> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cantina.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Escalate an existing finding in a repository and make a comment explaining why.

> # Access control rules

- The user must be a reviewer and the finding must be made by them or their team.



## OpenAPI

````yaml PATCH /api/v0/repositories/{repo_id}/findings/{finding_ref}/escalate
openapi: 3.1.0
info:
  title: Cantina Client API
  description: >-
    Endpoints available to client organizations. For an overview and
    authentication, see
    https://docs.cantina.xyz/for-organizations/getting-started/api-access.
  license:
    name: Cantina
    identifier: Cantina
  version: 0.1.0
servers: []
security: []
paths:
  /api/v0/repositories/{repo_id}/findings/{finding_ref}/escalate:
    patch:
      tags:
        - repositories
      summary: >-
        Escalate an existing finding in a repository and make a comment
        explaining

        why.
      description: >-
        # Access control rules


        - The user must be a reviewer and the finding must be made by them or
        their team.
      operationId: escalate_finding
      parameters:
        - name: repo_id
          in: path
          required: true
          schema:
            type: string
            format: uuid
        - name: finding_ref
          in: path
          required: true
          schema:
            $ref: '#/components/schemas/FindingRef'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EscalateFinding'
        required: true
      responses:
        '204':
          description: Finding escalated, returns the id of the comment
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreatedResource'
        '400':
          description: Escalation is invalid
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '401':
          description: Access not authorised
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '403':
          description: Access forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '404':
          description: Not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '500':
          description: Error escalating finding
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
components:
  schemas:
    FindingRef:
      oneOf:
        - type: string
          format: uuid
          description: Finding id.
        - type: integer
          format: int32
          description: Finding number.
      description: Reference to a finding, either a finding id or finding number.
    EscalateFinding:
      type: object
      required:
        - commentContent
      properties:
        commentContent:
          type: string
          description: |-
            Comment will always created as a new thread (i.e. `parent` set to
            `null`) and as a publicly visible comment (i.e. `visibility` set to
            `public`).
    CreatedResource:
      type: object
      required:
        - id
      properties:
        id:
          type: string
          format: uuid
    CantinaError:
      type: object
      description: Error returned by the Cantina API.
      required:
        - type
        - msg
      properties:
        type:
          $ref: '#/components/schemas/ErrorType'
        msg:
          type: string
          description: Error message for the user.
    ErrorType:
      type: string
      description: Type of error.
      enum:
        - email_not_verified
        - auth_invalid
        - auth_expired
        - auth_token_missing
        - auth_id_missing
        - invalid_password
        - disabled_user
        - tc_not_accepted
        - evicted
        - unauthorized
        - bad_request
        - not_found
        - forbidden
        - gone
        - payload_too_large
        - service_unavailable
        - internal_error

````