UNPKG

openapi-directory

Version:

Building & bundling https://github.com/APIs-guru/openapi-directory for easy use from JS

github.com/httptoolkit/openapi-directory-js

httptoolkit/openapi-directory-js

1 lines 145 kB
1
{"openapi":"3.0.0","servers":[{"description":"Production server","url":"https://api.probely.com"}],"info":{"contact":{"email":"support@probely.com","name":"Probely Support","url":"https://probely.com"},"description":"Probely is a Web Vulnerability Scanning suite for Agile Teams. It provides\ncontinuous scanning of your Web Applications and lets you efficiently\nmanage the lifecycle of the vulnerabilities found, in a sleek and\nintuitive ~~web interface~~ API.\n\n## Quick-Start\n\n### Authentication\n\nTo use the API, you first need to create a token (API Key).\nTo create a token, select a target from the drop-down list, go to the\n\"Settings\" page, and click on the \"Integrations\" tab.\n\nWrite a name for the API Key. For example, if you want to use the API Key\nfor travis,\nyou could name it \"travis\". In this example, we chose \"**example.com_key**\"\n\n![Creating API key][1]\n\n [1]: assets/qs/create_api_key_1.png\n\n\n\nThe API key was created successfully:\n\n![API key created][2]\n\n [2]: assets/qs/create_api_key_2.png\n\n\nOn every request, you need to pass this token in the authorization header,\nlike this:\n\n\n```yaml\nAuthorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJBRlNJQlp\n3elFsMDEiLCJ1c2VybmFtZSI6IkNIZ2tkSUROdzV0NSJ9.90UwiPGS2hlvgOLktFU0LfKuatNKm\nmEP79u17VnqT9M\n```\n\n\n**WARNING: Treat this token as a password. With this token, you have the\npower to fully manage the target.**\n\nIn the following examples, the token will be named as *PROBELY_AUTH_TOKEN*.\n\n\n### Scan target\n\nFirst let's view our target list:\n\n```bash\ncurl https://api.probely.com/targets/ \\\n -X GET \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: JWT PROBELY_AUTH_TOKEN\"\n```\n\n\nFrom the results, we need the **target id**:\n\n```json\n{\n \"count\":1,\n \"page_total\":1,\n \"page\":1,\n \"length\":10,\n \"results\":[\n {\n \"id\":\"AxtkqTE0v3E-\",\n \"name\":\"test-site\",\n \"desc\":\"\",\n \"url\":\"https://test-site.example.com\",\n \"settings\":\n \"(...)\"\n ,\n \"stack\":\n \"(...)\"\n ,\n \"verified\":true,\n \"(...)\": \"(...)\"\n }\n ]\n}\n```\n\n\nNow we can send a request to start a scan on target id **AxtkqTE0v3E-**\n\n```bash\ncurl https://api.probely.com/targets/AxtkqTE0v3E-/scan_now/ \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: JWT PROBELY_AUTH_TOKEN\"\n```\n\n\nAnd we get a response saying that the scan is scheduled: the status is **queued**, and we've got a **scan id**:\n\n```json\n{\n \"changed\":\"2017-08-01T13:37:00.843339Z\",\n \"started\":null,\n \"completed\":null,\n \"mediums\":0,\n \"changed_by\":\n \"(...)\"\n ,\n \"highs\":0,\n \"status\":\"queued\",\n \"id\":\"S6dOMPn0SnoH\",\n \"created_by\":\n \"(...)\"\n ,\n \"target\":\n \"(...)\"\n ,\n \"created\":\"2017-08-01T13:37:00.843339Z\",\n \"lows\":0\n}\n```\n\n\nUsing the scan id **S6dOMPn0SnoH**, we can pool the scan status:\n\n```bash\ncurl https://api.probely.com/targets/AxtkqTE0v3E-/scans/S6dOMPn0SnoH/ \\\n -X GET \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: JWT PROBELY_AUTH_TOKEN\"\n```\n\n\nAnd we get a response saying that the scan status is now **started**:\n\n```json\n{\n \"id\":\"S6dOMPn0SnoH\",\n \"changed\":\"2017-08-01T13:38:12.623650Z\",\n \"started\":null,\n \"completed\":null,\n \"mediums\":0,\n \"changed_by\":\n \"(...)\"\n ,\n \"highs\":0,\n \"status\":\"started\",\n \"created_by\":\n \"(...)\"\n ,\n \"target\":\n \"(...)\"\n ,\n \"created\":\"2017-08-01T13:37:00.843339Z\",\n \"lows\":0\n}\n```\n\n\nThe possible statuses are:\n\n| Status | Name | Description |\n| ------ | ---- | ----------- |\n| queued | Queued | The scan is queued to start |\n| started | Started | The scan is currently running |\n| under_review | Under Review | The scan is complete but has some findings under review |\n| completed | Completed | The scan is complete |\n| completed_with_errors | Completed with errors | The scan is complete even after getting some error(s) |\n| failed | Failed | The scan failed |\n| canceled | Canceled | The scan was canceled |\n| canceling | Canceling | The scan is being canceled |\n\n\nDuring the scan, the keys \"lows\", \"mediums\", and \"highs\" will be updated\nwith the findings, as they are being found.\n\nAfter we get either the status **completed** or **completed_with_errors**,\nwe can view the findings.\n\n\n### Get vulnerabilities\n\nUsing the previous scan id **S6dOMPn0SnoH**, we can get the scan results:\n\n```bash\ncurl https://api.probely.com/targets/AxtkqTE0v3E-/scans/S6dOMPn0SnoH/ \\\n -X GET \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: JWT PROBELY_AUTH_TOKEN\"\n```\n\nWe get a response saying that the scan status is now **completed**, and\nthat **45** vulnerabilities were found. **14** low, **11** medium and\n**20** high:\n\n```json\n{\n \"id\":\"S6dOMPn0SnoH\",\n \"target\":\n \"(...)\"\n ,\n \"status\":\"completed\",\n \"started\":\"2017-08-01T13:37:12.623650Z\",\n \"completed\":\"2017-08-01T14:17:48.559514Z\",\n \"lows\":14,\n \"mediums\":11,\n \"highs\":20,\n \"created\":\"2017-08-01T13:37:00.843339Z\",\n \"created_by\":\n \"(...)