# DLP APIs - Native SaaS Apps The native SaaS app APIs can be utilized by customers using Nightfall’s SaaS apps, supported natively, to fetch violations, search violations by app meta-data attributes, and fetch findings within violations. These DLP APIs do not provide access to violations for apps scanned via the developer platform. These APIs require you to create an API key as outlined in the [Getting Started with the Developer Platform section](https://help.nightfall.ai/developer-api/introduction). However, to use these APIs, you need not create any detectors, detection rules, and policies in the developer platform. If you are using Nightfall SaaS apps, you can use APIs to fetch violations, search through the violations, and fetch specific findings within the Violations. To scan data in any custom apps or cloud infrastructure services like AWS S3, you must use the APIs in the [dlp](https://help.nightfall.ai/developer-api/nightfall_apis/dlp "mention") section. ## Fetch violations > Fetch a list of violations for a period ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"Violation":{"type":"object","properties":{"id":{"type":"string","description":"The violation id"},"integration":{"$ref":"#/components/schemas/Integration","description":"The integration name"},"createdAt":{"type":"integer","description":"Unix timestamp when the violation was created"},"updatedAt":{"type":"integer","description":"Unix timestamp when the violation was updated"},"possibleActions":{"type":"array","items":{"$ref":"#/components/schemas/Action"},"description":"Possible actions for the violation"},"state":{"$ref":"#/components/schemas/ViolationState","description":"The current state of the violation"},"resourceLink":{"type":"string","description":"The link to the resource on the integration"},"metadata":{"$ref":"#/components/schemas/Metadata","description":"Integration specific metadata, based on the integration one field will be populated."},"fileDetails":{"$ref":"#/components/schemas/FileDetails","description":"If the resource is a file, the details for it"},"policyUUIDs":{"type":"array","items":{"type":"string"},"description":"Policies violated"},"detectionRuleUUIDs":{"type":"array","items":{"type":"string"},"description":"Detection rules triggered"},"detectorUUIDs":{"type":"array","items":{"type":"string"},"description":"Detectors triggered"},"risk":{"$ref":"#/components/schemas/ViolationRisk","description":"The risk label associated to this violation"},"riskSource":{"$ref":"#/components/schemas/ViolationRiskSource","description":"The source of calculation of risk associated to this violation"},"riskScore":{"type":"number","format":"float","description":"The calculated score of the risk for this violation"},"userInfo":{"$ref":"#/components/schemas/UserInformation"}}},"Integration":{"type":"string","enum":["SLACK","GDRIVE","JIRA","CONFLUENCE","SALESFORCE","ZENDESK","BROWSER","NOTION","GITHUB","M365_TEAMS","M365_ONEDRIVE","INLINE_EMAIL"]},"Action":{"type":"string","enum":["ACKNOWLEDGE","REDACT","QUARANTINE","ALLOW_QUARANTINE","REJECT_QUARANTINE","REMOVE_INTERNAL_USERS","REMOVE_EXTERNAL_USERS","DOMAIN_WIDE_LINK","RESTRICTED_LINK","DELETE","IGNORE","NOTIFY_SLACK","NOTIFY_EMAIL","UNACKNOWLEDGE","DISABLE_DOWNLOAD","CREATE_JIRA_ISSUE","MARK_AS_PRIVATE","DELETE_ATTACHMENT","MANUAL_UNDO","RESOLVE","NOTIFY_TEAMS","NOTIFY_GITHUB","SOFT_DELETE","HARD_DELETE","RESTRICT_TO_OWNER"]},"ViolationState":{"type":"string","enum":["ACTIVE","PENDING","RESOLVED","EXPIRED"]},"Metadata":{"type":"object","properties":{"slackMetadata":{"$ref":"#/components/schemas/SlackMetadata"},"confluenceMetadata":{"$ref":"#/components/schemas/ConfluenceMetadata"},"gdriveMetadata":{"$ref":"#/components/schemas/GdriveMetadata"},"jiraMetadata":{"$ref":"#/components/schemas/JiraMetadata"},"githubMetadata":{"$ref":"#/components/schemas/GithubMetadata"},"salesforceMetadata":{"$ref":"#/components/schemas/SalesforceMetadata"},"zendeskMetadata":{"$ref":"#/components/schemas/ZendeskMetadata"},"notionMetadata":{"$ref":"#/components/schemas/NotionMetadata"},"browserMetadata":{"$ref":"#/components/schemas/BrowserMetadata"},"m365TeamsMetadata":{"$ref":"#/components/schemas/M365TeamsMetadata"},"m365OnedriveMetadata":{"$ref":"#/components/schemas/M365OnedriveMetadata"},"inlineEmailMetadata":{"$ref":"#/components/schemas/InlineEmailMetadata"}}},"SlackMetadata":{"type":"object","properties":{"location":{"type":"string","description":"The channel name in case of a message in a channel"},"locationType":{"type":"string","description":"Type of location"},"username":{"type":"string","description":"User name"},"userID":{"type":"string","description":"ID - user"},"messagePermalink":{"type":"string","description":"Link to message"},"locationMembers":{"type":"array","items":{"type":"string"},"description":"Members for the location"},"locationMemberCount":{"type":"integer","description":"Count of members for the location"},"channelID":{"type":"string","description":"ID - channel"},"workspaceName":{"type":"string","description":"Name of workspace"}}},"ConfluenceMetadata":{"type":"object","properties":{"itemName":{"type":"string","description":"Name of item"},"itemType":{"type":"string","description":"Type of item"},"isArchived":{"type":"boolean","description":"Archived status"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"labels":{"type":"array","items":{"type":"string"},"description":"List of labels"},"spaceName":{"type":"string","description":"Name of space"},"spaceKey":{"type":"string","description":"Key of space"},"spaceNameLink":{"type":"string","description":"Link of space"},"parentPageName":{"type":"string","description":"Parent page"},"authorName":{"type":"string","description":"Name of author"},"authorEmail":{"type":"string","description":"Email of author"},"authorNameLink":{"type":"string","description":"Link of author name"},"permalink":{"type":"string","description":"Link to resource"},"confluenceID":{"type":"string","description":"ID - Confluence internal"},"confluenceUserID":{"type":"string","description":"ID - Confluence user"},"itemVersion":{"type":"integer","description":"Version of item"},"parentPageID":{"type":"string","description":"ID - parent page"},"parentVersion":{"type":"integer","description":"Version of parent page"}}},"GdriveMetadata":{"type":"object","properties":{"fileID":{"type":"string","description":"ID of file"},"fileName":{"type":"string","description":"The name of the file"},"fileType":{"type":"string","description":"Type of file"},"fileSize":{"type":"string","description":"File size"},"fileLink":{"type":"string","description":"Link to file"},"permissionSetting":{"type":"string","description":"Permissions"},"sharingExternalUsers":{"type":"array","items":{"type":"string"},"description":"User list shared with - external"},"sharingInternalUsers":{"type":"array","items":{"type":"string"},"description":"User list shared with - internal"},"canViewersDownload":{"type":"boolean","description":"Available for viewers to download"},"fileOwner":{"type":"string","description":"File owner"},"isInTrash":{"type":"boolean","description":"In trash"},"createdAt":{"type":"integer","description":"Unix timestamp, when the file was created"},"updatedAt":{"type":"integer","description":"Unix timestamp, when the file was updated"},"drive":{"type":"string","description":"Drive name"},"updatedBy":{"type":"string","description":"Updated by user"}}},"JiraMetadata":{"type":"object","properties":{"projectName":{"type":"string","description":"Name of project"},"ticketNumber":{"type":"string","description":"Ticket number"},"projectType":{"type":"string","description":"Type of project"},"issueID":{"type":"string","description":"ID for the issue"},"projectLink":{"type":"string","description":"Link to project"},"ticketLink":{"type":"string","description":"Link to ticket"},"commentLink":{"type":"string","description":"Link to comment"},"attachmentLink":{"type":"string","description":"Link to attachment"}}},"GithubMetadata":{"type":"object","properties":{"branchName":{"type":"string","description":"Branch on which violation occurred"},"organization":{"type":"string","description":"Name of the organization or username in case of an individual account"},"repository":{"type":"string","description":"Name