Documentation Index
Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt
Use this file to discover all available pages before exploring further.
Every v2 endpoint requires a specific API scope on the credential. Endpoints that are Portal Only (browser-only) are excluded — they are not callable by service accounts.
Base URL: https://portal.contraforce.com/api/v2
Workspace-Scoped Endpoints
These endpoints include a workspace ID in the path: /api/v2/workspaces/{workspaceId}/...
| Method | Path | Description |
|---|
GET | /workspaces/{workspaceId}/incidents/{incidentId} | Get incident by ID |
GET | /workspaces/{workspaceId}/incidents/{incidentId}/summary | Get incident summary with recommended playbook |
GET | /workspaces/{workspaceId}/incidents/{incidentId}/entities | List entities (users, devices, IPs) for an incident |
GET | /workspaces/{workspaceId}/incidents/{incidentId}/{source}/evidence | Get evidence table for an incident by source |
GET | /workspaces/{workspaceId}/incidents/{incidentId}/last-gamebook | Get the last-run gamebook for an incident |
GET | /workspaces/{workspaceId}/incidents/{incidentId}/alert-rules | Get Sentinel alert rules that triggered the incident |
GET | /workspaces/{workspaceId}/incidents/{incidentId}/comments | List comments on an incident |
GET | /workspaces/{workspaceId}/incidents/by-entity | Find incidents related to a specific entity |
GET | /workspaces/{workspaceId}/incidents/high | List high-severity active incidents |
POST | /incidents/across-workspaces | List incidents across all visible workspaces (no workspace ID in path) |
| Method | Path | Description |
|---|
PUT | /workspaces/{workspaceId}/incidents/{incidentId}/assign | Assign a user to an incident |
PUT | /workspaces/{workspaceId}/incidents/{incidentId}/status | Update incident status (with optional classification for close) |
PUT | /workspaces/{workspaceId}/incidents/bulk | Bulk-update multiple incidents |
| Method | Path | Description |
|---|
GET | /workspaces/{workspaceId}/gamebooks/rules/{incidentTitle} | Get playbooks matching an incident title |
GET | /workspaces/{workspaceId}/gamebooks/history | List gamebook execution history |
GET | /workspaces/{workspaceId}/gamebooks/history/{gamebookId}/playbooks | Get playbooks from a specific gamebook run |
GET | /workspaces/{workspaceId}/gamebooks/by-incident/{incidentId} | List all gamebooks for an incident |
| Method | Path | Description |
|---|
GET | /workspaces/{workspaceId}/datasources | List connected data sources for a workspace |
Read (tickets:read):| Method | Path | Description |
|---|
GET | /workspaces/{workspaceId}/tickets/search | Search service tickets by number or grouping ID |
tickets:manage):| Method | Path | Description |
|---|
POST | /workspaces/{workspaceId}/tickets/link | Link a service ticket to an incident |
POST | /workspaces/{workspaceId}/tickets/unlink | Unlink a service ticket from an incident |
PUT | /workspaces/{workspaceId}/tickets/priority | Update ticket priority |
| Method | Path | Description |
|---|
GET | /workspaces/{workspaceId}/investigation/users/signin-logs | List user sign-in logs |
GET | /workspaces/{workspaceId}/investigation/users/directory-logs | List directory audit logs |
Organization-Scoped Endpoints
These endpoints do not require a workspace ID.
| Method | Path | Description |
|---|
GET | /webhooks | List all webhook configurations |
GET | /webhooks/{id} | Get a webhook configuration by ID |
GET | /webhooks/{id}/delivery-logs | List delivery logs for a webhook |
GET | /webhooks/{id}/delivery-logs/{logId} | Get a specific delivery log entry |
| Method | Path | Description |
|---|
POST | /webhooks | Create a webhook configuration |
PUT | /webhooks/{id} | Update a webhook configuration |
DELETE | /webhooks/{id} | Delete a webhook configuration |
POST | /webhooks/{id}/pause | Pause a webhook |
POST | /webhooks/{id}/resume | Resume a paused webhook |
POST | /webhooks/{id}/enable | Re-enable a disabled webhook |
POST | /webhooks/{id}/credentials | Update webhook authentication credentials |
POST | /webhooks/{id}/test | Send a test event to the webhook |
POST | /webhooks/{id}/delivery-logs/{logId}/redeliver | Redeliver a failed webhook event |
Read (org:users:read):| Method | Path | Description |
|---|
GET | /users | List all organization users |
GET | /users/{userId} | Get a user by ID |
GET | /users/profile | Get the authenticated user’s profile |
POST | /users/workspace/users | Get users for a specific workspace |
org:users:manage):| Method | Path | Description |
|---|
POST | /users | Add a user to the organization |
PUT | /users | Update a user |
PUT | /users/profile | Update a user profile |
DELETE | /users/{id} | Remove a user from the organization |
POST | /users/workspace | Assign users to a workspace |
org:users:roles):| Method | Path | Description |
|---|
PUT | /users/organization/role | Assign or modify a user’s organizational role |
Read (org:service-accounts:read):| Method | Path | Description |
|---|
GET | /service-accounts | List all service accounts |
GET | /service-accounts/{id} | Get a service account by ID |
org:service-accounts:manage):| Method | Path | Description |
|---|
POST | /service-accounts | Create a service account |
PUT | /service-accounts/{id} | Update a service account |
DELETE | /service-accounts/{id} | Delete a service account |
POST | /service-accounts/{id}/disable | Disable a service account |
POST | /service-accounts/{id}/enable | Enable a disabled service account |
POST | /service-accounts/{id}/credentials | Create a new credential |
POST | /service-accounts/{id}/credentials/{credentialId}/revoke | Revoke a credential |
