# List firewall exceptions List firewall exceptions with optional filters Endpoint: GET /har/api/v3/scans/exceptions Version: 1.0 Security: x-api-key ## Query parameters: - `account_identifier` (string, required) Unique identifier for the Harness account. - `org_identifier` (string) Unique identifier for the organization within the account. Example: default or engineering_org - `project_identifier` (string) Unique identifier for the project within the organization. Example: my_project or frontend_services - `status` (string) Filter by firewall exception status Enum: "PENDING", "APPROVED", "REJECTED", "EXPIRED" - `package_name` (string) Filter by package name - `version` (string) Filter by version - `package_types` (array) Registry Package Type - `registry_ids` (array) Unique id for the registry. Note: This parameter should have one id if package query param is provided Example: ["12345678-1234-1234-1234-123456789012","aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"] - `exception_id` (string) Filter by firewall exception ID - `search_term` (string) Search term for filtering results. Example: search_term=prod might match keys like "production", "prod-env", etc. - `page` (integer) The page number for pagination (0-indexed). Used to navigate through large result sets. Combined with size parameter to control which subset of results to return. Example: page=0 returns the first page, page=1 returns the second page - `size` (integer) The number of items to return per page. Controls the page size for paginated results. Example: size=50 returns up to 50 items per page - `sort` (string) The sort for the results. Accepted pattern: sort_field:sort_order where sort_field is the field name and sort_order is either asc or desc. Examples: name:asc, modifiedAt:desc ## Response 200 fields (application/json): - `hasMore` (boolean, required) True if more results exist after this page. Example: true - `page` (integer, required) The current page (0-indexed) - `size` (integer, required) Number of items per page Example: 20 - `items` (array, required) - `items.businessJustification` (string, required) Business justification for the exception - `items.createdAt` (integer, required) Unix timestamp (milliseconds) when created - `items.createdBy` (object, required) Structured user information for a principal - `items.createdBy.display_name` (string) Human-readable display name - `items.createdBy.email` (string) Email address - `items.createdBy.type` (string) Principal type (user, service, service_account) - `items.createdBy.uid` (string) Principal unique identifier (username) - `items.exceptionId` (string, required) Unique identifier for the exception - `items.expirationAt` (integer,null) Unix timestamp (milliseconds) when the exception expires. Computed at approval time. - `items.expireAfter` (integer,null) Number of days after approval when the exception expires - `items.notes` (string,null) Note from approver (if approved/rejected) - `items.packageName` (string, required) Name of the package - `items.packageType` (string, required) type of the package - `items.registryId` (string, required) Registry identifier - `items.registryName` (string) Name of the registry - `items.remediationPlan` (string,null) Plan for remediation - `items.status` (string, required) Status of the firewall exception Enum: "PENDING", "APPROVED", "REJECTED", "EXPIRED" - `items.statusChangedAt` (integer,null) Unix timestamp (milliseconds) when status was changed - `items.statusChangedBy` (object) Structured user information for a principal - `items.updatedAt` (integer, required) Unix timestamp (milliseconds) when last updated - `items.updatedBy` (object, required) Structured user information for a principal - `items.versionId` (string,null) Version identifier - `items.versionList` (array, required) List of versions covered by exception - `items.versionScanMap` (object,null) Map of version string to scan ID - `meta` (object) Metadata counts for firewall exceptions - `meta.approvedCount` (integer, required) Number of exceptions with APPROVED status (non-expired) Example: 25 - `meta.expiredCount` (integer, required) Number of approved exceptions that have expired Example: 10 - `meta.pendingCount` (integer, required) Number of exceptions with PENDING status Example: 10 - `meta.rejectedCount` (integer, required) Number of exceptions with REJECTED status Example: 5 - `meta.totalCount` (integer, required) Total number of exceptions Example: 50 ## Response default fields (application/json): - `error` (object, required) - `error.code` (string) For some errors that could be handled programmatically, a short string indicating the [error code](https://docs.stripe.com/error-codes) reported. - `error.message` (string) A human-readable message providing more details about the error. These messages can be shown to users. - `error.param` (string) If the error is parameter-specific, the parameter related to the error. For example, we can use this to display a message near the correct form field. - `error.type` (string, required) The type of error returned. Enum: "INVALID_REQUEST_ERROR", "AUTHENTICATION_ERROR", "PERMISSION_ERROR", "API_ERROR"