\"\n ,\n \"changed\":\"2017-08-01T14:17:48.559514Z\",\n \"changed_by\":\n \"(...)\"\n}\n```\n\nYou can now view the results of this scan, or the target findings.\n\n\nLet's start with the scan results:\n\n```bash\ncurl https://api.probely.com/targets/AxtkqTE0v3E-/findings/?scan=S6dOMPn0SnoH&page=1 \\\n -X GET \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: JWT PROBELY_AUTH_TOKEN\"\n```\n\n```json\n{\n \"count\":45,\n \"page_total\":5,\n \"page\":1,\n \"length\":10,\n \"results\":[\n {\n \"id\":79,\n \"target\":\n \"(...)\"\n ,\n \"scans\":\n \"(...)\"\n ,\n \"labels\":\n \"(...)\"\n ,\n \"fix\":\"To fix an SQL Injection in PHP, you should use Prepared Statements. Prepared Statements can be thought of as a kind of compiled template for the SQL that an application wants to run, that can be customized using variable parameters.\\n\\nPHP's PDO extension supports Prepared Statements, so that's probably your best option.\\n\\nIn the example below you can see the use of prepared statements. Variables ```$username``` and ```$hashedPassword``` come from user input.\\n\\n```\\n$stmt = $dbg->prepare(\\\"SELECT id, name FROM users\\n WHERE username=? AND password=?\\\");\\n$stmt->bindParam(1, $username);\\n$stmt->bindParam(2, $hashedPassword);\\nif ($stmt->execute()) {\\n\\t$user = $stmt->fetch();\\n\\tif ($user) {\\n\\t\\t$_SESSION['authID'] = $user['id'];\\n\\t\\techo \\\"Hello \\\" . $user['name'];\\n\\t} else {\\n\\t\\techo \\\"Invalid Login\\\";\\n\\t}\\n}\\n``` \\n\\nAs an added bonus, if you're executing the same query several times, then it'll be even faster than when you're not using prepared statements. This is because when using prepared statements, the query needs to be parsed (prepared) only once, but can be executed multiple times with the same or different parameters. \\n\",\n \"requests\":[\n {\n \"request\":\"(...)\",\n \"response\":\"(...)\"\n },\n {\n \"request\":\"(...)\",\n \"response\":\"(...)\"\n }\n ],\n \"evidence\":null,\n \"extra\":\"\",\n \"definition\":{\n \"id\":\"xnV8PJVmSoLS\",\n \"name\":\"SQL Injection\",\n \"desc\":\"SQL Injections are the most common form of injections because SQL databases are very popular in dynamic web applications. This vulnerability allows an attacker to tamper existing SQL queries performed by the web application. Depending on the queries, the attacker might be able to access, modify or even destroy data from the database.\\n\\nSince databases are commonly used to store private data, such as authentication information, personal user data and site content, if an attacker gains access to it, the consequences are typically very severe, ranging from defacement of the web application to users data leakage or loss, or even full control of the web application or database server.\",\n },\n \"url\":\"http://test-site.example.com/login.php\",\n \"path\":\"login.php\",\n \"method\":\"post\",\n \"parameter\":\"username\",\n \"value\":\"\",\n \"params\":{\n \"username\":[\n \"probely'\"\n ],\n \"password\":[\n \"probely\"\n ]\n },\n \"reporter\":\n \"(...)\"\n ,\n \"assignee\":null,\n \"state\":\"notfixed\",\n \"severity\":30,\n \"last_found\":\"2017-08-01T14:03:56.207794Z\",\n \"changed\":\"2017-08-01T14:03:56.207794Z\",\n \"changed_by\":\n \"(...)\"\n ,\n \"comment\":\"\"\n },\n \"(...)\"\n ]\n}\n```\n\nYou can also view all the target findings, which will show all the findings\nthat are not yet fixed. \\\\\nThe structure is similar to the previous result.\n\n```bash\ncurl https://api.probely.com/targets/AxtkqTE0v3E-/findings/ \\\n -X GET \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: JWT PROBELY_AUTH_TOKEN\"\n```\n\n\n### Get vulnerability details\n\nYou can also get details for a particular finding in a target. \\\\\nIn this example we will get the details for the same finding as in the previous\nsection:\n\n```bash\ncurl https://api.probely.com/targets/AxtkqTE0v3E-/findings/79/ \\\n -X GET \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: JWT PROBELY_AUTH_TOKEN\"\n```\n\n\nThis will result on the same information, but just for this particular finding:\n\n```json\n{\n \"id\":79,\n \"target\":\n \"(...)\"\n ,\n \"scans\":\n \"(...)\"\n ,\n \"labels\":\n \"(...)\"\n ,\n \"fix\":\"To fix an SQL Injection in PHP, you should use Prepared Statements. Prepared Statements can be thought of as a kind of compiled template for the SQL that an application wants to run, that can be customized using variable parameters.\\n\\nPHP's PDO extension supports Prepared Statements, so that's probably your best option.\\n\\nIn the example below you can see the use of prepared statements. Variables ```$username``` and ```$hashedPassword``` come from user input.\\n\\n```\\n$stmt = $dbg->prepare(\\\"SELECT id, name FROM users\\n WHERE username=? AND password=?\\\");\\n$stmt->bindParam(1, $username);\\n$stmt->bindParam(2, $hashedPassword);\\nif ($stmt->execute()) {\\n\\t$user = $stmt->fetch();\\n\\tif ($user) {\\n\\t\\t$_SESSION['authID'] = $user['id'];\\n\\t\\techo \\\"Hello \\\" . $user['name'];\\n\\t} else {\\n\\t\\techo \\\"Invalid Login\\\";\\n\\t}\\n}\\n``` \\n\\nAs an added bonus, if you're executing the same query several times, then it'll be even faster than when you're not using prepared statements. This is because when using prepared statements, the query needs to be parsed (prepared) only once, but can be executed multiple times with the same or different parameters. \\n\",\n \"requests\":[\n {\n \"request\":\"(...)