Update a case

  • Updated on Sep 2, 2025
  • Published on Dec 25, 2023
  • 4 minute(s) read
Prev Next
Patch
/v1alpha/cases/{case.id}

Modifies the specified case. For more information on the different case properties, go to our documentation.

Security
HTTP
Type bearer
Path parameters
case.id
integer (int32) Required

ID

The unique identifier of the case.

Body parameters
Expand All
object
case
object (The_new_values_for_the_case_properties_to_update__Remove_the_properties_that_need_to_retain_their_values_) Required

The new values for the case properties to update. Remove the properties that need to retain their values.

title
string

The case title.

Examplecompromised user device
description
string

The case description.

ExampleA user device is infected with a malware
state
object (case_managementcasesv1State)
value
string

The name of the state. The default states are: new, in progress, on hold, resolved, closed. If your workspace has custom states, you can specify them by name.

Examplenew
severity
object (v1Severity)
value
string

The severity of the case. The possible values are: informational, low, medium, high, critical.

Examplehigh
assignee
string

The email address of the case assignee.

Examplejohn@torq.io
reporter
object (v1Actor)
user
object (ActorUser)
email
string

The email of the actor. Only applicable when the actor is a user.

Examplejane@torq.io
sla
object (v1Sla)
value
string (int64)

The duration, measured in seconds, from the creation of the case until it should be resolved or closed.

Example86400
start_time
string (date-time)

The timestamp when the case was created.

end_time
string (date-time)

The timestamp when the case was resolved or closed.

category
string

The case categpry.

Examplemalware
tasks
object (v1Tasks)
pending
integer (int64)

The number of pending tasks.

Example3
resolution_summary
object (v1ResolutionSummary)
reason
string

The reason the case was resolved or closed (up to 100 characters).

Exampleuser device was cleaned
details
string

The detailed overview of the case resolution.

ExampleThe user device was cleaned using the following steps: ...
review
object (v1Review)
reviewer
object (v1Actor)
user
object (ActorUser)
email
string

The email of the actor. Only applicable when the actor is a user.

Examplejane@torq.io
conclusion
object (v1Conclusion)
value
string

The review conclusion. The default conclusions are Approved and Rejected, but they can be customized on the Cases settings page.

ExampleApproved
note
string

The case review conclusion note, providing additional context.

Example
reviewed_by
object (v1Actor)
user
object (ActorUser)
email
string

The email of the actor. Only applicable when the actor is a user.

Examplejane@torq.io
access_policy_type
string
  • ACCESS_POLICY_UNSPECIFIED: The case is publicly accessible.
  • ACCESS_POLICY_PUBLIC: The case is publicly accessible.
  • ACCESS_POLICY_COLLABORATORS_LIST: The case is accessible only to a list of collaborators
Valid values[ "ACCESS_POLICY_UNSPECIFIED", "ACCESS_POLICY_PUBLIC", "ACCESS_POLICY_COLLABORATORS_LIST" ]
Default"ACCESS_POLICY_UNSPECIFIED"
access_mode
object (v1AccessMode)
id
string
  • ACCESS_POLICY_UNSPECIFIED: The case is publicly accessible.
  • ACCESS_POLICY_PUBLIC: The case is publicly accessible.
  • ACCESS_POLICY_COLLABORATORS_LIST: The case is accessible only to a list of collaborators
Valid values[ "ACCESS_POLICY_UNSPECIFIED", "ACCESS_POLICY_PUBLIC", "ACCESS_POLICY_COLLABORATORS_LIST" ]
Default"ACCESS_POLICY_UNSPECIFIED"
update_mask
string Required

The fields mask. The possible values are: "title", "description", "reporter", "state","severity", "assignee", "category", "sla", "tags", "custom_fields", "resolutionSummary", "review", or any comma-separated combination of these values. For example, to update the case title and description the field mask value is "title,description".

Exampleassignee
Responses
200

A successful response.

