# Exemptions#ApproveExemption Approve/reject an existing Exemption Endpoint: PUT /sto/api/v2/exemptions/{id}/{action} Version: 1.0 Security: ## Query parameters: - `accountId` (string, required) Harness Account ID Example: "abcdef1234567890ghijkl" - `orgId` (string) Harness Organization ID Example: "example_org" - `projectId` (string) Harness Project ID Example: "example_project" ## Path parameters: - `id` (string, required) The ID of the Exemption to update Example: "abcdef1234567890ghijkl" - `action` (string, required) The approval action to take on the Exemption Enum: "approve", "reject" ## Header parameters: - `X-Api-Key` (string) Harness personal or service access token Example: "Minus porro aspernatur eos aut nostrum." ## Request fields (application/json): - `approverId` (string, required) User ID the user who approved or rejected this exemptions Example: "user111111111111111111" - `comment` (string) Comment to be added to the Exemption approval or rejection Example: "This is a comment for the approval or rejection of the exemption" ## Response 200 fields (application/json): - `approverId` (string) User ID the user who approved or rejected this exemptions Example: "user111111111111111111" - `canApproveFor` (array) Consists of RBAC scopes for an user associated with this Exemption Enum: "ACCOUNT", "ORG", "PROJECT", "PIPELINE", "TARGET" - `canCancel` (boolean) States if the user can cancel the exemption Example: true - `canCreate` (boolean) States whether the user can create or reopen the exemption Example: true - `canReApprove` (boolean) States if the user can re-approve the exemption for the exemption's scope Example: true - `canReject` (boolean) States whether the user can reject the exemption Example: true - `comment` (string) The additional comment to include with the exemption Example: "This exemption was reviewed by the security team." - `created` (integer, required) Unix timestamp at which the resource was created Example: 1651578240 - `exemptionStatusAtScan` (string) Exemption's status at the Security Scan created time Enum: "Pending", "Approved", "Rejected", "Expired" - `expiration` (integer) Unix timestamp at which this Exemption will expire Example: 1651578240 - `id` (string, required) Resource identifier Example: "abcdef1234567890ghijkl" - `isDeleted` (boolean) States if the exemption is deleted Example: true - `issueId` (string, required) Issue ID associated with the Exemption Example: "abcdef1234567890ghijkl" - `lastModified` (integer, required) Unix timestamp at which the resource was most recently modified Example: 1651578240 - `link` (string) Link to a related ticket Example: "https://example.com/ABC-1234" - `numOccurrences` (integer) States how may occurrences are associated with the exemption, if not an issue level exemption Example: 10 - `occurrences` (array) Array of occurrence Ids Example: [42,666] - `orgId` (string) ID of the Harness Organization to which the exemption applies. Cannot be specified alongside "targetId". Example: "your_project" - `orgName` (string) Name of the organization associated with the exemption Example: "Organization Name" - `pendingChanges` (object, required) Example: {"durationDays":7} - `pendingChanges.durationDays` (integer) The number of days an issue should be exempted for Example: 7 - `pipelineId` (string) ID of the Harness Pipeline to which the exemption applies. You must also specify "projectId" and "orgId". Cannot be specified alongside "targetId". Example: "your_pipeline" - `projectId` (string) ID of the Harness Project to which the exemption applies. You must also specify "orgId". Cannot be specified alongside "targetId". Example: "your_project" - `projectName` (string) Name of the project associated with the exemption Example: "Project Name" - `reason` (string, required) Text describing why this Exemption is necessary Example: "Waiting on upstream bug fix" - `requesterId` (string, required) User ID of user who requested this exemptions Example: "user111111111111111111" - `scanId` (string) ID of the Harness Scan to determine all the occurrences for the scan-issue. You must also specify "projectId", "orgId" and "targetId". Cannot be specified alongside "pipelineId". Example: "abcdef1234567890ghijkl" - `scope` (string) States the scope for the exemption Enum: "ACCOUNT", "ORG", "PROJECT", "PIPELINE", "TARGET" - `search` (string) Search parameter to find filtered occurrences of the issue Example: "CWE-123,5" - `status` (string, required) Approval status of Exemption Enum: "Pending", "Approved", "Rejected", "Expired", "Canceled" - `targetId` (string) ID of the Target to which the exemption applies. Cannot be specified alongside "projectId" or "pipelineId". Example: "abcdef1234567890ghijkl" - `type` (string, required) Type of Exemption (Compensating Controls / Acceptable Use / Acceptable Risk / False Positive / Fix Unavailable / Other) Enum: "Compensating Controls", "Acceptable Use", "Acceptable Risk", "False Positive", "Fix Unavailable", "Other" ## Response 400 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 401 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 403 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 404 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 429 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 500 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404