\",\n \"response\":\"(...)\"\n },\n {\n \"request\":\"(...)\",\n \"response\":\"(...)\"\n }\n ],\n \"evidence\":null,\n \"extra\":\"\",\n \"definition\":{\n \"id\":\"xnV8PJVmSoLS\",\n \"name\":\"SQL Injection\",\n \"desc\":\"SQL Injections are the most common form of injections because SQL databases are very popular in dynamic web applications. This vulnerability allows an attacker to tamper existing SQL queries performed by the web application. Depending on the queries, the attacker might be able to access, modify or even destroy data from the database.\\n\\nSince databases are commonly used to store private data, such as authentication information, personal user data and site content, if an attacker gains access to it, the consequences are typically very severe, ranging from defacement of the web application to users data leakage or loss, or even full control of the web application or database server.\",\n },\n \"url\":\"http://test-site.example.com/login.php\",\n \"path\":\"login.php\",\n \"method\":\"post\",\n \"parameter\":\"username\",\n \"value\":\"\",\n \"params\":{\n \"username\":[\n \"probely'\"\n ],\n \"password\":[\n \"probely\"\n ]\n },\n \"reporter\":\n \"(...)\"\n ,\n \"assignee\":null,\n \"state\":\"notfixed\",\n \"severity\":30,\n \"last_found\":\"2017-08-01T14:03:56.207794Z\",\n \"changed\":\"2017-08-01T14:03:56.207794Z\",\n \"changed_by\":\n \"(...)\"\n ,\n \"comment\":\"\"\n}\n```\n\n## Concepts\n\nThe short version is that you run *scans* on *targets*, and *findings* are\ncreated for any issue that is found.\nHowever, there are a few more concepts that must be explained in order to\nget a complete picture of how Probely works.\nWe will spend the next few sections detailing the most important concepts.\n\n\n### Target\n\nA *target* defines the scope of a scan, what will and won't be included\nin the scan plan.\nThis is done by filling a *target*'s *site* and *assets*.\n\nThe entry point for the web application (and authentication) is setup\nin the *target*'s *site*.\n\nIn modern web applications, you are probably loading resources from\nmultiple domains.\nA single page app, for example, will usualy load the page from one domain\nand make AJAX requests to another.\nThis is what *assets* are for: they specify what domains our scanner should\nfollow and create requests for.\n\n\n### Site\nA URL is probably not the only thing you will need to setup when scannning your application.\nDoes the application have an authenticated area? Does it use basic auth?\nDoes it expect a certain cookie or header?\nThese parameters are all configured in the *target*'s *site*.\n\n\nWe need to ensure that only allowed web applications are scanned.\nTherefore, we must verify that you have control of any site you wish to include.\nThis can be done by:\n * Placing a file on a well-known location, on the site's server;\n * Creating specific DNS records.\n\n\n### Asset\n\nAn *asset* is very similar to a *site*. The difference is that it is a domain instead\nof a URL. Additionally, an *asset* has no login or basic auth support.\nYou can still have custom cookies and headers per *asset*.\n\nAs with the *site*, you will need to prove an *asset*'s ownership. We have added some\nrules to make your life easier, if you already have verified\na *site* and the domains match, the validation is fast-tracked.\n\n### Scans\n\nThis is what you're here for.\nAfter configuring your *target*, you will want to run *scans* against it.\nYou can either start a one off scan, or schedule one for later - recurring\nor not.\n\nDuring the *scan*, we will spider and run several modules to check for\nsecurity issues, which we call *findings*.\nYou can check the *findings* even before a scan ends.\nIf everything goes well, the scan will complete and that is it.\n\nWith some *findings*, our automated processes may have difficulties\ndetermining if it is a false positive or a legitimate issue.\nIn these instances, a scan will be marked as under review, and we will\nfurther analyze the finding before making a decision.\nWe will only show findings that, for some degree of confidence, are true\npositives.\nA finding that we are not sure of will never be displayed.\n\nAs much as we try to prevent it, a *scan* (or a sub-module) can malfunction.\nIf this happens, a *scan* is marked as:\n * \"failed\": the problem was irrecoverable;\n * \"completed with errors\": some module failed but the scan itself completed.\n\nDuring a scan, we try to determine what *frameworks* you are using\nand add this information to the *site* and *asset* objects discussed\npreviously.\n\n\n### Findings\n\nThe last core concept is the *finding*, this is a security issue that\nwe have found during our scans.\nIf the same issue is found in a new scan it will not open a new finding but\nupdate the previous.\n\nA *finding* will have a lot of information about the issue.