of the repository"},"authorEmail":{"type":"string","description":"Email of the user who pushed the changes to GitHub"},"authorUsername":{"type":"string","description":"Username of the user who pushed the changes to GitHub"},"createdAt":{"type":"integer","description":"Unix timestamp"},"isRepoPrivate":{"type":"boolean","description":"Boolean to check if the repo is private or public"},"filePath":{"type":"string","description":"Path of the file on which violation occurred"},"githubPermalink":{"type":"string","description":"Permalink to the version of the file where sensitive content was identified"},"repositoryOwner":{"type":"string","description":"Owner of the repository"},"githubRepoLink":{"type":"string","description":"Link to the repository"}}},"SalesforceMetadata":{"type":"object","properties":{"orgName":{"type":"string","description":"Name of the Salesforce organization"},"recordID":{"type":"string","description":"ID of the record"},"objectName":{"type":"string","description":"Name of the object"},"contentType":{"type":"string","description":"Attachment or Object"},"userID":{"type":"string","description":"ID of the user"},"userName":{"type":"string","description":"Salesforce username of the author"},"updatedAt":{"type":"integer","description":"Unix timestamp when the object was last updated"},"fields":{"type":"array","items":{"type":"string"},"description":"Fields of the Object"},"fileType":{"type":"string","description":"File Type"},"attachmentLink":{"type":"string","description":"Link to the attachment"},"attachmentName":{"type":"string","description":"Name of the attachment"},"objectLink":{"type":"string","description":"Link to the object"}}},"ZendeskMetadata":{"type":"object","properties":{"ticketStatus":{"type":"string","description":"Status of the ticket"},"ticketTitle":{"type":"string","description":"Title of the ticket"},"ticketRequestor":{"type":"string","description":"Ticket requested by"},"ticketGroupAssignee":{"type":"string","description":"Group the ticket is assigned to"},"ticketAgentAssignee":{"type":"string","description":"Agent the ticket is assigned to"},"currentUserRole":{"type":"string","description":"User role"},"ticketID":{"type":"integer","description":"ID of the ticket"},"ticketFollowers":{"type":"array","items":{"type":"string"},"description":"Followers of the ticket"},"ticketTags":{"type":"string","description":"Tags for the ticket"},"createdAt":{"type":"integer","description":"Unix timestamp"},"UpdatedAt":{"type":"integer","description":"Unix timestamp"},"location":{"type":"string","description":"Location"},"subLocation":{"type":"string","description":"Sub-location"},"ticketCommentID":{"type":"integer","description":"ID - ticket comment"},"ticketGroupID":{"type":"integer","description":"ID - ticket group"},"ticketGroupLink":{"type":"string","description":"Link to the ticket group"},"ticketAgentID":{"type":"integer","description":"ID - ticket agent"},"ticketAgentLink":{"type":"string","description":"Link - ticket agent"},"ticketEvent":{"type":"string","description":"Ticket event"},"userRole":{"type":"string","description":"Role of the user"},"attachmentName":{"type":"string","description":"Name of the attachment"},"attachmentLink":{"type":"string","description":"Link for the attachment"}}},"NotionMetadata":{"type":"object","properties":{"createdBy":{"type":"string","description":"Page creator"},"updatedBy":{"type":"string","description":"Page update by"},"workspaceName":{"type":"string","description":"Workspace name"},"workspaceLink":{"type":"string","description":"Link to workspace"},"pageID":{"type":"string","description":"ID of the page"},"pageTitle":{"type":"string","description":"Title of the page"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"privatePageLink":{"type":"string","description":"Private page link"},"publicPageLink":{"type":"string","description":"Public page link"},"sharedExternally":{"type":"boolean","description":"Externally shared state"},"attachmentID":{"type":"string","description":"ID of the attachment"}}},"BrowserMetadata":{"type":"object","properties":{"location":{"type":"string","description":"Page URL where the extension is launched"},"subLocation":{"type":"string","description":"Specific location on the page"},"browserName":{"type":"string","description":"Browser type"},"userComment":{"type":"string","description":"Remediation comment from the user"}}},"M365TeamsMetadata":{"type":"object","properties":{"teamName":{"type":"string","description":"Name of the team containing the channel where the message was sent"},"tenantID":{"type":"string","description":"ID of the tenant"},"tenantDomain":{"type":"string","description":"Domain name of the tenant"},"teamID":{"type":"string","description":"ID of the team containing the channel where the message was sent"},"teamVisibility":{"type":"string","description":"Visibility of the team containing the channel where the message was sent"},"teamWebURL":{"type":"string","description":"Web URL of the team containing the channel where the message was sent"},"channelID":{"type":"string","description":"ID of the channel where the message was sent"},"channelName":{"type":"string","description":"Name of the channel where the message was sent"},"channelType":{"type":"string","description":"Type of the channel where the message was sent"},"channelWebURL":{"type":"string","description":"Web URL of the channel where the message was sent"},"messageID":{"type":"string","description":"ID of the message"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"chatMessageSender":{"type":"string","description":"Sender of the chat message"},"userID":{"type":"string","description":"ID of the user who sent the message"},"userPrincipalName":{"type":"string","description":"Principal name of the user who sent the message"},"attachments":{"type":"array","items":{"$ref":"#/components/schemas/M365TeamsAttachment"},"description":"Attachment details"},"chatMessageImportance":{"type":"string","description":"Importance of the sent message"},"chatID":{"type":"string","description":"ID of the chat conversation"},"chatType":{"type":"string","description":"Type of the chat conversation (one-on-one, group, meeting)"},"chatTopic":{"type":"string","description":"Topic or subject of the chat conversation"},"chatParticipants":{"type":"array","items":{"$ref":"#/components/schemas/M365TeamsChatParticipant"}}}},"M365TeamsAttachment":{"type":"object","properties":{"attachmentID":{"type":"string","description":"ID of the attachment present in the message"},"attachmentName":{"type":"string","description":"Name of the attachment present in the message"},"attachmentURL":{"type":"string","description":"URL of the attachment present in the message"}}},"M365TeamsChatParticipant":{"type":"object","properties":{"userID":{"type":"string","description":"ID of the user participating in the chat conversation"},"email":{"type":"string","description":"email address of the chat participant"},"displayName":{"type":"string","description":"display name of the chat participant"}}},"M365OnedriveMetadata":{"type":"object","properties":{"tenantID":{"type":"string","description":"ID of the tenant"},"tenantDomain":{"type":"string","description":"Domain name of the tenant"},"driveItemID":{"type":"string","description":"ID of the drive item"},"driveItemName":{"type":"string","description":"Name of the drive item"},"driveItemURL":{"type":"string","description":"URL of the drive item"},"driveItemMimeType":{"type":"string","description":"Mime type of the drive item"},"driveItemSize":{"type":"integer","description":"Size of the drive item in bytes"},"parentPath":{"type":"string","description":"Path to the drive item relative to the root of the drive"},"createdByID":{"type":"string","description":"ID of the user who created the drive item"},"updatedByEmail":{"type":"string","description":"Email of the user who last updated the drive item"},"updatedByID":{"type":"string","description":"ID of the user who last updated the drive item"},"updatedByName":{"type":"string","description":"Name of the user who last updated the drive item"},"createdAt":{"type":"integer","description":"Unix timestamp when the drive item was created"},"updatedAt":{"type":"integer","description":"Unix timestamp when the