Switchy
Sign up
developer-toolsapi_key

incident.io

Incident management and response platform

Verdict

The incident.io MCP connects your workspace to your incident management system. @mention it to create incidents, update their status, configure alert routing, or query your service catalog without leaving Switchy. Engineers and on-call responders use it to triage alerts in chat, declare incidents from Slack threads, and pull context about services or teams mid-conversation. It requires an API key with appropriate scopes — you'll need admin access to generate one. The MCP exposes 50+ tools, but most teams rely on a handful: creating incidents, routing alerts, and reading catalog data.

Common use cases

  • Declare incidents from Slack threads
  • Route PagerDuty alerts to the right team
  • Query service ownership during outages
  • Update incident severity as you investigate
  • Add custom fields to track RCA progress

Integration

Vendor
incident.io
Category
developer-tools
Auth
API_KEY
Tools
50
Composio slug
incident_io

Tools

  • Create Alert Attribute V2

    Tool to create an alert attribute in incident.io. Use when you need to define structured data fields that can be parsed from alerts coming in via alert sources. Alert attributes allow you to extract and organize information from incoming al

  • Create Alert Route V2

    Tool to create an alert route in incident.io. Use when you need to configure how alerts should be processed, routed, and potentially converted into incidents based on conditions, grouping rules, and templates.

  • Create Alert Source V2

    Tool to create a new alert source in incident.io. Use when you need to set up a new integration for receiving alerts from external systems via HTTP webhooks or manual entry.

  • Create Catalog Entry V2

    Tool to create a catalog entry in incident.io. Use when you need to add a new entry to a catalog type with specific attribute values. Catalog entries represent items like teams, services, or custom resources in your incident management work

  • Create Catalog Entry V3

    Tool to create a catalog entry in incident.io using the V3 API. Use when you need to add a new entry to a catalog type with specific attribute values. Catalog entries represent items like teams, services, or custom resources in your inciden

  • Create Catalog Type V3

    Tool to create a new catalog type in incident.io V3 API. Use when you need to define custom resource types for your organization's catalog, such as teams, services, or infrastructure components.

  • Create Custom Field Option

    Tool to create a new custom field option in incident.io. Use when you need to add a new selectable value to an existing custom field.

  • Create Custom Field V2

    Tool to create a custom field in incident.io using the V2 API. Use when you need to add a new custom field to track additional information during incidents.

  • Create Escalation V2

    Tool to create an escalation in incident.io. Use when you need to page users to respond to alerts. You must specify either an escalation_path_id or direct targets (users/schedules).

  • Create Incident Role

    Tool to create a new incident role in incident.io. Use when you need to define a new role type that can be assigned during incidents. Roles help organize responsibilities and ensure the right people are engaged during incident response.

  • Create Incident Role V2

    Tool to create a new incident role in incident.io using the V2 API. Use when you need to define a new role type that can be assigned during incidents to organize responsibilities and ensure the right people are engaged during incident respo

  • Create Incident Status

    Tool to create a new incident status in incident.io. Use when you need to add a custom status for categorizing incidents as 'live' (active), 'learning' (post-incident), or 'closed'.

  • Create Incident V1

    Tool to create a new incident in incident.io. Use when you need to report and track an operational issue or outage. Requires at minimum an idempotency_key and visibility setting.

  • Create Incident V2

    Tool to create a new incident in incident.io using the V2 API. Use when you need to report and track an operational issue or outage. Requires at minimum an idempotency_key and visibility setting. Optionally specify severity, incident type,

  • Create Managed Resource V2

    Tool to create a managed resource in incident.io. Use when you need to mark a resource (schedule, escalation path, or workflow) as being managed by an external system like Terraform or a custom automation tool. This helps track which resour

  • Create Severity

    Tool to create a new severity level in incident.io. Use when you need to define a new severity classification for incidents with a specific rank and description.

  • Delete Alert Attribute V2
    destructive

    Tool to delete an alert attribute from incident.io. Use when you need to remove an alert attribute that is no longer needed or was created in error.

  • Delete Alert Route V2
    destructive

    Tool to delete an alert route from incident.io. Use when you need to remove an alert route configuration that is no longer needed or was created in error.

  • Delete Alert Source V2
    destructive

    Tool to delete an alert source from incident.io. Use when you need to remove an alert source that is no longer needed or was created in error.

  • Delete Catalog Entry V2
    destructive

    Tool to delete a catalog entry from incident.io. Use when you need to remove a catalog entry that is no longer needed.

