> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cantina.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Add a comment to an existing finding in a repository.

> # Access control rules

- The requester must have access to the repository.
- Any user with (read) access to the finding can create a comment on it.



## OpenAPI

````yaml POST /api/v0/repositories/{repo_id}/findings/{finding_ref}/comment
openapi: 3.1.0
info:
  title: Cantina Client API
  description: >-
    Endpoints available to client organizations. For an overview and
    authentication, see
    https://docs.cantina.xyz/for-organizations/getting-started/api-access.
  license:
    name: Cantina
    identifier: Cantina
  version: 0.1.0
servers: []
security: []
paths:
  /api/v0/repositories/{repo_id}/findings/{finding_ref}/comment:
    post:
      tags:
        - repositories
      summary: Add a comment to an existing finding in a repository.
      description: |-
        # Access control rules

        - The requester must have access to the repository.
        - Any user with (read) access to the finding can create a comment on it.
      operationId: comment_on_finding
      parameters:
        - name: repo_id
          in: path
          required: true
          schema:
            type: string
            format: uuid
        - name: finding_ref
          in: path
          required: true
          schema:
            $ref: '#/components/schemas/FindingRef'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NewFindingComment'
        required: true
      responses:
        '201':
          description: Comment added
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreatedResource'
        '400':
          description: Comment is invalid
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '401':
          description: Access not authorised
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '403':
          description: Access forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '404':
          description: Not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '500':
          description: Error adding comment
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
components:
  schemas:
    FindingRef:
      oneOf:
        - type: string
          format: uuid
          description: Finding id.
        - type: integer
          format: int32
          description: Finding number.
      description: Reference to a finding, either a finding id or finding number.
    NewFindingComment:
      type: object
      description: Create a new comment on a finding.
      required:
        - content
      properties:
        parent:
          type:
            - string
            - 'null'
          format: uuid
          description: Comment is in a reply to a thread.
        visibility:
          oneOf:
            - type: 'null'
            - $ref: '#/components/schemas/CommentVisibility'
              description: |-
                Visibility of a comment.

                Reviewers can currently only create public comments.

                Defaults to public comment.
        content:
          type: string
          description: >-
            The content is expected to be valid markdown, but this is not
            validated

            at this time.


            Users can "ping" other users by using:

            * `@project` to ping all company users associated with the company,
            or

            * `@username` to ping auditors (reviewers, judges and triagers) that
            are
              part of the repository.

            A ping will cause the pinged user(s) to receive a notification.
    CreatedResource:
      type: object
      required:
        - id
      properties:
        id:
          type: string
          format: uuid
    CantinaError:
      type: object
      description: Error returned by the Cantina API.
      required:
        - type
        - msg
      properties:
        type:
          $ref: '#/components/schemas/ErrorType'
        msg:
          type: string
          description: Error message for the user.
    CommentVisibility:
      type: string
      description: Visibility of a comment.
      enum:
        - public
        - private
        - internal
        - hidden
    ErrorType:
      type: string
      description: Type of error.
      enum:
        - email_not_verified
        - auth_invalid
        - auth_expired
        - auth_token_missing
        - auth_id_missing
        - invalid_password
        - disabled_user
        - tc_not_accepted
        - evicted
        - unauthorized
        - bad_request
        - not_found
        - forbidden
        - gone
        - payload_too_large
        - service_unavailable
        - internal_error

````