Expand All
object
case
object (v1Case)
id
integer (int32)

The unique identifier of the case.

Example28
pretty_id
string

The unique identifier of the case as displayed on the Cases page.

Example#28
title
string

The case title.

Examplecompromised user device
description
string

The case description.

ExampleA user device is infected with a malware
state
object (case_managementcasesv1State)
value
string

The name of the state. The default states are: new, in progress, on hold, resolved, closed. If your workspace has custom states, you can specify them by name.

Examplenew
severity
object (v1Severity)
value
string

The severity of the case. The possible values are: informational, low, medium, high, critical.

Examplehigh
assignee
string

The email address of the case assignee.

Examplejohn@torq.io
reporter
object (v1Actor)
kind
string

The actor kind. Supported values are: USER, WORKFLOW, SOCRATES.

user
object (ActorUser)
email
string

The email of the actor. Only applicable when the actor is a user.

Examplejane@torq.io
created_at
string (date-time)

The timestamp when the case was created.

updated_at
string (date-time)

The timestamp when the case was last updated.

completed_at
string (date-time)

The timestamp when the case was resolved or closed.

sla
object (v1Sla)
value
string (int64)

The duration, measured in seconds, from the creation of the case until it should be resolved or closed.

Example86400
start_time
string (date-time)

The timestamp when the case was created.

end_time
string (date-time)

The timestamp when the case was resolved or closed.

category
string

The case categpry.

Examplemalware
tags
Array of string

The case tags.

Example[ "user", "phishing" ]
string
tasks
object (v1Tasks)
pending
integer (int64)

The number of pending tasks.

Example3
resolution_summary
object (v1ResolutionSummary)
reason
string

The reason the case was resolved or closed (up to 100 characters).

Exampleuser device was cleaned
details
string

The detailed overview of the case resolution.

ExampleThe user device was cleaned using the following steps: ...
runbook_id
string

The case runbook ID.

review
object (v1Review)
reviewer
object (v1Actor)
kind
string

The actor kind. Supported values are: USER, WORKFLOW, SOCRATES.

user
object (ActorUser)
email
string

The email of the actor. Only applicable when the actor is a user.

Examplejane@torq.io
conclusion
object (v1Conclusion)
value
string

The review conclusion. The default conclusions are Approved and Rejected, but they can be customized on the Cases settings page.

ExampleApproved
note
string

The case review conclusion note, providing additional context.

Example
reviewed_by
object (v1Actor)
kind
string

The actor kind. Supported values are: USER, WORKFLOW, SOCRATES.

user
object (ActorUser)
email
string

The email of the actor. Only applicable when the actor is a user.

Examplejane@torq.io
access_policy_type
string
  • ACCESS_POLICY_UNSPECIFIED: The case is publicly accessible.
  • ACCESS_POLICY_PUBLIC: The case is publicly accessible.
  • ACCESS_POLICY_COLLABORATORS_LIST: The case is accessible only to a list of collaborators
Valid values[ "ACCESS_POLICY_UNSPECIFIED", "ACCESS_POLICY_PUBLIC", "ACCESS_POLICY_COLLABORATORS_LIST" ]
Default"ACCESS_POLICY_UNSPECIFIED"
access_mode
object (v1AccessMode)
id
string
  • ACCESS_POLICY_UNSPECIFIED: The case is publicly accessible.
  • ACCESS_POLICY_PUBLIC: The case is publicly accessible.
  • ACCESS_POLICY_COLLABORATORS_LIST: The case is accessible only to a list of collaborators
Valid values[ "ACCESS_POLICY_UNSPECIFIED", "ACCESS_POLICY_PUBLIC", "ACCESS_POLICY_COLLABORATORS_LIST" ]
Default"ACCESS_POLICY_UNSPECIFIED"
401

Invalid bearer token. If you receive this message more than once try creating a new Client ID/Client Secret or generating a new bearer token.

object
403

You don't have permission to access this resource.

object