\nNamely, where it was found, URL, insertion point (e.g. cookie), parameter,\nand method.\nEvidence we gathered, and the full request and response that we used.\nSugestions of how to go about fixing it.\nA full description of the vulnerability is also present in the\n*definition* property.\nWe also assign a severity and calculate the CVSS score for each.\n\nBesides all this, there are also actions that you can perform on a *finding*.\nYou can assign it to one user, leave comments for your team or add labels,\nand reduce or increase the severity.\n\nIf you don't plan on fixing the *finding* and accept the risk, or you think\nwe reported a false positive, you can mark the finding to reflect that.\n","title":"Probely Developers","version":"1.2.0","x-apisguru-categories":["monitoring"],"x-logo":{"altText":"Probely","url":"https://developers.probely.com/assets/logo_dark.png"},"x-origin":[{"format":"openapi","url":"https://developers.probely.com/openapi.yaml","version":"3.0"}],"x-providerName":"probely.com"},"security":[{"jwtAuth":[]}],"tags":[{"description":"Login users and verify token. For login we make use of [JSON web tokens](https://jwt.io/).\n","name":"Login"},{"description":"In Probely, a target is what defines what is being scanned.\nConnected to a target there are two other objects: a site and a list of\nassets.\n\nThe site is the where the scan starts and will usually be the main\nentry point for your web application.\n\nAs things are today, a single URL is not enough to describe all of the\nresources an application uses.\nFor example, a modern single page web application might load the main\npage from one domain and make AJAX requests to one or more other domains.\nThis where assets come in, they are used to add extra domains that\nour scanner should follow.\n","name":"Targets"},{"description":"Every target has a site object, it contains the main entry URL for scans.\nOther settings are also connected to a site like login parameters,\nbasic auth, and custom headers and cookies.\n","name":"Site"},{"description":"Other resources a scan required access to (e.g. the domain where an\nAPI is being served) should be added here.\nYou can also configure custom headers and cookies for each asset.\n","name":"Assets"},{"description":"Start and manage scans against the target.\nYou can also produce reports and access the list of scanned endpoints.\n","name":"Scans"},{"description":"You can schedule scans for the future as a one off, or on a recurring\nbasis.\n","name":"Scheduled"},{"description":"Findings are security issues found during scans.\nWe try hard to present valid findings only. We give as much information\nas possible to help you know exactly what to do, without having to\nresort to outside resources.\n\nFindings come with all the data we gathered during the scan, a\nsuggestion on how to fix it, and a description of the vulnerability.\n","name":"Findings"},{"description":"During the scans we run fingerprinters against the target and record the\nresult on the site and assets.\nYou can access our list of frameworks/software here.\n","name":"Frameworks"},{"description":"You can add labels to findings to help you keep track of you development.\nUse these endpoints to manage your labels.\n","name":"Labels"},{"description":"In Probely findings are connected to vulnerability definitions.\nThis is how we keep track what type of vulnerability it is, it also\nincludes a name and description.\n","name":"Vulnerabilities"},{"description":"API keys allow you to perform operations without using your regular user.\nThere are two endpoints for API keys:\n * one to create keys that can only access the current scope;\n * one that allows the user to perform operations like creating targets.\n","name":"API Keys"},{"description":"Use these endpoints to reset a user's password.\n","name":"Password Reset"},{"description":"Manage self and other users.","name":"Users"},{"description":"Account management.","name":"Account"},{"description":"Probely has several graphs and tables that it uses to\ndisplay statistics of the current state of a target or account.\n","name":"Statistics"},{"description":"If you only require a small number of active targets at a time but don't\nwant to lose their history by deleting one to add another it is now\npossible to archive targets.\nThis feature is still experimental, please contact our support if you\nare interested.\n","name":"Archive"},{"description":"Important events in your Probely account are recorded as events.\nAn event is comprised of the resource acted on, when it occurred and\nwhat kind of event (ex: `target_created`).\n\nBesides fetching these events using their endpoints you are also able\nto receive them in real-time by registering webhooks.\nThe event is sent to every registered webhook URL as JSON and an HTTP\nsuccess status code (2XX) is expected in the response.\nIn case a webhook fails it will be retried with an exponential back-off\n(maxing out at 4 hours) during 2 days, at the end of which an email is\nsent to the users informing of this failure.\nFor security we suggest using an unique hard to guess identifier for the\nwebhook:\n```\nhttps://webhook.example.com/d69179e3b06549469817560c650be98f/\n```\nWebhook URL's are required to be HTTPS.