> ## Documentation Index > Fetch the complete documentation index at: https://docs.flashcat.cloud/llms.txt > Use this file to discover all available pages before exploring further. # Upsert routing rule > Create or update routing rules for an integration to direct alerts to specific channels. At least one of `cases` or `default` must be provided. ## Restrictions | Aspect | Value | | ----------- | ------------------------------------------------------------- | | Rate limits | **1,000 requests/minute**; **50 requests/second** per account | | Permissions | **Integrations Manage** (`on-call`) | ## OpenAPI ````yaml /api-reference/on-call.openapi.en.json post /route/upsert openapi: 3.1.0 info: title: Flashduty Open API description: >- Public HTTP API for the Flashduty incident management platform — incidents, notification templates, channels, schedules, monitors, RUM, and platform administration. Every operation is authenticated with an `app_key` query parameter issued from the Flashduty console under Account → APP Keys. Responses follow a uniform envelope: `{ request_id, data }` on success, `{ request_id, error }` on failure. version: 1.0.0 servers: - url: https://api.flashcat.cloud description: Flashduty Open API security: - AppKeyAuth: [] tags: - name: On-call/Incidents description: '' - name: On-call/Channels description: '' - name: On-call/Alerts description: >- Search, inspect, and act on alerts. Manage card views and alert processing pipelines. - name: On-call/Integrations description: '' - name: On-call/IM integrations description: IM integration queries, such as which integrations have war room enabled. - name: On-call/Schedules description: '' - name: On-call/Calendars description: '' - name: On-call/Notification templates description: '' - name: On-call/Alert enrichment description: Custom fields, enrichment rules, and data mapping (schema, data, API). - name: On-call/Analytics description: '' - name: On-call/Status pages description: '' - name: On-call/Changes description: '' paths: /route/upsert: post: tags: - On-call/Channels summary: Upsert routing rule description: >- Create or update routing rules for an integration to direct alerts to specific channels. At least one of `cases` or `default` must be provided. operationId: routeUpsert requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UpsertRouteRequest' example: integration_id: 6113996590131 cases: - if: - key: severity oper: IN vals: - Critical channel_ids: - 3521074710131 fallthrough: false routing_mode: standard default: channel_ids: - 3521074710131 responses: '200': description: Success content: application/json: schema: allOf: - $ref: '#/components/schemas/SuccessEnvelope' - type: object properties: data: $ref: '#/components/schemas/EmptyResponse' example: request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4 data: {} '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '429': $ref: '#/components/responses/TooManyRequests' '500': $ref: '#/components/responses/ServerError' components: schemas: UpsertRouteRequest: type: object description: >- Parameters for creating or updating the routing rule of an integration. The handler creates a rule when none exists for the integration, otherwise it overwrites the existing one. At least one of `cases` or `default` must be provided. required: - integration_id properties: integration_id: type: integer format: int64 description: Integration the rule belongs to. cases: type: array items: $ref: '#/components/schemas/RouteCase' description: Ordered list of case branches. Cases are evaluated top to bottom. sections: type: array items: $ref: '#/components/schemas/RouteSection' description: Optional sections that group consecutive cases for display. default: $ref: '#/components/schemas/RouteDefault' version: type: integer format: int64 description: >- Expected current version for optimistic concurrency control. Pass the value returned by the latest read. SuccessEnvelope: type: object description: >- Success response envelope. On every 2xx response, `request_id` identifies the call (also mirrored in the `Flashcat-Request-Id` header) and `data` holds the endpoint-specific payload. Failure responses use a different shape — see `ErrorResponse`. properties: request_id: type: string description: >- Unique ID for this request. Mirrored in the Flashcat-Request-Id response header. Include it when reporting issues. example: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4 data: description: Endpoint-specific payload. See each operation's 200 response schema. required: - request_id - data EmptyResponse: type: object description: 'Empty response body. The server returns `data: null` on success.' properties: {} RouteCase: type: object description: >- A single case branch in the routing rule. When all of its conditions match, the alert is dispatched to the configured channels. required: - if - channel_ids - fallthrough properties: if: type: array description: List of match conditions that are AND-ed together. items: $ref: '#/components/schemas/RouteMatchCondition' channel_ids: type: array items: type: integer format: int64 description: >- Target channel IDs. Required when `routing_mode` is `standard` (or empty). fallthrough: type: boolean description: >- If `true`, evaluation continues to the next case after this one matches; otherwise matching stops at the first hit. routing_mode: type: string enum: - standard - name_mapping description: >- Routing mode. `standard` (default, also used when left empty) routes to the fixed channel IDs; `name_mapping` resolves channels by reading a label value from the alert event. name_mapping_label: type: string description: >- Label key whose value is used as the target channel name. Required when `routing_mode` is `name_mapping`. RouteSection: type: object description: A logical section that groups consecutive cases for display purposes. required: - name - position properties: name: type: string description: Section name. Must be unique within the rule. position: type: integer description: >- Index in `cases` where this section starts. Must be between 0 and the length of `cases`. RouteDefault: type: object description: >- Default branch used when no case matches (or all matched cases yield no valid channels). properties: channel_ids: type: array items: type: integer format: int64 description: Channel IDs to fall back to. ErrorResponse: type: object description: Response envelope for errors. `error` is required; `data` is absent. properties: request_id: type: string example: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4 error: $ref: '#/components/schemas/DutyError' required: - request_id - error RouteMatchCondition: type: object description: >- A single match condition. All conditions inside one case form an AND group. required: - key - oper - vals properties: key: type: string description: >- Field key to match against the alert event (e.g. `alert_severity`, `labels.service`). oper: type: string enum: - IN - NOTIN description: >- Match operator. `IN` matches when the field value is one of `vals`; `NOTIN` matches when it is not. vals: type: array items: type: string description: >- Values to compare against. Each value may be a literal string, a wildcard (`*`, `?