drive item was last updated"},"specialFolderName":{"type":"string","description":"Name of the special folder if drive item is inside one"},"driveID":{"type":"string","description":"ID of the drive where the drive item is present"},"driveOwnerName":{"type":"string","description":"Name of user who owns the drive where the drive item is present"},"driveOwnerEmail":{"type":"string","description":"Email of user who owns the drive where the drive item is present"},"driveOwnerID":{"type":"string","description":"ID of user who owns the drive where the drive item is present"}}},"InlineEmailMetadata":{"type":"object","properties":{"domain":{"type":"string","description":"Domain of the company where email was sent from"},"user_name":{"type":"string","description":"User Name who sent the email"},"from":{"type":"string","description":"Email of the sender"},"to":{"type":"array","items":{"type":"string"},"description":"Recipients of the Email"},"cc":{"type":"array","items":{"type":"string"},"description":"Recipients mentioned in the CC field of the Email"},"bcc":{"type":"array","items":{"type":"string"},"description":"Recipients mentioned in the BCC field of the Email"},"subject":{"type":"string","description":"Subject of the email"},"sent_at":{"type":"integer","description":"Unix timestamp of when email was sent"},"thread_id":{"type":"string","description":"ThreadID of the email"},"attachment_name":{"type":"string","description":"Name of the attachment"},"attachment_type":{"type":"string","description":"Type of attachment"}}},"FileDetails":{"type":"object","properties":{"fileName":{"type":"string","description":"The name of the file"},"mimeType":{"type":"string","description":"The file mime type"},"permalink":{"type":"string","description":"The link to the resource on the integration"}}},"ViolationRisk":{"type":"string","enum":["UNSPECIFIED","LOW","MEDIUM","HIGH","CRITICAL","NO_RISK"]},"ViolationRiskSource":{"type":"string","enum":["NIGHTFALL","CUSTOM","OVERRIDDEN"]},"UserInformation":{"type":"object","properties":{"username":{"type":"string","description":"Username as on the integration"},"userEmail":{"type":"string","description":"User email as on the integration, may be empty"}}},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/violations":{"get":{"summary":"Fetch violations","description":"Fetch a list of violations for a period","parameters":[{"name":"createdAfter","in":"query","description":"Unix timestamp in seconds, filters records created ≥ the value, defaults to -90 days UTC","required":false,"schema":{"type":"integer"}},{"name":"createdBefore","in":"query","description":"Unix timestamp in seconds, filters records created < the value, defaults to end of the current day UTC","required":false,"schema":{"type":"integer"}},{"name":"updatedAfter","in":"query","description":"Unix timestamp in seconds, filters records updated > the value","required":false,"schema":{"type":"integer"}},{"name":"limit","in":"query","description":"The maximum number of records to be returned in the response","required":false,"schema":{"type":"integer","maximum":100,"default":50}},{"name":"pageToken","in":"query","description":"Cursor for getting the next page of results","required":false,"schema":{"type":"string"}}],"responses":{"200":{"description":"Successful response","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"violations":{"type":"array","items":{"$ref":"#/components/schemas/Violation"}},"nextPageToken":{"type":"string","description":"Next page cursor, omitted if end of results reached"}}}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Fetch violation > Fetch a violation by ID ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"Violation":{"type":"object","properties":{"id":{"type":"string","description":"The violation id"},"integration":{"$ref":"#/components/schemas/Integration","description":"The integration name"},"createdAt":{"type":"integer","description":"Unix timestamp when the violation was created"},"updatedAt":{"type":"integer","description":"Unix timestamp when the violation was updated"},"possibleActions":{"type":"array","items":{"$ref":"#/components/schemas/Action"},"description":"Possible actions for the violation"},"state":{"$ref":"#/components/schemas/ViolationState","description":"The current state of the violation"},"resourceLink":{"type":"string","description":"The link to the resource on the integration"},"metadata":{"$ref":"#/components/schemas/Metadata","description":"Integration specific metadata, based on the integration one field will be populated."},"fileDetails":{"$ref":"#/components/schemas/FileDetails","description":"If the resource is a file, the details for it"},"policyUUIDs":{"type":"array","items":{"type":"string"},"description":"Policies violated"},"detectionRuleUUIDs":{"type":"array","items":{"type":"string"},"description":"Detection rules triggered"},"detectorUUIDs":{"type":"array","items":{"type":"string"},"description":"Detectors triggered"},"risk":{"$ref":"#/components/schemas/ViolationRisk","description":"The risk label associated to this violation"},"riskSource":{"$ref":"#/components/schemas/ViolationRiskSource","description":"The source of calculation of risk associated to this violation"},"riskScore":{"type":"number","format":"float","description":"The calculated score of the risk for this violation"},"userInfo":{"$ref":"#/components/schemas/UserInformation"}}},"Integration":{"type":"string","enum":["SLACK","GDRIVE","JIRA","CONFLUENCE","SALESFORCE","ZENDESK","BROWSER","NOTION","GITHUB","M365_TEAMS","M365_ONEDRIVE","INLINE_EMAIL"]},"Action":{"type":"string","enum":["ACKNOWLEDGE","REDACT","QUARANTINE","ALLOW_QUARANTINE","REJECT_QUARANTINE","REMOVE_INTERNAL_USERS","REMOVE_EXTERNAL_USERS","DOMAIN_WIDE_LINK","RESTRICTED_LINK","DELETE","IGNORE","NOTIFY_SLACK","NOTIFY_EMAIL","UNACKNOWLEDGE","DISABLE_DOWNLOAD","CREATE_JIRA_ISSUE","MARK_AS_PRIVATE","DELETE_ATTACHMENT","MANUAL_UNDO","RESOLVE","NOTIFY_TEAMS","NOTIFY_GITHUB","SOFT_DELETE","HARD_DELETE","RESTRICT_TO_OWNER"]},"ViolationState":{"type":"string","enum":["ACTIVE","PENDING","RESOLVED","EXPIRED"]},"Metadata":{"type":"object","properties":{"slackMetadata":{"$ref":"#/components/schemas/SlackMetadata"},"confluenceMetadata":{"$ref":"#/components/schemas/ConfluenceMetadata"},"gdriveMetadata":{"$ref":"#/components/schemas/GdriveMetadata"},"jiraMetadata":{"$ref":"#/components/schemas/JiraMetadata"},"githubMetadata":{"$ref":"#/components/schemas/GithubMetadata"},"salesforceMetadata":{"$ref":"#/components/schemas/SalesforceMetadata"},"zendeskMetadata":{"$ref":"#/components/schemas/ZendeskMetadata"},"notionMetadata":{"$ref":"#/components/schemas/NotionMetadata"},"browserMetadata":{"$ref":"#/components/schemas/BrowserMetadata"},"m365TeamsMetadata":{"$ref":"#/components/schemas/M365TeamsMetadata"},"m365OnedriveMetadata":{"$ref":"#/components/schemas/M365OnedriveMetadata"},"inlineEmailMetadata":{"$ref":"#/components/schemas/InlineEmailMetadata"}}},"SlackMetadata":{"type":"object","properties":{"location":{"type":"string","description":"The channel name in case of a message in a channel"},"locationType":{"type":"string","description":"Type of location"},"username":{"type":"string","description":"User name"},"userID":{"type":"string","description":"ID - user"},"messagePermalink":{"type":"string","description":"Link to message"},"locationMembers":{"type":"array","items":{"type":"string"},"description":"Members for the location"},"locationMemberCount":{"type":"integer","description":"Count of members for the location"},"channelID":{"type":"string","description":"ID - channel"},"workspaceName":{"type":"string","description":"Name of workspace"}}},"ConfluenceMetadata":{"type":"object","properties":{"itemName":{"type":"string","description":"Name of item"},"itemType":{"type":"string","description":"Type of item"},"isArchived":{"type":"boolean","description":"Archived status"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"labels":{"type":"array","items":{"type":"string"},"description":"List of labels"},"spaceName":{"type":"string","description":"Name of space"},"spaceKey":{"type":"string","description":"Key of space"},"spaceNameLink":{"type":"string","description":"Link of space"},"parentPageName":{"type":"string","description":"Parent