1h`, `1h 30min`.
</ParamField>

<ParamField type="string">
  The start time in `HH:MM` format (24-hour). Interpreted in the timezone selected above. Defaults to `12:00`.
</ParamField>

<ParamField type="boolean">
  When enabled, weekend days are not counted when calculating the event date from **Days Until Meeting**. Defaults to `true`.
</ParamField>

<ParamField type="boolean">
  When enabled, attaches a Microsoft Teams meeting link to the calendar event.
</ParamField>

<ParamField type="boolean">
  Logs the created event to the incident timeline.
</ParamField>

<ParamField type="array">
  One or more Slack channels to share the event details to.
</ParamField>

<Tip>
  The most common setup is a workflow triggered on **incident resolved** that creates a retrospective event 3–5 business days out, with the incident lead and subscribers as attendees. Set **Exclude Weekends** to `true` so the meeting always lands on a weekday.
</Tip>

## Uninstall

To remove the Outlook integration:

1. Go to **Configuration → Integrations** and find **Outlook**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I schedule events on shared or delegate calendars?" icon="circle-question">
    Yes. The `Calendars.ReadWrite.Shared` permission gives Rootly access to any calendar the connected account can manage, including shared and delegate calendars. These will appear in the **Calendar** dropdown in the workflow action.
  </Accordion>

  <Accordion title="What happens if Days Until Meeting lands on a weekend?" icon="circle-question">
    If **Exclude Weekends** is enabled, Rootly skips Saturday and Sunday when counting days, so the event will always land on a weekday. If disabled, the event will be scheduled on the weekend day.
  </Accordion>

  <Accordion title="Can I create multiple Outlook events for one incident?" icon="circle-question">
    Yes. There is no one-per-incident restriction. Each **Create an Outlook Event** workflow action creates a new calendar event independently.
  </Accordion>

  <Accordion title="What happens if the OAuth token expires?" icon="circle-question">
    Rootly automatically refreshes the token in the background using the stored refresh token. If refresh fails — for example, if the connected account's permissions were revoked — event creation will fail until you reconnect. This is why a service account is recommended.
  </Accordion>
</AccordionGroup>


# Overview
Source: https://docs.rootly.com/integrations/overview

Integrations connect Rootly with third-party services and internal tools to extend incident response, automation, and collaboration.

Integrations connect Rootly with the tools your teams already use, such as alerting platforms, collaboration tools, ticketing systems, and internal services.

By connecting these systems to Rootly, you can automate incident workflows, sync data across tools, reduce manual coordination, and keep responders working in the systems they already know.

## What Is an Integration?

An integration is a connection between Rootly and another system. That system might be a third-party product or custom software built by your organization.

Rootly supports a wide range of integrations across categories such as:

* Communication and collaboration
* Alerting and on-call
* Observability and monitoring
* Issue and project tracking
* Video conferencing
* Automation and AI

Popular examples include [PagerDuty](/integrations/pagerduty/pagerduty), [Jira](/integrations/jira/jira), [Zoom](/integrations/zoom/zoom), [Kubernetes](/integrations/kubernetes), and [GitHub](/integrations/github/github).

## How to Use This Section

Use the **Integrations** navigation on the left to browse available integrations by category.

Most integration sections include documentation for:

* Overview
* Installation or setup
* Workflow actions
* Alerting behavior, when supported
* Integration-specific configuration

If you are setting up a new integration, start with that integration’s main page and then follow any linked installation or workflow guides.

## Custom Integrations

If you want to connect Rootly to internal tooling or build your own integration, use the [API documentation](/api-reference/overview) to get started.

This is useful for organizations that want to extend Rootly with custom automation, internal systems, or proprietary workflows.

## Security

* Integration keys are encrypted at rest using AES 256-bit encryption and protected by TLS in transit.
* Key management is in place for encryption keys used by production services.

For stricter network controls, see the documentation for Rootly outbound IP allowlisting if your organization restricts incoming traffic by source IP.


# PagerTree
Source: https://docs.rootly.com/integrations/pager-tree

Connect PagerTree to Rootly for inbound alert webhooks, outbound paging, linked incident workflows, and automatic alert synchronization.

## Introduction

The PagerTree integration connects Rootly with PagerTree so teams can receive alert activity in Rootly and page responders from Rootly when incidents need escalation.

This integration is a good fit for teams that already use PagerTree for alerting or paging and want Rootly to act as the central place for incident coordination and workflow automation.

With the PagerTree integration, you can:

* Receive PagerTree alert activity in Rootly through outgoing webhooks
* Create and update Rootly alerts from PagerTree events
* Page PagerTree teams and users from Rootly
* Create PagerTree alerts from incident workflows
* Automatically resolve linked PagerTree alerts when Rootly incidents are resolved

## Before You Begin

Before installing the integration, make sure you have:

* A Rootly account with permission to manage integrations
* A PagerTree account with permission to create API keys
* Access to create an **Outgoing Webhook** integration in PagerTree
* The teams or users in PagerTree that you want Rootly to page

<Note>
  Rootly uses two separate credentials for this integration:

  * The **PagerTree API key** is used for Rootly-to-PagerTree API requests
  * The **Rootly webhook secret** is used when PagerTree sends webhook events into Rootly
</Note>

## Install the PagerTree Integration in Rootly

<Steps>
  <Step title="Add the PagerTree integration in Rootly" icon="plug">
    Open the integrations page in Rootly and choose **PagerTree**.

    From there, enter your PagerTree API key and save the integration.

    Rootly uses this API key to communicate with the PagerTree API for paging, alert creation, and alert updates.
  </Step>

  <Step title="Copy the webhook details from Rootly" icon="copy">
    After saving the integration, Rootly provides the webhook details you will need in PagerTree.

    You will use these values when configuring the PagerTree outgoing webhook:

    * The Rootly webhook URL
    * The Rootly webhook secret
  </Step>
</Steps>

## Configure PagerTree Outgoing Webhooks

PagerTree sends alert events to Rootly using an outgoing webhook. Rootly expects the standard PagerTree webhook payload and the correct Rootly webhook secret.

<Steps>
  <Step title="Create an Outgoing Webhook integration in PagerTree" icon="webhook">
    In PagerTree, create a new **Outgoing Webhook** integration.

    PagerTree’s outgoing webhook documentation is available here:

    [PagerTree Outgoing Webhook Guide](https://pagertree.com/docs/integration-guides/outgoing-webhook)
  </Step>

  <Step title="Use the Rootly webhook URL and secret" icon="key">
    Configure the outgoing webhook in PagerTree using the webhook URL provided by Rootly.

    Rootly typically expects the webhook secret to be included with the request, often as a `?secret=` query parameter on the webhook URL, unless the Rootly UI shows a different format for your workspace.

    If the secret does not match, Rootly rejects the request.
  </Step>

  <Step title="Keep the default PagerTree payload format" icon="code">
    Rootly expects the standard PagerTree outgoing webhook structure:

    ```json theme={null}
    {
      "type": "alert.created",
      "data": { ... }
    }
    ```

    If you customize the PagerTree webhook template, make sure it still includes the fields Rootly needs, especially:

    * `type`
    * `data`
    * Alert identifiers such as `id` and `sid`
    * Alert details such as `title`, `description`, `status`, and `urgency`
  </Step>
</Steps>

## Supported PagerTree Events

Rootly supports the following PagerTree webhook events:

* `alert.created`
* `alert.open`
* `alert.acknowledged`
* `alert.rejected`
* `alert.timeout`
* `alert.resolved`
* `alert.dropped`
* `alert.handoff`

These events can create or update Rootly alerts and, when linked to a Rootly incident, may also add incident activity in Rootly.

## How PagerTree Events Appear in Rootly

When PagerTree sends a supported webhook event to Rootly, Rootly stores and processes that event as PagerTree alert activity.

In most cases, Rootly uses the PagerTree alert data to create or update a Rootly alert with:

* The PagerTree alert ID as the external reference
* The alert title or description as the Rootly summary
* PagerTree status and urgency as labels
* A PagerTree alert URL for reference

If a PagerTree event is already associated with a synced Rootly incident, Rootly may skip creating a duplicate alert and instead add incident activity where appropriate.

## Severity and Urgency Mapping

When Rootly creates or updates PagerTree alerts via workflows, it maps Rootly incident severity to PagerTree severity levels:

| Rootly Severity | PagerTree Severity |
| --------------- | ------------------ |
| Critical        | SEV-1              |
| High            | SEV-2              |
| Medium          | SEV-3              |
| Low             | SEV-4              |

You can also set urgency explicitly when configuring a workflow action. Supported urgency values are `critical`, `high`, `medium`, `low`, and `auto` (lets PagerTree decide based on its own rules).

## Page PagerTree from Rootly

Rootly can also page PagerTree teams or users when incidents require escalation.

This is commonly used when:

* A Rootly incident needs to notify a PagerTree team
* A Slack-driven incident flow needs to escalate into PagerTree
* An incident workflow should automatically create a PagerTree alert

Rootly sends these requests to PagerTree using your configured API key.

## Default Workflows

When the PagerTree integration is connected, Rootly can create default workflows to support common PagerTree actions.

These workflows typically include:

* Creating a PagerTree alert when a Rootly incident is created
* Automatically resolving a linked PagerTree alert when the Rootly incident is resolved

After installation, review these workflows to make sure they match your team’s escalation process.

## Troubleshooting

<AccordionGroup>
  <Accordion title="PagerTree says the webhook is failing" icon="triangle-exclamation">
    This usually means Rootly is not accepting the webhook request. The most common cause is an incorrect or missing Rootly webhook secret. When the secret does not match, Rootly can return an error response such as HTTP 401.
  </Accordion>

  <Accordion title="No PagerTree events are appearing in Rootly" icon="eye-slash">
    Check the PagerTree outgoing webhook rules and confirm events are actually being sent to Rootly. Custom webhook rules or ignored events in PagerTree can prevent delivery.
  </Accordion>

  <Accordion title="The alert data in Rootly looks incomplete" icon="file-circle-question">
    If you customized the PagerTree outgoing webhook payload, make sure it still includes the standard fields Rootly expects, including the event type and alert data object.
  </Accordion>

  <Accordion title="Why am I seeing duplicate or unexpected alert behavior?" icon="copy">
    PagerTree may retry failed webhook deliveries, and according to PagerTree’s webhook documentation those retries can happen multiple times. Rootly also uses PagerTree alert identifiers to determine how events should be created or updated, so retries and identifier reuse can affect how alerts appear.
  </Accordion>

  <Accordion title="Why did alerts stop appearing after working before?" icon="circle-exclamation">
    If webhook delivery is succeeding but new alerts are no longer being created, check whether your Rootly workspace has reached its alert limits. Incoming PagerTree alerts are still subject to your Rootly plan limits.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Alert Workflows" icon="bolt" href="/workflows/alert-workflows">
    Automate incident creation, notifications, and follow-up actions for alerts.
  </Card>

  <Card title="Slack Integration" icon="slack" href="/integrations/slack">
    Page and manage incidents from Slack when Slack is part of your incident workflow.
  </Card>

  <Card title="Incidents" icon="triangle-exclamation" href="/incidents">
    Learn how incidents are created, updated, and escalated in Rootly.
  </Card>
</CardGroup>


# Alerts
Source: https://docs.rootly.com/integrations/pagerduty/alerts

Configure Rootly to ingest supported PagerDuty webhook events as alerts and use alert workflows to create or update incidents automatically.

<Note>
  This page focuses on the PagerDuty-to-Rootly flow: supported PagerDuty webhook events are ingested as alerts in Rootly, and those alerts can then trigger alert workflows.
</Note>

## Overview

PagerDuty alerts in Rootly are powered by incoming webhook events. Once PagerDuty is configured to send supported events to Rootly, those events can appear as Rootly alerts and become the starting point for automation.

This is useful when you want PagerDuty activity to drive follow-up actions in Rootly, such as creating incidents, updating existing incidents, recording acknowledgement timing, or setting incident fields automatically.

## Before You Begin

Before building PagerDuty alert workflows, make sure you already have:

* A working [PagerDuty integration](/integrations/pagerduty/installation)
* PagerDuty webhooks configured so Rootly can receive supported PagerDuty events
* Familiarity with [Alert Workflows](/workflows/alert-workflows) in Rootly

<Note>
  PagerDuty events must first be received as alerts before any PagerDuty alert workflow can run.
</Note>

## Set Up the Workflow

PagerDuty events are ingested into Rootly as alerts, so the correct workflow type is **Alert**.

<Steps>
  <Step title="Choose the Alert workflow type" icon="bolt">
    Create a new workflow and select **Alert** as the workflow type.

    <Frame>
      <img alt="Choose Alert workflow type" />
    </Frame>

    This tells Rootly that the workflow should run in response to alert activity rather than incident, action item, or retrospective activity.
  </Step>

  <Step title="Use the Alert Created trigger" icon="circle-play">
    Select **Alert Created** as the workflow trigger.

    <Frame>
      <img alt="Choose Alert Created trigger" />
    </Frame>

    In this pattern, the workflow starts when Rootly creates a new alert from a supported PagerDuty webhook event.
  </Step>

  <Step title="Add PagerDuty-specific run conditions" icon="filter">
    Configure the workflow so it only runs for PagerDuty alerts you actually want to automate.

    A typical setup starts with:

    * **Alert source** is `Pagerduty`
    * **Alert labels** contain the PagerDuty event type you want to react to
    * Optional payload filtering if you need more precise matching

    <Frame>
      <img alt="Configure PagerDuty alert workflow conditions" />
    </Frame>
  </Step>
</Steps>

## Recommended Run Conditions

PagerDuty alerts in Rootly include label values that make it easier to target specific event types without relying only on payload filtering.

A common pattern is to match on the alert source first, then use `action:` labels to decide which PagerDuty event should trigger the workflow. You can also add `service_id:` if you only want the workflow to run for alerts from a particular PagerDuty service.

Common examples include:

* **New PagerDuty incident triggered**
  * `action:incident.triggered`
  * Optional: `service_id:PLVWMVW`

* **Existing PagerDuty incident acknowledged**
  * `action:incident.acknowledged`
  * Optional: `service_id:PLVWMVW`

* **Existing PagerDuty incident resolved**
  * `action:incident.resolved`
  * Optional: `service_id:PLVWMVW`

* **Responder added to an existing PagerDuty incident**
  * `action:incident.responder.added`

Other `action:` label values may also be available depending on the specific supported PagerDuty event being ingested.

## Filter by Payload When Needed

If labels are not specific enough, you can add payload-based filtering.

Use JSONPath to select the field from the alert payload, then compare it to a value or regular expression. This is helpful when your team only wants to react to PagerDuty events that match a certain property in the webhook payload.

For example:

* JSONPath: `$.object.specific_field`
* Match value: `/specific_value/i`

<Note>
  Many workspaces start with a single payload condition plus labels. Some teams may have support for multiple payload conditions, depending on feature availability.

  In most cases, it is better to filter by labels first and only use payload filters where labels are not enough.
</Note>

Helpful tools:

* [JSON Path Explorer](https://rootly.com/account/help/json-path-explorer)
* [Rubular](https://rubular.com/) for Ruby regular expressions

## Create a Rootly Incident from a PagerDuty Alert

Use the **Create Incident** action when you want a PagerDuty alert to declare a new incident in Rootly.

Because this action is being driven by an alert, dynamic values use the `{{ alert.<properties> }}` format. If you want the new Rootly incident to stay linked to the PagerDuty incident, include a custom mapping that stores the PagerDuty identifiers on the incident.

<Steps>
  <Step title="Add the Create Incident action" icon="triangle-exclamation">
    Add a **Create Incident** action to your alert workflow.

    This is the action that declares the Rootly incident when the PagerDuty alert arrives.
  </Step>

  <Step title="Map the PagerDuty identifiers onto the incident" icon="link">
    Add the following custom mapping so the new Rootly incident stays associated with the PagerDuty incident:

    ```json theme={null}
    {
      "pagerduty_incident_id": "{{ alert.data.data.id }}",
      "pagerduty_incident_number": "{{ alert.data.data.number }}",
      "pagerduty_incident_url": "{{ alert.external_url }}"
    }
    ```

    <Frame>
      <img alt="Create Incident action for PagerDuty alerts" />
    </Frame>
  </Step>
</Steps>

<Note>
  If alert grouping is enabled, Rootly skips incident creation for grouped alerts that are not the leader alert.
</Note>

## Update an Existing Rootly Incident from a PagerDuty Alert

Use the **Update Incident** action when the PagerDuty alert should modify an incident that already exists in Rootly.

The most important part of this setup is telling Rootly how to find the correct incident. For PagerDuty-driven updates, the standard pattern is to match on `pagerduty_incident_id`.

<Steps>
  <Step title="Add the Update Incident action" icon="arrows-rotate">
    Add an **Update Incident** action to the workflow for the PagerDuty event you want to handle.
  </Step>

  <Step title="Match on the PagerDuty incident ID" icon="fingerprint">
    Set the match fields as follows:

    * **Attribute to Match:** `pagerduty_incident_id`
    * **Attribute Value:** `{{ alert.data.data.id }}`

    <Frame>
      <img alt="Update Incident action for PagerDuty alerts" />
    </Frame>

    This tells Rootly which incident should be updated when the PagerDuty alert is processed.
  </Step>
</Steps>

## Use Custom Fields Mapping for Richer Automation

**Custom Fields Mapping** lets you set additional incident attributes dynamically. This field accepts JSON with embedded Liquid, which makes it useful for incident timestamps, role assignments, and custom form fields.

### Log acknowledgement time

Use this when the workflow is responding to an acknowledged PagerDuty incident:

```json theme={null}
{
  "acknowledged_at": "{{ alert.created_at }}"
}
```

<Note>
  Pair this with run conditions for `action:incident.acknowledged`.
</Note>

### Assign an incident role to the acknowledging user

You can map the PagerDuty acknowledging user back to a Rootly user by combining Liquid with custom JSON:

```liquid theme={null}
{% assign pd_user_email = team.pagerduty_users | find: 'id', alert.data.agent.id | get: 'email' %}
{% assign rootly_user_id = team.users | find: 'email', pd_user_email | get: 'id' %}

{
  "incident_role_assignments_attributes": {
    "0": {
      "incident_role_id": "801dd6f8-f810-4819-9c3c-e77bc7038581",
      "user_id": "{{ rootly_user_id }}"
    }
  }
}
```

<Note>
  Pair this with run conditions for `action:incident.acknowledged`.
</Note>

### Set a custom Rootly field

Example for a text field with a hard-coded value:

```json theme={null}
{
  "form_field_selections_attributes": [
    {
      "form_field_id": "e041106e-cb9a-404b-8ae1-51a1d6213a68",
      "value": "Nifty Gateway"
    }
  ]
}
```

Example using data from the alert payload:

```json theme={null}
{
  "form_field_selections_attributes": [
    {
      "form_field_id": "e041106e-cb9a-404b-8ae1-51a1d6213a68",
      "value": "{{ alert.data.organization.name }}"
    }
  ]
}
```

Replace that Liquid path with one that actually exists in your PagerDuty alert payload.

Example for a single-select or multi-select field:

```json theme={null}
{
  "form_field_selections_attributes": [
    {
      "form_field_id": "e041106e-cb9a-404b-8ae1-51a1d6213a68",
      "selected_option_ids": ["option_id"]
    }
  ]
}
```

## Important Notes

* Supported PagerDuty webhook events do not all behave the same way in Rootly
* Some accepted PagerDuty events may not create an alert at all, so there may be nothing for an alert workflow to trigger from
* `incident.triggered` alerts may be skipped if the PagerDuty incident is already linked to an existing Rootly incident
* PagerDuty webhook payload structure can differ by webhook version, so always verify your Liquid paths and payload fields before using them in production

## Debugging

If a workflow is not behaving as expected, open the workflow run details in Rootly by navigating to:

**... > View Runs > View**

Common errors include:

| Error Type                                            | Comment                                                                                                                                                                                                       |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `unknown attribute 'incident_property' for Incident.` | This usually means the incident property you are trying to set is not supported, is not enabled for workflows, or the syntax is incorrect. Verify the field name and confirm it can be set through workflows. |
| `unexpected token at '{ "incident_property": }'`      | This means the custom mapping syntax is invalid. Make sure your JSON is complete, properly quoted, and does not contain invalid syntax.                                                                       |


# Installation
Source: https://docs.rootly.com/integrations/pagerduty/installation

Install the PagerDuty integration, connect PagerDuty with OAuth, and configure webhook delivery for alert and incident activity in Rootly.

## PagerDuty Permissions

PagerDuty permissions in Rootly are tied to the PagerDuty user who completes the OAuth connection.

That means Rootly can only read from and write to the PagerDuty objects that the authenticated PagerDuty user has access to. Choose the PagerDuty account carefully, and use a service account when possible so the integration remains stable over time.

<Frame>
  <img alt="PagerDuty permissions during setup" />
</Frame>

## Install PagerDuty in Rootly

<Steps>
  <Step title="Open PagerDuty in the integrations catalog" icon="plug">
    Locate **PagerDuty** in the [Integrations catalog](https://rootly.com/account/integrations) and select **Setup**.

    <Frame>
      <img alt="PagerDuty in the Rootly integrations catalog" />
    </Frame>
  </Step>

  <Step title="Sign in to PagerDuty" icon="right-to-bracket">
    During setup, you will be prompted to sign in to PagerDuty or create a PagerDuty account if needed.

    <Frame>
      <img alt="PagerDuty sign-in prompt" />
    </Frame>
  </Step>

  <Step title="Authorize Rootly in PagerDuty" icon="shield-check">
    After signing in, grant Rootly permission to connect to your PagerDuty account.

    <Frame>
      <img alt="Grant Rootly permission in PagerDuty" />
    </Frame>
  </Step>

  <Step title="Complete the installation" icon="circle-check">
    Once authorization is complete, the PagerDuty integration is connected in Rootly.

    <Frame>
      <img alt="PagerDuty installation complete" />
    </Frame>
  </Step>
</Steps>

## Set Up PagerDuty Webhooks

PagerDuty webhooks allow Rootly to receive supported PagerDuty webhook events for alerts and incident-related activity.

<Note>
  Rootly attempts to create the webhook for you automatically if the authenticated PagerDuty user has permission to create webhooks. If not, you can still create the webhook manually in PagerDuty.
</Note>

### Via the PagerDuty Web UI

<Steps>
  <Step title="Open Generic Webhooks in PagerDuty" icon="webhook">
    In PagerDuty, navigate to **Integrations > Generic Webhooks**.

    <Frame>
      <img alt="PagerDuty Generic Webhooks page" />
    </Frame>
  </Step>

  <Step title="Create a new webhook" icon="plus">
    Select **+ New Webhook** to open the webhook creation form.

    <Frame>
      <img alt="Create a new PagerDuty webhook" />
    </Frame>
  </Step>

  <Step title="Enter the Rootly webhook settings" icon="sliders">
    Use the following configuration in PagerDuty:

    * **Webhook URL:** `https://webhooks.rootly.com/webhooks/incoming/pagerduty_webhooks`
    * **Scope Type:** Choose one of:
      * `Service` — only events for the selected service are sent to Rootly
      * `Team` — only events for the selected team are sent to Rootly
      * `Account` — events across the PagerDuty account are sent to Rootly
    * **Description:** Optional
    * **Custom Header Name:** `secret`
    * **Custom Header Value:** `<secret>`

    You can find the webhook URL and header secret in Rootly on the **Integrations > PagerDuty** setup screen.

    <Frame>
      <img alt="PagerDuty webhook URL and secret in Rootly" />
    </Frame>

    The webhook URL is shared across Rootly accounts. The `secret` value is unique to your Rootly account.

    <Frame>
      <img alt="PagerDuty webhook form completed" />
    </Frame>
  </Step>

  <Step title="Choose webhook event subscriptions" icon="list-check">
    Rootly supports the following PagerDuty webhook event types:

    ```text theme={null}
    incident.acknowledged
    incident.annotated
    incident.delegated
    incident.escalated
    incident.priority_updated
    incident.reassigned
    incident.reopened
    incident.resolved
    incident.responder.added
    incident.responder.replied
    incident.triggered
    incident.unacknowledged
    pagey.ping
    ```

    We recommend selecting the supported incident events relevant to your Rootly workflows.
  </Step>

  <Step title="Finish the webhook setup" icon="check">
    After completing the form, select **Add Webhook**.

    PagerDuty may display a PagerDuty-generated webhook secret as part of its confirmation flow. You do not need that value for the Rootly integration.

    <Frame>
      <img alt="PagerDuty webhook confirmation" />
    </Frame>
  </Step>
</Steps>

### Via the PagerDuty API

PagerDuty webhooks can also be created through the PagerDuty API.

Use the same Rootly endpoint and secret shown in the web UI setup:

* **URL:** `https://webhooks.rootly.com/webhooks/incoming/pagerduty_webhooks`
* **Header:** `secret: <TOKEN>`

You can find the secret token on the Rootly **Integrations > PagerDuty** setup screen.

Use the same supported event list shown above when configuring subscriptions.

## Next Steps

After installation, continue with:

<CardGroup>
  <Card title="Smart Defaults" icon="sliders" href="/integrations/pagerduty/smart-defaults">
    Review the default PagerDuty settings and recommended configuration options.
  </Card>

  ```js theme={null}
  incident.acknowledged
  incident.annotated
  incident.delegated
  incident.escalated
  incident.priority_updated
  incident.reassigned
  incident.resolved
  incident.responder.added
  incident.responder.replied
  incident.triggered
  incident.unacknowledged
  service.created
  service.deleted
  service.updated
  ```

  <Card title="Alerts" icon="triangle-exclamation" href="/integrations/pagerduty/alerts">
    Configure how Rootly ingests supported PagerDuty webhook events as alerts.
  </Card>
</CardGroup>


# PagerDuty
Source: https://docs.rootly.com/integrations/pagerduty/pagerduty

Connect PagerDuty to Rootly for service linking, on-call coordination, alert ingestion, and incident workflows across both platforms.

<Warning>
  For a more seamless and deeper on-call experience, consider using Rootly On-Call. See [how Rootly On-Call compares to PagerDuty](https://rootly.com/comparisons/pagerduty-vs-rootly-on-call).
</Warning>

## Introduction

The PagerDuty integration connects Rootly with PagerDuty so teams can coordinate incidents, alerts, and on-call response across both platforms.

This integration is a strong fit for teams that already use PagerDuty for alerting or on-call management and want Rootly to act as the central place for incident coordination, workflows, and response automation.

With the PagerDuty integration, you can:

* Import, link, and sync services from PagerDuty into Rootly
* View on-call personnel directly from Slack
* Page PagerDuty services, escalation policies, and users from Rootly
* Invite on-call responders into incidents and assign incident roles automatically
* Keep key incident and alert activity aligned between Rootly and PagerDuty
* Ingest supported PagerDuty webhook events as Rootly alerts

<Frame>
  <img alt="PagerDuty integration overview" />
</Frame>

## Before You Begin

Before setting up the PagerDuty integration, make sure you have:

* A Rootly account with permission to manage integrations
* A PagerDuty account with access to authorize integrations
* The services, escalation policies, or users you want Rootly to page
* Slack connected as well, if you want to use Slack-based on-call and paging flows

## Installation

Start with the [Installation page](/integrations/pagerduty/installation), which walks through connecting PagerDuty to Rootly and setting up the integration correctly.

## Smart Defaults

The PagerDuty integration includes commonly used default configuration options to help teams get started faster.

See the [Smart Defaults page](/integrations/pagerduty/smart-defaults) for details on recommended settings and default behaviors.

## Workflows

Rootly relies on workflows to automate how incidents interact with PagerDuty.

This includes actions such as:

* Paging responders from incident workflows
* Inviting on-call users into incidents
* Resolving PagerDuty incidents from Rootly
* Automating common escalation patterns

See the [Workflows page](/integrations/pagerduty/workflows) for setup guidance and examples.

# Import Teams

You can import PagerDuty teams into Rootly teams from the **Teams** page. This is useful when you want to align your Rootly team structure with your existing PagerDuty configuration.

Once imported, Rootly can use the team relationship during incident workflows, escalation actions, and on-call lookups.

# FAQs

Rootly can ingest supported PagerDuty webhook events as alerts. These alerts can then be used to drive incident automation, alert workflows, and incident updates in Rootly.

See the [Alerts page](/integrations/pagerduty/alerts) to learn how to configure alert ingestion and related automation.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="PagerDuty has incident management features too. How is this different?" icon="circle-question">
    PagerDuty and Rootly overlap in some areas, but Rootly provides a broader incident management experience with stronger coordination workflows, automation, retrospectives, stakeholder communications, and integrated on-call capabilities.
  </Accordion>

  <Accordion title="Should I keep using PagerDuty, or can Rootly replace it?" icon="repeat">
    With Rootly On-Call, Rootly can replace PagerDuty for many teams. If you are evaluating whether to consolidate tooling, see [how Rootly compares to PagerDuty](https://rootly.com/comparisons/pagerduty-vs-rootly-on-call).

    Rootly will continue to support PagerDuty for teams that want to keep using it as part of their incident response stack.
  </Accordion>

  <Accordion title="I do not use PagerDuty. Is that okay?" icon="shield-check">
    Yes. Rootly does not require PagerDuty. Many teams use Rootly alongside an on-call provider, but Rootly can still support incident management workflows even if your team does not use PagerDuty.
  </Accordion>

  <Accordion title="Why am I seeing 'Failed to authenticate. Reason: Invalid Credentials' when connecting PagerDuty?" icon="triangle-exclamation">
    This usually means the PagerDuty authorization did not complete successfully. Common causes include an inactive PagerDuty account, revoked authorization, or using the wrong PagerDuty account during setup.

    Re-authorize the integration and confirm your PagerDuty account is active. If the issue continues, contact [support@rootly.com](mailto:support@rootly.com) or use **Help > Chat with Us** in Rootly.
  </Accordion>
</AccordionGroup>


# Smart Defaults
Source: https://docs.rootly.com/integrations/pagerduty/smart-defaults

Use PagerDuty Smart Defaults to enable common incident and alert behaviors in Rootly without building every workflow from scratch.

## Overview

Smart Defaults help teams get started with the PagerDuty integration faster by preconfiguring common behaviors that would otherwise require manual workflow setup.

This is useful for teams that want a simpler PagerDuty setup in Rootly without having to build every automation from scratch on day one.

Smart Defaults cover two directions of activity:

* **Rootly to PagerDuty** for paging, inviting responders, and resolving linked PagerDuty incidents
* **PagerDuty to Rootly** for alert ingestion, Slack notifications, incident creation, and sync-related behaviors

To review or update these settings, go to **Integrations > PagerDuty > Configure**.

## Before You Begin

Before using PagerDuty Smart Defaults, make sure you have:

* A working [PagerDuty integration](/integrations/pagerduty/installation)
* PagerDuty services and escalation policies available if you want to page or invite on-call responders from Rootly
* Slack connected as well, if you want to use Slack-based invite or alert notification settings
* An understanding of your existing workflows if your team has already customized PagerDuty automation

If you also plan to use PagerDuty-to-Rootly sync or import features, make sure your PagerDuty services and teams are available in the connected PagerDuty workspace.

<Note>
  Smart Defaults simplify common PagerDuty use cases, but teams with existing custom workflows should review these settings carefully before making changes.
</Note>

## Rootly to PagerDuty

The first section of Smart Defaults controls actions that begin in Rootly and trigger behavior in PagerDuty.

<Steps>
  <Step title="Open the Rootly to PagerDuty settings" icon="sliders">
    In the PagerDuty configuration screen, locate the **Rootly to PagerDuty** section.

    <Frame>
      <img alt="Rootly to PagerDuty Smart Defaults" />
    </Frame>
  </Step>

  <Step title="Configure automatic paging on incident creation" icon="phone-volume">
    The **Auto-page on-call responder when an incident is created** setting allows Rootly to notify PagerDuty responders as soon as a Rootly incident is created.

    Rootly determines who to page based on the selected PagerDuty service or escalation policy.

    If both are configured, the selected escalation policy overrides the escalation policy linked to the selected service.

    The services and escalation policies shown in these dropdowns are imported from your connected PagerDuty workspace.
  </Step>

  <Step title="Configure automatic Slack invitations for on-call responders" icon="user-plus">
    The **Auto-invite on-call responder to new incident Slack channel** setting allows Rootly to invite PagerDuty on-call responders into the new incident Slack channel when the incident is created.

    Rootly determines who to invite using the selected PagerDuty service or escalation policy. If both are configured, the escalation policy overrides the one linked to the selected service.

    This setting requires Slack to be connected in Rootly.
  </Step>

  <Step title="Configure automatic resolution of linked PagerDuty incidents" icon="circle-check">
    The **Auto-resolve PagerDuty incident** setting allows Rootly to resolve the linked PagerDuty incident when the Rootly incident is resolved.

    This is a one-way action from Rootly to PagerDuty. If you want PagerDuty activity to create or update alerts in Rootly, see the [Alerts page](/integrations/pagerduty/alerts).
  </Step>
</Steps>

## PagerDuty to Rootly

The second section of Smart Defaults controls actions that begin in PagerDuty and affect Rootly.

<Steps>
  <Step title="Open the PagerDuty to Rootly settings" icon="arrows-rotate">
    In the PagerDuty configuration screen, locate the **PagerDuty to Rootly** section.

    <Frame>
      <img alt="PagerDuty to Rootly Smart Defaults" />
    </Frame>
  </Step>

  <Step title="Send supported PagerDuty alerts to Rootly" icon="triangle-exclamation">
    The **Send PagerDuty alerts to Rootly** setting allows Rootly to ingest supported PagerDuty webhook events as alerts.

    This depends on the PagerDuty webhook being configured correctly. To complete setup, follow the instructions on the [Installation page](/integrations/pagerduty/installation).

    This setting applies to supported PagerDuty webhook event types, not every possible PagerDuty event.
  </Step>

  <Step title="Notify a Slack channel when PagerDuty alerts arrive" icon="slack">
    The **Notify Slack channel of new PagerDuty alerts** setting allows Rootly to send PagerDuty alert messages into a selected Slack channel.

    Enable **Send PagerDuty alerts to Rootly** first, then choose the Slack channel you want Rootly to notify.

    You can use **Send Test** to verify that the Slack channel is configured correctly.

    Rootly refreshes Slack channels on a daily basis. If your channel does not appear in the dropdown, use **Refresh channels** to load the latest channels.

    If the selected channel is private, make sure the Rootly Slack bot has been added to that channel first.
  </Step>

  <Step title="Automatically create incidents from PagerDuty alerts" icon="bolt">
    The **Automatically create incidents in Rootly from PagerDuty alerts** setting allows Rootly to create incidents automatically from incoming PagerDuty alerts.

    This setting is useful for teams that want PagerDuty events to drive incident creation in Rootly, but it should be enabled intentionally since not every alert should necessarily become a Rootly incident.
  </Step>
</Steps>

## Additional PagerDuty Settings

Depending on your configuration, the PagerDuty integration can also include additional settings for:

* Default PagerDuty incident title and description values
* Service and team sync or import behavior
* Other PagerDuty-to-Rootly coordination options

Use these alongside Smart Defaults when you want a broader PagerDuty configuration beyond the most common automation patterns.

## Important Notes

* Smart Defaults simplify common PagerDuty use cases, but they do not replace every possible custom workflow
* Some Smart Default settings depend on Slack being connected in Rootly
* PagerDuty services and escalation policies used in these settings are imported from your PagerDuty workspace
* Automatically creating incidents from PagerDuty alerts should be reviewed carefully before enabling in production

## Related Pages

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/pagerduty/installation">
    Connect PagerDuty to Rootly and configure the webhook setup required for alert ingestion.
  </Card>

  <Card title="Workflows" icon="bolt" href="/integrations/pagerduty/workflows">
    Build more advanced PagerDuty automations when Smart Defaults are not enough.
  </Card>

  <Card title="Alerts" icon="triangle-exclamation" href="/integrations/pagerduty/alerts">
    Learn how Rootly ingests supported PagerDuty webhook events and uses them as alerts.
  </Card>
</CardGroup>


# Workflows
Source: https://docs.rootly.com/integrations/pagerduty/workflows

Use PagerDuty workflow actions in Rootly to page responders, assign incident roles, invite on-call users to Slack, and update linked PagerDuty incidents.

## Overview

Rootly’s PagerDuty integration uses workflows to automate how incidents interact with PagerDuty.

These actions let teams page on-call responders, assign incident roles, invite responders into Slack channels, update linked PagerDuty incidents, and post status updates back to PagerDuty.

If you are new to workflows in Rootly, start with the [Workflows](/workflows) documentation first.

<Frame>
  <img alt="PagerDuty workflow actions in Rootly" />
</Frame>

## Available Workflow Actions

The following workflow actions are available for the PagerDuty integration.

## Page PagerDuty On-Call

Use this action to page an on-call responder through PagerDuty. In practice, this creates or updates a PagerDuty incident from the Rootly incident.

<Note>
  In PagerDuty, paging is tied to incident creation and responder assignment.

  Each Rootly incident can only be linked to one PagerDuty incident.
</Note>

<Frame>
  <img alt="Document Image" />
</Frame>

<Steps>
  <Step title="Choose the PagerDuty service or responder target" icon="phone-volume">
    The **Service** field specifies which PagerDuty service should be paged.

    If you have imported PagerDuty services into Rootly, you may be able to reference them dynamically from the workflow configuration.

    PagerDuty requires every incident to be associated with a service.
  </Step>

  <Step title="Optionally target an escalation policy or specific users" icon="users">
    The **Escalation Policy** field lets you override the default escalation policy associated with the selected service.

    The **Users** field lets you page specific PagerDuty users instead of relying on the default service routing.
  </Step>

  <Step title="Set the PagerDuty incident details" icon="pen-to-square">
    Use these fields to control how the PagerDuty incident is created:

    * **Title**
    * **Urgency**
    * **Message**

    The **Message** field supports Liquid syntax.

    <Tip>
      Use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test Liquid values before adding them to your workflow action.
    </Tip>
  </Step>

  <Step title="Choose whether to reuse or create a new PagerDuty incident" icon="copy">
    The **Always Create New PagerDuty Incident on Page** setting controls what happens if the Rootly incident is already linked to a PagerDuty incident.

    If enabled, Rootly creates a new PagerDuty incident, but that new incident is not linked back to the Rootly incident.

    If disabled, Rootly continues using the existing linked PagerDuty incident and may add responders to that incident instead.

    <Warning>
      Adding responders to an existing PagerDuty incident may depend on PagerDuty plan capabilities such as coordinated responding.
    </Warning>
  </Step>
</Steps>

## AutoAssign Role from On-Call

Use this action to assign the current PagerDuty on-call responder to an Incident Role in Rootly.

<Frame>
  <img alt="AutoAssign Role from PagerDuty on-call" />
</Frame>

<Steps>
  <Step title="Choose the Incident Role" icon="user-tag">
    The **Incident Role** field determines which Rootly incident role should be assigned.

    To learn more about incident roles, see [Incident Roles](/managing-teams/incident-roles).
  </Step>

  <Step title="Choose exactly one PagerDuty lookup source" icon="route">
    Use one of the following as the source of truth for the on-call lookup:

    * A **Service**
    * An **Escalation Policy**
    * A **Schedule**

    For the clearest results, choose one source rather than trying to combine multiple sources in the same action.
  </Step>

  <Step title="Understand how escalation policy assignment works" icon="layer-group">
    When assigning from an escalation policy, Rootly looks up the on-call responders at the lowest active escalation level and assigns the first matching user found in Rootly.

    This action does not progress through the full escalation policy over time the way an actual page would.
  </Step>
</Steps>

## Invite On-Call to Slack Channel

Use this action to invite PagerDuty on-call responders into Slack channels.

<Frame>
  <img alt="Invite PagerDuty on-call responders to Slack" />
</Frame>

<Steps>
  <Step title="Choose exactly one PagerDuty lookup source" icon="user-plus">
    Use one of the following as the source of truth for who should be invited:

    * A **Service**
    * An **Escalation Policy**
    * A **Schedule**

    For the clearest results, choose one source rather than trying to combine multiple sources in the same action.
  </Step>

  <Step title="Choose the Slack channels" icon="slack">
    Use the **Channels** field to select one or more Slack channels to invite PagerDuty responders into.

    You can use:

    * `{{ incident.slack_channel_id }}` for the current incident channel
    * `{{ parent_incident.slack_channel_id }}` for the parent incident channel
  </Step>

  <Step title="Understand who gets invited" icon="users-viewfinder">
    When using a PagerDuty escalation policy, Rootly invites the on-call users at the lowest active escalation level rather than every user in the full policy.

    This keeps the invite behavior aligned with how Rootly looks up active on-call responders.
  </Step>
</Steps>

## Update PagerDuty Incident

Use this action to update an existing PagerDuty incident linked to the Rootly incident.

<Frame>
  <img alt="Update a PagerDuty incident from Rootly" />
</Frame>

<Steps>
  <Step title="Reference the linked PagerDuty incident" icon="link">
    Use **PagerDuty Incident ID** to specify which PagerDuty incident should be updated.

    Set this field to `{{ incident.pagerduty_incident_id }}` to reference the PagerDuty incident linked to the Rootly incident.
  </Step>

  <Step title="Update the incident details" icon="pen-to-square">
    You can update fields such as:

    * **Title**
    * **Status**
    * **Urgency**
    * **Priority**
    * **Escalation Level**

    The **Title** field supports Liquid syntax.

    The **Status** field can also be set to `auto` if you want PagerDuty status behavior to follow Rootly status logic.
  </Step>

  <Step title="Add a resolution message when resolving" icon="circle-check">
    Use **Resolution Message** when resolving the PagerDuty incident.

    This field is useful for adding final context or outcome details to the PagerDuty incident when Rootly closes it.

    Liquid support for this field may vary, so test the output before relying on dynamic values in production.
  </Step>
</Steps>

## Create PagerDuty Status Update

Use this action to add a status update message to the linked PagerDuty incident.

<Frame>
  <img alt="Create a PagerDuty status update from Rootly" />
</Frame>

<Steps>
  <Step title="Reference the linked PagerDuty incident" icon="link">
    Use **PagerDuty Incident ID** to specify which PagerDuty incident should receive the status update.

    Set this field to `{{ incident.pagerduty_incident_id }}` to target the linked PagerDuty incident.
  </Step>

  <Step title="Compose the status update message" icon="message">
    Use **Message** to define what should be posted into the PagerDuty incident notes or status updates.

    This field supports Liquid syntax.

    A common pattern is to post the latest Rootly incident event into PagerDuty.
  </Step>
</Steps>

## Important Notes

* Workflow actions can be combined to page, invite, assign, and synchronize activity across Rootly and PagerDuty
* Some PagerDuty actions depend on the PagerDuty plan and permissions of the connected account
* Rootly links only one PagerDuty incident to each Rootly incident
* Advanced teams can combine these actions with broader Rootly workflow conditions and branching logic

## Related Pages

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/pagerduty/installation">
    Connect PagerDuty to Rootly and configure the required authentication and webhook setup.
  </Card>

  <Card title="Smart Defaults" icon="sliders" href="/integrations/pagerduty/smart-defaults">
    Use common PagerDuty automation defaults without building every workflow manually.
  </Card>

  <Card title="Alerts" icon="triangle-exclamation" href="/integrations/pagerduty/alerts">
    Learn how Rootly ingests supported PagerDuty events as alerts.
  </Card>
</CardGroup>


# Personio
Source: https://docs.rootly.com/integrations/personio

Connect Personio to Rootly via iCal feed to overlay employee time off and PTO on on-call schedule timelines, surfacing coverage gaps in advance.

## Overview

Personio exposes your team's time-off calendar as an iCal feed. Point Rootly at that feed and vacations and PTO appear directly on top of your on-call schedule timeline. Shifts that overlap with someone's leave are highlighted, making it easy to create an override before the next page fires.

This is a read-only overlay. Personio stays the source of truth for time off; Rootly polls the feed in the background and keeps the schedule view current.

***

## Exporting the Calendar Feed from Personio

Personio maintains its own walkthrough for generating an iCal link, including which user role can generate one and where the link is surfaced in Personio's settings.

Follow [Personio's help article](https://support.personio.de/hc/en-us/articles/360000286117-Add-a-Personio-Calendar-via-an-iCal-link) to copy the iCal URL, then bring it back to Rootly for the next step.

***

## Adding the Feed to Rootly

Once you have the Personio iCal URL, the rest of the setup happens inside Rootly's schedules view.

<Steps>
  <Step title="Open The Holiday Calendars Menu">
    In the Rootly dashboard, go to **On-Call → Schedules**. In the calendar preview area, open the **Holiday calendars** dropdown.
  </Step>

  <Step title="Add A Holiday Calendar">
    Select **Add your team's holiday calendar**, then choose **Add a holiday calendar**.
  </Step>

  <Step title="Paste The Personio Feed URL">
    Paste the iCal URL you copied from Personio into the URL field.
  </Step>

  <Step title="Name The Calendar And Pick A Timezone">
    Give the calendar a descriptive name (for example, `Personio — EMEA PTO`) so teammates know what it represents. Select the appropriate timezone, or leave it blank to let Rootly infer it from the feed.
  </Step>

  <Step title="Save And Toggle On">
    Click **Add**. Rootly fetches the calendar and begins syncing automatically. Back in the schedule view, select the new feed from the **Holiday calendars** dropdown to overlay Personio time off on the on-call timeline.
  </Step>
</Steps>

<Tip>
  For the full behavior of holiday calendars in Rootly — conflict highlighting, recurring events, multi-region setups — see [Adding a Holiday Calendar](/on-call/holiday-calendar).
</Tip>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Personio time off isn't appearing in the schedule view" icon="eye-slash">
    The feed has to be toggled on per schedule preview. Open the **Holiday calendars** dropdown above the schedule and confirm the Personio feed is selected.
  </Accordion>

  <Accordion title="Events appear at the wrong times or on the wrong day" icon="clock">
    The calendar timezone determines how all-day events align with on-call shifts. Remove the calendar and re-add it with the correct timezone, or leave the timezone field blank to let Rootly infer it from the feed.
  </Accordion>

  <Accordion title="Recent changes in Personio aren't reflected in Rootly" icon="rotate">
    Rootly resyncs feeds periodically in the background, so a change made seconds ago may take a few minutes to appear.
  </Accordion>
</AccordionGroup>

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does this change my on-call schedule automatically?" icon="shield-check">
    No. Holiday calendars are read-only previews — they surface conflicts so you can decide whether to override, but they never reassign shifts.
  </Accordion>

  <Accordion title="Can I add more than one Personio feed?" icon="layer-group">
    Yes. If your team uses separate Personio calendars per department or region, add each as its own feed and toggle them on per schedule.
  </Accordion>

  <Accordion title="Does adding the feed require Personio admin access?" icon="user-shield">
    On the Rootly side, anyone with the **On-Call Admin** or **On-Call User** role can add a holiday calendar feed — see [Schedule Permissions](/on-call/schedules#permissions-access). The Personio side depends on your Personio account configuration; refer to the Personio help article for the specifics.
  </Accordion>
</AccordionGroup>


# Pulumi
Source: https://docs.rootly.com/integrations/pulumi

Manage Rootly resources as infrastructure as code using the official Pulumi provider for Node.js and TypeScript with full support for incident configurations.

## Introduction

The Rootly Pulumi provider lets you manage your Rootly configuration — severities, services, functionalities, on-call schedules, escalation policies, workflows, custom form fields, and more — as infrastructure as code using Pulumi. This allows you to version-control your Rootly configuration, apply changes through CI/CD pipelines, and keep your incident management setup consistent across environments.

The provider is built on top of the [Rootly Terraform provider](/integrations/terraform) and is available on the [Pulumi Registry](https://www.pulumi.com/registry/packages/rootly/installation-configuration/).

<Callout icon="circle-info">
  The Rootly Pulumi provider currently supports **JavaScript and TypeScript** only. Support for Python, Go, and .NET is not yet available.
</Callout>

## Before You Begin

Before setting up the Pulumi provider, make sure you have:

* [Pulumi CLI](https://www.pulumi.com/docs/install/) installed
* Node.js installed
* A Rootly API token — generate one in **Account** > **Manage API keys** > **Generate New API Key**

## Installation

<Steps>
  <Step title="Install the npm package" icon="download">
    Add the Rootly Pulumi package to your project:

    ```bash theme={null}
    npm install @rootly/pulumi
    ```

    Or with Yarn:

    ```bash theme={null}
    yarn add @rootly/pulumi
    ```
  </Step>

  <Step title="Install the provider plugin" icon="plug">
    Install the Pulumi provider binary:

    ```bash theme={null}
    pulumi plugin install resource rootly v0.0.2 \
      --server https://github.com/rootlyhq/pulumi-rootly/releases/download/v0.0.2
    ```
  </Step>

  <Step title="Configure your API token" icon="key">
    Set your Rootly API token. The recommended approach is to store it as an encrypted Pulumi secret:

    ```bash theme={null}
    pulumi config set rootly:apiToken YOUR_API_TOKEN --secret
    ```

    Alternatively, use an environment variable:

    ```bash theme={null}
    export ROOTLY_API_TOKEN=YOUR_API_TOKEN
    ```

    <Callout icon="triangle-exclamation">
      Always use `--secret` when setting the API token via `pulumi config` to ensure it is encrypted in your stack state. Never commit an unencrypted API token to version control.
    </Callout>
  </Step>
</Steps>

## Creating Resources

Import the provider and declare resources in your Pulumi program. The following example creates a set of severities, services, functionalities, and a workflow:

```typescript theme={null}
import * as rootly from "@rootly/pulumi";

// Severities
const sev0 = new rootly.Severity("sev0", {
  name: "SEV0",
  color: "#FF0000",
});

const sev1 = new rootly.Severity("sev1", {
  name: "SEV1",
  color: "#FFA500",
});

// Services
const apiService = new rootly.Service("api_service", {
  name: "production-api",
  color: "#800080",
});

// Functionalities
const checkout = new rootly.Functionality("checkout", {
  name: "Checkout",
  color: "#FFFFFF",
});
```

### Supported Resources

The provider supports the full range of Rootly configuration resources, including:

| Category                  | Examples                                                               |
| ------------------------- | ---------------------------------------------------------------------- |
| Incident classification   | `Severity`, `IncidentType`, `IncidentRole`                             |
| Services & infrastructure | `Service`, `Functionality`, `Environment`, `Team`                      |
| On-call                   | `Schedule`, `EscalationPolicy`                                         |
| Workflows                 | `WorkflowIncident`, `WorkflowActionItem`, and 200+ workflow task types |
| Forms & fields            | `FormField`, `FormFieldOption`                                         |
| Status pages              | `StatusPage`, `StatusPageTemplate`                                     |

For the full resource reference, see the [Pulumi Registry documentation](https://www.pulumi.com/registry/packages/rootly/api-docs/).

## Deploying Changes

Preview changes before applying them:

```bash theme={null}
pulumi preview
```

Apply your changes:

```bash theme={null}
pulumi up
```

Pulumi will show a diff of resources to be created, updated, or deleted before prompting for confirmation.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Authentication error: invalid API token" icon="key">
    Confirm your API token is set correctly. If using `pulumi config`, run `pulumi config get rootly:apiToken` to verify the value is present. If using the environment variable, confirm `ROOTLY_API_TOKEN` is exported in your shell. Check that the token has not been revoked in Rootly under **Account > Manage API keys**.
  </Accordion>

  <Accordion title="Provider plugin not found" icon="wrench">
    Run the plugin install command again to ensure the binary is present:

    ```bash theme={null}
    pulumi plugin install resource rootly v0.0.2 \
      --server https://github.com/rootlyhq/pulumi-rootly/releases/download/v0.0.2
    ```

    You can verify installed plugins with `pulumi plugin ls`.
  </Accordion>

  <Accordion title="Resource creation fails with a validation error" icon="triangle-exclamation">
    Check the error message from the Pulumi output — it typically includes the Rootly API response. Common causes include missing required fields (e.g., `name` or `color` on a Severity) or invalid field values. Cross-reference with the [Rootly API reference](/api-reference/overview) for valid field constraints.
  </Accordion>

  <Accordion title="Changes are not reflected in Rootly after pulumi up" icon="rotate">
    Run `pulumi refresh` to reconcile Pulumi's state with the actual state in Rootly. If resources were modified outside of Pulumi (e.g., via the Rootly UI), they may be out of sync with the Pulumi stack state.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Terraform" icon="code" href="/integrations/terraform">
    The Rootly Terraform provider — the Pulumi provider is built on top of it.
  </Card>

  <Card title="Rootly API" icon="code" href="/api-reference/overview">
    The Rootly API reference — all resources the provider manages are available here.
  </Card>

  <Card title="Pulumi Registry" icon="arrow-up-right-from-square" href="https://www.pulumi.com/registry/packages/rootly/installation-configuration/">
    Full resource reference and API docs on the Pulumi Registry.
  </Card>
</CardGroup>


# Quip
Source: https://docs.rootly.com/integrations/quip

Connect Quip to Rootly to automatically create and update retrospective documents from incidents using Genius workflows with templates and folder routing.

## Introduction

The Quip integration connects Rootly with your Quip workspace so teams can automatically create and update documents during and after incidents through Genius workflows.

With the Quip integration, you can:

* Automatically create Quip documents from incident workflows using retrospective templates or custom content
* Start documents from an existing Quip template
* Update existing Quip documents as an incident progresses
* Attach created documents directly to the incident record

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A Quip account with permission to create API keys in the Quip admin portal
* Access to [admin.quip.com](https://admin.quip.com)

<Callout icon="user-shield">
  We recommend installing with a dedicated service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Create a Quip API key" icon="key">
    Go to [admin.quip.com](https://admin.quip.com) and navigate to **Settings > Integrations**.

    <Frame>
      <img alt="Quip admin integrations page" />
    </Frame>

    Create a new API key with the following settings:

    * **Permissions**: `USER_READ` and `USER_WRITE`
    * **Redirect URI**: `https://rootly.com/auth/quip/callback`

    <Frame>
      <img alt="Quip API key configuration" />
    </Frame>

    <Callout icon="key">
      Copy the Client ID and Client Secret after creating the key — you will need both to complete the setup in Rootly.
    </Callout>
  </Step>

  <Step title="Open the Quip integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Quip**.

    <Frame>
      <img alt="Quip integration on the integrations page" />
    </Frame>
  </Step>

  <Step title="Enter your Quip credentials" icon="link">
    Paste the **Client ID** and **Client Secret** from Quip into the Rootly integration settings and save.

    <Frame>
      <img alt="Enter Quip credentials in Rootly" />
    </Frame>

    <Callout icon="circle-check">
      Once saved, the **Create a Quip Page** and **Update a Quip Page** workflow actions are available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Create a Quip Page

This action creates a new Quip document in a specified folder.

**Parent Folder**
The Quip folder where the document will be created. Leave blank to create in your private folder.

**Title**
The title of the Quip document. Defaults to `{{ incident.title }}`. Supports Liquid syntax.

<Callout icon="lightbulb">
  Use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer) to preview what Liquid variables return for your incidents.
</Callout>

**Quip Template**
Optionally select an existing Quip document to use as a starting template. The new document will be based on the content of the selected template.

**Retrospective Template**
Select a predefined Rootly retrospective template to populate the document body. Templates are managed on the [Retrospective Templates page](https://rootly.com/account/retrospective-steps?tab=documents).

<Callout icon="triangle-exclamation">
  If a Retrospective Template is selected, it overrides any content defined in the Custom Content field.
</Callout>

**Custom Content**
Define the document body manually. Supports Liquid syntax. Used when no Retrospective Template is selected.

**Mark Post Mortem as Published**
When enabled, marks the retrospective status as `published` after the document is created. Use this when follow-up notification workflows trigger on published retrospectives.

### Update a Quip Page

This action updates an existing Quip document with new content.

**File ID**
The Quip thread ID of the document to update. Supports Liquid syntax.

<Callout icon="info">
  When a **Create a Quip Page** action runs, Rootly stores the resulting document ID and URL on the incident record. Reference the file ID in subsequent update actions using Liquid variables.
</Callout>

**Title**
The updated title for the document. Supports Liquid syntax. Leave blank to keep the existing title.

**Content**
Additional content to append to the document. Supports Liquid syntax.

**Quip Template / Retrospective Template**
Re-render the document body using a Quip template or Rootly retrospective template.

## Uninstall

To remove the Quip integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Rippling
Source: https://docs.rootly.com/integrations/rippling

Sync Rippling time off into Rootly to overlay employee vacations and PTO on on-call schedule timelines, surfacing coverage gaps before pages fire.

## Overview

Rippling exposes your team's time-off calendar as a subscribe-able feed. Point Rootly at that feed and vacations and PTO appear directly on top of your on-call schedule timeline. Shifts that overlap with someone's leave are highlighted, making it easy to create an override before the next page fires.

This is a read-only overlay. Rippling stays the source of truth for time off; Rootly polls the feed in the background and keeps the schedule view current.

***

## Exporting the Calendar Feed from Rippling

Rippling exposes a subscribe-able time-off calendar URL. Their [short video tutorial](https://www.youtube.com/watch?v=XWZsfwbF0jg) walks through the exact UI path. If you can't access the video, open Rippling's Time Off module and look for the calendar-subscription or calendar-export option — that's the screen the video lands on. If the option is hidden by your role's permissions, ask a Rippling admin to generate the URL for you.

<Warning>
  The URL Rippling generates starts with the `webcal://` protocol. Rootly's holiday calendar field expects an `https://` URL — replace the `webcal://` prefix with `https://` before pasting it into Rootly.
</Warning>

***

## Adding the Feed to Rootly

Once you have the Rippling feed URL (with the `webcal://` prefix replaced by `https://`), the rest of the setup happens inside Rootly's schedules view.

<Steps>
  <Step title="Open The Holiday Calendars Menu">
    In the Rootly dashboard, go to **On-Call → Schedules**. In the calendar preview area, open the **Holiday calendars** dropdown.
  </Step>

  <Step title="Add A Holiday Calendar">
    Select **Add your team's holiday calendar**, then choose **Add a holiday calendar**.
  </Step>

  <Step title="Paste The Rippling Feed URL">
    Paste the rewritten `https://` URL from Rippling into the URL field.
  </Step>

  <Step title="Name The Calendar And Pick A Timezone">
    Give the calendar a descriptive name (for example, `Rippling — Company PTO`) so teammates know what it represents. Select the appropriate timezone, or leave it blank to let Rootly infer it from the feed.
  </Step>

  <Step title="Save And Toggle On">
    Click **Add**. Rootly fetches the calendar and begins syncing automatically. Back in the schedule view, select the new feed from the **Holiday calendars** dropdown to overlay Rippling time off on the on-call timeline.
  </Step>
</Steps>

<Tip>
  For the full behavior of holiday calendars in Rootly — conflict highlighting, recurring events, multi-region setups — see [Adding a Holiday Calendar](/on-call/holiday-calendar).
</Tip>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Rootly rejects the Rippling URL" icon="circle-xmark">
    Rippling generates URLs with a `webcal://` prefix that Rootly does not accept. Replace `webcal://` with `https://` and re-paste the URL.
  </Accordion>

  <Accordion title="Rippling time off isn't appearing in the schedule view" icon="eye-slash">
    The feed has to be toggled on per schedule preview. Open the **Holiday calendars** dropdown above the schedule and confirm the Rippling feed is selected.
  </Accordion>

  <Accordion title="Events appear at the wrong times or on the wrong day" icon="clock">
    The calendar timezone determines how all-day events align with on-call shifts. Remove the calendar and re-add it with the correct timezone, or leave the timezone field blank to let Rootly infer it from the feed.
  </Accordion>
</AccordionGroup>

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does this change my on-call schedule automatically?" icon="shield-check">
    No. Holiday calendars are read-only previews — they surface conflicts so you can decide whether to override, but they never reassign shifts.
  </Accordion>

  <Accordion title="Can I add more than one Rippling feed?" icon="layer-group">
    Yes. If different teams or regions maintain separate Rippling time-off views, add each generated feed as its own calendar in Rootly.
  </Accordion>

  <Accordion title="Why doesn't Rootly accept the `webcal://` URL directly?" icon="link">
    Holiday calendar feeds are fetched over standard HTTPS. The `webcal://` scheme is just a client-side handler hint — the underlying URL is identical when rewritten to `https://`.
  </Accordion>
</AccordionGroup>


# Rollbar
Source: https://docs.rootly.com/integrations/rollbar

Connect Rollbar to Rootly to ingest error monitoring events as alerts and automate incident creation from application errors, regressions, and exceptions.

## Introduction

The Rollbar integration connects Rootly with your Rollbar error monitoring so teams can receive error events as alerts in Rootly and automate incident response from application exceptions and regressions.

With the Rollbar integration, you can:

* Ingest Rollbar error events as Rootly alerts
* Automatically resolve Rootly alerts when Rollbar sends a `resolved_item` event
* Use alert workflows to create incidents when error thresholds are exceeded
* Filter and route alerts by environment, error level, and project

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with permission to manage integrations
* Admin access to your Rollbar project settings
* The webhook URL and secret from your Rootly Rollbar integration page

<Callout icon="info">
  You can find your webhook URL and secret by navigating to **Integrations > Rollbar > Configure** in Rootly.
</Callout>

## Installation

<Steps>
  <Step title="Open the Rollbar integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Rollbar**. Copy the webhook URL and secret shown in the configuration modal.
  </Step>

  <Step title="Open Rollbar notification settings" icon="bell">
    In Rollbar, navigate to your project notification settings:

    ```
    https://rollbar.com/<your-company-slug>/<your-project-slug>/settings/notifications/
    ```

    <Frame>
      <img alt="Rollbar project notification settings" />
    </Frame>
  </Step>

  <Step title="Add a Webhook notification" icon="webhook">
    Select **Webhook** from the list of notification channels.

    <Frame>
      <img alt="Rollbar webhook channel option" />
    </Frame>
  </Step>

  <Step title="Configure the webhook URL" icon="link">
    Enter the webhook URL from your Rootly Rollbar integration settings.

    <Frame>
      <img alt="Rollbar webhook URL configuration" />
    </Frame>

    <Frame>
      <img alt="Rollbar webhook configuration details" />
    </Frame>
  </Step>

  <Step title="Enable notification rules" icon="toggle-on">
    Select which Rollbar event types should be sent to Rootly. See the **Supported Events** section below for the full list of supported events.

    <Callout icon="triangle-exclamation">
      Rootly does not support **deploy** events. Enabling deploy notifications will result in those events being ignored.
    </Callout>

    <Frame>
      <img alt="Rollbar notification rules configuration" />
    </Frame>
  </Step>
</Steps>

## Supported Events

Rootly accepts the following Rollbar event types:

| Event              | Description                              |
| ------------------ | ---------------------------------------- |
| `new_item`         | A new error or issue is first seen       |
| `occurrence`       | An error occurrence is recorded          |
| `reactivated_item` | A previously resolved issue reactivates  |
| `reopened_item`    | A resolved issue is manually reopened    |
| `resolved_item`    | An issue is resolved in Rollbar          |
| `item_velocity`    | An issue exceeds an occurrence threshold |
| `exp_repeat_item`  | An issue repeats at an exponential rate  |
| `test`             | A test notification from Rollbar         |

<Callout icon="rotate">
  When Rootly receives a `resolved_item` event, the corresponding Rootly alert is automatically resolved. All other supported events create or update an alert in the open state.
</Callout>

## How Alerts Are Mapped

Rootly extracts the following fields from each Rollbar event:

* **Summary** — prefixed with `[New issue]` followed by the issue title
* **External ID** — the Rollbar item `id`, used to deduplicate and match resolve events
* **Labels** — `level`, `environment`, `type`, `status`, `total_occurrences`, and `project_id` are attached as Rootly alert labels

<Callout icon="tag">
  Rollbar `environment` and `level` values are available as alert labels in Rootly. Use them in workflow run conditions to route production critical errors differently from development warnings.
</Callout>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Rollbar events are not appearing in Rootly" icon="circle-exclamation">
    Confirm the webhook URL in Rollbar matches the one shown in your Rootly integration settings. Verify that at least one notification rule is enabled and that the rule conditions are being met by your Rollbar events.
  </Accordion>

  <Accordion title="Alerts are not resolving when an issue is resolved in Rollbar" icon="rotate">
    Ensure the `resolved_item` notification rule is enabled in Rollbar. Rootly only resolves alerts when it receives this specific event type. Manual resolutions in Rollbar that do not trigger the webhook will not resolve the corresponding Rootly alert.
  </Accordion>

  <Accordion title="Deploy events are creating unexpected behavior" icon="triangle-exclamation">
    Rootly does not process `deploy` events. If deploy notifications are enabled in Rollbar, those events will be received but ignored by Rootly. Disable the deploy notification rule in Rollbar to avoid unnecessary webhook traffic.
  </Accordion>

  <Accordion title="Test events are not appearing in Rootly" icon="flask">
    Rollbar `test` events are supported and should create a test alert in Rootly. If the test event is not appearing, verify the webhook URL and check that the integration is active in Rootly.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Rollbar integration, open the integrations panel in Rootly and select **Configure > Delete**.


# SCIM
Source: https://docs.rootly.com/integrations/scim

Automate user provisioning and group sync in Rootly using SCIM 2.0 from Okta, Microsoft Entra, Google Workspace, Keycloak, and other identity providers.

<Frame>
  <img alt="SCIM provisioning settings" />
</Frame>

## Introduction

SCIM (System for Cross-domain Identity Management) lets your identity provider automatically manage Rootly users and groups. When users are assigned or unassigned in your IdP, they are provisioned or deprovisioned in Rootly without any manual steps.

<Callout icon="triangle-exclamation">
  SCIM requires [SSO](/integrations/sso) to be configured first — the SCIM endpoint will not resolve until SSO setup is complete. SCIM and [Google Directory Sync](/integrations/google-directory-sync) are also mutually exclusive and cannot both be active at the same time.
</Callout>

## Before You Begin

Before connecting your IdP:

1. Complete [SSO setup](/integrations/sso) for your organization
2. Navigate to **Integrations > SSO** in Rootly and copy your **SCIM Token** — this is the Bearer token your IdP uses to authenticate SCIM requests
3. Note your **SCIM tenant URL**: `https://rootly.com/scim`

Rootly supports the following SCIM 2.0 operations:

| Resource | Supported Operations                                  |
| -------- | ----------------------------------------------------- |
| Users    | Create, read, update (PUT/PATCH), deactivate, delete  |
| Groups   | Create, read, update (PUT/PATCH), delete, member sync |

## Identity Provider Setup

Expand the section for your identity provider:

<AccordionGroup>
  <Accordion title="Okta" icon="lock">
    <Steps>
      <Step title="Enable SCIM provisioning" icon="plug">
        In Okta, navigate to **Applications > Rootly > Provisioning tab**. Under **Settings > Integrations**, click **Configure API Integration**, enter your SCIM Token, and save.

        <Frame>
          <img alt="Okta SCIM API integration configuration" />
        </Frame>
      </Step>

      <Step title="Enable Create and Deactivate users" icon="users">
        Go to **Provisioning > To App**, click **Edit**, and enable:

        * **Create Users** — provisions users when assigned to the Rootly app
        * **Deactivate Users** — removes users from Rootly when unassigned

        Ensure the **Default username** is set to **email**. If not, go to the **Sign on** tab, click **Edit**, and set **Application username** format to **email** under Credentials settings.
      </Step>

      <Step title="Push groups (optional)" icon="users-rectangle">
        To sync Okta Groups to Rootly:

        1. In Okta, navigate to **Directory > Groups** and create or select a group
        2. Go to **Applications > Rootly > Push Groups** tab
        3. Click **+Push Groups**, select the group, switch from **Create Group** to **Link Group**, and click **Save**
        4. In Rootly, go to **Integrations > SSO > Role Assignment** and map the Okta Group to a Rootly Role

        Every user added to that Okta Group will be provisioned in Rootly with the associated role.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="Microsoft Entra" icon="microsoft">
    Follow the official Microsoft tutorial for configuring SCIM provisioning with Rootly:

    [Microsoft Entra SCIM provisioning tutorial →](https://learn.microsoft.com/en-us/entra/identity/saas-apps/rootly-provisioning-tutorial)
  </Accordion>

  <Accordion title="Google Workspace" icon="google">
    Google Workspace has limited native SCIM support. The following workaround uses Google's Adobe app as a proxy for SCIM provisioning.

    <Steps>
      <Step title="Add a new Web and Mobile app" icon="plus">
        In Google Admin Console, navigate to **Apps > Web and mobile apps** and click **Add app**.

        <Frame>
          <img alt="Google Workspace add app" />
        </Frame>
      </Step>

      <Step title="Select the Adobe app" icon="magnifying-glass">
        Search for and select the **Adobe** app from the catalog.

        <Frame>
          <img alt="Google Workspace Adobe app selection" />
        </Frame>
      </Step>

      <Step title="Configure auto-provisioning" icon="gear">
        When prompted for SAML fields, enter `https://dummy.com/saml` for all values. When you reach the auto-provisioning step:

        * **SCIM Token**: your token from **Rootly > Integrations > SSO**
        * **Endpoint URL**: `https://rootly.com/scim`
        * Select a group of users to import, or leave empty to import all

        Enable the application — sync will begin shortly.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="Keycloak" icon="key">
    <Steps>
      <Step title="Install the SCIM extension" icon="download">
        Download the `keycloak-scim` JAR from the [releases page](https://github.com/mitodl/keycloak-scim/releases), place it in `/opt/keycloak/providers/`, and restart Keycloak.
      </Step>

      <Step title="Add SCIM as an event listener" icon="bell">
        Go to **Realm Settings > Events > Event Listeners** and add `scim` to the list. Save.
      </Step>

      <Step title="Create a SCIM federation provider" icon="plug">
        Navigate to **User Federation > Add provider > SCIM** and configure:

        | Field                 | Value                       |
        | --------------------- | --------------------------- |
        | UI display name       | `Rootly`                    |
        | SCIM 2.0 endpoint     | `https://rootly.com/scim`   |
        | Endpoint content type | `application/scim+json`     |
        | Auth mode             | `BEARER`                    |
        | Auth password/token   | Your SCIM Token from Rootly |

        Set the environment variable `SCIM_EMAIL_AS_USERNAME=true` — this ensures usernames are sent in email format, required for user matching in Rootly.
      </Step>

      <Step title="Enable propagation" icon="rotate">
        In the federation provider settings, enable:

        * **Enable user propagation**: On
        * **Enable group propagation**: On (optional)
        * **Log SCIM requests and responses**: On (recommended for debugging)
        * **Import action**: `CREATE_LOCAL`

        Optionally enable **Periodic full sync** or **Periodic changed users sync** for regular synchronization.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="Rippling" icon="bolt">
    Rippling supports SSO and SCIM provisioning for Rootly in a single step. Connect from the [Rippling app store](https://www.rippling.com/app-shop/app/rootly).
  </Accordion>
</AccordionGroup>

## Supported Attributes

### Users

| SCIM Attribute    | Rootly Field      | Notes                                                               |
| ----------------- | ----------------- | ------------------------------------------------------------------- |
| `userName`        | Email             | Required. Must be a valid email address.                            |
| `name.givenName`  | First name        |                                                                     |
| `name.familyName` | Last name         |                                                                     |
| `displayName`     | Preferred name    |                                                                     |
| `externalId`      | External ID       | Stored per SSO account, not globally                                |
| `active`          | Membership status | `false` removes the user's team membership                          |
| `emails`          | Email             | Primary work email                                                  |
| `phoneNumbers`    | Phone numbers     | Auto-verified on import; normalized with US as default country code |

### Groups

| SCIM Attribute | Rootly Field        | Notes                                     |
| -------------- | ------------------- | ----------------------------------------- |
| `displayName`  | Group name          |                                           |
| `externalId`   | External identifier |                                           |
| `members`      | Group members       | User and nested group types both accepted |

## Group Sync

SCIM groups pushed from your IdP can be synced to Rootly Groups. When enabled:

* **Create** — a pushed SCIM group creates a corresponding Rootly Group, or links to an existing one with the same name
* **Rename** — renaming a group in your IdP renames the linked Rootly Group
* **Members** — adding or removing members from a SCIM group updates Rootly Group membership

<Callout icon="circle-info">
  The **Sync SCIM groups to teams** toggle must be enabled by Rootly support. Contact [support@rootly.com](mailto:support@rootly.com) to enable it. Once enabled, any groups already pushed before the toggle was turned on will be automatically backfilled.
</Callout>

### Role Assignment via Groups

When **Assign roles to SCIM groups** is enabled, Rootly automatically assigns roles based on group membership. If a user belongs to multiple SCIM groups with different role configurations, the highest-weighted role is applied.

## SCIM Logs

All SCIM operations are logged. Go to **Integrations > SSO > SCIM Logs** to view a history of provisioning requests including resource type, event type, request URL, response status, and full request/response bodies (encrypted at rest). Use this to diagnose provisioning failures or verify that operations from your IdP are reaching Rootly.

## Troubleshooting

<AccordionGroup>
  <Accordion title="The SCIM endpoint is not resolving" icon="link">
    The SCIM endpoint only becomes active after SSO is fully configured. Complete SSO setup in **Integrations > SSO** and save before connecting your IdP's SCIM provisioning. Confirm you are using `https://rootly.com/scim` with no trailing slash.
  </Accordion>

  <Accordion title="Authentication errors from the IdP" icon="lock">
    The IdP authenticates with your SCIM Token as a Bearer token. Retrieve the current token from **Integrations > SSO** in Rootly and confirm it matches what your IdP has configured. Also confirm that SCIM is enabled in your SSO settings.
  </Accordion>

  <Accordion title="Users are not being provisioned" icon="user-slash">
    Confirm that the user is assigned to the Rootly application in your IdP, the `userName` attribute is a valid email address, **Create Users** is enabled in your IdP's provisioning settings, and the default username format is set to **email**. Check SCIM Logs for failed requests and their error details.
  </Accordion>

  <Accordion title="Deactivated users still appear in Rootly" icon="user">
    When a user is deactivated (`active: false`), Rootly removes their team membership but preserves the user record. If they still appear active, check SCIM Logs for a failed deactivation request.
  </Accordion>

  <Accordion title="Groups are not syncing to Rootly" icon="users">
    Group sync requires the **Sync SCIM groups to teams** toggle to be enabled by Rootly support. If it's not visible in your SSO settings, contact [support@rootly.com](mailto:support@rootly.com). Also confirm group push is configured in your IdP.
  </Accordion>

  <Accordion title="Phone numbers are not syncing" icon="phone">
    Phone number sync is a feature-flagged capability. Contact [support@rootly.com](mailto:support@rootly.com) to confirm it is enabled for your organization. Numbers are normalized using US as the default country code — include a country code prefix for non-US numbers.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="SSO" icon="lock" href="/integrations/sso">
    Configure SAML 2.0 single sign-on — required before enabling SCIM.
  </Card>

  <Card title="Google Directory Sync" icon="google" href="/integrations/google-directory-sync">
    Poll-based alternative to SCIM for Google Workspace organizations.
  </Card>

  <Card title="On-Call Schedules" icon="calendar" href="/on-call/schedules">
    Manage on-call schedules once users are provisioned via SCIM.
  </Card>
</CardGroup>


# SendGrid
Source: https://docs.rootly.com/integrations/sendgrid

Route Rootly workflow emails through your own SendGrid account to send from your company domain with full delivery visibility, tracking, and authentication.

## Overview

By default, Rootly sends workflow emails from `workflows@rootly.com`. Connecting SendGrid lets you route those emails through your own SendGrid account instead — so emails arrive from your company domain and you retain full delivery analytics in SendGrid.

<CardGroup>
  <Card title="Custom Sender Domain" icon="at">
    Send workflow emails from your own domain instead of Rootly's default address.
  </Card>

  <Card title="Delivery Analytics" icon="chart-line">
    Track opens, clicks, bounces, and delivery status directly in your SendGrid dashboard.
  </Card>

  <Card title="Works with Send Email Action" icon="paper-plane">
    All **Send an Email** workflow actions automatically route through SendGrid once connected — no changes needed to existing workflows.
  </Card>

  <Card title="API Key Validation" icon="key">
    Rootly validates your API key against the SendGrid API on connect, so misconfigurations are caught immediately.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You need a SendGrid account with permission to create API keys

## Installation

<Steps>
  <Step title="Create a SendGrid API key">
    In SendGrid, go to **Settings → API Keys** and create a new key. Select **Restricted Access** and enable **Full Access** for **Mail Send** only — no other scopes are needed.

    <Frame>
      <img alt="SendGrid API key permissions with Mail Send set to Full Access" />
    </Frame>

    Copy the API key — you won't be able to view it again after leaving the page.
  </Step>

  <Step title="Connect in Rootly">
    In Rootly, go to **Configuration → Integrations**, find **SendGrid**, and click **Setup**. Enter your API key and optionally set a **Default From** address.

    Rootly validates the key against the SendGrid API before saving. If the `mail.send` scope is missing, the connection will be rejected.
  </Step>
</Steps>

## Configuration

<ParamField type="string">
  Your SendGrid API key. Must have the `mail.send` scope. Stored encrypted at rest.
</ParamField>

<ParamField type="string">
  The sender email address used when no `From` is specified in a workflow action — for example, `incidents@yourcompany.com`. If left blank, the `From` field in each workflow action determines the sender.
</ParamField>

<Note>
  Once SendGrid is connected, all **Send an Email** workflow actions are automatically routed through it. The **From** field in the workflow action still controls the sender address per-email — the **Default From** here serves as a fallback.
</Note>

## Uninstall

To remove the SendGrid integration:

1. Go to **Configuration → Integrations** and find **SendGrid**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

After disconnecting, workflow emails will revert to Rootly's default delivery.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Do I need to change my existing workflows after connecting SendGrid?" icon="rotate">
    No. All **Send an Email** workflow actions automatically route through SendGrid once the integration is connected. No changes to existing workflows are required.
  </Accordion>

  <Accordion title="What's the minimum permission needed for the API key?" icon="key">
    Only `mail.send` (Full Access) is required. Rootly validates this on connect — if the scope is missing, the key will be rejected.
  </Accordion>

  <Accordion title="Can I use SendGrid and SMTP at the same time?" icon="shuffle">
    No. If both a SendGrid and an SMTP integration are connected, Rootly prefers SMTP. To use SendGrid, disconnect the SMTP integration first.
  </Accordion>

  <Accordion title="Will disconnecting SendGrid affect emails already sent?" icon="plug-circle-xmark">
    No. Emails already delivered are unaffected. After disconnecting, new workflow emails will revert to Rootly's default delivery method.
  </Accordion>
</AccordionGroup>


# Alert Workflows
Source: https://docs.rootly.com/integrations/sentry/alert-workflows

Create Sentry alert rules and use their payloads to build automated incident response workflows in Rootly, including routing, paging, and incident creation.

Once Sentry is connected, you define alert rules in Sentry that determine when to forward alerts to Rootly, then build workflows in Rootly that react to those alerts — declaring incidents, paging responders, and kicking off your response process automatically.

## Step 1: Create Alert Rules in Sentry

You'll start in Sentry by defining the alert rules that determine when an event should be forwarded to Rootly. These rules let you specify conditions based on error frequency, type, tags, severity, or any combination — so only the alerts that matter reach Rootly. Every alert that passes these conditions will land in Rootly's alert feed with the full Sentry payload attached.

<Steps>
  <Step title="Navigate to Alerts and create a new rule">
    In Sentry, go to **Issues → Alerts**, then click **Create Alert**.

    <Frame>
      <img alt="Navigate to Alerts and Create Alert in Sentry" />
    </Frame>
  </Step>

  <Step title="Choose your alert type and set conditions">
    Select the type of alert you want to create — for example, an **Error Alert** — then click **Set Conditions**.

    <Note>
      Set your conditions under the **When** and **If** fields. For example: trigger when an issue is seen more than 10 times in 1 hour, or when a specific tag like `environment:production` is present. The more precisely you scope these, the less noise your Rootly workflows will see.
    </Note>
  </Step>

  <Step title="Add Rootly as the action">
    Under the **Then** section, select **Rootly** as the action. This tells Sentry to forward the alert payload to Rootly whenever your conditions are met.

    <Frame>
      <img alt="Select Rootly as the action in Sentry alert rule" />
    </Frame>
  </Step>

  <Step title="Send a test notification">
    Use Sentry's **Send Test Notification** to fire a real test alert to Rootly. This sends a live payload so you can inspect exactly what fields are available before writing your workflow conditions.

    <Frame>
      <img alt="Send test notification in Sentry" />
    </Frame>
  </Step>
</Steps>

<Tip>
  The test alert will appear in **Rootly → Alerts**. Click on it to view the full payload — you'll use these fields when writing workflow conditions in the next step.
</Tip>

## Step 2: Build the Workflow in Rootly

With alerts now flowing into Rootly, you create a workflow that reacts to them. Rootly workflows let you inspect the incoming alert payload, apply conditions to filter which alerts should trigger a response, and chain together actions like creating an incident, paging on-call, or sending notifications. You only need one workflow per alert pattern — conditions handle the filtering.

<Steps>
  <Step title="Open Workflows and create a new workflow">
    In Rootly, go to **Workflows** and click **Create Workflow**.

    <Frame>
      <img alt="Create Workflow in Rootly" />
    </Frame>
  </Step>

  <Step title="Choose an Alert-based workflow type">
    Select the **Alert** workflow type. This workflow will trigger whenever Rootly receives an **alert** from any source — including Sentry. Conditions in a later step will narrow it down to Sentry alerts specifically.

    <Frame>
      <img alt="Select Alert workflow type in Rootly" />
    </Frame>
  </Step>

  <Step title="Configure workflow details">
    Give your workflow a clear name like "Create Incident for Sentry Errors".

    <Note>
      There are additional optional settings you can configure here, such as:

      * **Workflow description** — helps your team understand what this workflow does
      * **Repeat configuration** — controls whether the workflow can fire multiple times for the same alert
    </Note>
  </Step>

  <Step title="Set the trigger">
    The trigger defines which alert event activates this workflow.

    <Note>
      For **Alert** type workflows, two triggers are available:

      1. **Alert Created** — fires when a new alert is received from Sentry
      2. **Alert Status Updated** — fires when an existing alert changes state (e.g., resolved or acknowledged)
    </Note>

    Select **Alert Created** to run the workflow whenever a new Sentry alert arrives. Use **Alert Status Updated** if you want to automatically close an incident when Sentry marks the issue resolved.
  </Step>

  <Step title="Add conditions to match Sentry alerts">
    Conditions filter which alerts trigger the workflow. Use one of the following to match alerts from Sentry:

    <Tabs>
      <Tab title="Match by Source">
        <Card>
          Run this workflow if `any of` the following conditions are true:

          * **Source** is `Sentry`
        </Card>
      </Tab>

      <Tab title="Match by Payload">
        <Card>
          Run this workflow if `any of` the following conditions are true:

          * **Payload**: `actor.name` is `Sentry`
        </Card>
      </Tab>
    </Tabs>

    <Note>
      The Sentry alert payload contains many fields you can use for more advanced conditions — environment, project, level, tags, and more. Open the test alert you sent earlier to browse all available fields.
    </Note>
  </Step>

  <Step title="Add actions">
    Add one or more actions that should occur when the workflow is triggered. Common actions include:

    * **Create Incident** — declares an incident with context pulled directly from the alert payload
    * **Page Rootly On-Call** — immediately pages the on-call responder for the affected service
    * **Send SMS or Email** — notifies stakeholders outside of Slack

    <Tip>
      You can chain multiple actions depending on your response process — for example: create the incident, then page on-call, then post a message to a Slack channel.
    </Tip>
  </Step>

  <Step title="Save and activate the workflow">
    Click **Create Workflow**. The workflow is now active and will fire automatically on the next matching Sentry alert.

    <Frame>
      <img alt="Save Sentry alert workflow in Rootly" />
    </Frame>
  </Step>
</Steps>

## Step 3: Verify

Return to Sentry and trigger the alert rule again — or send another test notification. Confirm that the workflow activates inside Rootly and that the expected incident or action is created. You can monitor workflow execution in **Rootly → Workflows → Activity**.

<Frame>
  <img alt="Incident created in Rootly from a Sentry alert" />
</Frame>

## How Alert Fields Are Mapped

Rootly extracts the following fields from each Sentry alert type and makes them available as conditions and variables inside your workflows:

<ParamField type="event_alert">
  Issue title, issue ID, issue URL, error type, level, and project name. Supports automatic resolution — when Sentry sends a resolved event, Rootly resolves the corresponding alert.
</ParamField>

<ParamField type="metric_alert">
  Alert title, alert ID, and web URL. Does not support automatic resolution — must be resolved manually or via a workflow action.
</ParamField>

<ParamField type="labels">
  `level`, `type`, `project`, and `status` are extracted as labels on every alert where available. Use these as workflow conditions to filter by severity, environment, or state.
</ParamField>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Sentry alerts aren't appearing in Rootly" icon="circle-x">
    Confirm the Rootly app is installed in your Sentry organization and that the alert rule has Rootly set as an action. Verify the rule conditions are being met by triggering a test event.
  </Accordion>

  <Accordion title="Metric alerts aren't resolving automatically" icon="rotate">
    This is expected — metric alerts don't support automatic resolution. Resolve them manually or configure a workflow action to resolve them based on a follow-up Sentry event.
  </Accordion>

  <Accordion title="rootly_notification_target isn't paging anyone" icon="bell-slash">
    Check that the value follows `type:id` format exactly (e.g. `EscalationPolicy:abc-123`) and that the resource exists in Rootly. Setting the value to `none` disables paging. An invalid or missing resource is silently ignored.
  </Accordion>

  <Accordion title="rootly_urgency isn't being applied" icon="gauge">
    Confirm the value is a valid Rootly alert urgency ID belonging to your team. Invalid urgency IDs are silently ignored and no urgency will be assigned to the alert.
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/sentry/installation

Install the Rootly app in your Sentry organization to enable alert forwarding, error event ingestion, and incident creation from Sentry issues and alerts.

To start receiving Sentry alerts in Rootly, you install the Rootly app inside your Sentry organization. Once installed, Sentry can forward enriched alert payloads into Rootly, giving your workflows the real-time context they need to act.

Once the integration is installed, you can configure **Sentry alert rules** to send alerts to Rootly as they occur. These alerts will then trigger the appropriate **incident response workflows** you've set up in Rootly — an incident is declared, context flows in, responders are notified, and you're ready to act.

## Before You Begin

This setup involves two systems — Sentry and Rootly — so make sure you have the right access in both before starting. The installation takes about 5 minutes and only needs to be done once per Sentry organization.

<Warning>
  Before you start, make sure you have the following:

  * **Sentry:** Admin or Owner role in your Sentry organization — required to install third-party integrations
  * **Rootly:** Admin role — required to create and configure alert sources
  * An existing Sentry organization with at least one project set up
</Warning>

## Install Rootly in Sentry

Install the **Rootly integration** inside your Sentry organization. This allows Sentry to forward enriched alert payloads into Rootly, giving your Rootly workflows the real-time context they need.

<Steps>
  <Step title="Open Integrations in Sentry">
    Inside your Sentry organization, navigate to **Settings → Integrations** and search for **Rootly**.

    <Frame>
      <img alt="Rootly integration in Sentry integrations catalog" />
    </Frame>
  </Step>

  <Step title="Accept and install">
    Click **Accept & Install**. You'll be redirected to Rootly to complete the alert source setup.

    <Warning>
      Make sure you're logged into Rootly as an **Admin** before proceeding — the redirect will fail otherwise.
    </Warning>

    <Frame>
      <img alt="Accept and Install Rootly in Sentry" />
    </Frame>
  </Step>

  <Step title="Configure the alert source in Rootly">
    On the Sentry alert source page, enter a descriptive **Source Name** (e.g., "Sentry Alerts") and click **Save**. You can leave optional settings like Owning Team at their defaults and adjust them later.

    <Frame>
      <img alt="Configure Sentry alert source in Rootly" />
    </Frame>
  </Step>

  <Step title="Verify the installation">
    Switch back to Sentry and go to **Settings → Integrations**. Rootly should appear in your installed integrations list.

    <Frame>
      <img alt="Rootly listed as installed in Sentry" />
    </Frame>
  </Step>
</Steps>

<Tip>
  Rootly is now connected. Next, configure Sentry alert rules to forward alerts to Rootly and set up your incident response workflows.
</Tip>

## Alert Types

Rootly supports three Sentry alert types, each with different behavior.

### Issue Alerts

Issue alerts are tied to specific Sentry issues and support automatic resolution. When Sentry sends a resolved event, Rootly resolves the corresponding alert automatically.

You can configure the following directly in the Sentry alert rule action settings:

<ParamField type="string">
  Routes the alert to a specific Rootly resource for on-call paging. Format: `type:id` — for example, `EscalationPolicy:abc-123`.

  Supported types: `User`, `Group`, `EscalationPolicy`, `Service`. Set to `none` to disable paging entirely.
</ParamField>

<ParamField type="string">
  Sets the alert urgency in Rootly using the ID of a Rootly alert urgency. If not set or the ID is invalid, no urgency is assigned to the alert.
</ParamField>

### Metric Alerts

Metric alerts are threshold-based and do not support automatic resolution. When a metric alert fires, Rootly creates an alert in the open state. You must resolve it manually or through a workflow.

<Warning>
  Metric alerts do not auto-resolve. Rootly will not resolve a metric alert when the threshold returns to normal — you must resolve it manually or via a workflow action.
</Warning>

Metric alerts also support `rootly_notification_target` and `rootly_urgency` in the Sentry alert rule action settings.

### Issue (Legacy)

The `issue` resource type is a legacy format that's still supported but not recommended for new rules. New rules should use `event_alert` instead. Existing rules using the legacy type will continue to work without migration.

***

## Uninstall

To remove the Sentry integration from Rootly, go to **Configuration → Integrations**, find **Sentry**, click **Connected**, and select **Disconnect**.

<Warning>
  Disconnecting from Rootly does not remove the Rootly app from Sentry. To fully revoke access, also go to **Sentry → Settings → Integrations** and uninstall the Rootly app there.
</Warning>

***

## Next Steps

<CardGroup>
  <Card title="Create Alert Workflows" icon="diagram-project" href="/integrations/sentry/alert-workflows">
    Build workflows that automatically create incidents from incoming Sentry alerts
  </Card>
</CardGroup>


# Sentry
Source: https://docs.rootly.com/integrations/sentry/sentry

Use Sentry alerts and issues to trigger incidents in Rootly, page on-call responders, and streamline alert workflows from your application monitoring platform.

This integration enables you to ingest alerts from Sentry and automatically trigger incident response workflows in Rootly.

When something breaks, Sentry sends the alert to Rootly, and Rootly starts your alert workflow: an incident is declared, context flows in, responders are notified, and you're ready to act.

***

## Why use this integration?

<CardGroup>
  <Card title="Streamlined alert ingestion" icon="bullseye-arrow">
    Pull Sentry issues directly into Rootly with zero manual steps.
  </Card>

  <Card title="Customizable workflows" icon="sliders">
    Tailor Rootly workflows to fit your team's incident response processes.
  </Card>

  <Card title="Automatic incident creation" icon="circle-plus">
    Trigger incidents in Rootly automatically when your Sentry rules fire.
  </Card>
</CardGroup>

***

## At-a-Glance Workflow

```mermaid theme={null}
flowchart LR
  A[Sentry Issue / Alert] --> B[Rootly Alert Source]
  B --> C{Does threshold match?}
  C -- Yes --> D[Create Incident in Rootly]
  C -- No --> E[Attach to Existing Incident / Log as Alert]
```

***

## Next Steps

<CardGroup>
  <Card title="Install Rootly Inside Sentry" icon="plug" href="/integrations/sentry/installation">
    Add the Rootly integration from Sentry's Integrations page to forward alert payloads into Rootly.
  </Card>

  <Card title="Create Alert Workflows" icon="diagram-project" href="/integrations/sentry/alert-workflows">
    Use Sentry alert payloads to build workflows that auto-create incidents.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/service-now/installation

Install the Rootly ServiceNow integration via OAuth and configure Business Rule webhooks for bidirectional incident sync, field mapping, and ticket automation.

## Introduction

The ServiceNow integration connects Rootly with your ServiceNow instance bidirectionally. Rootly can create and update ServiceNow incidents through workflow actions, and ServiceNow can send incident events to Rootly as alerts using Business Rules.

With the ServiceNow integration, you can:

* Automatically create ServiceNow incidents from Rootly incidents
* Update ServiceNow incident priority, state, and custom fields as incidents evolve
* Receive ServiceNow incident events as Rootly alerts to trigger on-call paging
* Sync ServiceNow CMDB business applications to Rootly services

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A ServiceNow instance with admin access
* Permission to create OAuth Application Registry entries in ServiceNow

<Callout icon="user-shield">
  We recommend installing with a dedicated ServiceNow service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

### Part 1: Connect Rootly to ServiceNow (OAuth)

<Steps>
  <Step title="Open the ServiceNow integration in Rootly" icon="plug">
    Log into Rootly as an Admin and navigate to **Configurations > Integrations > ServiceNow**. Click **Setup**.

    <img alt="CleanShot 2025-05-13 at 11.16.39.png" />
  </Step>

  <Step title="Create an OAuth Application in ServiceNow" icon="key">
    Log into your ServiceNow instance as an Admin and navigate to **System OAuth > Application Registry**.

