Submit an alert

Submit an alert

This guide walks through submitting a new alert to Doppel for an entity (a URL or phone number) you want investigated. Submitting an alert tells Doppel to triage the entity through its standard workflow and return a handle you can use to follow up.

What you'll do

  1. Authenticate (see Authentication).
  2. POST /v1/alert with the entity and brand.
  3. Capture the alert id from the response so you can check the status or request a takedown later.

Prerequisites

  • A V1 API key (see Authentication for the two auth modes — organization-wide or user-specific).
  • The exact name of an active brand in your organization. Brand names are case-insensitive but must match an existing, non-archived brand. Use GET /v1/brands to list yours if you're unsure.

The examples below show the organization-wide auth mode (x-api-key only). For the user-specific mode, also send x-user-api-key (and x-organization-code if your user belongs to multiple organizations) — see Authentication.

Submit an alert

cURL

curl --request POST \
  --url "https://api.doppel.com/v1/alert" \
  --header "x-api-key: <YOUR_ORG_API_KEY>" \
  --header "Content-Type: application/json" \
  --data '{
    "entity": "https://suspicious-site.example.com",
    "brand": "Acme Corp",
    "tags": ["Credential Theft"]
  }'

Python

import requests

response = requests.post(
    "https://api.doppel.com/v1/alert",
    headers={"x-api-key": "<YOUR_ORG_API_KEY>"},
    json={
        "entity": "https://suspicious-site.example.com",
        "brand": "Acme Corp",
        "tags": ["Credential Theft"],
    },
)
response.raise_for_status()
alert = response.json()
alert_id = alert["id"]

Node.js

const response = await fetch("https://api.doppel.com/v1/alert", {
  method: "POST",
  headers: {
    "x-api-key": "<YOUR_ORG_API_KEY>",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    entity: "https://suspicious-site.example.com",
    brand: "Acme Corp",
    tags: ["Credential Theft"],
  }),
});

if (!response.ok) {
  throw new Error(`Submit failed: ${response.status}`);
}
const alert = await response.json();
const alertId = alert.id;

Request body

FieldTypeRequiredDescription
entitystringYesThe URL or phone number to alert on.
brandstringNoName of the brand to associate with the alert. Must match an active (non-archived) brand in your organization. Case-insensitive.
tagsstring[]NoTag names to apply at creation. Tags must already exist for your organization (or be global tags); unknown tags are silently ignored.
sourcestringNoCustom API source identifier. Must exactly match the API value field of an external source configured under your organization's settings in Doppel Vision.
filesobject[]NoUp to 10 files to attach as evidence. Each entry is { "file_name": "...", "file_to_upload": "<base64>" }. Maximum 50MB per file.

Response

A successful submission returns the new alert's identity and a deep link into Doppel Vision:

{
  "id": "ACM-1234",
  "entity": "https://suspicious-site.example.com",
  "doppel_link": "https://app.doppel.com/alerts/ACM-1234",
  "last_activity": "2026-06-15T10:30:00"
}

The id is in the format ORG-NUMBER, where ORG is your organization's abbreviation. Persist this id — it's the handle you'll use to check status or take action on the alert later.

Status codes

StatusMeaning
201 CreatedNew alert was created.
200 OKAn alert for this entity already exists in your organization. The existing alert is returned.
400 Bad Requestentity is missing, malformed, or refers to a protected asset (e.g. one of your own domains). Per the V1 OpenAPI spec, also returned when source does not match a configured external source, or when files contains more than 10 items, duplicate file names, or is missing file_to_upload.
404 Not FoundThe brand name does not match any active brand in your organization.
409 ConflictAn alert exists for this entity but is associated with a different brand.

Common patterns

Tagging the submission with a custom source

To label submissions from a particular integration, include source. Per the V1 OpenAPI spec, the string must exactly match the API value field of an external source configured under your organization's settings in Doppel Vision (not the display name).

{
  "entity": "https://suspicious-site.example.com",
  "brand": "Acme Corp",
  "source": "slack-integration"
}

Attaching evidence at creation time

Attach files to the alert at creation time:

import base64

with open("evidence.png", "rb") as f:
    encoded = base64.b64encode(f.read()).decode()

response = requests.post(
    "https://api.doppel.com/v1/alert",
    headers={"x-api-key": "<YOUR_ORG_API_KEY>"},
    json={
        "entity": "https://suspicious-site.example.com",
        "brand": "Acme Corp",
        "files": [{"file_name": "evidence.png", "file_to_upload": encoded}],
    },
)

You can attach up to 10 files per request, each up to 50MB.

Next steps