page"},"authorName":{"type":"string","description":"Name of author"},"authorEmail":{"type":"string","description":"Email of author"},"authorNameLink":{"type":"string","description":"Link of author name"},"permalink":{"type":"string","description":"Link to resource"},"confluenceID":{"type":"string","description":"ID - Confluence internal"},"confluenceUserID":{"type":"string","description":"ID - Confluence user"},"itemVersion":{"type":"integer","description":"Version of item"},"parentPageID":{"type":"string","description":"ID - parent page"},"parentVersion":{"type":"integer","description":"Version of parent page"}}},"GdriveMetadata":{"type":"object","properties":{"fileID":{"type":"string","description":"ID of file"},"fileName":{"type":"string","description":"The name of the file"},"fileType":{"type":"string","description":"Type of file"},"fileSize":{"type":"string","description":"File size"},"fileLink":{"type":"string","description":"Link to file"},"permissionSetting":{"type":"string","description":"Permissions"},"sharingExternalUsers":{"type":"array","items":{"type":"string"},"description":"User list shared with - external"},"sharingInternalUsers":{"type":"array","items":{"type":"string"},"description":"User list shared with - internal"},"canViewersDownload":{"type":"boolean","description":"Available for viewers to download"},"fileOwner":{"type":"string","description":"File owner"},"isInTrash":{"type":"boolean","description":"In trash"},"createdAt":{"type":"integer","description":"Unix timestamp, when the file was created"},"updatedAt":{"type":"integer","description":"Unix timestamp, when the file was updated"},"drive":{"type":"string","description":"Drive name"},"updatedBy":{"type":"string","description":"Updated by user"}}},"JiraMetadata":{"type":"object","properties":{"projectName":{"type":"string","description":"Name of project"},"ticketNumber":{"type":"string","description":"Ticket number"},"projectType":{"type":"string","description":"Type of project"},"issueID":{"type":"string","description":"ID for the issue"},"projectLink":{"type":"string","description":"Link to project"},"ticketLink":{"type":"string","description":"Link to ticket"},"commentLink":{"type":"string","description":"Link to comment"},"attachmentLink":{"type":"string","description":"Link to attachment"}}},"GithubMetadata":{"type":"object","properties":{"branchName":{"type":"string","description":"Branch on which violation occurred"},"organization":{"type":"string","description":"Name of the organization or username in case of an individual account"},"repository":{"type":"string","description":"Name of the repository"},"authorEmail":{"type":"string","description":"Email of the user who pushed the changes to GitHub"},"authorUsername":{"type":"string","description":"Username of the user who pushed the changes to GitHub"},"createdAt":{"type":"integer","description":"Unix timestamp"},"isRepoPrivate":{"type":"boolean","description":"Boolean to check if the repo is private or public"},"filePath":{"type":"string","description":"Path of the file on which violation occurred"},"githubPermalink":{"type":"string","description":"Permalink to the version of the file where sensitive content was identified"},"repositoryOwner":{"type":"string","description":"Owner of the repository"},"githubRepoLink":{"type":"string","description":"Link to the repository"}}},"SalesforceMetadata":{"type":"object","properties":{"orgName":{"type":"string","description":"Name of the Salesforce organization"},"recordID":{"type":"string","description":"ID of the record"},"objectName":{"type":"string","description":"Name of the object"},"contentType":{"type":"string","description":"Attachment or Object"},"userID":{"type":"string","description":"ID of the user"},"userName":{"type":"string","description":"Salesforce username of the author"},"updatedAt":{"type":"integer","description":"Unix timestamp when the object was last updated"},"fields":{"type":"array","items":{"type":"string"},"description":"Fields of the Object"},"fileType":{"type":"string","description":"File Type"},"attachmentLink":{"type":"string","description":"Link to the attachment"},"attachmentName":{"type":"string","description":"Name of the attachment"},"objectLink":{"type":"string","description":"Link to the object"}}},"ZendeskMetadata":{"type":"object","properties":{"ticketStatus":{"type":"string","description":"Status of the ticket"},"ticketTitle":{"type":"string","description":"Title of the ticket"},"ticketRequestor":{"type":"string","description":"Ticket requested by"},"ticketGroupAssignee":{"type":"string","description":"Group the ticket is assigned to"},"ticketAgentAssignee":{"type":"string","description":"Agent the ticket is assigned to"},"currentUserRole":{"type":"string","description":"User role"},"ticketID":{"type":"integer","description":"ID of the ticket"},"ticketFollowers":{"type":"array","items":{"type":"string"},"description":"Followers of the ticket"},"ticketTags":{"type":"string","description":"Tags for the ticket"},"createdAt":{"type":"integer","description":"Unix timestamp"},"UpdatedAt":{"type":"integer","description":"Unix timestamp"},"location":{"type":"string","description":"Location"},"subLocation":{"type":"string","description":"Sub-location"},"ticketCommentID":{"type":"integer","description":"ID - ticket comment"},"ticketGroupID":{"type":"integer","description":"ID - ticket group"},"ticketGroupLink":{"type":"string","description":"Link to the ticket group"},"ticketAgentID":{"type":"integer","description":"ID - ticket agent"},"ticketAgentLink":{"type":"string","description":"Link - ticket agent"},"ticketEvent":{"type":"string","description":"Ticket event"},"userRole":{"type":"string","description":"Role of the user"},"attachmentName":{"type":"string","description":"Name of the attachment"},"attachmentLink":{"type":"string","description":"Link for the attachment"}}},"NotionMetadata":{"type":"object","properties":{"createdBy":{"type":"string","description":"Page creator"},"updatedBy":{"type":"string","description":"Page update by"},"workspaceName":{"type":"string","description":"Workspace name"},"workspaceLink":{"type":"string","description":"Link to workspace"},"pageID":{"type":"string","description":"ID of the page"},"pageTitle":{"type":"string","description":"Title of the page"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"privatePageLink":{"type":"string","description":"Private page link"},"publicPageLink":{"type":"string","description":"Public page link"},"sharedExternally":{"type":"boolean","description":"Externally shared state"},"attachmentID":{"type":"string","description":"ID of the attachment"}}},"BrowserMetadata":{"type":"object","properties":{"location":{"type":"string","description":"Page URL where the extension is launched"},"subLocation":{"type":"string","description":"Specific location on the page"},"browserName":{"type":"string","description":"Browser type"},"userComment":{"type":"string","description":"Remediation comment from the user"}}},"M365TeamsMetadata":{"type":"object","properties":{"teamName":{"type":"string","description":"Name of the team containing the channel where the message was sent"},"tenantID":{"type":"string","description":"ID of the tenant"},"tenantDomain":{"type":"string","description":"Domain name of the tenant"},"teamID":{"type":"string","description":"ID of the team containing the channel where the message was sent"},"teamVisibility":{"type":"string","description":"Visibility of the team containing the channel where the message was sent"},"teamWebURL":{"type":"string","description":"Web URL of the team containing the channel where the message was sent"},"channelID":{"type":"string","description":"ID of the channel where the message was sent"},"channelName":{"type":"string","description":"Name of the channel where the message was sent"},"channelType":{"type":"string","description":"Type of the channel where the message was sent"},"channelWebURL":{"type":"string","description":"Web URL of the channel where the message was sent"},"messageID":{"type":"string","description":"ID of the message"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"chatMessageSender":{"type":"string","description":"Sender of the chat message"},"userID":{"type":"string","description":"ID of