Endpoint Options

Some API endpoints have options that define how objects should be merged and how digital data should be updated.

Options for the Endpoint

curl -X POST \
  https://<API_ENDPOINT>/v1/entities/create \
  -H 'Content-Type: application/json' \
  -H 'u21-key: <YOUR_API_KEY>' \
  -d '{
    "options": {
      "resolve_geoip": true,
      "upsert_on_conflict": true,
      "merge_custom_data": true,
      "list_merge_strategy": "union"
    }
  }'
curl -X POST \
  https://<API_ENDPOINT>/v1/alerts/create \
  -H 'Content-Type: application/json' \
  -H 'u21-key: <YOUR_API_KEY>' \
  -d '{
    "options": {
      "merge_custom_data": true,
      "list_merge_strategy": "union"
    }
  }'

The following fields are options for the endpoint:

FieldTypeDescription
resolve_geoipBooleanWhether or not to resolve the geographic location from the provided IP address (in the digital data section). Defaults to true if at least one value of an ip_address is provided in digital_data.ip_addresses. If resolve_geoip is set to true but no values are provided in digital_data.ip_addresses, an error code will be thrown. If resolve_geo_ip is set to true but the IP address provided is invalid or cannot be resolved, no error will be thrown.
merge_custom_dataBooleanOnly relevant for updates/upserts, ignored otherwise. Default is false.
list_merge_strategyStringOnly relevant for updates/upserts, ignored otherwise. Possible values are union, replace, difference. Default is union.
upsert_on_conflictBooleanIf you wish for the API to perform strict validation and not perform an upsert on conflict, specifying options.upsert_on_conflict: false will result in the API responding with a 409 error code indicating that this instrument cannot be overwritten.
include_associationsBooleanIf true, the response will include associated rule, case and SAR IDs (see endpoint for details).
include_actionsBooleanIf true, the response will include actions in the response which is a list of all actions taken on the alert/case including disposition changes, status changes, reassignments and the authors email.
include_checklistBooleanIf true, the response will include checklists in the response which is a list of all checklist items an agent must complete for the alert/case investigation.