API - New Global Failures Endpoints

In March, we introduced a new global failures view to Kolide. This view makes it much easier for administrators to locate failures without clicking into a specific Check. 

Since releasing this feature, we've heard a lot of great feedback from our customers that would love to list failures without needing to know anything about a check beforehand. Well, we've heard you, and we are proud to announce that we've just shipped an update to our API that enables just this use-case. So let's run through the changes.

New Failures Endpoints

View the documentation about this endpoint.

The new failures endpoints make it simple to list and access specific failures without knowing anything about the check or device they belong to. Here are some things you can do today.

List All Failures

https://k2.kolide.com/api/v0/failures

This endpoint lists all failures for all enabled checks, regardless of their resolved/open/ignored state. Once you have an API token, you can call it using the following curl example:

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures'

List Failures By Status

Failures can be ignored, resolved, or open. Accordingly, you can scope the list of failures using those keywords as shown below:

https://k2.kolide.com/api/v0/failures/open
https://k2.kolide.com/api/v0/failures/resolved
https://k2.kolide.com/api/v0/failures/ignored

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/open'

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/resolved' 

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/ignored' 

All of these endpoints respond with a structure that matches the https://k2.kolide.com/api/v0/devices/<deviceID>/failures https://k2.kolide.com/api/v0/checks/<checkID>/failures endpoints.

Show A Specific Failure

Before, admins could only retrieve details for a single failure through the device or check API endpoints. Now, if you know the failure's ID, you can use just the following endpoint:

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/$FAILUREID'

New Failure Attribute - escalation_status

In addition, we've added a new attribute to the failure entity to indicate the escalation status of the failure. The escalation_status attribute can have one of the following values:

  • Not Escalated
  • User contact attempts exhausted
  • User requested help
  • No owner assigned

You can get more information, including full response schemas, on our API documentation site.


As always, we welcome comments and feedback from our API users. If you have a use case, please reach out to us via support@kolide.co or Intercom, and we'd love to chat about it.