the user who sent the message"},"userPrincipalName":{"type":"string","description":"Principal name of the user who sent the message"},"attachments":{"type":"array","items":{"$ref":"#/components/schemas/M365TeamsAttachment"},"description":"Attachment details"},"chatMessageImportance":{"type":"string","description":"Importance of the sent message"},"chatID":{"type":"string","description":"ID of the chat conversation"},"chatType":{"type":"string","description":"Type of the chat conversation (one-on-one, group, meeting)"},"chatTopic":{"type":"string","description":"Topic or subject of the chat conversation"},"chatParticipants":{"type":"array","items":{"$ref":"#/components/schemas/M365TeamsChatParticipant"}}}},"M365TeamsAttachment":{"type":"object","properties":{"attachmentID":{"type":"string","description":"ID of the attachment present in the message"},"attachmentName":{"type":"string","description":"Name of the attachment present in the message"},"attachmentURL":{"type":"string","description":"URL of the attachment present in the message"}}},"M365TeamsChatParticipant":{"type":"object","properties":{"userID":{"type":"string","description":"ID of the user participating in the chat conversation"},"email":{"type":"string","description":"email address of the chat participant"},"displayName":{"type":"string","description":"display name of the chat participant"}}},"M365OnedriveMetadata":{"type":"object","properties":{"tenantID":{"type":"string","description":"ID of the tenant"},"tenantDomain":{"type":"string","description":"Domain name of the tenant"},"driveItemID":{"type":"string","description":"ID of the drive item"},"driveItemName":{"type":"string","description":"Name of the drive item"},"driveItemURL":{"type":"string","description":"URL of the drive item"},"driveItemMimeType":{"type":"string","description":"Mime type of the drive item"},"driveItemSize":{"type":"integer","description":"Size of the drive item in bytes"},"parentPath":{"type":"string","description":"Path to the drive item relative to the root of the drive"},"createdByID":{"type":"string","description":"ID of the user who created the drive item"},"updatedByEmail":{"type":"string","description":"Email of the user who last updated the drive item"},"updatedByID":{"type":"string","description":"ID of the user who last updated the drive item"},"updatedByName":{"type":"string","description":"Name of the user who last updated the drive item"},"createdAt":{"type":"integer","description":"Unix timestamp when the drive item was created"},"updatedAt":{"type":"integer","description":"Unix timestamp when the drive item was last updated"},"specialFolderName":{"type":"string","description":"Name of the special folder if drive item is inside one"},"driveID":{"type":"string","description":"ID of the drive where the drive item is present"},"driveOwnerName":{"type":"string","description":"Name of user who owns the drive where the drive item is present"},"driveOwnerEmail":{"type":"string","description":"Email of user who owns the drive where the drive item is present"},"driveOwnerID":{"type":"string","description":"ID of user who owns the drive where the drive item is present"}}},"InlineEmailMetadata":{"type":"object","properties":{"domain":{"type":"string","description":"Domain of the company where email was sent from"},"user_name":{"type":"string","description":"User Name who sent the email"},"from":{"type":"string","description":"Email of the sender"},"to":{"type":"array","items":{"type":"string"},"description":"Recipients of the Email"},"cc":{"type":"array","items":{"type":"string"},"description":"Recipients mentioned in the CC field of the Email"},"bcc":{"type":"array","items":{"type":"string"},"description":"Recipients mentioned in the BCC field of the Email"},"subject":{"type":"string","description":"Subject of the email"},"sent_at":{"type":"integer","description":"Unix timestamp of when email was sent"},"thread_id":{"type":"string","description":"ThreadID of the email"},"attachment_name":{"type":"string","description":"Name of the attachment"},"attachment_type":{"type":"string","description":"Type of attachment"}}},"FileDetails":{"type":"object","properties":{"fileName":{"type":"string","description":"The name of the file"},"mimeType":{"type":"string","description":"The file mime type"},"permalink":{"type":"string","description":"The link to the resource on the integration"}}},"ViolationRisk":{"type":"string","enum":["UNSPECIFIED","LOW","MEDIUM","HIGH","CRITICAL","NO_RISK"]},"ViolationRiskSource":{"type":"string","enum":["NIGHTFALL","CUSTOM","OVERRIDDEN"]},"UserInformation":{"type":"object","properties":{"username":{"type":"string","description":"Username as on the integration"},"userEmail":{"type":"string","description":"User email as on the integration, may be empty"}}},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/violations/{violationId}":{"get":{"summary":"Fetch violation","description":"Fetch a violation by ID","parameters":[{"name":"violationId","in":"path","description":"The UUID of the violation to fetch","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Successful response","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Violation"}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"Violation does not exist","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Search violations > Fetch a list of violations based on some filters ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"ViolationSearchSortKey":{"type":"string","enum":["TIME_ASC","TIME_DESC","RELEVANCE","RISK_ASC","RISK_DESC"]},"Violation":{"type":"object","properties":{"id":{"type":"string","description":"The violation id"},"integration":{"$ref":"#/components/schemas/Integration","description":"The integration name"},"createdAt":{"type":"integer","description":"Unix timestamp when the violation was created"},"updatedAt":{"type":"integer","description":"Unix timestamp when the violation was updated"},"possibleActions":{"type":"array","items":{"$ref":"#/components/schemas/Action"},"description":"Possible actions for the violation"},"state":{"$ref":"#/components/schemas/ViolationState","description":"The current state of the violation"},"resourceLink":{"type":"string","description":"The link to the resource on the integration"},"metadata":{"$ref":"#/components/schemas/Metadata","description":"Integration specific metadata, based on the integration one field will be populated."},"fileDetails":{"$ref":"#/components/schemas/FileDetails","description":"If the resource is a file, the details for it"},"policyUUIDs":{"type":"array","items":{"type":"string"},"description":"Policies violated"},"detectionRuleUUIDs":{"type":"array","items":{"type":"string"},"description":"Detection rules triggered"},"detectorUUIDs":{"type":"array","items":{"type":"string"},"description":"Detectors triggered"},"risk":{"$ref":"#/components/schemas/ViolationRisk","description":"The risk label associated to this violation"},"riskSource":{"$ref":"#/components/schemas/ViolationRiskSource","description":"The source of calculation of risk associated to this violation"},"riskScore":{"type":"number","format":"float","description":"The calculated score of the risk for this violation"},"userInfo":{"$ref":"#/components/schemas/UserInformation"}}},"Integration":{"type":"string","enum":["SLACK","GDRIVE","JIRA","CONFLUENCE","SALESFORCE","ZENDESK","BROWSER","NOTION","GITHUB","M365_TEAMS","M365_ONEDRIVE","INLINE_EMAIL"]},"Action":{"type":"string","enum":["ACKNOWLEDGE","REDACT","QUARANTINE","ALLOW_QUARANTINE","REJECT_QUARANTINE","REMOVE_INTERNAL_USERS","REMOVE_EXTERNAL_USERS","DOMAIN_WIDE_LINK","RESTRICTED_LINK","DELETE","IGNORE","NOTIFY_SLACK","NOTIFY_EMAIL","UNACKNOWLEDGE","DISABLE_DOWNLOAD","CREATE_JIRA_ISSUE","MARK_AS_PRIVATE","DELETE_ATTACHMENT","MANUAL_UNDO","RESOLVE","NOTIFY_TEAMS","NOTIFY_GITHUB","SOFT_DELETE","HARD_DELETE","RESTRICT_TO_OWNER"]},"ViolationState":{"type":"string","enum":["ACTIVE","PENDING","RESOLVED","EXPIRED"]},"Metadata":{"type":"object","properties":{"slackMetadata":{"$ref":"#/components/schemas/SlackMetadata"},"confluenceMetadata":{"$ref":"#/components/schemas/ConfluenceMetadata"},"gdriveMetadata":{"$ref":"#/components/schemas/GdriveMetadata"},"jiraMetadata":{"$ref":"#/components/schemas/JiraMetadata"},"githubMetadata":{"$ref":"#/components/schemas/GithubMetadata"},"salesforceMetadata":{"$ref":"#/components/schemas/SalesforceMetadata"},"zendeskMetadata":{"$ref":"#/components/schemas/ZendeskMetadata"},"notionMetadata":{"$ref":"#/components/schemas/NotionMetadata"},"browserMetadata":{"$ref":"#/components/schemas/BrowserMetadata"},"m365TeamsMetadata":{"$ref":"#/components/schemas/M365TeamsMetadata"},"m365OnedriveMetadata":{"$ref":"#/components/schemas/M365OnedriveMetadata"},"inlineEmailMetadata":{"$ref":"#/components/schemas/InlineEmailMetadata"}}},"SlackMetadata":{"type":"object","properties":{"location":{"type":"string","description":"The