\n\nWhen registering a webhook according to the chosen endpoint you can\nreceive any event for the account or only events for a single target.\nA target webhook will not receive `user_created`, `user_deleted` and\n`target_created` events and all events received pertain to the target\nthe webhook was created for.\n","name":"Events"},{"description":"List available and installed integrations","name":"Integrations"},{"description":"Receive slack notifications on Probely events.\n","name":"Slack Integration"},{"description":"To start integrating Probely with Jira you will first need to add the\nProbely app to your Jira instance.\nGo to the marketplace, search for Probely and install the application.\nWhen prompted click the \"Get Started\" button and follow the steps described\nto connect both accounts.\nA short explanation of the sync options can be found\n[here](https://help.probely.com/integrations/jira-syncronization-settings).\n","name":"Jira Cloud Integration"},{"description":"Find instructions on how to configure this integration for your Jira\ndeployment [here](https://help.probely.com/integrations/how-to-integrate-probely-with-jira-server).\nA short explanation of the sync options can be found\n[here](https://help.probely.com/integrations/jira-syncronization-settings).\n","name":"Jira Server Integration"}],"paths":{"/account/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/Account"},"401":{"$ref":"#/components/responses/UnauthorizedError"}},"summary":"Retrieve account information","tags":["Account"]}},"/auth/obtain/":{"post":{"description":"The received token should be used for authenticated requests by including in the Authorization header as `Authorization: JWT <token>`.\n","requestBody":{"$ref":"#/components/requestBodies/Login"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Authenticate user","tags":["Login"]}},"/auth/refresh/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/Token"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Replace token with a new one","tags":["Login"]}},"/auth/revoke/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/Token"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Revoke a token","tags":["Login"]}},"/auth/verify/":{"post":{"description":"Check for the validity of a user token.\n","requestBody":{"$ref":"#/components/requestBodies/Token"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Verify a token","tags":["Login"]}},"/billing/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/Billing"}},"summary":"Retrieve billing information","tags":["Account"]},"patch":{"requestBody":{"$ref":"#/components/requestBodies/Billing"},"responses":{"200":{"$ref":"#/components/responses/Billing"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Partial update billing information","tags":["Account"]},"put":{"requestBody":{"$ref":"#/components/requestBodies/Billing"},"responses":{"200":{"$ref":"#/components/responses/Billing"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Update billing information","tags":["Account"]}},"/billing/actions/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/TargetIds"},"responses":{"200":{"$ref":"#/components/responses/Action"}},"summary":"Action that should be taken to enable the selected targets","tags":["Account"]}},"/billing/estimate/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/Subscription"},"responses":{"200":{"$ref":"#/components/responses/Invoice"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Estimate costs of updating a subscription","tags":["Account"]}},"/billing/subscribe/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/Subscription"},"responses":{"200":{"$ref":"#/components/responses/Invoice"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Update a subscription","tags":["Account"]}},"/check/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/EmailToken"},"responses":{"200":{"$ref":"#/components/responses/SuccessMessage"},"400":{"$ref":"#/components/responses/BadRequestErrorMessage"}},"security":[],"summary":"Check validity of password reset token","tags":["Password Reset"]}},"/enterprise/auth/obtain/":{"post":{"description":"The received token should be used for authenticated requests by including in the Authorization header as `Authorization: JWT <token>`.\n","requestBody":{"$ref":"#/components/requestBodies/Login"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Enterprise user authentication","tags":["Login"]}},"/enterprise/auth/refresh/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/Token"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Enterprise token refresh","tags":["Login"]}},"/enterprise/auth/revoke/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/Token"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Enterprise token revokation","tags":["Login"]}},"/enterprise/auth/verify/":{"post":{"description":"Check for the validity of a user token.