Description
Retrieve a single record.
The record ID appears in the URL when viewing a record: https://<<META.tenant.domain>>/records/types/{record_type_id}/results/{record_id}, or in the response from the List Records API.
Request
HTTP Method: GET
| Parameter | Description |
|---|---|
| record_id | The ID of the record to retrieve. |
| record_type_id | Optional The ID of the record type. Including this parameter may result in a faster query. |
| record_field_ids | Optional An array of record field IDs. When provided, only the specified fields are included in the response. The id, updated_at, and case_ids fields are always returned. |
| resolve_artifacts | Optional Boolean true or false value. When true, Artifacts (large text) fields return the full contents instead of just the artifact ID. Defaults to false. |
curl -X GET \
https://<<META.tenant.domain>>/api/v1/records/<<record_id>> \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
Or, for faster performance, include the record type ID:
curl -X GET \
https://<<META.tenant.domain>>/api/v1/records/<<record_id>>?record_type_id=<<record_type_id>> \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
Example request with record_field_ids
To return only specific fields in the response:
curl -X GET \
"https://<<META.tenant.domain>>/api/v1/records/<<record_id>>?record_field_ids[]=<<field_id_1>>&record_field_ids[]=<<field_id_2>>" \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
Note: All field IDs must belong to the record's record type. A 404 error is returned if any field ID does not exist, and a 422 error is returned if any field ID belongs to a different record type.
Example request with resolve_artifacts
To return full artifact contents instead of artifact IDs:
curl -X GET \
"https://<<META.tenant.domain>>/api/v1/records/<<record_id>>?resolve_artifacts=true" \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>'
Response
A successful request will return a JSON object representing the specified record.
Artifacts (large text)
By default, Artifacts (large text) field types return a reference object containing the artifact ID and an is_artifact flag, rather than the data itself:
{ "id": 674623, "is_artifact": true }
This id is the artifact_id you need to pass to the GET Artifacts (large text) API endpoint to retrieve the actual contents.
Alternatively, set resolve_artifacts=true in the request to include full artifact contents directly in the response.
Field description
| Parameter | Description |
|---|---|
| id | The record ID. |
| created_at | ISO 8601 Timestamp representing creation date and time of the record. |
| story | The story the record was created from. |
| story_run_guid | The story run guid the record was created from. |
| record_type | The the type of record the result set was created for. |
| records | The captured data for the given instance of the record type. |
| child_records | An array of objects containing the record IDs for which this record is the parent. |
| parent_record | The ID of this record's parent record. |
| case_ids | An array of case IDs linked to this record. |
| result | The captured data in key-value format. |
Sample response
{
"id": 59,
"created_at": "2023-06-14T15:09:02Z",
"story": {
"id": 8,
"name": "Create new IOC"
},
"story_run_guid": "82c8e2c8-ab56-49c9-bdb9-1ea5b7fd5b2e",
"record_type": {
"id": 1,
"name": "Alert"
},
"records": [
{
"name": "Story name",
"value": "Create new IOC"
},
{
"name": "Timestamp",
"value": "2023-06-14 16:09:02"
},
{
"name": "Name",
"value": "Example"
},
{
"name": "Description",
"value": {
"id": 674623,
"is_artifact": true
}
}
],
"child_records": [
{
"id": 9
}
],
"parent_record": {
"id": 66
},
"case_ids": [4, 2],
"result": {
"id": 59,
"updated_at": "2023-06-14T15:09:02Z",
"case_ids": [4, 2],
"Story name": "Create new IOC",
"Timestamp": "2023-06-14 16:09:02",
"Name": "Example",
"Description": {
"id": 674623,
"is_artifact": true
}
}
}