channel name in case of a message in a channel"},"locationType":{"type":"string","description":"Type of location"},"username":{"type":"string","description":"User name"},"userID":{"type":"string","description":"ID - user"},"messagePermalink":{"type":"string","description":"Link to message"},"locationMembers":{"type":"array","items":{"type":"string"},"description":"Members for the location"},"locationMemberCount":{"type":"integer","description":"Count of members for the location"},"channelID":{"type":"string","description":"ID - channel"},"workspaceName":{"type":"string","description":"Name of workspace"}}},"ConfluenceMetadata":{"type":"object","properties":{"itemName":{"type":"string","description":"Name of item"},"itemType":{"type":"string","description":"Type of item"},"isArchived":{"type":"boolean","description":"Archived status"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"labels":{"type":"array","items":{"type":"string"},"description":"List of labels"},"spaceName":{"type":"string","description":"Name of space"},"spaceKey":{"type":"string","description":"Key of space"},"spaceNameLink":{"type":"string","description":"Link of space"},"parentPageName":{"type":"string","description":"Parent page"},"authorName":{"type":"string","description":"Name of author"},"authorEmail":{"type":"string","description":"Email of author"},"authorNameLink":{"type":"string","description":"Link of author name"},"permalink":{"type":"string","description":"Link to resource"},"confluenceID":{"type":"string","description":"ID - Confluence internal"},"confluenceUserID":{"type":"string","description":"ID - Confluence user"},"itemVersion":{"type":"integer","description":"Version of item"},"parentPageID":{"type":"string","description":"ID - parent page"},"parentVersion":{"type":"integer","description":"Version of parent page"}}},"GdriveMetadata":{"type":"object","properties":{"fileID":{"type":"string","description":"ID of file"},"fileName":{"type":"string","description":"The name of the file"},"fileType":{"type":"string","description":"Type of file"},"fileSize":{"type":"string","description":"File size"},"fileLink":{"type":"string","description":"Link to file"},"permissionSetting":{"type":"string","description":"Permissions"},"sharingExternalUsers":{"type":"array","items":{"type":"string"},"description":"User list shared with - external"},"sharingInternalUsers":{"type":"array","items":{"type":"string"},"description":"User list shared with - internal"},"canViewersDownload":{"type":"boolean","description":"Available for viewers to download"},"fileOwner":{"type":"string","description":"File owner"},"isInTrash":{"type":"boolean","description":"In trash"},"createdAt":{"type":"integer","description":"Unix timestamp, when the file was created"},"updatedAt":{"type":"integer","description":"Unix timestamp, when the file was updated"},"drive":{"type":"string","description":"Drive name"},"updatedBy":{"type":"string","description":"Updated by user"}}},"JiraMetadata":{"type":"object","properties":{"projectName":{"type":"string","description":"Name of project"},"ticketNumber":{"type":"string","description":"Ticket number"},"projectType":{"type":"string","description":"Type of project"},"issueID":{"type":"string","description":"ID for the issue"},"projectLink":{"type":"string","description":"Link to project"},"ticketLink":{"type":"string","description":"Link to ticket"},"commentLink":{"type":"string","description":"Link to comment"},"attachmentLink":{"type":"string","description":"Link to attachment"}}},"GithubMetadata":{"type":"object","properties":{"branchName":{"type":"string","description":"Branch on which violation occurred"},"organization":{"type":"string","description":"Name of the organization or username in case of an individual account"},"repository":{"type":"string","description":"Name of the repository"},"authorEmail":{"type":"string","description":"Email of the user who pushed the changes to GitHub"},"authorUsername":{"type":"string","description":"Username of the user who pushed the changes to GitHub"},"createdAt":{"type":"integer","description":"Unix timestamp"},"isRepoPrivate":{"type":"boolean","description":"Boolean to check if the repo is private or public"},"filePath":{"type":"string","description":"Path of the file on which violation occurred"},"githubPermalink":{"type":"string","description":"Permalink to the version of the file where sensitive content was identified"},"repositoryOwner":{"type":"string","description":"Owner of the repository"},"githubRepoLink":{"type":"string","description":"Link to the repository"}}},"SalesforceMetadata":{"type":"object","properties":{"orgName":{"type":"string","description":"Name of the Salesforce organization"},"recordID":{"type":"string","description":"ID of the record"},"objectName":{"type":"string","description":"Name of the object"},"contentType":{"type":"string","description":"Attachment or Object"},"userID":{"type":"string","description":"ID of the user"},"userName":{"type":"string","description":"Salesforce username of the author"},"updatedAt":{"type":"integer","description":"Unix timestamp when the object was last updated"},"fields":{"type":"array","items":{"type":"string"},"description":"Fields of the Object"},"fileType":{"type":"string","description":"File Type"},"attachmentLink":{"type":"string","description":"Link to the attachment"},"attachmentName":{"type":"string","description":"Name of the attachment"},"objectLink":{"type":"string","description":"Link to the object"}}},"ZendeskMetadata":{"type":"object","properties":{"ticketStatus":{"type":"string","description":"Status of the ticket"},"ticketTitle":{"type":"string","description":"Title of the ticket"},"ticketRequestor":{"type":"string","description":"Ticket requested by"},"ticketGroupAssignee":{"type":"string","description":"Group the ticket is assigned to"},"ticketAgentAssignee":{"type":"string","description":"Agent the ticket is assigned to"},"currentUserRole":{"type":"string","description":"User role"},"ticketID":{"type":"integer","description":"ID of the ticket"},"ticketFollowers":{"type":"array","items":{"type":"string"},"description":"Followers of the ticket"},"ticketTags":{"type":"string","description":"Tags for the ticket"},"createdAt":{"type":"integer","description":"Unix timestamp"},"UpdatedAt":{"type":"integer","description":"Unix timestamp"},"location":{"type":"string","description":"Location"},"subLocation":{"type":"string","description":"Sub-location"},"ticketCommentID":{"type":"integer","description":"ID - ticket comment"},"ticketGroupID":{"type":"integer","description":"ID - ticket group"},"ticketGroupLink":{"type":"string","description":"Link to the ticket group"},"ticketAgentID":{"type":"integer","description":"ID - ticket agent"},"ticketAgentLink":{"type":"string","description":"Link - ticket agent"},"ticketEvent":{"type":"string","description":"Ticket event"},"userRole":{"type":"string","description":"Role of the user"},"attachmentName":{"type":"string","description":"Name of the attachment"},"attachmentLink":{"type":"string","description":"Link for the attachment"}}},"NotionMetadata":{"type":"object","properties":{"createdBy":{"type":"string","description":"Page creator"},"updatedBy":{"type":"string","description":"Page update by"},"workspaceName":{"type":"string","description":"Workspace name"},"workspaceLink":{"type":"string","description":"Link to workspace"},"pageID":{"type":"string","description":"ID of the page"},"pageTitle":{"type":"string","description":"Title of the page"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"privatePageLink":{"type":"string","description":"Private