24observe
checking… Sign in Start free
Docs · API for agents

Built so an agent can run the day without paging you.

Most observability APIs were designed for humans clicking through a dashboard. The retries get wrapped in an SDK; the auth gets hidden behind an OAuth dance; the errors arrive as 500-page release notes. None of that ports to an agent.

We built this surface for the case where the caller is a script you wrote at midnight, or a Claude/GPT/Gemini tool call that has to make a decision in the next 300 ms. Below is the short list of what that actually means — narrated against the live API.

NEW · MODEL CONTEXT PROTOCOL

Plug 24observe into any MCP client — no integration code.

Beyond the tool-definition JSON below, we ship a Model Context Protocol server (@observe24/mcp). Add it to Claude Desktop, Claude Code, Cursor, or your own agent with one config block and your API token, then ask things like "investigate incident 159" or "open a case and attach the brute-force incident." It's a thin, safe proxy — every read plus a curated allow-list of safe writes, never DELETE, never auth or billing — and it runs against your own self-hosted instance too. 

// claude_desktop_config.json  (or Cursor mcp.json)
{
  "mcpServers": {
    "24observe": {
      "command": "npx",
      "args": ["-y", "@observe24/mcp"],
      "env": { "OBSERVE24_TOKEN": "obs_your_token" }
    }
  }
}

Available today by self-hosting from source — build it and set "command": "node", "args": ["/path/to/observe24/apps/mcp/dist/index.js"]. The managed @observe24/mcp package shown above publishes shortly.

01

Rate-limit headers your agent can actually read.

Every authenticated response carries the daily mutation budget left on your PAT: X-PAT-Mut-Limit, X-PAT-Mut-Remaining, X-PAT-Mut-Reset. The bytes-budget on /logs/ingest is reported by X-PAT-LogBytes-Limit, X-PAT-LogBytes-Used, X-PAT-LogBytes-Remaining, X-PAT-LogBytes-Reset. The reset value is a unix timestamp — no parsing "in 4 hours". Your agent knows to back off before it hits a 429.

HTTP/1.1 201 Created
X-PAT-Mut-Limit: 1000
X-PAT-Mut-Remaining: 873
X-PAT-Mut-Reset: 1716508800
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99
02

Event webhooks. Stop polling.

Register a URL with /api/v1/webhook-subscriptions for the events you care about — incident.opened, incident.acknowledged, incident.resolved. We POST a JSON envelope signed with your org's webhook secret (HMAC-SHA256, Stripe-style). Your endpoint verifies the signature, processes the event, returns 200. We auto-retry on failure (5 attempts, exponential backoff), auto-disable after 10 consecutive failures, and you get a /deliveries log for everything.

POST https://your-agent.example.com/24observe-events
Content-Type: application/json
User-Agent: 24observe-webhooks/1.0
X-24Observe-Event: incident.opened
X-24Observe-Delivery-Id: deliver-abc.1
X-24Observe-Timestamp: 1716480000
X-24Observe-Signature: t=1716480000,v1=<hmac-sha256-hex>

{
  "id": "incident.42.opened",
  "type": "incident.opened",
  "created": 1716480000,
  "data": {
    "incident_id": 42,
    "monitor_id": 7,
    "monitor_name": "checkout-api",
    "monitor_url": "https://api.example.com/healthz",
    "status": "investigating",
    "error_message": "HTTP 503",
    "opened_at": "2026-05-23T14:00:00Z"
  }
}
03

Tool definitions for every agent framework.

We pre-convert the OpenAPI spec into the shapes your framework already expects. Fetch one of three URLs and pass the array straight into your agent — no schema wrangling, no hand-rolled converter.

# OpenAI function-calling
curl https://api.24observe.com/openapi/openai-tools.json

# Anthropic tool-use
curl https://api.24observe.com/openapi/anthropic-tools.json

# LangChain / generic
curl https://api.24observe.com/openapi/langchain-tools.json
04

PAT scopes that name the action, not the resource.

Mint a token with monitors:read and your agent can list monitors but not create them. Add logs:write and it can ship logs but not search them. Eleven scopes total. Two new ones for Phase 2: webhooks:read and webhooks:write. Mix and match per agent so the blast radius of a leaked token matches the trust level of the task.

curl -X POST https://api.24observe.com/api/v1/me/tokens \
  -H "Authorization: Bearer obs_<admin>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "incident-bot-prod",
    "scopes": ["incidents:read", "incidents:write", "webhooks:write"],
    "dailyMutationLimit": 200
  }'
05

Idempotency-Key on every POST.

Send the same request twice with the same Idempotency-Key, get the same result twice — never a duplicate row, never a double-page. The window is 24 hours. Your agent's retry loop on a 5xx never costs you a duplicated incident.

curl -X POST https://api.24observe.com/api/v1/monitors \
  -H "Authorization: Bearer obs_<pat>" \
  -H "Idempotency-Key: 7c1d-create-checkout-monitor" \
  -H "Content-Type: application/json" \
  -d '{"name":"checkout-api","url":"https://api.example.com/healthz","type":"http"}'
06

Errors with a code, not just a message.

Every 4xx response carries a stable error code your agent can branch on — PAT_SCOPE_INSUFFICIENT, PAT_DAILY_LIMIT_EXCEEDED, PLAN_LIMIT_LOGS_VOLUME, WEBHOOK_URL_UNSAFE, WEBHOOK_URL_UNRESOLVABLE, MONITOR_TARGET_UNSAFE, IDEMPOTENCY_KEY_REPLAY_CONFLICT. The message is for humans; the code is the contract.

HTTP/1.1 403 Forbidden
Content-Type: application/json

{
  "error": "Token missing required scope: webhooks:write",
  "code": "PAT_SCOPE_INSUFFICIENT"
}

We'd still rather you didn't write to us.

Pages your agent should bookmark: /agents/ for the end-to-end story, /docs/api/ for the full reference, /docs/openapi/ for the interactive spec, /docs/webhooks/ for signature verification, and /openapi/tools-index.json for the discovery doc that lists every tool-format URL.

If something here is broken, vague, or just less convenient than it should be — tell us. /contact/ goes to a real person, not a ticketing queue.