Rensei docs

Incident.io

Ingest, ack, resolve, and sync.

The Incident.io integration enables workflows to ingest incidents from your Incident.io workspace, acknowledge or resolve incidents, and trigger automation in response to incident lifecycle events.

What you can do

  • Incident ingestion: receive created, updated, and resolved incidents
  • Incident actions: acknowledge, resolve, or escalate incidents via workflows
  • Timeline sync: receive timeline updates and add workflow actions to timelines
  • Workflow triggers: automatically route incidents to agents or approval workflows

Connect Incident.io

Create an Incident.io API token

  1. Go to app.incident.io/settings/api-keys
  2. Click Create API key
  3. Name: e.g., "Rensei"
  4. Permissions: select the scopes needed (read + write incidents, timelines)
  5. Copy the token - it starts with incident_ and is shown only once

Add the token to Rensei

  1. In Rensei, go to Settings → Integrations
  2. Select the Incident.io card
  3. Paste your API token
  4. Click Connect

The platform validates the token and automatically subscribes to incident lifecycle events. No manual webhook configuration in Incident.io is required.

Credential summary

Credential fieldValue
API Tokenincident_* - workspace-level token
Webhook subscriptionAuto-managed on connect
Webhook endpointPOST /api/webhooks/ingest/incident-io
StoredAES-GCM encrypted at workspace level

Webhook setup (automatic)

When you add the Incident.io integration, Rensei:

  1. Subscribes to incident events from your workspace
  2. Routes events to /api/webhooks/ingest/incident-io
  3. Begins processing incident lifecycle events

Incident events

EventTriggerPayload
incident.createdNew incident reportedTitle, severity, status, reporter, team
incident.updatedIncident changedField changed, old value, new value
incident.resolvedIncident marked resolvedResolution time, severity, impacted services

These events are available as workflow triggers.

Workflow nodes

Incident.io integration provides incident management nodes:

Triggers

NodePayload
trigger.incident_io.incident.createdTitle, severity (SEV-1 to SEV-4), status, reporter, team
trigger.incident_io.incident.updatedIncident ID, field changed, old/new values
trigger.incident_io.incident.resolvedIncident ID, resolution time, root cause

Example: Route high-severity incidents to on-call engineer

trigger:
  type: trigger.incident_io.incident.created

steps:
  - id: check_severity
    type: condition
    condition: "{{ $trigger.incident_io.severity == 'SEV-1' }}"
    onTrue: [page_oncall]

Incident queries and actions

NodeDescription
incident_io.incident.getFetch incident details by ID
incident_io.incident.listList open incidents
incident_io.incident.acknowledgeAcknowledge an incident (status → acknowledged)
incident_io.incident.resolveResolve an incident (mark as closed)
incident_io.incident.updateUpdate incident fields (severity, status)

Example: Acknowledge a SEV-2 incident

- id: acknowledge
  type: incident_io.incident.acknowledge
  inputs:
    incidentId: "{{ $trigger.incident_io.incident_id }}"
    message: "Acknowledged by automated workflow"

Example: Find open incidents assigned to a team

- id: list_open
  type: incident_io.incident.list
  inputs:
    status: "open"
    team: "eng-on-call"
    limit: 10

Timeline entries

NodeDescription
incident_io.timeline.add_eventAdd an event to the incident timeline

Example: Log agent action on the incident timeline

- id: log_action
  type: incident_io.timeline.add_event
  inputs:
    incidentId: "{{ $trigger.incident_io.incident_id }}"
    eventType: "custom"
    title: "Automated mitigation started"
    description: |
      Agent {{ $workflow.agent.name }} began mitigation:
      {{ $steps.agent.summary }}

Escalation and notification flows

Typical Incident.io + Rensei flow:

  1. Incident created in Incident.io (manual, or via webhook from monitoring tool)
  2. Rensei receives webhooktrigger.incident_io.incident.created
  3. Workflow evaluates severity
    • SEV-1: Page on-call engineer + escalate + assign agent
    • SEV-2: Notify team + assign agent
    • SEV-3: Create a Linear issue + notify Slack
  4. Agent mitigates → updates Incident.io timeline
  5. Workflow monitors resolution → sends all-clear to Slack
trigger:
  type: trigger.incident_io.incident.created

steps:
  - id: route_by_severity
    type: condition
    condition: "{{ $trigger.incident_io.severity }}"
    cases:
      - value: "SEV-1"
        steps: [escalate_to_exec, page_oncall, dispatch_agent]
      - value: "SEV-2"
        steps: [notify_team, dispatch_agent]
      - default: [create_linear_issue, notify_slack]

  - id: escalate_to_exec
    type: incident_io.incident.update
    inputs:
      incidentId: "{{ $trigger.incident_io.incident_id }}"
      severity: "SEV-1"

  - id: page_oncall
    type: slack.post
    inputs:
      channel: "#oncall"
      message: "🚨 SEV-1 Incident: {{ $trigger.incident_io.title }}"

  - id: dispatch_agent
    type: agent.dispatch
    inputs:
      agentCard: "incident-responder"
      payload:
        incidentId: "{{ $trigger.incident_io.incident_id }}"
        severity: "{{ $trigger.incident_io.severity }}"

Credential and permissions

The Incident.io integration requires one credential:

  • API token (incident_*) - grants full incident management permissions

The token is stored encrypted at the workspace level. All workflows in the organization share the same token.

Limitations

  • Custom fields: Incident.io's custom field API is not yet exposed as workflow nodes; use incident.update for standard fields only
  • Permissions: The API token grants full permissions; granular access controls are not yet supported
  • Bi-directional sync: Rensei can read and update Incident.io, but external integrations (e.g., PagerDuty) may not see Rensei's updates immediately

Cost and rate limits

Incident.io's API has rate limits (500+ requests/minute). Rensei batches incident operations, so typical workflows will not exceed this.

Cost is zero - Incident.io includes API calls in your plan.

Troubleshooting

"Webhook delivery failed"

  • Verify your Incident.io API token is still valid
  • Check Incident.io's webhook delivery logs in your workspace settings
  • Ensure Rensei's webhook URL is publicly accessible

"Incident not found"

  • Confirm the incident ID is correct
  • Verify the incident belongs to the same Incident.io workspace

"Permission denied"

  • Ensure your API token has not been revoked
  • Re-authorize in Settings → Integrations

Next steps

Slack

Outbound notifications.

Jira

Read issues and post comments from workflows - a session-tracker adapter with multi-field credential dispatch.

On this page

What you can doConnect Incident.ioCredential summaryWebhook setup (automatic)Incident eventsWorkflow nodesTriggersIncident queries and actionsTimeline entriesEscalation and notification flowsCredential and permissionsLimitationsCost and rate limitsTroubleshooting"Webhook delivery failed""Incident not found""Permission denied"Next steps