Core workflows

Workflow Alerts

List and filter alerts within your enforcement workflows

API Reference: See the full endpoint specifications for List Content Workflow Alerts and List Account Workflow Alerts.

Workflows organize your enforcement pipeline—from initial detection through investigation and resolution. Use the workflow alerts endpoints to programmatically access the alerts assigned to each workflow, filter by state or platform, and integrate with your existing tooling.

Workflow types

Outtake supports two categories of workflows based on alert type:

Content workflows handle domain resolutions, ad removals, app store disputes, leaked credentials, and other content-based threats. Use GET /alerts/content-workflows/{workflowId} for these.

In Outtake, “content” includes domains, ads, and apps—not just social media posts. If you’re working with domain takedowns, ad enforcement, or app store disputes, use the content workflows endpoint.

Account workflows manage fake accounts, impersonators, and other account-level threats across social platforms. Use GET /alerts/account-workflows/{workflowId} for these.

Core endpoints

  • GET /alerts/content-workflows/{workflowId} — list content alerts in a workflow with filtering and pagination.
  • GET /alerts/account-workflows/{workflowId} — list account alerts in a workflow with filtering and pagination.

Finding your workflow ID

The workflow ID is a UUID that uniquely identifies each workflow. You can find it in the URL when viewing a workflow in the Outtake dashboard:

https://app.outtake.ai/account/{PROFILE_ID}/workflows/{WORKFLOW_ID}

Both PROFILE_ID and WORKFLOW_ID are UUIDs. Copy the workflow ID from the URL and use it in your API requests.

List content workflow alerts

Retrieve alerts from content-based workflows like domain resolutions, ad enforcement, or app investigations.

$curl --request GET "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Filter by workflow state

Focus on alerts in specific stages of your pipeline:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}?workflowItemStates=new,flagged" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Comma-separate multiple values within a single parameter (e.g. ?workflowItemStates=new,flagged).

Common workflow states include new, active, flagged, in_progress, pending, resolved, completed, and ignored. Available states vary by workflow type.

Filter by platform and content type

Narrow results to specific platforms or content categories:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}\
>?platforms=domains\
>&contentTypes=domain" \
>  --header "Authorization: Bearer YOUR_API_KEY"

For ad enforcement workflows, filter by ad content types:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}?contentTypes=meta_ad,google_ad_creative" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Filter by date range

Retrieve alerts created within a specific window:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}\
>?alertCreatedFrom=2024-01-01T00:00:00Z\
>&alertCreatedTo=2024-01-31T23:59:59Z" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Search within a workflow

Find alerts matching specific keywords:

$curl --request GET "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}?query=example.com" \
>  --header "Authorization: Bearer YOUR_API_KEY"

List account workflow alerts

Retrieve alerts from account-based workflows like fake account resolutions or impersonator investigations.

ℹ️ When you need to provide multiple values for the same filter (e.g. platforms, workflowItemStates, or contentTypes), pass them as a comma-separated list within a single query parameter. Repeating the same parameter (&platforms=foo&platforms=bar) is rejected by the API.

$curl --request GET "https://app.outtake.ai/api/v1/alerts/account-workflows/{WORKFLOW_ID}" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Filter by platform

Focus on specific social platforms:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/account-workflows/{WORKFLOW_ID}?platforms=instagram,tiktok" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Combine filters

Build complex queries by combining parameters:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/account-workflows/{WORKFLOW_ID}\
>?workflowItemStates=active,pending\
>&platforms=instagram,tiktok\
>&alertCreatedFrom=2024-01-01T00:00:00Z" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Pagination

Both endpoints support offset-based pagination with pageIndex and pageSize:

$# First page of 25 results
>curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}\
>?pageSize=25\
>&pageIndex=0" \
>  --header "Authorization: Bearer YOUR_API_KEY"
>
># Second page
>curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}\
>?pageSize=25\
>&pageIndex=1" \
>  --header "Authorization: Bearer YOUR_API_KEY"

The response includes totalCount and hasMore to help you determine when to stop iterating.

Response structure

When working with domain alerts, responses may include optional domain investigation fields:

  • classification: Domain investigation classification (e.g., phishing, legitimate).
  • classificationConfidence: Bucketed confidence score (0, 0.3, 0.5, or 0.75).

Content workflow response

1{
2  "data": {
3    "alerts": [
4      {
5        "alertId": "9ac8149c-5e1a-4f61-bfd0-16ca8f4bb1a0",
6        "url": "https://suspicious-domain.com",
7        "platform": "domains",
8        "contentType": "domain",
9        "alertCreatedAt": "2024-01-15T10:30:00Z",
10        "workflowItemState": "active",
11        "sentiment": -1,
12        "classification": "phishing",
13        "classificationConfidence": 0.75
14      }
15    ],
16    "totalCount": 142,
17    "pageIndex": 0,
18    "pageSize": 50,
19    "hasMore": true
20  }
21}

Account workflow response

1{
2  "data": {
3    "alerts": [
4      {
5        "alertId": "7bc8149c-5e1a-4f61-bfd0-16ca8f4bb1a0",
6        "platform": "instagram",
7        "accountName": "Fake Account",
8        "accountUrl": "https://instagram.com/fake_account",
9        "alertCreatedAt": "2024-01-15T10:30:00Z",
10        "workflowItemState": "flagged"
11      }
12    ],
13    "totalCount": 38,
14    "pageIndex": 0,
15    "pageSize": 50,
16    "hasMore": false
17  }
18}

Common use cases

Export workflow data for reporting

Pull all resolved alerts from a domain resolution workflow:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}\
>?workflowItemStates=resolved\
>&pageSize=100" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Feed alerts to automation systems

Retrieve active alerts for automated processing:

$curl --request GET \
>  "https://app.outtake.ai/api/v1/alerts/content-workflows/{WORKFLOW_ID}\
>?workflowItemStates=active\
>&pageSize=50" \
>  --header "Authorization: Bearer YOUR_API_KEY"

Build custom dashboards

Combine workflow alerts with Collections and Takedown Analytics for comprehensive visibility:

  1. Use workflow alerts to get current pipeline state
  2. Use Collections to track narrative trends
  3. Use Takedown Analytics to measure enforcement success rates

Best practices

  • Poll strategically: For workflows with high alert volume, use date filters to fetch incremental updates rather than full exports.
  • Store alert IDs: Persist alertId values as foreign keys in your systems to correlate with external tickets or case management tools.
  • Use workflow states: Design your integrations around workflow states to build state machines that mirror your enforcement pipeline.
  • Combine with webhooks: Set up webhooks to receive real-time notifications, then use these endpoints for bulk operations and historical queries.

See the API reference for complete field schemas, validation rules, and error codes.