    <img alt="CleanShot 2025-05-13 at 11.19.50.png" />

    Click **New**, then select **Create an OAuth API endpoint for external clients**.

    <img alt="CleanShot 2025-05-13 at 11.25.24.png" />

    Fill in the following fields and click **Submit**:

    | ServiceNow Field | Value                                          |
    | ---------------- | ---------------------------------------------- |
    | `Name`           | `Rootly`                                       |
    | `Redirect URL`   | `https://rootly.com/auth/service_now/callback` |

    <img alt="CleanShot 2025-05-13 at 11.31.13.png" />
  </Step>

  <Step title="Copy credentials from ServiceNow to Rootly" icon="copy">
    Open the application you just created in ServiceNow and copy the **Client ID** and **Client Secret**.

    <img alt="CleanShot 2025-05-13 at 11.35.47.png" />

    <Callout icon="triangle-exclamation">
      When copying the **Client Secret**, you may need to unmask it by clicking the lock icon. Masked values sometimes do not copy correctly in ServiceNow.
    </Callout>

    Paste the Client ID, Client Secret, and your ServiceNow instance URL into the Rootly setup modal and click **Connect**.

    <img alt="CleanShot 2025-05-13 at 11.38.08.png" />
  </Step>

  <Step title="Authorize Rootly in ServiceNow" icon="circle-check">
    You will be redirected to ServiceNow to authorize the connection. Click **Allow**.

    <img alt="CleanShot 2025-05-13 at 11.43.07.png" />

    <Callout icon="circle-check">
      After authorization, the **Create a ServiceNow Incident** and **Update a ServiceNow Incident** workflow actions are available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

### Part 2: Receive ServiceNow Events in Rootly (Webhooks)

To receive ServiceNow incident events as Rootly alerts, configure a Business Rule in ServiceNow to send events to Rootly's webhook endpoint.

<Steps>
  <Step title="Get your webhook URL and secret from Rootly" icon="link">
    In Rootly, open the ServiceNow integration settings. Copy the **Webhook URL** and **Secret** values shown on the integration page.
  </Step>

  <Step title="Create a Business Rule in ServiceNow" icon="code">
    In ServiceNow, navigate to **System Definition > Business Rules**.

    <Callout icon="info">
      There are multiple Business Rules pages in ServiceNow. Make sure you select the one under **System Definition**.
    </Callout>

    Click **New** and fill in:

    | Field      | Value                                              |
    | ---------- | -------------------------------------------------- |
    | `Name`     | Any descriptive name (e.g. `Send to Rootly`)       |
    | `Table`    | `Incident [incident]`                              |
    | `Advanced` | Check this                                         |
    | `When`     | `After`                                            |
    | `Insert`   | Check to receive events when incidents are created |
    | `Update`   | Check to receive events when incidents are updated |
    | `Delete`   | Check to receive events when incidents are deleted |

    <img alt="CleanShot 2025-05-13 at 12.08.46.png" />

    Navigate to the **Advanced** tab and replace the script with the following:

    ```js theme={null}
    (function executeRule(current, previous /*null when async*/ ) {
        try {
            var r = new sn_ws.RESTMessageV2();
            r.setEndpoint("<insert webhook public URL>");
            r.setHttpMethod("post");
            r.setRequestHeader("secret", "<secret>");

            var usr = new GlideRecord('sys_user');
            usr.get('sys_id', current.getValue("caller_id"));
            var reported_by_email = usr.getValue('email');

            var number = current.getValue("number");
            var opened_at = current.getValue("opened_at");
            var impact = current.getValue("impact");
            var urgency = current.getValue("urgency");
            var short_description = current.getValue("short_description");
            var description = current.getValue("description");
            var category = current.getValue("category");
            var priority = current.getValue("priority");
            var sys_id = current.getValue("sys_id");
            var subcategory = current.getValue("subcategory");
            var state = current.getValue("state");

            var obj = {
                "number": number,
                "reported_by_email": reported_by_email,
                "opened_at": opened_at,
                "impact": impact,
                "urgency": urgency,
                "short_description": short_description,
                "description": description,
                "category": category,
                "priority": priority,
                "sys_id": sys_id,
                "subcategory": subcategory,
                "state": state
            };

            var body = JSON.stringify(obj);
            r.setRequestBody(body);

            var response = r.execute();
            var httpStatus = response.getStatusCode();
        } catch (ex) {
            var message = ex.message;
            gs.error("Error message: " + message);
        }

        gs.info("Webhook target HTTP status response: " + httpStatus);

    })(current, previous);
    ```

    Replace `<insert webhook public URL>` and `<secret>` with the values from the Rootly ServiceNow integration page.

    <img alt="CleanShot 2025-05-13 at 12.13.02.png" />

    Click **Submit**.
  </Step>
</Steps>

### How Alerts Are Mapped

Each ServiceNow event received creates a Rootly alert with the following fields:

| Rootly Alert Field | ServiceNow Source                                      |
| ------------------ | ------------------------------------------------------ |
| Summary            | `short_description`, then `description`, then `number` |
| External ID        | `sys_id`                                               |
| External URL       | `url` (if provided in payload)                         |

Alert labels:

| Label         | ServiceNow Field |
| ------------- | ---------------- |
| `id`          | `sys_id`         |
| `number`      | `number`         |
| `impact`      | `impact`         |
| `urgency`     | `urgency`        |
| `category`    | `category`       |
| `subcategory` | `subcategory`    |
| `state`       | `state`          |

## Using ServiceNow as an Alert Source

If your org uses Rootly On-Call, ServiceNow alerts can be used to page on-call users. Once the Business Rule is configured, alerts from ServiceNow will appear in your Rootly alert feed and can trigger on-call notifications through alert workflows.

<iframe />

## Uninstall

To remove the ServiceNow integration, navigate to **Configuration > Integrations > ServiceNow > Delete**.


# Workflows
Source: https://docs.rootly.com/integrations/service-now/workflows

Use Rootly workflow actions to create and update ServiceNow incident records from Rootly incidents with field mapping, assignment groups, and category support.

## Overview

The ServiceNow integration provides workflow actions for creating and updating ServiceNow incidents from Rootly. If you are unfamiliar with how Genius workflows work, visit the [Workflows](/workflows) documentation first.

## Available Workflow Actions

### Create a ServiceNow Incident

This action creates a new record in the ServiceNow `Incident` table (e.g. `INC0010001`) and links it to the Rootly incident.

| Field                     | Description                                                                                                   | Required |
| ------------------------- | ------------------------------------------------------------------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                                                                         |          |
| **Title**                 | Maps to `short_description` in ServiceNow. Supports Liquid                                                    | Yes      |
| **Description**           | Maps to `description` in ServiceNow. Supports Liquid                                                          |          |
| **Priority**              | Maps to `urgency`. **Auto** mirrors the incident severity                                                     |          |
| **Status**                | Maps to `state`. **Auto** mirrors the incident status                                                         |          |
| **Acts As User**          | Name or email of the ServiceNow user to set as caller when resolving. Only active when status is Resolved (6) |          |
| **Custom Fields Mapping** | JSON of additional ServiceNow fields. Merged directly into the incident payload. Supports Liquid              |          |

**Priority mapping (Auto)**

| Rootly Severity | ServiceNow Urgency |
| --------------- | ------------------ |
| Critical        | High (1)           |
| High            | High (1)           |
| Medium          | Medium (2)         |
| Low             | Low (3)            |

**Status mapping (Auto)**

| Rootly Status | ServiceNow State |
| ------------- | ---------------- |
| Started       | New (1)          |
| Mitigated     | In Progress (2)  |
| Resolved      | Resolved (6)     |

Available states: New (1), In Progress (2), On Hold (3), Resolved (6), Closed (7), Canceled (8).

<Callout icon="info">
  **Acts As User** triggers a Zendesk user lookup by first name, last name, or email. When matched, Rootly sets `caller_id`, `close_code`, and `close_notes` automatically. It only applies when the state is set to Resolved (6).
</Callout>

<Frame>
  <img alt="Document Image" />
</Frame>

***

### Update a ServiceNow Incident

This action updates an existing record in the ServiceNow `Incident` table.

<Callout icon="info">
  When a **Create a ServiceNow Incident** action runs, Rootly stores the resulting `sys_id` and incident number on the incident record. Reference them in subsequent update actions using Liquid variables.
</Callout>

| Field                     | Description                                                    | Required |
| ------------------------- | -------------------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                          |          |
| **Incident ID**           | ServiceNow `sys_id` of the incident to update. Supports Liquid | Yes      |
| **Title**                 | Updated `short_description`. Supports Liquid                   |          |
| **Description**           | Updated `description`. Supports Liquid                         |          |
| **Priority**              | Updated urgency level                                          |          |
| **Status**                | Updated incident state                                         |          |
| **Acts As User**          | Name or email of the caller to set when resolving              |          |
| **Custom Fields Mapping** | Updated custom field values as JSON. Supports Liquid           |          |

<Frame>
  <img alt="Document Image" />
</Frame>

***

## Common Custom Field Examples

### Work Notes (Internal)

Work notes are visible only to ServiceNow agents, not customers.

```json theme={null}
{
  "work_notes": "{{ incident.events[0].event_raw }}"
}
```

### Comments (Customer-Visible)

```json theme={null}
{
  "comments": "{{ incident.events[0].event_raw }}"
}
```

### Major Incident

```json theme={null}
{
  "assignment_group": "3De45d9ebc3b333200fe02c9bb34efc434",
  "major_incident_state": "proposed"
}
```

<Callout icon="triangle-exclamation">
  Major incident state changes may require specific ACL permissions in ServiceNow. See the [ServiceNow community](https://community.servicenow.com/community?id=community_question\&sys_id=fae73aeb1b7370900b8a9979b04bcb1a) for details.
</Callout>

***

## Add Configuration Items (CIs) to an Incident

Adding configuration items to a ServiceNow incident requires multiple API calls (one per CI). Use Rootly's **HTTP Client** workflow action with the ServiceNow Batch API to consolidate them into a single request.

<Frame>
  <img alt="Document Image" />
</Frame>

### Endpoint

```
POST https://<instance-domain>.com/api/now/v1/batch
```

### Headers

```json theme={null}
{
  "Accept": "application/json",
  "Content-Type": "application/json",
  "Authorization": "Basic {{ secrets.service_now_key_encoded }}"
}
```

<Callout icon="lightbulb">
  Store your Base64-encoded `username:password` as a [Rootly Secret](https://rootly.com/account/secrets) to keep credentials out of plain-text workflow configurations.
</Callout>

### Body

Each individual Table API call must have its `body` Base64-encoded. The following Liquid template dynamically generates one batch entry per service associated with the incident:

```json theme={null}
{
  "batch_request_id": "1",
  "rest_requests": [
{% for service in genius_workflow_run.newly_added_services %}
{% assign task_value = incident.service_now_incident_id %}
{% assign ci_item_value = service | get: 'service_now_ci_sys_id' %}
{% assign body_string = '{ "task": "' | append: task_value | append: '", "ci_item": "' | append: ci_item_value | append: '" }' %}
    {
      "id": "1{{ forloop.index }}",
      "headers": [{ "name": "Content-Type", "value": "application/json" }],
      "url": "/api/now/table/task_ci",
      "method": "POST",
      "body": "{{ body_string | base64_encode }}"
    }{% unless forloop.last %},{% endunless %}
{% endfor %}
  ]
}
```

<Callout icon="info">
  To use this template, each ServiceNow CI's `sys_id` must be linked to the equivalent Rootly service using the `service_now_ci_sys_id` field.
</Callout>

### Succeed On Status

Set to `200`. The ServiceNow Batch API returns `200` (not `201`) on success.


# SharePoint
Source: https://docs.rootly.com/integrations/sharepoint

Connect Microsoft SharePoint to Rootly to automatically create and update Word documents in SharePoint sites during incidents for retrospectives and reports.

## Introduction

The SharePoint integration connects Rootly with your Microsoft SharePoint environment so teams can automatically create and update Word documents in SharePoint sites through Genius workflows. Documents are created as `.docx` files in the SharePoint site and drive of your choice.

With the SharePoint integration, you can:

* Automatically create Word documents in SharePoint from incident workflows
* Populate documents using Rootly retrospective templates or custom Liquid content
* Update existing SharePoint documents as an incident progresses
* Navigate your SharePoint hierarchy — Sites, Drives, and Folders — to place documents precisely where you need them
* Attach created documents directly to the incident record

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A Microsoft 365 account with access to SharePoint
* Permission to authorize applications in your Microsoft tenant

<Callout icon="user-shield">
  We recommend installing with a dedicated service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the SharePoint integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **SharePoint**.
  </Step>

  <Step title="Authorize Rootly with Microsoft" icon="key">
    You will be redirected to Microsoft to sign in and grant Rootly the permissions required to access your SharePoint environment.

    Rootly requests the following Microsoft Graph permissions:

    | Permission            | Purpose                                                   |
    | --------------------- | --------------------------------------------------------- |
    | `offline_access`      | Maintain access without requiring re-authentication       |
    | `User.Read`           | Read your profile and basic organizational information    |
    | `Sites.Read.All`      | Read documents and list items across all site collections |
    | `Files.ReadWrite.All` | Read, create, update, and delete files you have access to |

    <Callout icon="info">
      Rootly uses `Files.ReadWrite.All` to create and update incident documents. `Sites.Read.All` is used to discover available sites and drives when configuring workflow actions.
    </Callout>

    Once authorized, the installation is complete.

    <Callout icon="circle-check">
      After authorization, the **Create a SharePoint Page** and **Update a SharePoint Page** workflow actions are available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Create a SharePoint Document

This action creates a new Word document (`.docx`) in a specified SharePoint location.

**Name**
The display name for this workflow action. Rename it to describe what the action does.

**Site**
The SharePoint site where the document will be created. Rootly discovers available sites from your Microsoft tenant.

**Drive**
The document library (drive) within the selected site. Each SharePoint site can have multiple drives.

<Callout icon="info">
  SharePoint organizes content as **Sites > Drives > Folders**. Select the Site first, then the Drive, and optionally a Folder within that Drive.
</Callout>

**Parent Folder**
The folder within the selected Drive where the document will be created. Leave blank to place the document in the root of the Drive.

**Title**
The title and filename of the Word document. Defaults to `{{ incident.title }}`. Supports Liquid syntax.

<Callout icon="lightbulb">
  Use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer) to preview what Liquid variables return for your incidents.
</Callout>

**Retrospective Template**
Select a predefined Rootly retrospective template to populate the document body. Templates are managed on the [Retrospective Templates page](https://rootly.com/account/retrospective-steps?tab=documents).

<Callout icon="triangle-exclamation">
  If a Retrospective Template is selected, it overrides any content defined in the Custom Content field.
</Callout>

**Custom Content**
Define the document body manually using HTML content. Supports Liquid syntax. Used when no Retrospective Template is selected.

**Mark Post Mortem as Published**
When enabled, marks the retrospective status as `published` after the document is created. Use this when follow-up notification workflows trigger on published retrospectives.

### Update a SharePoint Document

This action updates an existing SharePoint Word document with new content.

**File ID**
The SharePoint item ID of the document to update. Supports Liquid syntax.

<Callout icon="info">
  When a **Create a SharePoint Page** action runs, Rootly stores the resulting document ID and URL on the incident record. Reference the file ID in subsequent update actions using Liquid variables.
</Callout>

**Title**
The updated title for the document. Supports Liquid syntax. Leave blank to keep the existing title.

**Content**
Additional HTML content to append to the document. Supports Liquid syntax.

**Retrospective Template**
Re-render the document body using a Rootly retrospective template.

## Troubleshooting

<AccordionGroup>
  <Accordion title="The SharePoint integration is not showing available sites or drives" icon="circle-exclamation">
    Confirm the integration was authorized with an account that has access to the SharePoint sites you want to use. If your tenant has many sites, try searching by name in the site selector. Re-authenticating the integration may also refresh the available site list.
  </Accordion>

  <Accordion title="Document creation is failing with a permissions error" icon="lock">
    Verify that the authorized Microsoft account has write access to the target SharePoint drive and folder. The `Files.ReadWrite.All` permission grants access to files the authorizing user can access — it does not bypass SharePoint site permissions.
  </Accordion>

  <Accordion title="The created document is not appearing in SharePoint" icon="file-circle-question">
    Check the workflow run log in Rootly for any errors returned from the SharePoint API. Confirm the selected Site, Drive, and Folder exist and are accessible to the authorized account.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the SharePoint integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Shortcut
Source: https://docs.rootly.com/integrations/shortcut

Connect Rootly with Shortcut to automatically create and update stories and tasks from incidents, keeping engineering work and incident follow-up in sync.

## Introduction

The Shortcut integration connects Rootly with your Shortcut workspace so teams can automatically create and update stories through Genius workflows. Stories can be assigned to projects, epics, groups, owners, and workflow states — all driven by incident data.

With the Shortcut integration, you can:

* Automatically create Shortcut stories when incidents are declared or reach a certain state
* Create tasks within a Shortcut story to track action items
* Update story title, description, archivation status, and owner as incidents evolve
* Assign stories to epics, groups, and workflow states

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A Shortcut account with access to the workspace you want to use
* A Shortcut API token

<Callout icon="info">
  To generate a Shortcut API token, go to your Shortcut profile settings at **Settings > API Tokens > Generate Token**.
</Callout>

<Callout icon="user-shield">
  We recommend installing with a dedicated Shortcut service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the Shortcut integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Shortcut**.

    <Frame>
      <img alt="Document Image" />
    </Frame>
  </Step>

  <Step title="Enter your Shortcut API token" icon="key">
    Paste your Shortcut API token into the **API Key** field and select **Connect**.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Rootly validates the token against the Shortcut API. Once connected, the installation is complete.

    <Callout icon="circle-check">
      After installation, the **Create a Shortcut Story**, **Create a Shortcut Task**, **Update a Shortcut Story**, and **Update a Shortcut Task** workflow actions are available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Create a Shortcut Story

This action creates a new story in Shortcut.

| Field                      | Description                                                                       | Required            |
| -------------------------- | --------------------------------------------------------------------------------- | ------------------- |
| **Name**                   | Display name for this workflow action                                             |                     |
| **Workflow State**         | The workflow state to place the story in (e.g. Unstarted, In Progress)            | Yes (if no Project) |
| **Project** *(deprecated)* | Shortcut project to associate with. Prefer Workflow State for new configurations  |                     |
| **Group**                  | Shortcut team (group) to associate the story with                                 |                     |
| **Epic**                   | Shortcut epic to associate the story with                                         |                     |
| **Kind**                   | Story type: `bug`, `chore`, or `feature`                                          | Yes                 |
| **Title**                  | Story title. Defaults to `{{ incident.title }}`. Supports Liquid                  | Yes                 |
| **Description**            | Story description. Supports Liquid                                                |                     |
| **Assigned Owner**         | Shortcut member to assign as the story owner                                      |                     |
| **Due Date**               | Story due date. Supports Liquid                                                   |                     |
| **Archivation**            | Whether to archive the story. **Auto** mirrors the incident or action item status | Yes                 |

***

### Create a Shortcut Task

This action creates a task within an existing Shortcut story.

<Callout icon="info">
  When a **Create a Shortcut Story** action runs, Rootly stores the resulting story ID on the incident record. Reference it in subsequent task actions using Liquid variables.
</Callout>

| Field               | Description                                                                 | Required |
| ------------------- | --------------------------------------------------------------------------- | -------- |
| **Name**            | Display name for this workflow action                                       |          |
| **Parent Story ID** | Shortcut story ID to create the task under. Supports Liquid                 | Yes      |
| **Description**     | Task description. Supports Liquid                                           | Yes      |
| **Completion**      | Task completion status. **Auto** mirrors the incident or action item status | Yes      |
| **Assigned To**     | Shortcut member to assign the task to                                       |          |

***

### Update a Shortcut Story

This action updates an existing Shortcut story.

| Field              | Description                                                        | Required |
| ------------------ | ------------------------------------------------------------------ | -------- |
| **Name**           | Display name for this workflow action                              |          |
| **Story ID**       | Shortcut story ID to update. Supports Liquid                       | Yes      |
| **Title**          | Updated story title. Supports Liquid. Leave blank to keep existing |          |
| **Description**    | Updated story description. Supports Liquid                         |          |
| **Epic**           | Updated epic association                                           |          |
| **Assigned Owner** | Updated story owner                                                |          |
| **Due Date**       | Updated due date. Supports Liquid                                  |          |
| **Archivation**    | Updated archivation status                                         | Yes      |

***

### Update a Shortcut Task

This action updates an existing task within a Shortcut story.

| Field               | Description                                            | Required |
| ------------------- | ------------------------------------------------------ | -------- |
| **Name**            | Display name for this workflow action                  |          |
| **Parent Story ID** | Shortcut story ID containing the task. Supports Liquid | Yes      |
| **Task ID**         | Shortcut task ID to update. Supports Liquid            | Yes      |
| **Description**     | Updated task description. Supports Liquid              |          |
| **Completion**      | Updated completion status                              | Yes      |
| **Assigned To**     | Updated assignee                                       |          |

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Stories are not being created" icon="circle-exclamation">
    Confirm the API token is valid and belongs to a user with access to the target workspace. Re-entering the token in the integration settings will revalidate it. Also verify that either a Workflow State or Project is selected in the workflow action — one of these is required.
  </Accordion>

  <Accordion title="The workflow state or project is not appearing in the dropdown" icon="list">
    Shortcut loads available workflow states and projects from your authorized workspace. If your workspace has recently changed, try reconfiguring the workflow action to refresh the available options.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Shortcut integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Commands
Source: https://docs.rootly.com/integrations/slack/commands

Quick reference for all Rootly Slack commands, including incident creation, status updates, on-call paging, action items, timeline events, and roles.

Rootly provides slash commands to manage incidents directly from Slack. All commands work with both `/rootly` and `/incident` prefixes.

<Note>
  These commands are built-in and cannot be modified. To create custom commands that trigger your own workflows or forms, see [Custom Workflows](/integrations/slack/workflows/custom-workflows) and [Custom Forms](/configuration/custom-forms).
</Note>

***

## Quick Reference

| Icon | Meaning                    |
| ---- | -------------------------- |
| 🌐   | Works in any Slack channel |
| 🚨   | Requires incident channel  |

***

## Getting Started

| Command           | Description                              | Where |
| ----------------- | ---------------------------------------- | ----- |
| `/rootly connect` | Link your Slack account to Rootly        | 🌐    |
| `/rootly help`    | View available commands and descriptions | 🌐    |
| `/rootly support` | Report an issue to Rootly                | 🌐    |

***

## Create & View Incidents

| Command               | Description                                     | Where |
| --------------------- | ----------------------------------------------- | ----- |
| `/rootly new`         | Declare a new incident and create a channel     | 🌐    |
| `/rootly test`        | Create a test incident (not publicly announced) | 🌐    |
| `/rootly maintenance` | Schedule a maintenance window                   | 🌐    |
| `/rootly list`        | View up to 10 active incidents                  | 🌐    |
| `/rootly overview`    | Open incident control center                    | 🚨    |
| `/rootly catchup`     | Get AI-powered incident summary                 | 🚨    |

***

## Update Incidents

| Command              | Description                                 | Where             |
| -------------------- | ------------------------------------------- | ----------------- |
| `/rootly update`     | Edit incident fields (severity, type, etc.) | 🚨                |
| `/rootly summary`    | Add or edit incident summary                | 🚨                |
| `/rootly timeline`   | Add an event to the incident timeline       | 🚨                |
| `/rootly timestamps` | Edit status change timestamps               | 🚨                |
| `/rootly convert`    | Convert current channel to incident channel | 🌐 (non-incident) |

***

## Incident Status

| Command            | Description                | Where |
| ------------------ | -------------------------- | ----- |
| `/rootly status`   | Change incident status     | 🚨    |
| `/rootly mitigate` | Mark incident as mitigated | 🚨    |
| `/rootly resolve`  | Mark incident as resolved  | 🚨    |

***

## Teams & Services

| Command                     | Description                          | Where |
| --------------------------- | ------------------------------------ | ----- |
| `/rootly add team`          | Attach a team to the incident        | 🚨    |
| `/rootly add service`       | Tag impacted services                | 🚨    |
| `/rootly add functionality` | Tag impacted functionalities         | 🚨    |
| `/rootly add alert`         | Associate an alert with the incident | 🚨    |

***

## Roles & Assignments

| Command            | Description                                   | Where |
| ------------------ | --------------------------------------------- | ----- |
| `/rootly assign`   | Assign, add, or remove incident roles         | 🚨    |
| `/rootly escalate` | Escalate to PagerDuty, Opsgenie, or VictorOps | 🚨    |

***

## Action Items

| Command                   | Description                                 | Where |
| ------------------------- | ------------------------------------------- | ----- |
| `/rootly task`            | Create a task (to complete during incident) | 🚨    |
| `/rootly followup`        | Create a follow-up (post-incident action)   | 🚨    |
| `/rootly add action item` | Create a task or follow-up                  | 🚨    |
| `/rootly action items`    | View action items assigned to you           | 🚨    |

<Tip>
  Alias: `/rootly action` also works for viewing action items.
</Tip>

***

## On-Call & Paging

| Command          | Description                                 | Where                  |
| ---------------- | ------------------------------------------- | ---------------------- |
| `/rootly oncall` | View on-call schedules                      | 🌐                     |
| `/rootly page`   | Page a schedule, team, or escalation policy | 🌐 (with On-Call) / 🚨 |
| `/rootly alerts` | View all alerts                             | 🌐                     |

***

## Advanced

| Command                 | Description                                              | Where       |
| ----------------------- | -------------------------------------------------------- | ----------- |
| `/rootly manage fields` | Set values for custom incident fields                    | 🚨          |
| `/rootly integrations`  | Manage links to integrated tools (Jira, PagerDuty, etc.) | 🚨          |
| `/rootly statuspage`    | Publish an update to a status page                       | 🚨          |
| `/rootly feedback`      | Log feedback about the incident response                 | 🚨          |
| `/rootly duplicate`     | Mark incident as duplicate of another                    | 🚨          |
| `/rootly sub`           | Create a sub-incident                                    | 🚨 (parent) |
| `/rootly workflows`     | Manually trigger a workflow                              | 🚨          |

***

## Command Details

<AccordionGroup>
  <Accordion title="Creating Incidents">
    ### `/rootly new`

    Opens the incident creation form. Fill in title, summary, severity, and type. Rootly will:

    * Create a dedicated Slack channel
    * Post the initial incident message
    * Trigger configured workflows

    ### `/rootly test`

    Same as `/rootly new`, but the incident is marked as a test and won't be publicly announced. Use for training and workflow testing.

    ### `/rootly maintenance`

    Schedule planned maintenance. Maintenance incidents appear in the Rootly web UI and can be published to status pages.
  </Accordion>

  <Accordion title="Managing Status">
    ### `/rootly status`

    Opens a modal to change the incident status (In Triage → Active → Mitigated → Resolved → Closed).

    ### `/rootly mitigate`

    Quick action to mark the incident as mitigated. You'll be prompted to add a comment explaining the mitigation.

    ### `/rootly resolve`

    Quick action to mark the incident as resolved. You'll be prompted to add a resolution comment.
  </Accordion>

  <Accordion title="Action Items">
    **Tasks** are actions to complete during the incident (e.g., "Restart the database").

    **Follow-ups** are post-incident actions (e.g., "Add monitoring for this failure mode").

    Use `/rootly action items` to see a checklist of items assigned to you for this incident.
  </Accordion>

  <Accordion title="On-Call Commands">
    ### `/rootly oncall`

    View who's currently on-call for any schedule. Works with Rootly On-Call and integrated providers (PagerDuty, Opsgenie, VictorOps).

    ### `/rootly page`

    Page responders through Rootly On-Call. Select schedules, teams, or escalation policies. Add an optional note for context.

    ### `/rootly escalate`

    Escalate the current incident to external paging providers. Requires the relevant integration to be installed.
  </Accordion>

  <Accordion title="Channel Conversion">
    ### `/rootly convert`

    Convert an existing Slack channel into a Rootly incident channel. Use this when an incident discussion is already happening in a channel before it's formally declared.

    Run this command in the channel you want to convert (not an existing incident channel).
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/slack/installation

Connect your Slack workspace to Rootly for automated incident channels, notifications, slash commands, message actions, and bookmark management.

Connect Rootly to your Slack workspace to automatically create incident channels, send notifications, and manage collaboration during incidents.

***

## Prerequisites

<Note>
  **You'll need:**

  * Rootly account with admin permissions
  * Slack workspace admin or owner access
  * For Enterprise Grid: Org Owner or Org Admin role
</Note>

***

## Required Permissions

Rootly requests the following Slack permissions during installation.

<AccordionGroup>
  <Accordion title="Bot Scopes (Core)">
    | Scope                                  | Purpose                                  |
    | -------------------------------------- | ---------------------------------------- |
    | `bookmarks:write`                      | Add bookmarks to incident channels       |
    | `channels:manage`                      | Create public incident channels          |
    | `channels:read`                        | View public channel information          |
    | `chat:write`                           | Send messages to incident channels       |
    | `chat:write.public`                    | Post to channels without joining         |
    | `commands`                             | Add `/rootly` and `/incident` commands   |
    | `files:read`                           | Save pinned/reacted files to timeline    |
    | `files:write`                          | Upload files via workflows               |
    | `groups:read`                          | View private channels Rootly is added to |
    | `groups:write`                         | Create private incident channels         |
    | `pins:read` / `pins:write`             | Pin messages to incident channels        |
    | `reactions:read` / `reactions:write`   | Add timeline events via emoji reactions  |
    | `usergroups:read` / `usergroups:write` | Manage on-call user groups               |
    | `users:read` / `users:read.email`      | View user info for invitations           |
    | `users.profile:read`                   | Display full names instead of usernames  |
  </Accordion>

  <Accordion title="Bot Scopes (AI & Assistant)">
    | Scope               | Purpose                                      |
    | ------------------- | -------------------------------------------- |
    | `app_mentions:read` | Respond to @rootly mentions                  |
    | `channels:history`  | Read public channel history for AI features  |
    | `groups:history`    | Read private channel history for AI features |
    | `assistant:write`   | Enable Rootly AI Assistant                   |
    | `im:history`        | Read DMs for AI Assistant interactions       |
  </Accordion>

  <Accordion title="User Scopes">
    | Scope              | Purpose                       |
    | ------------------ | ----------------------------- |
    | `usergroups:write` | On-call user group management |

    **When bot cannot create channels** (some workspaces restrict this):

    | Scope            | Purpose                                     |
    | ---------------- | ------------------------------------------- |
    | `channels:write` | Create public channels on behalf of admins  |
    | `groups:write`   | Create private channels on behalf of admins |
  </Accordion>

  <Accordion title="Enterprise Grid Scopes">
    | Scope                         | Purpose                            |
    | ----------------------------- | ---------------------------------- |
    | `conversations.connect:write` | Connect channels across workspaces |
    | `admin.conversations:write`   | Manage conversations at org level  |
  </Accordion>
</AccordionGroup>

<Tip>
  For details on Slack scopes, see [Slack's permission documentation](https://docs.slack.dev/reference/scopes).
</Tip>

***

## Choose Your Plan

<CardGroup>
  <Card title="Slack Free, Pro, or Business+" icon="users" href="#slack-free-pro-and-business">
    Single workspace installation. Most common setup for teams on standard Slack plans.
  </Card>

  <Card title="Slack Enterprise Grid" icon="building" href="#slack-enterprise-grid">
    Organization-level installation with multi-workspace support. Requires Org Owner/Admin.
  </Card>
</CardGroup>

***

## Slack Free, Pro, and Business+

<Steps>
  <Step title="Open Integrations">
    In Rootly, go to **Configuration → Integrations** and search for **Slack**. Click **Setup**.

    <img alt="Rootly integrations page" />

    <img alt="Slack integration setup" />
  </Step>

  <Step title="Select Your Plan">
    Choose **Other Slack Plans** (this covers Free, Pro, and Business+).

    <img alt="Slack plan selection" />
  </Step>

  <Step title="Authorize in Slack">
    You'll be redirected to Slack. Verify you're installing to the correct workspace (check the dropdown in the top right), then click **Allow**.

    <img alt="Slack OAuth authorization" />
  </Step>

  <Step title="Confirm Connection">
    You'll be redirected back to Rootly. The integration should show as **Connected**.

    <img alt="Slack connected successfully" />
  </Step>
</Steps>

***

## Slack Enterprise Grid

<Warning>
  You must be a **Workspace Owner** (not just Admin) to complete Enterprise Grid setup.
</Warning>

With Enterprise Grid, you install Rootly at the organization level, then add it to specific workspaces. This lets you manage incidents across multiple workspaces from a single Rootly account.

<Frame>
  <iframe />
</Frame>

<Steps>
  <Step title="Open Integrations">
    In Rootly, go to **Configuration → Integrations** and search for **Slack**. Click **Setup**.
  </Step>

  <Step title="Select Enterprise Grid">
    Choose **Slack Enterprise Grid**.

    <img alt="Slack Enterprise Grid option" />
  </Step>

  <Step title="Install at Organization Level">
    You'll be redirected to Slack. **Before clicking Allow**, verify you're installing at the **organization level** (not a single workspace).

    Click **Allow** to approve Rootly as an organization-wide app.
  </Step>

  <Step title="Add Rootly to Workspaces">
    After authorization, switch to your Slack Enterprise Grid admin portal:

    1. Go to **Organization Settings → Integrations → Installed Apps**
    2. Find **Rootly** in the list
    3. Click the menu and select **Add to more workspaces**
    4. Select which workspaces should have access to Rootly
    5. Click **Next** and **Allow**

    Rootly will now be available in those workspaces.
  </Step>

  <Step title="Configure Incident Workspace">
    Return to Rootly and go to **Integrations → Slack → Configure**:

    1. **Select incident workspace** — Choose which workspace will host your dedicated incident channels
    2. **Set announcement channel** — Choose where new incidents are announced
    3. **Set alerts channel** — Choose where alerts are posted
    4. Click **Save Settings**
  </Step>

  <Step title="Set Up Shared Channels (Recommended)">
    For cross-workspace visibility, create a shared incident channel:

    1. In Slack, create or select a channel (e.g., `#incidents`)
    2. Click the channel name → **Settings** → **Workspaces with access**
    3. Add all workspaces that should see incident announcements

    This way, users in any workspace can see incidents declared from any other workspace.
  </Step>
</Steps>

***

## Re-Claiming the /incident Command

During the transition to Rootly, you may experience issues where Rootly's bot claims the `/incident` Slack command from your existing bot. When multiple bots use the same command, [Slack will always invoke the one that was installed most recently](https://docs.slack.dev/interactivity/implementing-slash-commands/#naming_your_command). If this interrupts your transition, follow the steps below to reclaim the `/incident` command from Rootly.

### Option 1 (Recommended)

This is the safest method — it does not result in a blackout period where your old bot is unusable.

1. Ensure Rootly is already installed on your Slack workspace.
2. Update your old bot's Slack command from `/incident` to a placeholder (e.g., `/incident-1`).
3. Save the change.
4. Change the command of your old bot back to `/incident`.

Slack recognizes an update to the command as a new installation. This should make your old bot the "most recently installed bot" that uses the `/incident` command.

### Option 2

If Option 1 does not work, try this option. There will be a brief blackout period where your old bot is unusable.

1. Ensure Rootly is already installed on your Slack workspace.
2. Uninstall your old bot.
3. Reinstall your old bot.

This is effectively the same as Option 1 — the reinstallation reclaims the `/incident` command from Rootly.

### Enterprise Grid Consideration

If the issue persists after trying the above, check your installation scope. If **Rootly is installed at the Slack organization level** (Slack Enterprise Grid), you must also reinstall your old bot at the **Slack organization level**, not just at the workspace level.

***

## Uninstall

To remove the Slack integration:

1. Go to **Configuration → Integrations** and find **Slack**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

<Warning>
  Disconnecting from Rootly does not remove Rootly from Slack. To fully revoke access:

  1. In Slack, go to **Settings & Administration → Manage Apps**
  2. Find **Rootly** and click **Remove**
</Warning>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Workspace not showing during installation" icon="circle-x">
    **Causes:**

    * You're not an Admin or Owner of the workspace
    * Workspace doesn't allow members to install apps
    * Logged into wrong Slack account

    **Solutions:**

    * Ask a Slack Admin/Owner to install Rootly
    * Check **Slack → Settings & Permissions → App Management**
    * Try in a private browser window with the correct Slack account
  </Accordion>

  <Accordion title="Enterprise Grid option not showing" icon="circle-x">
    **Causes:**

    * Your org isn't on Enterprise Grid
    * You're not an Org Owner/Admin
    * Logged into a non-Grid workspace

    **Solutions:**

    * Verify your plan at [Slack's pricing page](https://slack.com/pricing)
    * Ask an Org Owner/Admin to complete installation
    * Log into your Enterprise org, not a standalone workspace
  </Accordion>

  <Accordion title="Channels not being created" icon="circle-x">
    **Causes:**

    * Rootly bot lacks channel creation permissions
    * Workspace restricts channel creation to admins

    **Solutions:**

    * Enable **Bypass Slack permissions** in Smart Defaults
    * Verify Rootly has `channels:manage` and `groups:write` scopes
    * Check workflow logs for specific errors
  </Accordion>

  <Accordion title="Can't see incidents from other workspaces (Enterprise Grid)" icon="circle-x">
    **Causes:**

    * Announcement channel isn't shared across workspaces
    * Rootly not added to all required workspaces

    **Solutions:**

    * Create a shared channel for incident announcements
    * Add Rootly to all workspaces via **Organization Settings → Installed Apps**
  </Accordion>

  <Accordion title="Can't pin messages to incident timelines 📌">
    If you're on Slack Enterprise Grid and pinning messages to the incident timeline isn't working, this is a sign that your Slack integration was installed as a **non-Grid** (single-workspace) installation rather than at the organization level. \
    \
    **Solutions:** 

    * Disconnect the Slack integration from Rootly 
    * Reconnect it, making sure to select **Slack Enterprise Grid** during installation and authorize at the **organization level** (not a single workspace)
  </Accordion>
</AccordionGroup>


# Slack
Source: https://docs.rootly.com/integrations/slack/slack

Automate incident channels, notifications, and collaboration directly in Slack with Rootly's slash commands, message actions, modals, and workflow actions.

Rootly's Slack integration automatically creates and manages incident channels the moment an incident starts. Channels stay in sync with incident details in real time, so teams stay aligned without manual coordination.

## What You Can Do

<CardGroup>
  <Card title="Incident Channels" icon="hashtag">
    Auto-create dedicated channels for each incident with consistent naming, topics, and bookmarks. Channels can be public or private based on incident sensitivity.
  </Card>

  <Card title="Real-Time Updates" icon="rotate">
    Channel topics, names, and bookmarks update automatically as incident status, severity, or details change.
  </Card>

  <Card title="Notifications & Alerts" icon="bell">
    Announce new incidents to designated channels, notify user groups for high-severity events, and send reminders for stale incidents or unassigned roles.
  </Card>

  <Card title="User Management" icon="users">
    Auto-invite on-call responders, service owners, or specific user groups to incident channels based on conditions.
  </Card>

  <Card title="Slash Commands" icon="terminal">
    Declare incidents, update status, assign roles, add action items, and trigger workflows directly from Slack with `/rootly` commands.
  </Card>

  <Card title="Block Kit Messages" icon="grid-2">
    Send rich, interactive messages with buttons for common actions like updating summary, assigning roles, or escalating to PagerDuty.
  </Card>
</CardGroup>

***

## How It Works

<Steps>
  <Step title="Connect Slack">
    Authorize Rootly to access your Slack workspace. For Enterprise Grid, install at the organization level and add to specific workspaces.
  </Step>

  <Step title="Configure Automations">
    Use **Smart Defaults** for quick channel and notification setup, or build **Custom Workflows** for advanced conditional logic.
  </Step>

  <Step title="Incidents Auto-Managed">
    When incidents occur, Rootly creates channels, posts announcements, invites responders, sends reminders, and archives channels when resolved.
  </Step>
</Steps>

***

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/slack/installation">
    Connect your Slack workspace
  </Card>

  <Card title="Commands" icon="terminal" href="/integrations/slack/commands">
    View all Slack commands
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/slack/workflows/overview">
    Configure automations
  </Card>
</CardGroup>


# Smart Defaults
Source: https://docs.rootly.com/integrations/slack/smart-defaults

Pre-configured Rootly settings that automate Slack channel creation, notifications, bookmarks, and topic updates without manual workflow configuration.

Smart Defaults let you configure automatic Slack behaviors without building custom workflows. Enable channel creation, set up announcements, configure reminders, and manage archiving from a single settings panel.

<Note>
  **New vs Existing Customers:**

  * **New customers** have Smart Defaults enabled by default and can manage incidents immediately
  * **Existing customers** have Smart Defaults disabled to avoid disrupting existing workflow configurations
</Note>

***

## How to Access

1. Go to **Configuration → Integrations → Slack**
2. Click **Configure**
3. You'll see the Smart Defaults panel

***

## Workspace Setup

<img alt="Workspace selection dropdown" />

Select the Slack workspace where incident channels will be created.

<Note>
  Most users see one workspace. **Enterprise Grid** customers may see multiple workspaces.
</Note>

The selected workspace determines which users, groups, and channels appear in Rootly dropdowns.

***

## Notifications

Configure what messages Rootly sends to Slack.

### Team Notifications

<img alt="Team notifications settings" />

<AccordionGroup>
  <Accordion title="Default Announcement Channel">
    Announces every new incident in a specified channel.

    <img alt="Default announcement channel configuration" />

    <Note>
      Rootly refreshes channels daily. Click **Refresh channels** if a channel doesn't appear.
    </Note>

    For **private channels**, the Rootly bot must be added first. Send `@Rootly` in the channel to invite the bot.

    <img alt="Private channel bot invitation" />
  </Accordion>

  <Accordion title="High Severity Notifications">
    Notify specific users, groups, or channels when high-severity incidents are declared.

    <Tip>
      See [Severities](/configuration/severities) to configure severity levels.
    </Tip>
  </Accordion>

  <Accordion title="Default Alerts Channel">
    Announces new alerts in a specified channel. Messages auto-update as alerts are acknowledged, escalated, or resolved.

    <Note>
      For conditional routing (e.g., different channels per team), use a [Custom Workflow](/integrations/slack/workflows/custom-workflows).
    </Note>
  </Accordion>
</AccordionGroup>

### Smart Reminders

<img alt="Smart reminder settings" />

| Reminder               | What It Does                                                 |
| ---------------------- | ------------------------------------------------------------ |
| **Unassigned roles**   | Notifies if no incident roles are assigned within a set time |
| **Triage timeout**     | Notifies if incident stays in Triage state too long          |
| **Inactive incident**  | Notifies if no activity occurs within a set time             |
| **Empty summary**      | Notifies if incident summary remains blank                   |
| **Status page update** | Periodic reminder to update status pages                     |
| **Leave feedback**     | Reminder to log feedback after resolution                    |

<Note>
  **What counts as "activity"?**

  * Updating the incident summary ✓
  * Using 📌 emoji to log timeline events ✓
  * Regular messages in the channel ✗ (does not count)
</Note>

### Updates

<img alt="Incident update notification settings" />

| Setting                               | What It Does                                   |
| ------------------------------------- | ---------------------------------------------- |
| **Status change notifications**       | Post to channel when incident status changes   |
| **Status page notifications**         | Post when a status page is updated             |
| **Draft communication notifications** | Post when a draft communication is created     |
| **Timeline pin reaction**             | Add ✅ emoji when events are pinned to timeline |
| **Pin timeline events**               | Pin timeline updates to the Slack channel      |

### Advanced

<img alt="Advanced notification settings" />

| Setting                       | What It Does                                                                                 |
| ----------------------------- | -------------------------------------------------------------------------------------------- |
| **Broadcast incident events** | Post timeline updates as new messages instead of threading them. Noisier but harder to miss. |
| **Mention and tag @user**     | Tag users mentioned by Rootly in timeline updates. Disable to reduce notification fatigue.   |

***

## Incident Channel

Configure how incident channels are created and managed.

### Channel Settings

<img alt="Incident channel settings" />

| Setting                         | What It Does                                                                                               |
| ------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **Create incident channel**     | Auto-create a Slack channel for each new incident. Highly recommended.                                     |
| **Channel naming convention**   | Select from predefined formats or create custom names using [Liquid variables](/liquid/incident-variables) |
| **Auto-bookmark incident link** | Add a bookmark linking to the incident in Rootly web UI                                                    |
| **Auto-update channel topic**   | Update topic when severity, status, type, or environment changes                                           |

<Warning>
  Slack doesn't allow duplicate channel names. Predefined options ensure uniqueness. For custom names, include unique identifiers like `{{ incident.sequential_id }}`.
</Warning>

**Example custom channel names:**

* `inc-{{ incident.sequential_id }}-{{ incident.title | slugify }}`
* `{{ incident.severity | downcase }}-{{ incident.created_at | date: '%Y%m%d' }}-{{ incident.title | truncate: 20 }}`

### Bypass Slack Permissions

<img alt="Bypass Slack permissions setting" />

Some workspaces restrict channel creation to admins. Enable this to let Rootly create channels on behalf of admin users.

<Warning>
  Check with your Slack admin before enabling. This requires additional user scopes.
</Warning>

### Emoji Shortcuts

<img alt="Emoji shortcut interactions" />

Configure emoji reactions to trigger actions:

| Default Emoji | Action                           |
| ------------- | -------------------------------- |
| 📌            | Add message to incident timeline |
| 🔧            | Create a follow-up action item   |
| ⭐             | Create a task                    |

<Note>
  Choose uncommon emojis to avoid accidental triggers. Avoid 👍, 😄, or other frequently used reactions.
</Note>

### Archive Channels

<img alt="Channel archiving settings" />

| Setting                            | What It Does                                                                            |
| ---------------------------------- | --------------------------------------------------------------------------------------- |
| **Auto-archive incident channels** | Archive channels after resolution. Set a delay (1-2 days recommended) to allow cleanup. |
| **Auto-archive test incidents**    | Archive test/tutorial channels 24 hours after creation                                  |

### Member Tracking

<img alt="Member tracking settings" />

| Setting                      | What It Does                                           |
| ---------------------------- | ------------------------------------------------------ |
| **Require Slack connection** | Force all Rootly users to connect their Slack accounts |
| **Track joins**              | Log when users join incident channels to the timeline  |
| **Track leaves**             | Log when users leave incident channels to the timeline |

***

## When to Use Custom Workflows Instead

Smart Defaults cover common scenarios, but use [Custom Workflows](/integrations/slack/workflows/custom-workflows) when you need:

* **Conditional logic** — Different channels for different teams or severities
* **Multi-step automations** — Invite users, then send a message, then add a bookmark
* **Integration actions** — Create Jira tickets, page PagerDuty, update status pages
* **Scheduled/delayed actions** — Send reminders at specific intervals
* **Custom message formatting** — Use Block Kit for rich interactive messages


# Custom Workflows
Source: https://docs.rootly.com/integrations/slack/workflows/custom-workflows

Build automated Slack actions in Rootly with triggers, conditions, and 10+ actions including channel creation, messaging, bookmarks, reminders, and renaming.

Custom workflows give you full control over Slack automation. Create channels, send messages, invite users, and more based on triggers and conditions you define. If you're new to workflows, see the [Workflows](/workflows/workflows) documentation first.

***

## Available Actions

| Action                                              | What It Does                              |
| --------------------------------------------------- | ----------------------------------------- |
| [Create Slack Channel](#create-slack-channel)       | Create a dedicated incident channel       |
| [Send Slack Message](#send-slack-message)           | Post a message to channels/users          |
| [Send Slack Reminder](#send-slack-reminder)         | Send recurring messages with snooze/pause |
| [Send Slack Blocks](#send-slack-blocks)             | Send rich Block Kit messages              |
| [Invite to Slack Channel](#invite-to-slack-channel) | Add users/groups to a channel             |
| [Rename Slack Channel](#rename-slack-channel)       | Change channel name dynamically           |
| [Update Channel Topic](#update-channel-topic)       | Update the channel topic                  |
| [Add Slack Bookmark](#add-slack-bookmark)           | Pin links to channel bookmark bar         |
| [Archive Slack Channel](#archive-slack-channel)     | Archive inactive channels                 |
| [Change Channel Privacy](#change-channel-privacy)   | Switch between public/private             |

***

## Create a Workflow

<Steps>
  <Step title="Open Workflows">
    Go to **Rootly → Workflows → Create Workflow**.

    <img alt="Rootly workflows page" />

    <img alt="Create workflow button" />
  </Step>

  <Step title="Choose Workflow Type">
    Select **Incident**, **Retrospective**, or **Pulse** depending on when you want the workflow to run.

    <img alt="Workflow type selection" />
  </Step>

  <Step title="Configure Triggers">
    Triggers define when the workflow runs.

    <img alt="Workflow trigger configuration" />

    | Trigger                         | When It Fires                           |
    | ------------------------------- | --------------------------------------- |
    | **Incident Created**            | New incident declared                   |
    | **Incident Updated**            | Fields like severity or status change   |
    | **Incident Status Changed**     | Status moves (e.g., Active → Mitigated) |
    | **Incident Commander Assigned** | Someone takes ownership                 |
    | **Manual Trigger**              | Run on-demand from Slack or web UI      |
  </Step>

  <Step title="Add Conditions (Optional)">
    Conditions filter when the workflow should actually execute.

    <img alt="Workflow conditions panel" />

    **Common conditions:**

    * **Severity** — Only for SEV-1 or SEV-2
    * **Team/Service** — Only for specific teams
    * **Incident Type** — Only for actual incidents (not tests)
    * **Environment** — Only for production
  </Step>

  <Step title="Add Actions">
    Click **Add Action** and search for **Slack**.

    <img alt="Add action button" />

    <img alt="Search Slack actions" />

    Select one or more Slack actions. Each action is configured independently.
  </Step>
</Steps>

***

## Action Reference

<AccordionGroup>
  <Accordion title="Create Slack Channel" icon="hashtag">
    Creates a dedicated channel for the incident.

    <img alt="Create Slack Channel action" />

    <ParamField type="string">
      Which Slack workspace to create the channel in.
    </ParamField>

    <ParamField type="string">
      Channel name. Supports [Liquid variables](/liquid/incident-variables).

      Example: `incident-{{ incident.sequential_id }}-{{ incident.title }}`
    </ParamField>

    <ParamField type="enum">
      Controls channel visibility:

      * `auto` — matches incident privacy (private incident → private channel)
      * `true` — always private
      * `false` — always public
    </ParamField>

    <Note>
      If the incident already has a Slack channel, this action will skip channel creation to avoid duplicates.
    </Note>
  </Accordion>

  <Accordion title="Send Slack Message" icon="message">
    Posts a message to channels, users, or user groups.

    <img alt="Send Slack Message action" />

    <ParamField type="string">
      Target channels. Use `{{ incident.slack_channel_id }}` for the incident channel. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      Individual users to message directly.
    </ParamField>

    <ParamField type="string">
      Groups to notify — all members receive the message.
    </ParamField>

    <ParamField type="string">
      Message content. Supports [Liquid variables](/liquid/incident-variables) and [Slack markdown](https://api.slack.com/reference/surfaces/formatting).
    </ParamField>

    **Message Options:**

    | Option                     | Description                             |
    | -------------------------- | --------------------------------------- |
    | **Pin to Channel**         | Pin the message                         |
    | **Send as Ephemeral**      | Only visible to specified users         |
    | **Thread under parent**    | Reply to an existing message            |
    | **Update Parent Message**  | Replace the parent instead of threading |
    | **Broadcast Thread Reply** | Also post threaded reply as new message |

    **Action Buttons** — add interactive buttons to messages:

    | Button                   | What It Opens            |
    | ------------------------ | ------------------------ |
    | Update Summary           | Edit incident summary    |
    | Manage Incident Roles    | Assign/remove roles      |
    | Update Incident          | Edit incident fields     |
    | Leave Feedback           | Log incident feedback    |
    | Manage Action Items      | Task/follow-up checklist |
    | Add PagerDuty Responders | Page via PagerDuty       |
    | Add Opsgenie Responders  | Page via Opsgenie        |
  </Accordion>

  <Accordion title="Send Slack Reminder" icon="bell">
    Same as Send Message, but with **Snooze/Pause** buttons and support for **recurring schedules**.

    <img alt="Send Slack Reminder action" />

    <ParamField type="string">
      Target channels. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      Reminder message content. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="enum">
      How often the reminder fires. Options include once, every N minutes, hourly, and daily.
    </ParamField>

    <Note>
      Use reminders for periodic nudges (e.g., "Update the incident summary every 30 minutes"). The Snooze and Pause buttons allow responders to defer or stop reminders without leaving Slack.
    </Note>
  </Accordion>

  <Accordion title="Send Slack Blocks" icon="grid-2">
    Send rich, interactive messages using [Slack Block Kit](https://api.slack.com/reference/block-kit).

    <img alt="Send Slack Blocks action" />

    <ParamField type="string">
      JSON payload following Block Kit format. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      Text shown in push notifications when Block Kit content can't be rendered.
    </ParamField>

    **Block Kit Examples:**

    Text section with markdown:

    ```json theme={null}
    {
      "type": "section",
      "text": {
        "type": "mrkdwn",
        "text": "*Incident:* {{ incident.title }}\n*Severity:* {{ incident.severity }}"
      }
    }
    ```

    Button that triggers a workflow:

    ```json theme={null}
    {
      "type": "actions",
      "elements": [{
        "type": "button",
        "text": { "type": "plain_text", "text": "View Action Items" },
        "action_id": "trigger_custom_workflow",
        "value": "incident-list-out-incomplete-action-items"
      }]
    }
    ```

    **Available `action_id` values:**

    | action\_id                                | What It Does                                        |
    | ----------------------------------------- | --------------------------------------------------- |
    | `toolbar_update_incident_summary`         | Edit summary modal                                  |
    | `toolbar_update_status`                   | Change status modal                                 |
    | `toolbar_update_incident`                 | Edit incident modal                                 |
    | `manage_incident_role_assignments_dialog` | Assign roles modal                                  |
    | `manage_incident_action_items`            | Action items checklist                              |
    | `add_feedback`                            | Feedback modal                                      |
    | `pagerduty_responders`                    | PagerDuty escalation                                |
    | `opsgenie_responders`                     | Opsgenie escalation                                 |
    | `snooze_reminder`                         | Snooze recurring workflow                           |
    | `pause_reminder`                          | Pause recurring workflow                            |
    | `trigger_custom_workflow`                 | Run another workflow (set `value` to workflow slug) |
    | `open_custom_form`                        | Open a custom form (set `value` to form slug)       |

    <Warning>
      Slack's Block Kit Builder can't interpret Liquid variables. Test your templates in Rootly's [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer).
    </Warning>
  </Accordion>

  <Accordion title="Invite to Slack Channel" icon="user-plus">
    Adds users or user groups to a channel.

    <img alt="Invite to Slack Channel action" />

    <ParamField type="string">
      Target channel. Use `{{ incident.slack_channel_id }}` for the incident channel. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      Individual users to invite. Use `{{ incident.creator }}` for the incident creator.
    </ParamField>

    <ParamField type="string">
      Groups to invite — all members are added to the channel.
    </ParamField>
  </Accordion>

  <Accordion title="Rename Slack Channel" icon="pencil">
    Changes the channel name dynamically, useful for reflecting status changes.

    <img alt="Rename Slack Channel action" />

    <ParamField type="string">
      Channel to rename. Use `{{ incident.slack_channel_id }}`. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      New channel name. Supports [Liquid variables](/liquid/incident-variables).

      Example: `resolved-{{ incident.title }}`
    </ParamField>

    **Common use case:** Rename to include status when resolved (e.g., `resolved-database-outage`).
  </Accordion>

  <Accordion title="Update Channel Topic" icon="pen-to-square">
    Sets the channel topic to display key incident info at a glance.

    <img alt="Update Slack Channel Topic action" />

    <ParamField type="string">
      Channels to update. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      New topic text. Supports [Liquid variables](/liquid/incident-variables) and Slack markdown.
    </ParamField>

    **Example topic:**

    ```
    🔴 {{ incident.severity }} | {{ incident.status }} | Commander: {{ incident.commander.name | default: "Unassigned" }}
    ```
  </Accordion>

  <Accordion title="Add Slack Bookmark" icon="bookmark">
    Pins a link to the channel's bookmark bar for quick access during an incident.

    <img alt="Add Slack Bookmark action" />

    <ParamField type="string">
      Channel to add the bookmark to. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      Bookmark display text. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      URL to bookmark. Common values: `{{ incident.url }}`, `{{ incident.jira_issue_url }}`. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="string">
      Icon shown next to the bookmark.
    </ParamField>

    <ParamField type="string">
      Optionally link to a Rootly playbook instead of specifying a title and link manually.
    </ParamField>
  </Accordion>

  <Accordion title="Archive Slack Channel" icon="box-archive">
    Archives the channel to keep your workspace clean after an incident is resolved.

    <img alt="Archive Slack Channel action" />

    <ParamField type="string">
      Channel to archive. Use `{{ incident.slack_channel_id }}`. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    **Common trigger:** Incident status changed to "Closed" with a 24–48 hour delay to allow post-incident cleanup.
  </Accordion>

  <Accordion title="Change Channel Privacy" icon="lock">
    Switches a channel between public and private.

    <img alt="Change Slack Channel Privacy action" />

    <ParamField type="string">
      Channel to modify. Supports [Liquid variables](/liquid/incident-variables).
    </ParamField>

    <ParamField type="enum">
      * `public` — make the channel visible to all workspace members
      * `private` — restrict access to invited members only
    </ParamField>

    <Note>
      Changing from private to public may not be allowed by your Slack workspace settings.
    </Note>
  </Accordion>
</AccordionGroup>

***

## Common Liquid Variables

| Variable                                 | Description                                   |
| ---------------------------------------- | --------------------------------------------- |
| `{{ incident.slack_channel_id }}`        | Current incident's channel ID                 |
| `{{ incident.title }}`                   | Incident title                                |
| `{{ incident.severity }}`                | Severity level                                |
| `{{ incident.status }}`                  | Current status                                |
| `{{ incident.url }}`                     | Link to incident in Rootly                    |
| `{{ incident.creator }}`                 | User who created the incident                 |
| `{{ parent_incident.slack_channel_id }}` | Parent incident's channel (for sub-incidents) |

<Tip>
  Explore all variables in the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer).
</Tip>


# Workflows
Source: https://docs.rootly.com/integrations/slack/workflows/overview

Automate Slack channel creation, notifications, bookmarks, reminders, and collaboration with Rootly Slack workflow actions for end-to-end incident response.

Workflows let you automate Slack channel creation, messages, reminders, user invites, and other Slack actions so your incident communication runs automatically.

## Two Options

<CardGroup>
  <Card title="Smart Defaults" icon="bolt" href="/integrations/slack/smart-defaults">
    **Quick setup, no code**

    Pre-configured settings for channel creation, topics, notifications, and reminders.
  </Card>

  <Card title="Custom Workflows" icon="diagram-project" href="/integrations/slack/workflows/custom-workflows">
    **Full control**

    Build conditional automations with triggers, conditions, and 10+ Slack actions.
  </Card>
</CardGroup>


# SMTP
Source: https://docs.rootly.com/integrations/smtp

Route Rootly workflow emails through your own SMTP server to send from your company domain with full control over delivery, authentication, and headers.

## Overview

By default, Rootly sends workflow emails from `workflows@rootly.com`. Connecting an SMTP server lets you route those emails through your own mail infrastructure — so emails arrive from your company domain and you retain full control over delivery, authentication, and TLS configuration.

<CardGroup>
  <Card title="Custom Sender Domain" icon="at">
    Send workflow emails from your own domain instead of Rootly's default address.
  </Card>

  <Card title="Full Delivery Control" icon="sliders">
    Configure TLS, authentication type, port, and SSL verification to match your mail server's requirements.
  </Card>

  <Card title="Works with Send Email Action" icon="paper-plane">
    All **Send an Email** workflow actions automatically route through SMTP once connected — no changes to existing workflows needed.
  </Card>

  <Card title="Highest Priority" icon="arrow-up">
    SMTP takes precedence over SendGrid. If both are connected, SMTP is always used.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You need SMTP credentials for your mail server (address, port, username, password)

## Installation

<Steps>
  <Step title="Open the SMTP integration in Rootly">
    Go to **Configuration → Integrations**, find **SMTP**, and click **Setup**.

    <Frame>
      <img alt="SMTP integration in the integrations list" />
    </Frame>
  </Step>

  <Step title="Enter your SMTP server settings">
    Fill in your server configuration and click **Connect**.

    <Frame>
      <img alt="SMTP configuration form" />
    </Frame>
  </Step>
</Steps>

## Configuration

<ParamField type="string">
  The hostname of your SMTP server — for example, `smtp.gmail.com` or `smtp.sendgrid.net`. Must be a valid domain name. Stored encrypted at rest.
</ParamField>

<ParamField type="integer">
  The port your SMTP server listens on. Defaults to `587` (STARTTLS). Common values: `25`, `465` (SMTPS), `587`.
</ParamField>

<ParamField type="string">
  The HELO/EHLO domain sent to the mail server during the SMTP handshake — for example, `yourcompany.com`. Optional; leave blank to use the default.
</ParamField>

<ParamField type="string">
  The username for SMTP authentication. Required if your server requires authentication. Stored encrypted at rest.
</ParamField>

<ParamField type="string">
  The password for SMTP authentication. Required if your server requires authentication. Stored encrypted at rest.
</ParamField>

<ParamField type="enum">
  The authentication mechanism your server requires:

  * `plain` — Sends credentials in plain text (use with TLS)
  * `login` — Base64-encoded credentials (use with TLS)
  * `cram_md5` — Challenge-response authentication (does not require TLS)

  Defaults to `plain`.
</ParamField>

<ParamField type="boolean">
  Force STARTTLS when connecting. If enabled and the server does not support STARTTLS, the connection will fail. Defaults to `false`.
</ParamField>

<ParamField type="boolean">
  Automatically detect and use STARTTLS if the server supports it, but do not fail if it doesn't. Defaults to `true`. Disable if you are using direct TLS via SSL mode.
</ParamField>

<ParamField type="boolean">
  Use SMTPS — SMTP over a direct TLS connection on port 465. Defaults to `true`. Disable if your server uses STARTTLS instead.
</ParamField>

<ParamField type="enum">
  How OpenSSL validates the server certificate:

  * `None` — No certificate verification (useful for self-signed certs)
  * `Peer` — Verify the server's certificate against trusted CAs

  Defaults to `None`.
</ParamField>

<Note>
  Once SMTP is connected, all **Send an Email** workflow actions are automatically routed through it. The **From** field in each workflow action controls the sender address — just ensure the address is authorized on your SMTP server.
</Note>

## Uninstall

To remove the SMTP integration:

1. Go to **Configuration → Integrations** and find **SMTP**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

After disconnecting, workflow emails will fall back to SendGrid (if connected) or Rootly's default delivery.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Do I need to change existing workflows after connecting SMTP?" icon="rotate">
    No. All **Send an Email** workflow actions automatically route through SMTP once connected. No changes to existing workflows are required.
  </Accordion>

  <Accordion title="What's the difference between SSL and StartTLS?" icon="lock">
    **SSL** (SMTPS) opens a TLS connection immediately on port 465. **StartTLS** begins as a plain connection on port 587, then upgrades to TLS. Most modern mail servers use port 587 with StartTLS — enable **StartTLS Auto** and disable **SSL** for this setup.
  </Accordion>

  <Accordion title="What takes priority — SMTP or SendGrid?" icon="shuffle">
    SMTP always takes priority. If both are connected, Rootly uses SMTP. To switch to SendGrid, disconnect the SMTP integration first.
  </Accordion>

  <Accordion title="Can I use a self-signed certificate?" icon="certificate">
    Yes. Set **SSL Verify Mode** to `None` to skip certificate validation. This is useful for internal mail servers with self-signed certificates.
  </Accordion>

  <Accordion title="Can I send from any address?" icon="at">
    The **From** address must be authorized on your SMTP server. Rootly will not allow workflow emails to spoof Rootly-owned domains regardless of the From field value.
  </Accordion>
</AccordionGroup>


# Splunk
Source: https://docs.rootly.com/integrations/splunk

Connect Splunk to Rootly using the official Rootly Splunk app to forward saved search alerts, trigger on-call paging, and automate incident creation.

## Introduction

The Splunk integration connects Rootly with Splunk Enterprise or Splunk Cloud so teams can receive alerts from saved searches as Rootly alerts and trigger on-call paging directly from Splunk alert actions.

With the Splunk integration, you can:

* Forward Splunk saved search alerts to Rootly as alerts
* Page Rootly on-call targets directly from Splunk alert actions
* Use alert workflows to create incidents and automate follow-up actions from Splunk search results

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with permission to manage integrations and alert sources
* Splunk Enterprise or Splunk Cloud with admin access to install apps on search heads
* The integration URL or key from your Rootly Splunk alert source settings

<Callout icon="info">
  The Rootly Splunk app must be installed on your **search heads**. It does not need to be installed on indexers or forwarders.
</Callout>

## Installation

<Steps>
  <Step title="Create a Splunk alert source in Rootly" icon="plug">
    Navigate to **Settings > Alert Sources** in Rootly and create a new alert source. Select **Splunk** and give it a descriptive name.

    Copy the **integration URL** or **integration key** shown after saving — you will need this when configuring the Splunk app.
  </Step>

  <Step title="Install the Rootly app in Splunk" icon="download">
    Install the Rootly app from Splunkbase:

    [Rootly App on Splunkbase](https://splunkbase.splunk.com/app/7721)

    Install the app via **Splunk Web Admin** on your search heads.

    <Callout icon="triangle-exclamation">
      The app must be installed on search heads. Alerts in Splunk are triggered from search heads, so the Rootly alert action will not be available unless the app is installed there.
    </Callout>
  </Step>

  <Step title="Configure the Rootly app" icon="gear">
    After installation, configure the Rootly app using the integration URL or key from your Rootly alert source settings.

    <Callout icon="key">
      Use the full integration URL if prompted, or the integration key alone depending on the app version. Both are available from your Rootly Splunk alert source settings.
    </Callout>
  </Step>

  <Step title="Add the Rootly alert action to a saved search" icon="bell">
    In Splunk, open a saved search and navigate to its **Alert Actions**. Add the **Rootly** action and configure it to forward alerts when the search fires.

    <Callout icon="lightbulb">
      You can configure different saved searches to route to different Rootly on-call targets by using separate alert sources or by including notification target parameters in the action configuration.
    </Callout>
  </Step>
</Steps>

## How Alerts Are Mapped

Rootly extracts the following fields from each Splunk alert payload:

* **Summary** — the `search_name` field (the name of the saved search that fired)
* **External ID** — the `sid` (search ID), used to identify the alert
* **External URL** — the `results_link`, linking back to the Splunk search results
* **Started at** — the `result._time` field, parsed as a Unix timestamp

<Callout icon="tag">
  The Splunk `search_name` becomes the alert summary in Rootly. Use descriptive saved search names to make it easy to identify alerts in Rootly workflows and the alert feed.
</Callout>

## Troubleshooting

<AccordionGroup>
  <Accordion title="The Rootly alert action is not appearing in Splunk saved search settings" icon="circle-exclamation">
    Confirm the Rootly app is installed on the search head where you are configuring the saved search. The alert action is only available on nodes where the app is installed.
  </Accordion>

  <Accordion title="Alerts are not appearing in Rootly after a saved search fires" icon="eye-slash">
    Verify that the integration URL or key configured in the Rootly app matches what is shown in your Rootly Splunk alert source settings. Check the Splunk alert action logs for delivery errors.
  </Accordion>

  <Accordion title="The search_name or results_link is missing from the Rootly alert" icon="file-circle-question">
    Rootly extracts these fields from the standard Splunk alert payload. Confirm the saved search is configured to include search results and metadata in the alert action payload.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Splunk integration, open the integrations panel in Rootly and select **Configure > Delete**. You can also uninstall the Rootly app from Splunk Web Admin.


# SSO
Source: https://docs.rootly.com/integrations/sso

Enable single sign-on for Rootly with SAML 2.0 compatible identity providers including Okta, Google, OneLogin, Auth0, Azure AD, JumpCloud, and more.

## Installation

You can setup this integration as a **logged in admin user** in the integrations page:

<Frame>
  <img alt="Document Image" />
</Frame>

## Identity Providers

Rootly is compatible with **any identity provider** supporting **SAML 2.0.**

Depending on the identity provider, you might be asked for the following information during your setup process:

### Service Provider Details

| Field                        | Value                                                    |
| ---------------------------- | -------------------------------------------------------- |
| **ACS URL**                  | `https://rootly.com/users/saml/auth`                     |
| **Entity ID / Audience URI** | `https://rootly.com/users/saml/metadata`                 |
| **SP Metadata URL**          | `https://rootly.com/users/saml/metadata`                 |
| **Name ID Format**           | `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` |
| **Binding**                  | HTTP-POST                                                |

### SAML Attribute Mapping

Rootly reads the following attributes from the SAML assertion. Email is taken from the NameID element and is required. All other attributes are optional but recommended for accurate Just-In-Time (JIT) provisioning.

| Rootly field   | SAML attribute               |
| -------------- | ---------------------------- |
| Email          | NameID (emailAddress format) |
| First name     | `name.givenName`             |
| Last name      | `name.familyName`            |
| Preferred name | `displayName`                |
| Phone number   | `phoneNumbers.work`          |

### Certificate Requirements

Rootly requires a PEM-encoded X.509 certificate from your IdP to validate SAML assertions.

* Must be in PEM format with `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` headers
* Must not be expired — Rootly rejects expired certificates at save time
* Must match the certificate your IdP uses to sign SAML responses

### Okta

Let's go to the **Applications > Applications > Browse App Catalog**.

<Frame>
  <img alt="Clean Shot 2026 04 17 At 10 54 16" />
</Frame>

Search for "**Rootly"**.

<Frame>
  <img alt="Clean Shot 2026 04 17 At 10 57 17" />
</Frame>

Click on **Add Integration**.

<Frame>
  <img alt="Clean Shot 2026 04 17 At 10 57 57" />
</Frame>

Give the app a name.

<Info>
  TIP: If you're planning on using multiple orgs on Rootly, consider naming each Rootly app in Okta a name that corresponds to each org.
</Info>

<Frame>
  <img alt="Clean Shot 2026 04 17 At 10 58 51" />
</Frame>

Select **SAML 2.0**.

Now our app is created let's go back in **Applications > Rootly** and click **View Setup Instructions:**

<Frame>
  <img alt="Clean Shot 2026 04 17 At 11 02 45" />
</Frame>

Finally copy the fields as shown below into **Rootly**, this information from Okta is unique to your organization.

| Okta field                           | Rootly field         |
| ------------------------------------ | -------------------- |
| Identity Provider Issuer             | Identity Provider ID |
| Identity Provider Single Sign-On URL | Identity Login URL   |
| X.509 Certificate                    | IdP Cert             |

<Frame>
  <img alt="Clean Shot 2026 04 17 At 11 08 36" />
</Frame>

<Frame>
  <img alt="Clean Shot 2026 04 17 At 11 10 16" />
</Frame>

Test your SSO integration by assigning yourself or a test user to the app. Go to **Assignments > Assign > Assign to People**.

<Frame>
  <img alt="Clean Shot 2026 04 17 At 11 16 47" />
</Frame>

If you're already logged into Rootly, go ahead and logout. Then Navigate to the signon link [https://rootly.com/users/sign\_in](https://rootly.com/users/sign_in). Click on **SSO**.

<Frame>
  <img alt="Clean Shot 2026 04 17 At 11 22 04" />
</Frame>

Enter your full work email (not just the domain) and click **Sign In**.

<Frame>
  <img alt="Clean Shot 2026 04 17 At 11 26 37" />
</Frame>

You are all set!

### Google

You will need to access the **Google Admin Console:** [https://admin.google.com/ac/home](https://admin.google.com/ac/home).

Follow screenshot steps as below:

<Frame>
  <img alt="Document Image" />
</Frame>

<Frame>
  <img alt="Document Image" />
</Frame>

<Frame>
  <img alt="Document Image" />
</Frame>

<Frame>
  <img alt="Document Image" />
</Frame>

<Frame>
  <img alt="Document Image" />
</Frame>

Make sure `Signed Response` is checked and the app `ON for everyone` is checked in your org unit.

<Frame>
  <img alt="Document Image" />
</Frame>

And finally let's edit the attributes mapping.

| Google Workspace field | SAML attribute    |
| ---------------------- | ----------------- |
| Primary email          | NameID            |
| First name             | `name.givenName`  |
| Last name              | `name.familyName` |

<Frame>
  <img alt="Document Image" />
</Frame>

Let's switch to Rootly. You can get the identity login url by clicking on the `TEST SAML LOGIN` button.

<Frame>
  <img alt="Document Image" />
</Frame>

<Frame>
  <img alt="Document Image" />
</Frame>

### OneLogin

Browse the Applications Store page and install Rootly.

<Frame>
  <img alt="Document Image" />
</Frame>

Copy fields over Rootly like shown below

* Issuer URL **->** Identity Provider ID
* SAML 2.0 endpoint **->** Identity Login Url
* In the certificate section > View Details > X.509 Certificate **->** Idp Cert

<Frame>
  <img alt="Document Image" />
</Frame>

You are all set!

### Auth0

Docs: [https://marketplace.auth0.com/integrations/rootly-sso-integration](https://marketplace.auth0.com/integrations/rootly-sso-integration)

### Azure

Install SSO integration through the Azure marketplace

* Marketplace: [https://azuremarketplace.microsoft.com/en-US/marketplace/apps/aad.rootly](https://azuremarketplace.microsoft.com/en-US/marketplace/apps/aad.rootly)
* Tutorial: [https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/rootly-tutorial](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/rootly-tutorial)

### Rippling

Integrate Rippling SSO + SCIM in one click [https://www.rippling.com/app-shop/app/rootly](https://www.rippling.com/app-shop/app/rootly)

<Frame>
  <img alt="Document Image" />
</Frame>

### Keycloak

Keycloak is an open-source identity and access management solution. Follow these steps to configure SAML SSO with Rootly.

#### Prerequisites

* Access to Keycloak admin console
* Keycloak realm set up (can use default `master` realm for testing)
* User account in Keycloak with email attribute configured

#### Step 1: Create SAML Client in Keycloak

1. Navigate to **Clients** in the Keycloak admin console
2. Click **Create Client**
3. Select **SAML** as the client type
4. Set **Client ID** to: `https://rootly.com/users/saml/metadata`
5. Click **Next** and **Save**

#### Step 2: Configure Client Settings

Navigate to your client's **Settings** tab and configure:

**Access Settings:**

* **Root URL**: `https://rootly.com/users/saml`
* **Home URL**: `https://rootly.com/users/saml`
* **Valid redirect URIs**:
  * `https://rootly.com/*`
  * `https://rootly.com/users/saml/auth`
* **Master SAML Processing URL**: `https://rootly.com/users/saml/auth`

**SAML Capabilities:**

* **Name ID format**: `email`
* **Force POST binding**: `On`
* **Include AuthnStatement**: `On`

**Signature and Encryption:**

* **Sign documents**: `On`
* **Sign assertions**: `On`
* **Signature algorithm**: `RSA_SHA256`
* **SAML signature key name**: `KEY_ID`
* **Canonicalization method**: `EXCLUSIVE`

#### Step 3: Configure Keys

Navigate to the **Keys** tab:

* **Client signature required**: `Off`
* **Encrypt assertions**: `Off`

#### Step 4: Configure Name ID Mapper

1. Go to **Client scopes** → **Dedicated scopes** → **Mappers**
2. Create or edit the **Email** mapper:
   * **Mapper type**: `User Attribute Mapper For NameID`
   * **Name**: `Email`
   * **Name ID Format**: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
   * **User Attribute**: `email`

#### Step 5: Configure User Email

Ensure your test user has an email address set:

1. Navigate to **Users** → Select your user
2. Go to **Details** tab
3. Set **Email** field (e.g., `user@company.com`)
4. Set **Email verified**: `Yes`

#### Step 6: Get Keycloak Configuration

Collect the following information from Keycloak:

1. **Identity Provider ID**: `https://your-keycloak-host/realms/your-realm`
2. **Identity Login URL**: `https://your-keycloak-host/realms/your-realm/protocol/saml`
3. **Certificate**:
   * Go to **Realm Settings** → **Keys** → **RS256** → **Certificate**
   * Copy the certificate and format with proper PEM headers:
   ```text theme={null}
   -----BEGIN CERTIFICATE-----
   [certificate content]
   -----END CERTIFICATE-----
   ```

#### Step 7: Configure Rootly

In your Rootly SSO integration modal, set:

| Rootly Field           | Keycloak Value                                               |
| ---------------------- | ------------------------------------------------------------ |
| `Identity Provider Id` | `https://your-keycloak-host/realms/your-realm`               |
| `Identity Login Url`   | `https://your-keycloak-host/realms/your-realm/protocol/saml` |
| `Identity Logout Url`  | Leave blank or set logout URL                                |
| `Idp Cert`             | PEM-formatted certificate from Keycloak                      |
| `Domain Name`          | Your domain (e.g. company.com)                               |

### Jumpcloud

Let's begin by navigating to the **SSO Applications** page from the left navigation.

<Frame>
  <img alt="Document Image" />
</Frame>

Click **Add New Application**

<img alt="Images 29 Web" />

Search for and install the **Rootly** application.

<Frame>
  <img alt="Document Image" />
</Frame>

Once installed, select the Rootly application to enter edit mode and navigate to the **SSO** tab.

Update the `IdP Entity ID` from `JumpCloud` to `JumpCloud-<BusinessName>`.

<Frame>
  <img alt="Document Image" />
</Frame>

Download your **IDP Certificate**. It should download as a `.pem` file.

<Frame>
  <img alt="Document Image" />
</Frame>

Navigate to your **Rootly SSO Integration** modal and fill in the following fields with the corresponding values from JumpCloud.

<Frame>
  <img alt="Document Image" />
</Frame>

| Rootly Field           | JumpCloud Field                                                                                                              |
| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| `Identity Provider Id` | `IdP Entity ID `                                                                                                             |
| `Identity Login Url`   | `IDP URL`                                                                                                                    |
| `Identity Logout Url`  | Leave blank or choose any page you'd want to navigate your user to when they log out.                                        |
| `Idp Cert`             | Open the certificate you downloaded in the previous step with a text editor of your choice. Copy and paste the text content. |
| `Domain Name`          | Your domain (e.g. mycompany.com)                                                                                             |

Go ahead `Enable` and `Save` your SSO setup in Rootly.

<Frame>
  <img alt="Document Image" />
</Frame>

You're now SSO enabled!

If you want to set up **Just-In-Time (JIT) provisioning**, navigate to the **Identity Management** tab in edit mode and set the following fields according to the mappings below.

<Frame>
  <img alt="Document Image" />
</Frame>

* `API Type`: `SCIM API`
* `SCIM Version`: `SCIM 2.0`
* `Base URL`: `https://rootly.com/scim`
* `Token Key`: Pick this value up from your SSO Configuration screen in Rootly

<Frame>
  <img alt="Document Image" />
</Frame>

* `Test User Email`: You can use your own email as long as the email domain matches the one set in your Rootly SSO configuration page.

Go ahead and select `Test Connection`. You should see a successful message once a connection is confirmed.

If you'd like to **provision users by JumpCloud Groups**, go ahead and select the following option. This will allow you to provision the users in each JumpCloud Group with a specific Rootly Role.

<Frame>
  <img alt="Document Image" />
</Frame>

Navigate to your **Rootly SSO Integrations** modal and map the desired JumpCloud Group to the desired Rootly Role.

<Frame>
  <img alt="Document Image" />
</Frame>

Go ahead and `Save` your configuration. You're all set for JIT user provisioning!

## Login Behavior

If you have SSO enabled, all other login methods such as Google, Slack, Email/Password will automatically redirect to SSO for any user whose email domain matches a configured SSO account. Users on domains that are not associated with an active SSO configuration continue to use their regular login method.

## Misconfiguration

If you set up SSO incorrectly, you may not be able to sign in anymore. In that case please contact [support@rootly.com](mailto:support@rootly.com) or use the lower right chat widget for live assistance.


# Creating A Statuspage Incident
Source: https://docs.rootly.com/integrations/status-page-io/creating-a-statuspage-incident

Create Atlassian StatusPage.io incidents directly from Rootly incidents using the Status Page Timeline feature, with template population and updates.

## Overview

The following guide will walk you through how to create a StatusPage.IO via a Rootly incident. In order to create a status page incident you first need to import a status page from StatusPage.io. If you have not done that yet please refer to this guide [here](/integrations/status-page-io/importing-status-pages "here").

## Steps

1. Within any non published incident click the Status Page Timeline tab then click publish

<Frame>
  <img alt="Document Image" />
</Frame>

2. Within the publish dialog select a status page that you have integrated with StatusPage.IO (these pages will have "(StatusPage.io)" in the title). Fill out the publish form with your desired settings.

<Frame>
  <img alt="Document Image" />
</Frame>

3. After clicking publish your incident should be added to the Rootly timeline. Clicking the hyperlink next to the incident event will take you to the newly created StatusPage.io incident

<Frame>
  <img alt="Document Image" />
</Frame>

<Frame>
  <img alt="Document Image" />
</Frame>


# Importing Status Pages
Source: https://docs.rootly.com/integrations/status-page-io/importing-status-pages

Import your existing status pages from Atlassian StatusPage.io into Rootly for integrated incident communication management and customer-facing updates.

## Importing Status Pages

### Overview

You can import your existing status pages from statuspage.io. This requires that StatusPageIO integration has already been set up. If you have not done that yet please refer to our guide [here](/integrations/status-page-io "here").

### Steps

1. Within our web experience navigate to *Configuration > Status pages*

<Frame>
  <img alt="Document Image" />
</Frame>

2. On the status pages configuration page click *Import from statuspage.io*

<Frame>
  <img alt="Document Image" />
</Frame>

3. Within the popup modal select the StatusPageIO page you want to import into Rootly. Then click import pages

<Frame>
  <img alt="Document Image" />
</Frame>

4. You should see the newly imported page within the list

<Frame>
  <img alt="Document Image" />
</Frame>


# Importing Templates
Source: https://docs.rootly.com/integrations/status-page-io/importing-templates

Import StatusPage.io templates into Rootly to auto-populate status page update fields with standardized content for consistent customer communication.

## Overview

Rootly supports StatusPage.IO templates. After importing your templates from StatusPage.IO you can utilize them when making status page updates to auto populate fields.

Templates can only be imported for status pages that are linked to StatusPage.IO. If you don't have a status page that is linked to StatusPage.io you can follow steps [here](/integrations/status-page-io/importing-status-pages "here") on importing status pages

## Steps

1. Within the status page configuration page select edit on a status page that has a StatusPage.IO page linked. A StatusPage.IO linked page will have the STATUSPAGE.IO column populated

<Frame>
  <img alt="Document Image" />
</Frame>

2. Scroll down until you see Import from Statuspage.io for templates

<Frame>
  <img alt="Document Image" />
</Frame>

3. Within the popup modal select which templates you wish to import from StatusPage.IO

<Frame>
  <img alt="Document Image" />
</Frame>

4. The imported template should now be in Rootly under your StatusPage.IO integrated status page

<Frame>
  <img alt="Document Image" />
</Frame>


# Using Status Page Templates
Source: https://docs.rootly.com/integrations/status-page-io/using-status-page-templates

Use imported StatusPage.io templates in Rootly to standardize and auto-populate status page event updates with severity, components, and message content.

## Overview

Event status updates are often standardized via templates. These are preset values that will auto-populate your event update. This guide will aim to help you use them. Using StatusPage templates requires you to first import them into Rootly. If you have not done that yet please follow this guide [here](/integrations/status-page-io/importing-templates "here").

## Steps

1. Within any incident in Rootly click the Status Page Timeline Tab then the Add to Timeline button

<Frame>
  <img alt="Document Image" />
</Frame>

2. Within the publish modal select a status page that has StatusPage.io integrated (These pages will have "(Statuspage.io) in the title")

<Frame>
  <img alt="Document Image" />
</Frame>

3. Within the same publish modal select the template you wish to use for your incident event update

<Frame>
  <img alt="Document Image" />
</Frame>

4. Post selection, the template will populate preset such as the event message, status, and any effected components

<Frame>
  <img alt="Document Image" />
</Frame>


# Superplane
Source: https://docs.rootly.com/integrations/superplane

Connect Rootly with Superplane to trigger automated workflows from incident events, manage incidents programmatically, and orchestrate response automation.

## Introduction

The Superplane integration connects Rootly incidents to Superplane's workflow automation platform. You can trigger Superplane workflows when incidents or timeline events occur in Rootly, and take actions on Rootly incidents — creating, retrieving, updating, and annotating them — from within Superplane's workflow builder.

All configuration fields support dynamic expressions, enabling flexible automations that pull in live incident data and external inputs.

<Callout icon="circle-info">
  This integration is configured entirely from the Superplane side. Superplane automatically manages the Rootly webhook endpoints — no manual webhook setup is required in Rootly.
</Callout>

## Before You Begin

* A Rootly account with permission to manage integrations
* A Superplane account with permission to create and configure components

Visit [Superplane's Rootly component documentation](https://docs.superplane.com/components/rootly/) to connect Rootly and get started.

## Triggers

### On Incident

Starts a Superplane workflow when a Rootly incident event occurs. Superplane automatically creates and manages the webhook endpoint.

**Configuration**

Select which incident events to listen for:

* `incident.created`
* `incident.updated`
* `incident.mitigated`
* `incident.resolved`
* `incident.cancelled`
* `incident.deleted`

**Event data**

Each trigger payload includes:

| Field      | Description                                                                  |
| ---------- | ---------------------------------------------------------------------------- |
| `event`    | Event type (e.g. `incident.created`)                                         |
| `incident` | Complete incident object — title, summary, severity, status, timestamps, URL |

**Example payload**

```json theme={null}
{
  "data": {
    "event": "incident.created",
    "incident": {
      "id": "abc123-def456",
      "mitigated_at": null,
      "resolved_at": null,
      "severity": "sev2",
      "started_at": "2026-01-19T12:00:00Z",
      "status": "started",
      "summary": "The API response times have increased significantly across all endpoints.",
      "title": "API latency spike detected",
      "url": "https://app.rootly.com/incidents/abc123-def456"
    }
  },
  "timestamp": "2026-01-19T12:00:00Z",
  "type": "rootly.onIncident"
}
```

***

### On Incident Timeline Event

Starts a Superplane workflow when a timeline event is created or updated on a Rootly incident. Only events with `kind: "event"` are emitted.

**Configuration**

All filters are optional:

| Filter          | Description                                           |
| --------------- | ----------------------------------------------------- |
| Incident Status | Filter by incident status (open, resolved, etc.)      |
| Severity        | Filter by incident severity                           |
| Service         | Filter by service name                                |
| Team            | Filter by team name                                   |
| Event Source    | Filter by event source (`web`, `api`, `system`)       |
| Visibility      | Filter by event visibility (`internal` or `external`) |

**Event data**

| Field         | Description                                                     |
| ------------- | --------------------------------------------------------------- |
| `id`          | Event ID                                                        |
| `event`       | Event content                                                   |
| `event_raw`   | Raw event content                                               |
| `event_id`    | Webhook event ID                                                |
| `event_type`  | `incident_event.created` or `incident_event.updated`            |
| `kind`        | Event kind                                                      |
| `source`      | Event source                                                    |
| `visibility`  | `internal` or `external`                                        |
| `occurred_at` | When the event occurred                                         |
| `created_at`  | When the event was created                                      |
| `updated_at`  | When the event was last updated                                 |
| `issued_at`   | When the webhook was issued                                     |
| `incident_id` | Parent incident ID                                              |
| `incident`    | Incident summary (id, title, severity, status, services, teams) |

**Example payload**

```json theme={null}
{
  "data": {
    "created_at": "2026-02-22T09:46:23.868-08:00",
    "event": "Investigation started, will update accordingly",
    "event_id": "b3065ca8-69a6-4781-b6b4-94d6f0317ccf",
    "event_raw": "Investigation started, will update accordingly",
    "event_type": "incident_event.created",
    "id": "56f7b488-e3c5-4091-9bb4-cf132007f98c",
    "incident": {
      "id": "64c39fde-1626-4f78-874e-9db91c0639d3",
      "services": ["UI - User Profile Block"],
      "severity": "sev2",
      "status": "mitigated",
      "teams": ["Customer Relations"],
      "title": "new remake from main"
    },
    "incident_id": "64c39fde-1626-4f78-874e-9db91c0639d3",
    "issued_at": "2026-02-22T09:46:24.018-08:00",
    "kind": "event",
    "occurred_at": "2026-02-22T09:46:23.868-08:00",
    "source": "web",
    "updated_at": "2026-02-22T09:46:23.868-08:00",
    "visibility": "internal"
  },
  "timestamp": "2026-02-22T17:46:40.603539728Z",
  "type": "rootly.onIncidentTimelineEvent"
}
```

## Actions

### Create Event

Adds a timeline annotation or note to an existing Rootly incident.

**Configuration**

| Field       | Description                                                      | Required |
| ----------- | ---------------------------------------------------------------- | -------- |
| Incident ID | Rootly incident UUID to add the event to                         | Yes      |
| Event       | Note or annotation text — supports expressions                   | Yes      |
| Visibility  | `internal` (responders only) or `external` (public status pages) | No       |

**Output**

```json theme={null}
{
  "data": {
    "created_at": "2026-02-10T07:34:35.902-8:00",
    "event": "Investigation update: database connections stabilized.",
    "id": "a2d32bb7-0417-4d0d-8483-a583c3-7853",
    "occurred_at": "2026-02-10T07:34:35.902-8:00",
    "visibility": "internal"
  },
  "timestamp": "2026-02-10T15:34:36.09877478Z",
  "type": "rootly.incident.event"
}
```

***

### Create Incident

Creates a new incident in Rootly from a Superplane workflow.

**Configuration**

| Field    | Description                                                   | Required |
| -------- | ------------------------------------------------------------- | -------- |
| Title    | A succinct description of the incident — supports expressions | Yes      |
| Summary  | Additional details about the incident — supports expressions  | No       |
| Severity | Incident severity level — supports expressions                | No       |

**Output**

```json theme={null}
{
  "data": {
    "id": "abc123-def456",
    "severity": "sev1",
    "started_at": "2026-01-19T12:00:00Z",
    "status": "started",
    "summary": "Users are experiencing slow database queries and connection timeouts.",
    "title": "Database connection issues",
    "url": "https://app.rootly.com/incidents/abc123-def456"
  },
  "timestamp": "2026-01-19T12:00:00Z",
  "type": "rootly.incident"
}
```

***

### Get Incident

Retrieves full details for a Rootly incident by ID, including associated services, groups, timeline events, and action items.

**Configuration**

| Field       | Description                                               | Required |
| ----------- | --------------------------------------------------------- | -------- |
| Incident ID | The ID of the incident to retrieve — supports expressions | Yes      |

**Output**

Returns the full incident object including `id`, `sequential_id`, `title`, `slug`, `status`, `summary`, `severity`, `url`, `started_at`, `mitigated_at`, `resolved_at`, `user`, `started_by`, `services`, `groups`, `events`, and `action_items`.

```json theme={null}
{
  "data": {
    "action_items": [
      { "id": "ai-001", "status": "open", "summary": "Investigate root cause of latency increase" }
    ],
    "events": [
      { "created_at": "2026-01-19T12:00:00Z", "id": "evt-001", "kind": "incident_created", "visibility": "internal" }
    ],
    "groups": [
      { "id": "grp-001", "name": "Backend Team", "slug": "backend-team" }
    ],
    "id": "abc123-def456",
    "mitigated_at": "2026-01-19T12:30:00Z",
    "resolved_at": null,
    "sequential_id": 42,
    "services": [
      { "id": "svc-001", "name": "Production API", "slug": "production-api" }
    ],
    "severity": "sev1",
    "slug": "api-latency-spike-detected",
    "started_at": "2026-01-19T12:00:00Z",
    "started_by": { "email": "john@example.com", "full_name": "John Doe", "id": "user-002" },
    "status": "mitigated",
    "summary": "The API response times have increased significantly across all endpoints.",
    "title": "API latency spike detected",
    "url": "https://app.rootly.com/incidents/abc123-def456",
    "user": { "email": "jane@example.com", "full_name": "Jane Smith", "id": "user-001" }
  },
  "timestamp": "2026-01-19T12:05:00Z",
  "type": "rootly.incident"
}
```

***

### Update Incident

Modifies an existing Rootly incident. All fields except Incident ID are optional.

