> ## Documentation Index
> Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Update incident policy for a monitor

> Replaces the trigger rules, confirmation settings, and recovery settings. All fields are validated before saving.



## OpenAPI

````yaml /openapi/monitoring-api.json put /api/v1/monitors/{monitorId}/policy
openapi: 3.0.1
info:
  title: DevHelm API
  description: >-
    DevHelm monitoring and incident management API. Create and manage uptime
    monitors, incidents, alert channels, notification policies, and more.
  version: '1.0'
  contact:
    name: DevHelm
    url: https://devhelm.io
    email: support@devhelm.io
servers:
  - url: https://api.devhelm.io
    description: Production
security:
  - BearerAuth: []
tags:
  - name: Alert Channels
    description: Alert channel CRUD and connectivity testing
  - name: Alert Deliveries
    description: 'Delivery audit trail: inspect per-attempt details for alert deliveries'
  - name: API Auth
    description: Identity and quota info for API key authentication
  - name: API Keys
    description: Organization API key management
  - name: Audit Log
    description: Organization audit trail
  - name: Check Results
    description: Query raw check results, uptime statistics, and summary data
  - name: Dashboard
    description: Overview dashboard aggregates
  - name: Deploy Lock
    description: Mutex for CLI deploy operations
  - name: Environments
    description: Variable namespace management for monitors
  - name: Forensics
    description: >-
      Detection engine event-sourced history (policy snapshots, rule
      evaluations, state transitions)
  - name: Heartbeat
    description: Public ping endpoint for heartbeat monitors
  - name: Incident Policies
    description: Manage trigger, confirmation, and recovery rules for monitors
  - name: Incidents
    description: Incident management and lifecycle
  - name: Integrations
    description: Static catalog of supported alert channel integrations
  - name: Invites
    description: Organization invite management
  - name: Maintenance Windows
    description: Schedule alert-suppression windows for monitors
  - name: Members
    description: Organization member management
  - name: Monitor Alert Channels
    description: Manage alert channel mappings for a monitor
  - name: Monitor Assertions
    description: Manage assertions for a monitor
  - name: Monitor Auth
    description: Manage authentication configuration for a monitor
  - name: Monitors
    description: Monitor CRUD and lifecycle management
  - name: Notification Dispatches
    description: >-
      Dispatch debugging API: inspect which policies matched an incident and
      track delivery status
  - name: Notification Policies
    description: Org-level notification routing policies with JSONB match rules
  - name: Notifications
    description: In-app notification center
  - name: Organizations
    description: Organization management
  - name: Resource Groups
    description: Resource group CRUD and member management
  - name: Secrets
    description: Organization environment secret management
  - name: Service Subscriptions
    description: Manage which services an organization tracks
  - name: Status Data
    description: Public service status catalog, components, uptime, and incident history
  - name: Status Pages
    description: Status page management
  - name: Tags
    description: Org-scoped tag management for monitors
  - name: Vault
    description: Organization vault management (admin-only)
  - name: Webhooks
    description: Webhook endpoint management, event catalog, and delivery history
  - name: Workspaces
    description: Workspace management within an organization
paths:
  /api/v1/monitors/{monitorId}/policy:
    put:
      tags:
        - Incident Policies
      summary: Update incident policy for a monitor
      description: >-
        Replaces the trigger rules, confirmation settings, and recovery
        settings. All fields are validated before saving.
      operationId: update_8
      parameters:
        - name: monitorId
          in: path
          description: Monitor UUID
          required: true
          schema:
            type: string
            format: uuid
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateIncidentPolicyRequest'
        required: true
      responses:
        '200':
          description: Policy updated
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/IncidentPolicyDto'
        '400':
          description: Validation error in JSONB shape
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/SingleValueResponseIncidentPolicyDto'
        '401':
          description: Unauthorized — missing or invalid credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Forbidden — the actor lacks permission for this resource
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Monitor or policy not found
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/SingleValueResponseIncidentPolicyDto'
        '409':
          description: Conflict — the request collides with current resource state
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: Internal server error — see the message field for details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '502':
          description: Bad gateway — an upstream provider returned an error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '503':
          description: Service unavailable — try again shortly
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
components:
  schemas:
    UpdateIncidentPolicyRequest:
      required:
        - confirmation
        - recovery
        - triggerRules
      type: object
      properties:
        triggerRules:
          minItems: 1
          type: array
          description: Array of trigger rules; at least one required
          items:
            $ref: '#/components/schemas/TriggerRule'
        confirmation:
          $ref: '#/components/schemas/ConfirmationPolicy'
        recovery:
          $ref: '#/components/schemas/RecoveryPolicy'
      description: Request body for updating an incident policy
    IncidentPolicyDto:
      required:
        - confirmation
        - createdAt
        - id
        - monitorId
        - recovery
        - triggerRules
        - updatedAt
      type: object
      properties:
        id:
          type: string
          description: Unique incident policy identifier
          format: uuid
        monitorId:
          type: string
          description: Monitor this policy is attached to
          format: uuid
        triggerRules:
          type: array
          description: Array of trigger rules defining when an incident should be raised
          items:
            $ref: '#/components/schemas/TriggerRule'
        confirmation:
