Records: Get
Description
A record is a piece of structured, queryable data captured from a story, the API, or the UI. See Records in the Tines docs to learn more.
Retrieve a single record.
You can find the record ID in the response from the List Records API.
For opinionated guidance on building against the Records API — schema discovery, pagination, artifacts, retries, and rate limits — see Best practices.
Request
HTTP Method: GET
| Path parameter | Description |
|---|---|
| record_id | The ID of the record to retrieve. |
| Query parameter | Description |
|---|---|
| record_type_id | Optional The ID of the record type. When provided, the lookup is scoped to that record type — this is faster than an unscoped lookup, and returns 404 if the record ID does not belong to the given record type. |
| record_field_ids | Optional An array of record field IDs. When provided, only the specified fields are included in the response. The id, updated_at, and case_ids fields are always returned. |
| resolve_artifacts | Optional Boolean true or false value. When true, Artifacts (large text) fields return the full contents instead of just the artifact ID. Defaults to false. |
| include_children | Optional Boolean true or false value. When true, child records are returned with their full field data. When false, child records are omitted from the response. By default, only child record IDs are returned. |
curl -X GET \
https://<tenant-domain>/api/v1/records/<<record_id>> \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
For a faster lookup, include the record type ID:
curl -X GET \
"https://<tenant-domain>/api/v1/records/<<record_id>>?record_type_id=<<record_type_id>>" \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
Example request with record_field_ids
To return only specific fields in the response:
curl -X GET \
"https://<tenant-domain>/api/v1/records/<<record_id>>?record_field_ids[]=<<field_id_1>>&record_field_ids[]=<<field_id_2>>" \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
Note: All field IDs must belong to the record's record type. A 404 error is returned if any field ID does not exist, and a 422 error is returned if any field ID belongs to a different record type.
Example request with resolve_artifacts
To return full artifact contents instead of artifact IDs:
curl -X GET \
"https://<tenant-domain>/api/v1/records/<<record_id>>?resolve_artifacts=true" \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
Response
A successful request will return a JSON object representing the specified record.
Artifacts (large text)
By default, Artifacts (large text) field types return a reference object containing the artifact ID and an is_artifact flag, rather than the data itself:
{ "id": 674623, "is_artifact": true }
This id is the artifact_id you need to pass to the GET Artifacts (large text) API endpoint to retrieve the actual contents.
Alternatively, set resolve_artifacts=true in the request to include full artifact contents directly in the response.
Field description
| Parameter | Description |
|---|---|
| id | The record ID. |
| created_at | ISO 8601 timestamp representing when the record was created. |
| updated_at | ISO 8601 timestamp representing when the record was last updated. |
| story | The story the record was created from. |
| story_run_guid | The story run guid the record was created from. |
| record_type | The type of record. |
| records | The captured data for the given instance of the record type. |
| record_artifacts | An array of { id } objects, one per artifact attached to the record. Pass an id to the Get Artifacts API to retrieve the contents. |
| child_records | An array of objects containing the record IDs (or full field data when include_children=true) for which this record is the parent. |
| child_records_truncated | true when the child records list was capped. Only present when truncation occurred; otherwise absent from the response. |
| parent_record | The ID of this record's parent record. |
| case_ids | An array of case IDs linked to this record. |
| result | The captured data in key-value format. |
Sample response
{
"id": 59,
"created_at": "2023-06-14T15:09:02Z",
"updated_at": "2023-06-14T15:09:02Z",
"story": {
"id": 8,
"name": "Create new IOC"
},
"story_run_guid": "82c8e2c8-ab56-49c9-bdb9-1ea5b7fd5b2e",
"record_type": {
"id": 1,
"name": "Alert"
},
"records": [
{
"name": "Story name",
"value": "Create new IOC"
},
{
"name": "Timestamp",
"value": "2023-06-14 16:09:02"
},
{
"name": "Name",
"value": "Example"
},
{
"name": "Description",
"value": {
"id": 674623,
"is_artifact": true
}
}
],
"record_artifacts": [{ "id": 674623 }],
"child_records": [
{
"id": 9
}
],
"parent_record": {
"id": 66
},
"case_ids": [4, 2],
"result": {
"id": 59,
"updated_at": "2023-06-14T15:09:02Z",
"case_ids": [4, 2],
"Story name": "Create new IOC",
"Record ID": 59,
"Timestamp": "2023-06-14 16:09:02",
"Name": "Example",
"Description": {
"id": 674623,
"is_artifact": true
}
}
}