Request a takedown

Request a takedown

In Doppel Vision, clicking Request Takedown on an alert sets its queue_state to actioned. The API equivalent is PUT /v1/alert with queue_state: "actioned".

This guide shows that mapping end to end, plus a few common variations: leaving a comment, attaching evidence, and tagging.

What you'll do

  1. Authenticate (see Authentication).
  2. Identify the alert by id or entity.
  3. PUT /v1/alert with queue_state: "actioned".

The examples below show the organization-wide auth mode (x-api-key only). For the user-specific mode, also send x-user-api-key (and x-organization-code if your user belongs to multiple organizations) — see Authentication.

Request a takedown

cURL

curl --request PUT \
  --url "https://api.doppel.com/v1/alert?id=ACM-1234" \
  --header "x-api-key: <YOUR_ORG_API_KEY>" \
  --header "Content-Type: application/json" \
  --data '{
    "queue_state": "actioned",
    "comment": "Confirmed phishing — proceeding with takedown."
  }'

Python

import requests

response = requests.put(
    "https://api.doppel.com/v1/alert",
    headers={"x-api-key": "<YOUR_ORG_API_KEY>"},
    params={"id": "ACM-1234"},
    json={
        "queue_state": "actioned",
        "comment": "Confirmed phishing — proceeding with takedown.",
    },
)
response.raise_for_status()

Node.js

const url = new URL("https://api.doppel.com/v1/alert");
url.searchParams.set("id", "ACM-1234");

const response = await fetch(url, {
  method: "PUT",
  headers: {
    "x-api-key": "<YOUR_ORG_API_KEY>",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    queue_state: "actioned",
    comment: "Confirmed phishing — proceeding with takedown.",
  }),
});

if (!response.ok) {
  throw new Error(`Takedown request failed: ${response.status}`);
}

The response is the full updated alert object, with queue_state: "actioned".

Identifying the alert

PUT /v1/alert requires exactly one of id or entity as a query parameter:

  • id=ACM-1234 — the id returned from POST /v1/alert.
  • entity=https%3A%2F%2Fsuspicious-site.example.com — useful when you only have the URL or phone number. URL-encode the value.

Passing both, or neither, returns 400 Bad Request.

Optional: add a comment, evidence, or a tag in the same request

You can bundle additional changes with the queue-state update — they're applied atomically.

Add a comment

{
  "queue_state": "actioned",
  "comment": "Confirmed phishing — proceeding with takedown."
}

The comment is recorded on the alert.

Attach evidence

file_action and files must be sent together. Files are base64-encoded; up to 10 per request, 50MB each.

import base64

with open("evidence.png", "rb") as f:
    encoded = base64.b64encode(f.read()).decode()

requests.put(
    "https://api.doppel.com/v1/alert",
    headers={"x-api-key": "<YOUR_ORG_API_KEY>"},
    params={"id": "ACM-1234"},
    json={
        "queue_state": "actioned",
        "file_action": "upload",
        "files": [{"file_name": "evidence.png", "file_to_upload": encoded}],
    },
)

Add or remove a tag

tag_action and tag_name must be sent together. Tags must already exist for your organization (or be global tags).

{
  "queue_state": "actioned",
  "tag_action": "add",
  "tag_name": "Credential Theft"
}

Other queue transitions

PUT /v1/alert accepts any of the queue states defined for the resource. Two are explicitly anchored to Doppel Vision behavior:

  • actioned — the value to send for "Request Takedown" (this guide).
  • taken_down — equivalent to Resolved in the Doppel Vision app.

The remaining values (doppel_review, needs_confirmation, monitoring, archived) are also accepted. See Check the status of an alert for what each state means in the workflow, and the Update Alert API reference for the full request schema.

Status codes

StatusMeaning
200 OKAlert was updated. The full updated alert is returned.
400 Bad RequestBoth or neither of id / entity was provided, the body had no fields to update, or a paired field was missing (e.g. tag_action without tag_name).
401 UnauthorizedMissing or invalid auth headers.
404 Not FoundNo alert in your organization matches the supplied id or entity, or a referenced tag was not found.
429 Too Many RequestsRate limit exceeded.

Next steps