The Gremlin Failure-as-a-Service API for programmatically running chaos engineering attacks, scenarios, reliability tests, disaster recovery experiments, and managing teams, integrations, and infrastructure targets across cloud, container, and Kubernetes environments.
openapi: 3.0.1
info:
title: Gremlin API
description: The API for interacting with the Gremlin Failure-as-a-Service platform
termsOfService: https://www.gremlin.com/terms_of_service_2017_03_24
contact:
name: Gremlin Support
email: [email protected]
license:
name: Gremlin License
url: https://www.gremlin.com/license_2017_03_24
version: '1.0'
servers:
- url: https://api.gremlin.com/v1
description: Gremlin API v1
tags:
- name: attacks
description: Create, halt, and list attacks
- name: halts
description: Halt impacts across the Gremlin platform
- name: kubernetes.attacks
description: Create, halt, and list Kubernetes attacks
- name: metadata
description: Get metadata about the Gremlin commands.
- name: users.auth.mfa
description: Endpoints for multi-factor user auth (MFA) and for managing MFA providers and secrets
- name: Notification Integrations
description: Manage company level integrations with Slack/Datadog
- name: oauth
description: OAuth callback endpoints
- name: roles
description: List and modify roles
- name: users.auth
description: Endpoints for non-MFA user auth
- name: aws.metadata
description: Get metadata about the AWS IAM role creation for health checks
- name: datadog
description: Read Datadog items
- name: grafana
description: Get Grafana alerts
- name: jira
description: Create, read Jira tickets
- name: newrelic
description: Read New Relic items
- name: pagerduty
description: Get Pagerduty services and incidents
- name: external-integrations
description: Used for managing authentication for Status Checks and Load Generators
- name: failure-flags.apps
description: Get, list, and protect applications
- name: failure-flags.experiments
description: Get, list, and protect experiments
- name: failure-flags.flags
description: Get, list, and protect failure flags
- name: gamedays
description: Create, update and run GameDays
- name: images
description: Manage images for different entities
- name: google-cloud.integration
description: Fetch setup instructions for configuring a Google Cloud integration.
- name: google-cloud.integration.resources
description: List resources Gremlin has discovered through a configured integration.
- name: agents
description: List and modify all infrastructure and failure flag agents
- name: clients
description: List and modify all clients
- name: integration-clients
description: Handle client integrations
- name: integration-invocations
description: Used for interacting with the Private Network Integration
- name: apikeys
description: Create, delete, activate, deactivate and list apikeys
- name: companies
description: Update company preferences, get all users or clients for a company, and get company details
- name: orgs
description: Get and update org preferences. Generate new and delete old client certificates
- name: reports
description: Get users, clients, and attacks summaries
- name: reports.security
description: Endpoints for receiving access and event logs
- name: notification-settings
description: View and modify a team's notification settings
- name: teams
description: Create, Retrieve, Update, and Delete endpoints for Teams
- name: users
description: Get users (all or active) and activate, deactivate, update, and invite users.
- name: disaster-recovery-test-reports
description: Get and list disaster recovery test reports
- name: disaster-recovery-tests
description: Create, get, list, run, and complete disaster recovery tests
- name: metrics
description: Metrics for charting purposes
- name: reliability-report
description: Retrieve reliability report for a given service
- name: reliability-management
description: API to access resources for reliability management
- name: test-suites
description: Create custom test suites
- name: reliability-tests
description: Get and run reliability tests
- name: scenarios.recommended
description: Get/List recommended scenarios
- name: scenarios
description: Create, update, run, halt, and list scenarios
- name: health checks
description: Create, read, update, delete health checks as well as test health check endpoint and evaluation configuration
- name: schedules
description: Get, create, and delete schedules
- name: containers
description: Get all active containers
- name: services
description: Get metrics about intelligent health check target for a service
- name: kubernetes.targets
description: Get information on attackable kubernetes targets
- name: providers
description: Get a list of supported infrastructure providers and supported services by provider
- name: service-overview
description: Overview of a service, including all activity that impacts a service
- name: sharedAssets
description: Used for sharing agent assets (eg. K8s Namespaces) between teams
- name: load-generators
description: Create, read, update, and delete LoadGenerators
- name: webhooks
description: Create, read, update, and delete webhooks
paths:
/attacks/active:
get:
tags:
- attacks
summary: List all active attacks.
description: 'This endpoint will return all active attacks for the team.
Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)'
operationId: active
parameters:
- name: source
in: query
description: Filter attacks to either adhoc or scenario.
schema:
type: string
enum:
- Adhoc
- Scenario
example: Adhoc
- name: pageSize
in: query
description: This value determines how many results will be returned per call.
schema:
type: integer
format: int32
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/attacks/active/paged:
get:
tags:
- attacks
summary: Return a page of active ad-hoc experiments.
description: 'This endpoint will return a paged response of active ad-hoc experiments for a team.
Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)'
operationId: activePaged
parameters:
- name: pageSize
in: query
description: This value determines how many results will be returned per call.
schema:
type: integer
format: int32
default: 1000
example: None (defaults to 1000)
- name: pageToken
in: query
description: Pass the pageToken to get the next page of active ad-hoc experiments
schema:
type: string
example: None (returns first page)
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/PagedResponseExperimentsResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/attacks/{guid}/annotations:
put:
tags:
- attacks
summary: Add annotations to an attack
description: Requires the privilege [`MINIMUM_TEAM_PRIVILEGES`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: addAnnotations
parameters:
- name: guid
in: path
description: This value represents the globally unique identifier of the record to fetch.
required: true
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AttackAnnotationsInputRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege for target team: MINIMUM_TEAM_PRIVILEGES'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- MINIMUM_TEAM_PRIVILEGES
/attacks:
get:
tags:
- attacks
summary: List all attacks.
description: Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: all
parameters:
- name: source
in: query
description: Filter attacks to either adhoc or scenario.
schema:
type: string
enum:
- Adhoc
- Scenario
example: Adhoc
- name: pageSize
in: query
description: This value determines how many results will be returned per call.
schema:
type: integer
format: int32
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
post:
tags:
- attacks
summary: Create a new attack.
description: 'Create a new attack by specifying the attack configuration, targets and sampling configuration
Requires the privilege [`EXPERIMENTS_RUN`](https://www.gremlin.com/docs/user-management/access-control/#privileges)'
operationId: createNewAttack
parameters:
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAttackRequest'
required: true
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/AttackForServiceResponse'
text/plain:
schema:
type: array
items:
$ref: '#/components/schemas/AttackForServiceResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_RUN'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_RUN
delete:
tags:
- attacks
summary: Idempotently halt all active attacks
operationId: halt
parameters: []
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege: HALT_ALL'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
/attacks/range:
get:
tags:
- attacks
summary: List all attacks in a given time range (defaults to all attacks up to now)
description: Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: allAttacksInRange
parameters:
- name: startTime
in: query
schema:
type: string
format: date-time
- name: endTime
in: query
schema:
type: string
format: date-time
- name: pageSize
in: query
description: This value determines how many results will be returned per call.
schema:
type: integer
format: int32
- name: pageToken
in: query
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/PagedResponseTaskResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/attacks/completed:
get:
tags:
- attacks
summary: List all completed attacks.
description: 'This endpoint will return all completed attacks that the team has performed.
Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)'
operationId: completed
parameters:
- name: source
in: query
description: Filter attacks to either adhoc or scenario.
schema:
type: string
enum:
- Adhoc
- Scenario
example: Adhoc
- name: pageSize
in: query
description: This value determines how many results will be returned per call.
schema:
type: integer
format: int32
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/attacks/completed/paged:
get:
tags:
- attacks
summary: Return a page of completed ad-hoc experiments.
description: 'This endpoint will return a paged response of completed ad-hoc experiments for a team.
Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)'
operationId: completedPaged
parameters:
- name: pageSize
in: query
description: This value determines how many results will be returned per call.
schema:
type: integer
format: int32
default: 1000
example: None (defaults to 1000)
- name: pageToken
in: query
description: Pass the pageToken to get the next page of completed ad-hoc experiments
schema:
type: string
example: None (returns first page)
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/PagedResponseExperimentsResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/attacks/new:
post:
tags:
- attacks
summary: Legacy Create Attack.
description: 'Note that this endpoint is considered deprecated but is maintained for existing consumers. Please consider
using the new `POST /attacks` endpoint instead.
For a list of attack parameters, please visit: https://www.gremlin.com/docs/infrastructure-layer/attacks/#parameter-reference.
Please note that if the `labels` or `tags` fields are not provided, no filtering will be employed and an attack will
target all active clients within your team.
For more information on creating a new attack using the API, please visit: https://www.gremlin.com/docs/api-reference/examples/
Requires the privilege [`EXPERIMENTS_RUN`](https://www.gremlin.com/docs/user-management/access-control/#privileges)'
operationId: create
parameters:
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAttackInput'
required: true
responses:
default:
description: default response
content:
text/plain:
schema:
type: string
'403':
description: 'User requires privilege for target team: EXPERIMENTS_RUN'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
deprecated: true
security:
- privilege:
- EXPERIMENTS_RUN
/attacks/{guid}:
get:
tags:
- attacks
summary: Get details about an attack.
description: 'This endpoint will allow you to get info on a specific attack based on its guid.
Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)'
operationId: get
parameters:
- name: guid
in: path
description: This value represents the globally unique identifier of the record to fetch.
required: true
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
delete:
tags:
- attacks
summary: Idempotently halt the specified active attack.
description: Requires the privilege [`HALT_WRITE`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: halt_1
parameters:
- name: guid
in: path
description: This value represents the globally unique identifier of the record to fetch.
required: true
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege for target team: HALT_WRITE'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- HALT_WRITE
/attacks/halt:
post:
tags:
- attacks
summary: Idempotently halt all active attacks. This is a POST version of the DELETE operation.
operationId: haltAsPost
parameters: []
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/HaltRequest'
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege: HALT_ALL'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
/attacks/{guid}/halt:
post:
tags:
- attacks
summary: Idempotently halt the specified active attack.
description: Requires the privilege [`HALT_WRITE`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: haltAsPost_1
parameters:
- name: guid
in: path
description: This value represents the globally unique identifier of the record to fetch.
required: true
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/HaltRequest'
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/TaskResponse'
'403':
description: 'User requires privilege for target team: HALT_WRITE'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- HALT_WRITE
/executions:
get:
tags:
- executions
summary: Get a list of executions associated with an attack.
description: Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: forAttack
parameters:
- name: taskId
in: query
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ExecutionResponse'
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/halts:
post:
tags:
- halts
summary: Idempotently halt all active impacts across the Gremlin platform
operationId: haltAll
parameters: []
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/HaltRequest'
responses:
default:
description: default response
content:
'*/*': {}
'403':
description: 'User requires privilege: HALT_ALL'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
/kubernetes/attacks/{guid}:
get:
tags:
- kubernetes.attacks
summary: Get an attack by it's guid
description: Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: attack
parameters:
- name: guid
in: path
description: This value represents the globally unique identifier of the record to fetch.
required: true
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json: {}
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/kubernetes/attacks:
get:
tags:
- kubernetes.attacks
summary: List all attacks.
description: Requires the privilege [`EXPERIMENTS_READ`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: attacks
parameters:
- name: source
in: query
description: Filter Kubernetes attacks to either Adhoc or Scenario.
schema:
type: string
enum:
- Adhoc
- Scenario
example: Adhoc
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json: {}
'403':
description: 'User requires privilege for target team: EXPERIMENTS_READ'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- EXPERIMENTS_READ
/kubernetes/attacks/new:
post:
tags:
- kubernetes.attacks
summary: Legacy endpoint for creating K8s attacks. Please consider `POST /attacks` endpoint instead
description: Requires the privilege [`EXPERIMENTS_WRITE`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: createAttack
parameters:
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Attack'
responses:
HttpStatus.SC_CREATED:
description: Attack created, attackId returned
'403':
description: 'User requires privilege for target team: EXPERIMENTS_WRITE'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
deprecated: true
security:
- privilege:
- EXPERIMENTS_WRITE
/kubernetes/attacks/{uid}/halt:
post:
tags:
- kubernetes.attacks
summary: Halt an active attack
description: Requires the privilege [`HALT_WRITE`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: halt_2
parameters:
- name: uid
in: path
required: true
schema:
type: string
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/HaltRequest'
responses:
HttpStatus.SC_ACCEPTED:
description: Halt successfully triggered
'403':
description: 'User requires privilege for target team: HALT_WRITE'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- HALT_WRITE
/kubernetes/attacks/halt:
post:
tags:
- kubernetes.attacks
summary: Halt all active attacks
operationId: haltAll_1
parameters: []
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/HaltRequest'
responses:
'202':
description: Halt successfully triggered
'403':
description: 'User requires privilege: HALT_ALL'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
/metadata:
get:
tags:
- metadata
summary: Get metadata about the Gremlin commands.
description: Requires the privilege [`MINIMUM_TEAM_PRIVILEGES`](https://www.gremlin.com/docs/user-management/access-control/#privileges)
operationId: metadata
parameters:
- name: teamId
in: query
description: Required when using company session token.
required: true
schema:
type: string
responses:
default:
description: default response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/InfraAttackMetadata'
'403':
description: 'User requires privilege for target team: MINIMUM_TEAM_PRIVILEGES'
'401':
description: Authorization header missing or malformed. Please provide proper credentials in the authorization header.
security:
- privilege:
- MINIMUM_TEAM_PRIVILEGES
/users/auth/mfa/auth:
post:
tags:
- users.auth.mfa
summary: Authenticate a user with MFA.
operationId: auth
parameters:
- name: getCompanySession
in: query
schema:
type: boolean
requestBody:
content:
application/x-www-form-urlencoded:
schema:
required:
- email
- password
type: object
properties:
email:
type: string
password:
type: string
token:
maximum: 999999
type: integer
format: int32
companyName:
type: string
responses:
default:
description: default response
content:
application/json: {}
'403':
description: Response was sent via HTTP, please retry using HTTPS
/users/auth/mfa/disable:
post:
tags:
- users.auth.mfa
summary: Removes the MFA provider and secret, disabling MFA login.
operationId: disable
# --- truncated at 32 KB (689 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/gremlin/refs/heads/main/openapi/gremlin-openapi.yml