Introduction to BigPanda APIs

BigPanda APIs allow you to integrate with external tools and manage incidents and BigPanda elements in bulk. They are a core tool for self-service driven customers, and empower custom solutions and deep 2-way integrations.

Authentication and Headers

With each request to the BigPanda API, you must include an HTTP header with the authentication token for your organization. You may also need to specify the content type of the data payload and/or the response payload.

For example:

"Authorization: Bearer ${token}"
"Accept: application/json"
"Content-Type: application/json; charset=utf8"

Org Token vs. API Key

BigPanda APIs use two different types of authentication tokens, an organization-wide bearer token or a user-specific API Key

Org Token

Each organization has a unique bearer token for authenticating API requests. To find your token in BigPanda, log in as an administrator with integrations access and then click the Integrations tab at the top of screen. Open the instructions for the Alerts API. Your token appears in the example headers.

User API Keys

API Keys are managed on a user-specific basis within BigPanda's API Keys settings menu. To learn more about using User API Keys, see the API Key Management documentation.

Content Types

Include the appropriate Content-Type and Accept headers to specify the representation of data sent to and retrieved from BigPanda. Most BigPanda APIs accept and respond with JSON content as the data payload. Refer to the API reference documentation for supported content types of each request.

Generating Sample Code

Each API endpoint is located on a single page, making it easy to find specific code samples and required fields. Full code samples can be generated right in the API reference pages using interactive fields for each endpoint parameter. Code samples are created automatically in several different languages with the defined parameters filled in.

Example of an API endpoint with sample code Example of an API endpoint with sample code

Example of an API endpoint with sample code

To generate sample code:

  1. Navigate to the appropriate API endpoint page.
  2. Type the relevant information into each endpoint parameter box.
  3. Scroll to the top right of the page above the code box and click the three dots icon.
  4. Select the appropriate language from the menu. The system will remember your selected language on other API endpoint pages.
  5. (Optional) Click the down arrow icon and select a language variant from the menu. The system will remember your selected language variant on other API endpoint pages. When selecting one of our example payloads such as the Default or EU variants, the interactive fields will not update in the code sample.

If you are using BigPanda APIs in Europe, select the EU language variant from the Shell menu. EU code requires an endpoint prefix that will not be included in other examples.

  1. Click the Clipboard icon to copy the code.

BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls

Response Codes

BigPanda uses conventional HTTP response codes to indicate the success or failure of an API request. When a request is successful, BigPanda sends a response code to indicate that it received the message. If a request fails, the response code may help with troubleshooting an error.

This table lists some of the common response codes you may receive from the BigPanda API. Refer to the API reference documentation for specific response codes and errors, where applicable.

200 OKSuccess.
201 CreatedNew resource created.
204 No ContentThere is no content to send for this request.
400 Bad RequestDefault code for invalid requests. For example, it is missing a mandatory field. Check the error message and ensure that the JSON includes the correct parameters.
401 UnauthorizedToken is invalid or missing. Check that the request includes the correct HTTP headers.
403 ForbiddenAccess denied.
404 Not FoundRequested endpoint isn't available. Ensure that the request uses one of the API endpoints specified in the documentation.
409 ConflictRequest cannot be performed due to a conflict. For example, attempting to resolve an incident that's already resolved.
410 GoneRequested resource is no longer available and has been removed permanently. Consult the documentation to see what endpoints are supported currently.
500 Internal Server ErrorDefault code for errors that occur due to problems on BigPanda servers. Retry the request after some time.
501 Not ImplementedUnsupported method.

Expandable Objects

Some objects contain the ID of a related object in their response properties. For example, an Incident may have associated Alert IDs. If the object is expandable, you can use the expand query parameter in your request to retrieve a full representation of it.

For example, append ?expand=alerts to the URL of an incident request to expand all the alert objects that the incident contains.

GET /incidents/{id}?expand=alerts

Objects that can be expanded are noted in the API reference documentation. Additionally, you can discover the identifiers for each expandable object by referencing the expand property in the parent object. You can expand multiple objects at once by identifying multiple items in the expand array.

Synchronous and Asynchronous Calls

API requests for potentially long-running actions are performed asynchronously.

For example, uploading a mapping enrichment table. All asynchronous calls create a Job object and return the HTTP response code 202 Accepted and a location header. To obtain the actual result of the call, you have to check the job status by sending a GET request to the Job resource URL.

For example:

GET /enrichments/{id}/map/{job_id}

Migrating to New API Versions

BigPanda is constantly improving our APIs for better functionality, reliability, and usability. While most of our updates are seamless and require no changes, occasionally a whole new API version is necessary.

If you were using the older version, migrating to a V2 API only takes a few simple steps:

  • Update the call base URL.
  • Validate the Authentication Type - All new APIs require authentication through User API Key. If your previous APIs was leveraging the Org Token, you'll need to issue and update new credentials.
  • Validate body fields or values - While we strive to keep payloads consistent, sometimes a change is necessary to make space for new or improved functionality. Always review payloads to ensure they match new parameters.
  • (Optional) Set pagination or filter rules - Some GET calls now have pagination or filtering enabled to improve readability, response times, and reliability. For large data sets, you may need to configure filters or pagination, and scripted recurring calls to retrieve all data.
  • Test the API - As when making any changes to your BigPanda configuration, we recommend sending sample API calls to test the changes.

Using BigPanda REST APIs in Europe

To enable BigPanda APIs in the EU, an additional prefix should be added at the beginning of the base API URL:


For example:

  • To call the Alerts API:
  • To create an environment using the Environments API:
  • To search using the Incidents API:{environment_id}/incidents?query=”{query}”

Code samples containing the eu- prefix in the base API URL can be automatically created in each API endpoint documentation page. To generate the sample code, in the upper right of the code box, click the down arrow. Select EU from the list of variants.

Formatting Notes

  • All timestamps should be in Epoch format, and should not include milliseconds.