# Exemptions#ListExemptions List a collection of Exemptions Endpoint: GET /sto/api/v2/exemptions Version: 1.0 Security: ## Query parameters: - `accountId` (string, required) Harness Account ID Example: "abcdef1234567890ghijkl" - `page` (integer) Page number to fetch (starting from 0) Example: 4 - `pageSize` (integer) Number of results per page Example: 50 - `orgId` (string) Harness Organization ID Example: "example_org" - `projectId` (string) Harness Project ID Example: "example_project" ## Header parameters: - `X-Api-Key` (string) Harness personal or service access token Example: "Quo possimus quidem officia et necessitatibus vel." ## Response 200 fields (application/json): - `pagination` (object, required) Example: {"link":"","page":4,"pageSize":20,"totalItems":230,"totalPages":12} - `pagination.link` (string) Link-based paging - `pagination.page` (integer, required) Page number (starting from 0) Example: 4 - `pagination.pageSize` (integer, required) Requested page size Example: 20 - `pagination.totalItems` (integer, required) Total results available Example: 230 - `pagination.totalPages` (integer, required) Total pages available Example: 12 - `results` (array, required) Example: [{"approverEmail":"user@harness.io","approverId":"user111111111111111111","approverName":"firstname lastname","canApproveFor":["ACCOUNT","ORG","PROJECT","PIPELINE"],"canCancel":true,"canCreate":true,"canReApprove":true,"canReject":true,"comment":"This exemption was reviewed by the security team.","created":1651578240,"exemptionStatusAtScan":"Expired","expiration":1651578240,"id":"abcdef1234567890ghijkl","isDeleted":true,"issueId":"abcdef1234567890ghijkl","lastModified":1651578240,"link":"https://example.com/ABC-1234","numOccurrences":10,"occurrences":[42,666],"orgId":"your_project","orgName":"Organization Name","pendingChanges":{"durationDays":7},"pipelineId":"your_pipeline","projectId":"your_project","projectName":"Project Name","reason":"Waiting on upstream bug fix","requesterEmail":"user@harness.io","requesterId":"user111111111111111111","requesterName":"firstname lastname","reviewedOn":1651578240,"scanId":"abcdef1234567890ghijkl","scope":"PROJECT","search":"CWE-123,5","status":"Approved","targetId":"abcdef1234567890ghijkl","type":"Other"},{"approverEmail":"user@harness.io","approverId":"user111111111111111111","approverName":"firstname lastname","canApproveFor":["ACCOUNT","ORG","PROJECT","PIPELINE"],"canCancel":true,"canCreate":true,"canReApprove":true,"canReject":true,"comment":"This exemption was reviewed by the security team.","created":1651578240,"exemptionStatusAtScan":"Expired","expiration":1651578240,"id":"abcdef1234567890ghijkl","isDeleted":true,"issueId":"abcdef1234567890ghijkl","lastModified":1651578240,"link":"https://example.com/ABC-1234","numOccurrences":10,"occurrences":[42,666],"orgId":"your_project","orgName":"Organization Name","pendingChanges":{"durationDays":7},"pipelineId":"your_pipeline","projectId":"your_project","projectName":"Project Name","reason":"Waiting on upstream bug fix","requesterEmail":"user@harness.io","requesterId":"user111111111111111111","requesterName":"firstname lastname","reviewedOn":1651578240,"scanId":"abcdef1234567890ghijkl","scope":"PROJECT","search":"CWE-123,5","status":"Approved","targetId":"abcdef1234567890ghijkl","type":"Other"}] - `results.approverEmail` (string) Email of the user who approved this Exemption Example: "user@harness.io" - `results.approverId` (string) User ID the user who approved or rejected this exemptions Example: "user111111111111111111" - `results.approverName` (string) Name of the user who approved this Exemption Example: "firstname lastname" - `results.canApproveFor` (array) Consists of RBAC scopes for an user associated with this Exemption Enum: "ACCOUNT", "ORG", "PROJECT", "PIPELINE", "TARGET" - `results.canCancel` (boolean) States if the user can cancel the exemption Example: true - `results.canCreate` (boolean) States whether the user can create or reopen the exemption Example: true - `results.canReApprove` (boolean) States if the user can re-approve