page link"},"publicPageLink":{"type":"string","description":"Public page link"},"sharedExternally":{"type":"boolean","description":"Externally shared state"},"attachmentID":{"type":"string","description":"ID of the attachment"}}},"BrowserMetadata":{"type":"object","properties":{"location":{"type":"string","description":"Page URL where the extension is launched"},"subLocation":{"type":"string","description":"Specific location on the page"},"browserName":{"type":"string","description":"Browser type"},"userComment":{"type":"string","description":"Remediation comment from the user"}}},"M365TeamsMetadata":{"type":"object","properties":{"teamName":{"type":"string","description":"Name of the team containing the channel where the message was sent"},"tenantID":{"type":"string","description":"ID of the tenant"},"tenantDomain":{"type":"string","description":"Domain name of the tenant"},"teamID":{"type":"string","description":"ID of the team containing the channel where the message was sent"},"teamVisibility":{"type":"string","description":"Visibility of the team containing the channel where the message was sent"},"teamWebURL":{"type":"string","description":"Web URL of the team containing the channel where the message was sent"},"channelID":{"type":"string","description":"ID of the channel where the message was sent"},"channelName":{"type":"string","description":"Name of the channel where the message was sent"},"channelType":{"type":"string","description":"Type of the channel where the message was sent"},"channelWebURL":{"type":"string","description":"Web URL of the channel where the message was sent"},"messageID":{"type":"string","description":"ID of the message"},"createdAt":{"type":"integer","description":"Unix timestamp"},"updatedAt":{"type":"integer","description":"Unix timestamp"},"chatMessageSender":{"type":"string","description":"Sender of the chat message"},"userID":{"type":"string","description":"ID of the user who sent the message"},"userPrincipalName":{"type":"string","description":"Principal name of the user who sent the message"},"attachments":{"type":"array","items":{"$ref":"#/components/schemas/M365TeamsAttachment"},"description":"Attachment details"},"chatMessageImportance":{"type":"string","description":"Importance of the sent message"},"chatID":{"type":"string","description":"ID of the chat conversation"},"chatType":{"type":"string","description":"Type of the chat conversation (one-on-one, group, meeting)"},"chatTopic":{"type":"string","description":"Topic or subject of the chat conversation"},"chatParticipants":{"type":"array","items":{"$ref":"#/components/schemas/M365TeamsChatParticipant"}}}},"M365TeamsAttachment":{"type":"object","properties":{"attachmentID":{"type":"string","description":"ID of the attachment present in the message"},"attachmentName":{"type":"string","description":"Name of the attachment present in the message"},"attachmentURL":{"type":"string","description":"URL of the attachment present in the message"}}},"M365TeamsChatParticipant":{"type":"object","properties":{"userID":{"type":"string","description":"ID of the user participating in the chat conversation"},"email":{"type":"string","description":"email address of the chat participant"},"displayName":{"type":"string","description":"display name of the chat participant"}}},"M365OnedriveMetadata":{"type":"object","properties":{"tenantID":{"type":"string","description":"ID of the tenant"},"tenantDomain":{"type":"string","description":"Domain name of the tenant"},"driveItemID":{"type":"string","description":"ID of the drive item"},"driveItemName":{"type":"string","description":"Name of the drive item"},"driveItemURL":{"type":"string","description":"URL of the drive item"},"driveItemMimeType":{"type":"string","description":"Mime type of the drive item"},"driveItemSize":{"type":"integer","description":"Size of the drive item in bytes"},"parentPath":{"type":"string","description":"Path to the drive item relative to the root of the drive"},"createdByID":{"type":"string","description":"ID of the user who created the drive item"},"updatedByEmail":{"type":"string","description":"Email of the user who last updated the drive item"},"updatedByID":{"type":"string","description":"ID of the user who last updated the drive item"},"updatedByName":{"type":"string","description":"Name of the user who last updated the drive item"},"createdAt":{"type":"integer","description":"Unix timestamp when the drive item was created"},"updatedAt":{"type":"integer","description":"Unix timestamp when the drive item was last updated"},"specialFolderName":{"type":"string","description":"Name of the special folder if drive item is inside one"},"driveID":{"type":"string","description":"ID of the drive where the drive item is present"},"driveOwnerName":{"type":"string","description":"Name of user who owns the drive where the drive item is present"},"driveOwnerEmail":{"type":"string","description":"Email of user who owns the drive where the drive item is present"},"driveOwnerID":{"type":"string","description":"ID of user who owns the drive where the drive item is present"}}},"InlineEmailMetadata":{"type":"object","properties":{"domain":{"type":"string","description":"Domain of the company where email was sent from"},"user_name":{"type":"string","description":"User Name who sent the email"},"from":{"type":"string","description":"Email of the sender"},"to":{"type":"array","items":{"type":"string"},"description":"Recipients of the Email"},"cc":{"type":"array","items":{"type":"string"},"description":"Recipients mentioned in the CC field of the Email"},"bcc":{"type":"array","items":{"type":"string"},"description":"Recipients mentioned in the BCC field of the Email"},"subject":{"type":"string","description":"Subject of the email"},"sent_at":{"type":"integer","description":"Unix timestamp of when email was sent"},"thread_id":{"type":"string","description":"ThreadID of the email"},"attachment_name":{"type":"string","description":"Name of the attachment"},"attachment_type":{"type":"string","description":"Type of attachment"}}},"FileDetails":{"type":"object","properties":{"fileName":{"type":"string","description":"The name of the file"},"mimeType":{"type":"string","description":"The file mime type"},"permalink":{"type":"string","description":"The link to the resource on the integration"}}},"ViolationRisk":{"type":"string","enum":["UNSPECIFIED","LOW","MEDIUM","HIGH","CRITICAL","NO_RISK"]},"ViolationRiskSource":{"type":"string","enum":["NIGHTFALL","CUSTOM","OVERRIDDEN"]},"UserInformation":{"type":"object","properties":{"username":{"type":"string","description":"Username as on the integration"},"userEmail":{"type":"string","description":"User email as on the integration, may be empty"}}},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/violations/search":{"get":{"summary":"Search violations","description":"Fetch a list of violations based on some filters","parameters":[{"name":"createdAfter","in":"query","description":"Unix timestamp in seconds, filters records created ≥ the value, defaults to -90 days UTC","required":false,"schema":{"type":"integer"}},{"name":"createdBefore","in":"query","description":"Unix timestamp in seconds, filters records created < the value, defaults to end of the current day UTC","required":false,"schema":{"type":"integer"}},{"name":"updatedAfter","in":"query","description":"Unix timestamp in seconds, filters records updated > the value","required":false,"schema":{"type":"integer"}},{"name":"limit","in":"query","description":"The maximum number of records to be returned in the response","required":false,"schema":{"type":"integer","maximum":100,"default":50}},{"name":"pageToken","in":"query","description":"Cursor for getting the next page of results","required":false,"schema":{"type":"string"}},{"name":"sort","in":"query","description":"Sort key and direction, defaults to descending order by creation time","required":false,"schema":{"$ref":"#/components/schemas/ViolationSearchSortKey","default":"TIME_DESC"}},{"name":"query","in":"query","description":"The query containing filter clauses\n### **Search query language**\n**Query structure and terminology**\n\nA query **`clause`** consists of a **`field`** followed by an **`operator`** followed by a **`value`**:\n\n| term | value |\n| --- | --- |\n| clause | user_email:\"amy@rocketrides.io\" |\n| field | user_email |\n| operator | : |\n| value | amy@rocketrides.io |\n\nYou can combine multiple query clauses in a search by separating them with a space.