Skip to main content
For AI agents: a documentation index is available at https://docs.coverbase.com/llms.txt — this page is also available in markdown by appending .md to the URL.
Radar is Coverbase’s continuous third-party monitoring surface. Two object types are exposed here:
  • A radar event (cbrevent_...) groups source data (news, advisories, breach disclosures) about something that happened to one or more vendors.
  • A radar alert (cbrdrres_...) is produced when a Radar detector flags a piece of source data as relevant to a vendor. Alerts are what you triage — dismiss the noise, or escalate the signal into a reassessment.
All endpoints are org-scoped to the API key. See API conventions for shared behavior, including pagination.
MethodPath
GET/v1/radar/events
POST/v1/radar/events
GET/v1/radar/events/{event_id}
GET/v1/radar/alerts
GET/v1/radar/alerts/{alert_id}
POST/v1/radar/alerts/{alert_id}/dismiss
POST/v1/radar/alerts/{alert_id}/undismiss
None of these honor Idempotency-Key.

Create a radar event

method
POST
POST /v1/radar/events
Returns 201 Created. Use this to seed an event into Radar without waiting for a source feed to pick up the underlying article — useful for recording out-of-band incidents and for exercising your detectors against a known event. Supplied vendors are linked to the event as primary-impacted.

Request body

name
string
required
Short event name.
summary
string
required
Event summary / description.
primary_impact_type
string
required
Primary impact category. Case-sensitive; one of Infosec, Financial, Operational, Legal, Compliance, Reputational, Contractual, ESG, Corporate, Geopolitical & External, Inapplicable, Other.
secondary_impact_types
string[]
Additional impact categories.
vendor_ids
string[]
Vendors directly impacted (cbvndr_...). Each is linked as primary-impacted. Vendors that cannot be resolved are skipped silently.
risk_domain_ids
string[]
Risk domains to associate with the event.
source_url
string
URL of the underlying article / report.
source_name
string
Name of the source.
occurred_at
integer
When the event occurred (Unix seconds). Defaults to now when omitted.

Example request

cURL
curl -X POST "https://api.coverbase.app/v1/radar/events" \
  -H "Authorization: Bearer ak_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme data breach",
    "summary": "Acme disclosed unauthorized access to a customer database.",
    "primary_impact_type": "Infosec",
    "vendor_ids": ["cbvndr_e448ba62882143f3ba0c140bb2e30162"],
    "source_url": "https://news.example.com/acme-breach",
    "source_name": "Example News"
  }'
Returns the radar event object.

Radar event object

id
string
Radar event ID (cbrevent_...).
name
string | null
Event name.
summary
string
Event summary.
primary_impact_type
string
Primary impact category.
secondary_impact_types
string[]
Additional impact categories.
occurred_at
integer | null
When the event occurred (Unix seconds).
is_archived
boolean
true if archived.
created_at
integer
Unix timestamp (seconds).
updated_at
integer
Unix timestamp (seconds).

List radar events

method
GET
GET /v1/radar/events

Query parameters

primary_impact_type
string
Filter by primary impact category.
include_archived
boolean
Include archived events. Default false.
limit
integer
Page size. Default 50, range 1200.
offset
integer
Page offset. Default 0.
The list envelope adds total, limit, and offset — see pagination.

Retrieve a radar event

method
GET
GET /v1/radar/events/{event_id}
Returns the radar event object, or 404 radar_event_not_found.

List radar alerts

method
GET
GET /v1/radar/alerts

Query parameters

vendor_id
string
Filter to alerts on a vendor (cbvndr_...).
severity
string[]
Filter by severity. Repeat the param for multiple values: severity=high&severity=critical.
is_dismissed
boolean
Dismissal filter. Omit to hide dismissed alerts (default); true for only dismissed; false for only active.
include_archived
boolean
Include archived alerts. Default false.
limit
integer
Page size. Default 50, range 1200.
offset
integer
Page offset. Default 0.

Example response

{
  "items": [
    {
      "id": "cbrdrres_9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4d",
      "vendor_id": "cbvndr_e448ba62882143f3ba0c140bb2e30162",
      "detector_id": "cbrdet_2d5e8f1a4b7c0d3e6f9a2b5c8d1e4f7a",
      "source_id": "cbrsrc_1111111111111111111111111111aaaa",
      "data_id": "cbrdata_2222222222222222222222222222bbbb",
      "event_id": "cbrevent_3333333333333333333333333333cccc",
      "summary": "Acme disclosed a data breach affecting customer records.",
      "severity": "high",
      "confidence": "high",
      "should_alert": true,
      "is_dismissed": false,
      "dismiss_reason": null,
      "dismissed_at": null,
      "is_archived": false,
      "created_at": 1746576000,
      "updated_at": 1746576400
    }
  ],
  "total": 1,
  "limit": 50,
  "offset": 0
}

Radar alert object

id
string
Radar alert ID (cbrdrres_...).
vendor_id
string
Vendor the alert is on (cbvndr_...).
detector_id
string
Detector that produced the alert (cbrdet_...).
source_id
string
Radar source (cbrsrc_...).
data_id
string
Underlying source data item (cbrdata_...).
event_id
string | null
Radar event the alert’s data belongs to (cbrevent_...), if any.
summary
string
Alert summary.
severity
string
Severity (informational, low, medium, high).
confidence
string
Detector confidence (low, medium, high).
should_alert
boolean
true for a triggered alert.
is_dismissed
boolean
true if dismissed.
dismiss_reason
string | null
Reason recorded at dismissal, if any.
dismissed_at
integer | null
When dismissed (Unix seconds).
is_archived
boolean
true if archived.
created_at
integer
Unix timestamp (seconds).
updated_at
integer
Unix timestamp (seconds).

Retrieve a radar alert

method
GET
GET /v1/radar/alerts/{alert_id}
Returns the radar alert object, or 404 alert_not_found.

Dismiss a radar alert

method
POST
POST /v1/radar/alerts/{alert_id}/dismiss
Marks an alert as dismissed (triaged as not actionable). Returns the refreshed radar alert object.

Request body

reason
string
Optional dismissal reason. Surfaced in the UI and, when suppress_similar is set, fed into the detector’s learning context.
suppress_similar
boolean
When true, the alert is also recorded as a negative example on its detector so future runs suppress similar alerts. Default false.

Example request

cURL
curl -X POST "https://api.coverbase.app/v1/radar/alerts/cbrdrres_9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4d/dismiss" \
  -H "Authorization: Bearer ak_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{ "reason": "Duplicate of an existing event", "suppress_similar": true }'
StatusBodyWhen
404{"detail": {"code": "alert_not_found", "message": "Radar alert not found."}}Not found, not in the API key’s org, or already dismissed.

Restore a dismissed alert

method
POST
POST /v1/radar/alerts/{alert_id}/undismiss
Restores a dismissed alert to the active list. Returns the refreshed radar alert object, or 404 alert_not_found.
  • Reassessments API — escalate an alert/event into a batch of vendor reassessments.
  • Webhooks — subscribe to RadarEvent.* and RadarDetectorResult.* events.