          $ref: '#/components/schemas/ConfirmationPolicy'
        recovery:
          $ref: '#/components/schemas/RecoveryPolicy'
        createdAt:
          type: string
          description: Timestamp when the policy was created
          format: date-time
        updatedAt:
          type: string
          description: Timestamp when the policy was last updated
          format: date-time
        monitorRegionCount:
          type: integer
          description: >-
            Number of regions configured on the monitor (only set in internal
            API responses)
          format: int32
          nullable: true
        checkFrequencySeconds:
          type: integer
          description: >-
            Monitor check frequency in seconds (only set in internal API
            responses)
          format: int32
          nullable: true
      description: Incident detection, confirmation, and recovery policy for a monitor
    SingleValueResponseIncidentPolicyDto:
      required:
        - data
      type: object
      properties:
        data:
          $ref: '#/components/schemas/IncidentPolicyDto'
    ErrorResponse:
      required:
        - code
        - message
        - status
        - timestamp
      type: object
      properties:
        status:
          type: integer
          description: HTTP status code (mirrors the response status line)
          format: int32
          example: 404
        code:
          type: string
          description: >-
            Coarse machine-readable error category (e.g. NOT_FOUND,
            RATE_LIMITED); stable per status
          example: NOT_FOUND
        message:
          type: string
          description: Human-readable error message; safe to surface to end users
          example: Monitor not found
        timestamp:
          type: integer
          description: Server time when the error was produced (epoch milliseconds)
          format: int64
          example: 1737302400000
        requestId:
          type: string
          description: >-
            Opaque per-request id; same value as the X-Request-Id response
            header. Use in support tickets.
          nullable: true
          example: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a
        errors:
          type: array
          description: >-
            Structured per-field rejections; populated for validation errors,
            null otherwise
          nullable: true
          items:
            nullable: true
            allOf:
              - $ref: '#/components/schemas/ErrorEntry'
      description: Uniform error envelope returned for every non-2xx response
      example:
        status: 404
        code: NOT_FOUND
        message: Monitor not found
        timestamp: 1737302400000
        requestId: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a
    TriggerRule:
      required:
        - scope
        - severity
        - type
      type: object
      properties:
        type:
          type: string
          description: Condition that opens or escalates an incident from check results
          enum:
            - consecutive_failures
            - failures_in_window
            - response_time
        count:
          type: integer
          description: Failure count for consecutive or windowed failure rules
          format: int32
          nullable: true
        windowMinutes:
          type: integer
          description: Window length in minutes for failures-in-window rules
          format: int32
          nullable: true
        scope:
          type: string
          description: Whether the rule applies per region or across regions
          nullable: true
          enum:
            - per_region
            - any_region
        thresholdMs:
          type: integer
          description: Response time threshold in milliseconds for response-time rules
          format: int32
          nullable: true
        severity:
          type: string
          description: Incident severity when this rule fires
          enum:
            - down
            - degraded
        aggregationType:
          type: string
          description: How response times are aggregated for response-time rules
          nullable: true
          enum:
            - all_exceed
            - average
            - p95
            - max
      description: Array of trigger rules defining when an incident should be raised
    ConfirmationPolicy:
      required:
        - type
        - minRegionsFailing
        - maxWaitSeconds
      type: object
      properties:
        type:
          type: string
          description: How incident confirmation is coordinated across regions
          enum:
            - multi_region
        minRegionsFailing:
          type: integer
          description: Minimum failing regions required to confirm an incident
          format: int32
        maxWaitSeconds:
          type: integer
          description: >-
            Maximum seconds to wait for enough regions to fail after first
            trigger
          format: int32
      description: Multi-region confirmation settings
    RecoveryPolicy:
      type: object
      properties:
        consecutiveSuccesses:
          type: integer
          description: Consecutive passing checks required to auto-resolve the incident
          format: int32
        minRegionsPassing:
          type: integer
          description: Minimum regions that must be passing before recovery can complete
          format: int32
        cooldownMinutes:
          type: integer
          description: >-
            Minutes after resolve before a new incident may open on the same
            monitor
          format: int32
      description: Auto-recovery settings
      required:
        - consecutiveSuccesses
        - minRegionsPassing
        - cooldownMinutes
    ErrorEntry:
      required:
        - code
        - message
      type: object
      properties:
        code:
          minLength: 1
          type: string
          description: >-
            Stable machine-readable code; see ValidationErrorCode for the
            registry
          example: MONITOR_HEARTBEAT_GRACE_EXCEEDS_INTERVAL
        field:
          type: string
          description: >-
            JSON-pointer-like path to the offending field, or null for
            request-wide errors
          nullable: true
          example: config.gracePeriod
        message:
          minLength: 1
          type: string
          description: Human-readable message; safe to surface to end users
      description: One structured validation rejection
  securitySchemes:
    BearerAuth:
      type: http
      description: API key (dh_live_...) or Auth0 JWT token
      scheme: bearer
      bearerFormat: JWT

````