`), a regular expression wrapped in slashes (`/pattern/`), a CIDR (`cidr:10.0.0.0/8`), or a numeric comparison (`num:lt:100`). DutyError: type: object description: >- Error payload inside the response envelope. Present only on non-2xx responses. properties: code: $ref: '#/components/schemas/ErrorCode' message: type: string description: >- Human-readable error message, localized by the caller's Accept-Language. May contain field names, IDs, or other context from the failing request. example: The specified parameter template_id is not valid. required: - code - message ErrorCode: type: string description: >- Flashduty error code enum. Every failed API response sets `error.code` to one of these stable wire strings. HTTP status is informational — the authoritative signal is the enum value. | Code | HTTP | Meaning | |---|---|---| | `OK` | 200 | Reserved — not returned on real errors. | | `InvalidParameter` | 400 | A required parameter is missing or failed validation. | | `BadRequest` | 400 | Generic 400 used when no more specific code fits. | | `InvalidContentType` | 400 | The `Content-Type` header is not `application/json`. | | `ResourceNotFound` | 400 | The referenced resource does not exist. Note: returned as HTTP 400, not 404 (historical choice). | | `NoLicense` | 400 | The feature is license-gated and no active license was found. | | `ReferenceExist` | 400 | Deletion blocked — other entities still reference this resource. | | `Unauthorized` | 401 | `app_key` is missing, invalid, or expired. | | `BalanceNotEnough` | 402 | Billing-gated operation with insufficient account balance. | | `AccessDenied` | 403 | Authenticated but lacking the permission required for this operation. | | `RouteNotFound` | 404 | The request URL path is not a known route. | | `MethodNotAllowed` | 405 | The HTTP method is not allowed on this otherwise-known path. | | `UndonedOrderExist` | 409 | An outstanding billing order blocks this new one. Wait and retry. | | `RequestLocked` | 423 | Operation temporarily locked due to repeated failures. | | `EntityTooLarge` | 413 | Request body exceeds the configured max size. | | `RequestTooFrequently` | 429 | Rate limit hit — API-global, per-account, or per-integration. | | `RequestVerifyRequired` | 428 | Second-factor verification required but not supplied. | | `DangerousOperation` | 428 | High-risk operation requires MFA verification. | | `InternalError` | 500 | Unhandled server-side error. Include `request_id` in the bug report. | | `ServiceUnavailable` | 503 | A backend dependency is unavailable. Try again later. | enum: - OK - InvalidParameter - BadRequest - InvalidContentType - ResourceNotFound - NoLicense - ReferenceExist - Unauthorized - BalanceNotEnough - AccessDenied - RouteNotFound - MethodNotAllowed - UndonedOrderExist - RequestLocked - EntityTooLarge - RequestTooFrequently - RequestVerifyRequired - DangerousOperation - InternalError - ServiceUnavailable x-enumDescriptions: OK: Reserved — not returned on real errors. InvalidParameter: A required parameter is missing or failed validation. BadRequest: Generic 400 used when no more specific code fits. InvalidContentType: The `Content-Type` header is not `application/json`. ResourceNotFound: >- The referenced resource does not exist. Note: returned as HTTP 400, not 404 (historical choice). NoLicense: The feature is license-gated and no active license was found. ReferenceExist: Deletion blocked — other entities still reference this resource. Unauthorized: '`app_key` is missing, invalid, or expired.' BalanceNotEnough: Billing-gated operation with insufficient account balance. AccessDenied: Authenticated but lacking the permission required for this operation. RouteNotFound: The request URL path is not a known route. MethodNotAllowed: The HTTP method is not allowed on this otherwise-known path. UndonedOrderExist: An outstanding billing order blocks this new one. Wait and retry. RequestLocked: Operation temporarily locked due to repeated failures. EntityTooLarge: Request body exceeds the configured max size. RequestTooFrequently: Rate limit hit — API-global, per-account, or per-integration. RequestVerifyRequired: Second-factor verification required but not supplied. DangerousOperation: High-risk operation requires MFA verification. InternalError: Unhandled server-side error. Include `request_id` in the bug report. ServiceUnavailable: A backend dependency is unavailable. Try again later. example: InvalidParameter responses: BadRequest: description: Invalid request — usually a missing or malformed parameter. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: missingParameter: value: request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4 error: code: InvalidParameter message: The specified parameter is not valid. Unauthorized: description: Missing or invalid app_key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: missingAppKey: value: request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4 error: code: Unauthorized message: You are unauthorized. TooManyRequests: description: >- Rate limit hit. Either the global API limit, a per-account limit, or a per-integration limit. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: rateLimited: value: request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4 error: code: RequestTooFrequently message: Request too frequently. ServerError: description: Unexpected server-side error. Include the request_id when reporting. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: internal: value: request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4 error: code: InternalError message: >- We encountered an internal error, and it has been reported. Please try again later. securitySchemes: AppKeyAuth: type: apiKey in: query name: app_key description: >- App key issued from the Flashduty console under Account → APP Keys. Required on every public API call. Keep it secret — it grants the same access as the owning account. ````