the exemption for the exemption's scope Example: true - `results.canReject` (boolean) States whether the user can reject the exemption Example: true - `results.comment` (string) The additional comment to include with the exemption Example: "This exemption was reviewed by the security team." - `results.created` (integer, required) Unix timestamp at which the resource was created Example: 1651578240 - `results.exemptionStatusAtScan` (string) Exemption's status at the Security Scan created time Enum: "Pending", "Approved", "Rejected", "Expired" - `results.expiration` (integer) Unix timestamp at which this Exemption will expire Example: 1651578240 - `results.id` (string, required) Resource identifier Example: "abcdef1234567890ghijkl" - `results.isDeleted` (boolean) States if the exemption is deleted Example: true - `results.issueId` (string, required) Issue ID associated with the Exemption Example: "abcdef1234567890ghijkl" - `results.lastModified` (integer, required) Unix timestamp at which the resource was most recently modified Example: 1651578240 - `results.link` (string) Link to a related ticket Example: "https://example.com/ABC-1234" - `results.numOccurrences` (integer) States how may occurrences are associated with the exemption, if not an issue level exemption Example: 10 - `results.occurrences` (array) Array of occurrence Ids Example: [42,666] - `results.orgId` (string) ID of the Harness Organization to which the exemption applies. Cannot be specified alongside "targetId". Example: "your_project" - `results.orgName` (string) Name of the organization associated with the exemption Example: "Organization Name" - `results.pendingChanges` (object, required) Example: {"durationDays":7} - `results.pendingChanges.durationDays` (integer) The number of days an issue should be exempted for Example: 7 - `results.pipelineId` (string) ID of the Harness Pipeline to which the exemption applies. You must also specify "projectId" and "orgId". Cannot be specified alongside "targetId". Example: "your_pipeline" - `results.projectId` (string) ID of the Harness Project to which the exemption applies. You must also specify "orgId". Cannot be specified alongside "targetId". Example: "your_project" - `results.projectName` (string) Name of the project associated with the exemption Example: "Project Name" - `results.reason` (string, required) Text describing why this Exemption is necessary Example: "Waiting on upstream bug fix" - `results.requesterEmail` (string) Email of the user who requested this Exemption Example: "user@harness.io" - `results.requesterId` (string, required) User ID of the user who requested this Exemption Example: "user111111111111111111" - `results.requesterName` (string) Name of the user who requested this Exemption Example: "firstname lastname" - `results.reviewedOn` (integer) Unix timestamp when this exemption was reviewed (approved or rejected). Populated only for approved and rejected exemptions. Example: 1651578240 - `results.scanId` (string) ID of the Harness Scan to determine all the occurrences for the scan-issue. You must also specify "projectId", "orgId" and "targetId". Cannot be specified alongside "pipelineId". Example: "abcdef1234567890ghijkl" - `results.scope` (string) States the scope for the exemption Enum: "ACCOUNT", "ORG", "PROJECT", "PIPELINE", "TARGET" - `results.search` (string) Search parameter to find filtered occurrences of the issue Example: "CWE-123,5" - `results.status` (string, required) Approval status of Exemption Enum: "Pending", "Approved", "Rejected", "Expired", "Canceled" - `results.targetId` (string) ID of the Target to which the exemption applies. Cannot be specified alongside "projectId" or "pipelineId". Example: "abcdef1234567890ghijkl" - `results.type` (string, required) Type of Exemption (Compensating Controls / Acceptable Use / Acceptable Risk / False Positive / Fix Unavailable / Other) Enum: "Compensating Controls", "Acceptable Use", "Acceptable Risk", "False Positive", "Fix Unavailable", "Other" ## Response 400 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404