\n","requestBody":{"$ref":"#/components/requestBodies/Token"},"responses":{"200":{"$ref":"#/components/responses/Token"},"400":{"$ref":"#/components/responses/BadRequestError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"security":[],"summary":"Enterprise token verification","tags":["Login"]}},"/events/":{"get":{"responses":{"200":{"$ref":"#/components/responses/EventList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"List account events","tags":["Events"]}},"/events/{id}/":{"get":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"200":{"$ref":"#/components/responses/Event"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve account event","tags":["Events"]}},"/frameworks/":{"get":{"parameters":[{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"}],"responses":{"200":{"$ref":"#/components/responses/FrameworkList"},"401":{"$ref":"#/components/responses/UnauthorizedError"}},"summary":"List frameworks","tags":["Frameworks"]}},"/frameworks/{id}/":{"get":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"200":{"$ref":"#/components/responses/Framework"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve framework","tags":["Frameworks"]}},"/integrations/":{"get":{"responses":{"200":{"$ref":"#/components/responses/IntegrationsAccount"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Integrations available and installed in the account","tags":["Integrations"]}},"/integrations/jira-cloud/projects/":{"get":{"responses":{"200":{"$ref":"#/components/responses/JiraProjectList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"List Jira Projects","tags":["Jira Cloud Integration"]}},"/integrations/jira-cloud/projects/{project_id}/issue_types/":{"get":{"parameters":[{"$ref":"#/components/parameters/jiraProjectId"}],"responses":{"200":{"$ref":"#/components/responses/JiraIssueTypeList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve project issue types","tags":["Jira Cloud Integration"]}},"/integrations/jira-cloud/projects/{project_id}/issue_types/{issue_type_id}/priorities/":{"get":{"parameters":[{"$ref":"#/components/parameters/jiraProjectId"},{"$ref":"#/components/parameters/jiraIssueTypeId"}],"responses":{"200":{"$ref":"#/components/responses/JiraIssuePriorityList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Retrieve issue priorities","tags":["Jira Cloud Integration"]}},"/integrations/jira-cloud/projects/{project_id}/issue_types/{issue_type_id}/status/":{"get":{"parameters":[{"$ref":"#/components/parameters/jiraProjectId"},{"$ref":"#/components/parameters/jiraIssueTypeId"}],"responses":{"200":{"$ref":"#/components/responses/JiraIssueStatusList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve issue statuses","tags":["Jira Cloud Integration"]}},"/integrations/jira-server/projects/":{"get":{"responses":{"200":{"$ref":"#/components/responses/JiraProjectList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"List Jira Projects","tags":["Jira Server Integration"]}},"/integrations/jira-server/projects/{project_id}/issue_types/":{"get":{"parameters":[{"$ref":"#/components/parameters/jiraProjectId"}],"responses":{"200":{"$ref":"#/components/responses/JiraIssueTypeList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve project issue types","tags":["Jira Server Integration"]}},"/integrations/jira-server/projects/{project_id}/issue_types/{issue_type_id}/priorities/":{"get":{"parameters":[{"$ref":"#/components/parameters/jiraProjectId"},{"$ref":"#/components/parameters/jiraIssueTypeId"}],"responses":{"200":{"$ref":"#/components/responses/JiraIssuePriorityList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Retrieve issue priorities","tags":["Jira Server Integration"]}},"/integrations/jira-server/projects/{project_id}/issue_types/{issue_type_id}/status/":{"get":{"parameters":[{"$ref":"#/components/parameters/jiraProjectId"},{"$ref":"#/components/parameters/jiraIssueTypeId"}],"responses":{"200":{"$ref":"#/components/responses/JiraIssueStatusList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve issue statuses","tags":["Jira Server Integration"]}},"/keys/":{"get":{"parameters":[{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"}],"responses":{"200":{"$ref":"#/components/responses/APIKeyList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"List API keys allowed to operate on account","tags":["API Keys"]},"post":{"requestBody":{"$ref":"#/components/requestBodies/APIKey"},"responses":{"201":{"$ref":"#/components/responses/APIKey"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Create account API key","tags":["API Keys"]}},"/keys/{id}/":{"delete":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"204":{"$ref":"#/components/responses/NoContent"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Delete account API key","tags":["API Keys"]},"get":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"200":{"$ref":"#/components/responses/APIKey"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Retrieve account API key","tags":["API Keys"]}},"/labels/":{"get":{"parameters":[{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"}],"responses":{"200":{"$ref":"#/components/responses/LabelList"},"401":{"$ref":"#/components/responses/UnauthorizedError"}},"summary":"List labels","tags":["Labels"]},"post":{"requestBody":{"$ref":"#/components/requestBodies/Label"},"responses":{"201":{"$ref":"#/components/responses/Label"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"}},"summary":"Create label","tags":["Labels"]}},"/labels/{id}/":{"delete":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"204":{"$ref":"#/components/responses/NoContent"},"401":{"$ref":"#/components/responses/UnauthorizedError"}},"summary":"Delete