> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useanima.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Post orgs anomaly rules



## OpenAPI

````yaml /openapi.json post /orgs/{orgId}/anomaly-rules
openapi: 3.1.1
info:
  title: Anima API
  version: 0.1.0
  description: >-
    The Anima API provides programmatic access to unified infrastructure for AI
    agents: create and manage agents; send and receive email; place phone calls
    and send/receive SMS and voice; store and retrieve vault credentials; manage
    agent identity; and configure webhooks for real-time events. Authenticate
    using a Bearer token or an API key passed via the X-API-Key header.
  contact:
    name: Anima Labs
    url: https://useanima.sh
    email: support@useanima.sh
  license:
    name: MIT
    url: https://opensource.org/licenses/MIT
servers:
  - url: https://api.useanima.sh/v1
    description: Production
security:
  - BearerAuth: []
  - ApiKeyAuth: []
tags:
  - name: Agents
    description: Create and manage AI agents with email and phone capabilities
  - name: Inboxes
    description: Manage email inboxes and their configurations
  - name: Messages
    description: Send, receive, and search email messages
  - name: Webhooks
    description: Register and manage webhook subscriptions for real-time events
  - name: Organizations
    description: Manage organizations and team settings
  - name: Domains
    description: Configure and verify custom email domains
  - name: Phone
    description: Manage phone numbers and SMS/voice capabilities
  - name: Invoices
    description: Track invoices, match receipts, and reconcile payments
  - name: Billing
    description: View usage, tiers, and billing information
  - name: Security
    description: Configure security policies and access controls
  - name: Vault
    description: Store and retrieve encrypted secrets
  - name: API Keys
    description: Create and manage API keys for programmatic access
paths:
  /orgs/{orgId}/anomaly-rules:
    post:
      operationId: anomaly.createRule
      parameters:
        - name: orgId
          in: path
          required: true
          schema:
            type: string
            description: Organization identifier
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                name:
                  type: string
                  minLength: 1
                  maxLength: 200
                  description: Human-readable rule name
                metric:
                  enum:
                    - email_send_rate
                    - sms_send_rate
                    - vault_access_rate
                    - api_call_rate
                    - unique_recipients
                  type: string
                  description: Type of metric being tracked
                condition:
                  enum:
                    - zscore_gt
                    - rate_multiplier_gt
                    - absolute_gt
                    - time_violation
                  type: string
                  description: Detection condition type
                threshold:
                  type: number
                  minimum: 0
                  description: Threshold value for the condition
                severity:
                  default: WARNING
                  enum:
                    - INFO
                    - WARNING
                    - CRITICAL
                  type: string
                  description: Severity level of the anomaly alert
                quarantineAction:
                  default: NONE
                  enum:
                    - NONE
                    - SOFT
                    - HARD
                  type: string
                  description: Quarantine action to take when rule triggers
                cooldownMinutes:
                  default: 60
                  type: integer
                  minimum: 0
                  maximum: 10080
                  description: Minutes between alerts
                enabled:
                  default: true
                  type: boolean
              required:
                - name
                - metric
                - condition
                - threshold
              description: Input for creating an anomaly detection rule
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  id:
                    type: string
                    description: Unique rule identifier
                  orgId:
                    type: string
                    description: Organization identifier
                  name:
                    type: string
                    description: Human-readable rule name
                  metric:
                    enum:
                      - email_send_rate
                      - sms_send_rate
                      - vault_access_rate
                      - api_call_rate
                      - unique_recipients
                    type: string
                    description: Type of metric being tracked
                  condition:
                    enum:
                      - zscore_gt
                      - rate_multiplier_gt
                      - absolute_gt
                      - time_violation
                    type: string
                    description: Detection condition type
                  threshold:
                    type: number
                    description: Threshold value for the condition
                  severity:
                    enum:
                      - INFO
                      - WARNING
                      - CRITICAL
                    type: string
                    description: Severity level of the anomaly alert
                  quarantineAction:
                    enum:
                      - NONE
                      - SOFT
                      - HARD
                    type: string
                    description: Quarantine action to take when rule triggers
                  cooldownMinutes:
                    type: integer
                    description: Minutes to wait between alerts for this rule
                  enabled:
                    type: boolean
                    description: Whether the rule is active
                  createdAt:
                    type: string
                    description: ISO 8601 creation timestamp
                  updatedAt:
                    type: string
                    description: ISO 8601 last update timestamp
                required:
                  - id
                  - orgId
                  - name
                  - metric
                  - condition
                  - threshold
                  - severity
                  - quarantineAction
                  - cooldownMinutes
                  - enabled
                  - createdAt
                  - updatedAt
                description: An anomaly detection rule
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT Bearer token obtained from authentication. Pass as: Authorization:
        Bearer <token>
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: 'API key for programmatic access. Pass as: X-API-Key: <your-key>'

````