  • Delete Catalog Entry V3
    destructive

    Tool to archive a catalog entry from incident.io using V3 API. Use when you need to remove a catalog entry that is no longer needed. This operation archives the entry from the catalog.

  • Delete Catalog Type V2
    destructive

    Tool to delete a catalog type from incident.io. Use when you need to remove a catalog type that is no longer needed.

  • Delete Catalog Type V3
    destructive

    Tool to archive a catalog type and all its entries from incident.io. Use when you need to remove a catalog type that is no longer needed.

  • Delete Custom Field
    destructive

    Tool to delete a custom field from incident.io. Use when you need to remove a custom field definition. The deletion is permanent and cannot be undone.

  • Delete Custom Field Option
    destructive

    Tool to delete a custom field option in incident.io. Use when you need to permanently remove a custom field option by its ID.

  • Delete Custom Field V2
    destructive

    Tool to delete a custom field from incident.io using the V2 API. Use when you need to permanently remove a custom field definition by its ID.

  • Delete Escalation Path V2
    destructive

    Tool to delete an escalation path from incident.io. Use when you need to remove an escalation path that is no longer needed or was created in error.

  • Delete Incident Role V1
    destructive

    Tool to delete an incident role by ID. Use when you need to remove an incident role from incident.io.

  • Delete Incident Role V2
    destructive

    Tool to delete an incident role by ID. Use when you need to permanently remove an incident role from incident.io.

  • Delete Incident Status V1
    destructive

    Tool to delete an incident status by its ID. Use when you need to remove an incident status from the system.

  • Delete Schedule V2
    destructive

    Tool to delete a schedule from incident.io. Use when you need to remove a schedule that is no longer needed or was created in error.

  • Delete Severity
    destructive

    Tool to delete a severity in incident.io. Use when you need to permanently remove a severity level from your incident management configuration.

  • Delete Workflow V2
    destructive

    Tool to delete a workflow from incident.io using the V2 API. Use when you need to permanently remove a workflow definition by its ID.

  • Edit Incident V2

    Tool to edit an existing incident in incident.io. Use when you need to update incident details like name, summary, severity, status, custom fields, or role assignments.

  • Get Catalog Entry V3

    Tool to retrieve a specific catalog entry by ID from incident.io. Use when you need to get details about a catalog entry including its attributes and values.

  • Get Catalog Type V2

    Tool to retrieve a specific catalog type by ID from incident.io. Use when you need to get details about a catalog type's configuration, schema, or metadata.

  • Get Catalog Type V3

    Tool to retrieve a specific catalog type by ID from incident.io V3 API. Use when you need to get details about a catalog type's configuration, schema, or metadata.

  • Get Custom Field Option

    Tool to retrieve a specific custom field option by its ID. Use when you need details about a custom field option in incident.io.

  • Get Custom Field V1

    Tool to retrieve details of a specific custom field by ID in incident.io. Use when you need information about a custom field's configuration, options, or metadata.

  • Get Custom Field V2

    Tool to retrieve details of a specific custom field by ID using the V2 API in incident.io. Use when you need information about a custom field's configuration or metadata from the V2 endpoint.

  • Get Incident Role

    Tool to retrieve a specific incident role by ID. Use when you need to get details about a specific incident role.

  • Get Incident Role V2

    Tool to retrieve a specific incident role by ID using V2 API. Use when you need to get details about a specific incident role.

  • Get Incident Status

    Tool to retrieve details of a specific incident status by ID. Use when you need to get information about a particular incident status configuration.

  • Get Incident Timestamp V2

    Tool to retrieve a specific incident timestamp by ID using V2 API. Use when you need to get details about a specific incident timestamp configuration.

  • Get Incident Type

    Tool to retrieve detailed information about a specific incident type by ID. Use when you need to view configuration details, settings, or properties of a particular incident type.

  • Show Alert Attribute V2

    Tool to retrieve a specific alert attribute by its ID from incident.io. Use when you need to get details about an alert attribute such as its type, whether it's required, or if it accepts arrays.

  • Show Alert Routes V2

    Tool to retrieve a specific alert route configuration by its ID from incident.io. Use when you need to view the details of an alert route, including its conditions, escalation bindings, and incident template.

  • Show Alert Source V2

    Tool to retrieve a specific alert source by its ID from incident.io. Use when you need to get details about an alert source configuration including its template and HTTP options.

