---
name: sentry-create-alert
description: Create Sentry alerts using the workflow engine API. Use when asked to create alerts, set up notifications, configure issue priority alerts, or build workflow automations. Supports email, Slack, and PagerDuty actions with flexible trigger and condition configuration.
---

# Create Sentry Alert

Create alerts via Sentry's workflow engine API.

## Invoke This Skill When

- User asks to "create a Sentry alert" or "set up notifications"
- User wants to be emailed or notified when issues match certain conditions
- User mentions priority alerts, de-escalation alerts, or workflow automations
- User wants to configure Slack, PagerDuty, or email notifications for Sentry issues

## Prerequisites

- `curl` available in shell
- Sentry org auth token with `alerts:write` scope

## Phase 1: Gather Configuration

Ask the user for any missing details:

| Detail | Required | Example |
|--------|----------|---------|
| Org slug | Yes | `sentry`, `my-org` |
| Auth token | Yes | `sntryu_...` (needs `alerts:write` scope) |
| Region | Yes (default: `us`) | `us` → `us.sentry.io`, `de` → `de.sentry.io` |
| Alert name | Yes | `"High Priority De-escalation Alert"` |
| Trigger events | Yes | Which issue events fire the workflow |
| Conditions | Optional | Filter conditions before actions execute |
| Action type | Yes | `email`, `slack`, or `pagerduty` |
| Action target | Yes | User email, team, channel, or service |

## Phase 2: Look Up IDs

Use these API calls to resolve names to IDs as needed.

```bash
API="https://{region}.sentry.io/api/0/organizations/{org}"
AUTH="Authorization: Bearer {token}"

# Find user ID by email
curl -s "$API/members/" -H "$AUTH" | python3 -c "
import json,sys
for m in json.load(sys.stdin):
  if m.get('email')=='USER_EMAIL' or m.get('user',{}).get('email')=='USER_EMAIL':
    print(m['user']['id']); break"

# List teams
curl -s "$API/teams/" -H "$AUTH" | python3 -c "
import json,sys
for t in json.load(sys.stdin):
  print(t['id'], t['slug'])"

# List integrations (for Slack/PagerDuty)
curl -s "$API/integrations/" -H "$AUTH" | python3 -c "
import json,sys
for i in json.load(sys.stdin):
  print(i['id'], i['provider']['key'], i['name'])"
```

## Phase 3: Build Payload

### Trigger Events

Pick which issue events fire the workflow. Use `logicType: "any-short"` (triggers must always use this).

| Type | Fires when |
|------|-----------|
| `first_seen_event` | New issue created |
| `regression_event` | Resolved issue recurs |
| `reappeared_event` | Archived issue reappears |

### Filter Conditions

Conditions that must pass before actions execute. Use `logicType: "all"`, `"any-short"`, or `"none"`.

| Type | comparison | Description |
|------|-----------|-------------|
| `issue_priority_greater_or_equal` | `25` / `50` / `75` / `100` | Priority >= Low/Medium/High/Critical |
| `issue_priority_deescalating` | `true` | Priority dropped below peak |
| `event_frequency_count` | `<number>` | Event count exceeds threshold |
| `event_unique_user_frequency_count` | `<number>` | Affected users exceed threshold |
| `tagged_event` | `"key:value"` | Event has specific tag |
| `assigned_to` | `"<user_or_team_id>"` | Issue assigned to target |

Priority scale: Low=25, Medium=50, High=75, Critical=100.

Set `conditionResult` to `false` to invert (fire when condition is NOT met).

### Actions

| Type | Key Config |
|------|-----------|
| `email` | `targetType`: `"user"` / `"team"` / `"issue_owners"`, `targetIdentifier`: `<id>` |
| `slack` | `integrationId`: `<id>`, `channel`: `"#name"`, `channel_id`: `<id>` |
| `pagerduty` | `integrationId`: `<id>`, `service`: `<id>`, `severity`: `"critical"` |

### Full Payload Structure

```json
{
  "name": "<Alert Name>",
  "enabled": true,
  "environment": null,
  "config": { "frequency": 0 },
  "triggers": {
    "logicType": "any-short",
    "conditions": [
      { "type": "first_seen_event", "comparison": true, "conditionResult": true }
    ]
  },
  "actionFilters": [{
    "logicType": "all",
    "conditions": [
      { "type": "issue_priority_greater_or_equal", "comparison": 75, "conditionResult": true }
    ],
    "actions": [{
      "type": "email",
      "integrationId": null,
      "data": {},
      "config": {
        "targetType": "user",
        "targetIdentifier": "<user_id>",
        "targetDisplay": null
      }
    }]
  }]
}
```

`frequency`: seconds between repeated notifications. `0` = no throttling, `1800` = 30 min.

## Phase 4: Create the Alert

```bash
curl -s -w "\n%{http_code}" -X POST \
  "https://{region}.sentry.io/api/0/organizations/{org}/workflows/" \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{payload}'
```

Expect HTTP `201`. The response contains the workflow `id`.

## Phase 5: Verify

Confirm the alert was created and provide the UI link:

```
https://{org_slug}.sentry.io/monitors/alerts/{workflow_id}/
```

If the org lacks the `workflow-engine-ui` feature flag, the alert appears at:

```
https://{org_slug}.sentry.io/alerts/rules/
```

## Managing Alerts

```bash
# List all workflows
curl -s "$API/workflows/" -H "$AUTH"

# Get one workflow
curl -s "$API/workflows/{id}/" -H "$AUTH"

# Delete a workflow
curl -s -X DELETE "$API/workflows/{id}/" -H "$AUTH"
# Expect 204
```

## Troubleshooting

| Issue | Solution |
|-------|----------|
| 401 Unauthorized | Token needs `alerts:write` scope |
| 403 Forbidden | Token must belong to the target org |
| 404 Not Found | Check org slug and region (`us` vs `de`) |
| 400 Bad Request | Validate payload JSON structure, check required fields |
| User ID not found | Verify email matches a member of the org |