label","tags":["Labels"]},"get":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"200":{"$ref":"#/components/responses/Label"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve framework","tags":["Labels"]},"patch":{"parameters":[{"$ref":"#/components/parameters/id"}],"requestBody":{"$ref":"#/components/requestBodies/Label"},"responses":{"200":{"$ref":"#/components/responses/Label"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Partial update","tags":["Labels"]},"put":{"parameters":[{"$ref":"#/components/parameters/id"}],"requestBody":{"$ref":"#/components/requestBodies/Label"},"responses":{"200":{"$ref":"#/components/responses/Label"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Update label","tags":["Labels"]}},"/plans/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/PlanList"}},"security":[],"summary":"Subscription plans","tags":["Plan"]}},"/profile/":{"get":{"parameters":[{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"}],"responses":{"200":{"$ref":"#/components/responses/User"}},"summary":"User data","tags":["Users"]}},"/profile/change_password/":{"post":{"description":"Our password policy requires a minimum password length of 10 chars with\nat least one symbol or number.\n","requestBody":{"$ref":"#/components/requestBodies/PasswordChange"},"responses":{"200":{"$ref":"#/components/responses/SuccessMessage"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"}},"summary":"Change user password","tags":["Users"]}},"/reset/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/Email"},"responses":{"200":{"$ref":"#/components/responses/SuccessMessage"},"400":{"$ref":"#/components/responses/BadRequestErrorMessage"}},"security":[],"summary":"Send reset password email","tags":["Password Reset"]}},"/setpassword/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/PasswordSet"},"responses":{"200":{"$ref":"#/components/responses/SuccessMessage"},"400":{"$ref":"#/components/responses/BadRequestErrorMessage"}},"security":[],"summary":"Reset password after asking for a reset (with the token sent by email).\n","tags":["Password Reset"]}},"/target-actions/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/TargetIds"},"responses":{"200":{"$ref":"#/components/responses/Actions"}},"summary":"Available actions for the selected targets","tags":["Account"]}},"/targets/":{"get":{"parameters":[{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"}],"responses":{"200":{"$ref":"#/components/responses/TargetList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"summary":"List targets","tags":["Targets"]},"post":{"requestBody":{"$ref":"#/components/requestBodies/Target"},"responses":{"201":{"$ref":"#/components/responses/Target"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"summary":"Create target","tags":["Targets"]}},"/targets/activate/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/TargetIds"},"responses":{"200":{"$ref":"#/components/responses/TargetIds"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Activate targets","tags":["Archive"]}},"/targets/all/average_fix_time/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/AverageFixTime"}},"summary":"Average fix time graph data (all targets)","tags":["Statistics"]}},"/targets/all/needs_attention_pie/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/NeedsAttentionPie"}},"summary":"Targets with open vulnerabilities pie chart data","tags":["Statistics"]}},"/targets/all/needs_attention_top/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/NeedsAttentionTop"}},"summary":"Targets with open vulnerabilities","tags":["Statistics"]}},"/targets/all/risk_trend/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/RiskTrend"}},"summary":"Risk trend graph data (all targets)","tags":["Statistics"]}},"/targets/all/scans/":{"get":{"parameters":[{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"},{"$ref":"#/components/parameters/scanStarted"},{"$ref":"#/components/parameters/scanStatus"}],"responses":{"200":{"$ref":"#/components/responses/ScanList"},"401":{"$ref":"#/components/responses/UnauthorizedError"}},"summary":"List scans for all targets","tags":["Scans"]}},"/targets/all/scheduledscans/expanded/":{"get":{"parameters":[{"$ref":"#/components/parameters/pageLength"}],"responses":{"200":{"$ref":"#/components/responses/ScheduledArray"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"List scheduled scans for all targets expanding recurrence","tags":["Scheduled"]}},"/targets/all/severity_trend/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/SeverityTrend"}},"summary":"Severity trend graph data (all targets)","tags":["Statistics"]}},"/targets/all/top_vulns/":{"get":{"parameters":[],"responses":{"200":{"$ref":"#/components/responses/TopVulns"}},"summary":"Top 5 vulnerabilities (all targets).","tags":["Statistics"]}},"/targets/archive/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/TargetIds"},"responses":{"200":{"$ref":"#/components/responses/TargetIds"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"Archive