**Configuration**

| Field       | Description                                                                | Required |
| ----------- | -------------------------------------------------------------------------- | -------- |
| Incident ID | UUID of the incident to update — supports expressions                      | Yes      |
| Title       | Updated incident title — supports expressions                              | No       |
| Summary     | Updated incident summary — supports expressions                            | No       |
| Status      | Updated incident status                                                    | No       |
| Sub-Status  | Updated sub-status — required by some Rootly accounts when changing status | No       |
| Severity    | Updated severity level                                                     | No       |
| Services    | Services to attach to the incident                                         | No       |
| Teams       | Teams to attach to the incident                                            | No       |
| Labels      | Key-value labels for the incident                                          | No       |

**Output**

Returns `id`, `sequential_id`, `title`, `slug`, `status`, and `updated_at`.

```json theme={null}
{
  "data": {
    "id": "abc123-def456",
    "mitigated_at": "2026-01-19T13:30:00Z",
    "sequential_id": 42,
    "severity": "sev1",
    "slug": "database-connection-issues",
    "started_at": "2026-01-19T12:00:00Z",
    "status": "mitigated",
    "summary": "Root cause identified. Connection pool exhausted.",
    "title": "Database connection issues - Updated",
    "updated_at": "2026-01-19T13:30:00Z",
    "url": "https://app.rootly.com/incidents/abc123-def456"
  },
  "timestamp": "2026-01-19T13:30:00Z",
  "type": "rootly.incident"
}
```

## Troubleshooting

<AccordionGroup>
  <Accordion title="The On Incident trigger is not firing" icon="bolt">
    Confirm the Rootly component is connected in Superplane and the webhook is active. Superplane manages the webhook endpoint automatically — check the Superplane component settings to verify the connection status and that the correct incident events are selected.
  </Accordion>

  <Accordion title="The On Incident Timeline Event trigger is not firing" icon="bolt">
    Only timeline events with `kind: "event"` emit a trigger. System-generated events may use a different kind value. Also confirm any optional filters (severity, service, team, visibility) are not excluding the events you expect.
  </Accordion>

  <Accordion title="Actions are failing with authentication errors" icon="lock">
    The integration uses your Rootly API credentials configured in Superplane. Confirm the credentials have not been revoked in Rootly. See the [Superplane Rootly component docs](https://docs.superplane.com/components/rootly/) for credential configuration steps.
  </Accordion>

  <Accordion title="Update Incident fails when changing status" icon="triangle-exclamation">
    Some Rootly accounts require a Sub-Status value when updating the incident status. If your update fails after a status change, set the Sub-Status field in the Update Incident action.
  </Accordion>

  <Accordion title="Dynamic expressions are not resolving correctly" icon="code">
    All configuration fields support Superplane's dynamic expression syntax. Check that expressions reference valid incident fields from the trigger payload and that the syntax is correct. Test with a real incident event to inspect the available data shape.
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Build native Rootly workflows alongside your Superplane automations.
  </Card>

  <Card title="Rootly API" icon="code" href="/api-reference/overview">
    The Rootly API reference — the same endpoints Superplane uses to take actions on incidents.
  </Card>

  <Card title="Superplane Docs" icon="arrow-up-right-from-square" href="https://docs.superplane.com/components/rootly/">
    Full setup and configuration guide on the Superplane side.
  </Card>
</CardGroup>


# Terraform
Source: https://docs.rootly.com/integrations/terraform

Manage Rootly resources using infrastructure as code with the official Terraform provider for services, severities, workflows, and more.

## Overview

The Rootly Terraform provider lets you manage your entire Rootly configuration as code — severities, services, workflows, on-call schedules, escalation policies, form fields, alert routes, and more. With over 200 resources and 59 data sources, virtually every Rootly configuration object can be declared, versioned, and reviewed through your existing IaC pipeline.

* **Provider**: [rootlyhq/rootly](https://registry.terraform.io/providers/rootlyhq/rootly/latest) on the Terraform Registry
* **Current version**: 5.10.0
* **Minimum Terraform version**: 1.0
* **Downloads**: 1.1M+

## Authentication

The provider authenticates using a Rootly API token. Generate one from **Account > API Tokens** in your Rootly dashboard.

You can supply credentials via the provider block or environment variables. The environment variable approach is recommended to avoid committing secrets.

**Environment variables (recommended):**

```bash theme={null}
export ROOTLY_API_TOKEN="your-api-token"
export ROOTLY_API_URL="https://api.rootly.com"  # optional, defaults to https://api.rootly.com
```

**Provider block:**

```hcl theme={null}
provider "rootly" {
  api_token = var.rootly_api_token  # or set ROOTLY_API_TOKEN env var
  api_host  = "https://api.rootly.com"  # optional
}
```

| Parameter   | Env var            | Required                 | Default                  |
| ----------- | ------------------ | ------------------------ | ------------------------ |
| `api_token` | `ROOTLY_API_TOKEN` | Yes (if env var not set) | —                        |
| `api_host`  | `ROOTLY_API_URL`   | No                       | `https://api.rootly.com` |

## Installation

Declare the provider in your Terraform configuration and run `terraform init`:

```hcl theme={null}
terraform {
  required_providers {
    rootly = {
      source  = "rootlyhq/rootly"
      version = "~> 5.10"
    }
  }
}

provider "rootly" {
  # Uses ROOTLY_API_TOKEN env var by default
}
```

## Supported Resources

The provider covers 200+ resources across all major Rootly configuration areas.

<AccordionGroup>
  <Accordion title="Incidents & On-Call" icon="bell">
    Manage the building blocks of incident response and on-call operations.

    | Resource                              | Description                         |
    | ------------------------------------- | ----------------------------------- |
    | `rootly_severity`                     | Incident severity levels            |
    | `rootly_incident_type`                | Incident types                      |
    | `rootly_incident_role`                | Incident roles and task assignments |
    | `rootly_incident_sub_status`          | Custom sub-statuses                 |
    | `rootly_incident_permission_set`      | Permission sets for incident fields |
    | `rootly_cause`                        | Incident causes                     |
    | `rootly_environment`                  | Environments                        |
    | `rootly_on_call_role`                 | On-call roles                       |
    | `rootly_schedule`                     | On-call schedules                   |
    | `rootly_schedule_rotation`            | Schedule rotations                  |
    | `rootly_schedule_rotation_active_day` | Active days within rotations        |
    | `rootly_schedule_rotation_user`       | Users assigned to rotations         |
    | `rootly_on_call_shadow`               | Shadow assignments for learning     |
    | `rootly_override_shift`               | Schedule override shifts            |
    | `rootly_escalation_policy`            | Escalation policies                 |
    | `rootly_escalation_level`             | Escalation levels within a policy   |
    | `rootly_escalation_path`              | Escalation paths                    |
    | `rootly_team`                         | Teams                               |
  </Accordion>

  <Accordion title="Alerts" icon="triangle-exclamation">
    Configure alert routing, sources, urgencies, and grouping rules.

    | Resource                    | Description                          |
    | --------------------------- | ------------------------------------ |
    | `rootly_alerts_source`      | Alert sources (inbound integrations) |
    | `rootly_alert_route`        | Alert routing rules                  |
    | `rootly_alert_routing_rule` | Conditions within an alert route     |
    | `rootly_alert_group`        | Alert grouping configuration         |
    | `rootly_alert_urgency`      | Alert urgency levels                 |
    | `rootly_alert_field`        | Custom alert fields                  |
    | `rootly_heartbeat`          | Heartbeat monitors                   |
  </Accordion>

  <Accordion title="Workflows" icon="diagram-project">
    Automate incident response with workflows triggered by incidents, alerts, pulses, and more.

    | Resource                                 | Description                               |
    | ---------------------------------------- | ----------------------------------------- |
    | `rootly_workflow_incident`               | Workflows triggered by incident events    |
    | `rootly_workflow_alert`                  | Workflows triggered by alert events       |
    | `rootly_workflow_pulse`                  | Workflows triggered by pulses             |
    | `rootly_workflow_post_mortem`            | Workflows triggered by post-mortem events |
    | `rootly_workflow_simple`                 | Simple scheduled or manual workflows      |
    | `rootly_workflow_group`                  | Workflow groups for organization          |
    | `rootly_workflow_action_item`            | Action item automation within workflows   |
    | `rootly_workflow_custom_field_selection` | Custom field conditions on workflows      |
    | `rootly_workflow_form_field_condition`   | Form field conditions on workflows        |

    **132 workflow task types** are available as individual resources, covering integrations with Slack, Jira, PagerDuty, Datadog, GitHub, Notion, and many more. See the [full resource list](https://registry.terraform.io/providers/rootlyhq/rootly/latest/docs) in the Terraform Registry.
  </Accordion>

  <Accordion title="Services & Catalog" icon="server">
    Manage your service catalog, functionalities, and custom catalog entities.

    | Resource                            | Description                              |
    | ----------------------------------- | ---------------------------------------- |
    | `rootly_service`                    | Services in your catalog                 |
    | `rootly_functionality`              | Functionalities                          |
    | `rootly_catalog`                    | Custom catalogs                          |
    | `rootly_catalog_entity`             | Entities within a catalog                |
    | `rootly_catalog_property`           | Properties on catalog entities           |
    | `rootly_catalog_checklist_template` | Checklist templates for catalog entities |
  </Accordion>

  <Accordion title="Forms & Custom Fields" icon="list-check">
    Declare form fields, options, and placement rules for incident forms.

    | Resource                                | Description                                  |
    | --------------------------------------- | -------------------------------------------- |
    | `rootly_form_field`                     | Custom form fields                           |
    | `rootly_form_field_option`              | Options for multi-select and dropdown fields |
    | `rootly_form_field_placement`           | Field placement on incident forms            |
    | `rootly_form_field_placement_condition` | Conditions controlling field visibility      |
    | `rootly_form_field_position`            | Field ordering within a form                 |
    | `rootly_form_set`                       | Sets of form fields                          |
    | `rootly_form_set_condition`             | Conditions for form set activation           |
    | `rootly_custom_field`                   | Additional custom fields                     |
    | `rootly_custom_field_option`            | Options for custom fields                    |
    | `rootly_custom_form`                    | Custom form configurations                   |
  </Accordion>

  <Accordion title="Retrospectives & Post-Mortems" icon="magnifying-glass">
    Manage retrospective templates and processes.

    | Resource                                  | Description                       |
    | ----------------------------------------- | --------------------------------- |
    | `rootly_post_mortem_template`             | Post-mortem document templates    |
    | `rootly_retrospective_configuration`      | Retrospective configuration       |
    | `rootly_retrospective_process`            | Retrospective process definitions |
    | `rootly_retrospective_process_group`      | Process groups                    |
    | `rootly_retrospective_process_group_step` | Steps within process groups       |
    | `rootly_retrospective_step`               | Individual retrospective steps    |
  </Accordion>

  <Accordion title="Status Pages" icon="signal">
    Manage status pages and their templates.

    | Resource                      | Description                  |
    | ----------------------------- | ---------------------------- |
    | `rootly_status_page`          | Status pages                 |
    | `rootly_status_page_template` | Status page update templates |
  </Accordion>

  <Accordion title="Communications & Roles" icon="comments">
    Manage communication templates, channels, and RBAC roles.

    | Resource                         | Description                     |
    | -------------------------------- | ------------------------------- |
    | `rootly_role`                    | RBAC roles                      |
    | `rootly_authorization`           | Role-based authorizations       |
    | `rootly_communications_template` | Communication message templates |
    | `rootly_communications_type`     | Communication types             |
    | `rootly_communications_stage`    | Communication stages            |
    | `rootly_communications_group`    | Communication groups            |
    | `rootly_webhooks_endpoint`       | Outbound webhook endpoints      |
    | `rootly_secret`                  | Secrets for use in workflows    |
    | `rootly_dashboard`               | Dashboards                      |
    | `rootly_dashboard_panel`         | Dashboard panels                |
    | `rootly_playbook`                | Playbooks                       |
    | `rootly_playbook_task`           | Tasks within a playbook         |
    | `rootly_live_call_router`        | Live call router configuration  |
  </Accordion>
</AccordionGroup>

## Data Sources

59 data sources let you reference existing Rootly resources in your configuration without managing them through Terraform.

```hcl theme={null}
# Look up an existing service
data "rootly_service" "payments" {
  slug = "payments"
}

# Look up an existing team
data "rootly_team" "platform" {
  slug = "platform"
}

# Reference them in a resource
resource "rootly_escalation_policy" "platform" {
  name    = "Platform On-Call"
  team_id = data.rootly_team.platform.id
}
```

Available data sources include: `service`, `services`, `team`, `teams`, `severity`, `severities`, `environment`, `environments`, `functionality`, `functionalities`, `schedule`, `user`, `role`, `incident`, `workflow`, `alert_route`, `escalation_policy`, `on_call_role`, and more.

## Examples

### Severities and services

```hcl theme={null}
resource "rootly_severity" "sev0" {
  name  = "SEV0"
  color = "#FF0000"
}

resource "rootly_severity" "sev1" {
  name  = "SEV1"
  color = "#FFA500"
}

resource "rootly_service" "payments_prod" {
  name  = "payments-prod"
  color = "#800080"
}
```

### On-call schedule with rotation

```hcl theme={null}
resource "rootly_schedule" "platform_oncall" {
  name = "Platform On-Call"
}

resource "rootly_schedule_rotation" "weekly" {
  schedule_id = rootly_schedule.platform_oncall.id
  name        = "Weekly Rotation"
}

resource "rootly_schedule_rotation_user" "alice" {
  schedule_rotation_id = rootly_schedule_rotation.weekly.id
  user_id              = "alice-user-id"
  position             = 0
}
```

### Workflow with Jira task

```hcl theme={null}
resource "rootly_workflow_incident" "jira" {
  name        = "Create a Jira Issue"
  description = "Open Jira ticket whenever incident starts"
  trigger_params {
    triggers                  = ["incident_created"]
    incident_condition_kind   = "IS"
    incident_kinds            = ["normal"]
    incident_condition_status = "IS"
    incident_statuses         = ["started"]
  }
  enabled = true
}

resource "rootly_workflow_task_create_jira_issue" "jira" {
  workflow_id = rootly_workflow_incident.jira.id
  task_params {
    title       = "{{ incident.title }}"
    description = "{{ incident.summary }}"
    project_key = "ROOT"
    issue_type = {
      id   = "10001"
      name = "Task"
    }
    status = {
      id   = "10000"
      name = "To Do"
    }
    labels = "{{ incident.environment_slugs | concat: incident.service_slugs | join: \",\" }}"
  }
}
```

### Custom form field

```hcl theme={null}
resource "rootly_form_field" "regions_affected" {
  name       = "Regions affected"
  kind       = "custom"
  input_kind = "multi_select"
  shown      = ["web_new_incident_form", "web_update_incident_form"]
  required   = ["web_new_incident_form"]
}

resource "rootly_form_field_option" "us_east" {
  form_field_id = rootly_form_field.regions_affected.id
  value         = "US East"
}

resource "rootly_form_field_option" "eu_west" {
  form_field_id = rootly_form_field.regions_affected.id
  value         = "EU West"
}
```

## Importing Existing Resources

Resources already configured in Rootly can be imported into Terraform state without recreating them:

```bash theme={null}
terraform import rootly_severity.sev0 <severity-id>
terraform import rootly_service.payments_prod <service-id>
terraform import rootly_workflow_incident.jira <workflow-id>
```

Resource IDs can be found in the Rootly API or in the URL when viewing a resource in the dashboard.

## Related Pages

<CardGroup>
  <Card title="Pulumi" icon="https://mintcdn.com/rootly/Elm2B9K1HrybvGWA/images/integrations/logos/pulumi.svg?fit=max&auto=format&n=Elm2B9K1HrybvGWA&q=85&s=ea1b2c5e0de58bc7e32b6b2c33231094" href="/integrations/pulumi">
    Manage Rootly resources with Pulumi using JavaScript or TypeScript.
  </Card>

  <Card title="API Reference" icon="code" href="/api-reference">
    Explore the full Rootly REST API that powers the Terraform provider.
  </Card>
</CardGroup>


# Installation
Source: https://docs.rootly.com/integrations/trello/installation

Install the Trello integration in Rootly to automatically create and update cards in Trello boards from incidents, action items, and follow-up workflows.

## Introduction

The Trello integration connects Rootly with your Trello account so teams can automatically create and update cards through Genius workflows. Cards can be placed on any board and list, assigned labels, and given due dates — all driven by incident data.

With the Trello integration, you can:

* Automatically create Trello cards when incidents are declared or reach a certain state
* Update card title, description, labels, due date, and position as incidents evolve
* Move cards between lists and boards as incident status changes
* Archive cards automatically when incidents are resolved

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A Trello account with access to the boards you want to use

<Callout icon="user-shield">
  We recommend installing with a dedicated Trello service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the Trello integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Trello**.
  </Step>

  <Step title="Authorize Rootly with Trello" icon="key">
    You will be redirected to Trello to sign in and grant Rootly permission to access your account.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Once authorized, the installation is complete.

    <Callout icon="circle-check">
      After authorization, the **Create a Trello Card** and **Update a Trello Card** workflow actions are available in your Genius workflows.
    </Callout>
  </Step>
</Steps>

## Uninstall

To remove the Trello integration, open the integrations panel in Rootly and select **Configure > Delete**.


# Workflows
Source: https://docs.rootly.com/integrations/trello/workflow

Configure Trello workflow actions in Rootly to create and update cards from incidents with board, list, and label assignment for follow-up tracking.

## Overview

The Trello integration provides two workflow actions for managing cards from Rootly incidents. If you are unfamiliar with how Genius workflows work, visit the [Workflows](/workflows) documentation first.

Trello organizes content in a hierarchy: **Boards → Lists → Cards**. When configuring workflow actions, select the board first, then the list within that board.

## Available Workflow Actions

### Create a Trello Card

This action creates a new card in a specified Trello list.

| Field           | Description                                                                   | Required |
| --------------- | ----------------------------------------------------------------------------- | -------- |
| **Name**        | Display name for this workflow action                                         |          |
| **Board**       | Trello board where the card will be created                                   | Yes      |
| **List**        | List within the selected board                                                | Yes      |
| **Title**       | Card title. Defaults to `{{ incident.title }}`. Supports Liquid               | Yes      |
| **Description** | Card description. Supports Liquid                                             |          |
| **Labels**      | One or more Trello labels to apply. Labels are loaded from the selected board |          |
| **Due Date**    | Card due date. Supports Liquid                                                |          |

<Frame>
  <img alt="Document Image" />
</Frame>

<Callout icon="lightbulb">
  Use the [Incident Variable Explorer](https://rootly.com/account/help/liquid-explorer) to preview what Liquid variables return for your incidents.
</Callout>

***

### Update a Trello Card

This action updates an existing Trello card.

<Callout icon="info">
  When a **Create a Trello Card** action runs, Rootly stores the resulting card ID on the incident record. Reference it in subsequent update actions using Liquid variables.
</Callout>

| Field           | Description                                                                      | Required |
| --------------- | -------------------------------------------------------------------------------- | -------- |
| **Name**        | Display name for this workflow action                                            |          |
| **Card ID**     | Trello card ID to update. Supports Liquid                                        | Yes      |
| **Board**       | Board to move the card to. Leave blank to keep on current board                  |          |
| **List**        | List to move the card to. Leave blank to keep in current list                    |          |
| **Title**       | Updated card title. Supports Liquid. Leave blank to keep existing                |          |
| **Description** | Updated card description. Supports Liquid                                        |          |
| **Labels**      | Updated labels. Filtered by the selected board                                   |          |
| **Due Date**    | Updated due date. Supports Liquid                                                |          |
| **Archivation** | Whether to archive the card. **Auto** mirrors the incident or action item status | Yes      |

<Frame>
  <img alt="Document Image" />
</Frame>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Board or list is not appearing in the dropdown" icon="circle-exclamation">
    Rootly loads boards and lists from your authorized Trello account. If boards you expect to see are missing, confirm the authorizing user has access to those boards. Re-authenticating the integration may refresh the available list.
  </Accordion>

  <Accordion title="Labels are not available for selection" icon="tag">
    Labels in Trello are scoped to a specific board. Select a board first — labels will load automatically based on the selected board.
  </Accordion>
</AccordionGroup>


# Terminal UI (TUI)
Source: https://docs.rootly.com/integrations/tui

View and manage Rootly incidents and alerts from your terminal with the Rootly TUI application, a fast keyboard-driven interface for on-call responders.

<Warning>
  The Rootly TUI is currently in **early preview**. Features may change and some functionality may be limited. Feedback and bug reports are welcome on [GitHub](https://github.com/rootlyhq/rootly-tui/issues).
</Warning>

## Overview

The Rootly TUI is a terminal-based interface for monitoring and triaging incidents and alerts without leaving your command line. Built for engineers who prefer keyboard-driven workflows, it connects directly to the Rootly API using your API key.

<CardGroup>
  <Card title="Incidents & Alerts" icon="terminal">
    Browse incidents and alerts with full detail views — severity, status, timeline, roles, labels, and more.
  </Card>

  <Card title="Keyboard-Driven" icon="keyboard">
    Vim-style navigation (`j`/`k`) and intuitive shortcuts for fast, mouse-free operation.
  </Card>

  <Card title="Multi-language" icon="language">
    Available in 12 languages including Spanish, French, Japanese, Arabic, and more.
  </Card>

  <Card title="Open Source" icon="code-branch">
    Fully open source at [rootlyhq/rootly-tui](https://github.com/rootlyhq/rootly-tui). Contributions welcome.
  </Card>
</CardGroup>

## Requirements

* Terminal with 256-color support
* Minimum terminal size: 80×24
* A Rootly API key (generate one from **Settings → API Keys**)

## Installation

<CodeGroup>
  ```bash Homebrew (macOS/Linux) theme={null}
  brew install rootlyhq/tap/rootly-tui
  ```

  ```bash Go theme={null}
  go install github.com/rootlyhq/rootly-tui/cmd/rootly-tui@latest
  ```

  ```bash Build from source theme={null}
  git clone https://github.com/rootlyhq/rootly-tui.git
  cd rootly-tui && make build && ./bin/rootly-tui
  ```
</CodeGroup>

Or download a pre-built binary from [GitHub Releases](https://github.com/rootlyhq/rootly-tui/releases).

## Quick Start

<Steps>
  <Step title="Launch the TUI">
    ```bash theme={null}
    rootly-tui
    ```
  </Step>

  <Step title="Configure your credentials">
    On first launch, you'll be prompted to configure:

    | Setting          | Description                                       | Default          |
    | ---------------- | ------------------------------------------------- | ---------------- |
    | **API Endpoint** | Usually `api.rootly.com`, or your custom endpoint | `api.rootly.com` |
    | **API Key**      | Your Rootly API key                               | —                |
    | **Timezone**     | Timezone for displaying timestamps                | `UTC`            |
    | **Language**     | Display language                                  | `en_US`          |
    | **Layout**       | Panel layout: `horizontal` or `vertical`          | `horizontal`     |

    To update settings later, press `s` in the app.
  </Step>

  <Step title="Navigate incidents and alerts">
    Use `Tab` to switch between the **Incidents** and **Alerts** tabs. Press `Enter` on any item to load its full details.
  </Step>
</Steps>

## Keyboard Shortcuts

### Navigation

| Key       | Action                                   |
| --------- | ---------------------------------------- |
| `j` / `↓` | Move cursor down                         |
| `k` / `↑` | Move cursor up                           |
| `g`       | Go to first item                         |
| `G`       | Go to last item                          |
| `[`       | Previous page                            |
| `]`       | Next page                                |
| `Tab`     | Switch between Incidents and Alerts tabs |

### Actions

| Key     | Action                           |
| ------- | -------------------------------- |
| `Enter` | View details / focus detail pane |
| `o`     | Open in browser                  |
| `c`     | Copy to clipboard                |
| `r`     | Refresh data                     |
| `S`     | Sort menu                        |

### General

| Key                    | Action          |
| ---------------------- | --------------- |
| `l`                    | View debug logs |
| `s`                    | Open settings   |
| `A`                    | About           |
| `?`                    | Show help       |
| `q` / `Esc` / `Ctrl+C` | Quit            |

## Command Line Options

| Flag           | Description                    |
| -------------- | ------------------------------ |
| `--debug`      | Enable debug logging to stderr |
| `--log <file>` | Write debug logs to a file     |
| `--version`    | Show version information       |

### Debug Mode

```bash theme={null}
# Log to stderr
rootly-tui --debug

# Log to file
rootly-tui --log debug.log

# Log to stderr, redirect to file
rootly-tui --debug 2> debug.log
```

Press `l` in the app to open the built-in log viewer.

## Configuration File

Settings are stored at `~/.rootly-tui/config.yaml`:

```yaml theme={null}
api_key: "your-api-key"
endpoint: "api.rootly.com"
timezone: "UTC"
language: "en_US"
layout: "horizontal"
```

## Supported Languages

English (US/GB) · Spanish · French · German · Chinese (Simplified) · Japanese · Russian · Portuguese (Brazilian) · Hindi · Arabic · Bengali

## Feedback & Support

* **Bug reports & feature requests**: [GitHub Issues](https://github.com/rootlyhq/rootly-tui/issues)
* **Source code**: [github.com/rootlyhq/rootly-tui](https://github.com/rootlyhq/rootly-tui)


# Twitter / X
Source: https://docs.rootly.com/integrations/twitter

Post incident updates to Twitter directly from Rootly workflows or the incident timeline to keep customers and stakeholders informed in real time.

## Overview

Rootly's Twitter integration lets your team publish incident updates to your organization's Twitter/X account without leaving the incident response flow. You can tweet via a workflow action or directly from the incident timeline.

<CardGroup>
  <Card title="Workflow Tweets" icon="rotate">
    Automatically post status updates to Twitter at any point in an incident workflow — on creation, escalation, or resolution.
  </Card>

  <Card title="Timeline Posting" icon="clock">
    Share a timeline entry directly to Twitter by setting its visibility to **incident responders + private status page + twitter**.
  </Card>
</CardGroup>

## Before You Begin

* You must be a Rootly admin to set up the integration
* You need access to the Twitter/X account you want to post from

<Warning>
  Use a **dedicated service account** rather than a personal Twitter account. If the user who connected the integration leaves or loses access, the integration will stop working.
</Warning>

## Installation

Connecting Twitter to Rootly is a single OAuth step — no API keys to copy.

<Steps>
  <Step title="Open the Twitter integration in Rootly">
    Go to **Configuration → Integrations**, find **Twitter**, and click **Setup**.

    <Frame>
      <img alt="Twitter integration in the Available Integrations list" />
    </Frame>
  </Step>

  <Step title="Authorize with Twitter">
    You'll be redirected to Twitter to sign in and grant Rootly permission to post on your behalf. After authorizing, you'll be returned to Rootly and the integration will show as connected under your account's `@handle`.
  </Step>
</Steps>

## Posting from the Incident Timeline

You can tweet a timeline entry directly from the incident by changing the visibility of the update.

When adding a comment to the incident timeline, open the visibility dropdown and select **incident responders + private status page + twitter**. Rootly will post the entry as a tweet on your connected account.

<Frame>
  <img alt="Incident timeline visibility dropdown showing the Twitter option" />
</Frame>

## Workflow Action

### Tweet a Message

Posts a tweet to your connected Twitter account from a workflow.

<ParamField type="string">
  The text content of the tweet. Supports [Liquid variables](/liquid/incident-variables) — for example, `{{ incident.title }}` or `{{ incident.status }}`. Twitter's character limit applies.
</ParamField>

<Tip>
  Use Liquid to make tweets dynamic — for example: `"Incident resolved: {{ incident.title }}. Thanks for your patience."` will automatically fill in the incident title at runtime.
</Tip>

## Uninstall

To remove the Twitter integration:

1. Go to **Configuration → Integrations** and find **Twitter**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I connect multiple Twitter accounts?" icon="circle-question">
    No. Rootly supports one connected Twitter account per organization. To switch accounts, disconnect the current integration and reconnect with the new account.
  </Accordion>

  <Accordion title="What happens if the OAuth token expires?" icon="circle-question">
    Rootly automatically refreshes the OAuth token in the background. If refresh fails — for example, if the connected account's permissions were revoked — tweets will fail until you reconnect. This is why a dedicated service account is recommended.
  </Accordion>

  <Accordion title="Is there a character limit on tweets?" icon="circle-question">
    Yes — Twitter's standard 280-character limit applies. Rootly does not truncate the message automatically, so keep your Liquid templates short enough to stay within the limit.
  </Accordion>

  <Accordion title="Can I attach images or media to tweets?" icon="circle-question">
    Not currently. The workflow action supports text-only tweets.
  </Accordion>
</AccordionGroup>


# VictorOps (Splunk On-Call)
Source: https://docs.rootly.com/integrations/victor-ops

Connect VictorOps (Splunk On-Call) to Rootly for API-based escalation, optional inbound webhooks, linked incident workflows, and Slack-based paging.

## Introduction

The VictorOps integration connects Rootly with Splunk On-Call so teams can escalate incidents into VictorOps, receive supported VictorOps webhook activity in Rootly, and keep incident response workflows coordinated across both systems.

This integration is a strong fit for teams that already use VictorOps for alerting or on-call response and want Rootly to act as the central place for incident coordination and automation.

With the VictorOps integration, you can:

* Connect Rootly to VictorOps with API credentials
* Receive supported VictorOps webhook events in Rootly
* Create and update VictorOps incidents from Rootly escalation flows
* Resolve linked VictorOps incidents from Rootly
* Page VictorOps teams from Slack when the Slack integration is enabled

## Before You Begin

Before installing the integration, make sure you have:

* A Rootly account with permission to manage integrations
* A VictorOps (Splunk On-Call) account with access to API credentials
* Access to create outgoing webhooks or REST hook integrations in VictorOps
* The VictorOps teams you want Rootly to page or sync with

<Note>
  Rootly uses two separate credential types for this integration:

  * The **VictorOps API ID and API Key** are used for Rootly-to-VictorOps API requests
  * The **Rootly webhook secret** is used when VictorOps sends webhook events into Rootly
</Note>

## Install the VictorOps Integration in Rootly

<Steps>
  <Step title="Open the VictorOps integration in Rootly" icon="plug">
    Go to the integrations page in Rootly and choose **VictorOps (Splunk On-Call)**.

    <Frame>
      <img alt="VictorOps integration on the integrations page" />
    </Frame>
  </Step>

  <Step title="Connect VictorOps with a service account" icon="user-shield">
    We recommend connecting VictorOps with a dedicated service account so the integration does not break if an individual user leaves your organization.
  </Step>
</Steps>

## Configure API Access in VictorOps

Rootly uses VictorOps API credentials to create incidents, reroute responders, and resolve linked incidents.

<Steps>
  <Step title="Retrieve the VictorOps API credentials" icon="key">
    In the VictorOps portal, locate the API credentials you will use for the Rootly integration.

    <Frame>
      <img alt="VictorOps API credentials page" />
    </Frame>
  </Step>

  <Step title="Copy the API credentials into Rootly" icon="copy">
    Paste the VictorOps API ID and API Key into the VictorOps integration settings in Rootly and save the integration.
  </Step>
</Steps>

## Configure VictorOps Webhooks

VictorOps can optionally send webhook events into Rootly so Rootly can create alerts and add linked incident activity.

<Steps>
  <Step title="Open webhook configuration in VictorOps" icon="webhook">
    In VictorOps, configure an outgoing webhook or REST hook for the integration.

    <Frame>
      <img alt="VictorOps webhook setup" />
    </Frame>
  </Step>

  <Step title="Use the Rootly webhook URL and secret" icon="lock">
    Copy the webhook URL shown in Rootly and use it when creating the VictorOps webhook.

    Rootly typically expects the webhook secret to be included as a query parameter on the URL it provides, such as `?secret=...`, unless the Rootly UI shows a different format for your workspace.

    <Frame>
      <img alt="VictorOps webhook configuration details" />
    </Frame>
  </Step>
</Steps>

## Supported VictorOps Webhook Behavior

Rootly processes VictorOps webhooks in these cases:

* The notification type is **unset**, which is the typical new-alert style payload
* The notification type is **`ACKNOWLEDGEMENT`**
* The notification type is **`RECOVERY`**

Other notification types are ignored.

In general:

* Unset notification-type events can create Rootly alerts
* `ACKNOWLEDGEMENT` events can add linked incident activity in Rootly
* `RECOVERY` events can add linked incident activity in Rootly

If an incoming VictorOps event is already tied to a synced Rootly incident, Rootly may skip creating a duplicate alert.

## Escalate to VictorOps from Rootly

Rootly can create and update VictorOps incidents when a Rootly incident needs escalation.

This is commonly used when:

* A Rootly incident needs to notify a VictorOps team
* An escalation action should create a VictorOps incident
* A Slack-driven incident flow needs to page VictorOps responders

When Rootly escalates into VictorOps, it stores the linked VictorOps incident information on the Rootly incident for later synchronization.

## Reroute Incidents

Rootly can add responders to an existing VictorOps incident without creating a new one. This is useful when an incident is already active in VictorOps and you need to bring in additional teams or users.

You can configure this through a workflow action targeting the linked VictorOps incident. Rootly will route the incident to the specified users or teams using the VictorOps reroute API.

## Default Workflows

When the VictorOps integration is connected, Rootly can create default workflows to support common VictorOps actions.

These workflows typically include:

* Adding VictorOps on-call responders into the incident workflow
* Automatically resolving linked VictorOps incidents when the Rootly incident is resolved

Review these workflows after installation so they match your team’s escalation process.

## Import Teams

If your VictorOps migration flow is enabled in your workspace, you can import VictorOps teams into Rootly teams as part of your setup.

This is useful when you want to align Rootly team structure with your existing VictorOps configuration.

## Paging from Slack

If the Slack integration is enabled, responders can page VictorOps teams directly from Slack.

<Steps>
  <Step title="Page VictorOps from Slack" icon="slack">
    Use the Slack integration to trigger VictorOps paging directly from the incident workflow in Slack.

    <Frame>
      <img alt="Page VictorOps from Slack" />
    </Frame>
  </Step>
</Steps>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Why is VictorOps webhook delivery failing?" icon="triangle-exclamation">
    The most common cause is an incorrect or missing Rootly webhook secret. Rootly uses that secret to authenticate incoming VictorOps webhook events.
  </Accordion>

  <Accordion title="Why are no alerts appearing in Rootly?" icon="eye-slash">
    Confirm that VictorOps is sending one of the supported webhook notification types and that the webhook is pointed at the correct Rootly URL. Unsupported notification types are ignored.
  </Accordion>

  <Accordion title="Why didn’t Rootly create a new alert from a VictorOps webhook?" icon="copy">
    If the VictorOps event is already associated with a synced Rootly incident, Rootly may skip creating a duplicate alert and instead add linked incident activity.
  </Accordion>

  <Accordion title="Why did VictorOps escalation or sync stop working?" icon="circle-exclamation">
    Check your VictorOps API ID and API Key, and confirm the integration still has valid access. Incoming webhook-created alerts are also subject to your Rootly alert limits.
  </Accordion>
</AccordionGroup>


# Installation
Source: https://docs.rootly.com/integrations/webex/installation

Connect Webex to Rootly via OAuth to enable automatic meeting creation for incidents, with meeting links shared in Slack channels and notifications.

## Overview

Connecting Webex to Rootly takes just a few minutes. You'll authorize Rootly to access your Webex account via OAuth, after which the **Create Webex Meeting** workflow action becomes available.

## Before You Begin

<Note>
  We recommend installing with a **service account** (e.g., `incidents@yourcompany.com`) rather than a personal account. This ensures the integration stays active if the installing user leaves the company.

  You must be logged into Rootly as an **Admin** to complete setup.
</Note>

## Connect Webex to Rootly

<Steps>
  <Step title="Open Integrations">
    In Rootly, go to **Configuration → Integrations** and find **Webex**. Click **Setup**.

    <Frame>
      <img alt="Rootly integrations page showing Webex" />
    </Frame>
  </Step>

  <Step title="Authorize in Webex">
    You'll be redirected to Webex. Sign in with your Webex account (or create one), then click **Allow** to grant Rootly access.

    <Frame>
      <img alt="Webex OAuth authorization screen" />
    </Frame>
  </Step>

  <Step title="Confirm Connection">
    You'll be redirected back to Rootly. The integration will show as **Connected**.

    <Frame>
      <img alt="Webex integration connected in Rootly" />
    </Frame>
  </Step>
</Steps>

## Uninstall

To remove the Webex integration:

1. Go to **Configuration → Integrations** and find **Webex**
2. Click **Connected** to reveal the disconnect option
3. Click **Disconnect**

<Frame>
  <img alt="Click Connected to reveal the Disconnect option" />
</Frame>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I use a personal Webex account instead of a service account?" icon="circle-question">
    Yes, but it's not recommended. If the personal account is deactivated or the user leaves the company, the integration will stop working. A shared service account avoids this risk.
  </Accordion>

  <Accordion title="What permissions does Rootly request from Webex?" icon="circle-question">
    Rootly requests OAuth permissions to create meetings on behalf of the connected account. Rootly does not read your existing meetings or contacts.
  </Accordion>

  <Accordion title="Can I connect multiple Webex accounts?" icon="circle-question">
    Only one Webex account can be connected at a time per Rootly organization.
  </Accordion>
</AccordionGroup>


# Webex
Source: https://docs.rootly.com/integrations/webex/webex

Automatically create Webex meeting links for Rootly incidents and surface them directly in Slack channels and notifications for fast responder collaboration.

Rootly's Webex integration automatically creates a dedicated meeting bridge for each incident so responders can jump into a call without manual setup.

## Overview

When an incident is declared, Rootly can trigger a workflow action that spins up a Webex meeting and posts the link directly into the incident's Slack channel. This gives your team a consistent, instant way to jump on a call the moment something goes wrong.

<CardGroup>
  <Card title="Automatic Meeting Creation" icon="video">
    One Webex meeting per incident, created the moment the workflow triggers.
  </Card>

  <Card title="Dynamic Meeting Names" icon="pen-to-square">
    Set titles using Liquid variables like `{{ incident.title }}` or `{{ incident.severity }}`.
  </Card>

  <Card title="Slack-Native" icon="hashtag">
    The meeting link is automatically posted to the incident's Slack channel.
  </Card>

  <Card title="Secure Passwords" icon="lock">
    Rootly generates a secure password for each meeting automatically.
  </Card>
</CardGroup>

## Before You Begin

* You must have a Webex account (a service account is recommended)
* You must be a Rootly admin to install the integration
* The Slack integration should already be configured if you want meeting links posted to incident channels

## Get Started

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/webex/installation">
    Connect your Webex account to Rootly
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/webex/workflows">
    Set up automated meeting creation
  </Card>
</CardGroup>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I create multiple Webex meetings for one incident?" icon="circle-question">
    No. Rootly enforces one Webex meeting per incident. If the **Create Webex Meeting** action runs again for the same incident, it will be skipped.
  </Accordion>

  <Accordion title="Do I need a paid Webex account?" icon="circle-question">
    A free Webex account works for basic meeting creation. However, some meeting features (longer durations, larger participant limits) require a paid Webex plan.
  </Accordion>

  <Accordion title="Will the meeting link appear in Slack automatically?" icon="circle-question">
    Yes, if you configure the **Slack Channels** field in the workflow action. Use `{{ incident.slack_channel_id }}` to post to the incident's dedicated channel.
  </Accordion>

  <Accordion title="What happens if the installing user leaves the company?" icon="circle-question">
    If the Webex account used during OAuth setup is deactivated, the integration will stop working. Use a shared service account (e.g., `incidents@yourcompany.com`) to avoid this.
  </Accordion>
</AccordionGroup>


# Workflows
Source: https://docs.rootly.com/integrations/webex/workflows

Automatically create Webex meeting links for incidents using Rootly workflow actions, with attendee invitations and links shared in Slack channels.

## Overview

The Webex integration unlocks a workflow action that automatically creates a Webex meeting for each incident. If you're unfamiliar with how workflows function, see the [Workflows](/workflows/workflows) documentation first.

<Frame>
  <img alt="Webex workflow action in Rootly" />
</Frame>

## Available Actions

### Create Webex Meeting

This action creates a Webex meeting link for a specific incident.

<Warning>
  Rootly enforces one Webex meeting per incident. If this action runs again for the same incident, it will be skipped.
</Warning>

<Frame>
  <img alt="Create Webex Meeting action configuration" />
</Frame>

<ParamField type="string">
  The title of the Webex meeting. Defaults to `{{ incident.title }}`. Supports [Liquid variables](/liquid/incident-variables).
</ParamField>

<ParamField type="string">
  The meeting password. Leave blank to have Rootly generate a secure password automatically.
</ParamField>

<ParamField type="string">
  One or more Slack channels to post the meeting link to. Use `{{ incident.slack_channel_id }}` to post to the incident channel, or `{{ parent_incident.slack_channel_id }}` for the parent incident's channel.
</ParamField>

<Tip>
  Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to preview what values Liquid variables return before saving your workflow.
</Tip>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I customize the meeting name per incident type?" icon="circle-question">
    Yes. Use Liquid variables in the **Meeting Name** field. For example: `{{ incident.severity }} - {{ incident.title }}` will produce names like `SEV1 - Database Outage`.
  </Accordion>

  <Accordion title="What trigger should I use for this action?" icon="circle-question">
    The most common trigger is **Incident Created**. This creates the meeting immediately when an incident is declared. You can also use **Incident Updated** if you want to create a meeting only when certain conditions are met (e.g., severity escalates to SEV1).
  </Accordion>

  <Accordion title="How do I make sure the meeting link appears in Slack?" icon="circle-question">
    Set the **Slack Channels** field to `{{ incident.slack_channel_id }}`. This requires the Slack integration to be installed and a channel to already exist for the incident (typically created by a separate workflow action earlier in the same workflow).
  </Accordion>
</AccordionGroup>


# Zapier
Source: https://docs.rootly.com/integrations/zapier

Connect Rootly with thousands of apps through Zapier to automate incident workflows without code, including ticketing, notifications, CRM, and reporting.

## Introduction

The Rootly–Zapier integration lets you connect Rootly to thousands of apps without writing any code. You can trigger Zaps when incident events occur in Rootly, and take actions on Rootly — creating incidents, updating their status, and more — from any app in the Zapier ecosystem.

## Before You Begin

Before building Zaps with Rootly, make sure you have:

* A Rootly account with permission to manage integrations
* A Zapier account
* A Rootly API key — generate one in **Account** > **Manage API keys** > **Generate New API Key**

## Installation

<Steps>
  <Step title="Open the Rootly app on Zapier" icon="arrow-up-right-from-square">
    Go to [zapier.com/apps/rootly/integrations](https://zapier.com/apps/rootly/integrations) and select **Connect Rootly**.
  </Step>

  <Step title="Authenticate with your Rootly API key" icon="key">
    When prompted, paste your Rootly API key. Zapier uses this to authenticate all trigger and action calls on your behalf.
  </Step>

  <Step title="Build your Zap" icon="bolt">
    <Callout icon="circle-check">
      Rootly is connected. You can now select any Rootly trigger or action when building a Zap.
    </Callout>
  </Step>
</Steps>

## Triggers

Rootly sends webhook events to Zapier when the following events occur. Use these as the starting point for your Zaps.

<Frame>
  <img alt="Rootly triggers available in Zapier" />
</Frame>

### Incident Events

| Event                | Description                        |
| -------------------- | ---------------------------------- |
| `incident.created`   | A new incident was opened          |
| `incident.updated`   | An incident's fields were modified |
| `incident.in_triage` | An incident moved to in triage     |
| `incident.mitigated` | An incident was mitigated          |
| `incident.resolved`  | An incident was resolved           |
| `incident.cancelled` | An incident was cancelled          |
| `incident.deleted`   | An incident was deleted            |

### Scheduled Incident Events

| Event                            | Description                      |
| -------------------------------- | -------------------------------- |
| `incident.scheduled.created`     | A scheduled incident was created |
| `incident.scheduled.updated`     | A scheduled incident was updated |
| `incident.scheduled.in_progress` | A scheduled incident started     |
| `incident.scheduled.completed`   | A scheduled incident completed   |
| `incident.scheduled.deleted`     | A scheduled incident was deleted |

### Other Events

| Event                                                          | Description                  |
| -------------------------------------------------------------- | ---------------------------- |
| `incident_post_mortem.created/updated/published/deleted`       | Post-mortem lifecycle events |
| `incident_status_page_event.created/updated/deleted`           | Status page event changes    |
| `incident_event.created/updated/deleted`                       | Incident timeline events     |
| `alert.created`                                                | A new alert was received     |
| `genius_workflow_run.queued/started/completed/failed/canceled` | Workflow run state changes   |
| `pulse.created`                                                | A new pulse was created      |

## Actions

Use Rootly actions as steps in any Zap to manage incidents from external apps.

<Frame>
  <img alt="Rootly actions available in Zapier" />
</Frame>

### Create Incident

Creates a new Rootly incident. Supports setting the title, summary, and severity.

### Update Incident

Modifies an existing incident — title, summary, severity, status, services, teams, and labels are all updatable.

### Incident State Transitions

Trigger status changes on existing incidents:

* Mark as **In Triage**
* Mark as **Mitigated**
* Mark as **Resolved**
* Mark as **Cancelled**

### Create Alert

Creates or updates an alert in Rootly.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Zapier cannot connect with my API key" icon="key">
    Confirm the API key is active and has not been revoked. Go to **Account** > **Manage API keys** in Rootly and verify the key exists. Zapier authenticates each request using the key you provided during setup — if the key was regenerated or deleted, you'll need to reconnect the Rootly app in Zapier.
  </Accordion>

  <Accordion title="Triggers are not firing" icon="bolt">
    Zapier polls for new trigger data on a schedule based on your Zapier plan. Events are not delivered in real time on all plans. If you need immediate delivery, check your Zapier plan's polling frequency. Also confirm your Zap is turned on and the trigger step is configured with the correct event type.
  </Accordion>

  <Accordion title="Actions are failing with API errors" icon="triangle-exclamation">
    Rootly's API requires that all fields passed to actions are valid. Check the error message returned by Zapier for details — common causes include an invalid incident ID, an unsupported severity value, or a missing required field. Refer to the [Rootly API reference](/api-reference/overview) for valid field values.
  </Accordion>

  <Accordion title="I am not seeing all trigger event types" icon="list">
    The events available in Zapier reflect what Rootly publishes via webhooks. If you need an event type that is not available, contact [support@rootly.com](mailto:support@rootly.com).
  </Accordion>
</AccordionGroup>

## Related Pages

<CardGroup>
  <Card title="Incident Workflows" icon="bolt" href="/workflows/incident-workflows">
    Build native Rootly workflows for automation that doesn't require Zapier.
  </Card>

  <Card title="Rootly API" icon="code" href="/api-reference/overview">
    The full API reference — all endpoints Zapier actions call are documented here.
  </Card>

  <Card title="Rootly on Zapier" icon="arrow-up-right-from-square" href="https://zapier.com/apps/rootly/integrations">
    Browse all available Rootly triggers and actions in the Zapier app directory.
  </Card>
</CardGroup>


# Zendesk
Source: https://docs.rootly.com/integrations/zendesk

Connect Rootly with Zendesk to automatically create and update tickets from incidents, and receive Zendesk ticket events as Rootly alerts.

## Introduction

The Zendesk integration connects Rootly with your Zendesk Support account bidirectionally. Rootly can create and update tickets through workflow actions, and Zendesk can send ticket events to Rootly as alerts. You can also install the [Rootly app from the Zendesk Marketplace](https://www.zendesk.com/marketplace/apps/support/995423/rootly/) to manage incidents directly from the Zendesk agent interface.

With the Zendesk integration, you can:

* Automatically create Zendesk tickets when incidents are declared or reach a certain state
* Update ticket subject, priority, status, and custom fields as incidents evolve
* Link Zendesk tickets to Jira issues via a dedicated workflow action
* Receive Zendesk ticket events as Rootly alerts to trigger on-call workflows
* Create Rootly incidents and view active incidents directly from within Zendesk (Marketplace app)

## Before You Begin

Before setting up the integration, make sure you have:

* A Rootly account with admin permission to manage integrations
* A Zendesk Support account with admin access
* Your Zendesk subdomain (the part before `.zendesk.com`)

<Callout icon="user-shield">
  We recommend installing with a dedicated Zendesk service account so the integration does not break if an individual user leaves your organization.
</Callout>

## Installation

<Steps>
  <Step title="Open the Zendesk integration in Rootly" icon="plug">
    Navigate to the integrations page in Rootly and select **Zendesk**.
  </Step>

  <Step title="Enter your subdomain and authorize" icon="key">
    Enter your Zendesk **Subdomain** (e.g. `yourcompany` for `yourcompany.zendesk.com`) and click **Connect**. You will be redirected to Zendesk to authorize the integration.

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Rootly requests the following OAuth scopes:

    | Scope            | Purpose                                     |
    | ---------------- | ------------------------------------------- |
    | `users:read`     | Read user profile information               |
    | `tickets:write`  | Create and update tickets                   |
    | `webhooks:write` | Register a webhook to receive ticket events |
    | `triggers:write` | Create triggers to send events to Rootly    |

    <Frame>
      <img alt="Document Image" />
    </Frame>

    Once authorized, Rootly automatically registers a webhook and trigger in your Zendesk account to deliver ticket events.

    <Callout icon="circle-check">
      After installation, the **Create a Zendesk Ticket**, **Update a Zendesk Ticket**, and **Create a Zendesk-Jira Link** workflow actions are available in your Genius workflows. Zendesk ticket events will also appear as alerts in Rootly.
    </Callout>
  </Step>
</Steps>

## Workflow Actions

### Create a Zendesk Ticket

This action creates a new ticket in Zendesk.

| Field                     | Description                                                                    | Required |
| ------------------------- | ------------------------------------------------------------------------------ | -------- |
| **Name**                  | Display name for this workflow action                                          |          |
| **Type**                  | Ticket type: `problem`, `incident`, `question`, or `task`                      | Yes      |
| **Subject**               | Ticket subject line. Defaults to `{{ incident.title }}`. Supports Liquid       | Yes      |
| **Comment**               | Ticket body. Supports Liquid. Defaults to `"Updated from rootly.com"` if blank |          |
| **Priority**              | Ticket priority. **Auto** mirrors the incident severity                        |          |
| **Status**                | Ticket status. **Auto** mirrors the incident status                            |          |
| **Tags**                  | Comma-separated tags. Only applied on creation, not updates. Supports Liquid   |          |
| **Custom Fields Mapping** | JSON array of custom field objects. Supports Liquid                            |          |
| **Ticket Payload**        | Advanced JSON merged into the Zendesk ticket payload. Supports Liquid          |          |

<Callout icon="triangle-exclamation">
  Tags are only applied on ticket **creation**. They are not updated when using the Update a Zendesk Ticket action.
</Callout>

**Priority mapping (Auto)**

| Rootly Severity | Zendesk Priority |
| --------------- | ---------------- |
| Critical        | Urgent           |
| High            | High             |
| Medium          | Normal           |
| Low             | Low              |

**Status mapping (Auto)**

| Rootly Status | Zendesk Status |
| ------------- | -------------- |
| Started       | Open           |
| Mitigated     | Solved         |
| Resolved      | Solved         |

Available statuses: New, Open, Pending, Hold, Solved, Closed.

***

### Update a Zendesk Ticket

This action updates an existing Zendesk ticket.

<Callout icon="info">
  When a **Create a Zendesk Ticket** action runs, Rootly stores the resulting ticket ID on the incident record. Reference it in subsequent update actions using Liquid variables.
</Callout>

| Field                     | Description                                                 | Required |
| ------------------------- | ----------------------------------------------------------- | -------- |
| **Name**                  | Display name for this workflow action                       |          |
| **Ticket ID**             | Zendesk ticket ID to update. Supports Liquid                | Yes      |
| **Subject**               | Updated ticket subject. Supports Liquid                     |          |
| **Priority**              | Updated priority                                            |          |
| **Status**                | Updated ticket status                                       |          |
| **Custom Fields Mapping** | Updated custom field values as JSON                         |          |
| **Ticket Payload**        | Advanced JSON merged into the Zendesk ticket update payload |          |

***

### Create a Zendesk-Jira Link

This action links a Zendesk ticket to a Jira issue using the Zendesk-Jira integration.

| Field                 | Description                                             | Required |
| --------------------- | ------------------------------------------------------- | -------- |
| **Name**              | Display name for this workflow action                   |          |
| **Jira Issue ID**     | Numeric ID of the Jira issue. Supports Liquid           | Yes      |
| **Jira Issue Key**    | Key of the Jira issue (e.g. `ENG-123`). Supports Liquid | Yes      |
| **Zendesk Ticket ID** | Zendesk ticket ID to link. Supports Liquid              | Yes      |

***

## Inbound Events (Zendesk → Rootly)

When the integration is installed, Rootly registers a webhook and trigger in Zendesk to receive ticket events. Each event creates a Rootly alert with the following fields:

| Rootly Alert Field | Zendesk Source                |
| ------------------ | ----------------------------- |
| Summary            | `[New ticket] {ticket.title}` |
| External ID        | `ticket.id`                   |

Alert labels:

| Label      | Zendesk Field         |
| ---------- | --------------------- |
| `id`       | `ticket.id`           |
| `type`     | `ticket.type`         |
| `priority` | `ticket.priority`     |
| `account`  | `ticket.account.name` |

***

## Zendesk Marketplace App

The [Rootly app for Zendesk](https://www.zendesk.com/marketplace/apps/support/995423/rootly/) brings Rootly directly into the Zendesk agent interface. With the Marketplace app, agents can:

* Create Rootly incidents directly from a Zendesk ticket

<Frame>
  <img alt="Document Image" />
</Frame>

* View, search, and attach recent Rootly incidents in Zendesk

<Frame>
  <img alt="Document Image" />
</Frame>

* View active or related Rootly incidents and attach them to the Zendesk ticket

<Frame>
  <img alt="Document Image" />
</Frame>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Ticket creation is failing" icon="circle-exclamation">
    Verify that the authorized Zendesk account has permission to create tickets. If the type is `incident`, check that your Zendesk plan supports incident-type tickets. Confirm the subject field is not empty.
  </Accordion>

  <Accordion title="Tags are not appearing on updated tickets" icon="tag">
    Tags are only set during ticket creation. To manage tags on existing tickets, use the **Ticket Payload** field to send a tags update directly in the Zendesk API format.
  </Accordion>

  <Accordion title="Zendesk ticket events are not appearing as Rootly alerts" icon="bell">
    Confirm the webhook and trigger were registered successfully during installation. In Zendesk, check **Settings > Webhooks** and **Business Rules > Triggers** to verify Rootly entries exist and are active.
  </Accordion>
</AccordionGroup>

## Uninstall

To remove the Zendesk integration, open the integrations panel in Rootly and select **Configure > Delete**. Rootly will remove the registered webhook and trigger from your Zendesk account on deletion.


# Installation
Source: https://docs.rootly.com/integrations/zoom/installation

Connect your Zoom account to Rootly via OAuth to enable automatic meeting creation during incidents, with links shared in Slack and Teams channels.

## Before You Begin

<Callout icon="triangle-exclamation">
  We recommend performing the installation with a **shared service account** (e.g., `incidents@yourcompany.com`) rather than a personal account. This ensures the integration continues working if someone leaves the company. Ensure you are logged in as an **Admin** in Rootly.
</Callout>

## Connect Your Zoom Account

To connect Zoom to Rootly, you will authorize Rootly via OAuth. This grants Rootly the permissions it needs to create and manage meetings on your behalf.

<Steps>
  <Step title="Open Rootly Integrations">
    Navigate to **Configuration → Integrations** in Rootly.

    <Frame>
      <img alt="Configuration menu showing Integrations option in Rootly sidebar" />
    </Frame>
  </Step>

  <Step title="Find and set up Zoom">
    Search for **Zoom** and click **Setup**.

    <Frame>
      <img alt="Zoom integration card in Rootly integrations catalog" />
    </Frame>
  </Step>

  <Step title="Sign in to Zoom">
    Select your sign-in method — Google, SSO, or email and password.

    <Frame>
      <img alt="Zoom sign-in method selection screen" />
    </Frame>
  </Step>

  <Step title="Select your account">
    Choose the Zoom account you want to connect to Rootly.

    <Frame>
      <img alt="Account selection for Zoom sign-in" />
    </Frame>
  </Step>

  <Step title="Create or confirm your Zoom account">
    If no Zoom account exists for this email, you will be prompted to create one.

    <Frame>
      <img alt="Zoom account creation prompt" />
    </Frame>

    <Frame>
      <img alt="Zoom account setup confirmation" />
    </Frame>
  </Step>

  <Step title="Authorize Rootly">
    Review and accept the OAuth permissions to grant Rootly access to your Zoom account.

    <Frame>
      <img alt="Zoom OAuth permission request for Rootly" />
    </Frame>
  </Step>

  <Step title="Confirm connection">
    You will be redirected back to Rootly with a success message. The integration status will show **Connected** with your Zoom account email.

    <Frame>
      <img alt="Zoom integration successfully connected in Rootly" />
    </Frame>
  </Step>
</Steps>

<Callout icon="circle-check">
  Your Zoom account is now connected to Rootly. You can configure meeting name defaults and recording preferences from the integration settings page.
</Callout>

## OAuth Scopes

Rootly requests the following Zoom permissions during authorization:

| Scope           | Purpose                                            |
| --------------- | -------------------------------------------------- |
| `meeting:write` | Create meetings on behalf of the connected account |
| `meeting:read`  | Read meeting details to generate join links        |
| `user:read`     | Read user information to assign hosts              |
| `user_zak:read` | Required by Zoom SDK — not actively used by Rootly |

## Uninstall

**In Rootly:**

1. Go to **Configuration → Integrations** and find **Zoom**
2. Click the **Connected** button to reveal the disconnect option
3. Click **Delete**

<Frame>
  <img alt="Click the Connected button to reveal the Disconnect option" />
</Frame>

**In Zoom** (to fully revoke access):

1. Log in to your Zoom account and navigate to the **Zoom App Marketplace**
2. Click **Manage → Apps on Account** or search for the Rootly app
3. Click the Rootly app and select **Remove** or **Disable**


# Workflows
Source: https://docs.rootly.com/integrations/zoom/workflows

Automate Zoom meeting creation during incidents in Rootly with Smart Defaults or custom workflows, including waiting rooms, recordings, and attendee links.

## Overview

Rootly workflows automatically create Zoom meeting rooms when incidents occur. You can use the built-in **Auto-Create Incident Call** setting for quick setup, or build a **custom workflow** when you need conditional logic, specific triggers, or advanced routing.

<Callout icon="circle-info">
  Rootly enforces one Zoom meeting per incident. Running the same automation multiple times updates the existing link rather than creating a new one. For additional meetings, create a sub-incident.
</Callout>

## Option 1: Auto-Create Incident Call

The Auto-Create Incident Call setting lets you automatically generate a Zoom meeting when an incident begins — no workflow required.

<Frame>
  <img alt="Auto-Create Incident Call settings panel" />
</Frame>

Configure the following options directly in the integration settings:

| Setting                                | Description                                                |
| -------------------------------------- | ---------------------------------------------------------- |
| **Create Zoom Call on Incident Start** | Automatically spin up a meeting when an incident opens     |
| **Meeting Name**                       | Default or custom name using Liquid variables              |
| **Bookmark in Slack**                  | Add the meeting link as a bookmark in the incident channel |
| **Notify Slack Channels**              | Announce new calls in specific Slack channels              |
| **Record Call**                        | Enable automatic recording — None, Local, or Cloud         |
| **Specify Host**                       | Assign a specific host by email                            |
| **AI Meeting Capture**                 | Enable transcription and AI-generated meeting summaries    |
| **Bot Recording**                      | Start recording automatically without host approval        |

<Callout icon="circle-info">
  Use Auto-Create for quick setup. Build a custom workflow when you need conditions, specific triggers, or advanced routing.
</Callout>

## Option 2: Custom Workflow

For more control — such as only creating meetings for SEV-1 incidents or routing to specific hosts — build a custom Incident workflow.

<Steps>
  <Step title="Open workflow creation">
    Navigate to **Workflows** in Rootly and click **Create Workflow**.

    <Frame>
      <img alt="Create Workflow button in Rootly" />
    </Frame>
  </Step>

  <Step title="Choose workflow type">
    Select **Incident** as the workflow type.

    <Frame>
      <img alt="Workflow type selection" />
    </Frame>
  </Step>

  <Step title="Configure triggers">
    Choose when the workflow fires. Common triggers for Zoom meeting creation:

    <Frame>
      <img alt="Trigger configuration panel" />
    </Frame>

    | Trigger                     | When it fires                                               |
    | --------------------------- | ----------------------------------------------------------- |
    | **Incident Created**        | Creates a Zoom call as soon as a new incident opens         |
    | **Incident Status Changed** | Creates a call when the incident moves to a specific status |
    | **Commander Assigned**      | Creates a call once someone takes ownership of the incident |
    | **Manual Trigger**          | Run the workflow on demand from the UI                      |
  </Step>

  <Step title="Add conditions (optional)">
    Use conditions to control when the workflow should run after triggering.

    <Frame>
      <img alt="Condition configuration panel" />
    </Frame>

    Common patterns:

    * **Severity filter** — Only create calls for SEV-1 or SEV-2 incidents
    * **Team filter** — Only for incidents affecting specific teams
    * **Incident type** — Only when Kind is set to **Incident**
  </Step>

  <Step title="Add the Create Zoom Room action">
    Click **Add Action**, search for **Zoom**, and select **Create Room**.

    <Frame>
      <img alt="Zoom Create Room action in workflow builder" />
    </Frame>

    Configure the action fields:

    | Field                  | Description                                                                     |
    | ---------------------- | ------------------------------------------------------------------------------- |
    | **Meeting Name**       | The Zoom meeting title. Supports Liquid syntax. Defaults to the incident title. |
    | **Password**           | Optional meeting password. Leave blank to let Rootly generate a secure one.     |
    | **Create as User**     | Email of the Zoom account to create the meeting as. Supports Liquid syntax.     |
    | **Alternative Hosts**  | Additional host email addresses. Must be existing Zoom accounts.                |
    | **Auto Recording**     | `None`, `Local`, or `Cloud`. Can also be started manually during the meeting.   |
    | **AI Meeting Capture** | Enable transcription and AI-generated meeting summaries.                        |
    | **Slack Channels**     | Slack channels to post the meeting link to.                                     |

    <Callout icon="circle-info">
      For **Create as User**, use the incident creator's email via Liquid syntax, or set a dedicated service account like `zoom@yourcompany.com` to ensure meetings are always owned by a known account.
    </Callout>
  </Step>

  <Step title="Save the workflow">
    Name the workflow clearly (e.g., `Create Zoom Call for SEV-1 Incidents`) and click **Create Workflow**.
  </Step>
</Steps>

## Variable Reference

Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to test variables with real incident data.

### Zoom Variables

| Variable                    | Description                   |
| --------------------------- | ----------------------------- |
| `incident.zoom_meeting_url` | Link to join the Zoom meeting |
| `incident.zoom_meeting_id`  | Unique Zoom meeting ID        |

### Incident Variables

| Variable                      | Description                    |
| ----------------------------- | ------------------------------ |
| `incident.title`              | Incident title                 |
| `incident.summary`            | Incident description           |
| `incident.severity`           | Severity level                 |
| `incident.status`             | Current status                 |
| `incident.started_at`         | When the incident started      |
| `incident.creator.name`       | Incident creator's name        |
| `incident.creator.email`      | Incident creator's email       |
| `incident.commander.email`    | Incident commander's email     |
| `incident.slack_channel_name` | Incident Slack channel name    |
| `incident.url`                | Link to the incident in Rootly |

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I create multiple Zoom meetings for one incident?" icon="layer-group">
    Rootly enforces one Zoom meeting per incident. If you need additional meetings, declare a sub-incident from the main incident and create a separate Zoom link for it.
  </Accordion>

  <Accordion title="The Zoom meeting was created but not posted to Slack" icon="circle-exclamation">
    Ensure the **Slack Channels** field in the workflow action is configured with the correct channel. You can use Liquid syntax to reference the incident channel dynamically. Also confirm the Slack integration is connected under **Configuration → Integrations**.
  </Accordion>

  <Accordion title="How do I use Liquid variables in meeting names?" icon="code">
    The Meeting Name field supports Liquid syntax. Use the [Liquid Variable Explorer](https://rootly.com/account/help/liquid-explorer) to preview available variables. Common examples include the incident title, severity, and ID.
  </Accordion>

  <Accordion title="What happens if the Create as User email is not a Zoom account?" icon="triangle-exclamation">
    The meeting creation will fail if the email is not associated with a valid Zoom account. Use a dedicated service account email or verify the Liquid variable resolves to a known Zoom user.
  </Accordion>
</AccordionGroup>


# Zoom
Source: https://docs.rootly.com/integrations/zoom/zoom

Automatically create Zoom meetings for Rootly incidents and share meeting links in Slack channels and notifications for fast responder collaboration.

## Overview

Rootly's Zoom integration automatically creates a Zoom meeting when an incident starts and posts the link directly in the incident's Slack channel. Responders can join instantly without manual setup — no time wasted creating or sharing meeting links during a critical incident.

<Frame>
  <img alt="Zoom integration connected in Rootly" />
</Frame>

## Features

<CardGroup>
  <Card title="Instant Meetings" icon="bolt">
    Zoom calls created automatically when incidents start.
  </Card>

  <Card title="Slack Integration" icon="comments">
    Meeting links posted directly in the incident Slack channel.
  </Card>

  <Card title="Recording Options" icon="circle-dot">
    Configure local or cloud recording and AI meeting capture.
  </Card>

  <Card title="Customizable Behavior" icon="gear">
    Configure triggers, conditions, hosts, and recording options per workflow.
  </Card>
</CardGroup>

## Next Steps

<CardGroup>
  <Card title="Installation" icon="plug" href="/integrations/zoom/installation">
    Connect your Zoom account to Rootly via OAuth.
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/integrations/zoom/workflows">
    Configure automatic meeting creation for incidents.
  </Card>
</CardGroup>


# Action Item Variables
Source: https://docs.rootly.com/liquid/action-item-variables

Reference guide for action item variables available in Liquid templates for Rootly Genius workflows, integration formatting, and follow-up automation.

You can use action item variables with genius workflows:

# Variables

<Note>
  Use our new [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer) to navigate through all action item variables.
</Note>

We are using [Liquid](https://shopify.github.io/liquid/) template language and available variables are:

```ruby Ruby theme={null}
{{ action_item.id }} # returns string (uuid)
{{ action_item.summary }} # returns string
{{ action_item.description }} # returns string
{{ action_item.status }} # returns string
{{ action_item.priority }} # returns integer
{{ action_item.due_date }} # returns datetime
{{ action_item.url }} # returns string
{{ action_item.short_url }} # returns string
{{ action_item.created_at }} # returns datetime
{{ action_item.updated_at }} # returns datetime
{{ action_item.creator }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ action_item.assigned_to }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}

# Integrations

{{ action_item.jira_issue_id }} # returns string
{{ action_item.jira_issue_key }} # returns string
{{ action_item.jira_issue_url }} # returns string
{{ action_item.asana_task_id }} # returns string
{{ action_item.asana_task_url }} # returns string
# DEPRECATED {{ action_item.clubhouse_task_id }} # returns string (use shortcut_task_id)
# DEPRECATED {{ action_item.clubhouse_task_url }} # returns string (use shortcut_task_url)
{{ action_item.shortcut_story_id }} # returns string
{{ action_item.shortcut_story_url }} # returns string
{{ action_item.shortcut_task_id }} # returns string
{{ action_item.shortcut_task_url }} # returns string
{{ action_item.trello_card_id }} # returns string
{{ action_item.trello_card_url }} # returns string
{{ action_item.trello_check_item_id }} # returns string
{{ action_item.trello_check_item_url }} # returns string
{{ action_item.linear_issue_id }} # returns string
{{ action_item.linear_issue_key }} # returns string
{{ action_item.linear_issue_url }} # returns string
{{ action_item.zendesk_ticket_id }} # returns string
{{ action_item.zendesk_ticket_url }} # returns string
{{ action_item.service_now_case_id }} # returns string
{{ action_item.service_now_case_url }} # returns string
{{ action_item.airtable_base_key }} # returns string
{{ action_item.airtable_table_name }} # returns string
{{ action_item.airtable_record_id }} # returns string
{{ action_item.airtable_record_url }} # returns string
{{ action_item.freshservice_ticket_id }} # returns string
{{ action_item.freshservice_ticket_url }} # returns string
{{ action_item.freshservice_task_id }} # returns string
{{ action_item.freshservice_task_url }} # returns string
```

# Examples

```ruby Ruby theme={null}
action-item-{{ action_item.created_at | date: "%Y%m%d" }}
# Will result in: action-item-20210412
```


# Alert Variables
Source: https://docs.rootly.com/liquid/alert-variables

Reference for alert variables available in Liquid templates used by alert workflows, message templates, and other Liquid-rendered surfaces.

You can use alert variables in different parts of our application like:

* Alert workflow actions
* Slack and email message templates triggered by alerts
* Custom alert description templates

<Note>
  Alert routing rules use JSONPath and Alert Field conditions, not Liquid templates — see [Alert Routing](/alerts/alert-routing) for routing condition syntax.
</Note>

<Note>
  Use our [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer) to navigate through all alert variables against real alert data.
</Note>

We are using [Liquid](https://shopify.github.io/liquid/) template language and the variables below are available wherever an alert is in scope.

## Core

```ruby Ruby theme={null}
{{ alert.id }} # returns string (uuid)
{{ alert.short_id }} # returns string
{{ alert.summary }} # returns string
{{ alert.description }} # returns string
{{ alert.status }} # returns string — see Alert Statuses for the supported values
{{ alert.url }} # returns string — link to the alert in Rootly
{{ alert.created_at }} # returns datetime
```

## Source & External Links

```ruby Ruby theme={null}
{{ alert.source }} # returns string — name of the alert source (e.g., "datadog", "generic_webhook")
{{ alert.external_id }} # returns string — vendor-side identifier
{{ alert.external_url }} # returns string — link back to the originating monitor / alert
{{ alert.data }} # returns the raw inbound webhook payload as a JSON object
```

## Urgency

```ruby Ruby theme={null}
{{ alert.alert_urgency }} # returns object eg. {"id":"...", "name":"High", "description":"...", "team_id":...}
{{ alert.alert_urgency.id }} # returns string
{{ alert.alert_urgency.name }} # returns string
{{ alert.alert_urgency.description }} # returns string
```

## Responders & State Changes

```ruby Ruby theme={null}
{{ alert.responders }} # returns array of user objects (whoever was paged for the alert)
{{ alert.acknowledged_by }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ alert.resolved_by }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
```

## Groups

Populated when alert grouping is configured.

```ruby Ruby theme={null}
{{ alert.groups }} # returns array of group objects the alert was grouped into
{{ alert.group_ids }} # returns array of string ids
{{ alert.group_slugs }} # returns array of slugs
{{ alert.raw_groups }} # returns array of full group objects with associations
```

## Linked Incidents

```ruby Ruby theme={null}
{{ alert.incidents }} # returns array of incident objects this alert is linked to
```

## Timeline

```ruby Ruby theme={null}
{{ alert.timeline }} # returns array of alert event objects (acknowledgements, escalations, resolution)
```

## Examples

Reaching into the raw webhook payload — the exact path depends on the source's payload shape, which you can inspect in the Liquid Explorer:

```ruby Ruby theme={null}
{{ alert.data | get: 'priority' }}
```

Building an urgency-aware Slack message:

```ruby Ruby theme={null}
*{{ alert.alert_urgency.name }}* — {{ alert.summary }}
Created at {{ alert.created_at | in_time_zone: 'America/New_York' | date: '%H:%M %Z' }}
{% if alert.acknowledged_by %}Acknowledged by {{ alert.acknowledged_by.name }}{% endif %}
```

Linking back to the originating monitor:

```ruby Ruby theme={null}
View in source: {{ alert.external_url }}
```


# Available Liquid Filters
Source: https://docs.rootly.com/liquid/filters

Comprehensive reference of built-in and custom Liquid filters for data manipulation, formatting, and string processing in Rootly workflows.

Rootly registers the filters below on top of the [standard Liquid filters](https://shopify.github.io/liquid/). Use them anywhere you can author a Liquid template — workflow tasks, message templates, post-mortem templates, custom field templates, and the in-product Liquid Explorer.

## Lookups & Filtering

### find

* `find: arg1, 'arg2'`
  * `arg1`. String
  * `arg2`. String

```js JS theme={null}
// Pretending object is the following object [{"id": "apple"}, {"id": "banana"}]
{{ object | find: 'id', 'banana' }}
// Output
// {"id": "banana"}
```

### where

Filters an array, returning every element that matches. Pair with `find` (returns the first match) when you need all results.

* `where: 'arg1', 'arg2'`
  * `arg1`. String — key path, dot-separated for nested lookups
  * `arg2`. String (optional) — when omitted, keeps elements where `arg1` is truthy

```js JS theme={null}
// Pretending object is [{"role":"commander","name":"Alice"},{"role":"commander","name":"Bob"},{"role":"scribe","name":"Cara"}]
{{ object | where: 'role', 'commander' }}
// Output
// [{"role":"commander","name":"Alice"},{"role":"commander","name":"Bob"}]

{{ incident.subscribers | where: 'role', 'commander' | size }}
// Count of commanders subscribed to the incident
```

### get

* `get: 'arg'`
  * `arg`. String

```js JS theme={null}
// Pretending object is the following object {"id": "id", "incident": {"title": "Something is on fire!"}}
{{ object | get: 'incident.title' }}
// Output
// Something is on fire!
```

### slice

* `slice: '\*arg'`
  * `arg`. String
  * ... As many args as you need

```js JS theme={null}


// Pretending object is the following object {"key": "hello", "value": "world", "foo": "bar"}

{{ object | slice: 'key' }}

// Output
// {"key": "hello"}

{{ object | slice: 'key', 'foo' }}

// Output
// {"key": "hello", "foo": "bar"}
```

## Arrays & Hashes

### flatten

* flatten

```js JS theme={null}

// Pretending object is the following object \["1", "2", \["3"\]\]
{{ object | flatten }}
// Output
// \["1","2","3"\]
```

### push

Appends a value to the end of an array. A comma-separated string is split into an array first.

* `push: 'arg'`
  * `arg`. String

```js JS theme={null}
{{ '1,2,3' | push: '4' }}
// Output
// ["1", "2", "3", "4"]
```

### pop

Removes the last `n` elements from an array.

* `pop: arg`
  * `arg`. Integer (default `1`)

```js JS theme={null}
{{ '1,2,3,4' | pop: 2 }}
// Output
// ["1", "2"]
```

### shift

Removes the first `n` elements from an array.

* `shift: arg`
  * `arg`. Integer (default `1`)

```js JS theme={null}
{{ '1,2,3,4' | shift: 2 }}
// Output
// ["3", "4"]
```

### unshift

Prepends a value to the start of an array. A comma-separated string is split into an array first.

* `unshift: 'arg'`
  * `arg`. String

```js JS theme={null}
{{ '2,3,4' | unshift: '1' }}
// Output
// ["1", "2", "3", "4"]
```

### keys

Returns the keys of a hash as an array. Useful for iterating slug-keyed objects like `team.services`, `team.functionalities`, and `team.groups`.

* `keys`

```js JS theme={null}
// Pretending team.services is {"api": {...}, "web": {...}}
{{ team.services | keys }}
// Output
// ["api", "web"]

{% for slug in team.services | keys %}- {{ slug }}
{% endfor %}
```

### values

Returns the values of a hash as an array.

* `values`

```js JS theme={null}
{{ team.services | values | size }}
// Number of services on the team
```

### to\_values

* `to_values: 'key'`
  * `key` is optional

```js JS theme={null}

// Pretending object is the following object {"key": "hello", "value": "world"}
{{ object | to_values }}

// Output
// \[{"value":"world"}\]

{{ object | to_values: 'key' }}

// Output
// \[{"value":"hello"}\]
```

## JSON

### to\_json

Also available as `json`.

* `to_json`

```js JS theme={null}
// Pretending object is the following object [{"key": "hello", "value": "world"}]
{{ object | to_json }}
// Output
// [{"key":"hello","value":"world"}]
```

### parse\_json

Parses a JSON string into a hash or array — the inverse of `to_json`. Useful when an alert payload field arrives as a stringified JSON blob.

* `parse_json`

```js JS theme={null}
{{ '{"key":"hello"}' | parse_json | get: 'key' }}
// Output
// hello

{{ alert.data.body | parse_json | get: 'severity' }}
// Reach into a stringified JSON payload nested in alert data
```

Returns the input unchanged if it can't be parsed.

## Dates & Time

### smart\_date

* `smart_date: 'arg'`
  * `arg`. String
* This is using [https://github.com/mojombo/chronic](https://github.com/mojombo/chronic) under the hood.

```js JS theme={null}


{{ 'now' | smart_date: 'tomorrow' }}
// Output
// 2023-06-29 12:00:00 -0700
```

### date\_add

* `date_add: amount, 'date_part'`
  * `amount`. Integer (positive to add, negative to subtract)
  * `date_part`. String - one of: year, month, day, hour, minute, second, millisecond (plurals supported)

Adds a specified amount of time to a date. Works with 'now', 'today', ISO date strings, Time, and Date objects.

```js JS theme={null}
{{ 'now' | date_add: 1, 'day' | date: '%Y-%m-%d' }}
// Output
// 2023-06-30 (tomorrow)

{{ '2023-06-29T10:30:00Z' | date_add: 2, 'hours' | date: '%Y-%m-%d %H:%M' }}
// Output  
// 2023-06-29 12:30

{{ incident.target_resolve_date | date_add: -30, 'minutes' }}
// Output
// 30 minutes before the target resolve date
```

### date\_minus

* `date_minus: amount, 'date_part'`
  * `amount`. Integer (positive to subtract, negative to add)
  * `date_part`. String - one of: year, month, day, hour, minute, second, millisecond (plurals supported)

Subtracts a specified amount of time from a date. Works with 'now', 'today', ISO date strings, Time, and Date objects.

```js JS theme={null}
{{ 'now' | date_minus: 7, 'days' | date: '%Y-%m-%d' }}
// Output
// 2023-06-22 (a week ago)

{{ incident.created_at | date_minus: 1, 'hour' | date: '%Y-%m-%d %H:%M' }}
// Output
// 1 hour before the incident was created

{{ 'today' | date_minus: 6, 'months' }}
// Output
// 6 months ago
```

### to\_iso8601

* `to_iso8601`

```js JS theme={null}
// Pretending object is the following datetime
{{ object | to_iso8601 }}
// Output
// 2023-06-29T12:00:00-07:00
```

### to\_utc

* `to_utc`

Converts a date to UTC timezone. Works with 'now', 'today', ISO date strings, Time, and Date objects.

```js JS theme={null}
{{ incident.started_at | to_utc | date: '%Y-%m-%d %H:%M:%S' }}
// Output
// 2023-06-29 15:30:00 (converted to UTC)

{{ 'now' | to_utc | date: '%Y-%m-%d %H:%M:%S UTC' }}
// Output  
// 2023-06-29 19:45:23 UTC

{{ '2023-06-29T10:30:00-05:00' | to_utc | date: '%Y-%m-%d %H:%M:%S' }}
// Output
// 2023-06-29 15:30:00
```

Useful for synchronizing incident timestamps with timeline values, ensuring all dates display in UTC regardless of user timezone.

### in\_time\_zone

* ` in_time_zone: 'time_zone'`
  * `time_zone`. Any timezone listed in [Timezones](/liquid/timezones)

```js JS theme={null}

{{ now | in_time_zone: 'Europe/London' | date: '%Y-%m-%d %H:%M %Z' }}
```

See [Timezones](/liquid/timezones) for available values

### distance\_of\_time\_in\_words

* `distance_of_time_in_words: 'arg', 'precise'`
  * `arg`. String (optional)
  * `precise`. String (optional)

```js JS theme={null}
{{ 3720 | distance_of_time_in_words }}
// Output
// about 1 hour
{{ 3720 | distance_of_time_in_words: 0, 'precise' }}
// Output
// 1 hour and 2 minutes
{{ 'May 1, 2020' | distance_of_time_in_words: 'May 31, 2020' }}
// Output
// about 1 month
{{ 'May 1, 2020' | distance_of_time_in_words: 'May 31, 2020', 'precise' }}
// Output
// 4 weeks and 2 days
```

### distance\_of\_time\_in\_words\_to\_now

* `distance_of_time_in_words_to_now: 'precise'`
  * `precise`. String (optional)

```js JS theme={null}
{{ 'May 1, 2020' | distance_of_time_in_words_to_now }}
// Output
// over 2 years
{{ 'May 1, 2020' | distance_of_time_in_words_to_now: 'precise' }}
// Output
// 2 years and 7 months
```

## Tables

### to\_table

* `to_table: 'table_type', 'title', 'time_zone', 'format'`
  * `table_type`. String — `events` or `action_items`
  * `title`. String — table heading
  * `time_zone`. String — any timezone listed in [Timezones](/liquid/timezones)
  * `format`. String — `ascii`, `markdown`, `html`, or `atlassian_markdown`

The `events` type renders timeline columns: Date, User, Event. The `action_items` type renders: Creation Date, Due Date, Kind, Priority, Status, Assignee, Summary.

```js JS theme={null}
{{ incident.events | to_table: 'events', 'Timeline', 'America/Los_Angeles', 'markdown' }}

{{ incident.action_items | to_table: 'action_items', 'Action Items', 'UTC', 'atlassian_markdown' }}
```

## Regex

### regex\_match

Find first match and return array with full match and capture groups

* `regex_match: 'regex', 'flags'`
  * `regex` a ruby regular expression
  * `flags` optional string with regex flags: 'i' (case insensitive), 'm' (multiline), 'x' (extended)

```js JS theme={null}
{{ 'Key1: value1' | regex_match: 'Key(\d+): (.+)' | first }}
// Output
// Key1: value1

{{ 'Key1: value1' | regex_match: 'Key(\d+): (.+)' | last }}
// Output  
// value1

{{ 'user@example.com' | regex_match: '(\w+)@(\w+\.\w+)' | size }}
// Output
// 3 (full match + 2 capture groups)
```

```js JS theme={null}
// Case insensitive matching
{{ 'HELLO world' | regex_match: 'hello', 'i' | first }}
// Output
// HELLO

// Multiline matching  
{{ "Line 1\nLine 2\nDone" | regex_match: 'line.*done', 'im' | first }}
// Output
// Line 1
// Line 2  
// Done
```

Perfect for extracting data from email alert payloads:

```js JS theme={null}
{{ alert.body | regex_match: 'Severity: (.+)' | last }}
// Extract severity level from alert body

{{ alert.body | regex_match: 'Host: ([\w\.-]+)' | last }}  
// Extract hostname from alert
```

### regex\_match\_all

Find all matches and return array of results

* `regex_match_all: 'regex', 'flags'`
  * `regex` a ruby regular expression
  * `flags` optional string with regex flags: 'i' (case insensitive), 'm' (multiline), 'x' (extended)

```js JS theme={null}
{{ 'foo 123 bar 456 baz 789' | regex_match_all: '\d+' | size }}
// Output
// 3

{{ 'foo 123 bar 456 baz 789' | regex_match_all: '\d+' | first }}
// Output
// 123

{{ 'foo 123 bar 456 baz 789' | regex_match_all: '\d+' | last }}
// Output  
// 789
```

```js JS theme={null}
// Extract all email addresses
{{ 'Contact support@example.com or admin@test.org' | regex_match_all: '[\w\.-]+@[\w\.-]+\.\w+' | size }}
// Output
// 2

// Case insensitive matching
{{ 'ERROR: failed, error: timeout' | regex_match_all: 'error: (\w+)', 'i' | first }}
// Output
// failed
```

Ideal for parsing multiple values from alert payloads:

```js JS theme={null}
// Extract all IP addresses from alert body
{{ alert.body | regex_match_all: '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b' }}

// Extract all key-value pairs
{{ alert.body | regex_match_all: 'Key\d+: ([^\n]+)' }}
```

### regex\_replace

Global replace

* `regex_replace: 'regex', 'replacement'`
  * `regexp` a ruby regular expression
  * `replacement` a ruby regular expression

```js JS theme={null}
{{ 'foo bar 123 456' | regex_replace: '\d+', 'baz' }}
// Output
// foo bar baz baz
```

### regex\_replace\_first

First match replace

* `regex_replace_first: 'regex', 'replacement'`
  * `regexp` a ruby regular expression
  * `replacement` a ruby regular expression

```js JS theme={null}
{{ 'foo bar 123 456' | regex_replace_first: '\d+', 'baz' }}
// Output
// foo bar baz 456
```

### regex\_remove

Global match remove

* `regex_remove: 'regex'`
  * `regexp` a ruby regular expression

```js JS theme={null}
{{ 'foo bar 123 456' | regex_remove: '\d+' }}
// Output
// foo bar
```

### regex\_remove\_first

First match remove

* `regex_remove_first: 'regex'`
  * `regexp` a ruby regular expression

```js JS theme={null}
{{ 'foo bar 123 456' | regex_remove_first: '\d+' }}
// Output
// foo bar  456
```

## Slack Helpers

### to\_slack\_markdown

Converts standard Markdown into Slack's mrkdwn flavor (e.g., `**bold**` becomes `*bold*`, link syntax is rewritten, lists are formatted). Use in any task that posts to Slack.

* `to_slack_markdown`

```js JS theme={null}
{{ '**Critical**: payment service is down. See [runbook](https://example.com).' | to_slack_markdown }}
// Output
// *Critical*: payment service is down. See <https://example.com|runbook>.
```

Returns an empty string for non-string inputs.

### format\_text\_for\_slack

Escapes characters that would break a Slack JSON payload — converts double quotes to single quotes and escapes newlines and carriage returns.

* `format_text_for_slack`

```js JS theme={null}
{{ 'She said "hello"
line two' | format_text_for_slack }}
// Output
// She said 'hello'\nline two
```

Use when interpolating user-supplied text into a hand-built Slack Block Kit JSON payload.

## String Manipulation

### dasherize

* `dasherize`

```js JS theme={null}
{{ 'hello_world' | dasherize }}
// Output
// hello-world
```

### parameterize

* `parameterize`
  * `separator` (default to '-')

```js JS theme={null}
{{ 'Hello World' | parameterize }}
// Output
// hello-world
{{ 'Hello World' | parameterize: '_' }}
// Output
// hello_world
```

### camelize

* `camelize`

```js JS theme={null}
{{ 'hello world' | camelize }}
// Output
// Hello world
```

### titleize

* `titleize`

```js JS theme={null}

{{ 'hello world' | titleize }}
// Output
// Hello World
```

### singularize

* `singularize`

```js JS theme={null}
{{ 'cars' | singularize }}
// Output
// car
```

### pluralize

* `pluralize`

```js JS theme={null}
{{ 'car' | pluralize }}
// Output
// cars
```

### humanize

* `humanize`

```js JS theme={null}
{{ '0' | humanize }}
// Output
// No
{{ '1' | humanize }}
// Output
// Yes
{{ 'incident_management' | humanize }}
// Output
// Incident Management
```

### shuffle

* `shuffle`

```js JS theme={null}
{{ '123456789' | shuffle }}
// Output
// 973426581
```

## Encoding

### base64\_encode

Base64-encodes a string using strict encoding (no line breaks).

* `base64_encode`

```js JS theme={null}
{{ 'Aladdin:open sesame' | base64_encode }}
// Output
// QWxhZGRpbjpvcGVuIHNlc2FtZQ==
```

Common use — build a Basic auth header for a workflow HTTP task:

```js JS theme={null}
Authorization: Basic {{ secrets.username | append: ':' | append: secrets.password | base64_encode }}
```

### base64\_decode

Decodes a strict-Base64 string. Raises a Liquid argument error on invalid input.

* `base64_decode`

```js JS theme={null}
{{ 'QWxhZGRpbjpvcGVuIHNlc2FtZQ==' | base64_decode }}
// Output
// Aladdin:open sesame
```

### base64\_url\_safe\_encode

Base64-encodes using the URL-safe alphabet (`-` and `_` instead of `+` and `/`).

* `base64_url_safe_encode`

```js JS theme={null}
{{ 'subjects?ids=1,2,3' | base64_url_safe_encode }}
// Output
// c3ViamVjdHM_aWRzPTEsMiwz
```

### base64\_url\_safe\_decode

Decodes a URL-safe Base64 string.

* `base64_url_safe_decode`

```js JS theme={null}
{{ 'c3ViamVjdHM_aWRzPTEsMiwz' | base64_url_safe_decode }}
// Output
// subjects?ids=1,2,3
```

## Markdown & HTML

### markdown\_to\_html

Renders Markdown to sanitized HTML — useful when an integration expects HTML input (e.g., email templates, webhook payloads).

* `markdown_to_html`

```js JS theme={null}
{{ '# Title

This is **bold** text.' | markdown_to_html }}
// Output
// <h1>Title</h1>
// <p>This is <strong>bold</strong> text.</p>
```

Output is sanitized to a safelist of tags and attributes; links get `rel="nofollow noopener noreferrer"`. Returns an empty string for nil input.

### html\_to\_markdown

Inverse of `markdown_to_html`. Handles most common HTML elements including headings, paragraphs, lists, links, code blocks, and tables.

* `html_to_markdown`

```js JS theme={null}
{{ '<h1>Title</h1><p>This is <strong>bold</strong> text.</p>' | html_to_markdown }}
// Output
// # Title
// 
// This is **bold** text.
```

```js JS theme={null}
{{ '<ul><li>Item 1</li><li>Item 2</li></ul>' | html_to_markdown }}
// Output
// - Item 1
// - Item 2
```

Returns empty string for nil or empty input. Preserves original HTML on conversion errors.

## URLs

### shortener

* `shortener`

```js JS theme={null}
{{ 'https://rootly.com/account/incidents/123456' | shortener }}
// Output
// https://root.ly/1234
```

## AI

### open\_ai\_completion

Sends the input string to OpenAI as the user prompt and returns the completion text. Useful for inline summarization or text transformation directly inside a Liquid template.

* `open_ai_completion`

```js JS theme={null}
{{ alert.description | open_ai_completion }}
// Returns OpenAI's completion using the alert description as the prompt
```

<Tip>
  For most use cases, prefer the dedicated AI workflow tasks (`Create OpenAI Chat Completion`, `Create Anthropic Chat Completion`, etc.) over this filter — they expose model selection, system prompts, temperature, and message history, which this filter does not.
</Tip>

Returns `"something went wrong"` on failure.

## Integration Converters

Rootly's severity, priority, and status enums don't always map 1-to-1 to vendor enums. Converter filters translate a Rootly value to the equivalent vendor value when building HTTP payloads or workflow task arguments. They take no extra arguments unless noted.

```js JS theme={null}
{{ incident.severity | linear_severity_converter }}
// Maps Rootly severity to Linear's severity scale

{{ action_item.priority | clickup_priority_converter }}
// Maps Rootly priority to ClickUp's priority scale
```

| Filter                              | What it converts                                  |
| ----------------------------------- | ------------------------------------------------- |
| `linear_severity_converter`         | Rootly severity → Linear                          |
| `linear_priority_converter`         | Rootly priority → Linear                          |
| `trello_archivation_converter`      | Rootly status → Trello archivation                |
| `asana_completion_converter`        | Rootly status → Asana completion                  |
| `github_completion_converter`       | Rootly status → GitHub issue state                |
| `gitlab_completion_converter`       | Rootly status → GitLab issue state                |
| `shortcut_archivation_converter`    | Rootly status → Shortcut archivation              |
| `shortcut_completion_converter`     | Rootly status → Shortcut completion               |
| `zendesk_severity_converter`        | Rootly severity → Zendesk                         |
| `zendesk_priority_converter`        | Rootly priority → Zendesk                         |
| `zendesk_completion_converter`      | Rootly status → Zendesk (takes a `type` arg)      |
| `service_now_severity_converter`    | Rootly severity → ServiceNow                      |
| `service_now_completion_converter`  | Rootly status → ServiceNow                        |
| `freshservice_severity_converter`   | Rootly severity → Freshservice                    |
| `freshservice_priority_converter`   | Rootly priority → Freshservice                    |
| `freshservice_completion_converter` | Rootly status → Freshservice (takes a `type` arg) |
| `opsgenie_completion_converter`     | Rootly status → Opsgenie (takes a `type` arg)     |
| `clickup_severity_converter`        | Rootly severity → ClickUp                         |
| `clickup_priority_converter`        | Rootly priority → ClickUp                         |
| `motion_severity_converter`         | Rootly severity → Motion                          |
| `motion_priority_converter`         | Rootly priority → Motion                          |


# Incident Variables
Source: https://docs.rootly.com/liquid/incident-variables

Complete reference of all available incident variables for Liquid templating in workflows, Slack formatting, and postmortem templates.

You can use incident variables in different parts of our application like:

* Slack title format
* Postmortem templates
* Genius workflow blocks
* etc.

