# Bulk create exemptions

Create multiple Exemptions in bulk. Each item is processed independently — failures are collected and returned alongside successes.

Endpoint: POST /sto/api/v2/exemptions/bulk
Version: 1.0
Security: 

## Query parameters:

  - `accountId` (string, required)
    Harness Account ID
    Example: "abcdef1234567890ghijkl"

  - `orgId` (string, required)
    Harness Organization ID
    Example: "example_org"

  - `projectId` (string, required)
    Harness Project ID
    Example: "example_project"

## Header parameters:

  - `X-Api-Key` (string)
    Harness personal or service access token
    Example: "Voluptate aut."

## Request fields (application/json):

  - `exemptFutureOccurrences` (boolean)
    Whether to exempt future occurrences of each issue

  - `expiration` (integer)
    Unix timestamp at which these Exemptions will expire
    Example: 1651578240

  - `items` (array, required)
    List of exemption items to create (max 100)
    Example: [{"issueId":"abcdef1234567890ghijkl","occurrences":[42,666],"pipelineId":"your_pipeline","scanId":"abcdef1234567890ghijkl","search":"CWE-123,5","targetId":"abcdef1234567890ghijkl"},{"issueId":"abcdef1234567890ghijkl","occurrences":[42,666],"pipelineId":"your_pipeline","scanId":"abcdef1234567890ghijkl","search":"CWE-123,5","targetId":"abcdef1234567890ghijkl"}]

  - `items.issueId` (string, required)
    Issue ID associated with the Exemption
    Example: "abcdef1234567890ghijkl"

  - `items.occurrences` (array)
    Array of occurrence IDs
    Example: [42,666]

  - `items.pipelineId` (string)
    ID of the Harness Pipeline to which the exemption applies. Cannot be specified alongside "targetId".
    Example: "your_pipeline"

  - `items.scanId` (string)
    ID of the Harness Scan to determine all occurrences for the scan-issue.
    Example: "abcdef1234567890ghijkl"

  - `items.search` (string)
    Search parameter to find filtered occurrences of the issue
    Example: "CWE-123,5"

  - `items.targetId` (string)
    ID of the Target to which the exemption applies. Cannot be specified alongside "pipelineId".
    Example: "abcdef1234567890ghijkl"

  - `link` (string)
    Link to a related ticket
    Example: "https://example.com/ABC-1234"

  - `pendingChanges` (object, required)
    Example: {"durationDays":7}

  - `pendingChanges.durationDays` (integer)
    The number of days an issue should be exempted for
    Example: 7

  - `reason` (string, required)
    Text describing why these Exemptions are necessary
    Example: "Waiting on upstream bug fix"

  - `requesterEmail` (string)
    Email of the user who requested these Exemptions
    Example: "user@harness.io"

  - `requesterId` (string, required)
    User ID of the user who requested these Exemptions
    Example: "user111111111111111111"

  - `requesterName` (string)
    Name of the user who requested these Exemptions
    Example: "firstname lastname"

  - `type` (string, required)
    Type of Exemption (Compensating Controls / Acceptable Use / Acceptable Risk / False Positive / Fix Unavailable / Other)
    Enum: "Compensating Controls", "Acceptable Use", "Acceptable Risk", "False Positive", "Fix Unavailable", "Other"

## Response 200 fields (application/json):

  - `failed` (integer, required)
    Number of failed exemption creations
    Example: 1

  - `results` (array, required)
    Per-item results in the same order as the request items
    Example: [{"error":"\"targetId\" must be specified when \"exempt future occurrences\" is disabled","id":"abcdef1234567890ghijkl","issueId":"abcdef1234567890ghijkl","statusCode":201},{"error":"\"targetId\" must be specified when \"exempt future occurrences\" is disabled","id":"abcdef1234567890ghijkl","issueId":"abcdef1234567890ghijkl","statusCode":201},{"error":"\"targetId\" must be specified when \"exempt future occurrences\" is disabled","id":"abcdef1234567890ghijkl","issueId":"abcdef1234567890ghijkl","statusCode":201},{"error":"\"targetId\" must be specified when \"exempt future occurrences\" is disabled","id":"abcdef1234567890ghijkl","issueId":"abcdef1234567890ghijkl","statusCode":201}]

  - `results.error` (string)
    Error message (populated on failure)
    Example: "\"targetId\" must be specified when \"exempt future occurrences\" is disabled"

  - `results.id` (string)
    ID of the created exemption (populated on success)
    Example: "abcdef1234567890ghijkl"

  - `results.issueId` (string, required)
    Issue ID of the exemption item
    Example: "abcdef1234567890ghijkl"

  - `results.statusCode` (integer, required)
    HTTP status code for this item (201 on success, 4xx/5xx on failure)
    Example: 201

  - `succeeded` (integer, required)
    Number of successfully created exemptions
    Example: 5

## Response 400 fields (application/json):

  - `message` (string, required)
    Example: "Not Found"

  - `status` (integer)
    Example: 404