About AlertOps
AlertOps is an incident alerting and on-call management platform. The Serval AlertOps integration connects with a single credential — your AlertOps User API key — and gives workflows typed access to every published AlertOps API surface: the modern v2 REST API, the legacy v1 API, and the inbound alert-ingestion endpoint. Serval attaches your key in the right place for each API family automatically (header, query parameter, or request body), so there is nothing technical to configure beyond pasting the key. Authentication: API key (an AlertOps User API key, from your AlertOps user profile) Data sync: On-demand only. Connecting AlertOps does not import alerts or any other records into Serval, and there are no background syncs — all access happens when a workflow runs an AlertOps action.What the AlertOps integration enables
Get your credentials
Open your AlertOps profile
Copy your API key
Connect in Serval
Open the AlertOps integration
Paste your API key
Submit
Verifying the connection
The integration ships four health checks, visible on the integration’s settings page:- Test AlertOps Connection — authenticates against the v2 API.
- List AlertOps Groups — confirms group read access.
- List AlertOps Escalation Policies — confirms escalation-policy read access (needed to create alerts).
- List Integrations (Legacy v1 API) — exercises the legacy v1 API’s separate query-parameter auth path.
Sending alerts into AlertOps
Workflows have two ways to raise an AlertOps alert:- Direct (recommended): use the AlertOps API request action with
POST /api/v2/alerts, specifying an escalation policy or response play by name. This is fully typed and requires no AlertOps-side setup. - Through an inbound integration: use the AlertOps send inbound alert action to POST a payload to
https://notify.alertops.com/POSTAlert/{endpointToken}/{source}, exactly as a monitoring tool would. This drives the inbound integration’s field mapping and its “Open / Update / Close Alert When” rules — useful when you want AlertOps-side grouping, delaying, filters, or escalation-policy overrides applied. Create the inbound integration in AlertOps under Configurations → Integrations → Inbound Integrations → + ADD API, then copy the endpoint token (the UUID in the generated URL) and the trailing source segment into the action’s inputs.
POST and Content as JSON (both defaults) — the action sends a JSON POST, and AlertOps also offers GET and form-encoded modes that it cannot drive. Nested payload values are fine: map them on the AlertOps side with the caret syntax (issue^id), and array elements as evalMatches_0^metric.
notify.alertops.com. For the same reason, leave the integration’s Authorization Header option off: Serval’s proxy strips Authorization headers from workflow requests, so an inbound integration requiring one cannot be driven from a workflow.Triggering Serval workflows from AlertOps
AlertOps can call Serval when alerts change state (opened, assigned, closed, escalated, SLA thresholds, and any other condition expressible in an AlertOps workflow). This uses Serval’s standard webhook trigger — no integration-specific setup:Create a webhook-triggered workflow in Serval
/v2/webhooks/{webhook_id}/trigger) and secret.Create the outbound call in AlertOps
Pass the secret
X-Webhook-Secret header (or a ?secret= query parameter) on the AlertOps side.Shape the payload
<<MessageThread.Topic>>, <<Message.MessageText>>) — whatever you send becomes the workflow’s trigger payload.Gotchas and troubleshooting
The legacy v1 health check fails but v2 works
The legacy v1 health check fails but v2 works
Alert listings look incomplete
Alert listings look incomplete
GET /api/v2/alerts defaults to viewBy=U (alerts visible to the key’s user). Pass viewBy: "A" in the query to list all alerts the account allows, and note its date-range filters (createdFrom/createdTo, closedFrom/closedTo) are capped at six-month windows.Two pagination styles in the v2 API
Two pagination styles in the v2 API
limit (max 100) and offset with sortBy/sortDir. GET /api/v2/alerts instead uses cursor-style paging: string limit, plus previous/next cursors returned in the response’s metadata envelope.Alerts vs. incidents naming
Alerts vs. incidents naming
/api/v2/alerts is the alerting/escalation surface (statuses: Open, Assigned, Closed, On Hold, Cancelled; is_incident flags major-incident management). /api/v2/incidents is the separate status-page surface (Investigating → Resolved) tied to /api/v2/services and subscriber notifications. Don’t conflate them.Response typing is loose
Response typing is loose
Rate limits are unpublished
Rate limits are unpublished
A regenerated key breaks the connection immediately
A regenerated key breaks the connection immediately
Renaming an inbound integration's Source breaks its endpoint URL
Renaming an inbound integration's Source breaks its endpoint URL
Sent an inbound alert but no alert opened
Sent an inbound alert but no alert opened
Pending can last up to a minute. Mapping Failed means the Source/Source Name in the URL and payload didn’t match the integration’s mapping fields. Mapped Ignored means the fields mapped but no alert was generated — either a close event arrived with no matching open alert, or the payload’s status value isn’t one the integration’s Open/Close/Update rules recognize. Also remember the integration’s filters may be intentionally dropping the event.Need help? Contact support@serval.com for assistance with your AlertOps integration.