# Variables

<Note>
  Use our new [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer) to navigate through all incident variables.
</Note>

We are using [Liquid](https://shopify.github.io/liquid/) template language and available variables are:

```ruby Ruby theme={null}
{{ incident.id }} # returns string
{{ incident.sequential_id }} # returns integer
{{ incident.slug }} # returns string
{{ incident.title }} # returns string
{{ incident.summary }} # returns string
{{ incident.status }} # returns string
{{ incident.labels }} # returns array
{{ incident.timeline }} # returns array
{{ incident.timeline_table }} # returns string
{{ incident.timeline_table_markdown }} # returns string
{{ incident.timeline_table_markdown2 }} # returns string
{{ incident.timeline_table_atlassian }} # returns string
# DEPRECATED {{ incident.status_page_timeline }} # returns array
# DEPRECATED {{ incident.status_page_timeline_table }} # returns string
# DEPRECATED {{ incident.status_page_timeline_table_markdown }} # returns string
# DEPRECATED {{ incident.status_page_timeline_table_markdown2 }} # returns string
# See section below for new way
{{ incident.severity }} # returns string
{{ incident.severity_slug }} # returns string
{{ incident.environments }} # returns array
{{ incident.environment_slugs }} # returns array
{{ incident.raw_environments }} # returns array of objects
{{ incident.types }} # returns array
{{ incident.types_slugs }} # returns array
{{ incident.raw_types }} # returns array of objects
{{ incident.services }} # returns array
{{ incident.services_slug }} # returns array
{{ incident.raw_services }} # returns array of objects
{{ incident.functionalities }} # returns array
{{ incident.functionality_slugs }} # returns array
{{ incident.raw_functionalities }} # returns array of objects
{{ incident.groups }} # returns array
{{ incident.group_slugs }} # returns array
{{ incident.raw_groups }} # returns array of objects
{{ incident.created_at }} # returns datetime
{{ incident.started_at }} # returns datetime
{{ incident.detected_at }} # returns datetime
{{ incident.acknowledged_at }} # returns datetime
{{ incident.mitigated_at }} # returns datetime
{{ incident.resolved_at }} # returns datetime
{{ incident.time_to_mitigation }} # returns integer (in hours)
{{ incident.mitigation_message }} # return string
{{ incident.time_to_resolution }} # returns integer (in hours)
{{ incident.resolution_message }} # return string
{{ incident.time_to_detection }} # returns integer (in hours)
{{ incident.detection_duration }} # returns integer (in seconds)
{{ incident.mitigation_duration }} # returns integer (in seconds)
{{ incident.time_to_acknowledge }} # returns integer (in hours)
{{ incident.acknowledge_duration }} # returns integer (in seconds)
{{ incident.duration }} # returns integer (in seconds)
{{ incident.url }} # returns string
{{ incident.short_url }} # returns string
{{ incident.postmortem_url }} # returns string
{{ incident.notify_emails }} # returns array of string
{{ incident.creator }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ incident.in_triage }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ incident.started_by }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ incident.mitigated_by }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ incident.resolved_by }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ incident.cancelled_by }} # returns object eg. {"id":49, "name":"John Doe", "email":"john@acme.com"}
{{ incident.roles }} # returns array of objects eg. [{"incident_role": {"name" : "Commander"}, "user": {name: "John Doe", email: "john@acme.com"}}]
{{ incident.custom_fields }} # returns array of objects eg. [{"custom_fields": {"slug" : "my-custom-field"}, "selected_options": {value: ["Foo", "Bar"]}}]
{{ incident.scheduled_for }} # Returns datetime
{{ incident.scheduled_until }} # Returns datetime

# Integrations
{{ incident.zoom_meeting_id }} # returns string
{{ incident.zoom_meeting_start_url }} # returns string
{{ incident.zoom_meeting_join_url }} # returns string
{{ incident.webex_meeting_id }} # returns string
{{ incident.webex_meeting_url }} # returns string
{{ incident.shortcut_story_id }} # returns string
{{ incident.shortcut_story_url }} # returns string
{{ incident.shortcut_task_id }} # returns string
{{ incident.shortcut_task_url }} # returns string
{{ incident.asana_task_id }} # returns string
{{ incident.asana_task_url }} # returns string
{{ incident.jira_issue_id }} # returns string
{{ incident.jira_issue_key }} # returns string
{{ incident.jira_issue_url }} # returns string
{{ incident.google_meeting_id }} # returns string
{{ incident.google_meeting_url }} # returns string
{{ incident.trello_card_id }} # returns string
{{ incident.trello_card_url }} # returns string
{{ incident.linear_issue_id }} # returns string
{{ incident.linear_issue_key }} # returns string
{{ incident.linear_issue_url }} # returns string
{{ incident.zendesk_ticket_id }} # returns string
{{ incident.zendesk_ticket_url }} # returns string
{{ incident.slack_channel_name }} # returns string
{{ incident.slack_channel_id }} # returns string
{{ incident.slack_channel_url }} # returns string
{{ incident.slack_channel_short_url }} # returns string
{{ incident.slack_channel_deep_link }} # returns string
{{ incident.microsoft_teams_channel_id }} # returns string
{{ incident.microsoft_teams_channel_name }} # returns string
{{ incident.microsoft_teams_channel_url }} # returns string
{{ incident.microsoft_teams_chat_id }} # returns string
{{ incident.microsoft_teams_chat_url }} # returns string
{{ incident.service_now_incident_id }} # returns string
{{ incident.service_now_incident_url }} # returns string
{{ incident.opsgenie_incident_id }} # returns string
{{ incident.opsgenie_incident_url }} # returns string
{{ incident.victor_ops_incident_id }} # returns string
{{ incident.victor_ops_incident_url }} # returns string
{{ incident.pagerduty_incident_id }} # returns string
{{ incident.pagerduty_incident_number }} # returns string
{{ incident.pagerduty_incident_url }} # returns string
{{ incident.mattermost_channel_id }} # returns string
{{ incident.mattermost_channel_name }} # returns string
{{ incident.mattermost_channel_url }} # returns string
{{ incident.confluence_page_id }} # returns string
{{ incident.confluence_page_url }} # returns string
{{ incident.airtable_base_key }} # returns string
{{ incident.airtable_table_name }} # returns string
{{ incident.airtable_record_id }} # returns string
{{ incident.airtable_record_url }} # returns string
{{ incident.google_drive_id }} # returns string
{{ incident.google_drive_url }} # returns string
{{ incident.notion_page_id }} # returns string
{{ incident.notion_page_url }} # returns string
{{ incident.datadog_notebook_id }} # returns string
{{ incident.datadog_notebook_url }} # returns string
{{ incident.freshservice_ticket_id }} # returns string
{{ incident.freshservice_ticket_url }} # returns string
{{ incident.freshservice_task_id }} # returns string
{{ incident.freshservice_task_url }} # returns string
```

# Examples

```ruby Ruby theme={null}
incident-{{ incident.started_at | date: "%Y%m%d" }}-{{ incident.slug }}
# Will result in: incident-20210412-customers-unable-to-place-orders-on-our-website
incident-{{ incident.created_at | date: "%Y%m%d" }}-{{ incident.jira_issue_url | split: "/" | last}}
# Will result in: incident-20210412-ROOT-233
{{ incident.created_at | in_time_zone: "Europe/London" | date: "%Y-%m-%d" }}
# Will result in: 2021-04-12
```

### List Roles

```ruby Ruby theme={null}
{%- for role in incident.roles -%}
  {%- if role.user -%}
    {{ role.incident_role.name }} : {{ role.user.full_name }}
  {%- else -%}
    {{ role.incident_role.name }} : N/A
  {%- endif -%}
{%- endfor -%}

# Will result of:
# Commander: John Doe
# Scriber: N/A
```

### List custom fields

```ruby Ruby theme={null}
# Text Field
{{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options.value' }}

# Select & Multi Select
{{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_options' | map: 'value' }}

# Select & Multi Select using Teams options
{{ incident.custom_fields | find: 'custom_field.slug', 'custom-field-groups' | get: 'selected_groups' | map: 'name' }}

# Select & Multi Select using Services options
{{ incident.custom_fields | find: 'custom_field.slug', 'custom-field-services' | get: 'selected_services' | map: 'name' }}

# Users Field
{{ incident.custom_fields | find: 'custom_field.slug', 'your_custom_field_slug' | get: 'selected_users' | map: 'full_name' }}
```

### List timeline events

```ruby Ruby theme={null}
{% for item in incident.events %}
  {{ item.occurred_at }} - {{ item.event }}
{% endfor %}
```

### Convert timeline events to table

```ruby Ruby theme={null}
# ASCII Table
{{ incident.events | to_table: 'events', 'Hello world', 'America/Los_Angeles' }}
# Returns
# +---------------------------------------------------+
# |                    Hello world                    |
# +------------------------------+----------+---------+
# | Date                         | User     | Event   |
# +------------------------------+----------+---------+
# | December 8 2022 23:04:28 PST | John D   | Event 1 |
# | December 8 2022 23:04:28 PST | Dalyte K | Event 2 |
# +------------------------------+----------+---------+

# Markdown table
{{ incident.events | to_table: 'events', 'Hello world', 'America/Los_Angeles', 'markdown' }}
# Returns
# |                    Hello world                    |
# |------------------------------|----------|---------|
# | Date                         | User     | Event   |
# | December 8 2022 23:04:28 PST | John D   | Event 1 |
# | December 8 2022 23:04:28 PST | Dalyte K | Event 2 |

# Atlassian table
{{ incident.events | to_table: 'events', 'Hello world', 'America/Los_Angeles', 'atlassian_markdown' }}
# Returns
# h2. Hello world

# ||Date||User||Event||
# |December 8 2022 23:04:28 PST|John D|Event 1. [Link|https://dummy]|
# |December 8 2022 23:04:28 PST|Dalyte K|Event 2. [Link|https://dummy]|

# HTML table
{{ incident.events | to_table: 'events', 'Hello world', 'America/Los_Angeles', 'html' }}
# Returns
# <h2>Hello world</h2>

# <table>
#   <tr>
#     <th>Date</th>
#     <th>User</th>
#     <th>Event</th>
#   </tr>
#   <tr>
#      <td>December 8 2022 23:04:28 PST</td>
#      <td>John D</td>
#      <td>Event 1</td>
#   </tr>
#   <tr>
#     <td>December 8 2022 23:04:28 PST</td>
#     <td>Dalyte K</td>
#     <td>Event 2</td>
#   </tr>
# </table>
```

### List action items

```ruby Ruby theme={null}
{% for item in incident.action_items %}
  {{ item.summary }}
  Kind: {{item.kind}}
  Priority: {{item.priority}}
  Status: {{item.status}}
{% endfor %}
```

### Convert action items to table

```ruby Ruby theme={null}
# ASCII Table
{{ incident.action_items | to_table: 'action_items', 'Hello world', 'America/Los_Angeles' }}
# Returns
# +------------------------------------------------------------------------------------------------------------------------+
# |                                                      Hello world                                                       |
# +------------------------------+------------------------------+-----------+----------+--------+----------+---------------+
# | Creation Date                | Due Date                     | Kind      | Priority | Status | Assignee | Summary       |
# +------------------------------+------------------------------+-----------+----------+--------+----------+---------------+
# | December 7 2022 23:04:28 PST | December 8 2022 00:00:00 PST | Task      | Low      | Open   | John D   | Action Item 1 |
# | December 7 2022 23:04:28 PST | December 8 2022 00:00:00 PST | Follow Up | High     | Done   | Dalyte K | Action Item 2 |
# +------------------------------+------------------------------+-----------+----------+--------+----------+---------------+

# Markdown table
{{ incident.action_items | to_table: 'action_items', 'Hello world', 'America/Los_Angeles', 'markdown' }}
# Returns
# |                                                      Hello world                                                       |
# |------------------------------|------------------------------|-----------|----------|--------|----------|---------------|
# | Creation Date                | Due Date                     | Kind      | Priority | Status | Assignee | Summary       |
# | December 7 2022 23:04:28 PST | December 8 2022 00:00:00 PST | Task      | Low      | Open   | John D   | Action Item 1 |
# | December 7 2022 23:04:28 PST | December 8 2022 00:00:00 PST | Follow Up | High     | Done   | Dalyte K | Action Item 2 |

# Atlassian table
{{ incident.action_items | to_table: 'action_items', 'Hello world', 'America/Los_Angeles', 'atlassian_markdown' }}
# Returns
# h2. Hello world
# ||Creation Date||Due Date||Kind||Priority||Status||Assignee||Summary||
# |December 7 2022 23:04:28 PST|December 8 2022 00:00:00 PST|Task|Low|Open|John D|Action Item 1. [Link|https://dummy]|
# |December 7 2022 23:04:28 PST|December 8 2022 00:00:00 PST|Follow Up|High|Done|Dalyte K|Action Item 2. [Link|https://dummy]|

# HTML table
{{ incident.action_items | to_table: 'action_items', 'Hello world', 'America/Los_Angeles', 'html' }}
# Returns
#      <h2>Hello world</h2>
#      
#      <table>
#        <tr>
#          <th>Creation Date</th>
#          <th>Due Date</th>
#          <th>Kind</th>
#          <th>Priority</th>
#          <th>Status</th>
#          <th>Assignee</th>
#          <th>Summary</th>
#        </tr>
#        <tr>
#          <td>December 7 2022 23:04:28 PST</td>
#          <td>December 8 2022 00:00:00 PST</td>
#          <td>Task</td>
#          <td>Low</td>
#          <td>Open</td>
#          <td>John D</td>
#          <td>Action Item 1</td>
#        </tr>
#        <tr>
#          <td>December 7 2022 23:04:28 PST</td>
#          <td>December 8 2022 00:00:00 PST</td>
#          <td>Follow Up</td>
#          <td>High</td>
#          <td>Done</td>
#          <td>Dalyte K</td>
#          <td>Action Item 2</td>
#        </tr>
#      </table>
```

### Additional filters

```ruby Ruby theme={null}
# Find
# Input: {"books": [{ "id": 1, title: "hello" }, { "id": 2, title: "world" }] }
# Output: { "id": 2, title: "world" }

{ hash.books | find: 'id', '2' }

# Get
# Input: {"books": [{ "id": 1, title: "hello", category: {name: "History"} }}, { "id": 2, title: "world", category: {name: "SciFi"} }] }
# Output: "SciFi"

{ hash.books | find: 'id', '2' | get: 'category.name'}

# in_time_zone

{ 'now' | in_time_zone: "Europe/London" }

# smart_date

{ 'now' | smart_date: '2 days ago' }
{ 'now' | smart_date: '2 days ago' | in_time_zone: "Europe/London" }
{ 'now' | smart_date: '4 days from now' | in_time_zone: "Europe/London" }
{ 'now' | smart_date: 'yesterday' | in_time_zone: "Europe/London" }

# iso8601

{ 'now' | to_iso8601 }

# Distance of time in words
{ 'now' | smart_date: '2 days ago' | distance_of_time_in_words_from_now } # 2 days
```


# Overview
Source: https://docs.rootly.com/liquid/liquid

Learn how to use the Liquid templating engine in Rootly workflows to dynamically manipulate data, format content, and create powerful automation expressions.

Rootly supports the use of the [Liquid](https://shopify.github.io/liquid/ "Liquid") templating engine in Workflows Tasks. Liquid provides a number of useful filters which can be used to manipulate the contents of options blocks. For example, the expression `{{ 'hello' | upcase }}` uses the upcase filter, when inserted into an options block it will render HELLO. You can string multiple Liquid filters together, with the expression processed left-to-right.

<Note>
  You can find our variables on the following pages:

  * [Task Output Variables](/liquid/task-output-variables)

  * [Incident Variables](/liquid/incident-variables)

  * [Action Item Variables](/liquid/action-item-variables)

  * [Alert Variables](/liquid/alert-variables)

  * [Pulse Variables](/liquid/pulse-variables)

  * [Team Variables](/liquid/team-variables)

  * [Secrets](/liquid/secrets)

  * [Timezones](/liquid/timezones)
</Note>

## Examples

### Get the Current Date and Time in yyyymmdd Format

Expression: `{{ "now" | date: "%Y-%m-%d" }}`

Sample result: "2018-04-24"

[Reference](https://shopify.github.io/liquid/filters/date/ "Reference")

### Get the Size of an Array and Multiply by 10

Expression: `{{ .my_array | size | times: 10 }}`

Sample result: 50

[Reference](https://shopify.github.io/liquid/filters/size/ "Reference")

## Full List of Available Filters

[Available filters](/liquid/filters)


# Pulse Variables
Source: https://docs.rootly.com/liquid/pulse-variables

Reference for pulse variables available in Liquid templates for processing health check, deploy, and monitoring data in Rootly workflows and integrations.

You can use pulse variables in pulse workflows and any Liquid template evaluated in a pulse context.

<Note>
  Use our [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer) to navigate through all pulse variables against real pulse data.
</Note>

We are using [Liquid](https://shopify.github.io/liquid/) template language and the variables below are available wherever a pulse is in scope.

## Variables

```ruby Ruby theme={null}
{{ pulse.id }} # returns string (uuid)
{{ pulse.short_id }} # returns string
{{ pulse.source }} # returns string — name of the pulse source (e.g., "github", "k8s", "generic")
{{ pulse.summary }} # returns string
{{ pulse.data }} # returns the raw pulse payload as a JSON object
```

## Examples

Reaching into the raw pulse payload:

```ruby Ruby theme={null}
{{ pulse.data | get: 'commit_sha' }}
```

Building a deploy-style summary line:

```ruby Ruby theme={null}
{{ pulse.source | titleize }} pulse {{ pulse.short_id }}: {{ pulse.summary }}
```


# Secrets
Source: https://docs.rootly.com/liquid/secrets

Learn how to access stored secrets in Liquid templates using the secrets variable for secure credential management in Rootly workflows and integrations.

We are using [Liquid](https://shopify.github.io/liquid/ "Liquid") template language and available variables are:

```ruby Ruby theme={null}

{{ secrets.name }} # returns secret value
```


# Task Output Variables
Source: https://docs.rootly.com/liquid/task-output-variables

Reference previous workflow action outputs using Liquid template variables to chain Rootly actions together, pass data between steps, and build pipelines.

Every workflow action stores its output after it completes. Subsequent actions in the same workflow can reference those outputs using Liquid template syntax. This lets you chain actions together — for example, fetch data with an HTTP request and pass the response into an AI prompt or a second API call.

## Syntax

Reference a previous action's output using the `tasks` object and the action's **slug**:

```
{{ tasks.<action-slug>.<property> }}
```

The action slug is a URL-friendly identifier derived from the action name. You can find it in the workflow editor below the action name field.

<Frame>
  <img alt="" />
</Frame>

## Available Properties

Each completed action exposes the following properties:

| Property                    | Description                                                               |
| --------------------------- | ------------------------------------------------------------------------- |
| `tasks.<slug>.name`         | Action name                                                               |
| `tasks.<slug>.slug`         | Action slug identifier                                                    |
| `tasks.<slug>.status`       | Execution status (`queued`, `started`, `completed`, `failed`, `canceled`) |
| `tasks.<slug>.output`       | Action output (structure varies by action type — see below)               |
| `tasks.<slug>.logs`         | Event logs from the action                                                |
| `tasks.<slug>.started_at`   | When the action started                                                   |
| `tasks.<slug>.completed_at` | When the action completed                                                 |
| `tasks.<slug>.failed_at`    | When the action failed (if applicable)                                    |

***

## HTTP Request Action Output

The **Fetch an HTTP endpoint** action stores the full HTTP response. Access it through `output.response`:

| Path                                   | Description                                    |
| -------------------------------------- | ---------------------------------------------- |
| `tasks.<slug>.output.response.status`  | HTTP status code                               |
| `tasks.<slug>.output.response.body`    | Response body (parsed as JSON when applicable) |
| `tasks.<slug>.output.response.headers` | Response headers                               |

### Accessing nested JSON

When the HTTP response returns JSON, you can traverse the parsed structure directly:

```
{{ tasks.my-http-request.output.response.body.data.id }}
{{ tasks.my-http-request.output.response.body.items[0].name }}
```

***

## AI Chat Completion Action Output

The **OpenAI**, **Anthropic**, **Google Gemini**, and **Mistral** chat completion actions store the AI model's response in `output.response`. The exact structure depends on the provider and model.

### OpenAI

OpenAI uses two different API formats depending on the model:

**GPT models** (`gpt-4o`, `gpt-4o-mini`, etc.) use the Chat Completions API:

```
{{ tasks.my-openai-task.output.response.choices[0].message.content }}
```

**Reasoning models** (`o1-*`, `o3-*`) use the Responses API, which returns a different structure:

```
{{ tasks.my-openai-task.output.response.output[0].content[0].text }}
```

<Note>
  If you switch between GPT and reasoning models, you must update the output path in any downstream actions that reference the task output.
</Note>

### Google Gemini

```
{{ tasks.my-gemini-task.output.response.candidates[0].content.parts[0].text }}
```

***

## Other Action Outputs

Most built-in actions (Create Jira Issue, Create Linear Issue, Send Slack Message, etc.) store their response in `output.response`. The structure matches the response from the underlying integration API.

Examples:

```
{{ tasks.create-a-jira-issue.output.response.key }}
{{ tasks.create-a-linear-issue.output.response.data.issueCreate.issue.url }}
{{ tasks.create-a-linear-issue.output.response.data.issueCreate.issue.identifier }}
```

***

## Examples

### Chain two HTTP requests

Fetch a service catalog entry, then use part of the response in a follow-up API call.

**Action 1** — "get-service-info" (HTTP GET):

```
URL: https://api.example.com/v1/catalog/{{ incident.services.first }}
```

**Action 2** — "get-owner" (HTTP GET) referencing Action 1's output:

```
URL: https://api.example.com/v1/catalog/{{ tasks.get-service-info.output.response.body.hierarchy.parents[0].tag }}
```

### Use HTTP response in action URL parameters

Look up a user by email from a previous action's response:

```
https://api.rootly.com/v1/users?filter[email]={{ tasks.get-on-call-from-opsgenie.output.response.body.data.onCallRecipients[0] | default: 'fallback@example.com' }}
```

### Feed HTTP response into an OpenAI prompt

Fetch logs from an observability tool, then have AI analyze them.

**Action 1** — "get-logs" (HTTP GET to your logging API)

**Action 2** — "analyze-logs" (OpenAI Chat Completion) with prompt:

```
Analyze the following service logs for errors and anomalies.
Format your response for Slack using mrkdwn.

{{ tasks.get-logs.output.response.body.data.result }}
```

### Pass AI output into a subsequent HTTP request

Generate a postmortem with AI, then post it to the incident timeline.

**Action 1** — "generate-postmortem" (OpenAI Chat Completion)

**Action 2** — "post-to-timeline" (HTTP POST):

```
URL: https://api.rootly.com/v1/incidents/{{ incident.id }}/events
Body:
{
  "data": {
    "attributes": {
      "visibility": "internal",
      "event": {{ tasks.generate-postmortem.output.response.choices[0].message.content | to_json }}
    },
    "type": "incident_events"
  }
}
```

<Note>
  Use the `to_json` filter when inserting task output into a JSON body. AI-generated text often contains quotes and newlines that break JSON syntax without proper escaping.
</Note>

### Use Jira/Linear issue output to update an alert

Create a ticket, then write the ticket URL back to a custom alert field.

**Action 1** — "create-a-linear-issue" (Create Linear Issue)

**Action 2** — "update-alert-with-ticket" (HTTP PATCH):

```
URL: https://api.rootly.com/v1/alerts/{{ alert.id }}
Body:
{
  "data": {
    "attributes": {
      "alert_field_values_attributes": [
        {
          "alert_field_id": "<your-field-id>",
          "value": "{{ tasks.create-a-linear-issue.output.response.data.issueCreate.issue.url }}"
        }
      ]
    },
    "type": "alerts"
  }
}
```

### Assign a role based on an on-call lookup

Look up who is on-call, find them in Rootly, then assign them to an incident role.

**Action 1** — "get-on-call" (HTTP GET to your paging provider)

**Action 2** — "find-rootly-user" (HTTP GET):

```
https://api.rootly.com/v1/users?filter[email]={{ tasks.get-on-call.output.response.body.data.onCallRecipients[0] }}
```

**Action 3** — "assign-role" (HTTP POST):

```
URL: https://api.rootly.com/v1/incidents/{{ incident.id }}/assign_role_to_user
Body:
{
  "data": {
    "type": "incidents",
    "attributes": {
      "user_id": "{{ tasks.find-rootly-user.output.response.body.data[0].id }}",
      "incident_role_id": "<your-role-id>"
    }
  }
}
```

***

## Using Liquid Filters with Task Outputs

You can apply any [Liquid filter](/liquid/filters) to task output values. Common patterns:

```
{{ tasks.my-task.output.response.body.name | upcase }}

{{ tasks.my-task.output.response.body.email | default: 'fallback@example.com' }}

{{ tasks.my-task.output.response.body.query | replace: '+', '' }}

{{ tasks.my-task.output.response.body.items | size }}
```

***

## Troubleshooting

### Action output is empty

* Verify the referenced action ran successfully. Check the workflow run log for errors.
* Check that the action slug matches exactly — slugs are case-sensitive and use hyphens, not underscores (e.g., `my-http-request`, not `my_http_request`).

### JSON path returns nothing

* The HTTP response body is only parsed as JSON when the response `Content-Type` is `application/json`. If the API returns a different content type, `body` may be a raw string.
* Use the workflow run log to inspect the actual response structure and verify your path.

### Subsequent action does not see the previous output

* Actions run sequentially in order. An action can only reference outputs from actions that appear **above** it in the workflow editor.
* If the previous action has **Skip on Failure** enabled and failed, its output may be incomplete or missing.


# Team Variables
Source: https://docs.rootly.com/liquid/team-variables

Reference guide for team variables available in Liquid templates including team metrics, member data, on-call assignments, and integration mappings in Rootly.

## Variables

<Note>
  Use our new [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer "Liquid Markup explorer") to navigate through all team variables.
</Note>

We are using [Liquid](https://shopify.github.io/liquid/ "Liquid") template language and available variables are:

```ruby Ruby theme={null}
# Basic team info
{{ team.id }} # returns string
{{ team.name }} # returns string
{{ team.slug }} # returns string
{{ team.time_zone }} # returns string
{{ team.generated_incident_title }} # returns string

# Incident counts
{{ team.incidents_count }} # returns integer
{{ team.incidents_test_count }} # returns integer
{{ team.incidents_normal_count }} # returns integer
{{ team.incidents_scheduled_count }} # returns integer
{{ team.incidents_backfilled_count }} # returns integer

# Action item counts
{{ team.action_items_count }} # returns integer
{{ team.action_items_follow_up_count }} # returns integer
{{ team.action_items_task_count }} # returns integer
{{ team.action_items_open_count }} # returns integer
{{ team.action_items_in_progress_count }} # returns integer
{{ team.action_items_cancelled_count }} # returns integer
{{ team.action_items_completed_count }} # returns integer

# Configuration flags
{{ team.config_ai_enabled }} # returns boolean
{{ team.config_ai_summarization_enabled }} # returns boolean
{{ team.config_ai_similarities_enabled }} # returns boolean
{{ team.config_sub_status_enabled }} # returns boolean

# User arrays
{{ team.users }} # returns array
{{ team.jira_users }} # returns array
{{ team.pagerduty_users }} # returns array

# Objects (keyed by slug)
{{ team.form_fields }} # returns object
{{ team.post_mortem_templates }} # returns object (keyed by slug)
{{ team.schedules }} # returns object (keyed by slug)
{{ team.services }} # returns object (keyed by slug)
{{ team.functionalities }} # returns object (keyed by slug)
{{ team.groups }} # returns object (keyed by slug)
```

# Examples

### User reverse lookup by email

```ruby Ruby theme={null}
{{ team.users | find: 'email', 'john@doe.com' | get: 'name' }}
{{ team.users | find: 'email', 'john@doe.com' | get: 'slack_id' }}
```


# Timezones
Source: https://docs.rootly.com/liquid/timezones

Complete list of timezone identifiers for use with the in_time_zone Liquid filter in Rootly workflows to convert dates and times across global teams.

To use with `in_time_zone` liquid filter

```js JS theme={null}
{{ now | in_time_zone: 'Europe/London' | date: '%Y-%m-%d %H:%M %Z' }}
```

| Timezone                         | Offset |
| -------------------------------- | ------ |
| Pacific/Niue                     | UTC-11 |
| Pacific/Midway                   | UTC-11 |
| Pacific/Pago\_Pago               | UTC-11 |
| America/Adak                     | UTC-10 |
| Pacific/Tahiti                   | UTC-10 |
| Pacific/Marquesas                | UTC-10 |
| Pacific/Honolulu                 | UTC-10 |
| Pacific/Rarotonga                | UTC-10 |
| America/Sitka                    | UTC-9  |
| America/Anchorage                | UTC-9  |
| Pacific/Gambier                  | UTC-9  |
| America/Metlakatla               | UTC-9  |
| America/Yakutat                  | UTC-9  |
| America/Nome                     | UTC-9  |
| America/Juneau                   | UTC-9  |
| America/Vancouver                | UTC-8  |
| America/Tijuana                  | UTC-8  |
| Pacific/Pitcairn                 | UTC-8  |
| America/Los\_Angeles             | UTC-8  |
| America/Boise                    | UTC-7  |
| America/Phoenix                  | UTC-7  |
| America/Dawson                   | UTC-7  |
| America/Whitehorse               | UTC-7  |
| America/Fort\_Nelson             | UTC-7  |
| America/Dawson\_Creek            | UTC-7  |
| America/Mazatlan                 | UTC-7  |
| America/Cambridge\_Bay           | UTC-7  |
| America/Hermosillo               | UTC-7  |
| America/Creston                  | UTC-7  |
| America/Edmonton                 | UTC-7  |
| America/Inuvik                   | UTC-7  |
| America/Yellowknife              | UTC-7  |
| America/Denver                   | UTC-7  |
| America/Managua                  | UTC-6  |
| America/Bahia\_Banderas          | UTC-6  |
| America/Ojinaga                  | UTC-6  |
| America/Chihuahua                | UTC-6  |
| America/Matamoros                | UTC-6  |
| America/Monterrey                | UTC-6  |
| America/Merida                   | UTC-6  |
| America/Mexico\_City             | UTC-6  |
| America/North\_Dakota/Beulah     | UTC-6  |
| America/North\_Dakota/New\_Salem | UTC-6  |
| America/North\_Dakota/Center     | UTC-6  |
| America/Menominee                | UTC-6  |
| America/Indiana/Knox             | UTC-6  |
| America/Indiana/Tell\_City       | UTC-6  |
| America/Chicago                  | UTC-6  |
| America/Belize                   | UTC-6  |
| America/Winnipeg                 | UTC-6  |
| America/Resolute                 | UTC-6  |
| America/Rankin\_Inlet            | UTC-6  |
| America/Regina                   | UTC-6  |
| America/Swift\_Current           | UTC-6  |
| Pacific/Easter                   | UTC-6  |
| America/Costa\_Rica              | UTC-6  |
| America/El\_Salvador             | UTC-6  |
| Pacific/Galapagos                | UTC-6  |
| America/Guatemala                | UTC-6  |
| America/Tegucigalpa              | UTC-6  |
| America/Grand\_Turk              | UTC-5  |
| America/Cancun                   | UTC-5  |
| America/Toronto                  | UTC-5  |
| America/Iqaluit                  | UTC-5  |
| America/Pangnirtung              | UTC-5  |
| America/Atikokan                 | UTC-5  |
| America/Indiana/Vincennes        | UTC-5  |
| America/Detroit                  | UTC-5  |
| America/Indiana/Indianapolis     | UTC-5  |
| America/New\_York                | UTC-5  |
| America/Port-au-Prince           | UTC-5  |
| America/Eirunepe                 | UTC-5  |
| America/Jamaica                  | UTC-5  |
| America/Indiana/Winamac          | UTC-5  |
| America/Cayman                   | UTC-5  |
| America/Kentucky/Monticello      | UTC-5  |
| America/Rio\_Branco              | UTC-5  |
| America/Nassau                   | UTC-5  |
| America/Indiana/Marengo          | UTC-5  |
| America/Panama                   | UTC-5  |
| America/Guayaquil                | UTC-5  |
| America/Bogota                   | UTC-5  |
| America/Lima                     | UTC-5  |
| America/Havana                   | UTC-5  |
| America/Indiana/Petersburg       | UTC-5  |
| America/Kentucky/Louisville      | UTC-5  |
| America/Indiana/Vevay            | UTC-5  |
| America/Porto\_Velho             | UTC-4  |
| America/Boa\_Vista               | UTC-4  |
| America/Manaus                   | UTC-4  |
| America/St\_Lucia                | UTC-4  |
| America/St\_Barthelemy           | UTC-4  |
| America/Caracas                  | UTC-4  |
| America/Tortola                  | UTC-4  |
| America/St\_Vincent              | UTC-4  |
| America/Marigot                  | UTC-4  |
| America/Santiago                 | UTC-4  |
| America/Martinique               | UTC-4  |
| America/Port\_of\_Spain          | UTC-4  |
| America/Curacao                  | UTC-4  |
| America/St\_Thomas               | UTC-4  |
| America/Lower\_Princes           | UTC-4  |
| America/St\_Kitts                | UTC-4  |
| America/Dominica                 | UTC-4  |
| America/Santo\_Domingo           | UTC-4  |
| America/Barbados                 | UTC-4  |
| America/Guyana                   | UTC-4  |
| America/Kralendijk               | UTC-4  |
| America/Guadeloupe               | UTC-4  |
| America/Thule                    | UTC-4  |
| America/Montserrat               | UTC-4  |
| America/Puerto\_Rico             | UTC-4  |
| America/Grenada                  | UTC-4  |
| America/Asuncion                 | UTC-4  |
| America/Halifax                  | UTC-4  |
| America/Glace\_Bay               | UTC-4  |
| America/Moncton                  | UTC-4  |
| America/Goose\_Bay               | UTC-4  |
| America/Blanc-Sablon             | UTC-4  |
| America/Campo\_Grande            | UTC-4  |
| America/Cuiaba                   | UTC-4  |
| Atlantic/Bermuda                 | UTC-4  |
| America/Anguilla                 | UTC-4  |
| America/Aruba                    | UTC-4  |
| America/Antigua                  | UTC-4  |
| America/La\_Paz                  | UTC-4  |
| America/Paramaribo               | UTC-3  |
| America/Belem                    | UTC-3  |
| America/Fortaleza                | UTC-3  |
| America/Recife                   | UTC-3  |
| America/Araguaina                | UTC-3  |
| America/Maceio                   | UTC-3  |
| America/Bahia                    | UTC-3  |
| America/Sao\_Paulo               | UTC-3  |
| America/Santarem                 | UTC-3  |
| America/Argentina/Catamarca      | UTC-3  |
| America/Argentina/La\_Rioja      | UTC-3  |
| America/Argentina/Ushuaia        | UTC-3  |
| America/Argentina/Rio\_Gallegos  | UTC-3  |
| America/Argentina/San\_Luis      | UTC-3  |
| America/Argentina/Mendoza        | UTC-3  |
| America/Montevideo               | UTC-3  |
| America/Punta\_Arenas            | UTC-3  |
| America/Argentina/San\_Juan      | UTC-3  |
| Antarctica/Palmer                | UTC-3  |
| Antarctica/Rothera               | UTC-3  |
| America/Argentina/Buenos\_Aires  | UTC-3  |
| Atlantic/Stanley                 | UTC-3  |
| America/Argentina/Cordoba        | UTC-3  |
| America/Argentina/Salta          | UTC-3  |
| America/Cayenne                  | UTC-3  |
| America/Argentina/Jujuy          | UTC-3  |
| America/Nuuk                     | UTC-3  |
| America/Argentina/Tucuman        | UTC-3  |
| America/Miquelon                 | UTC-3  |
| America/Noronha                  | UTC-2  |
| Atlantic/South\_Georgia          | UTC-2  |
| America/Scoresbysund             | UTC-1  |
| Atlantic/Cape\_Verde             | UTC-1  |
| Atlantic/Azores                  | UTC-1  |
| Africa/Accra                     | UTC+0  |
| Africa/Monrovia                  | UTC+0  |
| Europe/Jersey                    | UTC+0  |
| America/Danmarkshavn             | UTC+0  |
| Africa/Dakar                     | UTC+0  |
| Africa/Banjul                    | UTC+0  |
| Africa/Conakry                   | UTC+0  |
| Africa/El\_Aaiun                 | UTC+0  |
| Europe/Isle\_of\_Man             | UTC+0  |
| Africa/Sao\_Tome                 | UTC+0  |
| Atlantic/Reykjavik               | UTC+0  |
| Africa/Bissau                    | UTC+0  |
| Europe/Dublin                    | UTC+0  |
| Antarctica/Troll                 | UTC+0  |
| Africa/Nouakchott                | UTC+0  |
| Africa/Lome                      | UTC+0  |
| Africa/Ouagadougou               | UTC+0  |
| Atlantic/St\_Helena              | UTC+0  |
| Atlantic/Madeira                 | UTC+0  |
| Europe/Lisbon                    | UTC+0  |
| Atlantic/Faroe                   | UTC+0  |
| Africa/Bamako                    | UTC+0  |
| Europe/London                    | UTC+0  |
| Africa/Abidjan                   | UTC+0  |
| Africa/Freetown                  | UTC+0  |
| Atlantic/Canary                  | UTC+0  |
| Africa/Casablanca                | UTC+0  |
| Europe/Guernsey                  | UTC+0  |
| Europe/Andorra                   | UTC+1  |
| Europe/Tirane                    | UTC+1  |
| Africa/Luanda                    | UTC+1  |
| Europe/Vienna                    | UTC+1  |
| Europe/Sarajevo                  | UTC+1  |
| Europe/Brussels                  | UTC+1  |
| Africa/Porto-Novo                | UTC+1  |
| Africa/Kinshasa                  | UTC+1  |
| Africa/Bangui                    | UTC+1  |
| Africa/Brazzaville               | UTC+1  |
| Europe/Zurich                    | UTC+1  |
| Africa/Douala                    | UTC+1  |
| Europe/Prague                    | UTC+1  |
| Europe/Berlin                    | UTC+1  |
| Europe/Busingen                  | UTC+1  |
| Europe/Copenhagen                | UTC+1  |
| Africa/Algiers                   | UTC+1  |
| Europe/Madrid                    | UTC+1  |
| Africa/Ceuta                     | UTC+1  |
| Europe/Paris                     | UTC+1  |
| Africa/Libreville                | UTC+1  |
| Europe/Gibraltar                 | UTC+1  |
| Africa/Malabo                    | UTC+1  |
| Europe/Zagreb                    | UTC+1  |
| Europe/Budapest                  | UTC+1  |
| Europe/Rome                      | UTC+1  |
| Europe/Vaduz                     | UTC+1  |
| Europe/Luxembourg                | UTC+1  |
| Europe/Monaco                    | UTC+1  |
| Europe/Podgorica                 | UTC+1  |
| Europe/Skopje                    | UTC+1  |
| Europe/Malta                     | UTC+1  |
| Africa/Niamey                    | UTC+1  |
| Africa/Lagos                     | UTC+1  |
| Europe/Amsterdam                 | UTC+1  |
| Europe/Oslo                      | UTC+1  |
| Europe/Warsaw                    | UTC+1  |
| Europe/Belgrade                  | UTC+1  |
| Europe/Stockholm                 | UTC+1  |
| Europe/Ljubljana                 | UTC+1  |
| Arctic/Longyearbyen              | UTC+1  |
| Europe/Bratislava                | UTC+1  |
| Europe/San\_Marino               | UTC+1  |
| Africa/Ndjamena                  | UTC+1  |
| Africa/Tunis                     | UTC+1  |
| Europe/Vatican                   | UTC+1  |
| Europe/Riga                      | UTC+2  |
| Europe/Vilnius                   | UTC+2  |
| Africa/Maseru                    | UTC+2  |
| Europe/Kaliningrad               | UTC+2  |
| Europe/Bucharest                 | UTC+2  |
| Asia/Hebron                      | UTC+2  |
| Asia/Gaza                        | UTC+2  |
| Europe/Athens                    | UTC+2  |
| Asia/Jerusalem                   | UTC+2  |
| Asia/Beirut                      | UTC+2  |
| Africa/Gaborone                  | UTC+2  |
| Africa/Mbabane                   | UTC+2  |
| Europe/Kyiv                      | UTC+2  |
| Asia/Famagusta                   | UTC+2  |
| Europe/Tallinn                   | UTC+2  |
| Africa/Juba                      | UTC+2  |
| Africa/Blantyre                  | UTC+2  |
| Europe/Chisinau                  | UTC+2  |
| Africa/Cairo                     | UTC+2  |
| Europe/Helsinki                  | UTC+2  |
| Africa/Bujumbura                 | UTC+2  |
| Africa/Khartoum                  | UTC+2  |
| Africa/Lusaka                    | UTC+2  |
| Africa/Tripoli                   | UTC+2  |
| Africa/Johannesburg              | UTC+2  |
| Africa/Lubumbashi                | UTC+2  |
| Asia/Nicosia                     | UTC+2  |
| Africa/Kigali                    | UTC+2  |
| Europe/Sofia                     | UTC+2  |
| Europe/Mariehamn                 | UTC+2  |
| Africa/Maputo                    | UTC+2  |
| Africa/Windhoek                  | UTC+2  |
| Africa/Harare                    | UTC+2  |
| Europe/Istanbul                  | UTC+3  |
| Africa/Dar\_es\_Salaam           | UTC+3  |
| Europe/Simferopol                | UTC+3  |
| Africa/Kampala                   | UTC+3  |
| Indian/Antananarivo              | UTC+3  |
| Indian/Comoro                    | UTC+3  |
| Africa/Nairobi                   | UTC+3  |
| Asia/Amman                       | UTC+3  |
| Asia/Tehran                      | UTC+3  |
| Asia/Baghdad                     | UTC+3  |
| Asia/Kuwait                      | UTC+3  |
| Antarctica/Syowa                 | UTC+3  |
| Asia/Qatar                       | UTC+3  |
| Europe/Moscow                    | UTC+3  |
| Europe/Kirov                     | UTC+3  |
| Europe/Volgograd                 | UTC+3  |
| Asia/Riyadh                      | UTC+3  |
| Asia/Bahrain                     | UTC+3  |
| Asia/Aden                        | UTC+3  |
| Africa/Addis\_Ababa              | UTC+3  |
| Indian/Mayotte                   | UTC+3  |
| Africa/Asmara                    | UTC+3  |
| Africa/Mogadishu                 | UTC+3  |
| Africa/Djibouti                  | UTC+3  |
| Asia/Damascus                    | UTC+3  |
| Europe/Minsk                     | UTC+3  |
| Asia/Muscat                      | UTC+4  |
| Europe/Astrakhan                 | UTC+4  |
| Europe/Saratov                   | UTC+4  |
| Europe/Ulyanovsk                 | UTC+4  |
| Europe/Samara                    | UTC+4  |
| Indian/Reunion                   | UTC+4  |
| Indian/Mahe                      | UTC+4  |
| Asia/Baku                        | UTC+4  |
| Asia/Yerevan                     | UTC+4  |
| Asia/Dubai                       | UTC+4  |
| Asia/Kabul                       | UTC+4  |
| Asia/Tbilisi                     | UTC+4  |
| Indian/Mauritius                 | UTC+4  |
| Asia/Kathmandu                   | UTC+5  |
| Asia/Oral                        | UTC+5  |
| Asia/Atyrau                      | UTC+5  |
| Asia/Aqtau                       | UTC+5  |
| Asia/Tashkent                    | UTC+5  |
| Asia/Kolkata                     | UTC+5  |
| Asia/Samarkand                   | UTC+5  |
| Asia/Yekaterinburg               | UTC+5  |
| Indian/Kerguelen                 | UTC+5  |
| Asia/Qyzylorda                   | UTC+5  |
| Asia/Dushanbe                    | UTC+5  |
| Asia/Ashgabat                    | UTC+5  |
| Indian/Maldives                  | UTC+5  |
| Antarctica/Mawson                | UTC+5  |
| Asia/Aqtobe                      | UTC+5  |
| Asia/Colombo                     | UTC+5  |
| Asia/Karachi                     | UTC+5  |
| Antarctica/Vostok                | UTC+6  |
| Asia/Dhaka                       | UTC+6  |
| Indian/Chagos                    | UTC+6  |
| Asia/Qostanay                    | UTC+6  |
| Asia/Omsk                        | UTC+6  |
| Asia/Bishkek                     | UTC+6  |
| Asia/Urumqi                      | UTC+6  |
| Asia/Thimphu                     | UTC+6  |
| Asia/Yangon                      | UTC+6  |
| Asia/Almaty                      | UTC+6  |
| Indian/Cocos                     | UTC+6  |
| Asia/Phnom\_Penh                 | UTC+7  |
| Asia/Bangkok                     | UTC+7  |
| Asia/Hovd                        | UTC+7  |
| Antarctica/Davis                 | UTC+7  |
| Asia/Ho\_Chi\_Minh               | UTC+7  |
| Asia/Vientiane                   | UTC+7  |
| Asia/Pontianak                   | UTC+7  |
| Asia/Jakarta                     | UTC+7  |
| Asia/Novosibirsk                 | UTC+7  |
| Asia/Barnaul                     | UTC+7  |
| Asia/Tomsk                       | UTC+7  |
| Indian/Christmas                 | UTC+7  |
| Asia/Novokuznetsk                | UTC+7  |
| Asia/Krasnoyarsk                 | UTC+7  |
| Asia/Kuching                     | UTC+8  |
| Australia/Perth                  | UTC+8  |
| Asia/Singapore                   | UTC+8  |
| Asia/Irkutsk                     | UTC+8  |
| Asia/Brunei                      | UTC+8  |
| Asia/Ulaanbaatar                 | UTC+8  |
| Asia/Makassar                    | UTC+8  |
| Asia/Manila                      | UTC+8  |
| Asia/Taipei                      | UTC+8  |
| Asia/Macau                       | UTC+8  |
| Asia/Kuala\_Lumpur               | UTC+8  |
| Asia/Hong\_Kong                  | UTC+8  |
| Australia/Eucla                  | UTC+8  |
| Asia/Shanghai                    | UTC+8  |
| Asia/Choibalsan                  | UTC+8  |
| Asia/Tokyo                       | UTC+9  |
| Asia/Seoul                       | UTC+9  |
| Asia/Pyongyang                   | UTC+9  |
| Asia/Jayapura                    | UTC+9  |
| Pacific/Palau                    | UTC+9  |
| Asia/Chita                       | UTC+9  |
| Asia/Yakutsk                     | UTC+9  |
| Asia/Khandyga                    | UTC+9  |
| Asia/Dili                        | UTC+9  |
| Australia/Darwin                 | UTC+9  |
| Australia/Adelaide               | UTC+9  |
| Australia/Broken\_Hill           | UTC+9  |
| Australia/Lindeman               | UTC+10 |
| Pacific/Port\_Moresby            | UTC+10 |
| Australia/Sydney                 | UTC+10 |
| Australia/Melbourne              | UTC+10 |
| Australia/Hobart                 | UTC+10 |
| Antarctica/Macquarie             | UTC+10 |
| Australia/Lord\_Howe             | UTC+10 |
| Asia/Vladivostok                 | UTC+10 |
| Pacific/Guam                     | UTC+10 |
| Pacific/Chuuk                    | UTC+10 |
| Asia/Ust-Nera                    | UTC+10 |
| Antarctica/DumontDUrville        | UTC+10 |
| Pacific/Saipan                   | UTC+10 |
| Australia/Brisbane               | UTC+10 |
| Pacific/Pohnpei                  | UTC+11 |
| Pacific/Bougainville             | UTC+11 |
| Pacific/Efate                    | UTC+11 |
| Asia/Srednekolymsk               | UTC+11 |
| Asia/Sakhalin                    | UTC+11 |
| Pacific/Norfolk                  | UTC+11 |
| Asia/Magadan                     | UTC+11 |
| Antarctica/Casey                 | UTC+11 |
| Pacific/Guadalcanal              | UTC+11 |
| Pacific/Noumea                   | UTC+11 |
| Pacific/Kosrae                   | UTC+11 |
| Antarctica/McMurdo               | UTC+12 |
| Pacific/Wallis                   | UTC+12 |
| Asia/Anadyr                      | UTC+12 |
| Asia/Kamchatka                   | UTC+12 |
| Pacific/Kwajalein                | UTC+12 |
| Pacific/Fiji                     | UTC+12 |
| Pacific/Chatham                  | UTC+12 |
| Pacific/Auckland                 | UTC+12 |
| Pacific/Nauru                    | UTC+12 |
| Pacific/Majuro                   | UTC+12 |
| Pacific/Tarawa                   | UTC+12 |
| Pacific/Wake                     | UTC+12 |
| Pacific/Funafuti                 | UTC+12 |
| Pacific/Kanton                   | UTC+13 |
| Pacific/Fakaofo                  | UTC+13 |
| Pacific/Apia                     | UTC+13 |
| Pacific/Tongatapu                | UTC+13 |
| Pacific/Kiritimati               | UTC+14 |


# Managing Custom Catalogs
Source: https://docs.rootly.com/managing-custom-catalogs

Create custom catalogs, define properties, link catalogs together, and add entities to represent your organization's unique business concepts.

Catalogs are the foundation of everything else. This section walks through how to create them, customize them, and link them together.

# **Creating a new Catalog**

To create a new Catalog, navigate to Catalog in your Rootly settings and click **+ New catalog**. Give it a name that reflects what it represents, for example, "Product Areas" or "Supported Regions". Add a description to your Catalog so teammates know what it’s for and when to use it.

<Frame>
  <img alt="Clean Shot2026 03 30at15 41 53@2x" />
</Frame>

Properties let you describe what makes each entity unique. For example, a "Region" Catalog might have a "Cluster" property that tells you which infrastructure clusters belong to that region.

To add properties, open a Catalog and click **Edit catalog**, and click **Add Property**. You can choose from several property types, including text, boolean, and importantly references to other Catalogs.

<Frame>
  <img alt="Clean Shot2026 03 30at20 17 36@2x" />
</Frame>

One of the most powerful things you can do in Catalog is connect different Catalogs to each other. This lets you capture real-world relationships between your business entities.

For example:

* A "Teams" Catalog can have a property for "Owned Services", where each value is drawn from your "Services" Catalog.
* A "Customer Tier" Catalog can include a "Related Products" property that references your "Product Areas" Catalog.

To link Catalogs, add a new property to your Catalog and choose the other Catalog as the property type. Once linked, you’ll be able to select entities from that Catalog when filling in property values.

# **Adding entities to a Catalog**

Once your Catalog is set up, start populating it with entities. Each entity represents one specific item in that category: for example, "Payments API" in your Services Catalog.

<Frame>
  <img alt="Clean Shot2026 03 30at20 22 00@2x" />
</Frame>

For each entity, fill in the properties you’ve defined. If a property references another Catalog, you’ll select the relevant entity from a dropdown of what’s already in that Catalog.

<Frame>
  <img alt="Clean Shot2026 03 30at20 25 07@2x" />
</Frame>


# Attaching Teams To Incidents
Source: https://docs.rootly.com/managing-teams/attaching-teams-to-incidents

Associate teams with incidents to coordinate response, and configure workflows that automatically invite team members to the incident Slack channel.

Teams can be attached to incidents in Rootly to record which groups own the response and to drive automation around that ownership.

When a team is attached to an incident, Rootly can record team ownership on the timeline and fire workflows that target the team — for example, broadcasting the incident to the team's channel, paging on-call, or inviting team members into the incident Slack channel. The exact behavior depends on which workflows you have configured.

If the **Slack integration** is enabled, teams can be attached directly from Slack using Rootly's slash commands. Teams can also be attached from the web UI when creating or editing an incident.

***

## Attaching Teams via Slack

If your organization has configured the Slack integration, you can attach teams directly from the Slack incident channel.

To attach a team using Slack:

1. Open the **Slack channel associated with the incident**
2. Type the following command:

```
/rootly add team
```

3. Press **Enter**

Rootly will open a Slack modal where you can select one or more teams to attach to the incident.

<Note>
  You must run this command from the **incident-specific Slack channel**. The command will not work in other Slack channels.
</Note>

***

## Attaching Teams from the Web UI

Teams can also be attached when creating an incident or by editing an existing incident in the Rootly web UI. Open the incident, edit the **Teams** field, and select one or more teams from the searchable picker.

Workflows triggered by team attachment fire in both paths — Slack and the web UI — provided the workflow's trigger and conditions match.

***

## Selecting Teams

After running the command, a dialog appears in Slack with a searchable list of available teams.

From this dialog you can:

* Search for teams by name
* Select one or multiple teams
* Review currently attached teams
* Submit the changes

Once you click **Submit**, the selected teams are attached to the incident.

<Frame>
  <img alt="Attaching teams using Slack" />
</Frame>

***

## What Happens When a Team Is Attached

Attaching a team records the team on the incident and fires workflow triggers. Which trigger fires depends on when the team is attached:

* Teams chosen **at incident creation time** — fire as part of the `incident_created` trigger.
* Teams attached **after creation** (via `/rootly add team` or by editing the incident in the web UI) — fire the `teams_added` and `teams_updated` triggers.

The actual side effects of attachment depend on which workflows you have configured.

Workflows commonly built around team attachment include:

* **Inviting team members** into the incident Slack channel
* **Broadcasting** to the team's configured Slack channel
* **Paging** the team's on-call (via Rootly On-Call, PagerDuty, Opsgenie, etc.)
* **Creating tickets** in the team's project (Jira, Linear, etc.)

If you expect a behavior on team attachment and it isn't happening, the first thing to check is whether a matching workflow exists and whether its trigger fired. The Workflow Runs view on each incident shows every workflow Rootly evaluated, whether it matched, and any task errors.

***

## Automatically Inviting Team Members

Inviting team members to the incident Slack channel is configured once as an Incident Workflow and reused across every incident that matches your chosen trigger.

### Setting Up the Workflow

Build an [Incident Workflow](/workflows/incident-workflows) with these settings:

<Steps>
  <Step title="Choose a Trigger">
    Pick the moment you want invites to fire. The two most useful triggers for this use case are:

    * `incident_created` — fires when teams are selected at creation time
    * `teams_added` — fires when a team is attached *after* creation (e.g., via `/rootly add team`)

    If you want invites for both paths, configure one workflow per trigger or use a workflow with multiple triggers.
  </Step>

  <Step title="Add the Invite Rootly On-Call to Slack Channel Task">
    Add the **Invite Rootly On-Call to Slack Channel** task. Despite the name, this task can target a Team in addition to an on-call schedule, escalation policy, service, or individual user. Set the **Target** to the team(s) whose members should be invited.
  </Step>

  <Step title="Scope Conditions If Needed">
    Add workflow conditions (severity, environment, service, etc.) only if you want to limit when invites fire. Leaving conditions empty means it fires on every incident matching the trigger.
  </Step>
</Steps>

<Note>
  This workflow is **not installed by default**. The smart-default "Invite Slack users and groups to incident channel" workflow that ships with Rootly invites a configured list of Slack user groups (e.g., `@oncall-infra`), not Rootly team members.
</Note>

### Who Gets Invited

When the **Invite Rootly On-Call to Slack Channel** task is targeted at a Team, it:

* Includes every member of each targeted Rootly team
* Checks whether each member has connected their Slack account in Rootly
* Invites the matching users to the incident channel
* Skips members who haven't connected Slack, then fails at the end of the task with an error listing the skipped members by name

Members who haven't connected Slack to Rootly never receive an invite. The fix is for those users to connect their Slack account from their Rootly user profile.

<Tip>
  Because this task fails when any team member hasn't connected Slack, [a single task failure halts the workflow by default](/workflows/incident-workflows). If you want downstream tasks (e.g., posting a status message) to run regardless, enable **Skip on Failure** on the invite task or place it last in the workflow.
</Tip>

### Other Targets

The same task can also target an escalation policy, a service, a schedule, or an individual user — useful when you want "invite whoever is on-call for this team" instead of "invite everyone on this team."

***

## Permissions

Attaching teams to incidents requires permission to update incidents.

If you attempt to run the Slack command without the required permissions, Rootly will return an authorization error.

In most organizations, these permissions are granted to:

* Incident responders
* Incident commanders
* Team administrators
* Organization administrators

If the command does not work for you, contact your Rootly administrator to confirm your access level.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="The command doesn't work in Slack" icon="triangle-exclamation">
    The command must be used inside an **incident Slack channel**. If the command is run in a regular Slack channel or a channel that is not linked to an incident, Rootly will not be able to identify the incident.
  </Accordion>

  <Accordion title="I cannot attach a team" icon="lock">
    You may not have permission to update incidents. Attaching teams requires update access to the incident. Contact your administrator if you need this permission.
  </Accordion>

  <Accordion title="The team list is empty" icon="users">
    If no teams appear in the selection dialog, it may mean that no teams have been created in your Rootly organization yet. Teams can be created from the **Configuration → Teams** page.
  </Accordion>

  <Accordion title="Team members were not invited to the Slack channel" icon="slack">
    Inviting team members is driven by a workflow, not by a setting on the team. Walk through this checklist:

    1. **Does an invite workflow exist?** Open **Workflows** and confirm there's an Incident Workflow that uses the **Invite Rootly On-Call to Slack Channel** task with the team as Target.
    2. **Did the workflow's trigger match this incident?** A workflow with trigger `incident_created` won't fire when a team is attached *after* creation; for that path you also need a workflow with trigger `teams_added`.
    3. **Did the workflow run?** Open the incident's **Workflow Runs** view to see whether Rootly evaluated the workflow and what happened. If conditions (severity, environment, etc.) didn't match, the workflow won't have run.
    4. **Have the team members connected their Slack accounts?** Members who haven't connected Slack to Rootly are skipped, and the task fails at the end with an error listing them by name. Have them connect Slack from their user profile.
    5. **Is the Rootly Slack bot in the channel?** A private channel that the bot hasn't been added to will reject invites.
  </Accordion>
</AccordionGroup>

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What does attaching a team to an incident do?" icon="link">
    Attaching a team records team ownership on the incident and fires the `teams_added` and `teams_updated` workflow triggers. Any side effect — inviting members, broadcasting, paging on-call — is driven by workflows you configure.
  </Accordion>

  <Accordion title="Can I attach more than one team to an incident?" icon="users">
    Yes. Multiple teams can be attached to the same incident. This is common when incidents involve several areas of responsibility, such as infrastructure, security, and application teams.
  </Accordion>

  <Accordion title="Do team members automatically join the incident Slack channel?" icon="slack">
    Only if you've configured a workflow that does it. There is no team-level toggle that auto-invites members on attach. Build an Incident Workflow with the **Invite to Slack channel (Rootly)** task targeting the team — see [Automatically Inviting Team Members](#automatically-inviting-team-members) above.
  </Accordion>

  <Accordion title="Why can't I run the Slack command?" icon="triangle-exclamation">
    The `/rootly add team` command must be run inside the Slack channel associated with the incident. If the command is used in another channel, Rootly cannot determine which incident the command should apply to. Additionally, you must have permission to update the incident in order to attach or modify teams.
  </Accordion>

  <Accordion title="Can I remove a team after attaching it?" icon="unlink">
    Yes. Teams can be removed from an incident if they were attached by mistake or if their involvement is no longer required. This can be done through Slack using the appropriate Rootly command or from the incident interface in the Rootly dashboard. Removal fires the `teams_removed` and `teams_updated` workflow triggers.
  </Accordion>

  <Accordion title="Do teams receive notifications when they are attached?" icon="bell">
    Yes, when a workflow is configured to send them. The most common pattern is a workflow that broadcasts to the team's configured Slack channel on `teams_added`. The behavior is fully driven by your workflow configuration.
  </Accordion>

  <Accordion title="Who is allowed to attach teams to incidents?" icon="user-shield">
    Only users with permission to update incidents can attach or remove teams. These permissions are typically granted to incident responders, incident commanders, team administrators, or organization administrators depending on your Rootly permission model.
  </Accordion>
</AccordionGroup>


# Configuring Teams
Source: https://docs.rootly.com/managing-teams/configuring-teams

Create and manage teams in Rootly, including members, ownership, Slack channels, escalation policies, and integration mappings for incident response.

Teams allow you to organize responders, define ownership of operational resources, and configure how groups of users interact with incidents, alerts, and communication channels inside Rootly.

By creating teams, organizations can structure incident response responsibilities more clearly. Teams help determine who should be notified during incidents, which resources a group is responsible for maintaining, and how alerts or updates are distributed across communication platforms like Slack or email.

From the **Teams** page, administrators and authorized users can create new teams, manage membership, assign ownership to infrastructure components, configure routing channels, and link teams to third-party incident management tools.

***

## Adding properties

While Teams in Rootly comes with built-in properties, additional properties can be added. This allows you to build automations and workflows for your incident response processes using this information: for example, quickly identifying the customer impact of an incident based on the related team.

To add custom properties, open **Teams**, click **Edit catalog**, and click **Add Property**. You can choose from several property types, including text, boolean, and importantly references to other Catalogs.

<Frame>
  <img alt="Clean Shot2026 03 30at21 04 14@2x" />
</Frame>

For each team, you'll be able to find the values of these properties in the **Custom Properties** tab.

## Create a Team

Creating a team allows you to group responders together and define how that group participates in incidents and operational workflows.

To create a new team:

1. Navigate to **Configuration → Teams**
2. Click **Add New Team**
3. Enter the team details:
   * **Name** — A clear identifier for the team
   * **Description** — Optional context about the team's role or responsibilities
   * **Color** — A visual identifier used throughout the interface
4. Click **Save**

<Frame>
  <img alt="Clean Shot2026 03 30at20 59 54@2x" />
</Frame>

After the team is created, it becomes available for incident assignment, alert routing, schedule ownership, and workflow automation.

<Callout icon="info">
  After creating a team, you are automatically added as a member. Membership, permissions, and administrative settings can be modified later from the **Members** tab.
</Callout>

Organizations often create teams that reflect operational structures such as **Infrastructure**, **Security**, **SRE**, **Customer Support**, or **Platform Engineering**. Teams should represent logical responder groups responsible for services or systems.

<Frame>
  <img alt="Clean Shot2026 03 30at21 05 33@2x" />
</Frame>

***

## Import Teams

If your organization already manages response teams in external tools, Rootly allows you to import those teams directly.

Teams can be imported from supported third-party integrations such as **PagerDuty** or **Opsgenie**, allowing organizations to maintain consistent team structures across platforms.

To import teams:

1. Navigate to **Configuration → Teams**
2. Select the relevant import option
3. Choose the teams you want to import
4. Confirm the import

Imported teams will automatically appear in your Rootly configuration and can then be customized further with additional members, channels, and ownership settings.

<Card title="Importing Teams" icon="plug" href="/managing-teams/importing-teams">
  Learn how to import teams from supported integrations.
</Card>

***

## Edit a Team

Once a team has been created, it can be updated at any time to reflect changes in organizational structure, staffing, or responsibilities.

To edit a team:

1. Navigate to **Configuration → Teams**
2. Select the team you want to configure
3. Open the relevant configuration tab
4. Update the settings as needed
5. Save your changes

Team settings can be modified without impacting historical incident data. Updates to members, ownership, or communication channels will apply to future incidents and alerts.

***

## Members

The **Members** tab is where you manage the people who belong to a team.

Adding users to a team ensures they can participate in incidents involving that team and receive relevant notifications.

From this section you can:

* Add existing Rootly users to the team
* Assign a **default Incident Role**
* Designate **team administrators**

### Adding Members

To add a member:

1. Click **Add Member**
2. Search for an existing Rootly user
3. Optionally assign a default **Incident Role**
4. Save the changes

Assigning a default incident role allows Rootly to automatically apply the correct role when the team is attached to an incident.

For example, a team member may automatically become an **Incident Commander**, **Responder**, or **Communications Lead** whenever the team is assigned to an incident.

<Callout icon="info">
  Users must already exist in your Rootly organization before they can be added to a team.
</Callout>

***

### Team Admins

Team administrators have additional permissions for managing team-owned resources.

These users are typically responsible for maintaining operational configurations such as schedules, escalation policies, or services owned by the team.

Team admins may be able to:

* Edit team configuration
* Manage team members
* Update schedules owned by the team
* Maintain escalation policies
* Modify ownership of operational resources

To assign a team admin:

1. Add the user as a team member
2. Select them in the **Team Admin** field

<Callout icon="warning">
  Only existing team members can be assigned as team admins.
</Callout>

Organizations typically assign team admins to engineering leads, SRE managers, or other operational owners responsible for maintaining response readiness.

***

## Ownership

The **Ownership** section identifies which operational resources are managed by a particular team.

Ownership helps teams understand their responsibilities during incidents and determines which users are allowed to manage certain resources.

Teams can own the following resources:

* **Alert Sources**
* **Alert Routes**
* **Services**
* **Schedules**
* **Escalation Policies**

Ownership can help answer questions such as:

* Which team owns a service?
* Who is responsible for maintaining an escalation policy?
* Which responders should be contacted when a specific alert is triggered?

<AccordionGroup>
  <Accordion title="Alert Sources" icon="bell">
    Alert sources represent systems or monitoring tools that generate alerts inside Rootly. When a team owns an alert source, that team is typically responsible for responding to alerts originating from that source.
  </Accordion>

  <Accordion title="Alert Routes" icon="route">
    Alert routes define how alerts are processed and where they are directed. Teams that own alert routes may manage routing logic, escalation behavior, and response procedures for those alerts.
  </Accordion>

  <Accordion title="Services" icon="layers">
    Services can be associated with teams to represent operational ownership of infrastructure or applications. This ownership information helps responders quickly identify which team is responsible for investigating or resolving issues affecting a service.
  </Accordion>

  <Accordion title="Schedules" icon="calendar">
    Teams often own on-call schedules that define responder availability. When a schedule is owned by a team, that team is responsible for maintaining the rotation and ensuring responders are correctly assigned.
  </Accordion>

  <Accordion title="Escalation Policies" icon="sitemap">
    Escalation policies determine how alerts are escalated if they are not acknowledged. Teams that own these policies manage the escalation steps and ensure the correct responders are notified.
  </Accordion>
</AccordionGroup>

***

## Channels

The **Channels** tab connects a team to the communication systems used during incidents.

These configurations allow Rootly to automatically notify the correct Slack channels, user groups, or email recipients when the team is involved in an incident.

You can configure:

* **Slack channels**
* **Slack user groups**
* **Notify emails**
* **Default alert broadcast channels**
* **Default incident broadcast channels**

These settings are frequently used by **automation workflows** to route notifications or tag responders automatically.

***

### Broadcast Channels

Teams can define default Slack channels where Rootly will automatically post updates.

These channels provide centralized visibility for operational events related to the team.

Two broadcast types are available:

**Alerts Channel**

Used to post notifications when the team is paged or when alerts are triggered for that team.

**Incidents Channel**

Used to post updates whenever the team is attached to an incident.

This allows stakeholders and responders to monitor activity without needing to join each individual incident channel.

If you want team members invited to the incident Slack channel when a team is attached, configure an Incident Workflow with the **Invite Rootly On-Call to Slack Channel** task — see [Automatically Inviting Team Members](/managing-teams/attaching-teams-to-incidents#automatically-inviting-team-members) for setup steps.

***

## Integrations

The **Integrations** tab allows Rootly teams to be mapped to external systems.

These mappings connect Rootly to existing incident response or service management platforms, enabling synchronized ownership and automated workflows.

Supported integrations may include:

* **PagerDuty**
* **Opsgenie**
* **Splunk On-Call**
* **PagerTree**
* **Cortex**
* **OpsLevel**
* **ServiceNow**
* **Backstage**

Mapping external teams allows Rootly workflows to interact with those systems more effectively and ensures operational ownership stays aligned across tools.

<Callout icon="info">
  The corresponding integration must already be configured before it can be linked to a team.
</Callout>

***

## Best Practices

When configuring teams, consider the following recommendations:

* Use **clear, descriptive team names** that match your operational structure
* Add **all relevant responders** so incidents reach the correct people
* Assign **team administrators** for teams responsible for schedules or escalations
* Configure **Slack channels** to improve incident visibility
* Map teams to **external systems** when using integrations
* Regularly review membership and ownership to keep team configuration accurate

A well-structured team configuration helps reduce confusion during incidents and ensures alerts reach the correct responders quickly.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Who can create or edit a team?" icon="user-shield">
    Creating or editing teams typically requires administrative permissions within Rootly. Organization administrators or users with configuration access can create teams, update team settings, manage members, and configure ownership or integrations.

    If you do not see the option to create or edit teams, you may not have the necessary permissions. In that case, contact your Rootly administrator for assistance.
  </Accordion>

  <Accordion title="Do users need to exist in Rootly before being added to a team?" icon="users">
    Yes. Users must first be invited to your Rootly organization before they can be added to a team.

    Once a user account exists, the user can be added as a team member, assigned a default incident role, or designated as a team admin.
  </Accordion>

  <Accordion title="What does a team admin do?" icon="shield-check">
    Team admins help maintain team-level configurations and operational resources.

    Depending on your organization's permissions model, team admins may be responsible for managing schedules, maintaining escalation policies, updating team ownership, and modifying communication channels or integrations associated with the team.
  </Accordion>

  <Accordion title="Can I assign an incident role to a team member?" icon="user-plus">
    Yes. When adding or editing a team member, you can optionally assign a default incident role.

    This role is automatically applied whenever the team is attached to an incident, ensuring responders receive the appropriate responsibilities without requiring manual assignment.
  </Accordion>

  <Accordion title="What can a team own?" icon="layers">
    Teams can own operational resources across the Rootly platform.

    These may include alert sources, alert routes, services, schedules, and escalation policies. Ownership helps identify which team is responsible for maintaining or responding to issues involving those resources.
  </Accordion>

  <Accordion title="What are team channels used for?" icon="slack">
    Team channels connect a team to communication endpoints such as Slack channels, Slack user groups, or email addresses.

    These channels allow Rootly to automatically route notifications, tag responders, and distribute updates whenever the team becomes involved in an incident or alert.
  </Accordion>

  <Accordion title="What's the difference between an Alerts Channel and an Incidents Channel?" icon="messages-square">
    The **Alerts Channel** is used to broadcast notifications whenever the team is paged or when alerts are triggered.

    The **Incidents Channel** posts updates whenever the team is added to an incident. This allows organizations to track team activity across multiple incidents in a centralized Slack channel.
  </Accordion>

  <Accordion title="Can I connect a team to PagerDuty or Opsgenie?" icon="plug">
    Yes. Rootly supports mapping teams to external services such as PagerDuty or Opsgenie.

    These integrations allow Rootly workflows to coordinate with existing incident response systems and help maintain consistent ownership across platforms.
  </Accordion>

  <Accordion title="Can I import teams from another tool?" icon="download">
    Yes. If your organization already manages teams in a third-party system such as PagerDuty or Opsgenie, those teams can be imported directly into Rootly.

    Imported teams can then be customized further with additional members, ownership settings, or communication channels.
  </Accordion>

  <Accordion title="Can I change team settings later?" icon="file-pen">
    Yes. Teams can be modified at any time.

    You can update team members, adjust ownership, change Slack channels, or modify integration mappings without affecting historical incident records.
  </Accordion>
</AccordionGroup>


# Importing Teams
Source: https://docs.rootly.com/managing-teams/importing-teams

Import team names and structure from connected integrations like PagerDuty, Opsgenie, and Slack to quickly populate your Rootly teams without manual setup.

You can import teams from connected integrations such as [PagerDuty](/integrations/pagerduty) and [Opsgenie](/integrations/opsgenie) to quickly create your team structure in Rootly.

Importing teams helps you get started faster by creating Rootly teams from your external team configuration instead of rebuilding them manually.

## Before You Begin

Before importing teams, make sure:

* Your integration is already configured in Rootly
* You have permission to create teams
* You are importing team structure only

This import flow creates or updates team records in Rootly using the external team’s name and description. It does not import members, schedules, or escalation policies.

## Import Teams

To import teams from a connected integration:

1. Navigate to **Configuration → Teams**
2. In the top-right corner, click the integration button for the service you want to import from, such as **PagerDuty** or **Opsgenie**
3. In the import modal, review the list of available teams
4. Select the teams you want to import
5. Click **Import**

After the import finishes, the selected teams appear on the **Teams** page.

If a team is already linked to the external integration, Rootly updates the existing team instead of creating a duplicate.

<img alt="Teams page with integration import buttons" />

<Callout icon="triangle-exclamation">
  Team import does <strong>not</strong> include members, on-call schedules, or escalation policies. Use the separate migration flow if you need to bring over on-call configuration.
</Callout>

## What Gets Imported

This flow imports the following team details:

* Team name
* Team description
* External integration link

This flow does not import:

* Team members
* On-call schedules
* Escalation policies

If you need to migrate on-call configuration, use the dedicated migration flow for that integration.

## Other Supported Integrations

Depending on which integrations are configured in your workspace, you may also be able to import teams from other providers using the same workflow.

## Troubleshooting

### I don’t see the import buttons

Confirm that the integration is connected and that you have permission to create teams. If either requirement is missing, the import option may not appear.

### I get an error when opening the import modal

Check that the integration is configured correctly and that Rootly can successfully connect to the provider. Configuration or authorization issues can prevent the import list from loading.

### I imported a team, but expected more data

This import only creates or updates the team record itself. Members, schedules, and escalation policies are not included in this step.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What happens when I import a team?" icon="file-import">
    When you import a team, Rootly creates a new team or updates an existing linked team using the external team’s information. This helps you quickly mirror your team structure in Rootly without recreating each team manually.
  </Accordion>

  <Accordion title="Will importing create duplicate teams?" icon="clone">
    No. If Rootly finds an existing team already linked to the same external team, it updates that team instead of creating a duplicate.
  </Accordion>

  <Accordion title="Are team members, schedules, or escalation policies imported too?" icon="users">
    No. This flow imports team structure only. If you need members, schedules, or escalation policies, use the separate migration or on-call import flow for that integration.
  </Accordion>

  <Accordion title="Which integrations support team import?" icon="plug">
    PagerDuty and Opsgenie support team import, and other integrations may also support the same workflow when configured in your workspace.
  </Accordion>

  <Accordion title="Why can’t I import teams?" icon="triangle-exclamation">
    The most common reasons are that the integration is not configured yet or your role does not have permission to create teams.
  </Accordion>
</AccordionGroup>


# Incident Roles
Source: https://docs.rootly.com/managing-teams/incident-roles

Configure Incident Roles in Rootly to automatically assign responsibilities like Incident Commander when teams are attached to incidents during response.

Incident Roles help your team respond faster by automatically assigning responsibilities when a team is attached to an incident.

By configuring Incident Roles in advance, you can make sure the right people are assigned to the right responsibilities without needing to coordinate everything manually during an incident.

## Before You Begin

Make sure you have:

* Access to **Configuration → Incident Roles**
* A team with members already created
* On-call schedules, teams, or escalation policies configured *(optional)*
* Permission to create or manage [Workflows](/workflows) *(required for paging automation)*

## How It Works

Assignments occur when a team is attached to an incident, either:

* During incident creation
* When a team is added later

When assignment runs, Rootly:

* Applies the Incident Role mappings configured for that team
* Assigns users to the appropriate Incident Roles
* Creates any Default Tasks attached to those roles
* Adds matched on-call users to the incident channel

For on-call assignments, Rootly uses the user who is actively on-call at the time the team is attached to the incident.

## Create an Incident Role

To create a new Incident Role:

1. Navigate to **Configuration → Incident Roles**
2. Click **Create Role**
3. Fill in the role details:
   * **Name** *(required)*
   * **Description** *(optional)*
   * **Responsibilities** *(optional)* — A message shown to the user when they are assigned the role
   * **Optional role** — Allows the role to remain unassigned during an incident
   * **Allow multiple users** — Allows more than one user to be assigned to the role
4. Click **Create Role**

<Frame>
  <img alt="Create Incident Role form" />
</Frame>

## Add Default Tasks

After creating the role, you can add Default Tasks to automatically assign follow-up work when that Incident Role is assigned during an incident.

To add Default Tasks:

1. Open the Incident Role you created
2. Edit the role
3. Add one or more **Default Tasks** for this role
4. Save your changes

When the role is assigned during an incident, those tasks are automatically created for the assigned user.

Changes to role mappings and Default Tasks generally apply to future assignments, not incidents that are already in progress.

<Frame>
  <img alt="Default Tasks section in Incident Role editor" />
</Frame>

<Frame>
  <img alt="Configured default tasks for an Incident Role" />
</Frame>

## Assign Roles to Team Members

Once the Incident Role is created, assign it to members of the appropriate team.

1. Navigate to **Teams**
2. Open the team you want to update
3. Select the **Members** tab
4. Add or edit team members and choose their **Incident Role**
5. Save your changes

<Frame>
  <img alt="Team Members tab with incident role assignments" />
</Frame>

<Frame>
  <img alt="Assign Incident Role to a team member" />
</Frame>

## Auto-Assign Roles from On-Call

You can also assign Incident Roles based on who is currently on-call for a:

* Schedule
* Team
* Escalation policy

If a matching user is actively on-call and configured for the role, they are automatically:

* Assigned to the role
* Added to the incident channel

> Role assignment and paging are separate behaviors. Users can be auto-assigned through Incident Role configuration, but paging requires a [Workflow](/workflows) action.

## Verify Your Setup

Create a test incident and attach the configured team. Then confirm that:

* The expected Incident Roles are assigned
* Default Tasks are created
* On-call users are assigned when applicable
* Any related Workflows run as expected

## Troubleshooting

### No Incident Role assignee appears

Confirm that the configured team was attached to the incident and that team members are mapped to the correct Incident Role. If the role should be assigned from on-call, verify that the on-call source is configured for that role.

### No on-call user is assigned

Verify the correct schedule, team, or escalation policy is configured and that someone is actively on-call at the time the team is attached. If coverage recently changed, check timezone or shift handoff timing.

### No Workflow actions run

Confirm that the Workflow is enabled and that its conditions match the incident. Role assignment alone does not notify or page users unless a Workflow action is configured.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="When are Incident Roles assigned, and what happens during assignment?" icon="users">
    Incident Roles are assigned when a team is attached to an incident, either during incident creation or when a team is added later.

    During assignment, Rootly:

    * Applies the Incident Role mappings configured for that team
    * Assigns the appropriate users to each role
    * Creates any Default Tasks attached to the assigned roles
    * Adds matched on-call users to the incident channel

    This helps your team start response work faster with ownership and next steps already in place.
  </Accordion>

  <Accordion title="What do Optional role and Allow multiple users mean?" icon="circle-question">
    These settings control how flexible an Incident Role assignment can be during an incident:

    * **Optional role** means the role can remain unassigned if no one needs to fill it immediately
    * **Allow multiple users** means more than one user can hold the same Incident Role at the same time

    These options are useful when a responsibility is either not always required or is often shared across multiple responders.
  </Accordion>

  <Accordion title="How do Default Tasks work?" icon="list-check">
    Default Tasks are created automatically when the related Incident Role is assigned during an incident.

    They are useful for standardizing recurring work, such as:

    * Posting updates
    * Reviewing logs
    * Coordinating communications
    * Following predefined response steps

    Changes to Default Tasks generally apply to future assignments. Tasks that already exist on an incident usually remain unchanged unless someone updates them manually.
  </Accordion>

  <Accordion title="How does on-call role assignment work?" icon="clock">
    If an Incident Role is configured to use an on-call source, Rootly assigns the user who is actively on-call at the time the team is attached to the incident.

    Supported sources can include:

    * A schedule
    * A team on-call setup
    * An escalation policy

    When a matching on-call user is found, they are assigned to the role and added to the incident channel.
  </Accordion>

  <Accordion title="Does assigning a role also notify or page the user?" icon="bell">
    Not always. Role assignment and paging are separate actions.

    * **Role assignment** gives the user responsibility within the incident
    * **Paging and notifications** depend on a configured [Workflow](/workflows)

    If you want assigned users to be alerted automatically, make sure the Workflow conditions and actions are configured for that behavior.
  </Accordion>

  <Accordion title="Why wasn’t someone assigned to a role?" icon="triangle-exclamation">
    This usually happens because of a configuration issue or because no matching user was available at the time of assignment.

    Common reasons include:

    * The team was not attached to the incident
    * The Incident Role mapping is not configured correctly
    * No eligible team member matched the role
    * No active on-call user matched the configured source
    * The wrong schedule, team, or escalation policy is connected

    The fastest way to validate your setup is to create a test incident and attach the configured team.
  </Accordion>

  <Accordion title="Can one person have multiple Incident Roles?" icon="user-gear">
    Yes. A single user can hold multiple Incident Roles if your configuration supports it.

    This is especially useful for:

    * Smaller teams
    * Lightweight incidents
    * Situations where one responder needs to cover multiple responsibilities
  </Accordion>
</AccordionGroup>


# Overview
Source: https://docs.rootly.com/managing-teams/managing-teams

Create and manage teams in Rootly for on-call schedules, alert routing, Slack automation, escalation policies, and third-party imports.

In Rootly, **Teams** represent groups of users responsible for a specific department, service, or product within your organization. Teams provide the organizational structure used to manage on-call coverage, route alerts, and configure team-specific workflows across the platform.

<Frame>
  <img alt="Clean Shot2026 03 30at20 53 21@2x" />
</Frame>

## What Teams Can Do

Teams in Rootly enable you to:

* **Own On-Call Schedules and Escalation Policies**\
  Teams manage their own on-call rotations and escalation policies through Rootly On-Call.
* **Route Alerts to the Right Responders**\
  Alerts from integrated monitoring tools or email sources can be routed directly to teams to ensure the correct responders are notified immediately.
* **Configure Slack Automation**\
  Teams can be mapped to specific Slack channels and user groups, enabling automated notifications, incident collaboration, and response workflows.

## Managing Teams

Teams can be created and managed directly in the Rootly web interface, where you can assign members, configure team settings, and manage access.

Rootly also supports importing teams from third-party platforms to simplify migrations and maintain existing team structures.

### Supported Imports

* **PagerDuty**
* **Opsgenie**

Additional integrations and migration options will continue to be added.

## Frequently Asked Questions

### Team Membership

<AccordionGroup>
  <Accordion title="Can users belong to multiple teams?" icon="users">
    Yes. Users can belong to multiple teams in Rootly.

    Each team membership has its own:

    * **Role** (Owner, Admin, Member, etc.)
    * **On-Call Role**
    * **Permissions**

    Users can switch teams using the **team selector** in the navigation bar.

    <Callout icon="info">
      **Team Switching:** When users switch teams, they only see the data, incidents, and configurations for that team.
    </Callout>
  </Accordion>

  <Accordion title="How do permissions work across teams?" icon="shield-check">
    Permissions in Rootly are **team-scoped**.

    This means:

    * Roles apply only within a specific team
    * Permissions in one team do not affect another
    * Users can have different roles across teams

    Example: A user could be an **Owner** in Engineering but a **Member** in Operations.
  </Accordion>

  <Accordion title="How do I manage team members?" icon="user-cog">
    Team members can be managed through:

    * **Web UI:** Settings → Teams → Members
    * **Email Invitations**
    * **SCIM provisioning** when SSO is enabled
    * **API** for programmatic management
  </Accordion>

  <Accordion title="Can I restrict access by email domain?" icon="mail">
    Yes. Teams can restrict membership to specific **email domains**.

    To configure this:

    1. Navigate to **Settings → Team Settings**
    2. Configure the **Email Domains** restriction
    3. Only users with matching domains can be added
  </Accordion>
</AccordionGroup>

***

### Teams & Organizational Structure

<AccordionGroup>
  <Accordion title="What's the difference between Teams and Groups?" icon="layers">
    **Teams** are top-level organizational units that contain users, schedules, alerts, and configurations.

    **Groups** are sub-units within a team used for:

    * On-call rotations
    * Alert routing
    * Incident assignment
    * Slack channel mapping

    Think of it as:

    **Teams = organizations**\
    **Groups = sub-teams within that organization**
  </Accordion>

  <Accordion title="Can teams share resources or data?" icon="database">
    No. Teams are **fully isolated**.

    Each team has its own:

    * Incident data
    * Alerts and action items
    * Configuration settings
    * On-call schedules
    * Alert routing rules

    Users must be explicitly added to each team to access it.
  </Accordion>

  <Accordion title="Can teams have different configurations?" icon="sliders">
    Yes. Each team can configure its own settings including:

    * AI features
    * Alert routing
    * Incident workflows
    * Sub-statuses
    * Retrospective templates
    * Integrations
    * Time zones

    This allows teams to operate independently.
  </Accordion>

  <Accordion title="What's the difference between a team and an escalation policy?" icon="alarm">
    A **Team** is the organizational container that includes users, schedules, and configuration.

    An **Escalation Policy** defines **how alerts notify responders within that team**, including:

    * Who gets notified
    * Escalation order
    * Notification timing
    * Notification methods
  </Accordion>
</AccordionGroup>

***

### Team Management

<AccordionGroup>
  <Accordion title="Can I change a team's name or settings later?" icon="edit">
    Yes. Team settings can be updated at any time.

    You can modify:

    * Team name
    * Time zone
    * Email domain restrictions
    * Feature configurations
    * Team logo and branding

    All settings are available under **Settings → Team Settings**.
  </Accordion>

  <Accordion title="What happens when a team is deleted?" icon="trash">
    Teams are **soft deleted** rather than permanently removed.

    When a team is deleted:

    * Historical incident data is preserved
    * Users immediately lose access
    * Integrations are disconnected

    <Callout icon="warning">
      **Important:** Team deletion is irreversible. Ensure you export any required data beforehand.
    </Callout>
  </Accordion>

  <Accordion title="Can I duplicate a team?" icon="copy">
    Yes. Teams can be duplicated to quickly create similar team structures.

    Duplication can include:

    * Team settings
    * Schedules and escalation policies
    * Groups and configurations
    * Optional user memberships
  </Accordion>

  <Accordion title="How many teams can I create?" icon="hash">
    The number of teams available depends on your **Rootly plan**.

    You can review limits in **Settings → Billing** or contact your account manager.
  </Accordion>
</AccordionGroup>

***

### Migrations & Integrations

<AccordionGroup>
  <Accordion title="How do I migrate teams from PagerDuty or Opsgenie?" icon="arrow-right">
    Rootly provides migration tools to import your existing team structure.

    Supported imports include:

    **PagerDuty**

    * Teams
    * Users
    * Schedules
    * Escalation policies
    * On-call rotations

    **Opsgenie**

    * Teams
    * Schedules
    * Routing rules
    * Escalation policies

    <Card title="Migration Guide" icon="book-open" href="../on-call/pagerduty-migration#pagerduty-migration">
      Learn more about migrating from PagerDuty or Opsgenie
    </Card>
  </Accordion>

  <Accordion title="How do I configure Slack channels for teams?" icon="slack">
    Slack channels can be configured in two ways:

    1. **Team-level mapping** for default notifications
    2. **Group-level mapping** for more granular routing

    To configure:

    1. Navigate to **Settings → Integrations → Slack**
    2. Configure team-level settings
    3. Map groups to Slack channels

    <Card title="Slack Integration" icon="slack" href="/integrations/slack">
      Learn more about configuring Slack for teams
    </Card>
  </Accordion>

  <Accordion title="Can teams create status pages?" icon="globe">
    Yes. Teams can manage their own **public or private status pages**.

    Status pages support:

    * Custom domains
    * Service components
    * Incident communication templates
    * Automated updates

    <Card title="Status Pages" icon="globe" href="/configuration/status-pages">
      Learn more about creating and managing status pages
    </Card>
  </Accordion>
</AccordionGroup>


# Viewing Teams
Source: https://docs.rootly.com/managing-teams/viewing-teams

View, search, and navigate the teams available in your Rootly organization, including team membership, on-call coverage, and owned services.

The **Teams** dashboard gives you a centralized view of the teams available in your Rootly organization. From this page, you can see the teams you belong to, review basic team information, and switch between team workspaces.

In Rootly, teams act as separate operational workspaces. Each team maintains its own configuration, users, schedules, alerts, integrations, and incident-related settings. This separation helps organizations keep ownership, response workflows, and configuration clearly scoped to the appropriate team.

If you work across multiple teams, the Teams dashboard makes it easy to move between them and quickly understand which workspace you are currently viewing.

## Open the Teams Dashboard

To open the Teams dashboard:

1. In the Rootly navigation bar, open **Configuration**
2. Select **Teams**

<Frame>
  <img alt="Clean Shot2026 03 30at20 59 09@2x" />
</Frame>

Once opened, the page displays the teams you belong to in your current organization.

## Teams Dashboard Overview

The Teams dashboard presents each available team as a separate card, making it easy to scan and navigate your team structure.

Each team card includes:

* **Team name**, which you can click to switch into that team
* **Team member avatars**, showing the first few users in the team
* A **“+ X more”** indicator when additional users belong to the team beyond those shown on the card

This layout is designed to give you a quick, lightweight overview of your available teams without requiring you to open each one individually.

<Callout icon="info">
  If you only belong to one team, Rootly automatically opens that team’s dashboard instead of showing the Teams list first.
</Callout>

## Switching Teams

If you belong to more than one team, you can switch between them directly from the Teams dashboard.

To switch teams:

1. Open the **Teams** dashboard
2. Click the **team name** for the team you want to view

Rootly immediately switches your active workspace to that team and redirects you to the selected team’s dashboard.

This allows you to move between operational contexts without leaving the product or manually reconfiguring your view.

<Callout icon="info">
  Each team has its own incidents, alerts, users, integrations, and configuration settings. When you switch teams, you are changing the active workspace context.
</Callout>

<Callout icon="warning">
  You cannot switch to teams that have been disabled.
</Callout>

## Team Selector

You can also switch teams from the **team selector** in the top-left navigation menu.

The team selector provides a faster way to move between teams without returning to the Teams dashboard. It displays:

* Your **current team**
* Other teams you belong to
* Teams sorted alphabetically for easier navigation

Selecting a team from this menu immediately switches your active workspace.

This is especially helpful for users who frequently work across multiple teams and need a quick way to move between configurations, incidents, and operational responsibilities.

## Why Team Context Matters

Because teams in Rootly operate as separate workspaces, the team you are currently viewing affects the data and settings available to you.

For example, the selected team determines which:

* incidents you see
* users and memberships are active
* schedules and escalation policies are available
* integrations and ownership settings apply

Understanding which team you are currently in is important when reviewing incident data, updating configuration, or making operational changes.


# Managing Invitations
Source: https://docs.rootly.com/managing-users/invitations

View, resend, and delete pending Rootly invitations from Organization Settings to manage who can join your workspace before they accept their invite.

The **Invitations** page lets you manage pending invitations for users who have not yet joined your Rootly organization. From here, you can review invitation details, resend an invitation email, or remove an invitation that is no longer needed.

<Callout icon="info">
  Invitation emails are sent automatically when an invitation is created. If a recipient does not receive the email, you can resend it from the Invitations page.
</Callout>

## Access the Invitations Page

<Steps>
  <Step title="Open Organization Settings">
    In the top-left corner, click the drop-down next to your organization name and select **Organization Settings**.
  </Step>

  <Step title="Navigate to Invitations">
    Select **[Invitations](https://rootly.com/account/invitations)** to view all pending invitations.

    The table shows each invitation’s:

    * **Email**
    * **Incident Response role**
    * **On-Call role**
    * **Sent date**
    * **Invited by**

      <img alt="" />
  </Step>

  <Step title="Manage a pending invitation">
    Hover over an invitation row to access available actions:

    * **Resend** to send the invitation email again
    * **Delete** to remove the invitation

    <Callout icon="warning">
      Invitations cannot be edited. To change the email address or assigned roles, delete the invitation and create a new one.
    </Callout>
  </Step>
</Steps>

## What You Can Do

From the Invitations page, you can:

<CardGroup>
  <Card title="View Pending Invitations" icon="list">
    See all outstanding invitations and review the roles assigned to each recipient.
  </Card>

  <Card title="Resend Invitations" icon="paper-plane">
    Send the invitation email again if the original message was not received.
  </Card>

  <Card title="Delete Invitations" icon="trash">
    Remove invitations that are no longer needed.
  </Card>

  <Card title="Review Assigned Roles" icon="user-shield">
    Confirm which Incident Response and On-Call roles will be assigned when the invitation is accepted.
  </Card>
</CardGroup>

## How Invitations Work

When you invite a user to Rootly:

1. An invitation email is sent to the specified email address
2. The recipient opens the invitation link
3. After accepting, the user joins the organization with the assigned roles
4. The invitation is removed from the pending list

If no roles are specified when the invitation is created, the team’s default roles are applied.

<Callout icon="info">
  Invitations are tied to the invited email address. The recipient must accept the invitation using that email.
</Callout>

## Best Practices

* Double-check email addresses before sending invitations
* Assign roles carefully to avoid unnecessary permission changes later
* Resend invitations before creating duplicates
* Periodically remove stale invitations that are no longer needed

## Troubleshooting

<AccordionGroup>
  <Accordion title="The user did not receive the invitation email" icon="mail">
    Verify the email address is correct, ask the recipient to check their spam or junk folder, and resend the invitation if needed.
  </Accordion>

  <Accordion title="The invited user cannot accept the invitation" icon="triangle-alert">
    Confirm the user is signing in with the same email address that received the invitation. If the invitation was deleted or already accepted, create a new one.
  </Accordion>

  <Accordion title="I need to change the email address or assigned roles" icon="file-pen">
    Invitations cannot be edited. Delete the existing invitation and create a new one with the correct details.
  </Accordion>
</AccordionGroup>

## Related Documentation

<CardGroup>
  <Card title="Inviting Users" icon="user-plus" href="/managing-users/inviting-users-via-web-ui">
    Learn how to create new invitations.
  </Card>

  <Card title="Managing Users" icon="user-gear" href="/managing-users/managing-users">
    Learn how to manage existing organization members.
  </Card>

  <Card title="User Roles" icon="user-shield" href="/managing-teams/incident-roles">
    Understand Incident Response and On-Call roles.
  </Card>

  <Card title="Manage User Permissions" icon="shield-check" href="/managing-users/user-permissions">
    Learn how permissions are controlled across teams and products.
  </Card>
</CardGroup>


# Inviting Users via Third-Party Integrations
Source: https://docs.rootly.com/managing-users/inviting-users-via-third-party-integrations

Invite users to Rootly directly from supported integrations such as Slack, Microsoft Teams, Opsgenie, PagerDuty, and Splunk On-Call to onboard quickly.

