> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cantina.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Get a finding's events in a repository.

> # Access control rules

- The requester must have access to the repository.
- Reviewers have access to the finding they and their team made.
- Clients, judges, triagers and admins have access to all findings.



## OpenAPI

````yaml GET /api/v0/repositories/{repo_id}/findings/{finding_ref}/events
openapi: 3.1.0
info:
  title: Cantina Client API
  description: >-
    Endpoints available to client organizations. For an overview and
    authentication, see
    https://docs.cantina.xyz/for-organizations/getting-started/api-access.
  license:
    name: Cantina
    identifier: Cantina
  version: 0.1.0
servers: []
security: []
paths:
  /api/v0/repositories/{repo_id}/findings/{finding_ref}/events:
    get:
      tags:
        - repositories
      summary: Get a finding's events in a repository.
      description: |-
        # Access control rules

        - The requester must have access to the repository.
        - Reviewers have access to the finding they and their team made.
        - Clients, judges, triagers and admins have access to all findings.
      operationId: get_finding_events
      parameters:
        - name: repo_id
          in: path
          required: true
          schema:
            type: string
            format: uuid
        - name: finding_ref
          in: path
          required: true
          schema:
            $ref: '#/components/schemas/FindingRef'
      responses:
        '200':
          description: Finding events
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FindingEvents'
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '401':
          description: Access not authorised
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '403':
          description: Access forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '404':
          description: Not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
        '500':
          description: Server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CantinaError'
components:
  schemas:
    FindingRef:
      oneOf:
        - type: string
          format: uuid
          description: Finding id.
        - type: integer
          format: int32
          description: Finding number.
      description: Reference to a finding, either a finding id or finding number.
    FindingEvents:
      type: object
      description: Events that happened to/on a finding.
      required:
        - events
      properties:
        events:
          type: array
          items:
            $ref: '#/components/schemas/FindingEvent'
          description: All the events.
    CantinaError:
      type: object
      description: Error returned by the Cantina API.
      required:
        - type
        - msg
      properties:
        type:
          $ref: '#/components/schemas/ErrorType'
        msg:
          type: string
          description: Error message for the user.
    FindingEvent:
      oneOf:
        - allOf:
            - $ref: '#/components/schemas/FindingComment'
            - type: object
              required:
                - type
              properties:
                type:
                  type: string
                  enum:
                    - comment
        - allOf:
            - $ref: '#/components/schemas/FindingChange'
            - type: object
              required:
                - type
              properties:
                type:
                  type: string
                  enum:
                    - change
      description: Event that happened to/on a finding.
    ErrorType:
      type: string
      description: Type of error.
      enum:
        - email_not_verified
        - auth_invalid
        - auth_expired
        - auth_token_missing
        - auth_id_missing
        - invalid_password
        - disabled_user
        - tc_not_accepted
        - evicted
        - unauthorized
        - bad_request
        - not_found
        - forbidden
        - gone
        - payload_too_large
        - service_unavailable
        - internal_error
    FindingComment:
      type: object
      description: Comment made on a finding.
      required:
        - id
        - visibility
        - content
        - reactions
        - lastUpdatedBy
        - lastUpdatedAt
        - createdBy
        - createdAt
      properties:
        id:
          type: string
          format: uuid
        replies:
          type: array
          items:
            $ref: '#/components/schemas/FindingComment'
          description: |-
            Replies to this comment
            NOTE: the comment thread can only be one level deep,
            this will be empty if the comment itself is a reply.
        visibility:
          $ref: '#/components/schemas/CommentVisibility'
        content:
          type: string
          description: Content of the comment, usually in Markdown.
        reactions:
          type: array
          items:
            $ref: '#/components/schemas/CommentReaction'
          description: Reactions to the comment.
        lastUpdatedBy:
          $ref: '#/components/schemas/RepositoryUser'
          description: User that last updated the comment.
        lastUpdatedAt:
          type: string
          format: date-time
          description: Time at which the comment was last updated.
        createdBy:
          $ref: '#/components/schemas/RepositoryUser'
          description: User that made the comment.
        createdAt:
          type: string
          format: date-time
          description: Time at which the comment was made.
        unreadNotification:
          type:
            - string
            - 'null'
          format: uuid
          description: >-
            Reference to the notification that was created by this comment
            creation for

            a current user.


            If this is null, the user either already read this comment
            previously or

            didn't get a notification for it.
    FindingChange:
      type: object
      required:
        - id
        - field
        - old
        - new
        - updatedBy
        - updatedAt
      properties:
        id:
          type: string
          format: uuid
        field:
          $ref: '#/components/schemas/FindingField'
        old: {}
        new: {}
        updatedBy:
          $ref: '#/components/schemas/RepositoryUser'
          description: User id.
        updatedAt:
          type: string
          format: date-time
    CommentVisibility:
      type: string
      description: Visibility of a comment.
      enum:
        - public
        - private
        - internal
        - hidden
    CommentReaction:
      type: object
      description: Reaction to a comment.
      required:
        - reaction
        - users
      properties:
        reaction:
          type: string
          description: Reaction, e.g. a unicode emoji such as `👍`.
        users:
          type: array
          items:
            $ref: '#/components/schemas/CommentReactionUser'
          description: Users that reacted with this reaction.
    RepositoryUser:
      type: object
      description: User data in the context of a repository.
      required:
        - userId
        - name
        - username
        - repositoryRole
        - avatar
        - isBot
        - createdAt
      properties:
        userId:
          type: string
          format: uuid
          description: User id, not to be confused with a client id.
        name:
          type: string
        username:
          type: string
        teamId:
          type:
            - string
            - 'null'
          format: uuid
          description: |-
            Id of the team the reviewer is a part of.

            For non-reviewers, this will be null.
        pingsLeft:
          type:
            - integer
            - 'null'
          format: int32
          description: >-
            Number of times the reviewer can ping the client.


            Visible to admins, company users, and reviewers only when viewing
            their own info.


            For non-reviewers, this will be null.
        reputation:
          type:
            - integer
            - 'null'
          format: int32
          description: >-
            Reputation of an auditor, always in the range of `0..=100`.


            Visible to admins, clients, judges and triagers only. Only returned
            in the

            finding's creator field (`Finding.created_by.reputation`), not in
            other

            places.


            For non-reviewers, this will be null.
        repositoryRole:
          $ref: '#/components/schemas/RepositoryRole'
        avatar:
          type: string
        isBot:
          type: boolean
        createdAt:
          type: string
          format: date-time
        disabledAt:
          type:
            - string
            - 'null'
          format: date-time
          description: User is disabled and doesn't have access to Cantina any more.
        deletedFromRepoAt:
          type:
            - string
            - 'null'
          format: date-time
          description: User is deleted from the repository.
    FindingField:
      type: string
      description: Field of a [`Finding`]/[`FindingChange`] that was updated.
      enum:
        - title
        - description
        - status
        - severity
        - likelihood
        - impact
        - category
        - reward
        - quality
        - fixed_by
        - duplicate_of
        - related_files
        - labels
        - assigned_to
        - asset_group
        - assets
        - comment_id
        - locked
        - safe_harbor_assets
        - submission_fee_paid
        - submission_fee_refunded
        - note
    CommentReactionUser:
      type: object
      description: User that posted a reaction to a comment.
      required:
        - id
        - name
      properties:
        id:
          type: string
          format: uuid
          description: User id.
        name:
          type: string
          description: Name of the user (NOTE **not** username).
    RepositoryRole:
      type: string
      description: Role of a user in the context of a repository.
      enum:
        - client
        - reviewer
        - judge
        - triager
        - admin

````