List Praxis Shield threat incidents for the caller's managed institutions

curl --request GET \
  --url https://pria.praxislxp.com/api/admin/security/threats \
  --header 'x-access-token: <api-key>'

{
  "success": true,
  "total": 123,
  "page": 123,
  "limit": 123,
  "incidents": [
    {
      "_id": "<string>",
      "status": "<string>",
      "severity": 123,
      "categories": [
        "<string>"
      ],
      "title": "<string>",
      "summary": "<string>",
      "userEmail": "<string>",
      "user": "<string>",
      "institutionIds": [
        "<string>"
      ],
      "firstSeenAt": "2023-11-07T05:31:56Z",
      "lastSeenAt": "2023-11-07T05:31:56Z"
    }
  ]
}

Admin

List Praxis Shield threat incidents for the caller's managed institutions

Returns Security-Watcher incidents scoped to the institutions the caller administers (super sees all). Mounted under the admin gate (isAdmin) and additionally scoped per-institution inside the handler via the institutions.list entitlement (super bypasses) — so a Digital Twin admin (global accountType ‘admin’) sees only the institutions they manage. Heavy evidence/LLM payloads are omitted; returned text is attacker- influenced and MUST be rendered inert by the client.

GET

api

admin

security

threats

List Praxis Shield threat incidents for the caller's managed institutions

curl --request GET \
  --url https://pria.praxislxp.com/api/admin/security/threats \
  --header 'x-access-token: <api-key>'

{
  "success": true,
  "total": 123,
  "page": 123,
  "limit": 123,
  "incidents": [
    {
      "_id": "<string>",
      "status": "<string>",
      "severity": 123,
      "categories": [
        "<string>"
      ],
      "title": "<string>",
      "summary": "<string>",
      "userEmail": "<string>",
      "user": "<string>",
      "institutionIds": [
        "<string>"
      ],
      "firstSeenAt": "2023-11-07T05:31:56Z",
      "lastSeenAt": "2023-11-07T05:31:56Z"
    }
  ]
}

Authorizations

x-access-token

string

header

required

JWT token passed in x-access-token header

Query Parameters

institutionId

string

Narrow to one institution (must be one the caller manages, else 403)

status

enum<string>

Filter by incident status

Available options:

open,

reviewing,

resolved,

false_positive,

escalated

severityMin

integer

Minimum severity (0-4)

Required range: 0 <= x <= 4

page

integer

default:0

limit

integer

default:50

Required range: 1 <= x <= 200

Response

Paginated incident list

success

boolean

total

integer

page

integer

limit

integer

incidents

object[]

Show child attributes

Read the MFA audit log for a target user (super-only)Suspend the user flagged by a Praxis Shield incident