You can invite users directly from supported third-party integrations to quickly onboard your team without manually entering email addresses.

Rootly currently supports inviting users from:

* **Slack**
* **Opsgenie**
* **PagerDuty**
* **Splunk On-Call (formerly VictorOps)**

<Callout icon="info">
  The integration must be configured before users can be imported or invited.
</Callout>

## Invite Users from an Integration

<Steps>
  <Step title="Open Organization Settings">
    In the top-left corner, click the drop-down next to your organization name and select **Organization Settings**.

    <img alt="Invite Member buttons." />
  </Step>

  <Step title="Open the integration invite flow">
    Select **[Members](https://rootly.com/account/memberships)**, then choose **Invite from \[Integration]**.

    Depending on the integrations configured for your organization, you may see:

    * **Invite from Slack**
    * **Invite from Opsgenie**
    * **Invite from PagerDuty**
    * **Invite from Splunk On-Call**
  </Step>

  <Step title="Select users">
    Rootly loads a list of users from the selected integration.

    Use the search field to filter users by name or email (or username for Opsgenie).

    <img alt="Invite Slack Users modal" />
  </Step>

  <Step title="Send invitations">
    Select the users you want to invite and click **Invite**.

    Invitation emails are sent automatically to the selected users.
  </Step>
</Steps>

## Role Assignment

Users invited through third-party integrations are assigned roles the same way as standard invitations.

You can assign:

* **Incident Response roles** for incident management permissions
* **On-Call roles** for schedules, alerting, and escalation workflows

If roles are not selected during invitation, Rootly applies your team’s **default roles**.

<Callout icon="info">
  Configure default roles in **Organization Settings** to standardize permissions for new users.
</Callout>

## Integration Behavior

### Slack

Slack invitations may be limited by your configured **email domain restrictions**.

If your organization restricts invitations by email domain, only Slack users with matching email addresses will appear in the list.

### PagerDuty, Opsgenie, and Splunk On-Call

Users are pulled from the connected integration account. If expected users do not appear, verify the integration connection and permissions.

## Browsing and Searching Users

The integration user list supports:

* **Search** to filter users by name, email, or username
* **Pagination** for navigating large user lists
* **Sorting** by user name

This helps you quickly locate users in large organizations.

## User Acceptance and Sign-Up

After an invitation is sent, the user receives an email with a link to join your Rootly organization.

Accepting the invite takes them to the sign-up page:

<img alt="Rootly sign up form" />

Users can sign in using:

* **Google**
* **Slack**
* **SSO**
* **Email and password**

Passwords must include:

* At least **10 characters**
* One **lowercase letter**
* One **uppercase letter**
* One **number**
* One **special character**

After completing sign-up, the user is added to your organization with the assigned roles.

## Best Practices

* Confirm integrations are configured before inviting users
* Review your default role configuration before onboarding users
* Use integration-based invitations to onboard large teams faster
* Use search to locate specific users in large integration lists

## Troubleshooting

<AccordionGroup>
  <Accordion title="The integration invite option does not appear" icon="plug">
    Ensure the integration is configured and connected in **Organization Settings → Integrations**.
  </Accordion>

  <Accordion title="No users appear in the list" icon="users">
    Verify the integration connection and permissions. If the integration cannot access user data, the list may appear empty.
  </Accordion>

  <Accordion title="Some Slack users are missing" icon="slack">
    Slack user visibility may depend on your configured email domains. Only users with matching domains may appear.
  </Accordion>

  <Accordion title="An invitation failed" icon="triangle-alert">
    Invitations may fail if the email address is invalid, the user is already a member, or a duplicate invitation already exists.
  </Accordion>

  <Accordion title="I cannot assign roles when inviting" icon="user-shield">
    Role assignment depends on your organization permissions and configuration. If roles are not set, default roles will be applied automatically.
  </Accordion>
</AccordionGroup>

## Related Documentation

<CardGroup>
  <Card title="Inviting Users" icon="envelope" href="/managing-users/inviting-users-via-web-ui">
    Invite users manually by entering email addresses.
  </Card>

  <Card title="Managing Invitations" icon="paper-plane" href="/managing-users/invitations">
    View, resend, or delete pending invitations.
  </Card>

  <Card title="Slack Integration" icon="slack" href="/integrations/slack">
    Configure Slack for user imports and collaboration.
  </Card>

  <Card title="PagerDuty Integration" icon="plug" href="/integrations/pagerduty">
    Configure PagerDuty before inviting users from it.
  </Card>
</CardGroup>


# Inviting Users
Source: https://docs.rootly.com/managing-users/inviting-users-via-web-ui

Invite new users to your Rootly organization through the web UI and assign Incident Response or On-Call roles, team memberships, and permissions.

Use invitations to add new users to your Rootly organization. You can invite one or more users at a time, assign roles during invitation, and let users join using the sign-in method configured for your organization.

<Callout icon="info">
  Invitation emails are sent automatically after you create an invitation.
</Callout>

<Callout icon="lightbulb">
  You can invite multiple users at once by entering more than one email address in the invite flow.
</Callout>

## Invite Users

<Steps>
  <Step title="Open Organization Settings">
    In the top-left corner, click the drop-down next to your organization name and select **Organization Settings**.
  </Step>

  <Step title="Open the invite flow">
    Select **[Members](https://rootly.com/account/memberships)**, then click **+ Invite Member**.

    <img alt="Invite members modal." />
  </Step>

  <Step title="Enter email addresses and assign roles">
    Enter one or more email addresses for the users you want to invite.

    You can separate multiple email addresses using:

    <Tip>
      **Commas**

      [maria@candly.org](mailto:maria@candly.org),[tim@candly.org](mailto:tim@candly.org),[kirija@candly.org](mailto:kirija@candly.org)

      **New lines**

      [maria@candly.org](mailto:maria@candly.org)

      [tim@candly.org](mailto:tim@candly.org)

      [kirija@candly.org](mailto:kirija@candly.org)

      **Spaces**

      [maria@candly.org](mailto:maria@candly.org) [tim@candly.org](mailto:tim@candly.org) [kirija@candly.org](mailto:kirija@candly.org)
    </Tip>

    You can optionally assign:

    * **Incident Response role**
    * **On-Call role**

    When inviting multiple users at once, the selected roles apply to all invited users in that batch.

    If no role is selected, the team’s default role is applied.

    <img alt="Default Incident Response Role field." />
  </Step>

  <Step title="Send the invitation">
    Click **Invite** to send the invitation email.
  </Step>
</Steps>

## What You Can Do

From the invite flow, you can:

<CardGroup>
  <Card title="Invite One or More Users" icon="users">
    Add a single user or invite multiple users at the same time.
  </Card>

  <Card title="Assign Roles" icon="user-shield">
    Set Incident Response and On-Call roles during invitation.
  </Card>

  <Card title="Use Default Roles" icon="settings">
    Allow Rootly to apply your team’s default roles when no role is selected.
  </Card>

  <Card title="Streamline Onboarding" icon="mail-check">
    Send users directly into the account creation or sign-in flow.
  </Card>
</CardGroup>

## Role Assignment

You can assign roles during invitation to control what access a user receives after joining.

* **Incident Response roles** control access to incidents, workflows, retrospectives, and related configuration
* **On-Call roles** control access to schedules, escalation policies, alerting, and responder workflows

If a role is not selected, Rootly assigns the team’s default role for that product.

<Callout icon="info">
  Configure default roles in **Organization Settings** to standardize access for new users.
</Callout>

<Callout icon="warning">
  Ensure you have available seats for the roles you’re assigning. If seats are limited, some roles may be unavailable.
</Callout>

## Email Requirements

Invitations require valid email addresses that meet your organization’s requirements.

* **Valid format**
* **Not already a member**
* **Allowed email domain**, if your organization restricts invitations by domain

<Callout icon="info">
  Rootly validates email addresses during invitation creation. Invalid addresses will return an error.
</Callout>

## User Acceptance and Sign-Up

After an invitation is sent, the user receives an email with a link to join your organization.

When they open the invitation, they can complete sign-up using one of the methods available in your environment, such as:

* **Google**
* **Slack**
* **SSO**
* **Email and password**

<img alt="Rootly sign up form." />

If the user signs up with email and password, the password must include:

* At least **10 characters**
* One **lowercase** letter
* One **uppercase** letter
* One **number**
* One **special character**

Once sign-up is complete, the user is added to your organization with the assigned roles.

## Bulk Invitations

When you invite multiple users at once, Rootly processes invitations in batches.

* Invitations may take longer to appear for larger batches
* Individual errors do not prevent valid invitations from being created
* You can review progress from the **Invitations** page

<Callout icon="info">
  Large invitation batches may take a few minutes to complete.
</Callout>

## Who Can Send Invitations?

Invitation access depends on the user’s assigned permissions.

* **Owners** can send invitations
* **Admins** can send invitations
* **On-Call Admins** may be able to assign On-Call access, depending on configuration

<Callout icon="info">
  Contact your team administrator if you do not have permission to invite users.
</Callout>

## Best Practices

* Configure default roles before inviting users with standard access needs
* Double-check email addresses before sending invitations
* Assign roles during invitation to reduce manual updates later
* Use bulk invitations when onboarding multiple users at once
* Review pending invitations and resend or remove them as needed

## Troubleshooting

<AccordionGroup>
  <Accordion title="The user did not receive the invitation email" icon="mail">
    Confirm the email address is correct, ask the user to check spam or junk folders, and resend the invitation if needed.
  </Accordion>

  <Accordion title="I need to change the assigned role or email address" icon="file-pen">
    Invitations cannot be edited after they are sent. Delete the pending invitation and create a new one with the correct details.
  </Accordion>

  <Accordion title="The user cannot accept the invitation" icon="triangle-alert">
    Make sure the user is signing in with the same email address that received the invitation. If the invitation is no longer valid, send a new one.
  </Accordion>

  <Accordion title="Cannot assign certain roles" icon="user-shield">
    This usually means your plan has reached its seat limit for that role type, or you do not have permission to assign that role.
  </Accordion>

  <Accordion title="Email validation fails" icon="envelope">
    The email may be invalid, already belong to an existing member, or fail your organization’s domain restrictions.
  </Accordion>

  <Accordion title="Bulk invitation is slow" icon="clock">
    Large invitation batches may take time to process. Check the Invitations page to review progress.
  </Accordion>
</AccordionGroup>

## Related Documentation

<CardGroup>
  <Card title="Managing Invitations" icon="paper-plane" href="/managing-users/invitations">
    View, resend, or delete pending invitations.
  </Card>

  <Card title="Managing Users" icon="user-gear" href="/managing-users/managing-users">
    Manage existing users in your organization.
  </Card>

  <Card title="User Roles" icon="user-shield" href="/managing-teams/incident-roles">
    Learn more about Incident Response and On-Call roles.
  </Card>

  <Card title="Manage User Permissions" icon="shield-check" href="/managing-users/user-permissions">
    Understand how permissions are controlled across teams and products.
  </Card>
</CardGroup>


# Manage Users
Source: https://docs.rootly.com/managing-users/managing-users

View and manage Rootly organization members, including their contact information, roles, team memberships, and integration linkage statuses across providers.

The **Members** page gives you a centralized view of everyone in your Rootly organization. From here, you can review member details, check connected integrations, and manage access and roles.

<Callout icon="info">
  Contact information such as phone numbers and device status may only be visible to **Owners**, **Admins**, or users with the appropriate contact-viewing permissions.
</Callout>

## Access the Members Page

<Steps>
  <Step title="Open Organization Settings">
    In the top-left corner, click the drop-down next to your organization name and select **Organization Settings**.
  </Step>

  <Step title="Navigate to Members">
    Select **[Members](https://rootly.com/account/memberships)**.
  </Step>

  <Step title="View and manage users">
    The Members table displays all active users along with their:

    * **Name**
    * **Email**
    * **Phone number**
    * **Mobile device status**
    * **Slack connection status**
    * **Incident response role**
    * **On-call role**

    Hover over a user row to access quick actions, or open a member to update their details.
  </Step>
</Steps>

## What You Can Do

From the Members page, you can:

<CardGroup>
  <Card title="Manage Roles" icon="user-pen">
    Update incident response and on-call roles for members in your organization.
  </Card>

  <Card title="Review Contact Details" icon="phone">
    View member contact information used for alerts and escalations, based on your permissions.
  </Card>

  <Card title="Check Integrations" icon="plug">
    See whether users have connected Slack or registered a mobile device.
  </Card>

  <Card title="Remove Access" icon="user-minus">
    Remove users who no longer need access to your Rootly organization.
  </Card>

  <Card title="Search and Filter" icon="magnifying-glass">
    Quickly find members by name, email, role, or connection status.
  </Card>

  <Card title="Export Members" icon="download">
    Export your member list for reporting or administrative review.
  </Card>
</CardGroup>

## Understand Member Information

### Contact Information

Each member record may include:

* **Email**: The member’s primary email address
* **Phone number**: Used for SMS or voice notifications
* **Mobile device status**: Indicates whether the member has connected a mobile device for push notifications

<Callout icon="warning">
  Phone numbers and device status may be restricted based on your role and organization permissions.
</Callout>

### Integration Status

The Members table also shows whether a user has connected:

* **Slack**
* **A mobile device**

These statuses help confirm whether members are ready to receive notifications through the expected channels.

### Roles

Each member can have separate roles for:

* **Incident response**, which determines access to incident management features
* **On-call**, which determines access to on-call schedules, escalations, and alerting workflows

## Manage Users

### Edit roles

To update a user’s role:

1. Hover over the member row or open the member record
2. Select **Edit**
3. Update the user’s **Incident Response Role** or **On-Call Role**
4. Save your changes

### Remove a user

To remove a member from the organization:

1. Hover over the member row
2. Select **Delete** or use the actions menu
3. Confirm the removal

<Callout icon="warning">
  Removing a user immediately revokes their access to the organization.
</Callout>

### Search and filter

Use search and filters to find members by:

* Name
* Email
* Slack connection status
* Mobile device status
* Incident response role
* On-call role

## Export Member Data

You can export the Members table for reporting or operational review.

1. Click **Export**
2. Choose your preferred format
3. Download the exported file

The exported data includes the member information visible to you based on your permissions.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can users belong to multiple teams?" icon="users">
    Yes. Users can belong to multiple teams in Rootly, and each team membership can have its own roles and permissions.
  </Accordion>

  <Accordion title="What's the difference between Incident Response Role and On-Call Role?" icon="user-shield">
    **Incident Response Role** controls access to incident-related workflows and features. **On-Call Role** controls access to schedules, escalations, and alerting workflows.
  </Accordion>

  <Accordion title="Why can't I see phone numbers for some users?" icon="phone">
    Phone numbers and device status may be hidden if you do not have the required permissions to view contact information.
  </Accordion>

  <Accordion title="What happens when I remove a user?" icon="user-minus">
    Removing a user immediately revokes their access to the organization. Historical data may still remain for auditing or reporting purposes.
  </Accordion>

  <Accordion title="Why does Slack show as not connected?" icon="plug">
    This usually means the user has not connected their Slack account, or the Slack integration is not fully configured for the organization.
  </Accordion>

  <Accordion title="Can I export the member list?" icon="file-export">
    Yes. You can export the Members table using the **Export** option, subject to the data visible to you based on your permissions.
  </Accordion>
</AccordionGroup>

## Related Documentation

<CardGroup>
  <Card title="User Roles" icon="user-shield" href="/managing-teams/incident-roles">
    Learn more about incident response and on-call roles.
  </Card>

  <Card title="Inviting Users" icon="user-plus" href="/managing-users/inviting-users-via-web-ui">
    Learn how to add new users to your organization.
  </Card>

  <Card title="Slack Integration" icon="slack" href="/integrations/slack">
    Configure Slack for incident response and notifications.
  </Card>

  <Card title="Mobile App" icon="mobile-screen-button" href="/on-call/mobile-app">
    Learn how the Rootly mobile app supports notifications and response.
  </Card>
</CardGroup>


# Manage User Permissions
Source: https://docs.rootly.com/managing-users/user-permissions

Control access in Rootly with team-scoped roles for Incident Response and On-Call, with configurable permission sets and custom role definitions.

## Overview

Permissions in Rootly are managed through **roles**, which determine what actions a user can perform within a team. Roles are intentionally **team-scoped** and **product-specific**, giving organizations fine-grained control over access.

Each team membership assigns **two roles** to a user:

* An **Incident Response role**, which governs incident creation, management, configuration, and analytics.
* An **On-Call role**, which governs alerting, paging, schedules, escalation policies, and responder workflows.

This separation allows teams to model real-world responsibilities. For example, a user may participate in incidents without being on-call, or be on-call without having permission to administer incident configuration.

When a user is added to a team, Rootly automatically assigns the team’s default roles for both Incident Response and On-Call. These defaults can be adjusted by administrators at any time.

<Note>
  Permissions are evaluated per team. A user may have different access levels across different teams within the same Rootly workspace.
</Note>

***

### Default Roles

Rootly ships with system-defined roles for both Incident Response and On-Call. These roles are created automatically for every team and cannot be deleted. Some roles are editable, while others are intentionally fixed.

#### Incident Response Roles

Incident Response includes the following default roles:

* Owner
* Admin
* User
* Observer
* No Access

<AccordionGroup>
  <Accordion icon="crown" title="Owner">
    Owners have full access to Incident Response. They can configure incident settings, manage workflows and integrations, access all incident data (including private incidents), and administer platform-level features such as billing.

    This role is typically reserved for platform owners or the core incident management team.
  </Accordion>

  <Accordion icon="shield-check" title="Admin">
    Admins can configure and manage most Incident Response features, including incident properties, workflows, retrospectives, and integrations.

    This role is ideal for teams responsible for maintaining and improving incident processes.
  </Accordion>

  <Accordion icon="user" title="User">
    Users are standard incident participants. They can respond to incidents, update incident details, assign roles, and collaborate during active incidents without having broad administrative permissions.
  </Accordion>

  <Accordion icon="eye" title="Observer">
    Observers primarily have read access but can still create incidents. This makes the role suitable for cross-functional teams such as support, operations, or customer success who need visibility into incidents.
  </Accordion>

  <Accordion icon="ban" title="No Access">
    No Access removes Incident Response permissions entirely for the team. This is useful when a user only needs On-Call access or should not interact with incidents in a given team.
  </Accordion>
</AccordionGroup>

***

#### On-Call Roles

On-Call includes a separate set of default roles:

* Admin
* User
* Observer
* No Access

In addition, On-Call supports **Custom roles** for more granular control.

<AccordionGroup>
  <Accordion icon="shield-check" title="Admin">
    On-Call Admins can manage schedules, escalation policies, routing rules, alert sources, and advanced features such as Live Call Routing and Heartbeats.

    They can also perform bulk actions on alerts, including changing alert status, marking alerts as noise, or deleting alerts.
  </Accordion>

  <Accordion icon="bell" title="User">
    On-Call Users are standard responders. They receive alerts, acknowledge them, resolve incidents, and participate in on-call rotations.
  </Accordion>

  <Accordion icon="eye" title="Observer">
    On-Call Observers have limited access but can typically initiate paging. This role is commonly used for teams that need to trigger alerts without managing on-call configuration.
  </Accordion>

  <Accordion icon="ban" title="No Access">
    No Access removes all On-Call permissions for the team. Users with this role will not receive alerts or interact with paging features.
  </Accordion>

  <Accordion icon="sliders" title="Custom Roles">
    Custom roles allow teams to define precise On-Call access, such as allowing alert acknowledgement without permission to edit schedules or escalation policies.
  </Accordion>
</AccordionGroup>

<Callout icon="info">
  On-Call does not include an **Owner** role. Administrative control is handled through **Admin** and **Custom roles**.
</Callout>

***

## Permission Sets

Permission sets define **what actions a role can perform on a specific entity**. Each permission set typically includes some combination of:

* Create
* Read
* Update
* Delete

Not all entities support all actions. Some include specialized actions beyond standard CRUD behavior.

### Incident Response Permission Sets

| Entity            | Description                                                                                                                                     | Links & Examples                                                                                                 |
| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
| Alerts            | View and create alert events sent to Rootly from external sources. Alerts cannot be deleted. Status updates are handled by On-Call permissions. | [https://rootly.com/account/alerts](https://rootly.com/account/alerts)                                           |
| API Keys          | Manage API tokens used to authenticate with Rootly APIs.                                                                                        |                                                                                                                  |
| Audits            | View the audit log of configuration and permission changes.                                                                                     | [https://rootly.com/account/audits](https://rootly.com/account/audits)                                           |
| Causes            | Manage incident cause classifications used for analysis and reporting.                                                                          | [https://rootly.com/account/causes](https://rootly.com/account/causes)                                           |
| Custom Fields     | Manage custom incident fields used to capture additional metadata.                                                                              | [https://rootly.com/account/form-fields](https://rootly.com/account/form-fields)                                 |
| Environments      | Manage environment labels used to categorize incidents.                                                                                         | [https://rootly.com/account/environments](https://rootly.com/account/environments)                               |
| Functionalities   | Manage functionality labels representing impacted features or systems.                                                                          | [https://rootly.com/account/functionalities](https://rootly.com/account/functionalities)                         |
| Incident Feedback | Manage feedback collected during or after incident resolution.                                                                                  |                                                                                                                  |
| Incident Roles    | Define roles assigned to responders during incidents.                                                                                           | [https://rootly.com/account/incident-roles](https://rootly.com/account/incident-roles)                           |
| Incident Types    | Manage categories used to classify incidents.                                                                                                   | [https://rootly.com/account/incident-types](https://rootly.com/account/incident-types)                           |
| Incidents         | Manage public incident records, including status, severity, roles, and impacted services.                                                       | [https://rootly.com/account/incidents](https://rootly.com/account/incidents)                                     |
| Integrations      | Manage native integrations with external systems.                                                                                               | [https://rootly.com/account/integrations](https://rootly.com/account/integrations)                               |
| Invitations       | Invite users to join your Rootly workspace.                                                                                                     | [https://rootly.com/account/invitations](https://rootly.com/account/invitations)                                 |
| Playbooks         | Manage playbooks used during incidents.                                                                                                         | [https://rootly.com/account/playbooks](https://rootly.com/account/playbooks)                                     |
| Private Incidents | Manage private incidents with restricted visibility.                                                                                            |                                                                                                                  |
| Pulses            | Manage CI/CD and deployment events sent to Rootly.                                                                                              | [https://rootly.com/account/pulses](https://rootly.com/account/pulses)                                           |
| Retrospective     | Manage retrospective processes and templates.                                                                                                   | [https://rootly.com/account/retrospective-processes](https://rootly.com/account/retrospective-processes)         |
| Roles             | Manage Incident Response roles and permissions.                                                                                                 | [https://rootly.com/account/roles](https://rootly.com/account/roles)                                             |
| Teams             | Manage teams participating in incidents.                                                                                                        | [https://rootly.com/account/teams](https://rootly.com/account/teams)                                             |
| Secrets           | Manage secrets used securely in workflows.                                                                                                      | [https://rootly.com/account/secrets](https://rootly.com/account/secrets)                                         |
| Services          | Manage services associated with incidents.                                                                                                      | [https://rootly.com/account/services](https://rootly.com/account/services)                                       |
| Severities        | Manage severity levels used to classify incidents.                                                                                              | [https://rootly.com/account/severities](https://rootly.com/account/severities)                                   |
| Status Pages      | Manage Rootly-hosted status pages.                                                                                                              | [https://rootly.com/account/status-pages](https://rootly.com/account/status-pages)                               |
| Webhooks          | Manage outbound webhooks for incident and alert events.                                                                                         | [https://rootly.com/account/webhooks/outgoing/endpoints](https://rootly.com/account/webhooks/outgoing/endpoints) |
| Workflows         | Manage automation workflows triggered by incident events.                                                                                       | [https://rootly.com/account/workflows](https://rootly.com/account/workflows)                                     |

### On-Call Permission Sets

On-Call permission sets control **paging, alert handling, and responder operations**.\
These permissions determine how alerts are created, routed, escalated, acknowledged, and resolved, as well as who can configure the systems that support on-call coverage.

Unlike Incident Response permissions, On-Call permissions are focused on **real-time operational behavior** and responder availability.

| Entity                    | Description                                                                                                    |
| ------------------------- | -------------------------------------------------------------------------------------------------------------- |
| Alerts                    | Create, view, acknowledge, resolve, and re-trigger alerts. Controls the alert lifecycle once paging has begun. |
| Alert Groups              | Manage alert grouping rules used to reduce noise and consolidate related alerts.                               |
| Alert Sources             | Configure inbound alert sources and define how external alerts enter Rootly.                                   |
| Alert Routing Rules       | Define routing logic that determines which team, service, or escalation policy an alert is sent to.            |
| Alert Urgencies           | Manage urgency levels that control escalation behavior and notification intensity.                             |
| Schedules                 | Manage on-call schedules and rotations that determine who is on duty at any given time.                        |
| Schedule Overrides        | Create temporary overrides to adjust on-call coverage outside of normal rotations.                             |
| Escalation Policies       | Configure escalation paths, levels, repeat behavior, and working-hours logic for paging.                       |
| Live Call Routing         | Manage inbound phone numbers, IVR calling trees, voicemail behavior, and live call escalation.                 |
| Heartbeats                | Configure heartbeat monitors used to detect when systems stop checking in.                                     |
| On-Call Roles             | Manage On-Call roles and permission assignments for team members.                                              |
| On-Call Readiness Reports | View and manage reports that assess coverage, responsiveness, and on-call health.                              |
| Services                  | Manage services used for alert routing and ownership in on-call workflows.                                     |
| Teams                     | Manage teams used as alert routing targets and on-call ownership groups.                                       |
| Integrations              | Manage alerting and paging integrations (monitoring tools, incident systems, etc.).                            |
| Webhooks                  | Manage outbound webhooks that emit alert and on-call events.                                                   |
| API Keys                  | Manage API tokens used for on-call and alerting integrations.                                                  |

<Info>
  On-Call permissions govern **who gets paged and how alerts behave**.\
  They are evaluated independently from Incident Response permissions, which control incident records, workflows, and retrospectives.
</Info>

***

## Best Practices

* Assign the minimum permissions required for each role.
* Use Observers to provide visibility without administrative access.
* Separate Incident Response administration from On-Call ownership where possible.
* Restrict Private Incident access to a small, trusted group.
* Clearly document Custom On-Call roles so future administrators understand their intent.

***

## Troubleshooting

<AccordionGroup>
  <Accordion icon="eye" title="A user can view alerts but cannot acknowledge or resolve them">
    This usually indicates missing On-Call permissions. Confirm the user’s On-Call role includes alert update access for the relevant team.
  </Accordion>

  <Accordion icon="calendar" title="A user can page but cannot edit schedules or escalation policies">
    Paging and configuration permissions are separate by design. Assign an On-Call role that includes schedule and escalation policy management if needed.
  </Accordion>

  <Accordion icon="lock" title="A user can see public incidents but not private incidents">
    Private incidents are controlled separately. Ensure the user’s Incident Response role includes **Private Incident** access for the team.
  </Accordion>

  <Accordion icon="abacus" title="Role changes fail or revert unexpectedly">
    This may occur when seat limits are reached or when role assignments are managed through external identity systems such as SCIM.
  </Accordion>

  <Accordion icon="arrow-down-up-across-line" title="A user has the correct role but still cannot perform an action">
    Confirm the user is operating in the correct team and that the permission applies to the correct product (Incident Response vs On-Call).
  </Accordion>
</AccordionGroup>


# Customizing Dashboards
Source: https://docs.rootly.com/metrics/customized-dashboards

Build custom metric dashboards with panel types, filters, groupings, multiple datasets, and export options for incident analytics.

Dashboards are meant to evolve.

As your organization’s incident response matures, the questions you ask will change—from **“How many incidents did we have?”** to **“Which teams are improving fastest?”** to **“Are we reducing time-to-mitigate for SEV0s in production?”**

This page walks through how to customize dashboards in Rootly—from building panels and applying advanced filters, to segmenting results, exporting data, and understanding how caching and permissions impact what you see.

***

# How metric panels work

A **panel** is the building block of every dashboard. Panels can be visual (charts), tabular (tables), or KPI-style (aggregate values). Every panel is defined by a combination of:

* **Display type** (how the data appears)
* **Collection** (what records the panel pulls from)
* **Filters** (which subset of data is included)
* **Aggregation operation** (how results are calculated)
* **Metric key** (what you’re measuring)
* **Grouping** (how results are segmented across categories)
* **One or more datasets** (for comparisons and multi-series charts)

Panels are intentionally modular. Instead of forcing you into rigid metric templates, Rootly separates how data is selected (collection + filters), how it is calculated (operation + key), and how it is displayed (panel type + grouping).

This separation makes dashboards composable. You can reuse the same dataset across different visualizations, compare variations of a metric side-by-side, or refine filters without redesigning the entire dashboard.

<Callout icon="sparkles">
  **Think in questions, not charts**

  A good panel starts with a question—then you pick the collection, filters, and metric that answer it. The chart type is the final step, not the first.
</Callout>

***

# Panel types

Rootly supports the following panel types:

* **Line chart**
* **Line stepped chart**
* **Column chart**
* **Stacked column chart**
* **Monitoring chart**
* **Pie chart**
* **Table**
* **Aggregate value**

Each panel type serves a different analytical purpose.

* **Line-based charts** are best for trend analysis.
* **Column charts** emphasize volume comparison.
* **Stacked columns** show composition within totals.
* **Pie charts** surface proportional distribution.
* **Tables** support operational review.
* **Aggregate values** highlight KPIs.

Choosing the right panel type is less about aesthetics and more about cognitive clarity. If the question is about trend, use time-based charts. If it’s about composition, use stacked visualizations. If it’s about accountability, use grouping.

<Callout icon="monitor-waveform">
  **Monitoring chart**

  Monitoring charts are optimized for time-series monitoring-style data visualization, but still use the same panel configuration model (datasets, filters, group-by, and export).
</Callout>

***

# Collections and access

Panels pull data from a **collection**. Which collections are available depends on your product access (seat type):

* **Alerts**
* **Incidents**
* **Retrospectives**
* **Action Items**
* **Users**

<Callout icon="id-badge">
  **Collections are seat-based**

  If you only have an **On-Call** seat, you’ll typically see **Alerts** collections. If you have an **Incident Response** seat, you’ll see additional collections such as **Incidents**, **Retrospectives**, **Action Items**, and **Users**.
</Callout>

***

# Add a metric panel

To add a panel:

1. Go to **Metrics** and open the dashboard you want to edit
2. Click **+ Add Panel**
3. Configure the panel (type, collection, filters, operation, key, etc.)
4. Click **Create**

***

## Example: Number of incidents (production-impacting)

<Callout icon="chart-column">
  **Example panel configuration**

  | Field       | Value                                                         |
  | :---------- | :------------------------------------------------------------ |
  | Title       | # of Incidents                                                |
  | Description | Count of production incidents across standard incident kinds. |
  | Type        | Aggregate value                                               |
  | Collection  | Incidents                                                     |
  | Filter by   | Kind = Normal, Kind = Normal sub, Kind = Backfilled           |
  | Operation   | Count                                                         |
  | Key         | Results                                                       |
</Callout>

***

# Edit panels

To edit a panel:

1. Open the dashboard in **Metrics**
2. Hover over the panel
3. Click **⋯**
4. Select **Settings**
5. Update configuration and click **Update**

<Callout icon="circle-check">
  **Validation happens on save**

  Rootly validates your configuration before saving. If you select an invalid key, operation, or filter condition, you’ll see a targeted error message so you can correct it immediately.
</Callout>

***

# Move and resize panels

Dashboards use a grid-based layout.

* Drag a panel to move it
* Drag the corner handle to resize it

Panels are stored as grid coordinates (not pixels), meaning layouts stay consistent across screen sizes.

<Callout icon="grid-2x2">
  **Grid defaults**

  Panels default to a grid size of **6 columns wide × 3 rows tall**, with a minimum height enforced for readability.
</Callout>

***

# Filters

Filtering determines *what counts*.

Without intentional filtering, dashboards become noise generators. With thoughtful filtering, they become precision tools.

In Rootly, filtering operates on two layers: global view preferences (personal and temporary) and panel-level filters (persistent and shared). Understanding the difference is critical for designing dashboards that are both flexible and consistent.

* **Dashboard-level filters** (your personal view preferences)
* **Panel-level filters** (saved as part of the panel configuration)

These two layers combine to determine what any panel actually shows.

***

## Dashboard-level filters (view preferences)

Dashboard-level filters apply to **all panels** and are saved **per user**:

* Date range (e.g., Last 30 Days)
* Period (day / week / month / quarter / year)
* Team filters
* Service filters

These are designed for flexible viewing without changing the underlying dashboard for everyone.

<Callout icon="user">
  **Your view doesn’t change the dashboard**

  View preferences are personal. Changing your dashboard filters doesn’t edit the dashboard or affect what other viewers see.
</Callout>

***

## Panel-level filters

Panel-level filters are stored with the panel itself and define exactly which records are included in that panel’s dataset.

### Filter conditions (operators)

Depending on the field type, Rootly supports operators like:

* `=` (equals)
* `!=` (not equals)
* `>=` (greater than or equal)
* `<=` (less than or equal)
* `exists` / `not_exists`
* `contains` / `not_contains`
* `assigned` / `unassigned` (incident roles only)

<Callout icon="sliders">
  **Role-aware filtering**

  Incident roles support `assigned` and `unassigned`, allowing panels like “Incidents missing an Incident Commander” or “SEV0s where Comms Lead is unassigned.”
</Callout>

***

## Filter groups (AND / OR logic)

Filters support grouping logic through **filter groups**.

* **AND** groups require all rules to match
* **OR** groups match if any rule matches

This allows more expressive logic, such as:

* (SEV0 OR SEV1) AND (Environment = Production)
* (Service contains Payments) OR (Functionality contains Checkout)

***

# Group By

**Group By** segments the results inside a panel—turning a single metric into comparative series.

Group By is useful when you want to answer questions like:

* Which teams generate the most incidents?
* Which services have the longest time-to-resolve?
* How do SEV0 counts differ by environment?

Group By:

* Creates multiple series for line/column charts
* Segments pie charts by the grouped field
* Can group by custom fields and incident roles

<Callout icon="diagram-project">
  **Group By turns “a metric” into “a comparison”**

  If you’re trying to drive action, group-by is often the difference between a dashboard that reports and a dashboard that informs.
</Callout>

***

# Multiple datasets (comparisons)

Chart panels can include **multiple datasets**.

Each dataset can have:

* A different collection
* Different filters
* Different operations and keys
* A custom series name

This is ideal for side-by-side comparisons, like:

* SEV0 count vs SEV1 count over time
* Time to mitigate vs time to resolve
* Incidents from Team A vs Team B

Multiple datasets are particularly powerful when designing executive dashboards.

Instead of stacking separate panels vertically (which increases scroll depth and visual load), you can combine related signals into a single comparative visualization. This keeps analysis contextual and reduces cognitive switching between panels.

<Callout icon="layer-group">
  **One panel, multiple narratives**

  Multiple datasets let you compare signals without building separate panels—keeping the dashboard compact and the analysis aligned.
</Callout>

***

# Cumulative charts

Certain chart types support **cumulative mode**, which displays running totals over time.

Supported chart types:

* Line chart
* Line stepped chart
* Column chart
* Stacked column chart

Cumulative mode is useful for:

* “Incidents year-to-date”
* “Total alerts this quarter”
* “Action items created this month”

***

# Table panels

Table panels display **raw records** rather than aggregated metrics.

They are useful when you want a dashboard that supports both:

* macro analysis (charts and KPIs), and
* direct operational drill-down (lists of incidents, alerts, or action items)

Table panels support:

* Selecting visible columns
* Including custom fields and incident roles as columns
* Exporting full datasets

<Callout icon="table-columns">
  **Display vs export limits**

  Tables may display up to **100 rows** in the UI for performance, but exports can include the full dataset.
</Callout>

***

# Aggregate value panels

Aggregate panels display a **single formatted number**—ideal for KPI dashboards.

Examples:

* Total incidents (count)
* Average time-to-resolve (average)
* Total hours worked until mitigated (sum)

These panels are best for:

* Exec summaries
* Weekly reliability reviews
* “Top row” dashboard metrics

Because aggregate panels show a single value, they should be used intentionally and sparingly. They are most effective when placed at the top of a dashboard as summary indicators — supported by deeper analytical panels below.

Think of aggregate panels as headlines. The charts beneath them are the supporting evidence.

***

# Operations and keys

## Operations

Operations vary depending on the collection:

* **Count** — available for all collections
* **Average** — commonly available for Alerts and Incidents
* **Sum** — available for Alerts, Incidents, and Users (and depends on the metric key)

<Callout icon="calculator">
  **If you don’t see an operation, it’s usually intentional**

  Some collections only support Count because there isn’t a valid numeric metric to average or sum across records.
</Callout>

## Keys (what you're measuring)

Keys are collection-specific and depend on the operation you select.

### Incidents (examples)

* Count: `results`
* Average/Sum: `triage_time`, `detection_time`, `acknowledge_time`, `mitigation_time`, `resolution_time`, `cancellation_time`, `closed_time`

### Alerts (examples)

* Count: `results`
* Average: `acknowledge_time`, `resolution_time`, `time_between_failure`
* Sum: `acknowledge_time`, `resolve_time`

### Users (examples)

* Count: `results`
* Sum: `hours_worked_until_triaged`, `hours_worked_until_mitigated`, `hours_worked_until_resolved`

***

# Time-based behavior

Dashboards apply time filtering automatically based on the selected date range.

Depending on the collection, Rootly uses different timestamps to scope records (for example, incidents and alerts use their `started_at` timestamps). This ensures charts remain consistent when comparing across dashboards and periods.

Time scoping is applied consistently across collections to ensure analytical integrity. This means comparisons between alerts, incidents, and retros remain aligned when viewing the same date range.

If data appears incomplete or unexpectedly low, the first place to check is always your dashboard-level date range.

<Callout icon="clock">
  **Time filtering is automatic**

  Most panels inherit the dashboard’s date range and period grouping. If results seem “missing,” check your dashboard-level date range first.
</Callout>

***

# Exporting dashboards and panels

## Export a dashboard

1. Open the dashboard in **Metrics**
2. Click **⋯**
3. Select **Download PDF**

## Export a panel

1. Hover over the panel
2. Click **⋯**
3. Choose an export format

Supported formats:

* **PDF** (all panel types)
* **CSV** (all panel types)
* **JSON** (all panel types)
* **PNG / JPG** (chart panels only)

<Callout icon="image">
  **Charts only for image export**

  PNG/JPG exports are only available for chart-based panels. Tables and aggregate value panels export via PDF/CSV/JSON instead.
</Callout>

***

# Duplicate a panel

1. Hover the panel
2. Click **⋯**
3. Select **Duplicate**

Duplicated panels:

* Copy all configuration (filters, keys, operations, display type)
* Are renamed to **Copy of `{original title}`**
* Appear in a default grid position (you’ll likely want to reposition it)

***

# Full screen view

Full screen mode is ideal for TVs or wallboards.

1. Open the dashboard
2. Click the full screen icon (top-right)
3. Press **ESC** or click the icon again to exit

Full screen mode:

* Hides sidebar navigation
* Maximizes panel readability
* Optimizes spacing for large displays

***

# Performance, caching, and limits

Dashboards are optimized for responsiveness, which includes caching and record limits.

<Callout icon="bolt">
  **Caching is a feature, not a bug**

  Panel data is cached (typically \~15 minutes). If you recently changed incident data, it may take **15–20 minutes** to appear—especially with auto-refresh enabled.
</Callout>

Caching allows dashboards to load quickly even when queries involve large datasets. While this introduces slight delay in reflecting recent changes, it ensures consistent performance across organizations with high incident volume.

In practice, dashboards are optimized for strategic and operational review — not second-by-second monitoring.

Additional constraints you may encounter:

* Panel queries are limited (often **10,000 records** by default, higher with feature flags)
* Panel titles are limited in length (to keep dashboards scannable)
* Table panels cap visible rows for UI performance (exports can include full datasets)

***

# Best practices

## Build dashboards with intent

Dashboards should map to a recurring cadence:

* Weekly team reliability review
* Monthly executive metrics
* Incident program retrospectives
* On-call operational readiness

If a dashboard isn’t tied to a workflow, it tends to go stale.

## Prefer fewer, stronger panels

A dashboard with 6–10 focused panels is typically more useful than one with 25 panels competing for attention.

When in doubt:

* duplicate the dashboard,
* specialize it,
* keep each one opinionated.

## Use Group By as your default “depth tool”

If a metric is actionable, it usually has an owner. Grouping metrics by teams, services, or incident types makes accountability visible without requiring extra dashboards.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Why don’t I see all collections?" icon="id-card">
    Collections are seat-based. Users with only an **On-Call** seat typically see **Alerts**, while users with **Incident Response** access see additional collections like **Incidents**, **Retrospectives**, **Action Items**, and **Users**.
  </Accordion>

  <Accordion title="Why can’t I export a table panel as PNG?" icon="image-slash">
    PNG and JPG export formats are available only for chart-based panels. Tables and aggregate values can still be exported as **PDF**, **CSV**, or **JSON**.
  </Accordion>

  <Accordion title="Why do my changes take time to show up?" icon="hourglass-half">
    Panel results are cached for performance. Changes to underlying data may take **15–20 minutes** to appear depending on cache refresh and any auto-refresh settings.
  </Accordion>

  <Accordion title="Can I filter and group by custom fields?" icon="brackets-curly">
    Yes. Panels support filtering and grouping by custom fields. Custom fields can also be used in tables as columns for drill-down workflows.
  </Accordion>

  <Accordion title="What’s the difference between dashboard filters and panel filters?" icon="sliders">
    Dashboard filters are **your personal view preferences** (date range, period, team/service filters) and apply across all panels without changing the dashboard for other users. Panel filters are stored **inside the panel configuration** and define the panel’s dataset for everyone who views it.
  </Accordion>
</AccordionGroup>

***

<Callout icon="life-ring">
  **Need help designing dashboards that actually get used?**

  If you’re not sure how to structure panels, groupings, or comparisons, contact us at **[support@rootly.com](mailto:support@rootly.com)** or use **`/rootly support`** in Slack.
</Callout>


# Default Metrics
Source: https://docs.rootly.com/metrics/default-metrics

Overview of the default dashboards and built-in metrics available in Rootly for incidents, retrospectives, on-call workload, and alert response performance.

Default dashboards give you a starting point for tracking incident response, workload, and alert performance in Rootly.

By default, Rootly provides three dashboards:

* **Incident Response** — Incident volume, response times, and incident breakdowns
* **Workload** — Hours worked across incidents and responders
* **On-Call Metrics** — Alert volume, acknowledgement, resolution, and response trends

Some default panels only appear when the related fields are enabled in your workspace configuration.

## Incident Response Dashboard

The **Incident Response** dashboard includes default metrics for incident volume, retrospectives, action items, response times, and incident breakdowns.

### Number of Incidents

| Title       | # of Incidents                        |
| :---------- | :------------------------------------ |
| Description | Total number of incidents             |
| Type        | Aggregate value                       |
| Collection  | Incidents                             |
| Filter by   | Kind = Normal, Normal sub, Backfilled |
| Operation   | Count                                 |
| Key         | Results                               |

### Number of Retrospectives

| Title       | # of Retrospectives            |
| :---------- | :----------------------------- |
| Description | Total number of retrospectives |
| Type        | Aggregate value                |
| Collection  | Retrospectives                 |
| Filter by   | —                              |
| Operation   | Count                          |
| Key         | Results                        |

### Number of Action Items

| Title       | # of Action Items            |
| :---------- | :--------------------------- |
| Description | Total number of action items |
| Type        | Aggregate value              |
| Collection  | Action Items                 |
| Filter by   | —                            |
| Operation   | Count                        |
| Key         | Results                      |

### Mean Time to Detection (MTTD)

| Title       | MTTD (Mean Time to Detection)                 |
| :---------- | :-------------------------------------------- |
| Description | Average time from incident start to detection |
| Type        | Aggregate value                               |
| Collection  | Incidents                                     |
| Filter by   | Kind = Normal, Normal sub, Backfilled         |
| Operation   | Average                                       |
| Key         | detection\_time                               |

### Mean Time to Acknowledge (MTTA)

| Title       | MTTA (Mean Time to Acknowledge)                     |
| :---------- | :-------------------------------------------------- |
| Description | Average time from incident start to acknowledgement |
| Type        | Aggregate value                                     |
| Collection  | Incidents                                           |
| Filter by   | Kind = Normal, Normal sub, Backfilled               |
| Operation   | Average                                             |
| Key         | acknowledge\_time                                   |

### Mean Time to Mitigation (MTTM)

| Title       | MTTM (Mean Time to Mitigation)                 |
| :---------- | :--------------------------------------------- |
| Description | Average time from incident start to mitigation |
| Type        | Aggregate value                                |
| Collection  | Incidents                                      |
| Filter by   | Kind = Normal, Normal sub, Backfilled          |
| Operation   | Average                                        |
| Key         | mitigation\_time                               |

### Mean Time to Resolution (MTTR)

| Title       | MTTR (Mean Time to Resolution)                 |
| :---------- | :--------------------------------------------- |
| Description | Average time from incident start to resolution |
| Type        | Aggregate value                                |
| Collection  | Incidents                                      |
| Filter by   | Kind = Normal, Normal sub, Backfilled          |
| Operation   | Average                                        |
| Key         | resolution\_time                               |

### Incidents by Severity

| Title       | Incidents by Severity                 |
| :---------- | :------------------------------------ |
| Description | Breakdown of incidents by severity    |
| Type        | Line chart or Pie chart               |
| Collection  | Incidents                             |
| Filter by   | Kind = Normal, Normal sub, Backfilled |
| Group by    | Severity                              |
| Operation   | Count                                 |
| Key         | Results                               |
| Legend      | Include groups without values         |

### Incidents by Environment

| Title       | Incidents by Environment              |
| :---------- | :------------------------------------ |
| Description | Breakdown of incidents by environment |
| Type        | Line chart or Pie chart               |
| Collection  | Incidents                             |
| Filter by   | Kind = Normal, Normal sub, Backfilled |
| Group by    | Environments                          |
| Operation   | Count                                 |
| Key         | Results                               |
| Legend      | Include groups without values         |

### Incidents by Service

| Title       | Incidents by Service                  |
| :---------- | :------------------------------------ |
| Description | Breakdown of incidents by service     |
| Type        | Line chart or Pie chart               |
| Collection  | Incidents                             |
| Filter by   | Kind = Normal, Normal sub, Backfilled |
| Group by    | Services                              |
| Operation   | Count                                 |
| Key         | Results                               |
| Legend      | Include groups without values         |

### Incidents by Functionality

| Title       | Incidents by Functionality              |
| :---------- | :-------------------------------------- |
| Description | Breakdown of incidents by functionality |
| Type        | Line chart or Pie chart                 |
| Collection  | Incidents                               |
| Filter by   | Kind = Normal, Normal sub, Backfilled   |
| Group by    | Functionalities                         |
| Operation   | Count                                   |
| Key         | Results                                 |
| Legend      | Include groups without values           |

### Incidents by Type

| Title       | Incidents by Type                       |
| :---------- | :-------------------------------------- |
| Description | Breakdown of incidents by incident type |
| Type        | Line chart or Pie chart                 |
| Collection  | Incidents                               |
| Filter by   | Kind = Normal, Normal sub, Backfilled   |
| Group by    | Incident Types                          |
| Operation   | Count                                   |
| Key         | Results                                 |
| Legend      | Include groups without values           |

### Retrospectives by Cause

| Title       | Retrospectives by Cause                        |
| :---------- | :--------------------------------------------- |
| Description | Breakdown of retrospectives by cause           |
| Type        | Line chart or Pie chart                        |
| Collection  | Retrospectives                                 |
| Filter by   | Incident Kind = Normal, Normal sub, Backfilled |
| Group by    | Causes                                         |
| Operation   | Count                                          |
| Key         | Results                                        |
| Legend      | Include groups without values                  |

> **Note:** The **Incidents by Environment**, **Incidents by Functionality**, and **Retrospectives by Cause** panels only appear when the related fields are enabled in your workspace.

## Workload Dashboard

The **Workload** dashboard helps you understand time spent across incidents and responders.

### Hours Worked (Using Resolution Time)

| Title       | Hours Worked (Using resolution time)             |
| :---------- | :----------------------------------------------- |
| Description | Total hours worked until incidents were resolved |
| Type        | Column chart                                     |
| Collection  | Incidents                                        |
| Filter by   | Kind = Normal, Normal sub, Backfilled            |
| Group by    | —                                                |
| Operation   | Sum                                              |
| Key         | hours\_worked\_until\_resolved                   |

### Hours Worked by Incident (Using Resolution Time)

| Title       | Hours Worked by Incident (Using resolution time) |
| :---------- | :----------------------------------------------- |
| Description | Hours worked for each incident until resolution  |
| Type        | Table                                            |
| Collection  | Incidents                                        |
| Filter by   | Kind = Normal, Normal sub, Backfilled            |

### Hours Worked by User (Using Resolution Time)

| Title       | Hours Worked by User (Using resolution time) |
| :---------- | :------------------------------------------- |
| Description | Hours worked by responder                    |
| Type        | Table                                        |
| Collection  | Users                                        |
| Filter by   | —                                            |

## On-Call Metrics Dashboard

The **On-Call Metrics** dashboard tracks alert volume, response times, and alert distribution.

### Total Alerts

| Title        | Total Alerts           |
| :----------- | :--------------------- |
| Description  | Total number of alerts |
| Type         | Line chart             |
| Collection   | Alerts                 |
| Series Label | —                      |
| Filter by    | —                      |
| Group by     | —                      |
| Operation    | Count                  |
| Key          | Results                |

### Mean Time to Acknowledge

| Title        | Mean Time to Acknowledge           |
| :----------- | :--------------------------------- |
| Description  | Average time to acknowledge alerts |
| Type         | Line chart                         |
| Collection   | Alerts                             |
| Series Label | —                                  |
| Filter by    | —                                  |
| Group by     | —                                  |
| Operation    | Average                            |
| Key          | acknowledge\_time                  |

### Mean Time to Resolve

| Title        | Mean Time to Resolve           |
| :----------- | :----------------------------- |
| Description  | Average time to resolve alerts |
| Type         | Line chart                     |
| Collection   | Alerts                         |
| Series Label | MTTR                           |
| Filter by    | —                              |
| Group by     | —                              |
| Operation    | Average                        |
| Key          | resolution\_time               |

### Mean Time to Acknowledge by Responder

| Title        | MTTA by Responder                     |
| :----------- | :------------------------------------ |
| Description  | Average acknowledge time by responder |
| Type         | Line chart                            |
| Collection   | Alerts                                |
| Series Label | —                                     |
| Filter by    | —                                     |
| Group by     | Responders                            |
| Operation    | Average                               |
| Key          | acknowledge\_time                     |

### MTTR by Service

| Title        | MTTR by Service                    |
| :----------- | :--------------------------------- |
| Description  | Average resolution time by service |
| Type         | Line chart                         |
| Collection   | Alerts                             |
| Series Label | —                                  |
| Filter by    | —                                  |
| Group by     | Services                           |
| Operation    | Average                            |
| Key          | resolution\_time                   |

### Mean Time Between Failure

| Title        | Mean Time Between Failure     |
| :----------- | :---------------------------- |
| Description  | Average time between failures |
| Type         | Line chart                    |
| Collection   | Alerts                        |
| Series Label | —                             |
| Filter by    | —                             |
| Group by     | —                             |
| Operation    | Average                       |
| Key          | time\_between\_failure        |

### Acknowledge Rate

| Title        | Acknowledge Rate                  |
| :----------- | :-------------------------------- |
| Description  | Percentage of alerts acknowledged |
| Type         | Line chart                        |
| Collection   | Alerts                            |
| Series Label | —                                 |
| Filter by    | —                                 |
| Group by     | —                                 |
| Operation    | Average                           |
| Key          | acknowledge\_rate                 |

### Alerts by Source

| Title        | Alerts by Source              |
| :----------- | :---------------------------- |
| Description  | Breakdown of alerts by source |
| Type         | Line chart or Pie chart       |
| Collection   | Alerts                        |
| Series Label | —                             |
| Filter by    | —                             |
| Group by     | Source                        |
| Operation    | Count                         |
| Key          | Results                       |
| Legend       | Include groups without values |

### Alerts by Responder

| Title        | Alerts by Responder              |
| :----------- | :------------------------------- |
| Description  | Breakdown of alerts by responder |
| Type         | Pie chart                        |
| Collection   | Alerts                           |
| Series Label | —                                |
| Filter by    | —                                |
| Group by     | Responders                       |
| Operation    | Count                            |
| Key          | Results                          |
| Legend       | —                                |

### Response Effort

| Title        | Response Effort                                    |
| :----------- | :------------------------------------------------- |
| Description  | Sum of time between acknowledgement and resolution |
| Type         | Line chart                                         |
| Collection   | Alerts                                             |
| Series Label | Response Effort                                    |
| Filter by    | Status = Resolved                                  |
| Group by     | —                                                  |
| Operation    | Sum                                                |
| Key          | resolve\_time                                      |
| Legend       | —                                                  |

### Alerts by Urgency

| Title        | Alerts by Urgency              |
| :----------- | :----------------------------- |
| Description  | Breakdown of alerts by urgency |
| Type         | Line chart                     |
| Collection   | Alerts                         |
| Series Label | Alerts                         |
| Filter by    | —                              |
| Group by     | Alert Urgency                  |
| Operation    | Count                          |
| Key          | Results                        |
| Legend       | Include groups without values  |

### Alerts by Escalation Policy

| Title        | Alerts by Escalation Policy              |
| :----------- | :--------------------------------------- |
| Description  | Breakdown of alerts by escalation policy |
| Type         | Pie chart                                |
| Collection   | Alerts                                   |
| Series Label | —                                        |
| Filter by    | —                                        |
| Group by     | Escalation Policies                      |
| Operation    | Count                                    |
| Key          | Results                                  |
| Legend       | —                                        |

### Alerts by Service

| Title        | Alerts by Service              |
| :----------- | :----------------------------- |
| Description  | Breakdown of alerts by service |
| Type         | Line chart or Pie chart        |
| Collection   | Alerts                         |
| Series Label | —                              |
| Filter by    | —                              |
| Group by     | Services                       |
| Operation    | Count                          |
| Key          | Results                        |
| Legend       | —                              |


# Managing Dashboards
Source: https://docs.rootly.com/metrics/managing-dashboards

Create, customize, share, and operationalize dashboards in Rootly to understand incident performance, on-call workload, and reliability metrics.

Dashboards are where operational data becomes decision-making context.

In Rootly, dashboards allow you to transform raw incident data into structured, visual insights across teams, services, severities, time periods, and operational layers. Whether you're tracking executive-level reliability metrics or drilling into team-level performance, dashboards give you flexible control over how performance is measured and communicated.

You can access dashboards by navigating to **Metrics**.

## Overview

Every dashboard in Rootly is defined by three core dimensions:

1. **Ownership** — who controls it
2. **Permissions** — who can modify or manage it
3. **Visibility** — who can access it internally or publicly

Understanding these dimensions helps you design dashboards intentionally, not just visually but operationally.

## Dashboard Ownership and Visibility

### Ownership Types

Dashboards are owned either by an **organization** or by an individual user.

#### Personal Dashboards

Personal dashboards are owned by an individual user.

They are ideal for:

* Exploratory analysis
* Personal reporting workflows
* Temporary or experimental views
* Individual operational tracking

By default:

* You are the **Manager**
* No one else has access unless you explicitly share it

#### Organization Dashboards

Organization dashboards are shared at the organizational level and are best suited for standardized reporting across teams.

They are appropriate when:

* Multiple teams rely on the same metrics
* Dashboards support recurring reporting, such as weekly reviews or executive updates
* Standardized views are required across departments

Organization dashboards can be shared broadly across your Rootly account.

### Public Dashboards

Any dashboard, whether Personal or Organization, can optionally be made **Public**.

When public access is enabled:

* A view-only link is generated
* Authentication is not required
* External stakeholders can access the dashboard data

<Callout icon="sparkles">
  <strong>Public access is a visibility layer, not an ownership change.</strong><br />
  Making a dashboard public does not change who can manage or edit it. It only enables view-only access through a shareable link.
</Callout>

<Callout icon="eye-slash">
  <strong>Public dashboards may be disabled.</strong><br />
  Some organizations disable public dashboard access. If you do not see the public toggle, contact your administrator.
</Callout>

## Creating a Dashboard

To create a new dashboard:

1. Navigate to **Metrics**
2. Click **+ Create Dashboard**
3. Configure the dashboard settings
4. Save your dashboard

Dashboards are designed to provide sensible defaults while still supporting deeper customization when needed.

## Configuration Options

When creating a dashboard, you can define:

* **Name**
* **Description**
* **Icon**
* **Color theme**
* **Date range**
* **Period grouping**
* **Auto-refresh behavior**

### Default Values

If you create a dashboard without customizing every field, Rootly applies the following defaults:

* Icon: 📊
* Date range: **Last 30 Days**
* Period: **Day**
* Auto-refresh: **Disabled**
* Color: Randomly selected from the supported palette

<Callout icon="palette">
  <strong>Color system</strong><br />
  Dashboard colors are selected from a predefined palette to maintain visual consistency across your workspace.
</Callout>

### Period Grouping

Metrics can be grouped by:

* Day
* Week
* Month
* Quarter
* Year

Choosing the right grouping affects how trends are interpreted.

For example:

* **Day** is useful for short-term incident spikes
* **Month** or **Quarter** is better for leadership-level trend reporting

## Personalizing Dashboard Views

Each user can personalize how they view a dashboard without affecting anyone else.

You can adjust:

* Date range
* Period grouping
* Team filters
* Service filters

These preferences are saved per user, per dashboard.

<Callout icon="user-gear">
  <strong>View preferences are private.</strong><br />
  Changing filters or date ranges does not update the dashboard for other viewers.
</Callout>

## Sharing and Permissions

To share a dashboard:

1. Open the dashboard
2. Click **Share**
3. Assign permission levels to users or teams

### Permission Levels

Permissions are hierarchical:

* **Viewer**
  * Can view data only

* **Editor**
  * Can view and modify panels
  * Inherits Viewer permissions

* **Manager**
  * Can view, edit, share, and delete
  * Inherits Editor permissions

A dashboard must always have at least one **Manager**. You cannot remove or downgrade the last Manager until another Manager has been assigned.

<Callout icon="shield-check">
  <strong>Permission hierarchy matters.</strong><br />
  Editors inherit Viewer permissions, and Managers inherit both Viewer and Editor permissions.
</Callout>

## Setting a Default Dashboard

You can designate one dashboard as your default.

This dashboard will automatically open when you navigate to **Metrics**.

To set a default dashboard:

1. Open the dashboard
2. Click **⋯**
3. Select **Set default**

<Note>
  Each user can have one default dashboard per team. Setting a new default replaces your previous default for that team.
</Note>

## Duplicating Dashboards

Duplicating a dashboard is useful when you want to:

* Create team-specific variants
* Compare different time periods
* Test new panel configurations without changing the original

To duplicate a dashboard:

1. Open the dashboard
2. Click **⋯**
3. Select **Duplicate**

Duplicated dashboards:

* Include all panels and dashboard configuration
* Are created as **Personal dashboards**
* Do not inherit sharing permissions
* Are automatically renamed to **Copy of \[original name] - YYYY-MM-DD**

For example: **Copy of Overview - 2025-03-16**

## Exporting Dashboards and Panels

Dashboards and panels can be exported for reporting and distribution outside of Rootly.

### Entire Dashboard

You can export the full dashboard as:

* **PDF**

### Individual Panels

From a panel’s **More (⋯)** menu, you can export:

* **CSV**
* **JSON**
* **PDF**
* **PNG** *(chart panels only)*
* **JPG** *(chart panels only)*

These export options help teams share insights while preserving the original data and visual context.

## Auto-Refresh Behavior

Dashboards support auto-refresh, but dashboard data is still cached.

<Callout icon="clock">
  <strong>Auto-refresh is not real-time.</strong><br />
  Changes to underlying data may take 15–20 minutes to appear due to caching and refresh intervals.
</Callout>

## Deleting Dashboards

To delete a dashboard:

1. Navigate to **Metrics**
2. Open the dashboard’s **⋯** menu
3. Select **Delete**

<Callout icon="triangle-exclamation">
  <strong>Deletion is not user-recoverable.</strong><br />
  Dashboards use soft deletion internally, but there is no self-serve restore flow. Duplicate important dashboards before deleting them.
</Callout>

## Best Practices

Well-designed dashboards improve operational clarity, not just reporting.

### Separate Strategic and Tactical Dashboards

Use different dashboards for different purposes.

* **Tactical dashboards** usually use short date ranges and higher granularity
* **Strategic dashboards** usually use monthly or quarterly grouping for trends

Avoid mixing both use cases into a single dashboard.

### Limit Panel Density

Too many panels reduce clarity.

Instead:

* Create multiple focused dashboards
* Duplicate and specialize dashboards for different audiences
* Use descriptive naming conventions

For example:

* 🚨 Critical Incidents — Last 30 Days
* 📈 Reliability Trends — Quarterly

### Use Organization Dashboards for Standardization

If a dashboard is referenced in:

* Weekly reviews
* Executive reporting
* Post-incident retrospectives

It should likely be an **Organization dashboard**.

### Configure Public Links Intentionally

Public dashboards are powerful, but they should be shared carefully.

Before sharing externally:

* Confirm no sensitive data is exposed
* Verify the intended filters and time ranges
* Review the dashboard as an external viewer would see it

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Why must dashboard names be unique?" icon="fingerprint">
    Dashboard names must be unique within your team, excluding deleted dashboards. This helps prevent confusion and keeps shared reporting environments easier to manage.

    If you receive a validation error, choose a different name.
  </Accordion>

  <Accordion title="Can I restrict who edits panels but still allow viewing?" icon="user-lock">
    Yes. Assign users as <strong>Viewers</strong> to give them read-only access. Only Editors and Managers can modify dashboard panels.
  </Accordion>

  <Accordion title="Does duplicating a dashboard copy sharing permissions?" icon="copy">
    No. A duplicated dashboard is created as a new Personal dashboard owned by the user who duplicated it. Sharing permissions must be configured separately.
  </Accordion>

  <Accordion title="How many default dashboards can I have?" icon="house">
    Each user can have one default dashboard per team. Setting a new default replaces your previous default for that team.
  </Accordion>

  <Accordion title="Why can’t I remove or downgrade the last Manager?" icon="user-shield">
    Every dashboard must have at least one Manager. If you need to remove or downgrade the current Manager, assign another user or team as Manager first.
  </Accordion>

  <Accordion title="What happens if I enable auto-refresh?" icon="rotate">
    The dashboard refreshes automatically at the configured interval, but the underlying data may still be delayed because of caching. In practice, changes can take around 15–20 minutes to appear.
  </Accordion>
</AccordionGroup>

Dashboards are most effective when they reflect how your organization thinks about reliability. Design them intentionally, share them responsibly, and revisit them as your operational needs evolve.


# Getting Started
Source: https://docs.rootly.com/notifications/getting-started

Configure general and on-call notifications in Rootly including email, Slack, SMS preferences, shift reminders, escalation rule layers, and contact methods.

Rootly notifications ensure responders stay informed without needing to constantly monitor Slack channels or dashboards. Delivery is multi-channel (Email, Slack, SMS, Phone Calls, and Push Notifications), and you can configure how and when you receive signals depending on urgency and context.

Manage your preferences in **Account Settings → Notifications**.

Notifications are divided into two categories:

* **General Notifications** — awareness-based updates (assignments, mentions, summaries).
* **On-Call Notifications** — paging and escalation behavior during active shifts.

***

# General Notifications

General notifications keep you informed about operational activity even when you are not actively on call. These updates are informational — they are not designed to page you urgently.

## Email Notifications

Email is optimized for durable updates and summaries you may want to reference later.

By default, new users are subscribed to:

* Weekly incident summaries
* Postmortem publications

Depending on configuration, you may also receive assignment-based updates (such as action items or incident role assignments).

<Callout icon="envelope-circle-check">
  **Email requires verification**

  Rootly will only deliver email notifications if your email address is verified.\
  If delivery fails, verify your address before testing rules again.
</Callout>

***

## Slack Notifications

Slack notifications are designed for real-time collaboration and in-channel visibility.

These may include:

* Incident invitations
* Assignment notifications
* Mentions in incident messages
* Mentions in timeline events

Slack delivery requires a connected Slack account and workspace authorization.

<Callout icon="slack">
  **Slack must be connected**

  If Slack is not connected, Rootly will fall back to other enabled contact methods where possible.
</Callout>

***

# On-Call Notifications

On-call notifications control paging behavior during active shifts. These are designed for urgent, actionable signals.

There are two core components:

1. **Shift Reminders** — pre-shift and post-shift notifications
2. **Notification Rules** — escalation logic when alerts require action

***

## Shift Reminders

Shift reminders reduce missed handoffs and give responders time to prepare.

### Default Behavior

Shift reminders are **enabled by default** for new users. Rootly automatically creates reminders for:

* `at_start` — before a shift begins
* `at_end` — before a shift ends

By default:

* Email: enabled
* Slack: enabled
* SMS: disabled
* Push notifications: disabled

### Reminder Timing

Shift reminders use **human-readable delay values**, such as:

* `"3 days"`
* `"1 day"`
* `"1 hour"`

Additional minute-level options may be available depending on feature configuration.

<Callout icon="hourglass-half">
  **Shift reminder delays are string-based**

  Reminder timing uses values like `"1 hour"` or `"3 days"` —\
  this is different from escalation rules, which use integer delays measured in minutes.
</Callout>

### Guardrails

To prevent broken configurations:

* Maximum **3 reminders per kind** (`at_start` or `at_end`)
* Each enabled reminder must:
  * Have a delay selected
  * Include at least one contact method
* SMS and Phone delivery require verified numbers

***

## Notification Rules (Escalation Logic)

Notification rules define how Rootly pages you when action is required.

Each rule consists of **layers**, and each layer can:

* Wait a specified number of minutes
* Use one or more contact methods
* Escalate progressively if no acknowledgment occurs

***

### Rule Types: Quiet vs Audible

Rootly separates paging into two escalation categories:

* **Quiet** — respects Do Not Disturb and reduces disruption for lower-urgency notifications
* **Audible** — intended for urgent alerts and can break through suppression (for example, critical push alerts)

Both rule types are created automatically for new users.

### Default Rules

New users receive:

* One **Quiet** rule (0-minute delay, Email enabled)
* One **Audible** rule (0-minute delay, Email enabled)

These can be modified, but:

* You must always maintain **at least one Quiet rule**
* You must always maintain **at least one Audible rule**
* You cannot delete the final rule of either type

***

### Escalation Layers

Within each rule, you can:

1. Set a delay (**integer minutes**)
2. Choose contact methods
3. Reorder layers to control escalation flow
4. Test delivery

Delays are always measured in minutes (for example, `0`, `5`, `15`).

***

### Supported Contact Methods

Rootly supports:

* `email`
* `sms`
* `call`
* `device` (critical push notifications)
* `non_critical_device` (standard push notifications)

<Callout icon="shield-check">
  **Verification is enforced**

  * SMS and Call require verified phone numbers
  * Email requires a verified email address
  * Push requires the Rootly mobile app

  This prevents silent paging failures.
</Callout>

***

### Audible Rule Requirements

Audible rules include additional safeguards to ensure responders are actually reachable:

* Layer 1 must include **Critical Alerts (`device`)**
* Subsequent layers must include at least one of:
  * Critical Alerts (`device`)
  * Phone Call (`call`)

These constraints ensure urgent incidents cannot rely solely on passive delivery channels.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Why can't I delete my last notification rule?" icon="lock">
    Rootly requires at least one **Quiet** rule and one **Audible** rule to ensure there is always a valid notification path.

    You can modify rules, adjust layers, or change contact methods — but the final rule of each type cannot be deleted. This prevents misconfiguration where alerts cannot be delivered.
  </Accordion>

  <Accordion title="What's the difference between Audible and Quiet notifications?" icon="volume-high">
    **Audible notifications** are designed for urgent alerts that require immediate attention. They:

    * Can bypass Do Not Disturb (via Critical Alerts)
    * Require Critical Alerts (`device`) on the first layer
    * Require Critical Alerts or Phone Call on subsequent layers

    **Quiet notifications** are intended for lower-urgency signals. They:

    * Respect Do Not Disturb
    * Can rely on email or standard push notifications
    * Are suitable for informational updates

    Both rule types are created automatically for new users and can be customized independently.
  </Accordion>

  <Accordion title="How do I verify my phone number or email address?" icon="shield-check">
    **Phone numbers**

    1. Go to **Account Settings → Notifications**
    2. Add a number under **Phone Numbers**
    3. Enter the verification code sent via SMS or call

    **Email addresses**

    * Primary emails are verified automatically
    * Additional emails require confirmation via a verification link

    Verification is required before email, SMS, or call delivery can be used in notification rules.
  </Accordion>

  <Accordion title="Why aren't my shift reminders working?" icon="clock">
    Common causes include:

    * Reminder is disabled
    * No contact methods selected
    * Contact information is unverified
    * No delay selected
    * No scheduled shift

    Use the **Test** option in notification settings to validate delivery.
  </Accordion>

  <Accordion title="Can I customize shift reminder times?" icon="sliders">
    Yes. Shift reminders support:

    * 3 days before
    * 1 day before
    * 1 hour before

    Additional minute-level options may be available depending on configuration.

    You can configure up to **3 reminders per kind** (before shift start or end).\
    Reminder delays use human-readable values (e.g., `"1 hour"`), not integer minutes.
  </Accordion>

  <Accordion title="What happens if I don't have a verified phone number?" icon="phone">
    If your phone number is not verified:

    * SMS will not be sent
    * Phone calls will not be sent

    Email, Slack, and push notifications will still function if configured.

    For Audible rules, ensure either Critical Push (`device`) or Phone Call is properly set up to maintain compliance.
  </Accordion>

  <Accordion title="How do notification rules escalate?" icon="arrow-up">
    Rules escalate sequentially through configured layers:

    1. The first layer triggers immediately (or after its delay)
    2. If unacknowledged, Rootly waits the configured delay (in minutes)
    3. The next layer activates
    4. Escalation continues until acknowledgment or layers are exhausted

    Delays are cumulative and measured in integer minutes.
  </Accordion>

  <Accordion title="What's the difference between 'device' and 'non_critical_device'?" icon="mobile-screen-button">
    **`device` (Critical Alerts)**

    * Bypasses Do Not Disturb
    * Required on layer 1 of Audible rules
    * Designed for urgent wake-up scenarios

    **`non_critical_device` (Standard Push)**

    * Respects Do Not Disturb
    * Suitable for Quiet rules
    * Used for informational alerts

    Both require the Rootly mobile app.
  </Accordion>

  <Accordion title="Can I disable shift reminders?" icon="toggle-off">
    Yes. You can toggle reminders off without deleting them:

    1. Go to **Account Settings → Notifications → Shift Reminders**
    2. Disable the reminder

    Disabled reminders remain saved and can be re-enabled later.
  </Accordion>

  <Accordion title="How do I test my notification configuration?" icon="flask">
    Use the **Test** button on any rule layer:

    1. Navigate to **Notifications → On-Call Notifications**
    2. Select a rule layer
    3. Click **Test**

    Rootly will attempt delivery using the configured contact methods.\
    Ensure contact information is verified before testing.
  </Accordion>

  <Accordion title="Can I have different notification rules per team?" icon="sitemap">
    Notification rules are **user-level**, not team-level.

    Teams and services control routing via **Escalation Policies**, while users control how they personally receive alerts.
  </Accordion>

  <Accordion title="What happens if all notification methods fail?" icon="triangle-exclamation">
    Rootly will continue attempting delivery according to your configured layers.\
    Failed attempts are logged, and escalation continues until all layers are exhausted.

    To reduce risk:

    * Configure multiple contact methods
    * Verify all contact information
    * Connect the mobile app
    * Test regularly
  </Accordion>
</AccordionGroup>

***

<Callout icon="life-ring">
  **Need help configuring notifications?**

  If you're unsure which channels to enable or are experiencing delivery issues, contact **[support@rootly.com](mailto:support@rootly.com)** or use **`/rootly support`** in Slack.
</Callout>


# Phone & SMS Setup
Source: https://docs.rootly.com/notifications/notification-phone-numbers

Download Rootly contact cards so your phone can recognize incoming Rootly calls and SMS notifications from on-call paging, IVR routing, and escalations.

Phone and SMS delivery can vary by carrier and location. To help you recognize important notifications, Rootly provides a contact card with the phone numbers we use to call or text you.

These are Rootly’s **outgoing numbers** — the numbers used when Rootly sends you phone calls or SMS messages.

## What Is a vCard?

A vCard is a digital contact card that contains Rootly’s outgoing call and SMS numbers.

Once you import it, your device can recognize Rootly notifications more easily when you receive:

* Phone calls
* SMS messages

## Update from the Mobile App

If you use the Rootly mobile app, you can update the contact card directly from the app.

To update your contact card:

1. Open the Rootly mobile app
2. Tap **Settings**
3. Select **Update Contact Card**
4. Confirm the update

Using the app helps keep your contact card current if Rootly adds or updates notification numbers.

## Download the vCard Manually

If you do not use the mobile app, you can download the Rootly vCard directly and import it into your contacts.

<Card title="Download the Rootly vCard" icon="download" href="https://rootly.com/rootly-outgoing-numbers.vcf" />

The vCard is refreshed periodically. If Rootly adds or changes outgoing numbers, download it again or update it through the mobile app to keep your contacts current.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What numbers are included in the vCard?" icon="circle-question">
    The vCard includes Rootly’s outgoing phone numbers used for notifications, such as calls and SMS messages sent from Rootly to you.
  </Accordion>

  <Accordion title="Why should I import the Rootly vCard?" icon="address-card">
    Importing the vCard helps your phone recognize Rootly notifications, which can make it easier to identify important calls and text messages when they arrive.
  </Accordion>

  <Accordion title="Do I need the mobile app to use this?" icon="mobile-screen">
    No. You can download the vCard manually and import it into your contacts without using the mobile app.
  </Accordion>

  <Accordion title="Should I update the vCard again later?" icon="arrows-rotate">
    Yes. Rootly may update the outgoing numbers over time, so refreshing the contact card periodically helps keep your saved contact information accurate.
  </Accordion>
</AccordionGroup>


# Edit Schedules
Source: https://docs.rootly.com/on-call/edit-schedules

Update on-call schedules in Rootly, manage overrides, swap shifts, and pause paging without disrupting historical data, audit trails, or reporting.

## Overview

On-call schedules are living configurations that evolve as teams grow, coverage changes, and real-world situations arise. While schedules define *who* is responsible at any given moment, Rootly is designed so that edits to schedules are **safe, auditable, and non-destructive**.

When you update a schedule—whether by adding users, creating overrides, or temporarily pausing paging—Rootly ensures that **historical records remain intact**. Past incidents, alerts, and timelines continue to reflect exactly who was on call at that moment in time, while your changes only apply going forward.

This page walks through how to confidently edit schedules after they’ve been created, including managing overrides and pausing schedules without deleting them.

<Note>
  ### How schedule changes work

  Any changes made to a schedule only affect **future shifts**.\
  Rootly intentionally prevents edits from modifying past on-call history to preserve accurate audits, incident timelines, and compliance records.
</Note>

<Warning>
  ### Required permissions

  Only users with the following **On-Call roles** can create, edit, or delete schedules:

  * Admin
  * User

  Users with Observer access can view schedules but cannot make changes.
</Warning>

***

## Managing Overrides

Overrides are the safest and most flexible way to handle short-term coverage changes. Instead of editing a rotation—which can affect many future shifts—an override temporarily assigns a specific shift to a different user while leaving the underlying schedule unchanged.

Common use cases include vacations, sick days, training, or one-off coverage swaps.

Overrides always apply to **individual users** and automatically take precedence over rotation-based shifts. Rootly enforces guardrails to ensure overrides do not overlap or create paging conflicts.

### Reassigning or Reverting an Override

To manage an override, navigate to **On-Call → Schedules** and open the schedule you want to modify. Shifts that are currently overridden are clearly marked with an **Override** label, making it easy to distinguish them from standard rotation shifts.

***

### Reverting an Override

Reverting an override restores the shift to its original assignee based on the schedule’s rotation logic. This is commonly used once the temporary coverage change is no longer needed.

Select the overridden shift, then choose **Revert to original**. The shift will immediately return to the user originally assigned by the rotation.

<Frame>
  <img />
</Frame>

<Frame>
  <img />
</Frame>

<Note>
  Overrides can also be reverted from the **On-Call Shifts** page.\
  All override actions—including creation, reassignment, and reversion—are logged and auditable.
</Note>

***

### Reassigning an Override

If coverage needs to change again, you can reassign an existing override to a different user.

After selecting the overridden shift, choose the new user who should cover it and click **Create Override**. Rootly validates the change automatically, ensuring the override does not overlap with other overrides or violate paging rules.

<Frame>
  <img />
</Frame>

Overrides cannot be assigned to another schedule and must always map to a single user. This ensures accountability and predictable paging behavior.

***

## Pausing a Schedule

Sometimes a schedule needs to be temporarily disabled without being deleted. This might happen during a service deprecation, team reorganization, or a period where paging should be suppressed.

In Rootly, schedules do not page responders on their own. Paging only occurs when a schedule is referenced by an **Escalation Policy**. This makes pausing a schedule both simple and reversible.

To pause a schedule, remove it from any escalation policies that reference it. The schedule itself remains fully intact and can be reactivated later by re-adding it to an escalation policy.

### How to Pause a Schedule

1. Navigate to **On-Call → Escalation Policies**.
2. Open the escalation policy that includes the schedule.
3. Edit the policy and remove the schedule from the **Who do we notify?** section.
4. Save the escalation policy.

Once removed, the schedule will stop paging immediately, but no configuration or historical data is lost.

***

## Best Practices

When editing schedules, use overrides for short-term changes and reserve rotation edits for long-term structural updates. Pausing schedules by removing them from escalation policies is safer than deleting them outright, especially if you may need them again in the future.

Regularly reviewing schedules after team changes helps prevent stale paging paths and ensures alerts always reach the correct responder.

***

## Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="Do overrides affect past shifts?">
    No. Overrides only apply to future shifts. Rootly never rewrites historical on-call data, ensuring incident timelines and audits remain accurate.
  </Accordion>

  <Accordion title="Can I assign an override to another schedule?">
    No. Overrides must always be assigned to an individual user. Schedules cannot be used as override targets.
  </Accordion>

  <Accordion title="What happens when an override is created or reverted?">
    Rootly records the change in the audit log and can notify responders through integrated channels such as Slack, ensuring visibility into coverage changes.
  </Accordion>

  <Accordion title="What’s the safest way to temporarily stop paging?">
    Remove the schedule from all associated escalation policies. This pauses paging while preserving the schedule for future use.
  </Accordion>
</AccordionGroup>


# Escalation Policies
Source: https://docs.rootly.com/on-call/escalation-policies

Create, configure, and manage escalation policies in Rootly to ensure alerts are acknowledged and acted on with multi-step targets, delays, and round robin.

# Overview

Escalation Policies define **how Rootly notifies responders when an alert requires attention** and what happens if that alert is not acknowledged in time. They are the backbone of on-call reliability—ensuring alerts reach a human, escalate predictably, and never fall through the cracks.

An escalation policy answers three core questions:

* Who should be notified first?
* What should happen if no one responds?
* How long should Rootly keep escalating before stopping?

Escalation Policies can be assigned to a **Team** or **Service**. When that Team or Service is paged, their assigned escalation policy will trigger.

<Frame>
  <img alt="Clean Shot2026 03 16at14 06 44@2x" />
</Frame>

***

# Create an Escalation Policy

Escalation policies are created from the On-Call section of the web app.

To create a new escalation policy:

1. Navigate to **On-Call → Escalation Policies**
2. Click **+ Add Escalation Policy**
3. Enter an **Escalation Policy Name** (required) and an optional description

<Note>
  When you create an escalation policy, a **Default Escalation Path** is automatically created with **Audible notifications** enabled. This default path cannot be deleted and acts as a fallback if no other escalation paths match.
</Note>

***

## Step 1: Who Do We Notify?

<Tip>
  Some alerts resolve themselves quickly. If this is common, consider adding a short **Wait period** at the top of your Escalation Path set up before the first escalation step so transient issues don’t immediately page responders.
</Tip>

This step defines **who is initially responsible** for responding when an alert is triggered.

Rootly supports notifying:

* Individual users
* On-call schedules
* Team members or team admins
* Slack channels (for visibility)
* Escalating to other Teams or Services

<Frame>
  <img alt="Clean Shot2026 03 16at14 22 51@2x" />
</Frame>

### Paging Strategies

Each escalation level has a **paging strategy** that controls which pageable responders are notified and in what order when the level triggers. You can configure the strategy when adding targets to a level.

<Note>
  Paging strategies apply only to **pageable targets** — users, schedules, and team responders. Slack channel targets (added for visibility) and Escalate targets always fire regardless of the strategy selected.
</Note>

<ParamField type="recommended">
  Pages the person currently on-call for any schedule targets in the level. Individual user targets are always paged directly. This is the standard strategy and the right choice for most escalation levels.
</ParamField>

<ParamField>
  Pages all members of every schedule in the level at once, regardless of who is currently on-call. Use this for critical escalation levels where broad coverage matters more than targeted paging.
</ParamField>

<ParamField>
  Randomly selects one pageable responder from the level and pages only them. Useful when any responder in the group is equally qualified and you want to avoid alerting everyone at once.
</ParamField>

<ParamField>
  Rotates the first-paged responder across incoming alerts — Alert A pages User 1, Alert B pages User 2, and so on. Distributes alert load evenly over time. Learn more in the [Round Robin documentation](/on-call/round-robin-functionality#alert-based-paging).
</ParamField>

<ParamField>
  Pages each pageable target in the level sequentially within a single alert, cycling through all members before escalating to the next step. Learn more in the [Round Robin documentation](/on-call/round-robin-functionality#cycle-based-paging).
</ParamField>

<Tip>
  When a **Team** is added as a notification target, you can choose to page all team members, team admins only, or escalate directly to the team's own escalation policy.
</Tip>

If an alert needs to be handed off to another group (such as a Team or Service), you can use an **Escalate** target. This triggers the target's escalation policy **in parallel**, while the original policy continues executing.

<Warning>
  If your alert source sends a re-trigger event, Rootly will re-page the responder who last acknowledged the alert. If the alert remains unacknowledged, escalation continues according to the policy’s steps.
</Warning>

***

## Step 2: Add Escalation Steps

Escalation steps define **what happens next if an alert is not acknowledged**.

Each step includes:

* A delay (in minutes)
* One or more notification targets

Delays start counting from the previous step (or alert creation for the first step). This allows escalation to widen gradually as urgency increases.

<Frame>
  <img alt="Clean Shot2026 03 16at14 24 31@2x" />
</Frame>

***

## Step 3: Configure Repeat Behavior

If an alert remains unacknowledged after all steps complete, you can choose to **repeat the escalation policy**.

When enabled, Rootly restarts escalation from the beginning and continues until:

* The alert is acknowledged, or
* The repeat limit is reached

This is commonly used for high-severity alerts where acknowledgement is mandatory.

<Frame>
  <img alt="Clean Shot2026 03 16at14 25 53@2x" />
</Frame>

***

## Step 4: Save and Assign the Policy

Saving the policy does not activate it.

Escalation policies only run once they are assigned to a **Service** or **Team**: when the Service or Team are paged, their assigned escalation policy will trigger.

1. Assign the escalation policy to a **Team** using the **Owning team** field.
   1. **Note**: Any admin of an Owning Team of an Escalation Policy will also inherit edit permissions for that Escalation Policy.
   <Frame>
     <img alt="Clean Shot2026 03 16at14 27 24@2x" />
   </Frame>
2. Assign the escalation policy to a **Service** from the Service Configuration section of the dashboard.
   <Frame>
     <img alt="Clean Shot2026 03 16at14 29 01@2x" />
   </Frame>

***

# Dynamic paths

Escalation policies can contain **multiple paths**, each with its own rules and steps, allowing you to set up unique paging logic for different scenarios. Dynamic Paths allow you to model scenarios such as:

* Business hours vs after hours
* High vs low urgency alerts
* Deferring pages on weekends vs. weekdays

Rootly supports two kinds of dynamic paths: **Escalation Paths**, and **Deferral Paths**. Escalation Paths trigger the alert right away and begin paging based on the path's logic. Deferral Paths will hold off on triggering the alert for a window of time, then trigger the alert and begin paging based on a related Escalation Path.

Rootly evaluates Deferral Paths first, and can only be active during a certain time window. Once the time window lapses, Rootly will then evaluate Escalation Paths. All paths are evaluated top to bottom: the first path that matches the alert will be executed.

Create a new Dynamic Path by navigating to the Paths tab, and select **New Path**.

<Frame>
  <img alt="Clean Shot2026 03 27at14 55 08@2x" />
</Frame>

## Escalation Paths

Build Dynamic Escalation Paths when you want to have different paging logic for different types of alerts: for example, you may want to page different schedules depending on the time of day, or different users depending on the alert's urgency.

Set up your Escalation Path by:

1. Give your path a detailed Name. Make sure to use a descriptive name: when the path is executed for an alert, the path name will show on the alert's timeline.
2. Add conditions for when the path should be executed. You can build conditions around alert details:
   1. Alert Urgency
   2. Alert Fields
   3. Services on the Alert
   4. Alert's Payload (represented as a JSONPath).
3. Add any time restrictions: time restrictions limit the times of day for when the path can execute.
4. Select if the path will be executed if `Any` or `All` of the conditions are true: note that this logic applies to both the Conditions and Time Restrictions.
5. Set the notification type for the Path. See [Audible vs. Quiet Notifications](https://docs.rootly.com/on-call/escalation-policies#audible-vs-quiet-notifications) below to learn more about notification types.
6. Click **Done**, and begin adding the paging logic following the same process as your Default Path.

<Frame>
  <img alt="Clean Shot2026 03 27at15 32 42@2x" />
</Frame>

As you continue adding additional Escalation Paths, use the left-hand sidebar to drag-and-drop the paths into the order you'd like them to be evaluated in.

### Audible vs Quiet Notifications

Each Escalation Path is either **Audible** or **Quiet**:

* **Audible paths** are designed to wake responders and trigger critical notifications
* **Quiet paths** respect Do Not Disturb and are used for lower-urgency alerts

Audible and Quiet paths map directly to each user’s notification rules. Learn more in [Audible and Quiet Notifications](/on-call/on-call-notifications).

### Limits and Constraints

Escalation Paths have a few important limits:

* **Maximum escalation levels:** 20 per path
* **Maximum targets per level:** 25
* **Repeat count:** 1–9 cycles
* **Maximum delay per step:** 10,080 minutes (1 week)

Keeping policies simple and within these bounds improves reliability and maintainability.

## Deferral Paths

Build Deferral Paths when you want to hold off on paging until a later time. We recommend using Deferral Paths for **low-urgency alerts only**, so your responders never miss an urgent page.

When a Deferral Path is executed, it will hold off on triggering the Alert until the time window closes: once it closes, Rootly will trigger the alert and begin paging based on a matching Escalation Path.

Set up your Deferral Path by:

1. Give your path a detailed Name. Make sure to use a descriptive name: when the path is executed for an alert, the path name will show on the alert's timeline.
2. Add conditions for the types of Alerts that the path can map to. You can build conditions around alert details:
   1. Alert Urgency
   2. Alert Fields
   3. Services on the Alert
   4. Alert's Payload (represented as a JSONPath).
3. Add a time interval: this is the window of time the path can match to an alert. Once the interval concludes, Rootly will trigger the alert.
   1. **Note**: All Deferral Paths must have a time interval.
4. Define the 'After Deferral' logic. Once the time interval lapses, this determines which Escalation Path gets triggered:
   1. Re-evaluate the alert: Rootly will review all Escalation Paths (in the priority order) and execute the first matching path.
   2. Choose path: Rootly will execute the defined path.
      1. We recommend choosing a specific path if you do not want to follow your standard paging logic like the alert came in during regular hours. For example, you may want to defer low-urgency alerts on weekends, and then come Monday start paging on the alert as if it was high-urgency.
5. Click **Done**. You can edit the path's details at anytime.

<Frame>
  <img alt="Clean Shot2026 03 27at15 57 45@2x" />
</Frame>

### FAQs

<AccordionGroup>
  <Accordion title="Are all alerts deferred?">
    No, only alerts from Alert Sources, Live Call Routing, and Rootly's API are deferred. This means that any manual pages (i.e. alerts created by a user either directly in the web app or on Slack), alerts created through workflows, and any alerts from Heartbeats will not be deferred.

    Note: Rootly will only defer up to 50 Alerts at a time.
  </Accordion>

  <Accordion title="Can deferred alerts be grouped?">
    Deferred alerts can be grouped. However, we will only group deferred alerts together: paging alerts will never be grouped with deferred alerts. This ensures that any urgent alerts that should page never get deferred until a later date.
  </Accordion>
</AccordionGroup>

***

## Edit or Delete an Escalation Policy

To edit or delete a policy:

1. Navigate to **On-Call → Escalation Policies**
2. Click the `…` menu next to the policy
3. Select **Edit** or **Delete**

<Warning>
  Deleting an escalation policy is permanent. To disable a policy temporarily, unassign it from all teams and services instead.
</Warning>

***

## Best Practices

* Use short delays for high-severity alerts
* Assign policies to services whenever ownership is clear
* Avoid overly complex escalation trees
* Test policies with non-critical alerts before production use
* Use escalation paths to model time-based or urgency-based behavior

***

## FAQs

<AccordionGroup>
  <Accordion title="What happens if no one acknowledges an alert?" icon="circle-question">
    Escalation continues through all steps and repeat cycles until the alert is acknowledged or the policy completes.
  </Accordion>

  <Accordion title="Can escalation continue after acknowledgment?" icon="clock-rotate-left">
    Yes. If an acknowledgment timeout is configured and expires without resolution, escalation may resume.
  </Accordion>

  <Accordion title="Can one alert trigger multiple escalation policies?" icon="shuffle">
    Yes. Using an Escalate target triggers the destination policy while the original policy continues in parallel.
  </Accordion>

  <Accordion title="Do escalation policies create incidents automatically?" icon="circle-info">
    No. Escalation policies page responders. Incident creation is controlled separately through alert routing and workflows.
  </Accordion>
</AccordionGroup>


# Heartbeats
Source: https://docs.rootly.com/on-call/heartbeats

Continuously verify system health using Rootly Heartbeats and automatically trigger alerts on missed pings from cron jobs, schedulers, and background workers.

### Overview

Heartbeats allow you to monitor critical systems by requiring them to “check in” on a regular cadence.\
If a heartbeat fails to ping within the expected interval, Rootly automatically triggers an alert and notifies the appropriate on-call responders.

This ensures:

* Early detection of system failures
* Automatic paging when checks go silent
* Reliable uptime verification across services
* Zero reliance on external monitoring tools for liveness checks

<iframe title="Heartbeat Overview" />

***

### How Heartbeats Work

Each Heartbeat cycles through three statuses:

* **waiting** — newly created or recently updated; awaiting first ping
* **active** — successfully pinged and within its valid interval
* **expired** — missed its expected check-in; triggers a Heartbeat Alert

Each heartbeat is **disabled by default**. When enabled, Rootly tracks pings and expiration windows.

When a ping is received:

* `last_pinged_at` is updated
* `expires_at` is set to `now + interval`
* Status becomes **active**
* If transitioning from non-active → active, Rootly **resolves all open heartbeat alerts**

***

### Creating & Configuring Heartbeats

<Steps>
  <Step title="Step 1: Create a Heartbeat">
    Navigate to **On-Call → Heartbeats** and click **+ New Heartbeat**.

    You must configure:

    * **Name** (required, unique per team)
    * **Description** (optional)
    * **Notification Target** (required)
      * Escalation Policy
      * Service
      * Team (Group)
      * User
    * **Alert Summary** (required, 1–100 chars)
    * **Alert Urgency** (optional, recommended)
    * **Expected Ping Interval**
      * Interval: `1–300`
      * Unit: seconds, minutes, or hours

    Heartbeats start in **waiting** and **disabled** until explicitly enabled.