  • Show Entry Catalog V2

    Tool to retrieve a specific catalog entry by ID from incident.io. Use when you need to get details about a catalog entry including its attributes, values, and associated catalog type.

  • Show Escalations V2

    Tool to retrieve a specific escalation by ID from incident.io. Use when you need detailed information about an escalation including its status, priority, creator, events, and related incidents/alerts.

Setup

Setup guide

  1. 11. In Switchy, open your workspace settings and navigate to the Integrations tab. 2. Click 'Add MCP Integration' and select incident.io from the list. 3. In a separate tab, log into your incident.io dashboard and go to Settings → API Keys. 4. Generate a new API key with read and write permissions for incidents, alerts, and catalog resources. 5. Copy the key and paste it into the Switchy connection form, then click 'Connect'. 6. Switchy will verify the key and confirm the connection. 7. Open any Space and type '@incident.io list catalog entries' to test — you should see a list of your services or teams. 8. To invoke tools during a conversation, @mention incident.io followed by your request, like '@incident.io create an incident for the API timeout we're seeing'.

What teammates see: by default, memories from incident.io are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.

Works well with

Top models

Compatibility data appears once enough Spaces have used this MCP together with a given model.

How Switchy teams use it

Not enough Spaces yet to publish anonymised usage stats (we require ≥ 50 Spaces per week).

Starter prompts

Declare New Incident

@incident.io create a new incident with severity 'high' and summary 'API gateway returning 503 errors in us-east-1'. Assign it to the platform team.
Open in a Space →

Route Alert to Team

@incident.io create an alert route that sends all alerts with 'database' in the title to the data-platform team and auto-creates incidents for severity critical.
Open in a Space →

Lookup Service Owner

@incident.io show me the catalog entry for the 'payment-processor' service, including the owning team and on-call contact.
Open in a Space →

Add Custom Incident Field

@incident.io create a custom field called 'Customer Impact' with type 'single_select' and options 'None', 'Low', 'Medium', 'High'.
Open in a Space →

Configure Alert Source

@incident.io create a new alert source named 'Datadog Production' and give me the webhook URL so I can configure it in Datadog.
Open in a Space →

Example outputs

Illustrative - representative of the model's voice and quality, not literal recordings.

Prompt

@incident.io show me all active incidents right now, grouped by severity, and tell me which teams are handling the most critical ones

Output

Based on the current incident data, there are 7 active incidents across your organization. Three SEV-1 incidents are being handled by the Platform Engineering team (database outage, API gateway timeout, and authentication service degradation). Two SEV-2 incidents are with the Payments team (checkout flow errors and payment processor latency). The remaining SEV-3 incidents are distributed between Frontend and Data teams. The Platform Engineering team appears to be under the most pressure right now with all three critical incidents.

Notes

This example demonstrates the MCP's ability to fetch and synthesize incident data with the AI's reasoning. The response aggregates real-time incident state, but note that incident.io's API requires appropriate read permissions for incidents and catalog data. The grouping and analysis shown here is the AI's interpretation of the structured data returned by the MCP.

Prompt

@incident.io create a new catalog entry for our 'payment-processor-v2' service in the Services catalog, set the owner to the Payments team and mark it as tier-1 critical

Output

I've created a new catalog entry for 'payment-processor-v2' in your Services catalog. The entry has been configured with the following attributes: owner set to 'Payments' team, criticality tier set to 'tier-1', and status marked as 'active'. This service is now available for selection when creating incidents or configuring alert routes. The catalog entry ID is 'cat_01HQXYZ123' and can be referenced in incident workflows or runbooks.

Notes

This write operation creates persistent configuration in your incident.io workspace. The MCP executes the catalog entry creation immediately — there's no preview or undo. Make sure the catalog type ('Services') and attribute names ('owner', 'criticality tier') match your organization's schema exactly, or the operation will fail. API key must have catalog write permissions.

Prompt

@incident.io set up an alert route that creates SEV-2 incidents automatically when our monitoring system sends alerts tagged 'database' with priority 'high', and assign them to the Platform team

Output

I've configured a new alert route in incident.io with the following logic: when alerts arrive with tag='database' AND priority='high', the system will automatically create a SEV-2 incident and assign it to the Platform Engineering team. The route includes a 5-minute grouping window to prevent duplicate incidents from rapid-fire alerts. Alert attributes will be mapped to incident custom fields where names match. This route is now active and will process incoming alerts immediately.

