Rank Cookbook
Platform
Esc

    Type to search the documentation.

    Tickets API

    HTTP reference for Jira tickets — create from findings, list and retrieve, manage comments and attachments, and sync state from Jira.

    All paths are relative to https://api.aleex-rank.ai/api/v2 and authenticate with X-API-Key: rk_... (see REST API). Tickets create and track Jira issues from the platform; they are typically opened from a finding during Vulnerability triage. These endpoints back the Python SDK’s client.tickets.* resource — the SDK mirrors them one for one (SDK resources).

    Creating tickets requires a Jira integration configured in the dashboard for your account or team; without it, POST /tickets (and the comment, attachment and sync actions) responds 500 with Jira integration is not configured.

    Tickets

    GET    /tickets
POST   /tickets
GET    /tickets/{id}
DELETE /tickets/{id}

    GET /tickets lists your tickets, newest first, paginated with page and per_page. Create a ticket — summary is required (max 255 characters); description is optional; issue_type is optional and one of Bug (default), Task or Story. Priority is fixed at Medium and is not selectable:

    {
  "summary": "Reflected XSS in the login redirect",
  "description": "Reflected XSS via the redirect_url parameter on /login",
  "issue_type": "Bug"
}

    The issue is created in Jira first, then stored locally and returned with HTTP 201:

    {
  "success": true,
  "data": {
    "id": 87,
    "jira_issue_key": "SCYTALEIN-204",
    "jira_issue_id": "10542",
    "user_id": 42,
    "summary": "Reflected XSS in the login redirect",
    "description": "Reflected XSS via the redirect_url parameter on /login",
    "issue_type": "Bug",
    "priority": "Medium",
    "status": "TO DO",
    "assigned_to": null,
    "created_at": "2026-02-18 09:14:02",
    "updated_at": "2026-02-18 09:14:02"
  }
}

    GET /tickets/{id} returns one ticket. It first syncs the latest status and assigned_to from Jira, then enriches the record with the reporter’s user_email/username and the linked comments and attachments:

    {
  "success": true,
  "data": {
    "id": 87,
    "jira_issue_key": "SCYTALEIN-204",
    "summary": "Reflected XSS in the login redirect",
    "issue_type": "Bug",
    "priority": "Medium",
    "status": "In Progress",
    "assigned_to": "Dana Lee",
    "user_email": "alice@example.com",
    "username": "alice",
    "comments": [
      {
        "id": "10231",
        "author": "You",
        "body": "Repro steps attached.",
        "created": "2026-02-18 09:20:11",
        "updated": "2026-02-18 09:20:11"
      }
    ],
    "attachments": [
      {
        "id": "10688",
        "filename": "xss-poc.png",
        "mime_type": "image/png",
        "size": 84213,
        "author": "alice",
        "created": "2026-02-18 09:21:40"
      }
    ]
  }
}

    Each comment’s author is relabeled for the viewer as You, Admin or User. DELETE /tickets/{id} closes the matching Jira issue and removes the ticket from your list:

    {"success": true, "data": {"message": "Ticket deleted successfully"}}

    Comments

    POST   /tickets/{id}/comments
PUT    /tickets/{id}/comments/{commentId}
DELETE /tickets/{id}/comments/{commentId}

    Comments are written straight to the linked Jira issue; {commentId} is the Jira comment id. The body carries the text under comment:

    {"comment": "Confirmed on staging — escalating to high."}

    POST returns the created comment with HTTP 201, PUT returns the updated comment, and DELETE returns:

    {"success": true, "data": {"message": "Comment deleted successfully"}}

    Attachments

    POST /tickets/{id}/attachments
GET  /tickets/{id}/attachments/{attachmentId}/preview

    Uploads use multipart/form-data with a single file field rather than a JSON body:

    curl https://api.aleex-rank.ai/api/v2/tickets/87/attachments \
  -H "X-API-Key: rk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -F "file=@xss-poc.png"

    Allowed types are images (png, jpg, jpeg, gif, webp, svg) plus pdf and docx, up to 10 MB. The file’s real content is verified against its extension, so a spoofed type is rejected with 400. On success the file is attached to the Jira issue and returned with HTTP 201.

    GET /tickets/{id}/attachments/{attachmentId}/preview proxies an attachment back for inline rendering. It streams the raw bytes with the matching Content-Type and Content-Disposition: inline instead of the JSON envelope, so point an <img> tag or browser tab at it directly.

    Sync

    POST /tickets/{id}/sync

    Pulls the current status and assignee from Jira on demand (the same sync GET /tickets/{id} performs) and returns the refreshed ticket. Use it to reflect changes the support team made in Jira without waiting for the next read:

    {
  "success": true,
  "data": {
    "id": 87,
    "jira_issue_key": "SCYTALEIN-204",
    "status": "Done",
    "assigned_to": "Dana Lee"
  }
}