    <Frame>
      <img alt="Create Heartbeat" />
    </Frame>
  </Step>

  <Step title="Step 2: Enable and Activate the Heartbeat">
    Enabling a heartbeat begins the monitoring cycle. Note:

    * Changing **interval**, **interval unit**, or **enabling** a heartbeat resets it back to **waiting**
    * A heartbeat becomes **active** only after its **first successful ping**
  </Step>
</Steps>

***

### Pinging Heartbeats

Systems can ping heartbeats using **HTTP** or **email**.\
Both methods behave identically: they reset the timer and, if previously expired, will **resolve all heartbeat alerts**.

#### HTTP Ping (recommended)

Use the automatically generated ping URL:

```bash theme={null}
curl -X POST https://api.rootly.com/v1/heartbeats/{heartbeat_id}/ping \ 
--header 'Authorization: Bearer {heartbeat_token}'
```

Replace `{heartbeat_id}` with your Heartbeat’s UUID and `{heartbeat_token}` your Heartbeat's Auth token.\
Both are displayed directly in the Heartbeat’s configuration page.

<Info>
  Authorization header is required to send HTTP pings
</Info>

<Info>
  HTTP pings are ideal for scripts, cron jobs, containers, CI pipelines, and any system capable of making HTTP requests.
</Info>

***

#### Email Ping

Every Heartbeat is also assigned a **unique email address**:

```text theme={null}
heartbeat-<unique_key>@<your-inbound-domain>
```

Sending *any* email to this address counts as a valid ping.

**Common use cases:**

* Legacy systems that only support email notifications
* Backup/cron jobs that already send “success” emails
* Air-gapped or restricted systems that cannot perform HTTP requests

Behavior:

* Email subject/body do **not** matter
* Each valid email resets the Heartbeat’s timer
* Invalid addresses return a bounce notification

<Note>
  You can find the Heartbeat’s email address directly in its configuration panel.
</Note>

***

### Heartbeat Expiration & Recovery

#### When does a heartbeat expire?

A Heartbeat transitions to **expired** when:

```text theme={null}
current_time > expires_at
```

When expired:

* A **Heartbeat Alert** is created
* Routing rules determine who gets paged
* Escalation Policies and Alert Urgency define notification behavior

***

#### Automatic Recovery

If an expired heartbeat receives a ping:

1. Status transitions **expired → active**
2. All open Heartbeat Alerts are **automatically resolved**
3. A recovery event is added to the alert timeline

This avoids noisy follow-up alerts and validates system recovery.

<Info>
  Rootly guarantees that recovery events propagate even when grouped alerts are involved.
</Info>

***

### Special Behavior: Rootly API Heartbeat

Rootly includes a special internal Heartbeat named:

```text theme={null}
rootly-api-heartbeat
```

When pinged:

* **All** Heartbeats in the workspace reset to **waiting**
* Their timers and expiration windows are cleared

This is used internally for environment-wide health resets and should not be modified.

***

### Who Gets Paged for a Missed Heartbeat

Every Heartbeat must be configured with **one notification target**:

* **Escalation Policy**
* **Service**
* **Team (Group)**
* **User**

Rootly applies your workspace’s:

* Escalation rules
* Working hours
* Alert urgency
* Notification channels (SMS, phone, push, Slack, email)

This ensures missed pings integrate seamlessly with on-call workflows.

***

### Best Practices

* Use **short intervals** (1–5 minutes) for critical services
* Set **High urgency** for production-impacting checks
* Use **email pings** for legacy or offline systems
* Name Heartbeats clearly (e.g., `api-liveness`, `db-backup-success`)
* Use separate Heartbeats for independent components
* Review heartbeat alerts weekly to detect flapping or missing pings

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="Heartbeat stays in 'waiting'">
    * Heartbeat may not be **enabled**
    * Interval or unit was recently changed → resets to waiting
    * No valid pings received yet
    * Verify ping URL or email address is correct
  </Accordion>

  <Accordion title="Heartbeat never expires">
    * Interval may be too large
    * System may be sending frequent pings
    * Verify whether alert resolution is immediately resetting intervals
  </Accordion>

  <Accordion title="Alerts do not resolve after pings">
    * Check whether status transitioned `expired → active`
    * Ensure ping reached the correct Heartbeat ID
    * Review timeline for recovery events
  </Accordion>

  <Accordion title="Email pings aren’t registering">
    * Inbound email domain may not be configured
    * MX records could be missing or misconfigured
    * Invalid email formats will bounce
  </Accordion>
</AccordionGroup>

***


# Adding a Holiday Calendar
Source: https://docs.rootly.com/on-call/holiday-calendar

Preview team holidays and PTO directly alongside your Rootly on-call schedules to proactively identify coverage gaps and plan rotations around time off.

## Overview

Holiday calendars allow you to overlay your team’s **holidays, vacations, and paid time off (PTO)** directly on top of your Rootly on-call schedules. By visualizing time off alongside on-call coverage, teams can proactively identify potential gaps, avoid paging unavailable responders, and make adjustments before incidents occur.

Rather than reacting to conflicts after an alert fires, holiday calendars help you plan coverage with confidence—especially for global teams, shared rotations, and extended leave periods.

Holiday calendars are read-only previews. They do not automatically change schedules, but they make it easy to spot conflicts and quickly create overrides when needed.

***

## Creating a Holiday Calendar

Holiday calendars are added using an **iCal (ICS) feed**, which allows Rootly to continuously sync events from your existing calendar tools.

To create a new holiday calendar:

1. Navigate to **On-Call → Schedules** in the Rootly dashboard.
2. In the calendar preview, open the **Holiday calendars** dropdown.
3. Select **Add your team’s holiday calendar**, then choose **Add a holiday calendar**.
4. Paste the **iCal URL** for your team’s holiday or PTO calendar.
5. Provide a clear, descriptive name so teammates understand what the calendar represents.
6. Select the appropriate timezone (or leave it blank to allow Rootly to infer it from the calendar).
7. Click **Add** to save.

Once added, Rootly will fetch the calendar and sync its events automatically.

Back in the schedule view, you can select the holiday calendar from the dropdown to immediately see upcoming holidays and PTO displayed alongside your on-call shifts.

<img alt="Holiday calendar preview with schedule" />

***

## How Holiday Calendars Work in Practice

When a holiday calendar is enabled for preview, Rootly overlays calendar events directly onto the on-call schedule timeline. This makes it easy to see when a responder is scheduled to be on call during a holiday or vacation period.

Rootly intelligently expands recurring events, applies the correct timezone, and normalizes all-day events so conflicts are accurately detected. If a shift overlaps with a holiday or PTO event, that shift is visually highlighted to draw attention to the potential issue.

Holiday calendars are continuously kept up to date. Rootly automatically resyncs events in the background, so changes made in your source calendar are reflected without manual intervention.

***

## Identifying and Resolving Conflicts

When Rootly detects a potential conflict—such as an on-call responder being on vacation—it highlights the affected shift directly in the schedule view.

From there, you have a few options:

* Review the conflict and confirm coverage is acceptable.
* Create a temporary override to assign another responder.
* Adjust the schedule to redistribute coverage.
* Intentionally ignore the conflict if the responder is still available.

To take action quickly, you can click directly into the highlighted event and start the override flow with dates and times prefilled.

For step-by-step guidance on making these adjustments, see\
[Creating Overrides](https://docs.rootly.com/on-call/on-call-shifts#create-overrides-for-on-call-shifts).

***

## Best Practices

Using holiday calendars effectively can significantly improve on-call reliability. Many teams follow these best practices:

* Maintain a single shared PTO calendar per team or region.
* Use clear naming conventions (for example, “EMEA Holidays & PTO”).
* Review upcoming conflicts during on-call handoffs or planning meetings.
* Combine holiday calendars with overrides rather than editing schedules directly.
* Keep calendars synced rather than manually managing time-off in multiple systems.

Holiday calendars work best as an early-warning system—helping teams stay ahead of coverage issues instead of reacting under pressure.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Do holiday calendars automatically change my on-call schedule?">
    No. Holiday calendars are used for **visibility and planning only**.\
    They do not automatically reassign shifts or remove responders. You remain in full control of when and how overrides are created.
  </Accordion>

  <Accordion title="What calendar formats are supported?">
    Rootly supports standard **iCal / ICS feeds**. These can come from tools like Google Calendar, Outlook, or other calendar providers that expose an iCal URL.
  </Accordion>

  <Accordion title="How often does Rootly sync holiday events?">
    Holiday calendars are synced automatically in the background.\
    Rootly refreshes events on creation and continues to resync periodically to ensure changes in your source calendar are reflected accurately.
  </Accordion>

  <Accordion title="What happens if an event is recurring or all-day?">
    Rootly expands recurring events and normalizes all-day events so conflicts are detected correctly.\
    This ensures that multi-day vacations and company-wide holidays are fully accounted for when reviewing coverage.
  </Accordion>

  <Accordion title="Can I use multiple holiday calendars?">
    Yes. Teams can add multiple holiday calendars and choose which ones to preview in the schedule view.\
    This is useful for organizations with multiple regions, departments, or distinct PTO policies.
  </Accordion>
</AccordionGroup>


# Live Call Routing
Source: https://docs.rootly.com/on-call/live-call-routing

Set up live call routing in Rootly with voicemail, live connect, IVR calling trees, and phone-based on-call escalation for support phone numbers.

### Overview

Live Call Routing offers two options for handling urgent incidents: calls can either be routed instantly to the on-call team member for immediate response, or directed to a voicemail where the message is logged and the team is alerted. This flexibility ensures that critical issues are managed effectively, whether they require immediate attention or can be addressed shortly after.

<iframe />

### Configuring Live Call Routing

To create a new routing number in the web app:

1. Navigate to On-Call tab --> Live Call Routing Tab and click + New Routing Number.
2. Choose between Route to Voicemail or Connect Live

### Route to Voicemail

Selecting route to voicemail will route calls directly to voicemail for message logging and reviewing

#### Number

* Give your new routing number a Name (required)
* Select a Country (required)
* Select a Number Type (required)
* Once saved you will see Your Number appear

<img alt="Clean Shot2025 07 16at20 40 24@2x Pn" />

#### Routing Rules

* Define Who do you want to page? (required)
* Sent an Alert Urgency (required)

<img alt="Clean Shot2025 07 16at20 42 49@2x Pn" />

You can use a single phone number to route callers to many different destinations: this is a great option if you only want your callers to use a single phone number to page any of your teams and services.

When you add more than one Paging target to your Live Call Routing number, Rootly will create an IVR calling tree automatically. This allows your callers to input their preferred paging destination with their dial pad.

Each paging target can be routed to based on the corresponding number in the left hand column: for example, `Security` will be paged when your caller selects 1, and `DB - Production Database` will be paged when your caller selects 2.

Make sure to add instructions to let your caller know which number to select to route to their preferred destination. Rootly reserves `*` if the caller wants to listen to the options again.

#### Greetings

Add a greeting message for how would you like to greet your caller. This will be the initial message Rootly will read to your callers.

<img alt="Clean Shot2025 07 16at20 43 38@2x Pn" />

### Connect Live

Selecting Connect Live will connect the caller live to an on-call team member for immediate response.

#### Number

* Give your new routing number a Name (required)
* Select a Country (required)
* Select a Number Type (required)
* Once saved you will see Your Number appear

<img alt="Clean Shot2025 07 16at20 46 22@2x Pn" />

#### Routing Rules

* Define Who do you want to page? (required)
* Sent an Alert Urgency (required)

<img alt="Clean Shot2025 07 16at20 46 59@2x Pn" />

You can use a single phone number to route callers to many different destinations: this is a great option if you only want your callers to use a single phone number to page any of your teams and services.

When you add more than one Paging target to your Live Call Routing number, Rootly will create an IVR calling tree automatically. This allows your callers to input their preferred paging destination with their dial pad.

Each paging target can be routed to based on the corresponding number in the left hand column: for example, `Security` will be paged when your caller selects 1, and `DB - Production Database` will be paged when your caller selects 2.

Make sure to add instructions to let your caller know which number to select to route to their preferred destination. Rootly reserves `*` if the caller wants to listen to the options again.

Under Advanced Settings in your Routing Rules tab:

* You can choose to Redirect the caller to voicemail if there has been no answer after X amount of time
* Choose how quickly you want to Escalate to the next Escalation Policy after X amount of time
  * This will override the length of time between levels on your escalation policy since most users want a faster escalation since it is a live environment.
* Choose to Auto-resolve the alert when the call ends

#### Greetings

* Add a greeting message for How would you like to greet your caller?
* Set Waiting music
* Add a Voicemail prompt
  * This will be the message that is played when the caller is sent to voicemail
* Click Create Routing Number

<img alt="Clean Shot2025 07 16at20 48 23@2x Pn" />

### Supported Countries

Live Call Routing is available in the following countries:

| Country        | Code |
| -------------- | ---- |
| Australia      | AU   |
| Canada         | CA   |
| Germany        | DE   |
| Netherlands    | NL   |
| New Zealand    | NZ   |
| United Kingdom | GB   |
| United States  | US   |

If your country is not listed above, please contact your Rootly representative to discuss availability in your region.

***

### Best Practices

* Use **Connect Live** for critical, urgent systems
* Use **Route to Voicemail** for low-severity or non-production services
* Create a **single company-wide routing number** using a calling tree to direct to all teams
* Keep prompts short and clear (⅔ callers hang up when IVR menus are confusing)
* Assign meaningful digits (e.g., 1 = Security, 2 = On-Call, 3 = Database)
* Prefer shorter **escalation delays** for live calls

***

### Troubleshooting

<AccordionGroup>
  <Accordion title="Number allocation failed">
    * The selected number type may not be available
    * Try a different number type (local, mobile, toll-free)
    * Try another country
  </Accordion>

  <Accordion title="Caller unable to route via digits">
    * Calling tree prompt may be missing
    * Multiple targets require a prompt
    * IVR mappings must include unique digits
  </Accordion>

  <Accordion title="Paging not triggered">
    * Alert urgency missing at router or mapping level
    * Notification target removed or invalid
    * Calling tree mappings missing escalation trigger records
  </Accordion>

  <Accordion title="Waiting music not playing">
    * Music must be selected from the approved Rootly list
  </Accordion>
</AccordionGroup>

***


# Mobile App
Source: https://docs.rootly.com/on-call/mobile-app

Download and use the Rootly mobile app for iOS and Android to receive, acknowledge, and escalate alerts while on-call, with critical alert and override support.

<Frame>
  <img alt="" />
</Frame>

<Note>
  Required User Seats and User Permissions

  Users will need an on-call seat to log in and access the app.
</Note>

The Rootly mobile app lets you receive and acknowledge alerts, escalate alerts to incidents, and see all the information you need while you are on-call.

## Download the mobile app

Rootly's mobile app supports both iOS and Android devices.

<CardGroup>
  <Card title="Download on iOS" icon="apple" href="https://apps.apple.com/us/app/rootly/id6478240412">
    Download from the App Store
  </Card>

  <Card title="Download on Android" icon="android" href="https://play.google.com/store/apps/details?id=com.rootly.app&hl=en_US">
    Download from Google Play
  </Card>
</CardGroup>

After downloading:

1. Open the Rootly app on your device
2. Enter your Rootly credentials to log in

## Log in to Rootly

Log in to your Rootly account using any of the following methods:

* Email address and password
* Google SSO
* Slack SSO
* Third-party identity provider (SAML SSO)

Compatibility

For security purposes minimum software versions supported are:

* Android 11+ (SDK 30+)
* iOS 16+

## Push Notification

### IOS

* IOS used critical alert for high urgency alerts.

<Warning>
  Apple Watch Compatibility

  If you have an Apple Watch connected to your iPhone, critical alerts may not play sound on your iPhone. To fix this:

  1. Open the Watch app on your iPhone
  2. Go to Notifications
  3. Scroll down to "Mirror iPhone Alerts from"
  4. Unselect Rootly

  This allows the full Rootly sound to play on your iPhone while on-call.
</Warning>

### Android

#### Battery-Saving Mode

Users may experience delayed notifications when using battery-saving mode. To resolve this for Rootly, navigate to Settings > Battery > Battery usage > Rootly, and choose Unrestricted.

On some devices, this setting might appear as Don't wake for notifications. Disabling this option can help ensure notifications are received promptly.

#### Samsung

Battery Optimization and App Restrictions: Samsung devices are known to aggressively manage background processes to optimize battery life. When an app is in the background or killed, Samsung’s battery optimization settings can block notifications entirely, or modify their behavior (such as muting sound or vibration). You can check if battery optimization is affecting your app:

`Go to Settings > Apps > Your App > Battery > Optimize Battery Usage and turn off optimization for your app.`

Device-Specific Notification Handling: Some Samsung devices (especially recent ones with One UI) impose additional restrictions on background notifications. You might need to guide users to allow the app to run in the background or turn off restrictions. For this:

`Go to Settings > Device Care > Battery > App power management and disable "Put unused apps to sleep" for your app.`

<Warning>
  Android Work Profiles

  Due to a Work Profile limitation from Android, overriding System Volume and Do Not Disturb will not work when the Rootly app is under a Work Profile.

  For better behavior, it is recommended to also add **Google Chrome** to your Work Profile alongside the Rootly app. This ensures optimal functionality and performance.
</Warning>

## China Support

Rootly is available in china in the following stores.

| Store  |   Status  | Version |                             Link                             |
| :----- | :-------: | :-----: | :----------------------------------------------------------: |
| HONOR  | Published |  2.7.0  |                              N/A                             |
| OPPO   | Published |  2.7.0  |                              N/A                             |
| VIVO   | Published |  2.7.0  |                              N/A                             |
| XIAOMI | Published |  2.7.0  | [Open Link](https://app.mi.com/details?id=cn.net.rootly.app) |

Alternatively you can download the chinese version [here](https://rootly-heroku.s3.us-east-1.amazonaws.com/android/app-cnProduction-release-2.7.0.apk)

## Intune Support

Rootly's mobile app supports **Microsoft Intune Mobile Application Management (MAM)**, allowing your organization to enforce App Protection Policies on the Rootly app without requiring full device enrollment (MDM).

This means you can protect corporate data on both company-owned and personal (BYOD) devices by controlling actions like copy/paste, screenshots, and selective wipe — all scoped to the Rootly app.

### How it works

When Intune MAM is enabled for your organization in Rootly:

1. Users log into Rootly normally (SSO, email, etc.)
2. Rootly detects that the organization requires Intune and prompts the user to sign in with their Microsoft work account
3. The Intune MAM SDK enrolls the app with your organization's App Protection Policy
4. The app restarts to apply the protection policies

After enrollment, Intune policies are enforced within the Rootly app (e.g., screenshot blocking, data transfer restrictions) without managing the entire device.

### Prerequisites

<Warning>
  **Before you start, ensure you have:**

  * A **Microsoft Entra ID (Azure AD)** tenant with Intune licenses
  * **Admin access** to the Microsoft Intune admin center and Entra ID
  * An **App Protection Policy** for iOS/iPadOS created in Intune
  * The **Microsoft Authenticator** app installed on end-user devices
</Warning>

<Note>
  Microsoft Authenticator is required on user devices because it acts as the authentication broker for Intune MAM enrollment. Without it, the MAM token acquisition will fail.
</Note>

### Step 1: Enable Intune in Rootly

Contact Rootly support or your account manager to enable Intune MAM for your organization. Once enabled, Rootly will set the `mdm_provider` configuration to `intune` for your team, which activates the Intune enrollment gate in the mobile app.

### Step 2: Grant admin consent for the Rootly app registration

Rootly's mobile app uses a Microsoft Entra ID (Azure AD) app registration to authenticate with MSAL and enroll with the Intune MAM service. Your tenant admin must grant consent for this app.

**Rootly App Registration:**

* **Client ID:** `8a50cf17-45cf-41d2-8e32-2fe6fa0c5baf`
* **App Name:** Rootly (may appear as "Rootly \[Dev]" in sign-in logs)

<Steps>
  <Step title="Open Entra ID Enterprise Applications">
    In the [Microsoft Entra admin center](https://entra.microsoft.com), go to **Identity > Applications > Enterprise applications**.
  </Step>

  <Step title="Search for the Rootly app">
    Search for the Rootly client ID: `8a50cf17-45cf-41d2-8e32-2fe6fa0c5baf`.

    If the app does not appear, you will need to grant admin consent first (see next step).
  </Step>

  <Step title="Grant tenant-wide admin consent">
    Open the following URL in your browser, replacing `{TENANT_ID}` with your Entra tenant ID:

    ```
    https://login.microsoftonline.com/{TENANT_ID}/adminconsent?client_id=8a50cf17-45cf-41d2-8e32-2fe6fa0c5baf
    ```

    Sign in as a Global Administrator or Application Administrator and accept the requested permissions.
  </Step>

  <Step title="Verify permissions">
    After granting consent, go back to **Enterprise applications > Rootly > Permissions**. Confirm that the following permissions are granted:

    * **Microsoft Graph:** `User.Read` (delegated)
    * **Microsoft Mobile Application Management:** device management permissions (delegated)

    Both permissions must show **Granted for \[your tenant]** status.
  </Step>
</Steps>

<Warning>
  **This step is critical.** Without admin consent for the Microsoft Mobile Application Management resource, the Intune MAM SDK cannot acquire the token it needs to enroll the app. Users will see an `MSALErrorDomain error -50002` on iOS or a similar error on Android.
</Warning>

### Step 3: Add Rootly to your App Protection Policy

<Steps>
  <Step title="Open Intune App Protection Policies">
    In the [Microsoft Intune admin center](https://intune.microsoft.com), go to **Apps > App protection policies**.

    Select the iOS/iPadOS policy you want to apply to Rootly (or create a new one).
  </Step>

  <Step title="Add Rootly as a custom app">
    In the policy, go to **Properties > Apps > Edit**. Under **Custom apps**, click **Select custom apps** and add:

    * **Bundle ID:** `com.rootly.app`
    * **Platform:** iOS/iPadOS

    For Android, use the same bundle ID: `com.rootly.app`.
  </Step>

  <Step title="Assign users or groups">
    Under **Assignments > Included groups**, ensure the users who need Rootly are included in this policy's target groups.

    The policy must target both the app (bundle ID) **and** the user/group. Adding the app without assigning users will not activate the policy.
  </Step>

  <Step title="Wait for policy sync">
    Policy changes can take up to 8 hours to propagate to devices. Typically this takes 30 minutes to 2 hours.

    Users can force a sync from **Company Portal > Settings > Sync** on their device.
  </Step>
</Steps>

### Step 4: User login flow

Once everything is configured, the end-user experience is:

<Steps>
  <Step title="Log into Rootly">
    Open the Rootly app and sign in using your organization's SSO (or email/password).
  </Step>

  <Step title="Microsoft sign-in prompt">
    After Rootly authentication, the app detects that your organization requires Intune and displays the **"Organization Sign-In Required"** screen. Tap **Sign in with Microsoft**.
  </Step>

  <Step title="Authenticate via Microsoft Authenticator">
    The Microsoft Authenticator app opens. Select your work account and complete MFA if prompted.
  </Step>

  <Step title="App restart">
    After successful enrollment, the app restarts to apply the App Protection Policies. This restart is required by the Intune MAM SDK and only happens on first enrollment.
  </Step>
</Steps>

On subsequent app launches, the enrollment is remembered and the user goes directly to the Rootly home screen.

### Supported platforms

| Platform     | MAM Support | Bundle ID        |
| ------------ | ----------- | ---------------- |
| iOS / iPadOS | Supported   | `com.rootly.app` |
| Android      | Supported   | `com.rootly.app` |

<Note>
  Intune MAM works on both managed (MDM-enrolled) and unmanaged (BYOD) devices. Full device enrollment via Company Portal is **not** required for app-level protection.
</Note>

### Managed app configuration (Android)

Rootly's Android app reads managed app configuration (AppConfig) pushed from Intune. AppConfig is how your tenant signals to Rootly that the app is operating in a managed context, and how you enable behaviors that require tenant intent — such as routing SSO through your APP policy's managed browser.

#### When to push AppConfig

* **You are on a BYOD / MAM-only deployment** (no Work Profile) and want Rootly's SSO launch to honor your APP policy's managed-browser redirect (e.g. to Microsoft Edge). Without AppConfig, Rootly cannot tell that Intune is governing the app and falls back to the system default browser, which the MAM policy cannot intercept.
* **You use per-app VPN scoped to Rootly** and need authentication traffic to stay inside the app process. See `use_in_app_browser` below.

Pushing any AppConfig (even an empty key/value) is enough to flip Rootly's managed-device detection on. You can use the keys below to opt into specific behaviors.

#### Supported keys

| Key                  | Type    | Default | Description                                                                                                                                                                                                                                                                                                                                                                                             |
| -------------------- | ------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `use_in_app_browser` | Boolean | `false` | When `true`, Rootly's Android SSO launch uses an embedded in-app web view instead of the system browser. Set this when the Rootly app is behind a per-app VPN scoped to Rootly only — the system browser runs outside that VPN tunnel and cannot reach corporate auth endpoints. Leave `false` (or omit) for normal MAM deployments so the Microsoft broker can attach device context to the auth flow. |

#### How to push AppConfig

In the [Microsoft Intune admin center](https://intune.microsoft.com):

<Steps>
  <Step title="Create an app configuration policy">
    Go to **Apps > App configuration policies > Add > Managed apps**. Choose Android, then add `com.rootly.app` as the targeted app.
  </Step>

  <Step title="Add the configuration keys">
    Under **Configuration settings**, add the keys you need from the table above. For example, to opt into the in-app browser:

    * **Configuration key:** `use_in_app_browser`
    * **Value type:** `Boolean`
    * **Configuration value:** `true`
  </Step>

  <Step title="Assign to users or groups">
    Under **Assignments**, target the same users or groups that have your APP policy assigned.
  </Step>
</Steps>

Policy changes can take up to 8 hours to reach devices; users can force a sync from **Company Portal > Settings > Sync**.

### Troubleshooting

#### MSALErrorDomain error -50002 (iOS)

This error means the Intune MAM SDK could not acquire a token for the Microsoft Mobile Application Management service. Common causes:

| Cause                                                                            | Solution                                                                                                   |
| -------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **Admin consent not granted** for the Rootly app registration in your tenant     | Grant admin consent using the URL in [Step 2](#step-2-grant-admin-consent-for-the-rootly-app-registration) |
| **Microsoft Authenticator not installed** or not signed in with the work account | Install Authenticator and sign in with the same work account used for Rootly                               |
| **User not assigned** to the App Protection Policy                               | Verify the user is in the policy's Included groups under Assignments                                       |
| **Bundle ID mismatch** in the policy                                             | Confirm the custom app entry is exactly `com.rootly.app` with platform iOS/iPadOS                          |
| **Policy sync delay**                                                            | Wait up to 8 hours or force sync via Company Portal                                                        |

To diagnose, ask your Entra ID admin to check **Sign-in logs** for the user and look for entries where the **Resource** is "Microsoft Mobile Application Management" with status "Interrupted". The error code (e.g., `AADSTS65001`) will identify the exact cause.

#### App Protection Policy not applying

If the Rootly app is enrolled but policies don't seem active (e.g., screenshots still work):

1. Verify the policy's **Data protection** settings are configured as expected
2. Check that the user appears in the Intune admin center under **Apps > Monitor > App protection status** with `com.rootly.app` showing "Checked in"
3. If `com.rootly.app` does not appear in the check-in list, enrollment did not complete. Re-trigger by signing out of Rootly and signing back in

#### Enrollment works but app keeps asking to sign in

This can happen if the MSAL token cache was cleared (e.g., after an app update or device restart). The Rootly app automatically attempts to re-enroll silently on launch. If silent re-enrollment fails:

1. Ensure Microsoft Authenticator is still installed and signed in
2. Tap **Sign in with Microsoft** to re-authenticate
3. If the issue persists, sign out of Rootly completely and sign back in

## Rootly vCard

Incoming pages from Rootly can come from various numbers depending on the country you're located in. To ensure that each page appears as Rootly calling, you can download the Rootly vCard through this link: [https://rootly.com/rootly-outgoing-numbers.vcf](https://rootly.com/rootly-outgoing-numbers.vcf).


# Get Started
Source: https://docs.rootly.com/on-call/on-call

Understand how Rootly On-Call ensures the right people are paged at the right time using schedules, escalation policies, and real-time routing.

## What Is Rootly On-Call?

Rootly On-Call is the decision engine that determines who should respond, how urgently, and through which channels when something requires immediate attention.\
It brings together all the components required for reliable paging—**schedules**, **escalation policies**, **notification rules**, **live call routing**, and **health checks**—and applies them consistently across alerts, incidents, phone calls, and automations.

Rootly’s goal is simple: **Every critical signal reaches the right human, right away, with zero manual coordination.**

To achieve this, On-Call unifies:

* **On-Call Schedules** — define coverage, rotations, and business-hour logic
* **Escalation Policies** — define how Rootly escalates until someone responds
* **Notification Channels** — voice, SMS, Slack, email, push, with urgency-aware delivery
* **Live Call Routing** — turn a phone call into a page or live connection
* **Heartbeats** — detect system failures proactively
* **Urgency Rules** — ensure critical alerts bypass delays and DND

<Check>
  If alerts are the *signal*, On-Call is the *routing system* that ensures the signal always reaches a human responder—reliably and consistently.
</Check>

***

### Why It Matters

A robust on-call program is foundational to operational reliability. It’s the safety net that ensures issues are detected early, routed correctly, and acted on quickly—no matter when they occur or who is available. Rootly On-Call centralizes this responsibility by coordinating schedules, escalation logic, and notification channels so teams never have to wonder who should respond or how alerts should flow. It eliminates guesswork, reduces manual coordination, and brings consistency to the moments where clarity matters most. Rootly On-Call ensures:

#### **Fast, accurate detection**

Monitoring tools send alerts → Rootly immediately routes them to the correct responder based on urgency and routing rules.

#### **Predictable coverage**

Schedules define who is responsible at any moment—across time zones, rotations, and business hours.

#### **Reliable escalation**

If a responder does not acknowledge in time, Rootly automatically escalates until someone does—no pager fatigue, no dropped alerts.

#### **Multi-channel delivery**

Rootly intelligently chooses notification channels based on urgency, fallback logic, user preferences, and device availability.

#### **Consistent workflow integration**

All paging activity flows naturally into Incident Management, Workflows, Analytics, and communication channels like Slack.

***

### Key Components of On-Call

#### **1. Schedules**

Schedules define **who is on duty right now**. They support:

* Multi-person rotations
* Layered coverage (primary / secondary)
* Business-hour–only schedules
* Time-zone–aware planning
* Slack usergroup auto-updates
* Shift overrides and handoff workflows

Schedules provide the “real-time roster” that escalation policies use when selecting responders.

#### **2. Escalation Policies**

Escalation Policies define **how Rootly should escalate if no one responds**.

They support:

* Multiple sequential levels
* Paging Users, Groups (Teams), Services, or Schedules
* Working-hours logic (different paths for after-hours alerts)
* Custom repeat rules
* Dynamic escalation paths filtered by alert urgency or alert content

Escalation Policies guarantee alerts do not stall on a single unresponsive user.

#### **3. Notification Channels**

Rootly uses multiple channels to maximize responder reach:

* Phone calls (with DND override for critical alerts)
* SMS with retry logic
* Push notifications from the mobile app
* Slack notifications
* Email

Rootly automatically handles fallbacks, retries, and acknowledgement tracking.

#### **4. Live Call Routing**

Allows employees, customers, or automated systems to trigger a page via phone call.

Capabilities include:

* Live connection to the on-call responder
* Voicemail → auto-page flow
* IVR calling trees for multi-team routing
* Per-destination urgency settings
* Failover to voicemail if unanswered
* Custom greetings and waiting music

This is the fastest way for a human caller to reach “whoever is on call right now.”

#### **5. Heartbeats**

Heartbeats ensure systems are actively reporting in.\
If a system fails to ping Rootly within the expected interval:

* A heartbeat alert is triggered
* Escalation Policies route it to the correct team
* Recovery pings automatically resolve the alert

Heartbeats reduce reliance on external uptime tools and provide first-party liveness checks.

***

### How Rootly On-Call Fits Into the Incident Workflow

1. **Monitoring detects a problem**\
   → Datadog, Grafana, Sentry, or any alert source sends a signal.

2. **On-call routing determines who to notify**\
   → Escalation Policies + Schedules identify the correct responder.

3. **Rootly notifies them through the appropriate channels**\
   → Based on user preferences, urgency, and fallback rules.

4. **Responder acknowledges**\
   → Escalation pauses; Rootly records the event.

5. **An incident is optionally created or updated**\
   → Workflows determine whether to open a new incident, attach alerts, or notify stakeholders.

<Info>
  On-Call is the bridge between *systems detecting issues* and *humans resolving them*.
</Info>

***

### Best Practices

* Keep rotation structures simple and predictable.
* Use escalation policies consistently across services.
* Set quiet vs. audible notification rules for each urgency level.
* Use business hours paths to avoid unnecessary nighttime paging.
* Pair schedules with Slack usergroups so teams always know who’s on call.
* Review unacknowledged alerts and escalation depth in On-Call Metrics.

***

### Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="What determines who gets paged?">
    Rootly looks at the alert’s routing target (service, team, escalation policy) and then uses schedules + escalation rules to select the responder.
  </Accordion>

  <Accordion title="Does Rootly notify across multiple channels?">
    Yes. Rootly can send voice calls, SMS, push notifications, Slack messages, and emails—based on urgency and user preferences.
  </Accordion>

  <Accordion title="What if no one responds?">
    Rootly automatically escalates to the next level in the escalation policy until someone acknowledges.
  </Accordion>

  <Accordion title="Do we need Live Call Routing or Heartbeats?">
    They’re optional but highly recommended:

    * Live Call Routing lets callers reach on-call responders instantly
    * Heartbeats detect silent system failures proactively
  </Accordion>
</AccordionGroup>

***


# On-Call Metrics
Source: https://docs.rootly.com/on-call/on-call-metrics

Analyze on-call performance using response time, alert volume, acknowledgement, and escalation metrics to continuously improve reliability and responder health.

## Overview

**On-Call Metrics** give you deep visibility into how effectively your team responds to alerts. These metrics help you understand not just *how many* alerts you receive, but *how quickly* they are acknowledged, *how long* they take to resolve, and *how evenly* response effort is distributed across teams, services, and escalation paths.

Every Rootly workspace includes a **pre-configured On-Call Metrics dashboard** out of the box. This dashboard is designed to surface the most important operational signals immediately, while still allowing full customization as your organization’s needs evolve.

Teams use On-Call Metrics to:

* Identify bottlenecks in alert routing and escalation
* Reduce alert fatigue and uneven on-call load
* Improve responder experience and accountability
* Make data-driven decisions about staffing, schedules, and escalation policies

## Getting Started

To access your on-call analytics, navigate to **Metrics** in the Rootly navigation and select the **On-Call Metrics** dashboard.

<Frame>
  <img />
</Frame>

By default, the dashboard displays data for the **last 90 days**, aggregated weekly. You can adjust the time range and aggregation period at any time to zoom in on recent incidents or analyze longer-term trends.

## What the Default Dashboard Measures

The default dashboard focuses on three core areas:

* **Response speed** — how quickly alerts are acknowledged and resolved
* **Response effort** — how much time responders spend handling alerts
* **Alert distribution** — where alerts originate and who handles them

Together, these views provide a holistic picture of on-call performance across your organization.

### Core Response Metrics

These metrics focus on how quickly alerts move through the response lifecycle.

* **Total Alerts**\
  The total number of alerts triggered in Rootly during the selected time period. This metric is often used as a baseline to understand alert load and detect spikes caused by deployments, outages, or noisy monitors.

* **Mean Time to Acknowledge (MTTA)**\
  The average time between an alert firing and a responder acknowledging it. MTTA reflects notification reachability, escalation effectiveness, and responder availability.

* **Mean Time to Resolve (MTTR)**\
  The average time between alert trigger and resolution. This includes investigation, mitigation, and recovery, making it a strong indicator of incident complexity and operational efficiency.

* **Mean Time Between Failures (MTBF)**\
  The average time between alert triggers. A decreasing MTBF may signal instability or excessive alerting, while an increasing MTBF often reflects improving reliability.

* **Acknowledge Rate**\
  The percentage of alerts that are acknowledged by responders. Lower acknowledge rates can indicate alert fatigue, misconfigured notifications, or routing issues.

### Performance Breakdown

These metrics help you understand *who* is responding and *where* time is being spent.

* **MTTA by Responder**\
  Shows how quickly individual responders acknowledge alerts. This can surface timezone mismatches, training gaps, or uneven alert distribution.

* **MTTR by Service**\
  Breaks resolution time down by affected service, helping teams identify systems that are consistently harder to recover.

* **Response Effort**\
  Represents the total time spent responding to alerts, measured from acknowledgment to resolution. This metric helps quantify operational load and compare effort across teams or services.

### Alert Distribution Insights

Distribution metrics show how alerts flow through your organization.

* **Alerts by Source**\
  Highlights which monitoring tools generate the most alerts, helping teams tune integrations and reduce noise.

* **Alerts by Responder**\
  Shows how alerts are distributed across individuals, making it easier to identify overload or imbalance in rotations.

* **Alerts by Urgency**\
  Breaks alerts down by priority, helping validate whether severity definitions align with real-world response behavior.

* **Alerts by Escalation Policy**\
  Reveals which escalation workflows are most active and whether policies are triggering as expected.

* **Alerts by Service**\
  Shows where alert volume is concentrated, helping teams prioritize reliability improvements for the most impactful systems.

## Customizing Your Dashboard

The On-Call Metrics dashboard is fully customizable, allowing you to tailor it to what reliability means for your organization.

You can modify existing panels to change time ranges, filters, aggregation methods, or visualization types. This makes it easy to answer targeted questions—such as how response times differ during business hours or how a recent rollout affected alert volume.

You can also add new panels using **alert data** or **incident data**, enabling teams to correlate paging behavior with broader incident trends.

<Note>
  For the most complete view of operational performance, combine **alert-based metrics** with **incident-based metrics** in the same dashboard.
</Note>

## Sharing and Exporting Metrics

On-call metrics are often valuable beyond the immediate response team. Rootly allows you to export individual panels or entire dashboards for sharing with leadership, stakeholders, or external partners.

Exports can be generated directly from the dashboard using the panel or dashboard menu, making it easy to include on-call performance data in reports, reviews, and postmortems—without manual data collection.

***

## Best Practices

To get the most value from On-Call Metrics:

* Review metrics regularly, not just during incidents
* Use MTTA trends to validate notification reachability and escalation effectiveness
* Monitor MTTR by service to identify systems that need reliability investment
* Watch alert distribution to ensure on-call load is balanced fairly
* Treat metrics as a feedback loop—refine alerting and escalation, then measure again

***

## Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="Where does On-Call Metrics data come from?">
    On-Call Metrics are derived directly from **alert and incident events** in your Rootly workspace.\
    Metrics such as MTTA, MTTR, and acknowledge rate are calculated using timestamps recorded when alerts are triggered, acknowledged, and resolved. Because the data is event-driven, metrics update automatically as new alerts and incidents occur.
  </Accordion>

  <Accordion title="Why do some dashboards show fewer alerts than expected?">
    On-Call Metrics only include alerts that are processed through Rootly’s alerting and escalation system.\
    If a schedule is not attached to an escalation policy, or an alert source is misconfigured, those alerts may not appear in metrics. Reviewing escalation policies and alert routing is often the first step when counts seem lower than expected.
  </Accordion>

  <Accordion title="What is the difference between MTTA and MTTR?">
    **Mean Time to Acknowledge (MTTA)** measures how quickly a responder acknowledges an alert after it fires.\
    **Mean Time to Resolve (MTTR)** measures how long it takes to fully resolve the issue after the alert is triggered.\
    Together, these metrics help distinguish between *notification speed* and *resolution efficiency*.
  </Accordion>

  <Accordion title="How should I interpret Response Effort?">
    Response Effort represents the **total time spent actively responding to alerts**, measured from acknowledgment to resolution.\
    This metric is useful for understanding operational load and comparing effort across teams or services, even when alert volume is similar.
  </Accordion>

  <Accordion title="Can I customize which metrics appear on the dashboard?">
    Yes. Every panel on the On-Call Metrics dashboard can be edited, removed, or duplicated.\
    You can also add new panels using alert or incident data to track metrics that are specific to your organization’s reliability goals.
  </Accordion>

  <Accordion title="Who can edit or share the On-Call Metrics dashboard?">
    By default, the team owner is granted manager access to the dashboard, and the team is granted edit access.\
    Additional permissions can be managed through Rootly’s dashboard sharing and role-based access controls.
  </Accordion>

  <Accordion title="How often is metrics data updated?">
    Metrics update continuously as new alert and incident events are recorded.\
    There is no manual refresh required—changes to alerts, acknowledgements, or resolutions are reflected automatically in the dashboard.
  </Accordion>

  <Accordion title="Should I use On-Call Metrics or Incident Analytics?">
    On-Call Metrics focus on **paging and responder behavior**, while Incident Analytics focus on **incident lifecycle and outcomes**.\
    For the most complete picture of reliability, Rootly recommends using both together to connect alert response performance with incident impact.
  </Accordion>
</AccordionGroup>

***

**Tip:** Reviewing On-Call Metrics alongside Retrospectives helps connect quantitative performance data with qualitative incident learnings.


# On-Call Notifications
Source: https://docs.rootly.com/on-call/on-call-notifications

Set up shift reminders and personal notification rules in Rootly On-Call to control how and when you receive alerts via email, push, SMS, and phone calls.

To configure your on-call notification preferences, navigate to **Account Settings → Notifications → On-Call Notifications**.

This page is where you define two things that matter during every high-pressure moment: **how Rootly reaches you when you’re paged**, and **how Rootly reminds you about upcoming coverage**. The goal isn’t just “send a notification.” The goal is to make sure the right signal reaches the right person, in the right way, without adding noise or relying on manual coordination.

***

## Notification Rules

Notification Rules control how you are notified when an alert is assigned to you. They are evaluated as an ordered sequence of “steps.” If an alert remains unacknowledged, Rootly moves forward to the next step and continues escalating until someone responds or the escalation path completes.

You configure **Audible** and **Quiet** rules separately so you can treat urgent alerts differently from low-priority alerts. In practice, this is what allows teams to page hard for production-impacting issues while still keeping informational signals visible without waking someone up unnecessarily.

<img alt="Clean Shot2026 01 29at16 51 45@2x" />

### How notifications are delivered

Rootly supports several delivery methods for notification rules, and each is intentionally designed for a slightly different purpose.

Email and SMS are great for redundancy and visibility. Phone calls are harder to miss and are commonly used as a fallback when an alert remains unacknowledged. Push notifications come in two flavors: **Critical Alerts** and **Push Notifications (non-critical)**. That distinction matters—especially if you rely on Do Not Disturb.

<Note>
  **Critical Alerts** are delivered as a device push that is intended to bypass Do Not Disturb.\
  **Push Notifications (non-critical)** are delivered as a device push that respects Do Not Disturb.
</Note>

If you’re trying to create a setup that is “reliable but not disruptive,” you’ll typically reserve Critical Alerts (and calls) for audible paging, and use non-critical push, SMS, or email for quiet paging.

### Audible notifications

Audible rules are how you want to be contacted when an alert requires immediate action. Think of this as your “wake-me-up” configuration.

Rootly enforces a few guardrails here because audible paging is only effective if it’s impossible to configure into a state where urgent alerts can silently fail. In other words: Rootly won’t let you accidentally create an audible policy that can’t actually reach you.

The most important rule is the first step. On the first audible step, Rootly requires a real-time, high-reliability delivery method:

* If you have a connected mobile device, **Critical Alerts are required on step 1**.
* If you do not have a connected mobile device, **a phone call is required on step 1**.

After step 1, you still have flexibility, but Rootly continues to protect you from building “quiet audible” rules. For any audible step after the first, at least one of the following must remain enabled: **Phone call** or **Critical Alerts**.

<Warning>
  Audible notification steps are validated to prevent missed pages. If you try to save an audible step that can’t reliably reach you (for example, no Critical Alerts on step 1 when a device is connected), Rootly will block the save until the rule is made safe.
</Warning>

This is also why many teams pair Critical Alerts with a secondary channel (like SMS or email). Even if you’re confident push will reach your device, redundancy makes paging behavior more resilient under real-world conditions.

### Quiet notifications

Quiet rules are for alerts that still matter, but don’t justify immediate interruption. Quiet notifications can still escalate through multiple steps, but the intent is fundamentally different: keep responders informed and create visibility without forcing someone to wake up or break focus unless it’s truly necessary.

Quiet rules are where teams typically lean on email, SMS, and **non-critical push notifications**. Quiet push is especially useful when you want alerts to land on a phone without cutting through Do Not Disturb.

<Note>
  If you want “push to phone” without bypassing Do Not Disturb, make sure you’re using **Push Notifications (non-critical)** rather than Critical Alerts.
</Note>

### Testing your notifications

On-Call Notifications is also where you can validate your setup before you depend on it. The **Test Notifications** action lets you send test messages to the targets you’ve configured so you can confirm that delivery works end-to-end.

Testing is available for the same core delivery methods used by notification rules, including email, SMS, phone call, and device push. This is worth doing any time you change phones, update a phone number, reinstall the mobile app, or simply want to confirm that your current configuration still behaves the way you expect.

<Tip>
  A good rule of thumb is to test at least one audible path (Critical Alerts or call) and one quiet path (email or non-critical push) after setting up notifications—before you go on-call.
</Tip>

***

## Verification requirements

To protect responders from configuration that looks valid but can’t actually deliver, Rootly requires contact methods to be verified before they can be used for paging.

If you attempt to save rules using an unverified phone number (for SMS or call) or an unverified email address (for email), Rootly will block the configuration until verification is complete. Shift Reminders follow the same principle: reminder delivery methods must be verified when the reminder is enabled.

<Warning>
  If you can’t save notification rules or reminders, verification is the first thing to check. Unverified phone numbers and email addresses will prevent delivery-enabled configurations from being saved.
</Warning>

### Shift Reminders

Shift Reminders notify you before your shift starts and when your shift ends. This is less about “paging” and more about preventing operational surprise. Reminders are especially helpful when you rotate frequently, cover multiple schedules, or switch between teams.

You can enable reminders and choose how you want them delivered. Shift reminders support email, SMS, push notifications, and Slack (Slack reminders require your Slack account to be connected).

<Frame>
  <img alt="Shift reminders configuration" />
</Frame>

### Reminder timing and limits

Reminders are configured using a delay (how long before the shift boundary you want to be notified). By default, you’ll commonly see delays like **3 days**, **1 day**, and **1 hour**.

Some workspaces also support additional reminder options—such as **30 minutes**, **15 minutes**, and **1 minute**—to better fit short rotations or “handoff-heavy” teams. When those additional options are enabled, you can configure up to **three reminders per reminder type** (for example: multiple reminders before shift start). If those additional options are not enabled, reminders are typically limited to one reminder per type (one for start, one for end).

<Note>
  If you only see one reminder available for start/end, your workspace may not have the additional shift reminder options enabled. In workspaces where the expanded options are enabled, you can configure up to three reminders per type.
</Note>

### Slack reminders (when available)

Slack delivery is available for shift reminders, but only when your Slack account is connected. If Slack isn’t connected, the UI will prevent enabling Slack reminders because Rootly has no valid user destination to deliver to.

### Nested schedules and reminder behavior

Shift reminders are sent for the schedule you are directly on-call for. If your schedule is included in another schedule (a “parent schedule” pattern), reminders do not fire for the nested schedule coverage in order to avoid duplicate reminders and confusing overlap.

<Warning>
  You won’t receive shift reminders for shifts where your schedule is on-call indirectly through a parent schedule.
</Warning>

***

## Default setup behavior

If notification rules or reminders are missing, Rootly automatically creates a safe baseline so new responders aren’t left unpaged.

Typically, that means a default quiet rule (commonly email), a default audible rule (email plus a high-reliability channel when available), and two shift reminders (one for shift start and one for shift end) initially delivered via email. These defaults are meant to be edited—not treated as “best possible forever”—but they provide immediate coverage while a team finalizes their preferred setup.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="I can’t save an audible notification step">
    Audible rules have strict safety requirements so that urgent alerts can’t be configured into a non-deliverable state. The most common causes are missing Critical Alerts on the first audible step (when a device is connected) or missing phone call coverage on the first step (when no device is connected). For later audible steps, Rootly requires that at least one of phone call or Critical Alerts remains enabled so escalation can’t become “quiet” by accident.
  </Accordion>

  <Accordion title="My phone number or email won’t work in rules or reminders">
    Notification rules and enabled shift reminders require verified contact methods. If your email address or phone number is unverified, Rootly will block saving configurations that depend on those channels because delivery would fail at runtime. Verify the contact method first, then return to On-Call Notifications and save again.
  </Accordion>

  <Accordion title="I’m not receiving push notifications">
    First, confirm whether you’re expecting Critical Alerts (bypass DND) or non-critical push (respects DND). Then confirm your mobile device is connected and registered. If you recently changed phones, reinstalled the app, or disabled notification permissions at the OS level, push delivery may fail until the device is reconnected and permissions are restored. Use Test Notifications to validate push delivery immediately.
  </Accordion>

  <Accordion title="Shift reminders aren’t firing for my shift">
    If your on-call coverage is coming from a nested schedule (your schedule is on rotation for another schedule), reminders may not fire for the nested layer. This is expected behavior to prevent duplicate reminders. Also confirm your reminder is enabled, the delivery channel is verified, and (for Slack reminders) that Slack is connected.
  </Accordion>

  <Accordion title="I can’t add multiple reminders before shift start">
    Some workspaces support additional reminder timing options and allow up to three reminders per start/end type. If your workspace doesn’t have that enabled, you may be limited to one reminder per type. In that case, choose the single timing that best matches your handoff needs (for example, 1 hour before shift start).
  </Accordion>
</AccordionGroup>

***

## Best practices

A notification setup is “good” when it’s reliable under stress. Most teams land on a pattern where audible paging is intentionally hard to miss (Critical Alerts and/or calls), quiet paging provides visibility without interrupting (email or non-critical push), and shift reminders reduce handoff confusion.

If you only do one thing, make it this: configure an audible step that will reach you even when your phone is silenced, and then test it. Everything else can evolve over time—but missed pages are expensive, and Rootly’s notification rules exist specifically to prevent them.


# On-Call Pay Calculator
Source: https://docs.rootly.com/on-call/on-call-pay-calculator

Accurately calculate and export on-call compensation in Rootly based on real schedule data, holiday rules, and configurable pay rates for finance and HR.

# Overview

The On-Call Pay Calculator helps teams confidently and consistently calculate compensation for on-call work using real schedule data from Rootly. Instead of manually stitching together spreadsheets or reconciling shifts by hand, Rootly automatically tracks on-call coverage across your schedules and produces exportable pay reports that reflect how your team actually operated.

Pay reports are generated directly from schedules that are actively connected to escalation policies, ensuring only real, paged on-call time is included. Reports can be downloaded in **Excel (XLSX)** or **CSV** format and are suitable for payroll processing, audits, or internal review.

All reports are generated asynchronously in the background. Once a report is ready, you’ll receive an email notification so you can download it without waiting in the app.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 13 29 31@2x" />
</Frame>

# How Pay Calculation Works

At a high level, the Pay Calculator pulls on-call shift data from your schedules, applies your configured pay rules, and aggregates time per user over a selected date range. The system supports both **hourly-based** and **daily-based** compensation models, making it flexible enough for a wide range of team policies.

<Note>
  **Only schedules that are assigned to escalation policies are included in pay calculations**. This ensures the calculator reflects actual on-call responsibility rather than theoretical coverage. Any gaps in coverage are attributed to the schedule owner, preserving accountability and accuracy.
</Note>

Pay rules are snapshotted at the time a report is created. This means changes to rates or configuration going forward will not retroactively alter previously generated reports.

# Configuring Pay Rules

Before generating your first report, you’ll need to configure your pay rules. These rules define how time is counted, how compensation is calculated, and what level of detail appears in exported reports.

To access pay rule configuration, navigate to **On-Call → Pay Calculator**, then select **Configure Rules**.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 13 31 35@2x" />
</Frame>

## Choosing a Pay Type

The Pay Calculator supports two compensation models: **Hourly** and **Daily**.

With **Hourly pay**, Rootly calculates compensation based on the exact duration of on-call time, tracked down to the minute. Time is categorized into business hours (9 AM–5 PM on weekdays), outside business hours on weekdays, and weekends in the final export. This model is ideal for teams that pay based on actual availability or workload.

With **Daily pay**, Rootly counts unique calendar days that a user was on-call. Days are separated into weekdays and weekends, and each qualifying day is counted once regardless of shift length. This model works well for teams that offer a flat daily on-call stipend.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 13 38 56@2x" />
</Frame>

## Configuring Rates

You can choose whether Rootly should calculate total pay automatically or simply report time worked.

When **Single Rate** is enabled, you specify a currency and either an hourly or daily rate. Rootly will calculate total compensation per user and include it directly in the report.

When **Single Rate** is disabled, Rootly will still calculate hours or days worked but will leave rate and total pay fields empty. This is useful if rates vary by individual, seniority, or geography, or if final compensation is calculated outside of Rootly.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 13 43 54@2x" />
</Frame>

## Data Inclusion Options

The Pay Calculator includes several options that control how much detail is captured and surfaced in generated pay reports.

* **Granular Time Breakdown (Hourly pay only)**\
  When enabled, Rootly analyzes alert activity during each hour of an on-call shift and categorizes time into:
  * **Non-paged hours** — time spent on call with no alerts received
  * **Paged hours** — time during which alerts were triggered but not yet acknowledged or resolved
  * **Acknowledged / resolved hours** — time spent actively responding to incidents\
    This breakdown allows teams to distinguish between passive standby time and active incident response, and apply different compensation rules if needed.
* **Include Shadow Shifts**\
  When enabled, time spent shadowing on-call duties is included in pay calculations. This is commonly used for training or onboarding scenarios. Rootly automatically adjusts for overlaps so shadow time is not double-counted if a user is both shadowing and actively on call during the same period.
* **Show Individual Shift Data**\
  When enabled, reports include detailed per-shift columns for each user, including:
  * Schedule name
  * Shift start time (in the team’s timezone)
  * Shift end time (in the team’s timezone) ← This option is especially useful for audits, payroll verification, and validating how totals were calculated.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 13 45 03@2x" />
</Frame>

# Generating Pay Reports

Once pay rules are configured, generating a report is straightforward. Select the schedules you'd like to include, a start and end date (up to a maximum of six months per report) and create the report. Rootly processes the report in the background and attaches both CSV and XLSX files once complete.

<Note>
  If you don't select any schedules to include in the report, Rootly will include all shift data across all schedules.
</Note>

Each report includes a configuration summary that documents the pay type, currency, rate usage, and whether shadow shifts were included. This ensures reports remain self-describing even when reviewed months later.

<Frame>
  <img alt="Clean Shot 2026 05 11 At 13 46 39@2x" />
</Frame>

# Best Practices

Follow these best practices to ensure your on-call pay reports remain accurate, consistent, and easy to interpret.

* **Attach schedules to escalation policies**\
  Only schedules that are connected to escalation policies are considered active. If a schedule is not assigned to an escalation policy, it will be excluded from pay calculations.
* **Finalize pay rules before generating reports**\
  Pay reports snapshot the active configuration at the time they are created. Reviewing and locking in your pay rules before running a report helps avoid discrepancies and confusion later.
* **Use granular time breakdown for differentiated pay models**\
  If your organization compensates active incident response differently from passive standby time, enable granular time breakdown early. This gives you visibility into alert-driven activity and allows you to validate the data before using it for payroll.
* **Explicitly include shadow shifts when compensating training time**\
  If shadowing is considered paid training, make sure shadow shift inclusion is enabled. This ensures shadow hours are consistently tracked and prevents missed or inconsistent compensation.

# Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="Which schedules are included in pay reports?">
    Only schedules that are actively connected to escalation policies are included. This ensures pay reports reflect real on-call responsibility rather than unused or draft schedules.

    When you generate a new report, you can select the specific schedules you'd like to include. Leave this field blank if you want to generate a report for all schedules.
  </Accordion>

  <Accordion title="Can I change pay rules after generating a report?">
    You can change pay rules at any time, but changes only apply to future reports. Each report captures a snapshot of the rules used at the time it was generated.
  </Accordion>

  <Accordion title="How are business hours defined?">
    Business hours are defined as 9 AM to 5 PM on weekdays. All weekend time is categorized separately.
  </Accordion>

  <Accordion title="What happens if a user is both on-call and shadowing?">
    Rootly automatically removes overlapping time so the user is not double-paid for the same period.
  </Accordion>

  <Accordion title="What if someone has multiple shifts scheduled at the same time across many schedules?">
    Assuming all of the user's schedules are included in the report, Rootly will combine all of the times across shifts and accrue their time based on the time worked.

    For example, if someone was scheduled for two on-call shifts during a 24 hour period, they'd accrue pay for just the 24 hour period rather than two 24 hour shifts (totalling 48 hours).
  </Accordion>

  <Accordion title="Why is my report missing some users or shifts?">
    This usually means the schedule was not attached to an escalation policy during the selected date range, or the report exceeds the allowed six-month duration.
  </Accordion>
</AccordionGroup>


# On-Call Readiness
Source: https://docs.rootly.com/on-call/on-call-readiness

Ensure responders are prepared to receive alerts with the Rootly On-Call Readiness report, which surfaces missing contact methods and rules.

## Overview

The **On-Call Readiness** report gives you a centralized view into whether your responders are actually reachable when it matters most.\
It surfaces every Rootly user who participates in an on-call schedule and evaluates whether their notification preferences are properly configured to receive alerts.

This report is designed for **schedule owners, managers, and reliability leaders** who want confidence that on-call coverage is not only defined—but operationally effective. A schedule is only as reliable as the responders behind it, and this report helps you identify gaps *before* an incident occurs.

<Frame>
  <img alt="" />
</Frame>

Each row in the report represents a responder, and each icon represents a notification method they can be reached through. Green icons indicate that the notification method is fully configured and enabled. Gray icons indicate that the method is missing or incomplete.

Hovering over an icon reveals the exact destination Rootly will use—such as the phone number, email address, or mobile device—so you can quickly validate accuracy without leaving the page.

<Note>
  Responders cannot opt out of **critical alerts** for audible notifications. Rootly enforces this to ensure on-call coverage remains reliable during high-urgency incidents.
</Note>

## Understanding the Indicators

The readiness table is split across **audible** and **quiet** notification contexts, reflecting how responders are contacted for urgent versus low-priority alerts.

For **audible notifications**, the report shows whether a responder can receive:

* Critical mobile push notifications (that bypass Do Not Disturb)
* Phone calls
* SMS messages
* Email notifications

For **quiet notifications**, the report shows whether a responder can receive:

* Non-critical mobile push notifications (that respect Do Not Disturb)
* Phone calls
* SMS messages
* Email notifications

If at least one valid delivery method exists for the notification type, the corresponding icon appears green. This makes it easy to spot responders who may not be fully reachable for certain alert types.

## Using Filters to Assess Coverage

As teams and schedules grow, reviewing readiness manually becomes harder. The On-Call Readiness report includes filters that let you narrow the view to what matters most:

You can filter responders by **team**, **schedule**, or **escalation policy**, and you can also search by name or email. This allows you to answer questions like:

* Are all responders on this critical service reachable?
* Does this escalation policy include anyone without a working phone number?
* Are new team members fully set up before joining on-call?

Only users with an **on-call seat** appear in this report, ensuring the data reflects responders who may actually be paged.

## Exporting the Readiness Report

If you need to review readiness outside of Rootly, you can export the report as a CSV file.\
Exports are generated asynchronously and delivered via email with a secure download link. This makes it easy to share readiness data with managers, leadership, or auditors without requiring direct access to Rootly.

## Best Practices

Use the On-Call Readiness report proactively—not just during incidents—to keep your on-call program healthy.

* **Review readiness before adding someone to a rotation**\
  Ensure responders have at least one working audible notification method configured before their first shift.

* **Make readiness checks part of onboarding**\
  New hires should install the Rootly mobile app, verify contact details, and confirm notifications before shadowing or going on-call.

* **Re-audit after notification or policy changes**\
  Changes to escalation policies, schedules, or alerting rules can introduce gaps. A quick readiness scan helps catch them early.

* **Encourage mobile app installation**\
  Mobile push notifications provide the fastest and most reliable alert delivery, especially for critical incidents.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Who can view the On-Call Readiness report?">
    By default, **Admins and Owners** can view the On-Call Readiness report.\
    Other on-call roles can be granted access through **Organization Settings → Roles and Permissions**, allowing teams to delegate readiness ownership without granting full admin access.
  </Accordion>

  <Accordion title="Why is a responder showing gray icons?">
    Gray icons indicate that a notification method has not been configured or verified.\
    This may mean a phone number is missing, the mobile app is not installed, or the responder has not enabled that delivery method in their notification preferences.
  </Accordion>

  <Accordion title="What does “Mobile app installed” mean?">
    This indicator reflects whether the responder has at least one registered mobile device connected to Rootly.\
    Installing the mobile app is strongly recommended, as it enables critical push notifications that bypass Do Not Disturb settings.
  </Accordion>

  <Accordion title="Can responders opt out of critical alerts?">
    No. For audible notifications, Rootly enforces at least one guaranteed delivery method—either a critical push notification or a phone call.\
    This ensures that responders cannot accidentally make themselves unreachable during high-severity incidents.
  </Accordion>

  <Accordion title="Does this report update in real time?">
    Yes. The readiness report reflects responders’ current notification settings.\
    If a user updates their contact information or notification rules, the report will update automatically.
  </Accordion>
</AccordionGroup>


# On-Call Shadowing
Source: https://docs.rootly.com/on-call/on-call-shadowing

Use on-call shadowing in Rootly to safely train new responders alongside primary on-call without duplicating schedules, paging both, or risking missed alerts.

## Overview

On-call shadowing is designed to help teams ramp new responders with confidence—without putting production reliability at risk.

Instead of duplicating schedules or manually coordinating training shifts, Rootly allows you to add **shadow users** directly onto an existing on-call schedule. Shadow users are notified alongside the primary on-call responder, giving them real-world exposure to alerts, workflows, and incident patterns while keeping ownership and accountability with the primary responder.

Shadowing is commonly used for onboarding new engineers, preparing responders for rotation changes, or temporarily training team members on unfamiliar systems.

Once a shadowing period ends, Rootly automatically removes the shadow user—no cleanup required.

***

## Shadow Setup

To get started, navigate to **On-Call → Schedules**, then either create a new schedule or edit an existing one.\
From the schedule editor, open the **Shadows** tab to manage shadow users.

<Frame>
  <img />
</Frame>

From here, you can define *who* should shadow, *what* they should shadow, and *when* they should receive notifications.

***

## Define Active Hours for Shadow Paging

Not every team wants shadow users to be paged 24/7.

The **Page shadow user during specific hours** option allows you to restrict when shadow users are notified. This is especially useful if your primary schedule runs around the clock, but shadow users should only be paged during business hours.

When enabled, shadow paging respects the schedule’s configured business hours. You can optionally include weekends if desired, giving you fine-grained control over the shadowing experience without modifying the primary schedule.

<Frame>
  <img />
</Frame>

This ensures shadowing is educational—not overwhelming.

***

## Add Shadow Users

Rootly supports two shadowing modes depending on how you want the training experience to work: **shadowing a specific user** or **shadowing an entire schedule**.

Once configured, click **Add shadow user** to begin.

***

### Shadow a User

Shadowing a specific user is ideal when you want a trainee to learn directly from a particular responder.

In **Shadow a user** mode, you select the individual on-call responder to shadow and define the timeframe during which shadowing should occur. During this period, the shadow user is notified whenever that responder is paged—subject to any active hour restrictions you’ve configured.

<Frame>
  <img />
</Frame>

This approach works well for mentorship-driven onboarding or pairing junior responders with experienced engineers.

***

### Shadow a Schedule

Shadowing an entire schedule is useful when training should follow the rotation itself rather than a single person.

In **Shadow a schedule** mode, the shadow user is notified whenever *any* responder on the schedule is paged during the configured shadowing window. As the schedule rotates, the shadow user follows along automatically.

<Frame>
  <img />
</Frame>

This provides a broader view of how a team handles incidents across shifts and responders.

***

You can configure **multiple shadow users at the same time**, each with their own shadowing targets and time windows. Shadowing periods may overlap, and Rootly will handle notification delivery accordingly.

<Frame>
  <img />
</Frame>

***

## Viewing Shadow Users on the Calendar

Shadowing visibility is built directly into the schedule calendar.

Shifts that include shadow users are marked with a **ghost icon**, making it easy to identify shadowed coverage at a glance. Clicking into a shift reveals the shadow users listed beneath the primary on-call responder.

<Frame>
  <img />
</Frame>

This makes it easy for managers and responders to understand who is learning alongside active coverage.

***

## Automatic Expiration

Shadowing is always time-bound.

Once a shadowing period reaches its configured end time, Rootly automatically removes the shadow user from the schedule. Paging stops immediately, and no manual action is required. Historical records remain intact for auditing and visibility, but shadow users are never left attached unintentionally.

This ensures shadowing stays intentional, controlled, and low-risk.

***

## Permissions

Only users with sufficient On-Call permissions can manage shadowing.\
Users with **On-Call Admin** or **On-Call User** roles can create, edit, and remove shadow users. Observers have read-only access.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Who gets paged when shadowing is enabled?">
    When shadowing is active, **both the primary on-call responder and the shadow user are notified** for eligible alerts.\
    The primary responder remains fully responsible for acknowledging and resolving alerts, while the shadow user receives the same notifications for learning and visibility purposes.
  </Accordion>

  <Accordion title="Does shadowing affect escalation policies or alert ownership?">
    No. Shadowing does **not** change escalation behavior, alert ownership, or acknowledgement logic.\
    Escalation policies continue to function exactly as configured, and alerts are still assigned to the primary responder. Shadow users are purely additive and do not interfere with alert flow.
  </Accordion>

  <Accordion title="Can I limit when shadow users are paged?">
    Yes. Shadow paging can be restricted to specific hours by enabling the **Page shadow user during specific hours** option.\
    When enabled, Rootly respects the schedule’s business hours configuration and optionally includes or excludes weekends. This is ideal for training during working hours without overnight interruptions.
  </Accordion>

  <Accordion title="Can multiple shadow users be active at the same time?">
    Absolutely. You can configure **multiple shadow users simultaneously**, each with their own shadowing targets and time windows.\
    Shadow users may overlap in time, and Rootly will ensure notifications are delivered appropriately without conflict.
  </Accordion>

  <Accordion title="What happens when the shadowing period ends?">
    Shadowing automatically expires at the configured end time.\
    Once expired, the shadow user is removed from paging immediately—no manual cleanup is required. Historical records remain available for auditing, but the shadow user will no longer receive notifications.
  </Accordion>

  <Accordion title="Can a shadow user acknowledge or resolve alerts?">
    Shadow users receive notifications but **do not replace the primary responder**.\
    Depending on their permissions, they may view alerts and incidents, but operational responsibility and escalation remain with the primary on-call responder.
  </Accordion>

  <Accordion title="Can I shadow a team instead of a user or schedule?">
    No. Shadowing supports **specific users or entire schedules only**.\
    Teams cannot be shadowed directly. If you want team-level shadowing behavior, create a schedule for that team and shadow the schedule instead.
  </Accordion>
</AccordionGroup>

***

## Best Practices

* Use shadowing during onboarding instead of duplicating schedules
* Limit shadow paging to business hours for new responders
* Start with shadowing a specific user before moving to full schedule shadowing
* Use calendar visibility to communicate training coverage to the team
* Let shadowing expire naturally—avoid long-running, open-ended shadows

Shadowing is most effective when treated as a temporary learning tool, not a permanent paging mechanism.

***


# On-Call Shifts
Source: https://docs.rootly.com/on-call/on-call-shifts

View current and upcoming on-call coverage in Rootly, manage overrides and swaps, and identify schedule gaps before they cause missed alerts and escalations.

## Overview

The **On-Call Shifts** page provides a real-time view of who is responsible for responding to incidents—now and in the future. Unlike schedules, which define rotation logic, this page reflects the **actual shifts generated by schedules, rotation rules, and overrides**. It is the most accurate source of truth for understanding who will be paged at any given moment.

This view is designed for both responders and managers. Responders can quickly see when they are on call next, while managers can validate coverage, identify gaps, and make last-minute adjustments without modifying the underlying schedule structure.

## Viewing On-Call Shifts in the Web App

To access on-call shifts, navigate to **On-Call → On-Call Shifts**.

Shifts are automatically grouped by their current status to help you quickly assess coverage:

* **Currently On-Call** shows shifts that are active right now and will receive pages immediately if an alert triggers.
* **Upcoming On-Call** displays future shifts generated by schedules and overrides.
* **Inactive On-Call** highlights shifts belonging to schedules that are not attached to an escalation policy and therefore will not page responders.

This grouping makes it easy to confirm both present and future coverage at a glance.

## Understanding Shift Types

### Always On-Call Shifts

Always on-call shifts represent continuous coverage without a defined end time. These shifts appear under **Currently On-Call** and are rendered as a solid horizontal bar at the top of the calendar view.

This pattern is commonly used for roles such as incident commanders, executive escalation paths, or safety officers who must always be reachable.

<Frame>
  <img alt="" />
</Frame>

### Recurring On-Call Shifts

Recurring shifts are generated from rotation rules defined in schedules. These shifts appear under both **Currently On-Call** and **Upcoming On-Call**, depending on their timing.

In the calendar view, recurring shifts are displayed as vertical blocks that reflect their start and end times. These shifts form the backbone of most on-call programs and are automatically recalculated as schedules evolve.

<Frame>
  <img alt="" />
</Frame>

## Viewing Shifts for Other Users

The On-Call Shifts page is not limited to your own coverage. You can view shifts for any user by selecting them from the **User** dropdown.

When a different user is selected, both the shift list and calendar update immediately to reflect that user’s responsibilities. This is especially useful for managers validating team coverage or responders coordinating handoffs.

## Identifying Holiday and PTO Conflicts

Holiday calendars can be overlaid on the shifts view to surface potential coverage risks. When a holiday or PTO event overlaps with an on-call shift, Rootly highlights the conflict directly on the calendar.

From either the holiday event or the affected shift, you can immediately create an override to reassign coverage. This allows teams to address conflicts proactively without restructuring schedules.

<Frame>
  <img alt="" />
</Frame>

## Creating Overrides for On-Call Shifts

Overrides allow you to temporarily reassign on-call responsibility without modifying the underlying schedule or rotation logic. They are ideal for handling PTO, sick leave, or unexpected availability changes.

To create an override:

1. Navigate to **On-Call → On-Call Shifts**.
2. Select the user whose shifts you want to override.
3. Click **Create Override** or select a specific shift and choose **Create Override** from the shift details.
4. Select the timeframe and the user who will take over coverage.
5. Confirm to apply the override.

Overrides always take precedence over rotation-generated shifts and are fully auditable.

<Frame>
  <img alt="" />
</Frame>

## Reassigning or Reverting Overrides

Overrides are flexible and reversible. Shifts that are overrides are clearly labeled to avoid confusion.

### Reverting an Override

Reverting an override restores the original assignee for that shift. This can be done directly from the On-Call Shifts page or from the schedule editor.

<Tip>
  Reverting an override is non-destructive and does not alter the original schedule or rotation.
</Tip>

### Reassigning an Override

If coverage needs change, an override can be reassigned to a different user. This updates the shift immediately and preserves the override’s audit history.

<Frame>
  <img alt="" />
</Frame>

## Best Practices

A healthy on-call program relies on visibility and intentional management. Use the On-Call Shifts page as your daily operational dashboard. Regularly review upcoming shifts to catch gaps early, especially around holidays and weekends.

Avoid modifying schedules to handle short-term changes. Overrides are designed specifically for this purpose and help keep your rotation logic stable and predictable.

Finally, ensure that all schedules shown as **Inactive On-Call** are either intentionally dormant or connected to escalation policies. A schedule without an escalation policy will never page responders.

## Multi Layer Schedules

Multi-layer schedules let you stack coverage windows, for example, a weekday layer (Mon–Fri) and a weekend layer (Fri–Mon).

How layers interact:\
Each layer has its own rotation, users, and time window. Rootly evaluates layers in priority order — higher layers take precedence during their active windows.

Start and end times for each layer must be set precisely. If times overlap or are misaligned, the wrong layer may be active at a given moment.

### Around the Sun Schedules

An around the sun schedule gives you continuous on-call coverage by handing off between teams in different timezones. Instead of users being paged at 4AM, each user covers their own daylight hours and hands off to the next timezone.

The steps below walk through how to set this up in Rootly using multiple rotations within a schedule, and covers common user case when working across timezones.

Step 1: Plan your coverage windows in UTC\
This avoids confusion when configuring layers, since Rootly's schedule engine works in UTC internally even if individual layers are displayed in local time.\
Example for APAC/EMEA/NA rotations with 8-hour windows:\
APAC: 00:00–08:00 UTC\
EMEA: 08:00–16:00 UTC\
NA: 16:00–00:00 UTC

Step 2: Create the schedule

1. Go to On-Call > Schedules > New schedule.
2. Give the schedule a name and assign the schedule owner
3. Set the schedule timezone to UTC. This makes it easier to reason about layer windows across timezones.

Step 3: Add a rotation for each region\
For each region:

1. Click Add Rotation.
2. Set the rotation timezone to the region's local timezone (e.g. `Asia/Bangkok` for your APAC layer). Rootly will display shift times in this timezone for users on that rotation, while the underlying schedule stays in UTC.
3. Set the active hours to the coverage window for that region
4. Set the Rotation Cycle (Daily/Weekly/BiweeklyMonthly)
5. Add the users in the rotation for that region.

Repeat for each timezone/region.

## Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="Why does a shift appear as inactive?">
    A shift is marked as inactive when its schedule is not attached to any escalation policy. In this state, the shift exists for visibility but will not trigger paging. To activate it, add the schedule to an escalation policy that is assigned to a service or team.
  </Accordion>

  <Accordion title="Do overrides change the original schedule?">
    No. Overrides temporarily replace the on-call assignee for a specific time window but do not modify the underlying schedule or rotation rules. Once reverted or expired, the original schedule resumes automatically.
  </Accordion>

  <Accordion title="Can I create overlapping overrides?">
    Overrides cannot overlap with other overrides for the same shift. Rootly enforces this to ensure paging behavior remains predictable and unambiguous.
  </Accordion>

  <Accordion title="Who can create or manage overrides?">
    Users with **On-Call Admin** or **On-Call User** roles can create, update, and revert overrides. Observers have read-only access.
  </Accordion>

  <Accordion title="How far in advance are shifts generated?">
    Shifts are generated based on schedule rotation rules and continuously recalculated as schedules or overrides change. Upcoming shifts always reflect the latest configuration.
  </Accordion>
</AccordionGroup>


# Opsgenie Migration
Source: https://docs.rootly.com/on-call/opsgenie-migration

Migrate users, schedules, teams, services, routing rules, and notification settings from Opsgenie to Rootly On-Call with a Rootly-led, API-based import.

## Overview

Migrating from Opsgenie to Rootly On-Call is a **Rootly-led, API-driven import process** that recreates your on-call configuration in Rootly so you can cut over with confidence. The migration is designed to preserve the operational structure your responders rely on—who is on call, how rotations work, how overrides are applied, and how responders are notified—while also applying Rootly’s guardrails to keep the resulting configuration safe and maintainable.

A typical migration has two goals:

1. **Parity at cutover:** responders can acknowledge and resolve alerts in Rootly with familiar routing and escalation behavior.
2. **Clean operational ownership:** once you cut over, schedules, routing rules, and responder preferences in Rootly become your new source of truth going forward.

Rootly migrations are performed using **read-only Opsgenie API access**, meaning Rootly does not modify or delete any resources in Opsgenie. Your Opsgenie instance remains intact and can be kept running in parallel during a transition window if you want an added safety net.

To get started, simply **contact Rootly**. Your onboarding or customer success representative will walk you through scope, timing, and required access, then coordinate and execute the migration for you.

## What You Can Migrate

Rootly can migrate the core building blocks of Opsgenie on-call operations. Each section below explains what is migrated, how Rootly maps it, and where you should expect differences.

### Users

Rootly imports users in a way that prioritizes safe, deterministic matching and produces a usable on-call configuration immediately.

#### How users are matched

* Rootly matches Opsgenie users to Rootly users using the Opsgenie user `username`, which is treated as the user’s **email address**.
* If a Rootly user already exists with that email (including soft-deleted users), Rootly reuses that user rather than creating a duplicate.
* If no Rootly user exists for that email, Rootly creates a new Rootly user automatically and populates the email and name fields from Opsgenie.

#### User profile and time zone normalization

* Rootly imports the user’s name from Opsgenie (for example, `full_name`) and applies a normalized time zone value when available.
* If a user’s time zone in Opsgenie is empty or does not map cleanly, Rootly will fall back to your workspace defaults. Time zones primarily affect how times are displayed (and certain time-based features), not the underlying schedule logic.

#### Membership and on-call access

* Imported users are added to the target Rootly team/workspace.
* If your workspace uses on-call seat limits, users without an available on-call seat cannot be placed into rotations until seats are available. This is an operational constraint rather than a migration failure; it simply means you may need to assign seats before final cutover.

#### Contact methods and notification rules

Opsgenie user notification behavior is represented as **notification rule steps**, and Rootly translates those steps into Rootly’s notification rules:

* Opsgenie contact method `email` maps to Rootly email targets.
* Opsgenie contact method `sms` maps to Rootly SMS targets.
* Opsgenie contact method `voice` maps to Rootly call targets.
* The Opsgenie delay per step (for example, `sendAfter.timeAmount`) maps to the Rootly rule delay so responders are notified at the intended time offset.

Imported contact targets are created as verified targets during migration so that the resulting notification rules are immediately usable. After migration, responders can review and update their targets and preferences in Rootly (for example, changing their primary number or adding a mobile device for push notifications).

#### Default rule seeding (safety baseline)

After importing a user’s Opsgenie-derived rules, Rootly will seed any missing default Rootly notification rules that are required to give responders a safe baseline configuration. This ensures that users do not end up with a partially configured state if Opsgenie rules were missing, sparse, or not fully mappable.

### Teams and Routing

Opsgenie team structure typically represents operational ownership and routing boundaries. Rootly can import this structure into Rootly’s grouping model and import routing rules when present.

#### Teams to groups

* Opsgenie teams are imported as Rootly groups (teams/groups in Rootly terminology), allowing you to preserve ownership and organize responders in Rootly the same way they are organized in Opsgenie.
* Group membership and the imported users are aligned so schedules and routing rules can reference the correct owners.

#### Routing rules

* If your Opsgenie setup includes team routing logic, Rootly imports the team’s routing rules so that inbound alert flows can preserve the same “where should this go?” behavior.
* Routing rule import is handled as part of the team import stage so that teams exist before schedules and downstream references are created.

#### Slack integration import (optional, conditional)

Slack-related migration is supported only when all of the following are true:

* You choose to include `slack_integrations` in the migration scope.
* Your Rootly team has a connected Slack integration.
* You include one or more Opsgenie team IDs so Rootly knows which teams should have Slack integration configuration imported.

If those prerequisites are not met, Slack integration import is skipped. This prevents partially configured Slack behavior and keeps the resulting Rootly configuration deterministic.

### Services (Optional)

If you want Rootly to preserve Opsgenie service structure, Rootly can import Opsgenie services into Rootly services.

#### Service matching and name behavior

* Rootly attempts to match a service by Opsgenie service ID first.
* If no match exists by ID, Rootly attempts to match by name.
* If a name collision exists (for example, a different service already uses that name), Rootly may uniquify the imported service name by appending the Opsgenie service ID so you can distinguish them cleanly.

Imported services can then be used in analytics, ownership, and downstream routing/alerting workflows in Rootly.

### Schedules

Schedules are one of the most sensitive parts of an on-call migration because they affect real paging behavior. Rootly migrates schedules with the goal of preserving rotation logic and ensuring future coverage is computed correctly.

#### What schedule data is migrated

* Schedule definitions (name, ownership context)
* Rotations (including rotation rules)
* Overrides (coverage changes applied over time)
* Future shift generation derived from the imported rotation configuration

#### Overlapping rotations and schedule strategy

Opsgenie schedules can contain rotation patterns that overlap in ways that are difficult to represent cleanly as a single schedule in some systems. Rootly supports two strategies:

* **Single schedule strategy:** rotations are imported into one Rootly schedule, and overrides are created from Opsgenie schedule overrides.
* **Split rotations into separate schedules:** when enabled (`import_rotations_as_separate_schedules`), Rootly detects overlapping rotations and creates **one Rootly schedule per rotation**. This can make the resulting schedules easier to reason about and reduces ambiguity in overlap resolution.

The best choice depends on how your Opsgenie schedules are structured and how you expect schedule ownership to work after cutover. Rootly will recommend an approach during scoping if your environment has overlap-heavy schedules.

#### Syncing schedules vs. create-only schedules

Rootly can run an Opsgenie migration in either of these modes:

* **Create-only import:** recommended for clean cutovers or staged testing. Rootly creates new schedules without attempting to reconcile with existing Rootly schedules.
* **Sync existing:** recommended when you have already created Rootly resources and want the migration to update them. In sync mode, Rootly may remove and rebuild base (non-override) shifts and clean up removed overrides to maintain parity with the Opsgenie source.

Because sync mode can rebuild future shifts, it is typically used deliberately and validated carefully in a controlled window.

#### Shift recreation and throttling

When syncing schedules, Rootly can introduce a configurable delay before recreating shifts (`schedule_shift_recreation_delay`). This is a practical safety mechanism to avoid partial computations in environments with many schedules or heavy background job load.

Rootly can also throttle schedule imports (`schedule_import_delay`) to keep the migration stable and predictable for larger workspaces.

## Configuration Options You May Be Asked To Choose

Opsgenie migrations often include a few explicit choices so the resulting Rootly configuration matches your operational intent.

Common migration options include:

* **Migration scope controls (resources):**
  * `users`
  * `teams`
  * `schedules`
  * `services`
  * `slack_integrations`
* **Filtering and inclusion controls:**
  * Migrate only specific Opsgenie teams (`team_ids`)
  * Exclude specific Opsgenie teams (`excluded_team_ids`)
  * Migrate only a subset of users by email (`user_emails`)
* **Schedule behavior:**
  * Import overlapping rotations as separate schedules (`import_rotations_as_separate_schedules`)
  * Synchronize into existing Rootly resources (`sync_existing`)
  * Add delays for stability (`schedule_import_delay`, `schedule_shift_recreation_delay`)
* **Responder hygiene:**
  * Disable shift reminders for imported users (`disable_shift_reminders`)
* **Dry run mode:**
  * Validate and produce a report of what would be imported (including validation errors) without writing resources into Rootly (`dry_run`)

If you are unsure which options to select, a strong default is to begin with a dry run, then perform a create-only migration into a staging workspace (or a safe test team) before importing into production.

## Migration Process

### Step 1: Define scope and success criteria

Before any technical setup, define what “success” means for your organization. This reduces rework and prevents ambiguous expectations.

Recommended scoping questions:

* Are you migrating one Opsgenie team or many?
* Are you importing only schedules, or also services and routing rules?
* Do you need Slack integration behavior imported, or will it be reconfigured natively in Rootly?
* Do you need to preserve existing Rootly schedules (sync), or can this be a clean import?

Example success criteria:

* Every responder can be paged in Rootly via at least one reliable channel.
* Each core schedule generates correct upcoming shifts for the next 2–4 weeks.
* Critical services and teams have the correct ownership structure and routing.
* Overrides and coverage changes are represented correctly for upcoming time windows.

### Step 2: Create a read-only Opsgenie API key

Rootly migrations use the Opsgenie API to read configuration.

In Opsgenie:

1. Navigate to **Settings → App Settings → API key management**
2. Click **Add new API key**
3. Name the key clearly (example: “Rootly Migration – Read Only”)
4. Assign **Read** permissions for the relevant resources (users, teams, schedules, services as needed)
5. Copy the key securely and share it with the Rootly team using your approved secure channel

<Note>
  Use read-only permissions. Rootly does not need write access to Opsgenie to perform migration.
</Note>

### Step 3: Run a dry run (strongly recommended)

A dry run validates what Rootly can import and highlights any resources that will be skipped or require attention. This is especially valuable if your Opsgenie environment contains complex schedule overlap patterns or historical artifacts that are no longer actively used.

Dry runs typically surface:

* Users that cannot be matched cleanly (missing/invalid emails)
* Schedules that require a split-rotation strategy to preserve clarity
* Validation errors that would prevent import
* A summary report you can use to confirm the migration plan before anything is written

### Step 4: Execute the migration

After dry run validation, Rootly runs the migration asynchronously. Imports are staged so dependencies resolve correctly and scheduling logic remains stable.

At a high level, a migration commonly progresses through:

* Users and services
* Teams (and routing rules)
* Schedules (rotations, overrides, then shift generation)
* Slack integrations (only when configured and included)

Because the migration runs in the background, you can continue normal work while it completes, and then validate the results after completion.

### Step 5: Validate in Rootly before cutover

After import, treat validation as an explicit step. You should validate configuration correctness and real paging behavior.

Recommended validation checklist:

* Confirm each core schedule shows a correct “currently on-call” responder and upcoming shifts.
* Confirm rotation structure matches expected handoffs and time zones.
* Confirm overrides appear where you expect them for upcoming windows.
* Confirm a sample of responders have correct notification rules and reachable targets.
* Confirm team/group membership matches expectations and routing rules are present if imported.
* If Slack integration behavior matters, validate it only after Slack is fully connected in Rootly and `slack_integrations` was included in scope.

### Step 6: Cut over and monitor

When you are ready, shift your alert sources to route into Rootly On-Call, then actively monitor the first hours/days of production usage.

The most common cutover issues are not schedule logic problems—they are responder readiness and deliverability issues (for example, responders missing a mobile device connection or carriers filtering SMS). Validate reachable channels proactively.

## Best Practices

* **Start with a dry run.** Dry runs catch schedule edge cases early, when changes are easiest.
* **Decide schedule strategy up front.** If your Opsgenie schedules rely on overlapping rotations, consider splitting rotations into separate schedules for clarity.
* **Migrate in a controlled window.** Even without downtime, you want time reserved for validation and quick fixes.
* **Validate paging with real tests.** It’s not enough for rules to exist; verify a handful of responders can actually receive notifications via the channels you rely on.
* **Plan a staged cutover.** Many organizations keep Opsgenie running briefly while validating Rootly paging reliability, then fully cut over.
* **Communicate responder expectations early.** Tell responders what to install, what to verify, and what to expect during the transition.
* **Document any skipped or excluded resources.** If you exclude teams or only migrate specific users, keep a written record so the end state remains intentional.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does Rootly modify anything in Opsgenie during migration?">
    No. Rootly migrations use read-only Opsgenie API access. Rootly reads your Opsgenie configuration and recreates equivalent resources in Rootly, but does not write back to Opsgenie or delete anything in your Opsgenie account.
  </Accordion>

  <Accordion title="How does Rootly match users between Opsgenie and Rootly?">
    Users are matched by email address. Opsgenie’s user <code>username</code> is treated as the user’s email. If a Rootly user exists with the same email (including soft-deleted users), Rootly reuses that user. If no match exists, Rootly creates a new Rootly user and adds them to the team so schedules and routing can reference them.
  </Accordion>

  <Accordion title="How are Opsgenie notification rules mapped into Rootly?">
    Opsgenie notification rule steps are translated into Rootly notification rules. The Opsgenie contact method (<code>email</code>, <code>sms</code>, <code>voice</code>) maps to Rootly’s email, SMS, and call targets. The step delay (<code>sendAfter.timeAmount</code>) maps to the Rootly rule delay so the timing behavior stays consistent.
  </Accordion>

  <Accordion title="What happens if a schedule has overlapping rotations?">
    Rootly can import schedules in one of two ways. By default, rotations are imported into a single Rootly schedule and overrides are recreated. If your environment has overlapping rotations and you enable <code>import\_rotations\_as\_separate\_schedules</code>, Rootly can split rotations into separate Rootly schedules to keep overlap behavior clearer and reduce ambiguity.
  </Accordion>

  <Accordion title="Can I migrate only a subset of teams, schedules, or users?">
    Yes. The migration supports scope controls such as importing only specific team IDs, excluding specific team IDs, or limiting users by email address. This is useful for phased migrations where you transition one department or service group at a time.
  </Accordion>

  <Accordion title="Will Slack integrations be migrated automatically?">
    Slack integrations are imported only when you include <code>slack\_integrations</code> in migration scope and your Rootly workspace has a connected Slack integration. If those prerequisites are not met, Slack import is skipped to prevent partial or misleading configuration.
  </Accordion>

  <Accordion title="Who do I contact if something looks wrong after migration?">
    Contact your Rootly onboarding representative or Rootly Support. Share the relevant Opsgenie resource identifiers (team IDs, schedule IDs, service IDs) and a short description of what doesn’t match expectations so the Rootly team can diagnose quickly.
  </Accordion>
</AccordionGroup>

***

Need help planning or executing a migration? Contact your Rootly onboarding representative or email **[support@rootly.com](mailto:support@rootly.com)**.


# PagerDuty Migration
Source: https://docs.rootly.com/on-call/pagerduty-migration

Migrate users, schedules, escalation policies, and notification settings from PagerDuty to Rootly On-Call with API-based data transfer.

## Overview

Migrating from PagerDuty to Rootly On-Call is an API-driven import process that recreates your paging configuration in Rootly so you can cut over with confidence. The migration is designed to preserve the structure your responders rely on—who is on-call, how alerts escalate, and how responders are notified—while also applying Rootly’s operational guardrails (for example, preventing schedule dependency loops and ensuring notification rules remain actionable).

A typical migration has two goals:

1. **Parity at cutover:** responders can acknowledge and resolve alerts in Rootly with familiar routing and escalation behavior.
2. **Clean operational ownership:** once you cut over, schedules and escalation policies in Rootly become your new source of truth going forward.

Rootly migrations are performed using **read-only PagerDuty API access**, meaning Rootly does not modify or delete any resources in PagerDuty. Your PagerDuty instance remains intact and can be kept running in parallel during a transition window if you want an added safety net.

To get started, simply **contact Rootly**. Your onboarding or customer success representative will walk you through scope, timing, and required access, then coordinate and execute the migration for you.

## What You Can Migrate

Rootly can migrate the core building blocks of on-call operations. Each section below explains what is migrated, how Rootly maps it, and where you should expect differences.

### Users

Rootly imports users in a way that prioritizes safe, deterministic matching.

**How users are matched**

* Rootly matches PagerDuty users to Rootly users using **email address**.
* If a Rootly user with that email already exists (including soft-deleted users), Rootly will reuse that user rather than creating a duplicate.
* If no Rootly user exists for the email, Rootly creates a new Rootly user automatically.

**Team membership and on-call access**

* Imported users are added to the target Rootly team/workspace.
* Your team’s defaults (and any relevant workspace configuration) may apply to newly created memberships, including default on-call role assignment.
* If your workspace uses on-call seat limits, users without an available on-call seat cannot be added into schedule rotations until seats are available.

**Contact methods that are migrated**
Rootly migrates user contact information used for paging, including:

* Email address(es)
* SMS-capable phone number(s)
* Call-capable phone number(s)

**How notification rules are migrated**
PagerDuty notification rules are translated to Rootly’s notification rule model where compatible:

* PagerDuty **urgency = low** maps to Rootly **quiet** notification rules.
* PagerDuty **urgency ≠ low** maps to Rootly **audible** notification rules.
* PagerDuty notification start delays map to Rootly rule delays when possible.
* Contact method types are mapped into Rootly’s supported contact methods, which include:
  * Email
  * SMS
  * Phone call
  * Critical mobile push (bypasses device Do Not Disturb when configured)
  * Non-critical mobile push (respects device Do Not Disturb when configured)

**What happens when a rule cannot be mapped**

* If a PagerDuty rule uses a configuration that does not translate cleanly, Rootly skips that rule rather than importing a partial or misleading configuration.
* After import, Rootly can also seed defaults (if needed) so every responder has a safe baseline configuration (for example, an email-based quiet rule).

**Important behavioral expectations**

* Rootly enforces practical paging constraints in the UI for audible notification rules. For example, initial audible steps typically must include an immediately actionable path (critical push or call) so responders cannot accidentally configure an audible chain that can never reach them.
* Where your PagerDuty rules include escalations or multi-step paging, validate your Rootly notification rules post-import to ensure the “audible” versus “quiet” intent matches your team’s reality.

### Schedules

Rootly imports schedules with the intent of preserving rotation logic and future coverage.

**What schedule data is migrated**

* Schedule definitions (name, description where applicable)
* Rotations and rotation membership
* Overrides
* Shift generation behavior (Rootly will generate future shifts based on imported rotation configuration)

**Supported schedule membership types**
Rootly schedules support rotation members that are:

* Individual users
* Other schedules (nested schedules), with safeguards to prevent circular dependencies

If your PagerDuty design effectively represents a team as a “target,” Rootly typically models that as a schedule rather than embedding a “team” directly inside a schedule rotation.

**Schedule validation and skip behavior**
Some schedules may be intentionally skipped for safety or compatibility. A notable case:

* Schedules with rotation turn lengths shorter than **24 hours** may be skipped during migration.

