> ## Documentation Index > Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt > Use this file to discover all available pages before exploring further. # Get incident comments ## OpenAPI ````yaml /api-reference/openapi.json get /api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}/comments openapi: 3.1.1 info: title: ContraForce API description: ContraForce platform API for security operations management. version: '2.0' servers: [] security: [] tags: - name: Incidents - name: Gamebooks - name: Data sources - name: Service tickets - name: Investigation - name: Cross-workspace incidents - name: Cross-workspace gamebooks - name: Cross-workspace data sources - name: Webhooks - name: Service accounts - name: Users - name: Azure resources paths: /api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}/comments: get: tags: - Incidents summary: Get incident comments operationId: v2-get-incident-comments parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: source in: path required: true schema: $ref: '#/components/schemas/IncidentSource' - name: incidentId in: path required: true schema: type: string responses: '200': description: OK content: application/json: schema: $ref: >- #/components/schemas/ApiResponseOfIEnumerableOfIncidentCommentDto '400': description: Bad request — validation or parameter binding failed. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '401': description: Unauthorized — missing or invalid Bearer token. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '403': description: Forbidden — insufficient scope or workspace access. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '404': description: Not found — workspace or resource is missing. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '500': description: Internal server error. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' components: schemas: IncidentSource: enum: - Sentinel - DefenderXDR - QRadar - Splunk - CrowdStrike - SentinelOne ApiResponseOfIEnumerableOfIncidentCommentDto: type: object properties: data: type: - 'null' - array items: $ref: '#/components/schemas/IncidentCommentDto' meta: $ref: '#/components/schemas/ResponseMeta' description: Standard v2 API response envelope for single-item responses. ApiProblemDetails: type: object properties: type: type: - 'null' - string title: type: - 'null' - string status: pattern: ^-?(?:0|[1-9]\d*)$ type: - 'null' - integer - string format: int32 detail: type: - 'null' - string instance: type: - 'null' - string code: type: - 'null' - string requestId: type: - 'null' - string timestamp: type: - 'null' - string target: type: - 'null' - string errors: type: - 'null' - object additionalProperties: type: array items: type: string description: "API extension of ProblemDetails that surfaces the stable error code,\r\ntrace identifier, timestamp, optional target, and optional field-keyed validation\r\nerror map alongside the RFC 7807 members." IncidentCommentDto: type: object properties: id: type: - 'null' - string message: type: - 'null' - string createdTime: type: - 'null' - string format: date-time authorEmail: type: - 'null' - string authorName: type: - 'null' - string isActivityComment: type: boolean description: >- Indicates if the comment doesn't represent a written note, instead if just a system activity like status changed, priority changed, user assigned, etc. isAgentComment: type: boolean description: >- Indicates if the comment was authored by an AI agent rather than a human analyst. agentName: type: - 'null' - string description: Name of the agent that authored the comment. isClosingComment: type: boolean description: >- Indicates if the comment is the closing comment added when the incident was resolved or closed. ticketNoteId: type: - 'null' - string description: "ID of the ticket note in the service ticketing system if the comment is related to a ticket note.\r\n(Nullable) only available if the tenant written this comment has a ticketing system enabled in their configuration." ticketId: type: - 'null' - string description: "ID of the ticket in the service ticketing system if the comment is related to a ticket note.\r\n(Nullable) only available if the tenant written this comment has a ticketing system enabled in their configuration." ResponseMeta: type: object properties: requestId: type: - 'null' - string timestamp: type: - 'null' - string ````