AIIncidentTracker
Developer docs

REST API v1

AIIncidentTracker exposes a read-only REST API over the same dataset that powers the site. Use it to embed incident records in your compliance tooling, monitor for new incidents involving a company you cover, or backfill your own database from ours.

The OpenAPI 3.1 specification is available at /api/v1/openapi.json. Drop it into Postman, Insomnia, Stoplight, or your codegen tool of choice.

Authentication

Every request must include an API key in the Authorization header:

curl -H "Authorization: Bearer <YOUR_KEY>" \
  https://aiincidenttracker.com/api/v1/incidents

Keys are issued per-customer with a per-key rate-limit ceiling. To request a key, email editorial@aiincidenttracker.com.

Rate limits

Default is 60 requests per minute per key. Every response includes:

  • X-RateLimit-Limit — your per-minute ceiling
  • X-RateLimit-Remaining — requests left in the current window
  • X-RateLimit-Reset — Unix timestamp when the window resets

A 429 response means you've burned through your bucket — wait until X-RateLimit-Reset and retry. Enterprise keys can be provisioned at higher limits.

Response envelope

Every successful response uses the same shape:

{
  "data": [ /* one or more Incident objects */ ],
  "meta": {
    "total": 312,
    "page": 1,
    "perPage": 25,
    "hasMore": true,
    "next": "https://aiincidenttracker.com/api/v1/incidents?page=2&per_page=25"
  }
}

Errors use a separate envelope:

{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded. Try again later.",
    "detail": { "resetAt": 1747606820000 }
  }
}

Endpoints

GET /api/v1/incidents

List incidents, paginated, default-sorted by date_last_verified DESC.

Supported filters:

  • status — alleged, confirmed, company_disputed, resolved, ongoing
  • severity — critical, high, medium, low, near_miss
  • jurisdiction — e.g. US-NY, EU, HK
  • company — company slug
  • industry_naics — 6-digit NAICS code
  • ai_system_type — e.g. llm_generative, autonomous_driving
  • updated_since — ISO-8601 timestamp; only returns incidents re-verified after this point
  • page, per_page (max 100)

GET /api/v1/incidents/{slug}

Fetch a single incident with full source list and taxonomy.

GET /api/v1/companies

Every company referenced in our database with an incident count.

GET /api/v1/topics

The harm-type and AI-system-type taxonomies with counts.

Polling for changes

We recommend a 15-minute poll against /api/v1/incidents?updated_since=<your_last_sync>. Our re-verify cron runs hourly, so polling more aggressively than every 15 minutes will not return new data and will burn your rate-limit budget.

Attribution & licensing

The dataset is licensed CC BY 4.0. If you display our data publicly, link back to https://aiincidenttracker.com. Per-incident citation requirements (some incidents inherit upstream attribution from AIID, AIAAIC, or OECD AIM) are included in each record's sources[].source_name field.

Full license terms: data-attribution.

Status & uptime

Real-time status, ingestion cadence, and source health are at /status.