If schedules are skipped, the migration should record them as skipped resources so you can review and decide whether to recreate them manually using Rootly-native patterns.

**Syncing schedules vs. creating schedules**
Depending on migration settings:

* You can import schedules into a clean workspace (create-only), or
* You can **synchronize** against existing Rootly schedules (sync mode). In sync mode, Rootly may rebuild base shifts and clean up removed overrides to match the source.

Because schedule sync can rebuild future shifts, migrations often support a configurable delay between shift recreation steps to prevent racing or partial computations.

### Escalation Policies

Escalation policies are imported to preserve “who is notified, when, and in what order.”

**What escalation policy data is migrated**

* Escalation policy definitions and levels
* Targets within each level (where compatible)
* Ordering and delays

**Audible vs. quiet escalation paths**
Rootly can optionally create separate escalation paths to mirror PagerDuty urgency behavior, such as:

* A quiet path designed for low urgency routing
* An audible path designed for urgent paging

Whether you enable this depends on how strictly you separate low urgency vs. high urgency in your operational model.

**Target types you can expect**
Escalation levels in Rootly can target combinations of:

* Users
* Schedules
* Teams/groups (in Rootly terminology, groups)
* Slack channels
* Services (depending on configuration)

Rootly also supports paging strategies and targeting modes (including round robin strategies) that you can layer on top after migration if you want more control than your original PagerDuty setup provided.

### Services and Teams (Optional)

Depending on migration settings, Rootly can also import:

* PagerDuty teams into Rootly groups
* PagerDuty services into Rootly services

If enabled, Rootly can optionally set owning teams for services to preserve operational ownership and improve reporting and routing downstream.

## Configuration Options You May Be Asked To Choose

PagerDuty migrations often include a small number of explicit choices so the resulting Rootly configuration matches your intent.

Common migration options include:

* **PagerDuty region:** US or EU
* **Import scope controls:**
  * Import all escalation policies, or only specific escalation policy IDs
  * Exclude certain schedule IDs
  * Import all users, or restrict to users referenced by migrated schedules/policies
* **Resource strategy:**
  * Create-only import
  * Synchronize existing Rootly resources
* **Escalation policy behavior:**
  * Create separate quiet and audible escalation paths
* **Operational hygiene options:**
  * Disable shift reminders for imported users (helpful if you want responders to opt in later)
* **Timing controls:**
  * Delay between escalation policy imports and schedule imports
  * Delay before schedule shift recreation in sync mode
* **Dry run mode:**
  * Validate and produce a report of what would be imported (including validation errors) without writing resources into Rootly

If you are unsure which options to select, a good default is to start with a dry run, then run a create-only import into a staging workspace (or a safe test team) before importing into production.

## Migration Process

### Step 1: Define Scope and Success Criteria

Before any technical setup, define what “success” means for your organization. This reduces rework and prevents ambiguous expectations.

Recommended scoping questions:

* Are you migrating one team or multiple teams?
* Are you migrating only schedules and escalation policies, or also services and teams?
* Do you need parity for low-urgency workflows (quiet routing), or only urgent paging?
* Do you need to preserve existing Rootly resources, or can this be a clean import?

Common “success criteria” examples:

* Every responder can be paged in Rootly via at least one reliable channel.
* Every critical service has an escalation policy attached and can page an on-call responder.
* The most important schedules generate correct upcoming shifts for the next 2–4 weeks.
* Escalation policies correctly notify schedules/users in the intended order with expected delays.

### Step 2: Create a Read-Only PagerDuty API Key

Rootly migrations use the PagerDuty API to read configuration.

In PagerDuty:

1. Navigate to **Integrations → Developer Tools → API Access Keys**
2. Create a new API key
3. Name the key clearly (example: “Rootly Migration – Read Only”)
4. Ensure the key is **read-only**
5. Copy the key securely and share it with the Rootly onboarding team using your approved secure channel

<Note>
  Use a read-only key. Rootly does not need write access to PagerDuty to perform migration.
</Note>

### Step 3: Run a Dry Run (Strongly Recommended)

A dry run validates what Rootly can import and highlights any resources that will be skipped or require attention. This is especially valuable if your PagerDuty instance contains edge cases (complex layers, unusual rotation lengths, legacy artifacts).

A dry run typically surfaces:

* Users that cannot be matched cleanly (missing emails, invalid data)
* Schedules that will be skipped (for example, short turn lengths)
* Policies that reference unsupported patterns
* Any validation errors that would prevent import

If you are migrating a large environment, a dry run is the safest way to avoid surprises.

### Step 4: Execute the Migration

After dry run validation, Rootly runs the migration asynchronously. Imports are typically staged so dependencies resolve correctly (for example, users exist before schedules reference them).

At a high level, a migration commonly progresses through:

* Users (and optional teams/groups)
* Services (optional)
* Schedules (and overrides, then shift generation)
* Escalation policies

Because the migration runs in the background, you can continue normal work while it completes, and then validate the results after completion.

### Step 5: Validate in Rootly Before Cutover

After import, treat validation as an explicit step—not an afterthought. You should validate both configuration correctness and real paging behavior.

Recommended validation checklist:

* Confirm each core schedule shows a correct “currently on-call” responder and upcoming shifts.
* Confirm escalation policies reference the intended schedules/users/targets.
* Confirm a sample of responders have correct notification rules (audible + quiet).
* Use “test notifications” (where available) to confirm SMS/call/push delivery for a few responders.
* Confirm that any intentionally excluded resources are documented so you can recreate them manually if needed.

### Step 6: Cut Over and Monitor

When you are ready, shift your alert sources to route into Rootly On-Call, then actively monitor the first hours/days of production usage.

During cutover, the most common issues are not configuration problems—they are deliverability or responder readiness issues (for example, a responder never installed the mobile app or has not verified a phone number). Use Rootly’s readiness tooling and test notifications proactively.

## Best Practices

These practices reduce risk and make the migration easier to validate and operate.

* **Start with a dry run.** Dry runs catch incompatible schedules and policy edge cases early, when changes are easiest.
* **Migrate in a controlled window.** Even if Rootly doesn’t require downtime, you want your team mentally prepared for validation and quick fixes.
* **Plan a staged cutover.** Many organizations keep PagerDuty live briefly while they validate Rootly paging reliability, then fully cut over.
* **Validate paging with real test notifications.** It’s not enough for rules to exist; verify that responders actually receive calls/SMS/push.
* **Decide your urgency model up front.** If you rely heavily on low urgency workflows, enable separate quiet and audible escalation paths. If you don’t, keep it simple.
* **Communicate responder expectations early.** Tell responders what to install (mobile app), what to verify (phone numbers), and what to expect during the transition.
* **Document “skipped resources.”** If something is skipped (such as a schedule layer with short rotation length), write down why and your replacement approach in Rootly.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Does Rootly modify anything in PagerDuty during migration?">
    No. Rootly migrations use read-only PagerDuty API access. Rootly reads your PagerDuty configuration and recreates equivalent resources in Rootly, but does not write back to PagerDuty or delete anything in your PagerDuty account.
  </Accordion>

  <Accordion title="How does Rootly match users between PagerDuty and Rootly?">
    Users are matched by email address. If a Rootly user exists with the same email (including soft-deleted users), Rootly reuses that user. If no match exists, Rootly creates a new Rootly user and adds them to the team so schedules and escalation policies can reference them.
  </Accordion>

  <Accordion title="Are notification rules migrated exactly as-is?">
    Notification rules are migrated when compatible. PagerDuty low urgency rules map to Rootly quiet rules, while all other rules map to Rootly audible rules. Delays are preserved where supported, and contact methods are mapped into Rootly’s supported channels (email, SMS, call, and mobile push). If a rule cannot be mapped reliably, Rootly skips it to avoid creating misleading paging behavior.
  </Accordion>

  <Accordion title="Why were some schedules skipped?">
    Some schedules may be skipped due to compatibility guardrails—most commonly when a schedule layer uses rotation turn lengths shorter than 24 hours. Skipped resources should be reviewed and recreated using Rootly-native patterns if they are operationally important.
  </Accordion>

  <Accordion title="Can I migrate only part of my PagerDuty configuration?">
    Yes. You can limit migration scope—for example, importing only specific escalation policy IDs, excluding certain schedules, or controlling whether all users are imported. This is useful for phased migrations where you transition one team or service group at a time.
  </Accordion>

  <Accordion title="Can Rootly sync into an existing Rootly workspace with existing schedules and users?">
    Yes. Migrations can be configured to synchronize against existing resources rather than always creating new ones. Sync mode may rebuild future shifts and clean up removed overrides to maintain parity with the PagerDuty source, so it should be used deliberately and validated carefully.
  </Accordion>

  <Accordion title="What should we validate before routing alerts to Rootly?">
    Validate that schedules show correct on-call responders, escalation policies point to the right targets, and a sample of responders can receive pages via at least one reliable channel. If you use mobile push, confirm responders have devices connected. If you use SMS/calls, confirm phone numbers are correct and deliverability is acceptable for your region and carriers.
  </Accordion>

  <Accordion title="Who do I contact if something looks wrong after migration?">
    Contact your Rootly onboarding representative or Rootly Support. Come prepared with the PagerDuty resource IDs (schedule IDs, escalation policy IDs) and a short description of the mismatch you’re seeing so the issue can be diagnosed quickly.
  </Accordion>
</AccordionGroup>

***

Need help planning or executing a migration? Contact your Rootly onboarding representative or email **[support@rootly.com](mailto:support@rootly.com)**.


# Requesting Shift Coverage
Source: https://docs.rootly.com/on-call/request-coverage

Request coverage in Rootly when you can't work an on-call shift and automatically reassign responsibility to teammates with approval workflows.

## Overview

When you’re part of an on-call rotation, Rootly automatically assigns you shifts based on your team’s schedules and escalation policies. While this ensures consistent coverage, real life doesn’t always align perfectly with on-call rotations. Planned time off, unexpected conflicts, or last-minute changes can make it difficult to cover an assigned shift.

**Coverage Requests** are designed to solve this problem without disrupting schedules or requiring an administrator to intervene. Instead of editing schedules directly, you can request help from teammates who are already part of the same rotation. Rootly then coordinates notifications, tracks responses, and automatically reassigns the shift when someone accepts.

Coverage Requests are available across **Web and Slack**, allowing teams to handle coverage quickly in the tools they already use.

## What Is a Coverage Request?

A Coverage Request is a lightweight way to say, “I can’t cover this shift—can someone else take it?”

When you submit a request, Rootly identifies the shifts affected during the selected time window and notifies other responders on the same schedule. Teammates can review the request, accept it if they’re available, or simply ignore it. Once a single person accepts, Rootly automatically creates the required override and closes the request.

This approach keeps schedules intact while ensuring accountability and visibility.

## Submitting Coverage Requests

<Info>
  If you have permission to create overrides directly, you can still reassign a shift manually. Coverage Requests are optimized for self-service coordination among teammates.
</Info>

### Requesting Coverage on Web

Coverage Requests can be created directly from both the **On-Call Shifts** view and the **Schedule** editor.

From the **On-Call Shifts** page, select the shift you’re unable to cover and choose **Request Coverage**.\
From a **Schedule**, edit the schedule you’re currently rotating on, navigate to the **Override & Coverage** tab, and select **Request Coverage**.

<img alt="Clean Shot2025 08 06at12 41 54@2x Pn" />

After opening the request modal, you’ll define the time range during which you’re unavailable. Rootly automatically detects all shifts assigned to you within that window and presents them for review. Once submitted, notifications are sent immediately.

<img alt="Clean Shot2025 08 06at12 42 45@2x Pn" />

### Requesting Coverage on Slack

If your team primarily operates in Slack, Coverage Requests can be created without ever leaving the conversation.

Run `/rootly override` in Slack, select the time window you need coverage for, and review the affected shifts. When you submit the request, Rootly sends actionable messages to eligible teammates and the schedule’s Slack channel (if configured).

<img alt="Clean Shot2025 08 06at12 51 03@2x Pn" />

### Requesting Coverage on Mobile

Mobile support for Coverage Requests is coming soon and will provide the same end-to-end experience available on Web and Slack.

## Managing Your Coverage Requests

All active Coverage Requests are visible in the Rootly web app. Navigate to **On-Call → Shifts**, then switch to the **Coverage Requests** view.

This page shows open requests, affected time ranges, and current status. Once a teammate accepts a request, it disappears from the list and the shift is immediately reassigned.

<img alt="Clean Shot2025 08 06at12 23 37@2x Pn" />

## Accepting Coverage Requests

Anyone who is part of the same schedule can accept a Coverage Request, as long as they are not already committed to overlapping on-call responsibilities.

Only **one** person can accept a request. As soon as it’s taken, Rootly creates an override, updates all relevant views, and notifies the original requester. If someone else attempts to accept after that point, they’ll be informed that the request has already been fulfilled.

<Info>
  If you rotate on multiple schedules, make sure accepting a request won’t conflict with another on-call commitment.
</Info>

### Accepting on Web

Coverage Requests can be accepted from both the **On-Call Shifts** page and the **Schedule** editor.

From a schedule, navigate to the **Override & Requests** tab to review and accept open requests. Only users with schedule edit permissions can accept requests from this view.

### Accepting on Slack

When a Coverage Request is created, Rootly sends interactive Slack messages to:

1. All active users on the schedule
2. The schedule’s configured Slack channel, if one exists

These messages include actions to **Take the shift**, **View on web**, or ignore the request entirely.

<img alt="Clean Shot2025 08 06at12 14 05@2x Pn" />

### Accepting on Mobile

Mobile acceptance is coming soon and will mirror the Slack and Web workflows.

## Best Practices

Coverage Requests work best when they’re used early and intentionally. Submitting a request as soon as you know you’ll be unavailable gives teammates more time to plan and respond.

Avoid creating multiple overlapping requests for the same shift window. Rootly prevents duplicates by design, so updating an existing request is the best way to make changes.

Teams should also ensure schedules have a Slack channel configured. This improves visibility and dramatically increases response rates, especially for time-sensitive coverage gaps.

Finally, remember that Coverage Requests are meant for **user-assigned shifts**. If your shift is owned by a schedule rather than an individual, an administrator may need to intervene.

## Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="What shifts can I request coverage for?">
    Coverage Requests can only be created for shifts that are assigned to individual users. If a shift is schedule-based, it must first be reassigned to a user before coverage can be requested.
  </Accordion>

  <Accordion title="What happens after someone accepts my request?">
    Once a teammate accepts, Rootly automatically creates an override for the shift, reassigns responsibility, and closes the request. You don’t need to take any further action.
  </Accordion>

  <Accordion title="Can multiple people accept the same request?">
    No. Only one person can accept a Coverage Request. If someone else tries to accept after it’s been taken, Rootly will notify them that the shift is no longer available.
  </Accordion>

  <Accordion title="What notifications are sent when I request coverage?">
    Rootly sends notifications to eligible teammates via Slack (DMs and channels, if configured) and also sends a push notification to your device so you can track the request’s status.
  </Accordion>

  <Accordion title="Can I cancel or change a coverage request?">
    Yes. If your plans change, you can delete the existing request and submit a new one with updated timing. Overlapping requests for the same window are not allowed.
  </Accordion>
</AccordionGroup>


# Round Robin Functionality
Source: https://docs.rootly.com/on-call/round-robin-functionality

Distribute alerts evenly among on-call team members in Rootly using alert-based and cycle-based round robin escalation strategies for fair workload sharing.

## Overview

Rootly's round robin feature introduces a streamlined way to manage escalation policies by automatically rotating the paging responsibilities among on-call team members. This ensures that alerts are distributed evenly and efficiently, reducing the burden on any single individual.

This feature is included out-of the box and is available for use today.

## Key Features

### Paging Methods

#### Alert-Based Paging

This is the most common style of round robin paging. Incoming alerts are cycled through the rotation of users. For example, the first incoming will page User A, if User A doesn't respond, it will escalate to level 2. The next incoming alert will page User B to ensure even distribution of alerts.

<Frame>
  <img />
</Frame>

#### Cycle-Based Paging

The cycle-based feature ensures each user in the escalation level is paged in sequential order before escalating to the next level.

<Frame>
  <img />
</Frame>

### Dynamic Updates

Rootly's web UI dynamically updates to show the current pageable person and the order of escalation. Timeline events also indicate the strategy used for each page.

### Configuring Round Robin

<iframe />

1. Navigate to Escalation Policies:
   * Go to the escalation policies section in your Rootly dashboard.
   * On-Call --> Escalation Policies
2. Create/Select an Escalation Policy:
   * Create a new escalation policy or choose an existing policy you want to configure for round robin.
3. Enable Round Robin:
   * When the feature flag for round robin is enabled, toggle the round robin option in each escalation policy level.

<Frame>
  <img />
</Frame>

4. Select either Alert-Based or Cycle-Based Paging:
   * Set the levels to be alert-based, where each new alert pages the next person in line.

<Frame>
  <img />
</Frame>

#### Example Scenario (Alert-based)

In this example, we have an escalation policy named "SRE - Round Robin EP" with one round robin alert-based level. The first pageable person is Alexandra. When alert A comes in, if Alexandra doesn't respond within five minutes, the alert moves to Andre, and then to Purvai.

* When alert B comes in, it will then go to Shadab and then escalate to the next level.
* When alert C comes in, it will then go to Andre and then escalate to the next level.

<Frame>
  <img />
</Frame>

1. Initial Alert:
   * Alexandra receives the first alert.
2. Escalation to Next Person:
   * After five minutes without a response, the alert escalates to Andre.
3. Further Escalation:
   If Andre also doesn’t respond, the alert moves to Purvai.
4. Repeat Cycle:
   * The repeat feature cycles the alerts back to Alexandra after Purvai.

#### Example Scenario (Cycle-Based)

In this example, we have an escalation policy named "SRE - Round Robin EP" with one cycle-based level. The first pageable person is Alexandra. When alert A comes in, it will first go to Alexandra and if she does not respond, then the alert moves to Shadab, and then to Andre.

<Frame>
  <img />
</Frame>

1. Initial Alert:
   * Alexandra receives the first alert.
2. Escalation to Next Person:
   * After one minute without a response, the alert escalates to Shadab.
3. Further Escalation:
   * If Shadab also doesn’t respond, the alert moves to Andre.
4. Repeat Cycle:
   * The repeat feature cycles the alerts back to Alexandra after Andre.

### Timeline Events

Timeline events will now show an indication of the strategy used for each page, providing clarity on how the alert was escalated and which strategy was employed.


# Overview
Source: https://docs.rootly.com/on-call/schedules

Create, manage, and maintain on-call schedules in Rootly with rotations, layers, overrides, restrictions, and previews to keep coverage clear and predictable.

## What Are On-Call Schedules?

On-call schedules form the foundation of the Rootly On-Call system. They are critical tools that ensure **alert responsibility** is always clearly assigned and continuously rotating among your team members. These schedules determine **who is on-call at any given time** and control the **rotation** of on-call duties across users or teams.

In Rootly, schedules are not only useful for defining on-call responsibilities but also for organizing who will respond to incidents. A schedule can be as simple as a single user rotating weekly, or as complex as multiple schedules nested within one another, representing different teams or geographies.

However, schedules alone do not trigger notifications or paging—they need to be linked to **Escalation Policies** to become part of the actual alerting process. **Escalation Policies** control the process of how and when on-call users are paged.

***

## Permissions & Access

Before you can create, edit, or delete schedules, certain permissions are required. Only users with the **On-Call Admin** or **On-Call User** roles have the ability to manage schedules. **On-Call Observers**, on the other hand, have read-only access to schedules and cannot modify them.

<Warning>
  **Required Permissions:**\
  To create, edit, or delete schedules, users need the **On-Call Admin** or **On-Call User** role.\
  Users without active on-call seats cannot be added to schedules.
</Warning>

***

## Creating a Schedule

To create a new on-call schedule in Rootly, follow these simple steps:

1. **Navigate to On-Call → Schedules** from the main menu.
2. Click on **+ New Schedule** to start the process.
3. Enter a **Schedule Name** (required) and an optional **Description** that provides more context about the schedule’s purpose.

When naming your schedule, it’s best practice to choose a descriptive name that reflects the team or role associated with the schedule (e.g., `Engineering Primary`, `Support - Weekend`, or `Platform Secondary`).

<Info>
  **Note:** The schedule name must be unique within your team to avoid conflicts. Schedule names should be concise, clear, and follow a consistent naming convention.
</Info>

***

### Step 1: Define Rotations

Rotations dictate **how on-call responsibilities rotate** between team members. The **rotation** defines the order in which members are assigned on-call duties.

A rotation is essentially a cycle that determines **who is on call** and **when they will take over the responsibility**. Depending on your organization's needs, you may set up a rotation for a single user or multiple users who rotate through different time slots.

When you define a rotation, you’ll need to give it a **name** that reflects the group or role it pertains to. For example, a rotation for the `Security Team` might simply be called "Security Rotation."

<Warning>
  **Important Reminder:**\
  A schedule can only have **one active rotation at a time**. Make sure that you define the rotation rules clearly to avoid overlaps.
</Warning>

***

### Step 2: Add Rotation Members

In this step, you will **assign users to the rotation**. You can add individual users, teams, or other schedules to a rotation. Adding **schedules as members** allows for nesting, where a team’s schedule can be part of a higher-level schedule.

Each member of the rotation will be assigned a time period based on the rules you set in Step 3. For example, if you choose weekly rotation, the on-call duty will shift every week, and the members will rotate in order.

To assign members:

1. You can either search or use the filters to find the users, teams, or schedules you wish to add.
2. Once added, the members will rotate based on the order they are listed. You can easily adjust the order by **dragging and dropping** members within the list.

When a schedule is nested inside another schedule, the **parent schedule** will call the **current on-call responder** of the **child schedule** when it’s time for the escalation policy to trigger.

<Info>
  **Note:**\
  A **Schedule cannot be part of more than one other schedule's rotation**. This restriction is in place to prevent infinite loops where schedules are circularly dependent on each other.
</Info>

***

### Step 3: Configure Rotation Rules

Now that you've set up the members, it’s time to configure the rotation rules. This step is where you define the **frequency** and **timing** of the rotation.

Rootly provides several options for configuring your rotations:

* **Rotation Types:**
  * Daily
  * Weekly
  * Biweekly
  * Monthly
  * Custom (e.g., hourly, daily, weekly)
* **Active Days:**\
  You can define which days of the week your rotation is active.
* **Active Hours:**\
  You can specify whether the rotation is active all day or only for specific hours.
* **Timezone:**\
  Choose the timezone for the rotation, which will follow the time zone set by your team or organization.

For custom rotations, you can set specific timeframes and choose **shift length** (e.g., 8-hour shifts, 12-hour shifts). You also have the option to adjust the **handoff time** for when one rotation ends and another begins.

<Note>
  **Important:**\
  Only one rotation can be active at any given time. If two rotations overlap, Rootly will follow the **bottom-most** rotation logic.
</Note>

***

### Step 4: Add Paging Logic

Once your schedule is set up with rotation rules, you’ll need to link it to an **Escalation Policy** to ensure that the correct person is paged.

An **Escalation Policy** defines **how and when users should be paged**. To page the on-call user, you must:

1. Create an **Escalation Policy**.
2. Assign the schedule to the policy by selecting it as a **notification target** within the escalation steps.
3. Make sure the escalation policy is connected to a **service** or **team** for active monitoring.

<Note>
  **Reminder:**\
  Without being connected to an **Escalation Policy**, a schedule will not trigger any alerts. Ensure that you add the schedule to a policy so it becomes part of the alerting flow.
</Note>

***

## Editing a Schedule

If you need to modify a schedule, follow these steps:

1. Go to **On-Call → Schedules**.
2. Select the schedule you want to edit by clicking the **⋯** menu.
3. Click **Edit** to update the schedule name, description, members, or rotation rules.

***

## Deleting a Schedule

If you need to delete a schedule, here’s how you do it:

1. Navigate to **On-Call → Schedules**.
2. Find the schedule and click the **⋯** menu.
3. Select **Delete**, and confirm your choice in the dialog window.

<Warning>
  **Important:**\
  Deleting a schedule is **permanent** and cannot be undone. If you want to temporarily stop a schedule, consider deactivating it or removing it from active escalation policies.
</Warning>

***

## Schedule Management Features

The **Schedules Page** in Rootly provides an overview of all schedules, showing:

* **Who is currently on-call** for each schedule
* The **next shift change**
* Which **Escalation Policy** is associated with the schedule
* Filter and search options for easy navigation

You can also sort schedules by **name**, **date created**, and **last updated**.

<Frame>
  <img alt="" />
</Frame>

***

## Exporting a Schedule to an External Calendar

Rootly allows you to export your on-call schedule to an external calendar so you and your team can view upcoming shifts directly from your preferred calendar app.

<Frame>
  <img alt="Screenshot 2026 04 13 At 11 44 40 AM" />
</Frame>

## Auditing Schedule Changes

Rootly tracks all changes made to schedules through an **audit log**. This provides transparency, allowing you to track:

* When a schedule was created or modified
* Updates to rotation members or rotation rules
* Changes in shift timings or handoff schedules

To access the audit log, simply start editing the schedule and click on **View Version History** in the top-right corner of the editor.

***

## Best Practices for Managing Schedules

* **Clearly name schedules:** Use descriptive names for schedules to make it easy for teams to identify the right schedule at a glance.
* **Simplify rotations:** Keep rotation cycles simple and clear. Avoid overly complex configurations unless absolutely necessary.
* **Use custom rotations when needed:** For specific teams or roles that need different rotation types, use the custom option to tailor schedules to your needs.
* **Review schedules periodically:** Regularly check schedules to ensure there are no overlaps or issues with rotation rules.
* **Add schedules to Escalation Policies:** Ensure that schedules are linked to the appropriate escalation policies to ensure timely paging.

***

## Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="How do I ensure no one misses a shift?">
    To ensure on-call responders are actually notified, your schedule must be connected to an **Escalation Policy**.\
    Schedules by themselves only define *who* is on call—they do not trigger paging. Once a schedule is added as a notification target in an escalation policy and that policy is assigned to a service or team, Rootly can page the active on-call responder reliably.
  </Accordion>

  <Accordion title="Can I assign a team directly to a schedule?">
    No. Schedules can only contain **individual users** or **other schedules**.\
    Teams are not valid members of a schedule rotation. If you want a team to participate in on-call, create a schedule for that team and then nest that schedule inside a higher-level schedule if needed.
  </Accordion>

  <Accordion title="What if I need to pause a schedule instead of deleting it?">
    If you need to temporarily stop a schedule from paging responders, you do not need to delete it.\
    Instead, remove the schedule from any associated escalation policies or deactivate it. This preserves the schedule configuration while preventing it from triggering alerts.
  </Accordion>

  <Accordion title="How do I manage overlapping rotations?">
    Rootly allows multiple rotations within a single schedule, but only **one rotation can be active at any given time**.\
    If rotation rules overlap, Rootly automatically prioritizes the **bottom-most rotation** in the list. To control which logic applies, ensure your rotations are ordered intentionally and reviewed for overlap.
  </Accordion>
</AccordionGroup>

***

On-call schedules are central to keeping your team responsive, organized, and ready. Once set up, they enable seamless transitions and ensure that alerts are always addressed in a timely manner, no matter the time zone or time of day.


# Supported Countries
Source: https://docs.rootly.com/on-call/supported-countries

Reference list of countries supported for SMS, push, and phone call notifications in Rootly On-Call, including delivery routes and regional carrier information.

Rootly On-Call uses Twilio to deliver SMS and phone call notifications to on-call responders. This page lists the countries where these notification methods are supported.

<Warning>
  **Deliverability is not guaranteed.** Even in supported countries, messages and calls may fail to deliver due to carrier filtering, local regulations, or network issues. Push notifications via the Rootly mobile app are more reliable and recommended as your primary notification method.
</Warning>

<Note>
  **Important considerations:**

  * **Local regulations**: Many countries have strict telecom regulations that may affect message delivery, especially for A2P (Application-to-Person) messaging
  * **Carrier filtering**: Mobile carriers may filter or block messages from unknown or international senders
  * **Number registration**: Some countries require pre-registration of sender IDs or recipient numbers
  * **Time-based restrictions**: Certain countries restrict messaging during specific hours
  * **Content filtering**: Messages containing certain keywords may be blocked by local carriers
</Note>

## Registered Sender IDs

Rootly has registered sender IDs in the following countries for improved deliverability:

| Country   | Sender ID | Status            |
| --------- | --------- | ----------------- |
| Hong Kong | Rootly-HK | Approved          |
| Macao     | Rootly-MO | Approved          |
| Taiwan    | Rootly-TW | Filing in process |

## Short Codes

Rootly uses dedicated short codes in the following countries for improved deliverability:

| Country     | Short Code | Status |
| ----------- | ---------- | ------ |
| New Zealand | 8436       | Active |

## SMS Notifications

SMS notifications can be sent to phone numbers in the following countries. Delivery rates vary by country and carrier.

<div>
  <table>
    <thead>
      <tr>
        <th>Country</th>
        <th>Code</th>
      </tr>
    </thead>

    <tbody>
      <tr><td>Afghanistan</td><td>+93</td></tr>
      <tr><td>Albania</td><td>+355</td></tr>
      <tr><td>American Samoa</td><td>+1</td></tr>
      <tr><td>Andorra</td><td>+376</td></tr>
      <tr><td>Anguilla</td><td>+1264</td></tr>
      <tr><td>Antigua and Barbuda</td><td>+1268</td></tr>
      <tr><td>Argentina</td><td>+54</td></tr>
      <tr><td>Armenia</td><td>+374</td></tr>
      <tr><td>Aruba</td><td>+297</td></tr>
      <tr><td>Australia</td><td>+61</td></tr>
      <tr><td>Austria</td><td>+43</td></tr>
      <tr><td>Bahamas</td><td>+1242</td></tr>
      <tr><td>Bahrain</td><td>+973</td></tr>
      <tr><td>Barbados</td><td>+1246</td></tr>
      <tr><td>Belarus</td><td>+375</td></tr>
      <tr><td>Belgium</td><td>+32</td></tr>
      <tr><td>Belize</td><td>+501</td></tr>
      <tr><td>Benin</td><td>+229</td></tr>
      <tr><td>Bermuda</td><td>+1441</td></tr>
      <tr><td>Bhutan</td><td>+975</td></tr>
      <tr><td>Bolivia</td><td>+591</td></tr>
      <tr><td>Bosnia and Herzegovina</td><td>+387</td></tr>
      <tr><td>Botswana</td><td>+267</td></tr>
      <tr><td>Brazil</td><td>+55</td></tr>
      <tr><td>Brunei</td><td>+673</td></tr>
      <tr><td>Bulgaria</td><td>+359</td></tr>
      <tr><td>Burkina Faso</td><td>+226</td></tr>
      <tr><td>Cambodia</td><td>+855</td></tr>
      <tr><td>Cameroon</td><td>+237</td></tr>
      <tr><td>Canada</td><td>+1</td></tr>
      <tr><td>Cape Verde</td><td>+238</td></tr>
      <tr><td>Cayman Islands</td><td>+1345</td></tr>
      <tr><td>Central African Republic</td><td>+236</td></tr>
      <tr><td>Chad</td><td>+235</td></tr>
      <tr><td>Chile</td><td>+56</td></tr>
      <tr><td>China</td><td>+86</td></tr>
      <tr><td>Colombia</td><td>+57</td></tr>
      <tr><td>Comoros</td><td>+269</td></tr>
      <tr><td>Congo</td><td>+242</td></tr>
      <tr><td>Congo (DRC)</td><td>+243</td></tr>
      <tr><td>Cook Islands</td><td>+682</td></tr>
      <tr><td>Costa Rica</td><td>+506</td></tr>
      <tr><td>Croatia</td><td>+385</td></tr>
      <tr><td>Cuba</td><td>+53</td></tr>
      <tr><td>Cyprus</td><td>+357</td></tr>
      <tr><td>Czech Republic</td><td>+420</td></tr>
      <tr><td>Denmark</td><td>+45</td></tr>
      <tr><td>Djibouti</td><td>+253</td></tr>
      <tr><td>Dominica</td><td>+1767</td></tr>
      <tr><td>Dominican Republic</td><td>+1829</td></tr>
      <tr><td>Egypt</td><td>+20</td></tr>
      <tr><td>El Salvador</td><td>+503</td></tr>
      <tr><td>Equatorial Guinea</td><td>+240</td></tr>
      <tr><td>Eritrea</td><td>+291</td></tr>
      <tr><td>Estonia</td><td>+372</td></tr>
      <tr><td>Ethiopia</td><td>+251</td></tr>
      <tr><td>Faroe Islands</td><td>+298</td></tr>
      <tr><td>Fiji</td><td>+679</td></tr>
      <tr><td>Finland</td><td>+358</td></tr>
      <tr><td>France</td><td>+33</td></tr>
      <tr><td>French Guiana</td><td>+594</td></tr>
      <tr><td>French Polynesia</td><td>+689</td></tr>
      <tr><td>Gabon</td><td>+241</td></tr>
      <tr><td>Gambia</td><td>+220</td></tr>
      <tr><td>Georgia</td><td>+995</td></tr>
      <tr><td>Germany</td><td>+49</td></tr>
      <tr><td>Ghana</td><td>+233</td></tr>
      <tr><td>Gibraltar</td><td>+350</td></tr>
      <tr><td>Greece</td><td>+30</td></tr>
      <tr><td>Greenland</td><td>+299</td></tr>
      <tr><td>Grenada</td><td>+1473</td></tr>
      <tr><td>Guadeloupe</td><td>+590</td></tr>
      <tr><td>Guam</td><td>+1671</td></tr>
      <tr><td>Guatemala</td><td>+502</td></tr>
      <tr><td>Guinea</td><td>+224</td></tr>
      <tr><td>Guinea-Bissau</td><td>+245</td></tr>
      <tr><td>Guyana</td><td>+592</td></tr>
      <tr><td>Haiti</td><td>+509</td></tr>
      <tr><td>Honduras</td><td>+504</td></tr>
      <tr><td>Hong Kong</td><td>+852</td></tr>
      <tr><td>Hungary</td><td>+36</td></tr>
      <tr><td>Iceland</td><td>+354</td></tr>
      <tr><td>India</td><td>+91</td></tr>
      <tr><td>Indonesia</td><td>+62</td></tr>
      <tr><td>Iraq</td><td>+964</td></tr>
      <tr><td>Ireland</td><td>+353</td></tr>
      <tr><td>Israel</td><td>+972</td></tr>
      <tr><td>Italy</td><td>+39</td></tr>
      <tr><td>Ivory Coast</td><td>+225</td></tr>
      <tr><td>Jamaica</td><td>+1876</td></tr>
      <tr><td>Japan</td><td>+81</td></tr>
      <tr><td>Jordan</td><td>+962</td></tr>
      <tr><td>Kazakhstan</td><td>+7</td></tr>
      <tr><td>Kenya</td><td>+254</td></tr>
      <tr><td>Kiribati</td><td>+686</td></tr>
      <tr><td>Korea (South)</td><td>+82</td></tr>
      <tr><td>Kuwait</td><td>+965</td></tr>
      <tr><td>Kyrgyzstan</td><td>+996</td></tr>
      <tr><td>Laos</td><td>+856</td></tr>
      <tr><td>Latvia</td><td>+371</td></tr>
      <tr><td>Lebanon</td><td>+961</td></tr>
      <tr><td>Lesotho</td><td>+266</td></tr>
      <tr><td>Liberia</td><td>+231</td></tr>
      <tr><td>Libya</td><td>+218</td></tr>
      <tr><td>Liechtenstein</td><td>+423</td></tr>
      <tr><td>Lithuania</td><td>+370</td></tr>
      <tr><td>Luxembourg</td><td>+352</td></tr>
      <tr><td>Macao</td><td>+853</td></tr>
      <tr><td>Macedonia</td><td>+389</td></tr>
      <tr><td>Madagascar</td><td>+261</td></tr>
      <tr><td>Malawi</td><td>+265</td></tr>
      <tr><td>Malaysia</td><td>+60</td></tr>
      <tr><td>Maldives</td><td>+960</td></tr>
      <tr><td>Mali</td><td>+223</td></tr>
      <tr><td>Malta</td><td>+356</td></tr>
      <tr><td>Marshall Islands</td><td>+692</td></tr>
      <tr><td>Martinique</td><td>+596</td></tr>
      <tr><td>Mauritius</td><td>+230</td></tr>
      <tr><td>Mexico</td><td>+52</td></tr>
      <tr><td>Micronesia</td><td>+691</td></tr>
      <tr><td>Moldova</td><td>+373</td></tr>
      <tr><td>Monaco</td><td>+377</td></tr>
      <tr><td>Mongolia</td><td>+976</td></tr>
      <tr><td>Montenegro</td><td>+382</td></tr>
      <tr><td>Montserrat</td><td>+1664</td></tr>
      <tr><td>Morocco</td><td>+212</td></tr>
      <tr><td>Myanmar</td><td>+95</td></tr>
      <tr><td>Namibia</td><td>+264</td></tr>
      <tr><td>Nepal</td><td>+977</td></tr>
      <tr><td>Netherlands</td><td>+31</td></tr>
      <tr><td>Netherlands Antilles</td><td>+599</td></tr>
      <tr><td>New Caledonia</td><td>+687</td></tr>
      <tr><td>New Zealand</td><td>+64</td></tr>
      <tr><td>Nicaragua</td><td>+505</td></tr>
      <tr><td>Niger</td><td>+227</td></tr>
      <tr><td>Norway</td><td>+47</td></tr>
      <tr><td>Palau</td><td>+680</td></tr>
      <tr><td>Panama</td><td>+507</td></tr>
      <tr><td>Papua New Guinea</td><td>+675</td></tr>
      <tr><td>Paraguay</td><td>+595</td></tr>
      <tr><td>Peru</td><td>+51</td></tr>
      <tr><td>Philippines</td><td>+63</td></tr>
      <tr><td>Poland</td><td>+48</td></tr>
      <tr><td>Portugal</td><td>+351</td></tr>
      <tr><td>Puerto Rico</td><td>+1787</td></tr>
      <tr><td>Qatar</td><td>+974</td></tr>
      <tr><td>Reunion</td><td>+262</td></tr>
      <tr><td>Romania</td><td>+40</td></tr>
      <tr><td>Russia</td><td>+7</td></tr>
      <tr><td>Samoa</td><td>+685</td></tr>
      <tr><td>San Marino</td><td>+378</td></tr>
      <tr><td>Saudi Arabia</td><td>+966</td></tr>
      <tr><td>Serbia</td><td>+381</td></tr>
      <tr><td>Sierra Leone</td><td>+232</td></tr>
      <tr><td>Singapore</td><td>+65</td></tr>
      <tr><td>Solomon Islands</td><td>+677</td></tr>
      <tr><td>Spain</td><td>+34</td></tr>
      <tr><td>St Kitts and Nevis</td><td>+1869</td></tr>
      <tr><td>St Lucia</td><td>+1758</td></tr>
      <tr><td>St Pierre and Miquelon</td><td>+508</td></tr>
      <tr><td>St Vincent Grenadines</td><td>+1784</td></tr>
      <tr><td>Suriname</td><td>+597</td></tr>
      <tr><td>Swaziland</td><td>+268</td></tr>
      <tr><td>Sweden</td><td>+46</td></tr>
      <tr><td>Switzerland</td><td>+41</td></tr>
      <tr><td>Taiwan</td><td>+886</td></tr>
      <tr><td>Thailand</td><td>+66</td></tr>
      <tr><td>Tonga</td><td>+676</td></tr>
      <tr><td>Trinidad and Tobago</td><td>+1868</td></tr>
      <tr><td>Turkey</td><td>+90</td></tr>
      <tr><td>Turkmenistan</td><td>+993</td></tr>
      <tr><td>Turks and Caicos Islands</td><td>+1649</td></tr>
      <tr><td>Ukraine</td><td>+380</td></tr>
      <tr><td>United Arab Emirates</td><td>+971</td></tr>
      <tr><td>United Kingdom</td><td>+44</td></tr>
      <tr><td>United States</td><td>+1</td></tr>
      <tr><td>Uruguay</td><td>+598</td></tr>
      <tr><td>Vanuatu</td><td>+678</td></tr>
      <tr><td>Vietnam</td><td>+84</td></tr>
      <tr><td>Virgin Islands (British)</td><td>+1284</td></tr>
      <tr><td>Virgin Islands (U.S.)</td><td>+1340</td></tr>
      <tr><td>Yemen</td><td>+967</td></tr>
    </tbody>
  </table>
</div>

## Phone Notifications

Phone call notifications can be made to phone numbers in the following countries. Call connection rates vary by country, carrier, and network conditions.

<div>
  <table>
    <thead>
      <tr>
        <th>Country</th>
        <th>Code</th>
      </tr>
    </thead>

    <tbody>
      <tr><td>Afghanistan</td><td>+93</td></tr>
      <tr><td>Albania</td><td>+355</td></tr>
      <tr><td>American Samoa</td><td>+1</td></tr>
      <tr><td>Andorra</td><td>+376</td></tr>
      <tr><td>Anguilla</td><td>+1264</td></tr>
      <tr><td>Antigua and Barbuda</td><td>+1268</td></tr>
      <tr><td>Argentina</td><td>+54</td></tr>
      <tr><td>Armenia</td><td>+374</td></tr>
      <tr><td>Aruba</td><td>+297</td></tr>
      <tr><td>Australia</td><td>+61</td></tr>
      <tr><td>Austria</td><td>+43</td></tr>
      <tr><td>Bahamas</td><td>+1242</td></tr>
      <tr><td>Bahrain</td><td>+973</td></tr>
      <tr><td>Barbados</td><td>+1246</td></tr>
      <tr><td>Belarus</td><td>+375</td></tr>
      <tr><td>Belgium</td><td>+32</td></tr>
      <tr><td>Belize</td><td>+501</td></tr>
      <tr><td>Benin</td><td>+229</td></tr>
      <tr><td>Bermuda</td><td>+1441</td></tr>
      <tr><td>Bhutan</td><td>+975</td></tr>
      <tr><td>Bolivia</td><td>+591</td></tr>
      <tr><td>Bosnia and Herzegovina</td><td>+387</td></tr>
      <tr><td>Botswana</td><td>+267</td></tr>
      <tr><td>Brazil</td><td>+55</td></tr>
      <tr><td>Brunei</td><td>+673</td></tr>
      <tr><td>Bulgaria</td><td>+359</td></tr>
      <tr><td>Burkina Faso</td><td>+226</td></tr>
      <tr><td>Cambodia</td><td>+855</td></tr>
      <tr><td>Cameroon</td><td>+237</td></tr>
      <tr><td>Canada</td><td>+1</td></tr>
      <tr><td>Cape Verde</td><td>+238</td></tr>
      <tr><td>Cayman Islands</td><td>+1345</td></tr>
      <tr><td>Central African Republic</td><td>+236</td></tr>
      <tr><td>Chad</td><td>+235</td></tr>
      <tr><td>Chile</td><td>+56</td></tr>
      <tr><td>China</td><td>+86</td></tr>
      <tr><td>Colombia</td><td>+57</td></tr>
      <tr><td>Comoros</td><td>+269</td></tr>
      <tr><td>Congo</td><td>+242</td></tr>
      <tr><td>Congo (DRC)</td><td>+243</td></tr>
      <tr><td>Cook Islands</td><td>+682</td></tr>
      <tr><td>Costa Rica</td><td>+506</td></tr>
      <tr><td>Croatia</td><td>+385</td></tr>
      <tr><td>Cuba</td><td>+53</td></tr>
      <tr><td>Cyprus</td><td>+357</td></tr>
      <tr><td>Czech Republic</td><td>+420</td></tr>
      <tr><td>Denmark</td><td>+45</td></tr>
      <tr><td>Djibouti</td><td>+253</td></tr>
      <tr><td>Dominica</td><td>+1767</td></tr>
      <tr><td>Dominican Republic</td><td>+1829</td></tr>
      <tr><td>Egypt</td><td>+20</td></tr>
      <tr><td>El Salvador</td><td>+503</td></tr>
      <tr><td>Equatorial Guinea</td><td>+240</td></tr>
      <tr><td>Eritrea</td><td>+291</td></tr>
      <tr><td>Estonia</td><td>+372</td></tr>
      <tr><td>Ethiopia</td><td>+251</td></tr>
      <tr><td>Faroe Islands</td><td>+298</td></tr>
      <tr><td>Fiji</td><td>+679</td></tr>
      <tr><td>Finland</td><td>+358</td></tr>
      <tr><td>France</td><td>+33</td></tr>
      <tr><td>French Guiana</td><td>+594</td></tr>
      <tr><td>French Polynesia</td><td>+689</td></tr>
      <tr><td>Gabon</td><td>+241</td></tr>
      <tr><td>Gambia</td><td>+220</td></tr>
      <tr><td>Georgia</td><td>+995</td></tr>
      <tr><td>Germany</td><td>+49</td></tr>
      <tr><td>Ghana</td><td>+233</td></tr>
      <tr><td>Gibraltar</td><td>+350</td></tr>
      <tr><td>Greece</td><td>+30</td></tr>
      <tr><td>Greenland</td><td>+299</td></tr>
      <tr><td>Grenada</td><td>+1473</td></tr>
      <tr><td>Guadeloupe</td><td>+590</td></tr>
      <tr><td>Guam</td><td>+1671</td></tr>
      <tr><td>Guatemala</td><td>+502</td></tr>
      <tr><td>Guinea</td><td>+224</td></tr>
      <tr><td>Guinea-Bissau</td><td>+245</td></tr>
      <tr><td>Guyana</td><td>+592</td></tr>
      <tr><td>Haiti</td><td>+509</td></tr>
      <tr><td>Honduras</td><td>+504</td></tr>
      <tr><td>Hong Kong</td><td>+852</td></tr>
      <tr><td>Hungary</td><td>+36</td></tr>
      <tr><td>Iceland</td><td>+354</td></tr>
      <tr><td>India</td><td>+91</td></tr>
      <tr><td>Indonesia</td><td>+62</td></tr>
      <tr><td>Iraq</td><td>+964</td></tr>
      <tr><td>Ireland</td><td>+353</td></tr>
      <tr><td>Israel</td><td>+972</td></tr>
      <tr><td>Italy</td><td>+39</td></tr>
      <tr><td>Ivory Coast</td><td>+225</td></tr>
      <tr><td>Jamaica</td><td>+1876</td></tr>
      <tr><td>Japan</td><td>+81</td></tr>
      <tr><td>Jordan</td><td>+962</td></tr>
      <tr><td>Kazakhstan</td><td>+7</td></tr>
      <tr><td>Kenya</td><td>+254</td></tr>
      <tr><td>Kiribati</td><td>+686</td></tr>
      <tr><td>Korea (South)</td><td>+82</td></tr>
      <tr><td>Kuwait</td><td>+965</td></tr>
      <tr><td>Kyrgyzstan</td><td>+996</td></tr>
      <tr><td>Laos</td><td>+856</td></tr>
      <tr><td>Latvia</td><td>+371</td></tr>
      <tr><td>Lebanon</td><td>+961</td></tr>
      <tr><td>Lesotho</td><td>+266</td></tr>
      <tr><td>Liberia</td><td>+231</td></tr>
      <tr><td>Libya</td><td>+218</td></tr>
      <tr><td>Liechtenstein</td><td>+423</td></tr>
      <tr><td>Lithuania</td><td>+370</td></tr>
      <tr><td>Luxembourg</td><td>+352</td></tr>
      <tr><td>Macao</td><td>+853</td></tr>
      <tr><td>Macedonia</td><td>+389</td></tr>
      <tr><td>Madagascar</td><td>+261</td></tr>
      <tr><td>Malawi</td><td>+265</td></tr>
      <tr><td>Malaysia</td><td>+60</td></tr>
      <tr><td>Maldives</td><td>+960</td></tr>
      <tr><td>Mali</td><td>+223</td></tr>
      <tr><td>Malta</td><td>+356</td></tr>
      <tr><td>Marshall Islands</td><td>+692</td></tr>
      <tr><td>Martinique</td><td>+596</td></tr>
      <tr><td>Mauritius</td><td>+230</td></tr>
      <tr><td>Mexico</td><td>+52</td></tr>
      <tr><td>Micronesia</td><td>+691</td></tr>
      <tr><td>Moldova</td><td>+373</td></tr>
      <tr><td>Monaco</td><td>+377</td></tr>
      <tr><td>Mongolia</td><td>+976</td></tr>
      <tr><td>Montenegro</td><td>+382</td></tr>
      <tr><td>Montserrat</td><td>+1664</td></tr>
      <tr><td>Morocco</td><td>+212</td></tr>
      <tr><td>Myanmar</td><td>+95</td></tr>
      <tr><td>Namibia</td><td>+264</td></tr>
      <tr><td>Nepal</td><td>+977</td></tr>
      <tr><td>Netherlands</td><td>+31</td></tr>
      <tr><td>Netherlands Antilles</td><td>+599</td></tr>
      <tr><td>New Caledonia</td><td>+687</td></tr>
      <tr><td>New Zealand</td><td>+64</td></tr>
      <tr><td>Nicaragua</td><td>+505</td></tr>
      <tr><td>Niger</td><td>+227</td></tr>
      <tr><td>Norway</td><td>+47</td></tr>
      <tr><td>Palau</td><td>+680</td></tr>
      <tr><td>Panama</td><td>+507</td></tr>
      <tr><td>Papua New Guinea</td><td>+675</td></tr>
      <tr><td>Paraguay</td><td>+595</td></tr>
      <tr><td>Peru</td><td>+51</td></tr>
      <tr><td>Philippines</td><td>+63</td></tr>
      <tr><td>Poland</td><td>+48</td></tr>
      <tr><td>Portugal</td><td>+351</td></tr>
      <tr><td>Puerto Rico</td><td>+1787</td></tr>
      <tr><td>Qatar</td><td>+974</td></tr>
      <tr><td>Reunion</td><td>+262</td></tr>
      <tr><td>Romania</td><td>+40</td></tr>
      <tr><td>Russia</td><td>+7</td></tr>
      <tr><td>Samoa</td><td>+685</td></tr>
      <tr><td>San Marino</td><td>+378</td></tr>
      <tr><td>Saudi Arabia</td><td>+966</td></tr>
      <tr><td>Serbia</td><td>+381</td></tr>
      <tr><td>Sierra Leone</td><td>+232</td></tr>
      <tr><td>Singapore</td><td>+65</td></tr>
      <tr><td>Solomon Islands</td><td>+677</td></tr>
      <tr><td>Spain</td><td>+34</td></tr>
      <tr><td>St Kitts and Nevis</td><td>+1869</td></tr>
      <tr><td>St Lucia</td><td>+1758</td></tr>
      <tr><td>St Pierre and Miquelon</td><td>+508</td></tr>
      <tr><td>St Vincent Grenadines</td><td>+1784</td></tr>
      <tr><td>Suriname</td><td>+597</td></tr>
      <tr><td>Swaziland</td><td>+268</td></tr>
      <tr><td>Sweden</td><td>+46</td></tr>
      <tr><td>Switzerland</td><td>+41</td></tr>
      <tr><td>Taiwan</td><td>+886</td></tr>
      <tr><td>Thailand</td><td>+66</td></tr>
      <tr><td>Tonga</td><td>+676</td></tr>
      <tr><td>Trinidad and Tobago</td><td>+1868</td></tr>
      <tr><td>Turkey</td><td>+90</td></tr>
      <tr><td>Turkmenistan</td><td>+993</td></tr>
      <tr><td>Turks and Caicos Islands</td><td>+1649</td></tr>
      <tr><td>Ukraine</td><td>+380</td></tr>
      <tr><td>United Arab Emirates</td><td>+971</td></tr>
      <tr><td>United Kingdom</td><td>+44</td></tr>
      <tr><td>United States</td><td>+1</td></tr>
      <tr><td>Uruguay</td><td>+598</td></tr>
      <tr><td>Vanuatu</td><td>+678</td></tr>
      <tr><td>Vietnam</td><td>+84</td></tr>
      <tr><td>Virgin Islands (British)</td><td>+1284</td></tr>
      <tr><td>Virgin Islands (U.S.)</td><td>+1340</td></tr>
      <tr><td>Yemen</td><td>+967</td></tr>
    </tbody>
  </table>
</div>

<Info>
  If your country is not listed or you're experiencing delivery issues, please [contact support](/contacting-support) for assistance.
</Info>

## Troubleshooting

If you're not receiving SMS or phone notifications:

1. **Verify phone number format**: Ensure your phone number is entered correctly with the full country code (e.g., +1 for US, +44 for UK)
2. **Check notification settings**: Confirm notifications are enabled in your [user profile](/user-profile)
3. **Review carrier settings**: Your mobile carrier may be blocking messages from unknown or international numbers
4. **Check Do Not Disturb**: Ensure your phone's DND settings aren't blocking calls from unknown numbers
5. **Verify network connectivity**: Poor cellular coverage can prevent message and call delivery

### Common delivery issues by region

<Warning>
  **High-risk countries for SMS delivery**: Some countries have particularly strict filtering that may result in low delivery rates. Consider using phone calls or alternative notification methods (Slack, email, push notifications) as your primary contact method in these regions.
</Warning>

| Region        | Common Issues                                                  |
| ------------- | -------------------------------------------------------------- |
| Asia Pacific  | Strict sender ID registration requirements, content filtering  |
| Middle East   | Government-level filtering, restricted international messaging |
| Africa        | Network infrastructure limitations, carrier filtering          |
| Latin America | Sender ID requirements, variable carrier support               |
| Europe        | GDPR compliance requirements, sender verification              |

### Best practices

* **Use push notifications as primary**: Push notifications via the Rootly mobile app are more reliable than SMS/phone and work globally without carrier restrictions
* **Configure multiple notification methods**: Set up backup notification channels (email, Slack) in addition to push notifications
* **Use escalation policies**: Ensure your on-call schedules have proper escalation to catch missed notifications
* **Test notifications**: Periodically test your notification settings to ensure they're working
* **Keep contact info updated**: Ensure phone numbers are current and properly formatted

For persistent issues, contact [Rootly Support](/contacting-support).


# Sync Schedules to Slack User Groups
Source: https://docs.rootly.com/on-call/sync-schedules

Keep Slack user groups automatically in sync with your Rootly on-call schedules so the right responder is always reachable through @mentions and routing.

## Overview

Syncing an on-call schedule to a Slack user group makes it easy for teams to reach the correct on-call responder without needing to know who is currently covering a shift.

Instead of manually updating Slack user groups or relying on outdated documentation, Rootly keeps your Slack user groups continuously in sync with your on-call schedules. As schedules rotate, overrides are applied, or nested schedules take effect, Rootly automatically updates the Slack user group to reflect **who is on call right now**.

This allows anyone in Slack to simply mention a user group—such as `@oncall-engineering`—and reliably notify the active on-call responder, even as coverage changes behind the scenes.

***

## How Slack User Group Sync Works

When a schedule is linked to a Slack user group, Rootly treats that user group as a live reflection of the schedule’s current on-call assignee.

Each time the on-call user changes, Rootly updates the Slack user group membership to include only the active responder. This includes changes caused by:

* Normal rotation handoffs
* Overrides being created, updated, or reverted
* Nested schedules resolving to a downstream on-call user

Because Slack handles notifications when a user group is mentioned, tagging the group in a Slack message immediately notifies the on-call responder—without requiring any manual updates from your team.

<Note>
  Slack user group mentions are handled entirely by Slack.\
  Rootly’s role is to ensure the **correct Slack user is always a member of the group** based on the current on-call state.
</Note>

***

## Prerequisites

Before you can sync a schedule to a Slack user group, your workspace must meet a few requirements.

Your team must have a Slack integration connected to Rootly, and that integration must include the permissions required to manage user group membership. If the necessary scopes are missing, the Slack user group selector will not be available when editing a schedule.

Additionally, Rootly matches users to Slack accounts by email address. If a Rootly user does not have a corresponding Slack user with the same email, they cannot be added to the Slack user group.

<Warning>
  If you don’t see Slack user groups listed when editing a schedule, ask a Slack administrator to verify that the Slack integration is connected and has the required user group permissions.
</Warning>

***

## Set Up a Slack User Group Sync

To sync a schedule with a Slack user group, open the schedule you want to configure or create a new one.

Within the schedule editor, navigate to the **Notifications** tab. From there, you can select an existing Slack user group from your connected Slack workspace. Once selected, save the schedule to apply the change.

<Frame>
  <img />
</Frame>

As soon as the schedule is saved, Rootly will evaluate the current on-call shift and update the selected Slack user group to include the active responder.

***

## What Happens After Setup

Once configured, the Slack user group remains continuously updated as the schedule evolves.

When a rotation hands off, an override is applied, or a nested schedule resolves to a different user, Rootly automatically updates the Slack user group membership. No manual intervention is required.

If the Slack user group is mentioned in any Slack message, Slack will notify the current on-call responder immediately.

<Note>
  Overrides are fully supported.\
  If an override changes who is on call, the Slack user group is updated automatically to reflect that change.
</Note>

***

## Using One Slack User Group Across Multiple Schedules

You can associate the same Slack user group with multiple schedules.

This is useful if your organization wants a single user group—such as `@oncall`—that always represents *all* active on-call responders across different schedules. Rootly keeps the user group in sync across every schedule that references it, ensuring membership stays accurate even as individual schedules change.

If a schedule is removed from a Slack user group or switched to a different group, Rootly updates all affected schedules to prevent stale memberships.

***

## Best Practices

Slack user group sync works best when user emails are consistent between Rootly and Slack, schedules are connected to escalation policies, and overrides are used instead of editing rotations for short-term changes.

For critical paging paths, Slack user groups should complement—not replace—primary notification methods such as push notifications or phone calls. Slack is best used as a fast collaboration signal rather than the sole paging mechanism.

***

## Frequently Asked Questions (FAQs)

<AccordionGroup>
  <Accordion title="Does mentioning the Slack user group create an alert in Rootly?">
    No. Mentioning a Slack user group only triggers Slack’s built-in notification behavior.\
    Rootly ensures the correct user is a member of the group, but it does not create alerts or incidents from Slack mentions alone.
  </Accordion>

  <Accordion title="What happens if the on-call user doesn’t have a Slack account?">
    Rootly matches users to Slack accounts by email.\
    If no matching Slack user exists, Rootly cannot add that person to the user group, and the sync will fail for that shift.
  </Accordion>

  <Accordion title="Are nested schedules supported?">
    Yes.\
    If a parent schedule includes another schedule as a member, Rootly resolves the final on-call user and updates the Slack user group based on that resolved assignee.
  </Accordion>

  <Accordion title="Can I stop syncing without deleting the schedule?">
    Yes.\
    Simply remove the Slack user group from the schedule’s Notifications tab and save. The schedule remains intact, but Slack sync will stop.
  </Accordion>
</AccordionGroup>


# Live Demo
Source: https://docs.rootly.com/quick-start-guide

Get up and running with Rootly in about 15 minutes, from signing up to connecting Slack, configuring teams, and creating your first incident end to end.

## Watch the Demo

Get familiar with Rootly by watching our product demo:

<iframe title="Rootly Demo" />

## Up and Running in About 15 Minutes

This quick start path takes you from account setup to your first incident in just a few steps.

1. [**Sign up**](/signing-up)\
   Create your Rootly account and join your organization.

2. [**Connect Slack**](/integrating-with-slack)\
   Set up the Slack integration for your workspace, or connect your Slack user account if your organization has already configured Slack.

3. [**Create your first incident**](/incidents/creating-incidents/creating-incidents-via-slack)\
   Create a test incident to learn the basics, or follow the Slack-based flow to see how incident creation works in practice.

If you’re using the dashboard, **Create Test Incident** is the fastest way to walk through the incident workflow for the first time.

Depending on your organization’s setup, you may also see a guided onboarding flow after sign-up that walks you through these steps.

## What’s Next

Once you’ve completed the basics, continue exploring the documentation to configure Rootly for your team.

If you’re an admin or owner, a good next step is creating your first workflow to automate incident tasks and processes.

## Need Help?

Visit our [Help and Support](https://rootly.com/help) page for more resources and assistance.


# Configuring Process Steps
Source: https://docs.rootly.com/retrospectives/configuring-process-steps

Customize retrospective process steps in Rootly with titles, requirements, role assignments, due dates, and reminder configurations to standardize follow-ups.

Retrospective process steps define the work responders complete after an incident. Each process is made up of ordered steps that can be customized to match your organization’s retrospective workflow.

You can configure each step with:

* A title and description
* Required or optional completion
* A default owner based on an Incident Role
* A due date based on when the incident was resolved
* Slack and email reminders for the step owner

<Callout icon="circle-info">
  Each retrospective process must include at least one step. You cannot delete the last remaining step in a process.
</Callout>

<Frame>
  <img alt="Retrospective process step configuration" />
</Frame>

## Step Configuration Options

Each step can be configured in several ways to support your team’s process.

### Title and Description

Use the title and description fields to clearly define what the step is for and what responders are expected to complete.

### Required or Optional Steps

Steps can be either required or optional:

* **Required** — The step must be completed before the retrospective can be fully resolved
* **Optional** — The step can be skipped if it is not needed for that incident

Required steps still allow the due date to be adjusted if needed.

### Default Owner by Incident Role

You can assign a step to an **Incident Role** so the user holding that role on the incident becomes the default owner for the step.

This helps automatically route work to the right responder without needing to manually assign each step.

### Due Dates

Step due dates are calculated relative to when the incident is resolved.

Due dates are:

* Based on business days after the incident is resolved
* Calculated using the team’s timezone
* Adjusted to business hours between **8am and 6pm**
* Moved forward when they would otherwise fall on a weekend

You can use standard due date options or enter a custom number of business days.

### Reminder Notifications

Steps can send reminders to the assigned owner using:

* Slack
* Email

Reminders can be scheduled:

* Before the due date
* On the due date
* After the due date

For example, you might send a reminder 24 hours before a step is due, again on the due date, and another after it becomes overdue.

## Process Phases with Custom Statuses

If your workspace uses **Custom Statuses**, you can assign each step to a **Retrospective Status**. This allows steps to appear in different resolved phases, such as:

* Retrospective
* Follow-ups

This is useful when your retrospective workflow spans multiple phases after the incident has already been resolved.

## Legacy Process

If you want to recreate a simpler legacy-style retrospective flow, you can do so by combining mandatory retrospective preferences with a reduced set of process steps.

To configure this setup:

1. Navigate to **Retrospectives → Preferences**
2. Edit **When should the Retrospective be mandatory?**
3. Select all severities, incident types, or teams that should always require a retrospective
4. Navigate to **Retrospectives → Processes**
5. Open **Default Retrospective**

<Frame>
  <img alt="Retrospective preferences and mandatory configuration" />
</Frame>

6. Remove all steps except:
   * **Gather & Confirm Data**
   * **Write the Retrospective Document**

7. Save your changes

<Frame>
  <img alt="Default Retrospective process with only two steps remaining" />
</Frame>

This creates a lightweight two-step process that closely matches the earlier retrospective workflow.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What can I configure for each process step?" icon="sliders">
    Each step can include a title, description, required or optional behavior, a default owner based on an Incident Role, a due date, and reminder notifications. These settings let you tailor each step to match your team’s retrospective workflow.
  </Accordion>

  <Accordion title="How are step due dates calculated?" icon="clock">
    Due dates are based on business days after the incident is resolved. Rootly calculates them using the team’s timezone, keeps them within business hours, and skips weekends when determining the due date.
  </Accordion>

  <Accordion title="Who gets assigned to a step by default?" icon="user-tag">
    If a step is assigned to an Incident Role, the user holding that role on the incident becomes the default owner for the step. This helps automatically assign retrospective work to the right responder.
  </Accordion>

  <Accordion title="Can a step be optional?" icon="circle-question">
    Yes. Optional steps can be skipped when they are not needed for a particular incident. Required steps must be completed before the retrospective can be resolved.
  </Accordion>

  <Accordion title="Can I delete all steps from a process?" icon="triangle-exclamation">
    No. Every retrospective process must include at least one step. You can edit, reorder, or remove steps, but you cannot delete the last remaining step in the process.
  </Accordion>

  <Accordion title="What does the legacy process setup do?" icon="rotate-left">
    The legacy setup creates a simplified two-step workflow by keeping only the data-gathering and retrospective-document steps in the default process. This is useful if you want a lighter process that resembles earlier retrospective behavior.
  </Accordion>
</AccordionGroup>


# Configuring Retrospective Processes
Source: https://docs.rootly.com/retrospectives/configuring-retrospective-processes

Configure retrospective processes and preferences in Rootly to right-size follow-up work based on severity, incident type, team ownership, or custom conditions.

Retrospective processes let you control which follow-up steps are created for an incident. By creating different processes for different incident scenarios, you can scale your retrospective workflow based on severity, incident type, or team.

A retrospective process contains an ordered set of steps that guide responders through post-incident work, such as gathering details, writing the retrospective document, hosting a review meeting, and creating follow-up actions.

## Process Defaults

Every workspace includes a default retrospective process. No setup is required to begin using it.

If no custom process matches the incident by severity, incident type, or team, Rootly uses the default process automatically.

<Callout icon="circle-info">
  The default retrospective process is always available as a fallback and cannot be deleted.
</Callout>

The default process includes predefined steps that work for many teams out of the box. You can review and customize those steps in [Configuring Process Steps](/retrospectives/configuring-process-steps).

<Frame>
  <img alt="Default retrospective process" />
</Frame>

## Custom Processes

For more opinionated incident practices, you can create custom retrospective processes and apply them only to incidents that match specific conditions.

A custom process can be configured to apply based on:

* Severity
* Incident type
* Team

Rootly matches these conditions using **OR** logic. If an incident matches the severity, any incident type, or any team attached to the process, that process can be selected.

If multiple custom processes match the same incident, Rootly uses the most recently created matching process.

<Callout icon="triangle-exclamation">
  A custom process must have at least one condition. If no severity, incident type, or team is attached, the process is inactive and will not be used.
</Callout>

<Frame>
  <img alt="Custom retrospective process conditions" />
</Frame>

## Skip and Mandatory Preferences

In addition to choosing which process applies, you can also control whether a retrospective should be skipped or required for certain incidents.

Configure skip and mandatory rules under **Retrospectives → Preferences** or the equivalent area in your workspace.

These preferences use the same condition types:

* Severity
* Incident type
* Team

You can configure retrospectives to be:

* **Mandatory** — Responders cannot skip the retrospective for matching incidents
* **Auto-skipped** — The retrospective is skipped by default for matching incidents
* **Optional** — No mandatory or auto-skip rule applies, so responders can choose whether to skip the retrospective on a per-incident basis

If an incident matches both a mandatory rule and an auto-skip rule, **auto-skip takes precedence**.

> By default, responders can skip a retrospective from the bottom of the Retrospective tab. This option is not available when the retrospective is mandatory for that incident.

Auto-skipped retrospectives can still be resumed later by responders if follow-up work is needed.

## How Process Selection Works

When an incident is created or its status changes, Rootly evaluates the incident’s severity, incident types, and attached teams to determine which retrospective process should be used.

Rootly then:

* Selects the matching custom process, if one exists
* Falls back to the default process when no custom process matches
* Creates the steps for the selected process on the incident

Depending on your process configuration, steps can also include:

* Relative due dates
* Default assignees based on incident roles
* Required or skippable behavior
* Reminder notifications

If Custom Statuses are enabled, steps can also be organized by resolved phase, such as a retrospective phase and a follow-up phase.

## Example Configurations

### SEV1 Incident Example

A SEV1 incident might use a more rigorous retrospective process with steps such as:

* Gather information
* Hold retrospective meeting
* Peer review the generated document
* Publish the retrospective document

These steps can also include:

* Assigned owners based on incident role
* Relative due dates
* Reminder notifications

### SEV3 Incident Example

A SEV3 incident might use a lighter process with optional steps such as:

* Gather information
* Hold a self-facilitated team retrospective
* Capture lightweight follow-up actions only when needed

For lower-impact incidents, you can also configure the retrospective to be auto-skipped by default and resumed only when additional review is necessary.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What is a retrospective process?" icon="diagram-project">
    A retrospective process is a named set of ordered steps used to guide post-incident follow-up work. Each process can include its own steps, due dates, assignees, and reminders.
  </Accordion>

  <Accordion title="How does Rootly choose which process to use?" icon="shuffle">
    Rootly checks the conditions attached to each custom process and looks for matches based on severity, incident type, or team. If more than one custom process matches, the most recently created one is used. If none match, the default retrospective process is used.
  </Accordion>

  <Accordion title="What happens if a custom process has no conditions?" icon="triangle-exclamation">
    A custom process without any conditions is inactive. It will not be selected for any incident until at least one severity, incident type, or team condition is added.
  </Accordion>

  <Accordion title="What is the difference between process conditions and skip or mandatory preferences?" icon="circle-question">
    Process conditions determine which retrospective process and steps are used for an incident. Skip and mandatory preferences determine whether responders can skip the retrospective for incidents that match those rules.
  </Accordion>

  <Accordion title="Can responders skip a retrospective?" icon="forward">
    Yes, by default responders can skip a retrospective on an individual incident. However, if that incident matches a mandatory retrospective rule, the retrospective cannot be skipped.
  </Accordion>

  <Accordion title="Can an auto-skipped retrospective be brought back?" icon="rotate-left">
    Yes. Auto-skipped retrospectives can be resumed later if responders decide that follow-up work is still needed.
  </Accordion>
</AccordionGroup>


# Configuring Templates
Source: https://docs.rootly.com/retrospectives/configuring-templates

Create and manage retrospective templates in Rootly with dynamic content blocks and Liquid to pre-fill documents and apply the right template per incident.

## Overview

Retrospective templates let you define reusable document structures that Rootly pre-fills when a retrospective is created. Templates support Liquid for dynamic incident data, as well as special embedded components for timelines and follow-up action items.

Templates are applied through retrospective workflows, which means you can use workflow conditions to select different templates based on incident properties such as severity, team, or incident type.

***

## Create a Template

<Steps>
  <Step title="Navigate to Document Templates">
    Go to **Retrospectives → Document Templates** and click **New Template**.
  </Step>

  <Step title="Name the template">
    Give the template a descriptive name. Names must be unique within your team.

    <ParamField type="string">
      The display name for this template. Used when selecting a template in workflow actions and the retrospective editor.
    </ParamField>
  </Step>

  <Step title="Choose a format">
    <ParamField type="select">
      Controls how template content is interpreted and rendered.

      * **HTML** — for use with the Rootly rich-text retrospective editor and integrations that accept HTML (Confluence, Notion, Coda)
      * **Markdown** — for integrations that render Markdown natively (GitHub, linear, or custom pipelines)
    </ParamField>
  </Step>

  <Step title="Write the content">
    Add structure, static text, Liquid variables, and dynamic blocks. See [Liquid in Templates](#liquid-in-templates) and [Dynamic Content Blocks](#dynamic-content-blocks) below.

    <Note>
      Liquid syntax is validated when you save. If your template contains a Liquid error, Rootly will show the specific syntax error and prevent saving until it is fixed.
    </Note>
  </Step>

  <Step title="Set as default (optional)">
    <ParamField type="toggle">
      Marks this template as the default for the team. When a retrospective workflow action does not specify a template, the default template is used. Only one template can be the default at a time — enabling this on a new template automatically removes the default flag from the previous one.
    </ParamField>
  </Step>

  <Step title="Save">
    Click **Save**. The template is immediately available for selection in workflow actions and the retrospective editor.
  </Step>
</Steps>

<Warning>
  Every team must retain at least one template. Rootly prevents deletion of the last remaining template.
</Warning>

***

## Liquid in Templates

Templates support the full [Liquid](https://shopify.github.io/liquid/) templating language. Use `{{ variable }}` syntax to insert dynamic values and `{% %}` blocks for conditionals and loops.

All incident variables available in workflows are also available in templates. See [Incident Variables](/liquid/incident-variables) for the complete reference, or use the [Liquid Markup explorer](https://rootly.com/account/help/liquid-explorer) to browse variables interactively.

### Common patterns

**Pre-fill incident metadata**

```liquid theme={null}
# {{ incident.title }}

**Severity:** {{ incident.severity }}
**Status:** {{ incident.status }}
**Started:** {{ incident.started_at | date: "%B %d, %Y at %H:%M %Z" }}
**Resolved:** {{ incident.resolved_at | date: "%B %d, %Y at %H:%M %Z" }}
**Duration:** {{ incident.duration }}
```

**Conditional section by severity**

```liquid theme={null}
{% if incident.severity == "SEV1" or incident.severity == "SEV2" %}
## Executive Summary

This incident required escalation. Include a brief summary for leadership.
{% endif %}
```

**List responders**

```liquid theme={null}
## Response Team

{% if incident.commander %}
- **Incident Commander:** {{ incident.commander.name }}
{% endif %}
{% for responder in incident.responders %}
- {{ responder.name }}
{% endfor %}
```

**Fallback for optional fields**

```liquid theme={null}
**Jira ticket:** {{ incident.jira_issue_url | default: "None created" }}
```

<Tip>
  Variables resolve to the value at the time the retrospective is generated. If incident data changes after the retrospective is published, the document retains the original resolved values.
</Tip>

***

## Dynamic Content Blocks

In addition to Liquid, templates can include two special embedded components that render live data rather than static text.

### Timeline block

Inserts the incident's full timeline into the retrospective. The timeline renders as an interactive component and respects the timeline display settings on the retrospective (ascending or descending order, starred-only filter).

To insert a timeline block, use the `/timeline` slash command in the retrospective editor when building the template.

### Follow-ups block

Inserts the incident's action items (follow-ups) as an interactive list. You can configure the sort order of the follow-ups block:

<ParamField type="select">
  Controls the order in which follow-up action items appear in the rendered block.

  * **due\_date** — sorted by due date, earliest first
  * **status** — grouped by completion status
  * **priority** — sorted by priority level
</ParamField>

To insert a follow-ups block, use the `/followups` slash command in the retrospective editor when building the template.

<Tip>
  Dynamic blocks are particularly useful in templates because they always reflect the current state of the incident at publish or export time, without requiring any Liquid logic.
</Tip>

***

## Apply Templates with Workflows

Templates are applied through **Retrospective workflows**. The workflow runs when a retrospective is created or updated and uses the **Create Incident Retrospective** or **Update Incident Retrospective** action to populate the document from a template.

### Basic setup

1. Go to **Workflows** and create or open a **Retrospective** workflow.
2. Set the trigger to **Retrospective Created**.
3. Add a **Create Incident Retrospective** action.
4. In the action, select the template to apply.

<Note>
  The initial retrospective is created when the incident is resolved, not when it is mitigated. A workflow triggered by **Retrospective Created** will run at resolution time.
</Note>

### Conditional template selection

To apply different templates based on incident properties, create separate workflows with different run conditions — each pointing to a different template.

**Example: template per severity**

| Workflow              | Run condition    | Template              |
| --------------------- | ---------------- | --------------------- |
| SEV1 retrospective    | Severity is SEV1 | P1 deep-dive template |
| SEV2 retrospective    | Severity is SEV2 | Standard template     |
| Default retrospective | No conditions    | Lightweight template  |

Each workflow runs independently. The first whose run conditions match will apply its template. If you want exactly one template applied, ensure the conditions across workflows are mutually exclusive.

**Other useful condition fields:**

* **Team** — apply a team-specific template for teams with different retrospective processes
* **Incident type** — use a security-focused template for security incidents
* **Services** — apply a template tailored to a critical service

***

## Apply Templates Through Integrations

You can also use retrospective templates when pushing documentation to external tools. In the workflow action for the relevant integration, select a template to structure the generated document.

Supported integrations:

* [Confluence](/integrations/confluence)
* [Google Docs](/integrations/google-docs)
* [Notion](/integrations/notion)
* [Coda](/integrations/coda)

***

## Default Template

One template can be marked as the default for the team. The default template is used when:

* A retrospective workflow action does not specify a template explicitly
* A user generates a retrospective from the UI without selecting a template

Only one template can be the default at a time. Setting a new default automatically clears the default flag from the previous one. If the default template is deleted, Rootly promotes the most recently updated remaining template to default.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="When does Rootly generate a retrospective from a template?" icon="clock">
    A retrospective workflow with the **Retrospective Created** trigger runs when the incident is resolved. That is when the initial retrospective is created and the template is applied.
  </Accordion>

  <Accordion title="Can I have different templates for different incidents?" icon="shuffle">
    Yes. Create separate retrospective workflows with different run conditions — one per template. Use conditions on severity, team, incident type, or any other incident field to route each incident to the right template.
  </Accordion>

  <Accordion title="What happens if my Liquid has a syntax error?" icon="triangle-exclamation">
    Rootly validates Liquid syntax when you save the template. If a syntax error is found, the save is blocked and the error message identifies the specific issue. Fix the syntax and save again.
  </Accordion>

  <Accordion title="Can I use templates with external integrations?" icon="plug">
    Yes. Workflow actions for Confluence, Google Docs, Notion, and Coda support selecting a retrospective template to pre-fill the created document.
  </Accordion>

  <Accordion title="What is the minimum number of templates I must keep?" icon="circle-info">
    At least one. Rootly prevents deletion of the last remaining template for a team.
  </Accordion>

  <Accordion title="What formats are supported?" icon="file">
    HTML and Markdown. Use HTML for the Rootly editor and most integrations. Use Markdown when your target integration renders Markdown natively or when you need plain-text portability.
  </Accordion>
</AccordionGroup>


# Retrospectives
Source: https://docs.rootly.com/retrospectives/postmortems

Use retrospective processes, steps, templates, and workflows to standardize post-incident follow-up and right-size documentation across incidents.

Retrospectives help teams capture what happened during an incident, identify contributing factors, and track the follow-up work needed to reduce repeat issues.

In Rootly, retrospectives can be customized to right-size follow-up work based on the incident. You can define which retrospective process applies, which steps are created, when a retrospective is required or skipped, how the retrospective document is generated, and which workflows run when the retrospective is created or updated.

<Callout icon="circle-info">
  Rootly uses the term <strong>Retrospective</strong> throughout the product, but some older workflows, variables, or integrations may still reference <strong>postmortem</strong>. Existing links and variables continue to work for backward compatibility.
</Callout>

## How Retrospectives Work

A retrospective in Rootly is made up of several configurable parts:

* **Processes** determine which retrospective flow applies to an incident
* **Steps** define the work that responders complete
* **Preferences** control when retrospectives are skipped or mandatory
* **Templates** define the structure of the retrospective document
* **Workflows** automate retrospective creation, updates, notifications, and external document generation

This allows teams to right-size follow-up work based on the incident’s severity, type, team, or lifecycle phase.

## Retrospective Processes

Retrospective processes define which follow-up flow should be used for an incident.

Each process can be configured to apply based on:

* Severity
* Incident type
* Team

If no custom process matches, Rootly falls back to the default retrospective process.

Every workspace includes a **Default Retrospective** process, which acts as the fallback and cannot be deleted.

A custom process must have at least one condition to be used. If no severity, incident type, or team is attached, the process remains inactive.

## Retrospective Steps

Each retrospective process contains ordered steps that guide responders through post-incident work.

Steps can be configured with:

* A title and description
* Required or optional completion
* A default owner based on an Incident Role
* Due dates relative to incident resolution
* Slack and email reminders

Common steps include:

* Gather and confirm data
* Write the retrospective document
* Host a retrospective meeting
* Create follow-up action items
* Share the finalized retrospective

If your workspace uses Custom Statuses, steps can also be assigned to different retrospective phases, such as a retrospective phase and a follow-up phase.

## Skip and Mandatory Preferences

Retrospective preferences control when retrospectives should be skipped or required.

You can configure rules based on:

* Severity
* Incident type
* Team

This lets you make retrospectives:

* **Mandatory** for high-impact incidents
* **Auto-skipped** for lower-impact incidents
* **Optional** when no mandatory or auto-skip rule applies

By default, responders can skip a retrospective on an incident unless that retrospective is marked as mandatory. Auto-skipped retrospectives can still be resumed later using **Resume retrospective** on the incident if additional follow-up is needed.

## Retrospective Templates

Retrospective templates define the content and structure of the retrospective document.

Templates can be used to standardize sections such as:

* Summary
* Timeline
* Impact
* Root cause
* Follow-up actions

You can create and manage templates under **Retrospectives → Document Templates**.

Templates support Liquid, which allows you to dynamically insert incident and retrospective data into the document. One template can also be marked as the default.

Additional resources:

* [Incident Variables](/liquid/incident-variables)
* [Configuring Templates](/retrospectives/configuring-templates)

## Workflow Triggers and Automation

Rootly supports retrospective-specific workflows that run when a retrospective is created or updated.

Available triggers include:

* **Retrospective Created**
* **Retrospective Updated**

These workflows can be used to:

* Create or update the in-Rootly retrospective
* Generate external documents in tools like Confluence or Google Docs
* Send notifications when the retrospective changes
* Apply different actions based on incident or retrospective conditions

The initial retrospective is created when the incident is resolved. Retrospective workflows can then run when that retrospective is created or later updated.

<Callout icon="triangle-exclamation">
  Older workflows may still use task names such as <strong>Create Incident Postmortem</strong> or <strong>Edit Postmortem</strong>. These names do not update automatically. To use the newer wording, edit the workflow task name or remove and re-add the task.
</Callout>

## Retrospective Variables

In workflows, notifications, and Liquid-based templates, Rootly supports retrospective variables for linking to or referencing the retrospective.

Common variables include:

* `incident.retrospective_id`
* `incident.retrospective_url`
* `incident.retrospective_short_url`
* `incident.retrospective_progress_status`

Legacy equivalents are also supported:

* `incident.postmortem_id`
* `incident.postmortem_url`
* `incident.postmortem_short_url`

For new templates and workflows, use the `retrospective_*` versions where possible.

Old links that use `postmortem` in the path continue to work and automatically redirect to the current retrospective URL.

## Retrospective Progress Status

Retrospectives move through a progress lifecycle as responders complete the work.

Common statuses include:

* **Not started**
* **Active**
* **Completed**
* **Skipped**

Use `incident.retrospective_progress_status` in workflows, notifications, and Liquid-based templates to reference the current progress state of the retrospective.

## Related Pages

* [Configuring Retrospective Processes](/retrospectives/configuring-retrospective-processes)
* [Configuring Process Steps](/retrospectives/configuring-process-steps)
* [Configuring Templates](/retrospectives/configuring-templates)

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What is included in a retrospective?" icon="circle-question">
    A retrospective can include a process, a set of steps, a document template, workflow automation, and preference rules that determine whether the retrospective is required, optional, or skipped. Together, these settings define how post-incident follow-up is managed in Rootly.
  </Accordion>

  <Accordion title="When is a retrospective created?" icon="clock">
    The initial retrospective is created when an incident is resolved. After that, retrospective workflows can run when the retrospective is created or updated.
  </Accordion>

  <Accordion title="How does Rootly decide which retrospective process to use?" icon="shuffle">
    Rootly checks the conditions attached to custom retrospective processes and looks for matches based on severity, incident type, or team. If none match, the default retrospective process is used.
  </Accordion>

  <Accordion title="Can a retrospective be skipped?" icon="forward">
    Yes. By default, responders can skip a retrospective unless it is mandatory for that incident. Retrospectives can also be auto-skipped based on configured rules, and auto-skipped retrospectives can be resumed later if needed.
  </Accordion>

  <Accordion title="What is the difference between processes, steps, and templates?" icon="diagram-project">
    Processes determine which retrospective flow applies to an incident. Steps define the tasks responders complete as part of that flow. Templates define the structure and content of the retrospective document itself.
  </Accordion>

  <Accordion title="Why do I still see postmortem in some places?" icon="rotate-left">
    Some older workflows, variables, integrations, or task names may still use the older postmortem terminology. Rootly continues to support these references for backward compatibility, but new documentation and configuration should use retrospective terminology.
  </Accordion>
</AccordionGroup>


# Overview
Source: https://docs.rootly.com/retrospectives/retrospectives

Learn how Rootly helps you scale retrospectives with flexible processes, right-sized steps, real-time co-authoring, and built-in automation for follow-ups.

Retrospectives are a critical part of a strong incident management practice. They create space for learning, help teams improve how they respond, and reinforce a culture of reliability over time. Not every incident needs the same level of follow-up, though, which is why Rootly is built to support a more flexible approach.

Rootly helps you right-size the retrospective process by letting you define multiple retrospective processes and choose when each one should apply. You can tailor retrospectives based on factors like severity, incident type, or team, so each incident gets the level of follow-up it actually needs.

<Callout icon="circle-info">
  Rootly uses a default retrospective process as a fallback when no custom process matches an incident.
</Callout>

Each retrospective process includes its own ordered steps. These steps can be used to guide responders through common follow-up work such as gathering data, writing the retrospective document, hosting a review meeting, creating action items, and sharing the final report.

Retrospectives can also be configured to be optional, mandatory, or skipped for specific teams, severities, or incident types. This gives organizations more control over when a full retrospective is required and helps reduce unnecessary process overhead for lower-impact incidents.

<Callout icon="sliders">
  A retrospective process without any conditions is inactive and will not be used until conditions are added.
</Callout>

When an incident is created or updated, Rootly evaluates the configured conditions and selects the retrospective process that applies. If multiple custom processes match, Rootly uses the most recently created matching process. Once selected, the process steps are created on the incident and can include due dates, assignees, and notifications.

When Custom Statuses are enabled, retrospective steps can also be organized by resolved phase, such as a retrospective phase and a follow-up phase. This makes it possible to right-size the process not just by incident context, but also by where the incident is in its post-resolution lifecycle.

Learn more in the video below.

<iframe />

## How It Works

Rootly uses retrospective processes to determine which follow-up steps should be created for an incident.

A retrospective process can include:

* Ordered steps
* Due dates
* Assignees based on incident roles
* Required or skippable steps
* Reminder notifications

Each process can be configured to apply based on:

* Severity
* Incident type
* Team

If no custom process matches an incident, Rootly uses the default retrospective process.

## Default Retrospective Process

Every workspace includes a default retrospective process. This process acts as the fallback when no other process matches the incident.

The default process includes a best-practice set of steps, such as:

* Gather and confirm data
* Write the retrospective document
* Host a retrospective meeting
* Create follow-up action items
* Share the finalized retrospective

You can customize these steps, reorder them, and create additional retrospective processes for different incident scenarios.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What is a retrospective process?" icon="diagram-project">
    A retrospective process is a named set of follow-up steps used after an incident. Each process can include its own step order, due dates, assignees, and notifications, which allows teams to standardize how they complete retrospective work.
  </Accordion>

  <Accordion title="How does Rootly decide which retrospective process to use?" icon="shuffle">
    Rootly evaluates the conditions attached to each retrospective process when an incident is created or updated. A process can match based on team, severity, or incident type. If more than one custom process matches, Rootly uses the most recently created matching process. If none match, the default retrospective process is used.
  </Accordion>

  <Accordion title="Can retrospectives be optional, mandatory, or skipped?" icon="circle-question">
    Yes. Rootly allows you to configure retrospective behavior based on incident context. Depending on your setup, a retrospective can be required, optional, or automatically skipped for certain teams, severities, or incident types.
  </Accordion>

  <Accordion title="What can a retrospective step include?" icon="list-check">
    A retrospective step can include a due date, a default assignee, reminder notifications, and whether the step is required or skippable. Steps can also be tied to specific incident roles so the right responder is assigned automatically.
  </Accordion>

  <Accordion title="What happens if a process has no conditions?" icon="triangle-exclamation">
    A retrospective process without any conditions is inactive. Rootly will not use it until at least one condition is added, such as a team, severity, or incident type.
  </Accordion>

  <Accordion title="Can retrospective steps be organized by phase?" icon="layer-group">
    Yes. When Custom Statuses are enabled, retrospective steps can be grouped by resolved phase. This allows teams to separate work into stages such as retrospective review and follow-up actions.
  </Accordion>
</AccordionGroup>


# Signing Up
Source: https://docs.rootly.com/signing-up

Create a Rootly account or accept an invitation from your organization to get started with incident management, on-call scheduling, and integrations.

To start using Rootly, create an account or accept the invitation your organization sent you.

You can sign up with:

* Google
* Slack
* SSO
* Email and password

<img alt="Rootly sign up options" title="Rootly sign up" />

If your company has already invited you to Rootly, use the link in that invitation email to join your organization.

<Callout icon="shield-check">
  If your email domain is configured for SSO, Rootly will redirect you to your organization’s sign-in page instead of showing the standard sign-up flow.
</Callout>

## Sign Up with Email and Password

If you choose to create an account with email and password, enter your details and create a password that meets Rootly’s requirements.

Passwords must be at least **10 characters** and include:

* One lowercase letter
* One uppercase letter
* One digit
* One special character

Then:

1. Check the box to accept the [**Terms of Service**](https://rootly.com/terms) and [**Privacy Policy**](https://rootly.com/privacy)
2. Click **Sign Up**

## Already Invited?

If your company sent you an invitation, open the email and follow the link to complete setup. Depending on your organization’s configuration, you may finish joining with Google, Slack, SSO, or by creating a password.

## Already Have an Account?

If you already have a Rootly account, use **Sign in** instead of creating a new one.

Once you finish signing up, you’re ready to start using Rootly.


# User Profile
Source: https://docs.rootly.com/user-profile

Manage your Rootly account settings, contact details, notification preferences, linked accounts, and subscriptions from your personal user profile page.

Your user profile is where you manage your personal account settings in Rootly. This includes your contact information, notification preferences, password settings, linked accounts, and subscriptions.

## Access Your User Profile

You can open your user profile in either of these ways:

* From the Dashboard, click your **profile photo** next to the greeting
* From the left sidebar, open **Configuration** and select one of your account settings pages, such as **My Information**

<Frame>
  <img alt="Profile photo entry point from the dashboard" />
</Frame>

From your profile, you can manage the following areas:

<Check>
  * **My Information**
    * Update your personal details, contact information, and account preferences
  * **Reset Password**
    * Change your password if your organization does not use SSO
  * **Notifications**
    * Manage your incident and on-call notification settings
  * **Linked Accounts**
    * View connected accounts such as Slack or Mattermost
  * **Subscriptions**
    * Manage broadcast group subscriptions and communication preferences
</Check>

## My Information

The **My Information** section is where you manage your personal and account details.

This section includes settings such as:

* Name and profile photo
* Email addresses
* Phone numbers
* Mobile devices
* Time zone
* Theme and other account preferences

<Frame>
  <img alt="My Information settings in the user profile" />
</Frame>

## Reset Password

Use **Reset Password** to change your current password.

To update your password, enter your current password and your new password, then save your changes.

If your organization uses **SSO**, this section is not available for password changes. In that case, your password is managed by your identity provider.

<Frame>
  <img alt="Reset Password section in the user profile" />
</Frame>

## Notifications

Use the **Notifications** section to control how Rootly contacts you.

Depending on your plan and permissions, this section may include:

* **Incident Notifications** for email, Slack, and related incident updates
* **On-Call Notifications** for paging and on-call delivery settings

If you have access to on-call features, you may also be able to send test notifications to verify your setup.

<Frame>
  <img alt="Notifications settings in the user profile" />
</Frame>

## Linked Accounts

The **Linked Accounts** section shows chat accounts connected to your profile, such as **Slack** or **Mattermost**.

This section is available only when your organization has those integrations enabled.

<Frame>
  <img alt="Linked Accounts section in the user profile" />
</Frame>

## Subscriptions

In **Subscriptions**, you can manage your **broadcast groups** and choose which communications you want to receive.

This section is available when your organization has **Incident Communications** enabled.

Use it to control which updates and communication groups you are subscribed to.

<Frame>
  <img alt="Subscriptions section in the user profile" />
</Frame>

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="How do I open my user profile?" icon="circle-question">
    You can open your user profile by clicking your profile photo from the Dashboard or by opening <strong>Configuration</strong> in the left sidebar and selecting one of your account settings pages.
  </Accordion>

  <Accordion title="Why can’t I change my password?" icon="lock">
    If your organization uses SSO, your password is managed by your identity provider instead of Rootly. In that case, the Reset Password section will not allow password changes.
  </Accordion>

  <Accordion title="What is included in My Information?" icon="id-card">
    My Information includes your personal and account settings, such as your name, profile photo, email addresses, phone numbers, mobile devices, time zone, and other account preferences.
  </Accordion>

  <Accordion title="Why do I see both Incident Notifications and On-Call Notifications?" icon="bell">
    If you have access to on-call features, Rootly may show both notification types. Incident Notifications control general incident updates, while On-Call Notifications are used for paging and on-call delivery settings.
  </Accordion>

  <Accordion title="Why don’t I see Linked Accounts or Subscriptions?" icon="eye">
    These sections appear only when the related features are enabled for your organization. Linked Accounts depends on chat integrations such as Slack or Mattermost, and Subscriptions depends on Incident Communications being enabled.
  </Accordion>
</AccordionGroup>


# Action Item Workflows
Source: https://docs.rootly.com/workflows/action-item-workflows

Automate follow-up and remediation work by triggering workflows on action item changes—keeping tickets, owners, and notifications in sync across systems.

## Overview

**Action item workflows** automate what happens after work is identified—whether that work comes from an incident, a retrospective, or ongoing operational reviews. In Rootly, action items are first-class objects tied to incidents, and workflows can react whenever those action items are created, updated, assigned, or completed.