Notes

This example shows the MCP's incident automation capabilities. The alert route is created and active immediately, so test carefully before deploying to production alert sources. The grouping window and condition logic shown here are illustrative — actual configuration depends on your alert source schema and team structure. Requires both alert route write permissions and catalog read access to validate team assignments.

Use-case deep-dives

On-call escalation for SRE teams

When incident.io beats PagerDuty for small SRE rotations

A 6-person SRE team running on-call for a B2B SaaS product needs alert routing that doesn't require a dedicated ops engineer to maintain. The incident.io MCP wins here because you can script alert route creation and catalog updates from Switchy without touching the web UI. Your team lead writes a prompt that creates a new alert source for each microservice, sets up routing rules based on severity tags, and links catalog entries to the right Slack channels. The 50 tools give you full CRUD on alerts, custom fields, and catalog types—enough to automate the entire on-call setup in one conversation. If your alert volume is under 500/day and you're already paying for incident.io, this MCP replaces the manual toil of clicking through their dashboard. For teams above 15 people or running complex multi-region routing, you'll hit the API rate limit and need terraform instead.

Post-incident review documentation

Automate incident postmortems without leaving your workspace

A 10-person product engineering team closes 3-5 incidents per week and struggles to keep postmortem docs consistent. The incident.io MCP solves this by letting you pull incident metadata, custom field values, and timeline events into a Switchy conversation, then generate a formatted postmortem that matches your template. You prompt Switchy to fetch the last closed incident, extract the root cause custom field, summarize the timeline, and write a draft postmortem in your house style. The MCP's catalog tools let you cross-reference affected services and tag the right teams automatically. This works best for teams with under 20 incidents/month who already use incident.io as their source of truth. If you're writing postmortems in Notion or Confluence and just need incident data as input, this MCP saves 15 minutes per review. For compliance-heavy orgs that need audit trails on every postmortem edit, stick to incident.io's native workflow editor.

Customer support incident triage

Route support escalations to engineering without Slack chaos

A 12-person support and engineering team gets 8-10 customer-reported issues per day that need engineering triage. The incident.io MCP lets your support lead create incidents from Switchy by prompting with the customer ticket ID, severity, and affected service. The MCP's catalog entry tools auto-tag the owning engineering team based on the service catalog, and alert routes ensure the right Slack channel gets notified. You can script custom fields for customer tier, SLA deadline, and revenue impact so engineers see context without asking follow-ups. This setup works when your support team is comfortable with AI prompts and your incident volume is predictable. If you're triaging more than 30 incidents/day or need deep Zendesk integration, the incident.io MCP becomes a bottleneck—use their native Zendesk app instead. For teams under 15 people who want one tool for both internal incidents and customer escalations, this MCP closes the loop.

Frequently asked

What does the incident.io MCP let me do in Switchy?

It connects Switchy to your incident.io workspace so AI can create and manage incidents, alert routes, catalog entries, and custom fields. You can ask the AI to set up alert sources, define catalog types for teams or services, or configure how alerts get routed into incidents — all without leaving the chat. Useful for on-call engineers who want to automate incident response workflows.

Do I need admin access to connect incident.io?

Yes. The MCP uses an API key, and generating one in incident.io typically requires admin or owner permissions. You'll create the key in your incident.io settings, then paste it into Switchy during setup. The key grants full read-write access to your incident.io workspace, so only connect it if you trust your team with that level of control.

Can the MCP update existing incidents or just create new ones?

The MCP's 50 tools focus heavily on creation — new alert routes, catalog entries, custom fields, and alert sources. It can create incidents, but updating or closing existing ones depends on whether incident.io's API exposes those actions in the toolset. Check the full tool list in Switchy's integration settings if you need specific update operations; most teams use it for setup and triage automation.

How is this different from using incident.io's Slack bot?

incident.io's Slack bot handles incident declaration and status updates inside Slack channels. This MCP lives in Switchy's AI workspace, so you can script complex workflows — like creating alert routes based on service catalog data or bulk-adding custom fields — without clicking through the incident.io UI. It's better for configuration tasks; the Slack bot is better for real-time incident comms.

Who on the team should connect this integration?

Whoever owns your incident response tooling — usually a platform engineer, SRE lead, or on-call manager. They'll have the incident.io admin access needed to generate the API key. Once connected, anyone in your Switchy workspace can ask the AI to create alert sources or catalog entries, so limit access to people who understand your incident.io schema.

Data last verified 607 hours ago.Sources aggregated hourly to weekly. See docs/architecture/model-directory.md.