Grafana Incident API: failing to use "QueryIncident" with a CURL command

Hello team:
I am not being able to make the “QueryIncidents” method work as explained in Grafana Incident´s API.

  • What Grafana version and what operating system are you using?
    N/A: this is Grafana Incident, that runs in cloud

  • What are you trying to achieve?
    I want to get a list of any 10 (ten) records -or at least the IDs of 10 records- in my “tenant” in Grafana Incident for further deletion once I know their IDs, because Incident records for the time being can not be deleted and/or archived in the GUI itself.

  • How are you trying to achieve it?
    I am executing a CURL command calling the " QueryIncidents" method, as below:

curl “” --request POST --header ‘Content-Type: application/json; charset=utf-8’ --header ‘Authorization: Bearer MYTOKEN’ --data ‘{“query”: {“limit”: 10}}’

Note: MYORG and MYTOKEN are disguising the real organization and token values in my environment.

  • What happened?
    I received the following output in my terminal:
    {“extra”:null,“message”:“Invalid API key”,“messageId”:“api-key.invalid”,“statusCode”:401,“traceID”:“17fc6c0f2c773722417dee9e437fb756”}

  • What did you expect to happen?
    I expected to see a list of 10 incident records -and/or their associated IDs- from my Incident environment

  • Can you copy/paste the configuration(s) that you are having problems with?
    Already done above.

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    Instead of the incident records (or their associated IDs), I received the following error message in my laptop´s terminal:
    {“extra”:null,“message”:“Invalid API key”,“messageId”:“api-key.invalid”,“statusCode”:401,“traceID”:“17fc6c0f2c773722417dee9e437fb756”}

  • Did you follow any online instructions? If so, what is the URL?
    Yes, I did. I followed the following hints…
    Reference | Grafana Cloud documentation
    Can we "Delete" an incident ? · grafana/incident-community · Discussion #53 · GitHub

That error message may be related to some sort of auth failure.

This may be a problem with the API key you used for this curl command. This auth failure could be for one of two reasons:

  • the API key you provided does not exist (or exists in a different org)
  • the API key exists in Grafana Cloud… but it has the wrong role. For this API endpoint, I believe it needs to have the Admin role

To know for sure, you can always open up a technical support ticket in your cloud portal.

Hello Shelby, thank you very much for you kind answer:

The suggested piece of bash script in Can we "Delete" an incident ? · grafana/incident-community · Discussion #53 · GitHub requests the use of the “token” string created when the “Incoming Webhook” integration is installed (in fact, the paragraph says: " Replace your_token with your actual token").

This is the information in my own tenant:

I do not see anything in Incident that lets me associate this token to a role.

In my case, the token is being used without problems when I trigger the creation of incidents from a firing alert rule within Grafana itself. I use this token and incidents get created in Incident. This in principle; I think, would rule out a wrong token.

I do not understand the relationship between my token -created at the time the integration was installed- and the “api key” that I see in the error message.

I did not know about the chance to open a ticket. I will give it a shot looking for more help.

Best regards


Guys, I found the problem. The Grafana support team pointed me out to the solution.

I “mixed” the Incoming Webhook and the API as if they were the same thing. Since my first experience was with the Incoming Webhook, I wrongly assumed that its token was equally applicable for the Incident API.

But the API is one thing and the Incoming Webhook is one totally different thing. They have nothing to do with each other.

As you told me, I needed a token, but one that belongs to the API. The token for the API must be built using a service account in Grafana. I did this, and the new token let me produce the expected output.


Best regards, Rogelio