These workflows are especially useful for eliminating manual handoffs. Instead of relying on responders to remember to open Jira tickets, assign owners, or notify teams, you can encode those rules once and let Rootly enforce them consistently.

Common use cases include:

* Automatically creating or updating Jira (or other ticketing) issues when an action item is created or completed
* Assigning tickets based on the user or team assigned to the Rootly action item
* Notifying teams or owners when work is assigned, completed, or overdue

<Note>
  Action item workflows are triggered by **action item events**, not incident events. However, you can still use **incident properties as run conditions** (such as severity, services, or teams) to precisely control when the workflow should execute.
</Note>

***

## Supported Triggers

Action item workflows support the following trigger events:

* **Action Item Created** (`action_item_created`)
* **Action Item Updated** (`action_item_updated`) – catch-all trigger
* **Assigned User Updated** (`assigned_user_updated`)
* **Summary Updated** (`summary_updated`)
* **Description Updated** (`description_updated`)
* **Status Updated** (`status_updated`)
* **Priority Updated** (`priority_updated`)
* **Due Date Updated** (`due_date_updated`)
* **Teams Updated** (`teams_updated`)
* **Incident Updated** (`incident_updated`)
* **Slack Command** (`slack_command`)

<Warning>
  ### Catch-all trigger behavior

  `Action Item Updated` is a catch-all trigger that fires for *any* change to the action item. Do not combine it with more specific field-level triggers (such as Status Updated or Priority Updated), or the workflow may fire more often than intended.
</Warning>

***

## Create an Action Item Workflow

### Step 1: Start a new workflow

Navigate to:

**Workflows → Create Workflow → Action Item**

<Frame>
  <img alt="" />
</Frame>

***

### Step 2: Choose trigger event(s)

Select the action item events that should initiate the workflow.

In the example below, the workflow starts when a **new action item is created**:

<Frame>
  <img alt="" />
</Frame>

You can also include a **Slack Command** trigger if you want the workflow to be runnable manually.

***

### Step 3: Define run conditions

Action item workflows can evaluate **both action item properties and incident properties**. This allows you to build rules like:

* “Only create tickets for high-priority action items”
* “Only notify teams when the parent incident was SEV0 or SEV1”

<Frame>
  <img alt="" />
</Frame>

#### Action item fields

The following action item fields can be used in conditions:

**Type**

* Values: `task`, `follow_up`
* Useful for separating remediation work from informational follow-ups

**Status**

* Values: `open`, `in_progress`, `done`, `cancelled`
* Commonly used to trigger workflows when work is completed

<Note>
  In an action item workflow, “status” always refers to the **action item status**, not the incident status.
</Note>

**Priority**

* Values: `high`, `medium`, `low`
* Often used to restrict automation to higher-impact follow-ups

<Note>
  Action item priority is distinct from incident severity. They are separate fields and should not be conflated.
</Note>

**Team**

* Represents the team (group) the action item is assigned to
* This is independent of the incident’s team assignment

<Note>
  An incident can belong to one team while its action items are owned by another. Action item workflows evaluate the **action item’s assigned teams**, not the incident’s.
</Note>

***

### Step 4: Use incident conditions (optional)

Because action items are tied to incidents, you can further narrow execution using incident properties such as:

* Incident severity
* Impacted services
* Incident teams
* Custom incident fields

<Frame>
  <img alt="" />
</Frame>

For details on operators and condition logic, see: [Condition Checks](/workflows/workflows).

***

### Step 5: Configure actions

Once the workflow passes all conditions, its actions are executed. Available actions depend on your integrations, but action item workflows commonly include:

* Ticketing actions (create or update Jira, Linear, Shortcut, Asana, ClickUp, and more)
* Messaging actions (send Slack or Microsoft Teams messages)
* Rootly actions (create or update action items, add timeline entries)
* Notifications (email, SMS, or phone where configured)

<Frame>
  <img alt="" />
</Frame>

<Warning>
  By default, a failing action halts the workflow. Enable **Skip on Failure** on non-critical actions to allow the workflow to continue even if one step fails.
</Warning>

***

## Best Practices

Action item workflows are most effective when they reinforce ownership and accountability without creating noise.

* **Trigger on meaningful changes.** Status transitions (for example, to `done`) are usually better triggers than generic updates.
* **Use priority as a gate.** Many teams only want automation for high-impact action items.
* **Let Rootly be the source of truth.** Use the action item as the canonical object and sync outward to ticketing systems, not the other way around.
* **Avoid catch-all triggers unless necessary.** `Action Item Updated` should almost always be paired with strict run conditions.
* **Create ownership explicitly.** When creating tickets, assign owners and due dates automatically so work does not stall.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can action item workflows run automatically and manually?">
    Yes. They can run automatically based on action item events and can also be triggered manually using a Slack command if that trigger is enabled.
  </Accordion>

  <Accordion title="Can I condition an action item workflow on incident severity or service?">
    Yes. Action item workflows can evaluate both action item fields and incident fields, allowing very precise control over when the workflow runs.
  </Accordion>

  <Accordion title="Why did my workflow run more than once?">
    This is usually caused by using the catch-all `Action Item Updated` trigger without restrictive run conditions. Narrow the workflow using specific triggers or conditions such as status or priority.
  </Accordion>

  <Accordion title="Does changing a Jira ticket trigger an action item workflow?">
    No. Action item workflows are triggered by changes inside Rootly. Updates in external tools only trigger workflows if they sync back and modify the Rootly action item.
  </Accordion>
</AccordionGroup>

***

Need help designing reliable follow-up automation? Contact your Rootly onboarding representative or email **[support@rootly.com](mailto:support@rootly.com)**.


# Workflow Actions Reference
Source: https://docs.rootly.com/workflows/actions-reference

Complete reference for all 144 Rootly workflow action types grouped by category, including Slack, Jira, on-call, AI, integrations, and incident operations.

Workflow actions are the individual steps that execute when a workflow runs. Each action connects to a specific integration or Rootly capability. This page lists every available action grouped by category.

<Info>
  Many text fields support [Liquid templating](/liquid/liquid) for dynamic values drawn from incident, alert, or on-call context. Selector fields (dropdowns, user pickers, etc.) do not accept Liquid.
</Info>

<Note>
  Available actions depend on your enabled integrations and the workflow type (incident, alert, on-call, etc.). Actions for integrations that are not connected will not appear when building a workflow.
</Note>

<Tip>
  The **Key fields** column lists internal field names as they appear in the API and workflow schema. Labels in the UI may differ slightly (for example, `workspace` appears as **Workspace** in the form).
</Tip>

***

## Slack

| Action                                          | Description                                                                                                                          | Key fields                                                               |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ |
| **Add Slack Bookmark**                          | Add a bookmark to the incident Slack channel                                                                                         | `channel`, `name`, `link`, `emoji`                                       |
| **Archive Slack Channel**                       | Archive the incident Slack channel                                                                                                   | `channels`, `name`                                                       |
| **Change Slack Channel Privacy**                | Change a Slack channel's privacy setting                                                                                             | `channel`, `privacy`                                                     |
| **Create Slack Channel**                        | Create a Slack channel for the incident                                                                                              | `name`, `private`, `workspace`                                           |
| **Invite Rootly On-Call to Slack Channel**      | Invite users to the channel based on a Rootly target — on-call from a schedule, escalation policy, service, team, or individual user | `channel`, `escalation_policy`, `service`, `team`, `user`, `schedule`    |
| **Invite On-Call to Slack Channel (PagerDuty)** | Invite the PagerDuty on-call user to the channel                                                                                     | `channel`, `escalation_policy`, `schedule`, `service`                    |
| **Invite On-Call to Slack Channel (Opsgenie)**  | Invite the Opsgenie on-call user to the channel                                                                                      | `channel`                                                                |
| **Invite On-Call to Slack Channel (VictorOps)** | Invite the VictorOps on-call user to the channel                                                                                     | `channel`                                                                |
| **Invite Users to Slack Channel**               | Invite specific users or user groups to a channel                                                                                    | `channel`, `slack_users`, `slack_user_groups`, `slack_emails`            |
| **Rename Slack Channel**                        | Rename a Slack channel                                                                                                               | `channel`, `title`                                                       |
| **Send Slack Blocks**                           | Send a rich interactive Block Kit message to a Slack channel                                                                         | `channels`, `blocks`, `attachments`, `broadcast_thread_reply_to_channel` |
| **Send Slack Message**                          | Send a plain or formatted message to a Slack channel                                                                                 | `channels`, `color`, `actionables`, `broadcast_thread_reply_to_channel`  |
| **Send Slack Reminder**                         | Send a recurring reminder with snooze and pause buttons                                                                              | `channels`, `message`, `interval`                                        |
| **Update Slack Channel Topic**                  | Update the topic of a Slack channel                                                                                                  | `channel`, `topic`                                                       |

***

## Microsoft Teams

| Action                                      | Description                                       | Key fields                                                                                |
| ------------------------------------------- | ------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **Add Microsoft Teams Chat Tab**            | Add a tab to a Teams chat                         | `chat`, `title`, `link`                                                                   |
| **Add Microsoft Teams Tab**                 | Add a tab to the incident Teams channel           | `channel`, `title`, `link`                                                                |
| **Archive Microsoft Teams Channel**         | Archive the incident Teams channel                | `channels`, `team`                                                                        |
| **Create Microsoft Teams Channel**          | Create a Teams channel for the incident           | `name`, `title`, `team`                                                                   |
| **Create Microsoft Teams Chat**             | Create a Teams group or one-on-one chat           | `chat_type`, `members`, `topic`                                                           |
| **Create Microsoft Teams Meeting**          | Create a Teams meeting link                       | `record_meeting`, `recording_mode`, `post_to_incident_timeline`, `post_to_slack_channels` |
| **Invite Users to Microsoft Teams Channel** | Invite users to a private Teams channel           | `channel`, `team`, `emails`                                                               |
| **Rename Microsoft Teams Channel**          | Rename a Teams channel                            | `channel`, `team`, `title`                                                                |
| **Send Microsoft Teams Attachments**        | Send a rich attachment message to a Teams channel | `channels`, `attachments`                                                                 |
| **Send Microsoft Teams Chat Message**       | Send a message to a Teams chat                    | `chats`, `text`                                                                           |
| **Send Microsoft Teams Message**            | Send a message to a Teams channel                 | `channels`, `text`                                                                        |

***

## Incident Management

| Action                               | Description                                          | Key fields                                                                          |
| ------------------------------------ | ---------------------------------------------------- | ----------------------------------------------------------------------------------- |
| **Add Action Item**                  | Create a task or follow-up on the incident           | `kind`, `summary`, `description`, `assignee`                                        |
| **Add Incident Role**                | Assign a user to an incident role                    | `role`, `user`                                                                      |
| **Add Team**                         | Set the team on the incident                         | `group_id`                                                                          |
| **Add to Timeline**                  | Add a custom event to the incident timeline          | `event`, `url`                                                                      |
| **Create Incident**                  | Create a new incident                                | `custom_fields_mapping`                                                             |
| **Create Incident Retrospective**    | Create a Rootly retrospective for the incident       | `incident_id`                                                                       |
| **Create Sub Incident**              | Create a sub-incident linked to the current incident | `incident_id`, `sync_info`                                                          |
| **Create ServiceNow Incident**       | Create a ServiceNow ticket for the incident          | `description`, `status`, `custom_fields_mapping`, `acts_as_user`                    |
| **Update Action Item**               | Update an existing action item                       | `kind`, `summary`, `description`, `attribute_to_query_by`                           |
| **Update Incident**                  | Update fields on the incident                        | `custom_fields_mapping`, `attribute_to_query_by`, `acknowledged_at`, `mitigated_at` |
| **Update Incident Retrospective**    | Update the incident's retrospective                  | `postmortem_id`                                                                     |
| **Update Incident Status**           | Update incident status after a period of inactivity  | `inactivity_timeout`, `message`                                                     |
| **Update Incident Status Timestamp** | Update a lifecycle timestamp on the incident         | `status`, `timestamp`                                                               |
| **Update ServiceNow Incident**       | Update an existing ServiceNow ticket                 | `incident_id`, `description`, `status`, `custom_fields_mapping`, `acts_as_user`     |

***

## On-Call & Paging

| Action                              | Description                                               | Key fields                                                                                 |
| ----------------------------------- | --------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
| **Auto Assign Role (Rootly)**       | Assign an incident role from a Rootly on-call rotation    | `escalation_target`, `incident_role_id`                                                    |
| **Auto Assign Role (PagerDuty)**    | Assign an incident role from a PagerDuty on-call rotation | `incident_role_id`, `escalation_policy`, `schedule`, `service`                             |
| **Auto Assign Role (Opsgenie)**     | Assign an incident role from an Opsgenie on-call rotation | `incident_role_id`                                                                         |
| **Auto Assign Role (VictorOps)**    | Assign an incident role from a VictorOps on-call rotation | `incident_role_id`                                                                         |
| **Page Rootly On-Call**             | Page a Rootly on-call escalation target                   | `escalation_target`, `title`, `description`                                                |
| **Page PagerDuty On-Call**          | Page a PagerDuty on-call rotation                         | `service`, `escalation_policies`, `message`, `priority`, `create_new_incident_on_conflict` |
| **Page Opsgenie On-Call**           | Page an Opsgenie on-call rotation                         | `title`, `message`, `description`                                                          |
| **Page VictorOps On-Call**          | Page a VictorOps on-call rotation                         | `title`                                                                                    |
| **Page JSM Ops On-Call**            | Page a Jira Service Management on-call rotation           | `title`, `message`, `description`                                                          |
| **Create PagerTree Incident**       | Create a PagerTree incident to trigger paging             | `title`, `description`                                                                     |
| **Create PagerDuty Status Update**  | Post a status update to an existing PagerDuty incident    | `pagerduty_incident_id`, `message`                                                         |
| **Update PagerDuty Incident**       | Update an existing PagerDuty incident                     | `pagerduty_incident_id`, `title`, `priority`, `resolution`                                 |
| **Update PagerTree Incident**       | Update an existing PagerTree incident                     | `pagertree_alert_id`                                                                       |
| **Publish Incident to Status Page** | Publish the incident to a status page                     | `status_page`, `status_page_template`, `public_title`, `status`, `event`                   |

***

## Project Management

| Action                          | Description                                     | Key fields                                                                                                 |
| ------------------------------- | ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **Create Jira Issue**           | Create a Jira ticket for the incident           | `project`, `issue_type`, `description`, `labels`, `due_date`, `assign_user_email`, `custom_fields_mapping` |
| **Create Jira Subtask**         | Create a subtask under an existing Jira ticket  | `parent_issue_id`, `description`, `labels`, `due_date`, `assign_user_email`, `custom_fields_mapping`       |
| **Update Jira Issue**           | Update an existing Jira ticket                  | `issue_id`, `description`, `labels`, `due_date`, `assign_user_email`, `custom_fields_mapping`              |
| **Create Linear Issue**         | Create a Linear issue for the incident          | `title`, `description`, `priority`, `assign_user_email`                                                    |
| **Create Linear Subtask**       | Create a subtask under an existing Linear issue | `parent_issue_id`, `title`, `description`, `priority`, `assign_user_email`                                 |
| **Create Linear Issue Comment** | Add a comment to a Linear issue                 | `issue_id`, `body`                                                                                         |
| **Update Linear Issue**         | Update an existing Linear issue                 | `issue_id`, `description`, `priority`, `assign_user_email`                                                 |
| **Create Asana Task**           | Create an Asana task for the incident           | `due_date`, `labels`, `assign_user_email`, `custom_fields_mapping`                                         |
| **Create Asana Subtask**        | Create a subtask under an existing Asana task   | `parent_task_id`, `due_date`, `assign_user_email`, `custom_fields_mapping`                                 |
| **Update Asana Task**           | Update an existing Asana task                   | `task_id`, `due_date`, `completion`, `assign_user_email`, `custom_fields_mapping`                          |
| **Create ClickUp Task**         | Create a ClickUp task for the incident          | `description`, `due_date`, `tags`, `parent_task_id`, `custom_fields_mapping`                               |
| **Update ClickUp Task**         | Update an existing ClickUp task                 | `task_id`, `description`, `due_date`, `completion`, `custom_fields_mapping`                                |
| **Create Shortcut Story**       | Create a Shortcut story for the incident        | `description`, `due_date`, `labels`, `group`                                                               |
| **Create Shortcut Task**        | Create a task under an existing Shortcut story  | `parent_story_id`, `description`                                                                           |
| **Update Shortcut Story**       | Update an existing Shortcut story               | `story_id`, `description`, `due_date`, `labels`                                                            |
| **Update Shortcut Task**        | Update an existing Shortcut task                | `task_id`, `parent_story_id`, `description`, `completion`                                                  |
| **Create Trello Card**          | Create a Trello card for the incident           | `board`, `list`, `description`, `due_date`                                                                 |
| **Update Trello Card**          | Update an existing Trello card                  | `card_id`, `board`, `list`, `description`, `due_date`                                                      |
| **Create Motion Task**          | Create a Motion task for the incident           | `description`, `due_date`, `duration`, `labels`                                                            |
| **Update Motion Task**          | Update an existing Motion task                  | `task_id`, `description`, `due_date`, `duration`, `labels`                                                 |

***

## Docs & Pages

| Action                            | Description                                            | Key fields                                                                    |
| --------------------------------- | ------------------------------------------------------ | ----------------------------------------------------------------------------- |
| **Create Confluence Page**        | Create a Confluence page from a retrospective template | `title`, `content`, `template`, `post_mortem_template_id`                     |
| **Update Confluence Page**        | Update an existing Confluence page                     | `file_id`, `content`, `template`, `post_mortem_template_id`                   |
| **Create Coda Page**              | Create a Coda page from a retrospective template       | `doc`, `folder_id`, `content`, `format`, `post_mortem_template_id`            |
| **Update Coda Page**              | Update an existing Coda page                           | `doc_id`, `page_id`, `content`, `format`, `post_mortem_template_id`           |
| **Create Datadog Notebook**       | Create a Datadog notebook for the incident             | `content`, `kind`, `template`, `post_mortem_template_id`                      |
| **Update Datadog Notebook**       | Update an existing Datadog notebook                    | `file_id`, `content`, `kind`, `post_mortem_template_id`                       |
| **Create Dropbox Paper**          | Create a Dropbox Paper document from a template        | `parent_folder`, `permissions`, `content`, `post_mortem_template_id`          |
| **Update Dropbox Paper**          | Update an existing Dropbox Paper document              | `file_id`, `title`, `content`, `post_mortem_template_id`                      |
| **Create Google Doc**             | Create a Google Doc from a retrospective template      | `drive`, `parent_folder`, `permissions`, `content`, `post_mortem_template_id` |
| **Update Google Doc**             | Update an existing Google Doc                          | `file_id`, `content`, `template_id`, `post_mortem_template_id`                |
| **Create Google Doc Permissions** | Grant users access to a Google Doc                     | `file_id`, `permissions`                                                      |
| **Remove Google Doc Permissions** | Revoke user access to a Google Doc                     | `file_id`, `attribute_to_query_by`                                            |
| **Create Notion Page**            | Create a Notion page for the incident                  | `title`, `show_action_items_as_table`, `show_timeline_as_table`               |
| **Update Notion Page**            | Update an existing Notion page                         | `file_id`, `title`, `show_action_items_as_table`, `show_timeline_as_table`    |
| **Create Quip Page**              | Create a Quip page from a template                     | `parent_folder_id`, `content`, `template_id`, `post_mortem_template_id`       |
| **Update Quip Page**              | Update an existing Quip page                           | `file_id`, `content`, `template_id`, `post_mortem_template_id`                |
| **Create SharePoint Page**        | Create a SharePoint document from a template           | `site`, `drive`, `parent_folder`, `content`, `post_mortem_template_id`        |
| **Update SharePoint Page**        | Update an existing SharePoint document                 | `file_id`, `title`, `content`, `post_mortem_template_id`                      |

***

## Developer Tools

| Action                         | Description                                      | Key fields                                                            |
| ------------------------------ | ------------------------------------------------ | --------------------------------------------------------------------- |
| **Create GitHub Issue**        | Create a GitHub issue for the incident           | `repository`, `issue_type`, `body`, `labels`, `parent_issue_number`   |
| **Update GitHub Issue**        | Update an existing GitHub issue                  | `issue_id`, `body`, `labels`, `labels_mode`, `issue_type`             |
| **Get GitHub Commits**         | Retrieve recent commits from a GitHub repository | `github_repository_names`, `branch`, `service_ids`, `past_duration`   |
| **Create GitLab Issue**        | Create a GitLab issue for the incident           | `repository`, `issue_type`, `body`, `labels`, `due_date`              |
| **Update GitLab Issue**        | Update an existing GitLab issue                  | `issue_id`, `description`, `labels`, `due_date`, `issue_type`         |
| **Get GitLab Commits**         | Retrieve recent commits from a GitLab repository | `gitlab_repository_names`, `branch`, `service_ids`, `past_duration`   |
| **Create Zendesk Ticket**      | Create a Zendesk ticket for the incident         | `subject`, `comment`, `tags`, `custom_fields_mapping`                 |
| **Update Zendesk Ticket**      | Update an existing Zendesk ticket                | `ticket_id`, `subject`, `tags`, `completion`, `custom_fields_mapping` |
| **Create Zendesk Jira Link**   | Link a Zendesk ticket to a Jira issue            | `zendesk_ticket_id`, `jira_issue_id`, `jira_issue_key`                |
| **Create FreshService Ticket** | Create a FreshService ticket for the incident    | `subject`, `description`, `priority`, `status`, `request_user_email`  |
| **Update FreshService Ticket** | Update an existing FreshService ticket           | `subject`, `description`, `priority`, `status`, `tags`                |
| **Create FreshService Task**   | Create a task under a FreshService ticket        | `parent_ticket_id`, `title`, `description`, `priority`, `status`      |
| **Update FreshService Task**   | Update an existing FreshService task             | `task_id`, `parent_ticket_id`, `description`, `priority`, `status`    |
| **Create Airtable Record**     | Create an Airtable record for the incident       | `custom_fields_mapping`                                               |
| **Update Airtable Record**     | Update an existing Airtable record               | `record_id`, `base_key`, `table_name`, `custom_fields_mapping`        |
| **Run Heroku Command**         | Execute a command in a Heroku app                | `post_to_incident_timeline`, `post_to_slack_channels`                 |
| **HTTP Client**                | Make an outbound HTTP request to any REST API    | `method`, `url`, `headers`, `body`, `event_url`, `event_message`      |
| **Redis Client**               | Execute commands against a Redis instance        | `commands`, `post_to_incident_timeline`                               |

***

## Observability

| Action                         | Description                                                      | Key fields                                                            |
| ------------------------------ | ---------------------------------------------------------------- | --------------------------------------------------------------------- |
| **Snapshot Datadog Graph**     | Post a Datadog graph to the incident timeline                    | `post_to_incident_timeline`, `post_to_slack_channels`                 |
| **Attach Datadog Dashboards**  | Post a Datadog dashboard link to the timeline                    | `post_to_incident_timeline`, `post_to_slack_channels`                 |
| **Snapshot Grafana Dashboard** | Post a Grafana dashboard snapshot to the timeline                | `post_to_incident_timeline`, `post_to_slack_channels`                 |
| **Snapshot Grafana Panel**     | Post a specific Grafana panel to the timeline                    | `post_to_incident_timeline`, `post_to_slack_channels`                 |
| **Snapshot Looker Graph**      | Post a Looker graph to the incident timeline                     | `post_to_incident_timeline`, `post_to_slack_channels`                 |
| **Snapshot New Relic Graph**   | Post a New Relic graph to the incident timeline                  | `metric_query`, `post_to_incident_timeline`, `post_to_slack_channels` |
| **Get Alerts**                 | Retrieve alerts matching a filter for use in subsequent actions  | `sources`, `environment_ids`, `labels`, `past_duration`               |
| **Get Pulses**                 | Retrieve deploys and changes matching a filter                   | `sources`, `environment_ids`, `labels`, `past_duration`               |
| **Update Attached Alerts**     | Update the status or position of alerts attached to the incident | `status`, `position`, `created_at`                                    |
| **Create Opsgenie Alert**      | Create an alert in Opsgenie                                      | `description`, `details`                                              |
| **Update Opsgenie Alert**      | Update an existing Opsgenie alert                                | `alert_id`                                                            |
| **Update Opsgenie Incident**   | Update an existing Opsgenie incident                             | `opsgenie_incident_id`                                                |
| **Create JSM Alert**           | Create an alert in Jira Service Management                       | `description`, `details`                                              |
| **Update VictorOps Incident**  | Update an existing VictorOps incident                            | `victor_ops_incident_id`, `resolution_message`                        |
| **Send Dashboard Report**      | Send a dashboard snapshot report via email                       | `dashboard_ids`, `from`, `cc`, `bcc`, `body`                          |

***

## Meetings & Calendar

| Action                           | Description                              | Key fields                                                                                             |
| -------------------------------- | ---------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| **Create Google Meet**           | Create a Google Meet link                | `record_meeting`, `post_to_incident_timeline`, `post_to_slack_channels`                                |
| **Create Zoom Meeting**          | Create a Zoom meeting link               | `password`, `record_meeting`, `create_as_email`, `post_to_incident_timeline`, `post_to_slack_channels` |
| **Create Webex Meeting**         | Create a Webex meeting link              | `password`, `record_meeting`, `recording_mode`, `post_to_incident_timeline`, `post_to_slack_channels`  |
| **Create GoToMeeting**           | Create a GoToMeeting link                | `subject`, `post_to_incident_timeline`, `post_to_slack_channels`                                       |
| **Create Google Calendar Event** | Schedule a meeting on Google Calendar    | `calendar_id`, `attendees`, `description`, `conference_solution_key`, `exclude_weekends`               |
| **Update Google Calendar Event** | Update an existing Google Calendar event | `event_id`, `attendees`, `conference_solution_key`, `exclude_weekends`                                 |
| **Create Outlook Event**         | Schedule a meeting on Outlook Calendar   | `calendar`, `attendees`, `description`, `enable_online_meeting`, `exclude_weekends`                    |

***

## Notifications

| Action                    | Description                               | Key fields                                                            |
| ------------------------- | ----------------------------------------- | --------------------------------------------------------------------- |
| **Send Email**            | Send an email to any address              | `from`, `to`, `cc`, `bcc`, `body`, `include_header`, `include_footer` |
| **Send SMS**              | Send an SMS to a phone number             | `phone_numbers`, `content`                                            |
| **Send WhatsApp Message** | Send a WhatsApp message to a phone number | `phone_numbers`, `content`                                            |
| **Call People**           | Make outbound phone calls                 | `phone_numbers`, `content`                                            |
| **Send Tweet**            | Post a tweet on Twitter / X               | `message`                                                             |

***

## AI

| Action                        | Description                                                                  | Key fields                                       |
| ----------------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------ |
| **OpenAI Chat Completion**    | Send a prompt to OpenAI and use the response in subsequent actions           | `model`, `prompt`, `system_prompt`               |
| **Anthropic Chat Completion** | Send a prompt to Anthropic Claude and use the response in subsequent actions | `model`, `prompt`, `system_prompt`               |
| **Gemini Chat Completion**    | Send a prompt to Google Gemini and use the response in subsequent actions    | `model`, `prompt`, `system_prompt`               |
| **Mistral Chat Completion**   | Send a prompt to Mistral AI and use the response in subsequent actions       | `model`, `prompt`, `system_prompt`, `max_tokens` |

<Note>
  AI actions require the corresponding LLM integration to be configured in **Settings → Integrations**. The response from any AI action can be referenced in downstream actions using Liquid variables.
</Note>

***

## Utility

| Action               | Description                                           | Key fields                                                                   |
| -------------------- | ----------------------------------------------------- | ---------------------------------------------------------------------------- |
| **Trigger Workflow** | Trigger another workflow from the current one         | `kind`, `check_workflow_conditions`, `attribute_to_query_by`, `match_header` |
| **Print**            | Print a message to the workflow run log for debugging | `message`                                                                    |

<Info>
  **HTTP Client** and **Redis Client** are also available as utility-style actions — see [Developer Tools](#developer-tools) above.
</Info>


# Alert Workflows
Source: https://docs.rootly.com/workflows/alert-workflows

Automate responses to incoming alerts by triggering workflows that declare incidents, page responders, create tickets, and notify teams based on alert data.

## Overview

**Alert workflows** allow you to react automatically when external systems send alerts into Rootly. Alerts represent incoming signals from monitoring, ticketing, and paging tools such as Datadog, Grafana, PagerDuty, Jira, and others. Once ingested, those alerts become first-class objects that workflows can evaluate and act upon.

Alert workflows are most commonly used to bridge the gap between raw signals and coordinated incident response. Instead of waiting for a human to interpret an alert, you can codify rules that immediately declare incidents, notify teams, or create follow-up work.

Common use cases include:

* Automatically declaring incidents when critical alerts are received
* Paging on-call responders or notifying shared channels when alerts meet specific criteria
* Creating or updating tickets and action items based on alert lifecycle changes

<Note>
  Alert workflows only run if alerts are successfully flowing into Rootly. Before configuring workflows, verify that your alert integrations are connected and producing alerts.
</Note>

***

## Supported Triggers

Alert workflows support **two trigger events**:

* **Alert Created** (`alert_created`)\
  Fires immediately when a new alert is received in Rootly.

* **Alert Status Updated** (`alert_status_updated`)\
  Fires whenever an alert’s status changes (for example, from open to resolved).

<Frame>
  <img alt="" />
</Frame>

<Note>
  Unlike incident or action item workflows, alert workflows **cannot be triggered manually** via Slack command. They only run in response to alert events.
</Note>

***

## Configure an Alert Workflow

### Step 1: Confirm alerts are ingested

Ensure alerts are arriving in Rootly by visiting **Alerts** in the Rootly UI.\
If no alerts are present, review your integrations on the [Alerts](/alerts) page.

***

### Step 2: Create a new workflow

Navigate to:

**Workflows → Create Workflow → Alert**

<Frame>
  <img alt="" />
</Frame>

***

### Step 3: Choose trigger event(s)

Select one or both of the available alert triggers depending on when you want the workflow to run.

* Use **Alert Created** to respond immediately to new alerts
* Use **Alert Status Updated** to respond to acknowledgements or resolutions

<Frame>
  <img alt="" />
</Frame>

***

## Define Run Conditions

Alert workflows can evaluate multiple properties of an alert. Conditions are optional but strongly recommended to avoid over-triggering.

<Frame>
  <img alt="" />
</Frame>

### Source

The **source** represents the system that generated the alert (for example, Datadog or PagerDuty).

You can use this to scope workflows to alerts from a specific integration.

<Frame>
  <img alt="" />
</Frame>

***

### Status

Alerts move through lifecycle states. Valid values include:

* `open`
* `triggered`
* `acknowledged`
* `resolved`

Status conditions are commonly used with the **Alert Status Updated** trigger to run workflows only when alerts are resolved or acknowledged.

***

### Labels

Alerts include a set of labels derived from the source system. Labels are stored as an **array of values**.

You can condition on labels using operators such as “contains any of” or “contains all of.”

<Frame>
  <img alt="" />
</Frame>

***

### Payload

Each alert includes a **JSON payload** containing source-specific data. Payload conditions allow advanced filtering using:

* **JSONPath** to extract values from the payload
* Optional **regular expressions** to match extracted values

For example, you can match alerts where `$.data.type` equals `incident`, regardless of case.

<Frame>
  <img alt="" />
</Frame>

<Note>
  Payload conditions are powerful but should be tested carefully. A malformed JSONPath or overly broad regex can cause workflows to misfire.
</Note>

***

## Configure Actions

Alert workflows support a wide range of actions. Available actions depend on which integrations are connected to your workspace.

Common actions include:

* Declaring incidents in Rootly
* Paging on-call responders
* Sending Slack or Microsoft Teams messages
* Creating or updating tickets in Jira or other systems
* Creating action items for follow-up work

<Frame>
  <img alt="" />
</Frame>

<Warning>
  ### Downstream workflow cascades

  If an alert workflow declares an incident, that will immediately trigger **incident workflows** that listen for “Incident Created” or related events.

  When testing alert workflows, it is strongly recommended to:

  * Temporarily disable incident workflows, or
  * Add restrictive run conditions to prevent unintended cascades.
</Warning>

***

## Best Practices

Alert workflows are most effective when they are precise and conservative.

* **Start narrow.** Use source, status, and payload conditions to target only the alerts that truly require automation.
* **Avoid duplicate incident creation.** Ensure alert grouping or deduplication is considered when declaring incidents from alerts.
* **Test in isolation.** Disable downstream workflows during initial testing to avoid accidental paging or ticket creation.
* **Use status-based triggers intentionally.** “Alert Created” is best for immediate response, while “Alert Status Updated” is better for follow-up automation.
* **Document your logic.** Complex payload conditions should be explained in the workflow description for future maintainers.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I trigger alert workflows manually from Slack?">
    No. Alert workflows only run in response to alert events. Manual Slack commands are not supported for this workflow type.
  </Accordion>

  <Accordion title="Can alert workflows create incidents automatically?">
    Yes. Declaring incidents is a common use case. Be aware that doing so may trigger incident workflows downstream.
  </Accordion>

  <Accordion title="Why didn’t my alert workflow run?">
    Check that alerts are flowing into Rootly, confirm the trigger event fired, and review run conditions—especially payload and label filters.
  </Accordion>

  <Accordion title="Can I filter alerts by integration or severity?">
    Yes. Use the source condition to filter by integration and payload or labels to match severity or priority fields provided by the source system.
  </Accordion>
</AccordionGroup>

***

Need help designing safe and effective alert automation? Contact your Rootly onboarding representative or email **[support@rootly.com](mailto:support@rootly.com)**.


# Incident Workflows
Source: https://docs.rootly.com/workflows/incident-workflows

Automate incident response in Rootly by triggering workflows on incident events like creation, status changes, severity updates, and field updates.

## Overview

**Incident workflows** are the backbone of automation in Rootly. They run when something meaningful happens to an incident—an incident is created, severity changes, a service is added, a Slack channel is created, responders join the channel, and more. Instead of relying on responders to remember every manual step during a high-stress event, incident workflows let you encode your process once and run it consistently every time.

Incident workflows are especially useful because incidents sit at the center of the response lifecycle. A single workflow can coordinate tooling across chat, paging, ticketing, documentation, and observability—so when an incident changes, everything else stays aligned automatically.

Common use cases include:

* Creating and configuring a Slack or Microsoft Teams channel when an incident begins
* Creating tickets (Jira, Linear, ServiceNow, etc.) based on incident severity, service, or team ownership
* Posting periodic reminders (status updates, stakeholder comms, runbook prompts) while an incident is active
* Paging on-call responders when specific services or severities are involved
* Generating post-incident artifacts (retrospectives, action items) when an incident resolves
* Synchronizing incident metadata to external systems (status page timelines, docs, dashboards)

<Note>
  You can chain workflows across types. For example, an **Alert workflow** can create an incident, which then triggers **Incident Created** or **Incident Started** workflows to run the rest of your incident process.
</Note>

***

## How Incident Workflows Run

An incident workflow always follows the same execution model:

1. **Trigger event occurs** (for example, *Status Updated*).
2. Rootly evaluates **run conditions** (if configured).
3. If conditions pass, Rootly executes the workflow’s **actions in order**.

Two behaviors are worth calling out early because they shape how you design automations:

* **Triggers are OR’d together.** If you select multiple triggers, *any one* of them can initiate the workflow.
* **Run conditions are your guardrails.** Use conditions to prevent noisy automation and ensure workflows only run when they should (for example, only for SEV0/SEV1, only for certain services, only when visibility is public, etc.).

***

## Create an Incident Workflow

### Step 1: Start a new workflow

Navigate to:

**Workflows → Create Workflow → Incident**

<Frame>
  <img alt="" />
</Frame>

***

### Step 2: Choose trigger events

Trigger events define **when** Rootly initiates the workflow. Incident workflows support a broad set of triggers, ranging from lifecycle events (created/started) to field changes (severity/status) to channel and subscriber events.

In the example below, the workflow starts when the incident **status changes** or when it is manually run using a **Slack command**:

<Frame>
  <img alt="" />
</Frame>

#### Incident trigger events available

The following triggers are available for incident workflows:

* `incident_in_triage`
* `incident_created`
* `incident_started`
* `incident_updated` (catch-all update trigger)
* `title_updated`
* `summary_updated`
* `status_updated`
* `severity_updated`
* `visibility_updated`

Field list changes:

* `environments_added`, `environments_removed`, `environments_updated`
* `incident_types_added`, `incident_types_removed`, `incident_types_updated`
* `services_added`, `services_removed`, `services_updated`
* `functionalities_added`, `functionalities_removed`, `functionalities_updated`
* `teams_added`, `teams_removed`, `teams_updated`
* `causes_added`, `causes_removed`, `causes_updated`

Timeline and post timelines:

* `timeline_updated`
* `status_page_timeline_updated`

Role assignment events:

* `role_assignments_added`
* `role_assignments_removed`
* `role_assignments_updated`

Channel and membership events:

* `slack_channel_created`
* `slack_channel_converted`
* `microsoft_teams_channel_created`
* `user_joined_slack_channel`
* `user_left_slack_channel`

Subscriber events:

* `subscribers_added`
* `subscribers_removed`
* `subscribers_updated`

Manual trigger:

* `slack_command`

<Warning>
  ### Avoid overlapping triggers

  Some triggers are “catch-all” events that cover other triggers.

  * `incident_updated` is a catch-all trigger for incident updates. If you use it, you should **not** also add field-specific triggers like `status_updated` or `severity_updated` in the same workflow.
  * Rootly also prevents certain redundant combinations (for example, selecting triggers that would cause duplicate initiation for the same underlying event).
</Warning>

<Info>
  ### Custom field update triggers

  In addition to the built-in triggers above, incident workflows can also trigger from **custom field updates**. These appear in the UI as:

  `[CustomField] <Your Field Name> Updated`

  Use these when a particular custom field is a critical step in your incident process (for example, “Customer Impacted,” “Root Cause Category,” or “External Status”).
</Info>

***

### Step 3: Add run conditions

Run conditions define **which incidents the workflow should apply to**. Conditions can be based on standard incident fields (severity, status, service, environment, teams, etc.) or custom fields you’ve configured in your workspace.

A strong incident workflow typically has at least one condition to avoid unnecessary automation. Examples:

* Only run for incidents where severity is SEV0 or SEV1
* Only run when a specific service is impacted
* Only run when the incident is public
* Only run when a particular team is assigned

<Frame>
  <img alt="" />
</Frame>

You can learn more about how run condition operators work (including how “all of / any of / none of” behaves) in the main workflows overview: [Condition Checks](/workflows/workflows).

***

### Step 4: Configure actions

Actions define **what the workflow does** once it has initiated and conditions pass. Available actions depend on the applications integrated with your Rootly workspace.

For example, after connecting Jira, Jira actions become available and can be configured to create issues, set fields, assign owners, and link incidents.

<Frame>
  <img alt="" />
</Frame>

#### What actions can an Incident workflow run?

Incident workflows support actions across Rootly and common incident tooling, including (not exhaustive):

* Rootly actions (update incident fields, add timeline entries, create action items, create post-mortems, trigger other workflows)
* Slack and Microsoft Teams actions (create/configure channels, send messages/reminders, update channel metadata, manage channel settings)
* Paging actions (page responders through integrated on-call providers)
* Ticketing/PM tools (Jira, Linear, ServiceNow, Zendesk, etc.)
* Documentation and collaboration tools (Google Drive/Docs, Confluence, Notion, SharePoint, etc.)
* Observability tools (Datadog, New Relic, Grafana, and others depending on integration availability)

<Note>
  Actions run **in order** from top to bottom. If the order matters (for example, create a Slack channel before posting a message into it), place the actions in the sequence you want them executed.
</Note>

<Warning>
  ### Failure behavior matters

  By default, **a single failing action halts the workflow run**. If you want a workflow to continue even if an action fails (for example, “post to Slack” should not block “create a Jira ticket”), enable **Skip on Failure** on the actions where continuing is safe.
</Warning>

***

## Best Practices

The best incident workflows are the ones that remain reliable under real incident pressure. These practices help you build workflows that are both powerful and predictable:

* **Start narrow, then expand.** Begin with specific triggers (like `severity_updated`) and tight conditions. Once you trust the behavior, broaden scope if needed.
* **Use conditions as guardrails.** Treat conditions as the safety layer that prevents noisy automation, especially when you use broad triggers like `incident_updated`.
* **Separate “setup” and “ongoing” automation.** A workflow that sets up Slack/tickets is often different from a workflow that posts reminders every 30 minutes.
* **Be intentional with repeat workflows.** If you use recurring reminders, make sure they stop when conditions are no longer true (for example, when status becomes Resolved).
* **Keep actions resilient.** Enable Skip on Failure for non-critical actions so a partial integration outage doesn’t break your entire process.
* **Name workflows by outcome, not mechanics.** Good names describe intent (for example, “Create incident channel and ticket for SEV0/SEV1”), which makes auditing easier later.
* **Validate manual Slack triggering.** If you rely on Slack commands, document the command and ensure it’s memorable and unique for your team.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="What’s the difference between triggers and run conditions?">
    Triggers define **when** a workflow is initiated (for example, when `status_updated` occurs). Run conditions define **which incidents** the workflow should actually apply to. In practice, triggers start the workflow, and conditions prevent it from executing when it shouldn’t.
  </Accordion>

  <Accordion title="Should I use incident_updated or specific triggers like status_updated?">
    Use `incident_updated` when you truly want the workflow to consider **any** incident update, then rely on conditions to narrow behavior. If you only care about specific changes (like severity/status/team/service changes), use the specific trigger to reduce noise and unintended runs.
  </Accordion>

  <Accordion title="Can I trigger workflows when a custom field changes?">
    Yes. Incident workflows can include custom-field update triggers that appear as `[CustomField] <Field Name> Updated`. This is useful when a custom field represents a process milestone or decision point.
  </Accordion>

  <Accordion title="Can I run an incident workflow manually from Slack?">
    Yes, if you include the `slack_command` trigger. When command feedback is enabled, Rootly posts an ephemeral confirmation message in Slack (and will indicate if the workflow is configured with a wait/delay).
  </Accordion>

  <Accordion title="Why did my workflow stop after one action failed?">
    By default, workflows fail fast: a failing action halts the run. To allow later actions to continue, enable **Skip on Failure** on the actions that should not block the rest of the workflow.
  </Accordion>

  <Accordion title="Why can’t I select certain trigger combinations?">
    Rootly prevents overlapping triggers that would cause redundant firing (for example, selecting a catch-all update trigger together with the specific field updates it already covers). This avoids duplicate runs and keeps workflow behavior easier to predict.
  </Accordion>
</AccordionGroup>

***

Need help designing incident workflows that match your process? Contact Rootly Support at [support@rootly.com](mailto:support@rootly.com) or reach out to your onboarding/customer success representative.


# Manually Running Workflows
Source: https://docs.rootly.com/workflows/manually-running-workflows

Trigger Rootly workflows manually through Slack commands, Slack modals, and the web interface for on-demand automation, ad-hoc tasks, and one-off operations.

## Overview

Most workflows run automatically when their trigger events occur. Rootly also supports **manual workflow execution**, which is useful when you want on-demand automation (for example, sending a message, creating an external ticket, or running a one-off operational task).

Manual execution is supported through:

* **Slack command** (manual invocation by workflow command)
* **Slack modal** (interactive workflow picker)
* **Web UI** (trigger a workflow directly from an incident)

<Note>
  Manual runs still respect permissions. If you do not have permission to trigger workflows for a given incident, Rootly will block the action.
</Note>

***

## Manual Runs via Slack

Rootly supports two Slack-based methods for running workflows manually.

### Option 1: Slack command

You can run a workflow using:

```
/rootly workflow <command>
```

This command looks up a workflow by its configured **Slack Command** value.

<Frame>
  <img alt="" />
</Frame>

#### Configure the command on the workflow

Each workflow can be assigned a command in the **Slack Command** field.

<Frame>
  <img alt="" />
</Frame>

#### Required: include Slack Command as a trigger

To run a workflow through Slack, the workflow must explicitly include **Slack Command** as one of its trigger events. If it is not selected, Slack will not run the workflow and will instead guide you to enable the trigger.

<Frame>
  <img alt="" />
</Frame>

#### Important behavior for incident workflows

Incident workflows have an additional requirement:

* **Incident workflows must be triggered from the incident’s Slack channel.**

If you attempt to run an incident workflow from a non-incident channel (or outside incident context), Rootly will not run it.

#### Optional: Slack confirmation message (Command feedback)

If **Command feedback** is enabled on the workflow, Rootly posts an **ephemeral confirmation** to the user in Slack after the workflow is started.

* If the workflow has a configured **Wait** delay, the confirmation indicates the workflow will start after that delay.
* If there is no wait, the confirmation indicates the workflow has started.

<Note>
  Ephemeral confirmations may not be posted if the channel is archived or the user is not in the channel.
</Note>

***

### Option 2: Slack modal

You can also trigger workflows through Rootly’s Slack modal experience. This is useful when you do not remember the command or want to select from a list interactively.

<Frame>
  <img alt="" />
</Frame>

<Frame>
  <img alt="" />
</Frame>

The modal triggers the selected workflow using the workflow’s command value, the same underlying command-driven logic, and the same permission checks.

***

## Manual Runs via Web UI

You can manually trigger workflows from the Rootly web app for a specific incident.

### Step 1: Open workflow runs for an incident

Navigate to the incident, then select **View Workflow Runs** in the right-hand pane.

<Frame>
  <img alt="" />
</Frame>

### Step 2: Trigger a workflow

From the workflow runs view, select **Trigger Workflow**.

<Frame>
  <img alt="" />
</Frame>

You’ll be presented with a list of available workflows. Selecting a workflow triggers it **for the incident you are currently viewing**.

<Frame>
  <img alt="" />
</Frame>

#### Which workflows appear in the web picker

The web UI workflow picker is intentionally constrained:

* Only **incident workflows** are listed
* Only workflows that are **enabled** are listed
* Internal workflows are excluded

This prevents accidentally running disabled or internal-only automation from the incident UI.

#### Web-triggered runs execute immediately

Manual runs triggered from the web UI are executed with **immediate execution** semantics. Practically, this means:

* The run starts right away rather than waiting for a configured **Wait** delay.

Use the web UI when you need to run a workflow immediately against a specific incident.

***

## Slack Command Requirements and Validation

Commands must be:

* **Unique per team**
* **Well-formed**, using only letters, numbers, dashes, underscores, and periods
* Not starting/ending with a period or underscore
* Not containing repeated separators (for example `..` or `__`)

If you do not set a command explicitly, Rootly auto-generates one based on the workflow’s kind and name (and will append a suffix if needed to avoid collisions).

***

## Permissions

Manual workflow triggering is permission-gated.

* Triggering workflows on incidents requires incident update-level access (including the permission that covers triggering workflows).
* For private incidents, Rootly applies private incident permission rules.

If a user lacks permission, the workflow will not run from Slack or the web UI.

***

## Best Practices

* **Always include Slack Command as a trigger** if you want Slack-based manual invocation.
* **Use clear, short commands** and keep naming consistent across teams.
* **Enable Command feedback** so users get immediate confirmation after triggering.
* **Prefer the web UI** when you need to trigger immediately against a specific incident and bypass any wait delay.
* **Validate permissions early** when rolling out workflow tooling to non-admin responders.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I run any workflow manually from Slack?">
    Only workflows that include **Slack Command** as a trigger can be run via `/rootly workflow &lt;command&gt;`.
  </Accordion>

  <Accordion title="Why won’t my incident workflow run from Slack?">
    The most common reasons are: the workflow is missing the **Slack Command** trigger, you are running it outside the incident’s Slack channel, or you do not have permission to trigger workflows for that incident.
  </Accordion>

  <Accordion title="Why does the web UI only show enabled workflows?">
    The incident web picker lists only enabled incident workflows to prevent accidental execution of disabled or internal workflows during incident response.
  </Accordion>

  <Accordion title="Does the Wait setting apply to manual runs?">
    Slack-triggered runs respect the workflow’s configured **Wait** delay. Web-triggered runs execute immediately.
  </Accordion>
</AccordionGroup>


# Pulse Workflows
Source: https://docs.rootly.com/workflows/pulse-workflows

Automate responses to code change events from CI/CD systems in Rootly to pre-declare incidents, notify teams, track deployments, and capture rollback context.

## Overview

**Pulse workflows** run automatically when Rootly receives a **pulse**. Pulses are code-change events (for example, pushes, merges, and deployments) streamed into Rootly from supported source control and CI/CD integrations such as GitHub and GitLab.

Pulse workflows are designed for teams that want to connect delivery signals to operational response. Instead of treating deployments as “background noise,” you can use pulses to proactively notify responders, create artifacts for visibility, and even pre-declare incidents when the change itself represents elevated risk.

Pulse workflows are particularly useful for:

* Pre-declaring incidents when risky changes ship, so responders have a shared coordination space ready if impact appears
* Broadcasting deployments into shared channels (for example, release, infrastructure, or product channels) with consistent formatting and context
* Creating follow-up work automatically when a pulse matches a high-risk pattern (specific repo, branch, environment, or payload value)

<Note>
  Pulse workflows only run if pulses are successfully flowing into Rootly. Before building automation, confirm your pulse integration is connected and producing pulse events.
</Note>

***

## Supported Trigger

Pulse workflows support **one trigger event**:

* **Pulse Created** (`pulse_created`)\
  Fires immediately when a new pulse is received in Rootly.

<Frame>
  <img alt="" />
</Frame>

<Note>
  Pulse workflows cannot be triggered manually via Slack command. They only run when Rootly receives a pulse.
</Note>

***

## Configure a Pulse Workflow

### Step 1: Confirm pulses are ingested

To use a pulse workflow, you must first ensure Rootly is receiving pulses.

Navigate to **Configuration → Pulses** to verify recent pulse events exist. If you do not see pulses, review your integration configuration on the [Pulses](/configuration/pulses) page.

***

### Step 2: Create a new workflow

Navigate to:

**Workflows → Create Workflow → Pulse**

<Frame>
  <img alt="" />
</Frame>

***

### Step 3: Select the trigger event

Because pulse workflows only support one trigger, choose **Pulse Created**. This causes the workflow to initiate as soon as the pulse arrives in Rootly.

***

## Define Run Conditions

Pulse workflows can be filtered using three pulse properties. These conditions let you target only the pulses you care about (for example, production deploys, changes from a specific repository, or events with a specific payload field).

<Frame>
  <img alt="" />
</Frame>

### Source

The **source** represents where the pulse originated from (for example, GitHub or GitLab). Source conditions can optionally use regular expressions, which is helpful when your source naming varies by integration or workspace.

You can find the source on the main Pulses page:

<Frame>
  <img alt="" />
</Frame>

***

### Label

Each pulse includes a set of **labels** derived from the source system. Labels are stored as an **array of values**, and you can filter on them using operators such as “contains any of” or “contains all of.” Label conditions can also optionally use regular expressions.

You can find labels on the pulse details page:

**Configuration → Pulses → select a pulse**

<Frame>
  <img alt="" />
</Frame>

***

### Payload

Each pulse includes a JSON **payload** containing source-specific data (commit metadata, repository identifiers, environment details, and other fields depending on the integration).

Payload filtering supports:

* **JSONPath** (configured as the payload query) to extract the value you want to evaluate from the pulse JSON
* Optional **regular expression matching** against the extracted value

For example, you can extract a specific field like an environment ID or branch name and require an exact match, partial match, or regex match.

You can find payload data on the pulse details page:

**Configuration → Pulses → select a pulse**

<Frame>
  <img alt="" />
</Frame>

<Note>
  Payload conditions are powerful but should be tested carefully. Incorrect JSONPath expressions or overly broad regex matches can cause workflows to run unexpectedly.
</Note>

***

## Configure Actions

Pulse workflows do **not** have a fixed action set. The actions available to your workflow depend on which integrations are connected in your Rootly workspace.

Common actions teams use with pulse workflows include:

* Declaring or updating an incident in Rootly
* Sending Slack or Microsoft Teams messages with structured deployment context
* Creating or updating follow-up work items (tickets, action items, tasks) when a pulse matches a risk condition
* Triggering additional workflows (for example, handing off from a “deployment detected” workflow into a more complex automation chain)

<Frame>
  <img alt="" />
</Frame>

<Warning>
  ### Downstream workflow cascades

  If a pulse workflow creates or updates an incident, that can immediately trigger **incident workflows** that listen for incident events such as “Incident Created” or “Status Updated.”

  When testing pulse workflows that touch incidents, consider temporarily disabling incident workflows or using restrictive run conditions to prevent unintended cascades.
</Warning>

***

## Best Practices

Pulse workflows are most effective when they are scoped intentionally and validated with real examples.

* **Start narrow and expand.** Begin with conditions that target a specific repository, branch, or environment before broadening to all pulses.
* **Prefer labels and payload for precision.** Source-only filters are rarely enough; labels and payload fields usually provide the reliable signal you need.
* **Use pre-declared incidents sparingly.** Pre-declare incidents only when the change itself represents elevated risk, otherwise you may create alert fatigue through too many “false starts.”
* **Test with recent pulses.** Always validate your JSONPath and label logic against real pulse examples visible in the UI.
* **Document intent in the workflow description.** Pulse workflows often encode operational policy (what constitutes a risky change). Make that intent explicit so future maintainers do not guess.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can I trigger a pulse workflow manually from Slack?">
    No. Pulse workflows run only when Rootly receives a pulse event. Manual Slack commands are not supported for this workflow type.
  </Accordion>

  <Accordion title="What kinds of tools can send pulses into Rootly?">
    Pulses are code-change events typically sent by source control or CI/CD systems (for example, GitHub and GitLab). The exact set depends on which integrations your workspace has connected.
  </Accordion>

  <Accordion title="Why didn’t my pulse workflow run?">
    Confirm pulses are present in Rootly, verify the workflow is enabled, check that the trigger is Pulse Created, and then review run conditions—especially JSONPath payload filters and label matching.
  </Accordion>

  <Accordion title="Can a pulse workflow automatically create an incident?">
    Yes. Many teams use pulses to pre-declare incidents or create coordination space for risky changes. If you do this, be aware it may trigger incident workflows downstream.
  </Accordion>
</AccordionGroup>

***

Need help designing safe pulse automation? Contact your Rootly onboarding representative or email **[support@rootly.com](mailto:support@rootly.com)**.


# Retrospective Workflows
Source: https://docs.rootly.com/workflows/retrospective-workflows

Automate retrospective tasks in Rootly like doc publishing, ticket creation, and notifications triggered by retrospective lifecycle events and milestones.

## Overview

**Retrospective workflows** (also called **post-mortem workflows**) automate the work that happens *after* an incident—capturing learnings, publishing the review, assigning follow-ups, and keeping stakeholders in the loop.

In Rootly, each incident can have an associated retrospective object. Retrospective workflows run when that retrospective changes, letting you standardize what “good follow-through” looks like across every team and every incident. This is especially valuable because retrospective work often spans multiple systems (docs, tickets, chat notifications, leadership updates), and the most common failure mode is simple: people forget steps or do them inconsistently.

Typical uses include:

* Keeping a draft retrospective document in sync as the review evolves
* Publishing a retrospective automatically when it reaches a “Published” state
* Creating action items or tickets and assigning owners when the retrospective is published
* Notifying the right audiences (incident channel, leadership channels, email lists) when a retrospective is ready

<Note>
  Retrospective workflows are triggered by **retrospective events**, not incident events. You *can* still use **incident fields as conditions** (for example, severity, services, teams) to control when the workflow should run—but the trigger itself comes from the retrospective lifecycle.
</Note>

***

## Supported Triggers

Retrospective workflows support the following trigger events:

* **Post Mortem Created** (`post_mortem_created`): fires when a retrospective is created
* **Post Mortem Updated** (`post_mortem_updated`): fires when a retrospective is updated (catch-all)
* **Status Updated** (`status_updated`): fires when the retrospective status changes
* **Slack Command** (`slack_command`): fires when the workflow is manually executed via Slack command

<Warning>
  ### “Post Mortem Updated” is a catch-all trigger

  If your workflow uses **Post Mortem Updated**, it can fire for any retrospective change. This is powerful, but it’s easy to create noisy automations unless you add tight **run conditions** (for example, “status is published”).
</Warning>

***

## Create a Retrospective Workflow

### Step 1: Start a new workflow

Navigate to:

**Workflows → Create Workflow → Retrospective**

<Frame>
  <img alt="" />
</Frame>

***

### Step 2: Choose trigger event(s)

Select one or more trigger events that should initiate your workflow.

In the example below, the workflow initiates when the **retrospective status changes**:

<Frame>
  <img alt="" />
</Frame>

<Note>
  When you see “Status Updated” in a retrospective workflow, it refers to the **retrospective status**, not the incident status.
</Note>

***

### Step 3: Define run conditions

Run conditions let you control *which* retrospectives (and incidents) the workflow applies to. Retrospective workflows can evaluate both:

* **Retrospective properties** (most importantly: retrospective status)
* **Incident properties** (severity, services, teams, environments, custom fields, etc.)

<Frame>
  <img alt="" />
</Frame>

#### Retrospective status

Retrospective status is typically one of:

* `draft`
* `published`

A very common pattern is:

* Trigger: **Status Updated**
* Condition: **Retrospective status is published**
* Actions: publish docs, notify leadership, create follow-ups

This ensures you get a clean, one-time automation when the review is officially ready.

#### Incident-based conditions

Even though the workflow is retrospective-triggered, you can narrow it using incident properties. Examples:

* Only run for SEV0/SEV1 incidents
* Only run when a specific service is involved
* Only run when the incident team matches a particular org

<Frame>
  <img alt="" />
</Frame>

For details on condition operators (all of / any of / none of, plus per-field operators like “is”, “is one of”, “contains any of”), see: [Condition Checks](/workflows/workflows).

***

### Step 4: Configure actions

Actions are what the workflow actually does once it passes conditions. The available actions depend on your integrations, but retrospective workflows commonly automate:

* Document creation and updates (for example, Confluence pages, Google Docs, Notion pages)
* Notifications (Slack messages, Microsoft Teams messages, email)
* Follow-up tracking (create action items, create tickets, assign owners, set due dates)

<Frame>
  <img alt="" />
</Frame>

<Info>
  Some document-creation actions can be configured to **publish** the retrospective automatically (for example, when creating a Confluence page), which is useful when “publishing” is part of your definition of done.
</Info>

<Warning>
  By default, if an action fails, the workflow run halts. If a non-critical action should not block the rest (for example, posting a Slack message), enable **Skip on Failure** for that action.
</Warning>

***

## Best Practices

A retrospective workflow should make your post-incident process *more consistent*, not noisier. These patterns tend to work well in production:

* **Trigger on Status Updated, condition on “published.”** This gives you a clean “one-time publish event” you can treat as a milestone.
* **Use incident severity as a gate.** Many organizations only want leadership notifications and full doc automation for higher severities.
* **Separate “draft upkeep” from “publish actions.”** If you want to keep a doc updated while the review is in progress, put that in a separate workflow from the one that runs when the retrospective is published.
* **Make notifications intentional.** Use different destinations for different audiences (incident channel vs. a leadership channel vs. email).
* **Ensure ownership is created, not implied.** If the workflow creates action items or tickets, assign owners and due dates so the follow-up work doesn’t stall.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Is a retrospective workflow triggered by incident updates?">
    No. Retrospective workflows trigger from retrospective events (created, updated, status updated, or Slack command). You can still *use incident fields as conditions* to control whether the workflow should run.
  </Accordion>

  <Accordion title="What does “Status Updated” mean here?">
    In a retrospective workflow, “Status Updated” refers to the **retrospective status** (typically `draft` or `published`), not the incident status.
  </Accordion>

  <Accordion title="How do I only run actions once when the retrospective is published?">
    Use **Status Updated** as the trigger and add a run condition like “retrospective status is published.” This avoids running the workflow on unrelated retrospective changes.
  </Accordion>

  <Accordion title="Can I run a retrospective workflow manually?">
    Yes. Retrospective workflows support the **Slack Command** trigger, which lets you run the workflow manually using its configured command.
  </Accordion>

  <Accordion title="Why did my workflow run too often?">
    The most common cause is using **Post Mortem Updated** (a catch-all trigger) without strict conditions. Add conditions like retrospective status, incident severity, or service/team filters to narrow the workflow to the exact cases you want.
  </Accordion>
</AccordionGroup>

***

Need help designing retrospective automation that matches your process? Contact Rootly Support at [support@rootly.com](mailto:support@rootly.com) or reach out to your onboarding/customer success representative.


# Standalone Workflows
Source: https://docs.rootly.com/workflows/standalone-workflows

Create manual Slack command-triggered workflows in Rootly for ad-hoc tasks like emailing dashboards, making calls, querying repos, and running scripts.

## Overview

**Standalone workflows** (internally referred to as *Simple workflows*) are workflows that are **triggered exclusively by a Slack command**. They are not tied to any Rootly object such as incidents, action items, alerts, pulses, or retrospectives.

Because they are manually invoked, standalone workflows are ideal for ad-hoc, on-demand tasks where timing and intent are explicitly controlled by a human rather than by system events.

Standalone workflows are particularly useful for:

* Emailing or posting metrics dashboards on demand
* Making ad-hoc phone calls or sending notifications during an incident
* Fetching repository data such as recent GitHub or GitLab commits
* Running utility actions (HTTP requests, Redis queries, AI prompts)
* Triggering other workflows manually as part of a runbook or checklist

<Note>
  Standalone workflows do not evaluate incident, action item, alert, pulse, or retrospective data. They run purely based on user intent at invocation time.
</Note>

***

## Supported Trigger

Standalone workflows support **only one trigger**:

* **Slack Command** (`slack_command`)

This trigger allows a user to explicitly run the workflow from Slack using a command.

No other triggers are available or supported for this workflow type.

***

## Configure a Standalone Workflow

### Step 1: Create the workflow

Navigate to:

**Workflows → Create Workflow → Standalone**

<Frame>
  <img alt="" />
</Frame>

***

### Step 2: Configure the Slack command

Standalone workflows must be invoked via Slack using the pattern:

```
/rootly workflow <command>
```

#### Command behavior and defaults

* If you do not explicitly set a command, Rootly automatically generates one using the pattern:

```
standalone-<workflow-name>
```

* Commands must be **unique per team**.
* Commands must:
* Start with a letter or number
* Contain only letters, numbers, dashes, underscores, or periods
* Not begin or end with a period or underscore
* Not contain consecutive separators (for example `..` or `__`)

If a generated command conflicts with an existing one, Rootly automatically appends a short random suffix to ensure uniqueness.

<Note>
  For usability, keep commands short, descriptive, and easy to remember. Standalone workflows are often used under pressure.
</Note>

***

### Step 3: Trigger behavior in Slack

When a user runs:

```
/rootly workflow <command>
```

Rootly will:

1. Locate the workflow by its command
2. Start the workflow run
3. Optionally post an **ephemeral confirmation message** if **Command feedback** is enabled

If the workflow has a configured **Wait** delay, the confirmation message will include the delay duration before execution begins.

***

## Run Conditions

Standalone workflows intentionally have **no run conditions**.

Because these workflows are invoked manually, adding conditional gates based on object state would reduce their usefulness and predictability.

However, standalone workflows **can still use timing controls**, including:

* **Wait before executing**
  * Minimum delay: 10 seconds
  * Common options include 30 seconds, 1 minute, 5 minutes, 1 hour, and longer intervals
* **Repeat Every / Repeat On**
  * Supported repeat intervals include:
    * 10 minutes
    * 30 minutes
    * 1 hour
    * 1 day
    * 5 days
  * Repeat days use the following codes:
    * S (Sunday)
    * M (Monday)
    * T (Tuesday)
    * W (Wednesday)
    * R (Thursday)
    * F (Friday)
    * U (Saturday)

These controls are especially useful for scheduled reporting or temporary recurring jobs that you want to start manually and let run for a period of time.

***

## Configure Actions

The actions available in a standalone workflow depend on which integrations are connected in your Rootly workspace. Standalone workflows support a wide range of utility-style actions.

Common examples include:

### Communication and notifications

* Send Slack or Microsoft Teams messages
* Send emails, SMS, WhatsApp messages, or place phone calls
* Create or manage Slack and Microsoft Teams channels

### Reporting and data retrieval

* Email dashboard reports
* Fetch recent alerts or pulses
* Query GitHub or GitLab commits
* Print structured output to Slack for quick inspection

### Automation and utilities

* Run HTTP requests against internal or external APIs
* Execute Redis commands
* Trigger other workflows programmatically
* Invoke AI models (OpenAI, Gemini, Mistral, Anthropic, Watsonx) for summaries or analysis

<Frame>
  <img alt="" />
</Frame>

<Note>
  Standalone workflows are often used as building blocks in runbooks. Keep actions modular and focused so workflows remain easy to reason about.
</Note>

***

## Execution Behavior and Failure Handling

Actions execute **in order**, from top to bottom.

By default:

* If an action fails, the workflow stops immediately and is marked as failed.

Optional behavior:

* You can enable **Skip on Failure** on individual actions.
* When enabled, Rootly records the failure and continues executing subsequent actions.

This is especially useful for non-critical steps such as logging, notifications, or optional data enrichment.

***

## Best Practices

* **Design for human invocation.** Assume the user triggering the workflow wants immediate, clear feedback.
* **Enable command feedback.** Ephemeral confirmations reduce uncertainty and accidental re-runs.
* **Use standalone workflows for tooling, not policy.** If logic depends on incident state or system events, use a different workflow type.
* **Keep commands discoverable.** Document common commands internally and keep naming consistent.
* **Use repeat controls sparingly.** Long-running repeats should be intentional and well-scoped.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Can standalone workflows run automatically?">
    No. Standalone workflows only run when triggered by a Slack command. They do not respond to system events.
  </Accordion>

  <Accordion title="Can I use standalone workflows inside incident response?">
    Yes. They are commonly used during incidents for ad-hoc tasks such as fetching data, sending updates, or running utility actions.
  </Accordion>

  <Accordion title="Can a standalone workflow trigger other workflows?">
    Yes. Standalone workflows can trigger other workflows, making them useful as entry points for manual runbooks.
  </Accordion>

  <Accordion title="Why don’t standalone workflows have conditions?">
    They are designed to be explicit and predictable. Conditions based on object state would make manual execution harder to reason about.
  </Accordion>
</AccordionGroup>

***

Need help designing powerful manual workflows or runbook commands? Contact your Rootly onboarding representative or email **[support@rootly.com](mailto:support@rootly.com)**.


# Wait and Repeat
Source: https://docs.rootly.com/workflows/workflow-scheduling

Delay workflow execution, repeat actions on a schedule, and set stop conditions in Rootly that control when a repeating workflow ends or pauses automatically.

## Overview

Workflows support two scheduling controls that can be used independently or together:

* **Wait before executing** — delays the start of actions after a workflow is initiated
* **Repeat every / Repeat on** — re-runs the workflow's actions on a recurring schedule after the first execution

These controls are most commonly used to build reminder workflows, periodic status update messages, and escalation nudges that fire at regular intervals during an incident.

***

## Wait Before Executing

A wait delays the start of actions after the workflow's trigger fires and run conditions are satisfied.

**Available wait durations:** 30 seconds, 1 minute, 2 minutes, 5 minutes, 1 hour, 1 day, 3 days, 1 week, 2 weeks, 1 month.

<Note>
  The shortest selectable wait in the UI is **30 seconds**. The underlying validation accepts any value down to 10 seconds, but the predefined options start at 30 seconds. Rootly re-evaluates run conditions after the wait period elapses. If conditions are no longer satisfied at that point, the workflow stops without executing actions.
</Note>

### Execution flow with a wait

```
Trigger fires
  → Run conditions checked → fail → stop
  → Run conditions pass → wait
  → Run conditions re-checked → fail → stop
  → Run conditions pass → actions execute
```

This means a workflow that was eligible when it triggered can still be stopped before it acts if the situation has changed during the wait window — useful for "if still unresolved after 30 minutes" patterns.

***

## Repeat Every

**Repeat every** sets the interval between successive executions after the first run. Each repeat cycle re-checks run conditions before executing actions, so the workflow naturally stops repeating when the conditions are no longer true.

**Available repeat intervals:** 10 minutes, 30 minutes, 1 hour, 1 day, 5 days.

### Repeat on (day-of-week filter)

**Repeat on** restricts repeats to specific days of the week. Select any combination of days. Repeat cycles that fall outside the selected days are skipped.

| Day       | Code used internally |
| --------- | -------------------- |
| Sunday    | S                    |
| Monday    | M                    |
| Tuesday   | T                    |
| Wednesday | W                    |
| Thursday  | R                    |
| Friday    | F                    |
| Saturday  | U                    |

<Tip>
  Use **Repeat on** with a **1 day** interval to build weekday-only reminder workflows without needing separate conditions for weekends.
</Tip>

### Execution flow with repeat

```
Trigger fires
  → Run conditions checked → pass
  → Wait (if configured) → Run conditions re-checked → fail → stop
  → Run conditions pass → actions execute
  → Stop-repeat conditions checked → any match → stop
  → Wait for repeat interval
  → Run conditions re-checked → fail → stop
  → Run conditions pass → (wait if configured) → Run conditions re-checked → fail → stop
  → Run conditions pass → actions execute
  → … continues until a stop condition is met
```

***

## Stop Repeat Conditions

Without explicit stop conditions, a repeating workflow continues indefinitely as long as run conditions remain true. Stop repeat conditions give you precise control over when repeating ends.

Any one of the following conditions stopping the loop:

<ParamField type="integer">
  The workflow stops after executing this many times. Accepts values from **2 to 100**.

  Use this when you want a fixed number of reminders regardless of how long the incident stays open.
</ParamField>

<ParamField type="select">
  The workflow stops once this much time has elapsed since the first execution. Options: **10 minutes, 30 minutes, 1 hour, 1 day, 5 days**.

  Use this to cap the reminder window — for example, stop sending updates after 1 day even if the incident is still active.
</ParamField>

<Warning>
  Stop repeat conditions are evaluated using OR logic — the workflow stops as soon as any single condition is met, not when all conditions are met.
</Warning>

***

## Common Patterns

<AccordionGroup>
  <Accordion title="Reminder every 30 minutes for up to 1 hour" icon="bell">
    Configure:

    * **Repeat every:** 30 minutes
    * **Time since first run:** 1 hour
    * **Run condition:** incident status is not Resolved

    The workflow sends a reminder at 0, 30, and 60 minutes and then stops — or stops earlier if the incident resolves.
  </Accordion>

  <Accordion title="Daily status update on weekdays only" icon="calendar-days">
    Configure:

    * **Repeat every:** 1 day
    * **Repeat on:** Monday, Tuesday, Wednesday, Thursday, Friday
    * **Run condition:** incident is still active

    The workflow fires once per weekday and skips Saturdays and Sundays automatically.
  </Accordion>

  <Accordion title="Delayed escalation if still unresolved" icon="circle-arrow-up">
    Configure:

    * **Wait:** 30 minutes
    * **Run condition:** incident severity is P1 and status is not Resolved

    The workflow initiates when a P1 opens, waits 30 minutes, re-checks whether it is still open and still P1, then fires the escalation action. If the incident resolved during the wait, no action is taken.
  </Accordion>

  <Accordion title="Single reminder with a grace period" icon="hourglass-half">
    Configure:

    * **Wait:** 1 hour
    * No repeat

    The workflow fires once, one hour after the trigger, as long as run conditions still hold. Useful for a one-time follow-up nudge without building a full repeat loop.
  </Accordion>
</AccordionGroup>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="My workflow stopped repeating earlier than expected" icon="circle-question">
    The most common cause is run conditions becoming false. Rootly re-evaluates run conditions before every repeat cycle. If the incident moved to a status, severity, or field value that no longer satisfies the conditions, repeating stops.

    Check the workflow run history to see which condition evaluation caused the stop. Also verify that no stop repeat condition (max repeats or time since first run) was reached.
  </Accordion>

  <Accordion title="My workflow ran once but never repeated" icon="circle-exclamation">
    Confirm that **Repeat every** is set. A wait-only workflow (no repeat interval) executes once after the delay and does not loop. Also check whether a stop repeat condition was already satisfied after the first run — for example, a **Maximum number of repeats** of 2 means the workflow runs twice total (the initial run plus one repeat).
  </Accordion>

  <Accordion title="Actions fired even though conditions should have prevented them" icon="triangle-exclamation">
    Conditions are checked at trigger time and again after any wait period, but not continuously during the wait. If conditions briefly become false and then true again during a wait window, the post-wait check is what matters. Design conditions around the state you care about at execution time, not the state at trigger time.
  </Accordion>
</AccordionGroup>


# Workflow Types
Source: https://docs.rootly.com/workflows/workflow-types

Understand the six workflow types (incident, post-mortem, action item, alert, pulse, and standalone) and the trigger events available for each.

## Overview

Rootly workflows are grouped into **six workflow types**. The workflow type determines two things:

1. **What object the workflow runs against** (incident, alert, action item, etc.)
2. **Which trigger events are available** (because not every object emits the same events)

Most workflow types are tied to a Rootly object and are triggered by changes to that object. For example, an **Incident workflow** can trigger when an incident’s status changes, while an **Action Item workflow** can trigger when a due date changes.

**Standalone workflows** (called **Simple** workflows in Rootly’s internal model) are different: they do not depend on any Rootly object and can only be triggered manually through a Slack command.

<Note>
  You can chain workflow types together. For example, an **Alert workflow** can create an incident, which can then trigger one or more **Incident workflows** configured for **Incident Created** or **Incident Started**.
</Note>

## How Trigger Events Work

Workflows are **not executed in a fixed order**. A workflow runs when:

1. One of its **trigger events** occurs (triggers are evaluated using OR logic), and then
2. Its **run conditions** pass (if configured)

Because workflows are event-driven, two workflows can run “in parallel” if they share the same trigger, and a workflow configured with multiple triggers will run whenever *any* of them occur.

<Warning>
  ### Avoid Overlapping Triggers

  Some triggers are **catch-all** events (for example, **Incident Updated**) that already include more specific triggers (like **Status Updated** or **Severity Updated**). Rootly prevents overlapping configurations to avoid duplicate runs and hard-to-debug behavior.
</Warning>

***

## Workflow Types and Trigger Events

Below are the trigger events grouped by workflow type. These names reflect how Rootly defines triggers internally and how they appear in the workflow builder.

***

## Incident Workflows

Incident workflows trigger from incident lifecycle changes, field updates, timeline events, channel events, and subscriber changes.

| Trigger                             | When it’s triggered                                                                                                             |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
| **Incident In Triage**              | When an incident enters triage (used for triage-first workflows).                                                               |
| **Incident Created**                | When an incident record is created in Rootly.                                                                                   |
| **Incident Started**                | When an incident is started (for teams that distinguish creation vs start).                                                     |
| **Incident Updated**                | Catch-all trigger for incident updates. Use this instead of specific field update triggers when you want “any incident change.” |
| **Status Updated**                  | When incident status changes.                                                                                                   |
| **Severity Updated**                | When incident severity changes.                                                                                                 |
| **Title Updated**                   | When incident title changes.                                                                                                    |
| **Summary Updated**                 | When incident summary changes.                                                                                                  |
| **Visibility Updated**              | When incident visibility changes (for example, public vs private, depending on your configuration).                             |
| **Environments Added**              | When a value is added to environments.                                                                                          |
| **Environments Removed**            | When a value is removed from environments.                                                                                      |
| **Environments Updated**            | When the environments list changes (covers add/remove).                                                                         |
| **Incident Types Added**            | When a value is added to incident types.                                                                                        |
| **Incident Types Removed**          | When a value is removed from incident types.                                                                                    |
| **Incident Types Updated**          | When incident types list changes (covers add/remove).                                                                           |
| **Services Added**                  | When a service is added.                                                                                                        |
| **Services Removed**                | When a service is removed.                                                                                                      |
| **Services Updated**                | When services list changes (covers add/remove).                                                                                 |
| **Functionalities Added**           | When a functionality is added.                                                                                                  |
| **Functionalities Removed**         | When a functionality is removed.                                                                                                |
| **Functionalities Updated**         | When functionalities list changes (covers add/remove).                                                                          |
| **Teams Added**                     | When a team is added.                                                                                                           |
| **Teams Removed**                   | When a team is removed.                                                                                                         |
| **Teams Updated**                   | When teams list changes (covers add/remove).                                                                                    |
| **Causes Added**                    | When a cause is added.                                                                                                          |
| **Causes Removed**                  | When a cause is removed.                                                                                                        |
| **Causes Updated**                  | When causes list changes (covers add/remove).                                                                                   |
| **Role Assignments Added**          | When an incident role assignment is added.                                                                                      |
| **Role Assignments Removed**        | When an incident role assignment is removed.                                                                                    |
| **Role Assignments Updated**        | When a role assignment changes (assign/reassign/unassign).                                                                      |
| **Timeline Updated**                | When a timeline event is added, updated, or removed.                                                                            |
| **Status Page Timeline Updated**    | When a status page timeline event is added, updated, or removed.                                                                |
| **Slack Channel Created**           | When an incident Slack channel is created for the incident.                                                                     |
| **Slack Channel Converted**         | When an existing Slack channel is converted into an incident channel.                                                           |
| **Microsoft Teams Channel Created** | When a Microsoft Teams channel is created for the incident (if enabled).                                                        |
| **User Joined Slack Channel**       | When a user joins the incident Slack channel.                                                                                   |
| **User Left Slack Channel**         | When a user leaves the incident Slack channel.                                                                                  |
| **Subscribers Added**               | When a subscriber is added.                                                                                                     |
| **Subscribers Removed**             | When a subscriber is removed.                                                                                                   |
| **Subscribers Updated**             | When subscriber list changes (covers add/remove).                                                                               |
| **Slack Command**                   | When the workflow is manually triggered via Slack command.                                                                      |

<Note>
  ### Important: “Created” vs “Slack Channel Created”

  If you select **Incident Created**, you generally should not also select **Slack Channel Created** for the same workflow unless you explicitly want separate runs. Rootly guards against trigger overlap patterns that would produce redundant firing.
</Note>

***

## Post-mortem Workflows (Retrospectives)

Post-mortem workflows trigger based on retrospective creation/updates and retrospective status changes.

| Trigger                 | When it’s triggered                                        |
| ----------------------- | ---------------------------------------------------------- |
| **Post Mortem Created** | When a post-mortem (retrospective) is created.             |
| **Post Mortem Updated** | Catch-all trigger for post-mortem updates.                 |
| **Status Updated**      | When post-mortem status changes.                           |
| **Slack Command**       | When the workflow is manually triggered via Slack command. |

<Info>
  Post-mortem workflows do not use a dedicated “Causes Updated” trigger. If your process depends on causes, use **Post Mortem Updated** (with run conditions) or condition on causes directly where supported.
</Info>

***

## Action Item Workflows

Action item workflows trigger based on action item lifecycle changes and field updates. They also support a catch-all update trigger.

| Trigger                   | When it’s triggered                                                              |
| ------------------------- | -------------------------------------------------------------------------------- |
| **Action Item Created**   | When an action item is created.                                                  |
| **Action Item Updated**   | Catch-all trigger for action item updates.                                       |
| **Assigned User Updated** | When the assigned user changes.                                                  |
| **Summary Updated**       | When the summary changes.                                                        |
| **Description Updated**   | When the description changes.                                                    |
| **Status Updated**        | When the status changes.                                                         |
| **Priority Updated**      | When the priority changes.                                                       |
| **Due Date Updated**      | When the due date changes.                                                       |
| **Teams Updated**         | When the assigned team(s) changes.                                               |
| **Incident Updated**      | When the linked incident updates (useful when action items are incident-driven). |
| **Slack Command**         | When the workflow is manually triggered via Slack command.                       |

***

## Alert Workflows

Alert workflows trigger from alert creation and alert lifecycle changes.

| Trigger                  | When it’s triggered                  |
| ------------------------ | ------------------------------------ |
| **Alert Created**        | When an alert is received in Rootly. |
| **Alert Status Updated** | When an alert status changes.        |

***

## Pulse Workflows

Pulse workflows trigger from pulse ingestion events.

| Trigger           | When it’s triggered                 |
| ----------------- | ----------------------------------- |
| **Pulse Created** | When a pulse is received in Rootly. |

***

## Standalone Workflows (Simple)

Standalone workflows do not run against a Rootly object. They are manually triggered and are ideal for “utility” workflows (for example, running a set of Slack actions on demand).

| Trigger           | When it’s triggered                                        |
| ----------------- | ---------------------------------------------------------- |
| **Slack Command** | When the workflow is manually triggered via Slack command. |

***

## Best Practices

* **Prefer specific triggers when possible.** If you only care about severity changes, use **Severity Updated** rather than **Incident Updated**.
* **Use catch-all triggers intentionally.** Catch-all triggers are powerful, but can lead to high execution volume if paired with broad conditions.
* **Avoid redundancy.** If two triggers represent the same functional event for your use case, pick the one you actually want to represent “start.”
* **Design for chaining.** A common pattern is: Alert workflow → create incident → Incident workflow → run structured response actions.
* **Test with narrow scopes first.** Start by scoping run conditions tightly (severity/team/service), confirm behavior, then expand.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Why don’t workflows run in a predictable order?">
    Workflows are event-driven. They execute when their trigger event fires and their conditions pass—not because they are “first” or “second” in a sequence. If multiple workflows listen to the same trigger, they may run around the same time.
  </Accordion>

  <Accordion title="When should I use a catch-all trigger like Incident Updated?">
    Use a catch-all trigger when you truly want to react to *any* update on that object, then refine behavior using run conditions. If you only care about a specific change (like Status Updated), prefer the specific trigger to reduce noise and unintended execution.
  </Accordion>

  <Accordion title="Can I use Slack commands for every workflow type?">
    Slack Command triggers are available on several workflow types (including Incident, Post-mortem, Action Item, and Standalone). Alert and Pulse workflows are designed to run from ingestion and lifecycle events instead of manual command triggers.
  </Accordion>

  <Accordion title="Can one workflow trigger another workflow?">
    Yes. If a workflow action causes another object event (for example, creating an incident from an alert), any workflows listening for that downstream event can run. This is a common way to build multi-stage automation.
  </Accordion>

  <Accordion title="Why does Rootly warn about overlapping triggers?">
    Some triggers are broad and implicitly include other triggers (for example, an object-level “Updated” trigger covering multiple specific field changes). Overlaps can cause duplicate workflow runs and confusing behavior, so Rootly prevents or warns on combinations that represent the same logical event.
  </Accordion>
</AccordionGroup>


# Overview
Source: https://docs.rootly.com/workflows/workflows

Learn how Rootly workflows automate incident response through trigger events, conditions, actions, execution phases, and scheduling for end-to-end automation.

<Frame>
  <img alt="" />
</Frame>

## Overview

Workflows are Rootly’s automation engine. They let you run structured actions automatically (or manually) based on:

* **Trigger events** (what starts a workflow run)
* **Run conditions** (what must be true before actions execute)
* **Actions** (what Rootly and your integrations do when conditions pass)

Workflows are designed to remove repetitive coordination tasks during incident response and standardize follow-up processes across teams.

### Common automation patterns

Examples of things teams commonly automate with workflows:

* Create or manage an incident communication channel (Slack or Microsoft Teams)
* Post periodic reminders to keep status pages and stakeholders updated
* Notify internal teams (for example, legal, security, or customer support) when high-impact incidents occur
* Create tickets in external systems (for example, Jira or Linear) based on impacted services or teams
* Create a conferencing bridge (for example, Zoom or Google Meet) for high severity incidents
* Page on-call responders via your paging provider when specific services are impacted
* Create or update retrospective documents and templates after resolution

If you need help configuring a workflow or cannot find a supported pattern, contact Rootly via Slack or email [**support@rootly.com**](mailto:support@rootly.com).

***

## Workflows at a Glance

<Frame>
  <img alt="" />
</Frame>

This section maps the key fields you configure on a workflow to how Rootly behaves when it runs.

| **Field**                    | **What it controls**                                                                                                                                                                                 |
| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name**                     | A human-readable identifier for the workflow.                                                                                                                                                        |
| **Description**              | A detailed explanation of what the workflow does and when it should be used.                                                                                                                         |
| **Workflow folder**          | Optional grouping used for organization and filtering. Folders do not affect execution behavior.                                                                                                     |
| **Enabled**                  | When disabled, the workflow does not run automatically from events. Manual Slack command runs may still be possible if the workflow is discoverable by command and permissions allow it.             |
| **Slack command**            | The command value used to trigger a workflow manually through Slack. If you do not set one at creation time, Rootly generates a default command.                                                     |
| **Command feedback enabled** | When enabled, Rootly posts an ephemeral Slack confirmation to the requesting user when the workflow is triggered via Slack command (including indicating the configured wait delay when applicable). |
| **Repeat every / Repeat on** | Scheduling controls used to run a workflow repeatedly after the initial trigger. Repeat behavior continues only while run conditions remain true.                                                    |
| **Wait before executing**    | A delay before actions begin. Rootly enforces a minimum delay of 10 seconds. Rootly re-checks run conditions after the wait period before executing actions.                                         |
| **Trigger events**           | Events that initiate a workflow run. Trigger events are OR-joined (any selected event can initiate a run).                                                                                           |
| **Run condition operator**   | How Rootly joins multiple run conditions: **all of**, **any of**, or **none of**.                                                                                                                    |
| **Run conditions**           | The rule set that must be satisfied before actions execute. Available condition fields depend on workflow type.                                                                                      |
| **Actions**                  | The steps executed when run conditions pass. Actions are ordered and run in sequence. Available actions depend on workflow type and your enabled integrations.                                       |

### Slack command defaults and uniqueness

If you do not define a Slack command explicitly, Rootly generates a default command derived from:

* The workflow **kind** and the workflow **name** (not just the name)

If the generated command collides with an existing command in the same team, Rootly appends a suffix to keep commands unique.

<Note>
  Slack commands must be unique within a team and must follow strict formatting rules (letters, numbers, dashes, underscores, and periods with restrictions on placement).
</Note>

***

## How Workflows Execute

Workflow execution has three major phases:

1. **Initiation**
2. **Condition check**
3. **Execution**

These phases are consistent across workflow types (incident, post-mortem, action item, alert, pulse, and standalone).

***

## Phase 1: Initiation

A workflow run begins when one of its configured trigger events is met.

### Trigger events are OR-joined

When you select multiple trigger events, Rootly evaluates them using OR logic:

* If **any** selected trigger event occurs, the workflow run initiates.

Example: if you select “Status Updated” and “Severity Updated,” the workflow initiates when either status changes or severity changes.

<Frame>
  <img alt="" />
</Frame>

### Trigger overlap rules

Some triggers are intentionally considered “catch-all” triggers and overlap with more specific triggers. Rootly enforces rules to prevent redundant or confusing configurations.

Common examples:

* A catch-all “updated” trigger covers all attribute updates and should not be combined with field-specific update triggers.
* Some channel creation triggers overlap with incident creation triggers and cannot be selected together.

<Note>
  If you see an error while saving triggers, check whether you selected both a catch-all update trigger and one or more specific update triggers.
</Note>

***

## Phase 2: Condition Check

After initiation, Rootly evaluates run conditions before taking action.

### Run condition operator

Rootly supports three join operators for combining run conditions:

* **all of**: every condition must be true
* **any of**: at least one condition must be true
* **none of**: every condition must be false

<Note>
  The default operator is **all of**. If a workflow is running more often than expected, verify that it is not set to **any of**.
</Note>

### Per-condition operators

Each condition also has its own operator, which determines how Rootly compares the target field to the configured value(s):

* `is`: true if the value matches exactly
* `is one of`: true if a single-select field matches any provided value
* `contains any of`: true if a multi-select field includes at least one provided value
* `contains all of`: true if a multi-select field includes all provided values
* `contains none of`: true if a multi-select field includes none of the provided values
* `none of`: true if a single-select field matches none of the provided values
* `is set`: true if the field has a value
* `is unset`: true if the field has no value

#### Operator selection depends on field type

* **Boolean fields** typically use `is set` and `is unset`
* **Single-select fields** commonly use `is`, `is one of`, and `none of`
* **Multi-select fields** commonly use `contains any of`, `contains all of`, and `contains none of`
* `is set` and `is unset` can be used broadly to test presence

<Frame>
  <img alt="" />
</Frame>

***

## Phase 3: Execution

If run conditions pass, Rootly executes actions in order.

### Action ordering

Actions run sequentially in the order they are listed in the workflow editor.

* If the workflow has multiple actions, the earlier actions run first.
* Actions can be individually disabled.
* Each action's output is available to subsequent actions via Liquid template variables. See [Task Output Variables](/liquid/task-output-variables) for syntax and examples.

<Frame>
  <img alt="" />
</Frame>

### Failure behavior and Skip on Failure

By default:

* If an action fails, the workflow run halts and later actions do not execute.

If **Skip on Failure** is enabled for an action:

* Rootly records the failure for that action
* Rootly continues executing subsequent actions

<Frame>
  <img alt="" />
</Frame>

<Frame>
  <img alt="" />
</Frame>

***

## Scheduling Behavior

Workflows support delays and repeating schedules using the **Wait before executing** and **Repeat every / Repeat on** controls. These are most commonly used for reminder workflows, periodic status updates, and escalation nudges.

Key behaviors:

* Rootly re-evaluates run conditions after a wait period and before every repeat cycle. If conditions are no longer true, the workflow stops.
* Stop repeat conditions (maximum number of repeats, time since first run) give explicit control over when a repeat loop ends.

For available intervals, day-of-week options, stop conditions, execution flow details, and example patterns, see [Wait and Repeat](/workflows/workflow-scheduling).

***

## Manual Runs (Slack and Web)

Workflows can also be triggered manually, which is useful for ad-hoc operational tasks.

* Slack command runs require the workflow to include **Slack Command** as a trigger.
* Incident workflows have additional context requirements and permission checks.
* Web UI triggering from an incident runs the workflow immediately for that specific incident and only lists enabled incident workflows.

See [Manually Running Workflows](/workflows/manually-running-workflows) for a complete, code-aligned guide.

***

## Organizing Workflows

Workflows are easier to maintain when they are organized consistently.

<Frame>
  <img alt="" />
</Frame>

| **Area**               | **What it’s used for**                                                   |
| ---------------------- | ------------------------------------------------------------------------ |
| **All workflows**      | A global view of workflows in your organization.                         |
| **Folders**            | Optional organization structure for grouping workflows.                  |
| **Enabled / Disabled** | Quick control for automatic execution.                                   |
| **Expand / Collapse**  | Quickly view trigger and condition summaries without editing.            |
| **Workflow summary**   | Displays configured triggers, conditions, and actions for fast auditing. |
| **Filter and sort**    | Locate workflows by folder, enabled status, and other attributes.        |

***

## Best Practices

* **Use descriptive names and descriptions.** Treat workflows like operational code: explain intent, scope, and expected behavior.
* **Avoid trigger overlap.** Do not combine catch-all update triggers with field-specific update triggers unless you are intentionally broadening behavior.
* **Start with conservative conditions.** Begin with strict conditions, validate behavior, then widen scope intentionally.
* **Validate failure behavior.** Decide which actions should halt the run versus which can be skipped safely.
* **Use wait and repeat carefully.** When repeating workflows, confirm the run conditions stay true long enough for your reminder cadence.
* **Document ownership.** Use folders and naming conventions so teams know which workflows are actively maintained versus legacy.

***

## Troubleshooting

### A workflow runs when not all conditions are met

Most commonly:

* The run condition operator is set to **any of** rather than **all of**.
* A catch-all update trigger is firing more frequently than expected.

### A Slack command cannot find the workflow

Most commonly:

* The Slack command value does not match the workflow’s configured command.
* The workflow does not include **Slack Command** as a trigger.

### A workflow does not run automatically

Most commonly:

* The workflow is disabled.
* The trigger event selected is not the event that is actually occurring.
* Run conditions are too restrictive.

***

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="Are trigger events evaluated in a specific order?">
    No. Workflows are initiated when their trigger events occur. There is no global ordering across workflows, and multiple workflows may initiate independently as events happen.
  </Accordion>

  <Accordion title="What happens if a workflow action fails?">
    By default, the workflow run halts when an action fails. If you enable Skip on Failure for an action, Rootly records the failure and continues to the next action.
  </Accordion>

  <Accordion title="Can disabled workflows still be triggered manually?">
    Disabled workflows do not run automatically from trigger events. Depending on configuration and permissions, some manual Slack command runs may still be possible. If you want to prevent all manual execution, remove Slack Command as a trigger and/or restrict permissions.
  </Accordion>

  <Accordion title="How do repeating workflows stop?">
    Repeating workflows stop when run conditions no longer evaluate as true, or when a stop repeat condition is met — such as a maximum number of repeats or a time-since-first-run limit. See [Wait and Repeat](/workflows/workflow-scheduling) for full details.
  </Accordion>

  <Accordion title="How can I be notified on workflow failures?">
    Go to **Settings > Organization** and select a Slack channel under **Notify workflow failures channel**. When a workflow fails, Rootly will post a message to that channel with the workflow name, the failed task, and any error output.
  </Accordion>
</AccordionGroup>