targets","tags":["Archive"]}},"/targets/archived/":{"post":{"requestBody":{"$ref":"#/components/requestBodies/TargetIds"},"responses":{"200":{"$ref":"#/components/responses/TargetList"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"}},"summary":"List archived targets","tags":["Archive"]}},"/targets/{id}/":{"delete":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"204":{"$ref":"#/components/responses/NoContent"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Delete target","tags":["Targets"]},"get":{"parameters":[{"$ref":"#/components/parameters/id"}],"responses":{"200":{"$ref":"#/components/responses/Target"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"},"500":{"$ref":"#/components/responses/InternalServerError"}},"summary":"Retrieve target","tags":["Targets"]},"patch":{"parameters":[{"$ref":"#/components/parameters/id"}],"requestBody":{"$ref":"#/components/requestBodies/Target"},"responses":{"200":{"$ref":"#/components/responses/Target"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Partial update target","tags":["Targets"]},"put":{"parameters":[{"$ref":"#/components/parameters/id"}],"requestBody":{"$ref":"#/components/requestBodies/Target"},"responses":{"200":{"$ref":"#/components/responses/Target"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Update target","tags":["Targets"]}},"/targets/{target_id}/assets/":{"get":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"}],"responses":{"200":{"$ref":"#/components/responses/AssetList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"List target's assets","tags":["Assets"]},"post":{"parameters":[{"$ref":"#/components/parameters/targetId"}],"requestBody":{"$ref":"#/components/requestBodies/Asset"},"responses":{"201":{"$ref":"#/components/responses/Asset"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Create new asset","tags":["Assets"]}},"/targets/{target_id}/assets/{id}/":{"delete":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/id"}],"responses":{"204":{"$ref":"#/components/responses/NoContent"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Delete asset","tags":["Assets"]},"get":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/id"}],"responses":{"200":{"$ref":"#/components/responses/Asset"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve asset","tags":["Assets"]},"patch":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/id"}],"requestBody":{"$ref":"#/components/requestBodies/Asset"},"responses":{"200":{"$ref":"#/components/responses/Asset"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Partial update assets","tags":["Assets"]},"put":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/id"}],"requestBody":{"$ref":"#/components/requestBodies/Asset"},"responses":{"200":{"$ref":"#/components/responses/Asset"},"400":{"$ref":"#/components/responses/BadRequestError"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Update asset","tags":["Assets"]}},"/targets/{target_id}/assets/{id}/verify/":{"post":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/id"}],"requestBody":{"$ref":"#/components/requestBodies/SiteVerify"},"responses":{"200":{"$ref":"#/components/responses/SuccessMessage"},"400":{"$ref":"#/components/responses/BadRequestErrorMessage"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Verify asset ownership","tags":["Assets"]}},"/targets/{target_id}/average_fix_time/":{"get":{"parameters":[{"$ref":"#/components/parameters/targetId"}],"responses":{"200":{"$ref":"#/components/responses/AverageFixTime"}},"summary":"Average vulnerability trend graph data","tags":["Statistics"]}},"/targets/{target_id}/events/":{"get":{"parameters":[{"$ref":"#/components/parameters/targetId"}],"responses":{"200":{"$ref":"#/components/responses/EventList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"List target events","tags":["Events"]}},"/targets/{target_id}/events/{id}/":{"get":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/id"}],"responses":{"200":{"$ref":"#/components/responses/Event"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"403":{"$ref":"#/components/responses/ForbiddenError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Retrieve target event","tags":["Events"]}},"/targets/{target_id}/findings/":{"get":{"parameters":[{"$ref":"#/components/parameters/targetId"},{"$ref":"#/components/parameters/scanId"},{"$ref":"#/components/parameters/findingSeverity"},{"$ref":"#/components/parameters/findingState"},{"$ref":"#/components/parameters/assignee"},{"$ref":"#/components/parameters/label"},{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/pageLength"},{"$ref":"#/components/parameters/ordering"},{"$ref":"#/components/parameters/search"}],"responses":{"200":{"$ref":"#/components/responses/FindingList"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"List target findings","tags":["Findings"]}},"/targets/{target_id}/findings/bulk/report/":{"post":{"parameters":[{"$ref":"#/components/parameters/targetId"}],"requestBody":{"$ref":"#/components/requestBodies/FindingBulkIds"},"responses":{"200":{"description":"Token to retrieve report.\n"},"400":{"$ref":"#/components/responses/BadRequestErrorMessage"},"401":{"$ref":"#/components/responses/UnauthorizedError"},"404":{"$ref":"#/components/responses/NotFoundError"}},"summary":"Finding report","tags":["Findings"]}},"/targets/{target_id}/findings/bulk/retest/":{"pos