Skip to main content
POST
/
api
/
admin
/
security
/
threats
/
{incidentId}
/
actions
Record a reviewer action intent on a Praxis Shield incident
curl --request POST \
  --url https://pria.praxislxp.com/api/admin/security/threats/{incidentId}/actions \
  --header 'Content-Type: application/json' \
  --header 'x-access-token: <api-key>' \
  --data '
{
  "action": "<string>",
  "metadata": {}
}
'
{
  "success": true,
  "incident": {
    "_id": "<string>",
    "severity": 2,
    "categories": [
      "<string>"
    ],
    "title": "<string>",
    "summary": "<string>",
    "user": "<string>",
    "userEmail": "<string>",
    "userFname": "<string>",
    "userLname": "<string>",
    "institutionIds": [
      "<string>"
    ],
    "institutions": [
      {
        "_id": "<string>",
        "name": "<string>"
      }
    ],
    "evidence": [
      {}
    ],
    "llmAssessments": [
      {}
    ],
    "reviewerNotes": [
      {
        "author": "<string>",
        "note": "<string>",
        "createdAt": "2023-11-07T05:31:56Z"
      }
    ],
    "reviewerActions": [
      {
        "author": "<string>",
        "action": "<string>",
        "metadata": {},
        "createdAt": "2023-11-07T05:31:56Z"
      }
    ],
    "firstSeenAt": "2023-11-07T05:31:56Z",
    "lastSeenAt": "2023-11-07T05:31:56Z"
  }
}

Authorizations

x-access-token
string
header
required

JWT token passed in x-access-token header

Path Parameters

incidentId
string
required

Body

application/json
action
string
required

Action identifier (trimmed; required non-empty)

metadata
object

Optional structured metadata (intentOnly forced true)

Response

The updated incident

success
boolean
incident
object

Full incident document INCLUDING evidence and llmAssessments, plus resolved institutions/user name fields. Evidence and LLM-assessment text is attacker-influenced and MUST be rendered INERT by the client.