\n\n**Field types, substring matching, and numeric comparators**\n\nEvery search field supports exact matching with a **`:`**. Certain fields such as **`user_email`** and **`user_name`** support substring matching.\n\n**Quotes**\n\nYou may use quotation marks around string values. Quotation marks are required in case the value contains spaces. For example:\n\n- **`user_mail:john@example.com`**\n- **`user_name:\"John Doe\"`**\n\n**Special Characters**\n\n`+ - && || ! ( ) { } [ ] ^ \" ~ * ? :` are special characters need to be escaped using `\\`. For example:\n\n- a value like `(1+1):2` should be searched for using `\\(1\\+1)\\:2`\n\n**Search Syntax**\n\nThe following table lists the syntax that you can use to construct a query.\n\n| SYNTAX | USAGE | DESCRIPTION | EXAMPLES |\n| --- | --- | --- | --- |\n| `:` | field:value | Exact match operator (case insensitive) | `state:\"pending\"` returns records where the currency is exactly `\"PENDING\"` in a case-insensitive comparison |\n| ` ` (space) | field1:value1 field2:value2 | The query returns only records that match both clauses | `state:active slack.channel_name:general` |\n| `OR` | field:(value1 OR value2) | The query returns records that match either of the values (case insensitive) | `state:(active OR pending)` |\n\n**Query Fields**\n\n| param | description |\n| --- | --- |\n| state | the violation states to filter on |\n| user_email | the emails of users updating the resource resulting in the violation |\n| user_name | the usernames of users updating the resource resulting in the violation |\n| integration_name | the integration to filter on |\n| confidence | one or more likelihoods/confidences |\n| policy_id | one or more policy IDs |\n| detection_rule_id | one or more detection rule IDs |\n| detector_id | one or more detector IDs |\n| risk_label | the risk label to filter on |\n| risk_source | the risk determination source to filter on |\n| slack.channel_name | the slack channel names to filter on |\n| slack.channel_id | the slack channel IDs to filter on |\n| slack.workspace | the slack workspaces to filter on |\n| confluence.parent_page_name | the names of the parent pages in confluence to filter on |\n| confluence.space_name | the names of the spaces in confluence to filter on |\n| gdrive.drive | the drive names in gdrive to filter on |\n| jira.project_name | the jira project names to filter on |\n| jira.ticket_number | the jira ticket numbers to filter on |\n| salesforce.org_name | the salesforce organization names to filter on |\n| salesforce.object | the salesforce object names to filter on |\n| salesforce.record_id | the salesforce record IDs to filter on |\n| github.author_email | the github author emails to filter on |\n| github.branch | the github branches to filter on |\n| github.commit | the github commit ids to filter on |\n| github.org | the github organizations to filter on |\n| github.repository | the github repositories to filter on |\n| github.repository_owner | the github repository owners to filter on |\n| teams.team_name | the m365 teams team names to filter on |\n| teams.channel_name | the m365 teams channels to filter on |\n| teams.channel_type | the m365 teams channel types to filter on |\n| teams.team_sensitivity | the m365 teams sensitivities to filter on |\n| teams.sender | the m365 teams senders to filter on |\n| teams.msg_importance | the m365 teams importance to filter on |\n| teams.msg_attachment | the m365 teams attachment names to filter on |\n| teams.chat_id | the m365 teams chat ID to filter on |\n| teams.chat_type | the m365 teams chat type to filter on |\n| teams.chat_topic | the m365 teams chat topic to filter on |\n| teams.chat_participant | the m365 teams chat participant's display name to filter on |\n| onedrive.drive_owner | drive owner's display name to filter on |\n| onedrive.drive_owner_email | drive owner's email to filter on |\n| onedrive.file_name | the file name to filter on |\n| onedrive.created_by | the m365 user, who created the file in the drive, display name to filter on |\n| onedrive.created_by_email | the m365 users, who created the file in the drive, email to filter on |\n| onedrive.modified_by | the m365 users, who last modified the file in the drive, display name to filter on |\n| onedrive.modified_by_email | the m365 users, who last modified the file in the drive, email to filter on |\n| zendesk.ticket_status | the zendesk ticket status to filter on |\n| zendesk.ticket_title | the zendesk ticket titles to filter on |\n| zendesk.ticket_group_assignee | the zendesk ticket assignee groups to filter on |\n| zendesk.current_user_role | the zendesk ticket current assignee user's roles to filter on |\n| notion.created_by | the names of the users creating a resource in notion to filter on |\n| notion.last_edited_by | the names of the users editing a resource in notion to filter on |\n| notion.page_title | the page names in notion to filter on |\n| notion.workspace_name | the workspace names in notion to filter on |\n| gmail.user_name | the names of the sender to filter on |\n| gmail.from | the email of sender to filter on |\n| gmail.to | the email or name of recipients to filter on |\n| gmail.cc | the email or name of cc to filter on |\n| gmail.bcc | the email or name of bcc to filter on |\n| gmail.thread_id | the thread id of email to filter on |\n| gmail.subject | the subject of email to filter on |\n| gmail.attachment_name | the name of attachment to filter on |\n| gmail.attachment_type | the type of attachment to filter on |\n| last_actioned_by | the entity that performed the last action on the violation, can be one of NIGHTFALL, ADMIN or END_USER |\n","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Successful response","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"violations":{"type":"array","items":{"$ref":"#/components/schemas/Violation"}},"nextPageToken":{"type":"string","description":"Next page cursor, omitted if end of results reached"}}}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Fetch violation findings > Get findings for a specific violation ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"Finding":{"type":"object","properties":{"id":{"type":"string","description":"The id of the findings"},"detectorUUID":{"type":"string","description":"The id of the detector that was triggered"},"subDetectorUUID":{"type":"string","description":"The sub detector id in case the detector uses a combination of detectors"},"confidence":{"type":"string","description":"The likelihood of the detection"},"redactedSensitiveText":{"type":"string","description":"The redacted sensitive data"},"redactedContext":{"$ref":"#/components/schemas/FindingContext"},"redactedLocation":{"$ref":"#/components/schemas/FindingLocation"},"metadata":{"$ref":"#/components/schemas/FindingMetadata"},"subLocation":{"type":"string","description":"Metadata/sub-location of the finding in the resource. For example - `title` or `description` for a Jira ticket."},"annotationUUID":{"type":"string","description":"The annotation id, if present"}}},"FindingContext":{"type":"object","properties":{"beforeContext":{"type":"string","description":"Data preceding the sensitive data"},"afterContext":{"type":"string","description":"Data after the sensitive data"}}},"FindingLocation":{"type":"object","properties":{"byteRange":{"$ref":"#/components/schemas/Range"},"lineRange":{"$ref":"#/components/schemas/Range"}}},"Range":{"type":"object","properties":{"start":{"type":"integer","description":"Start point for a range"},"end":{"type":"integer","description":"End point for a range"}}},"FindingMetadata":{"type":"object","properties":{"apiKeyMetaData":{"$ref":"#/components/schemas/APIKeyMetadata"}}},"APIKeyMetadata":{"type":"object","properties":{"status":{"$ref":"#/components/schemas/KeyStatus","description":"Key status"},"kind":{"$ref":"#/components/schemas/KeyKind","description":"Key type"},"description":{"type":"string","description":"Additional details about the key"}}},"KeyStatus":{"type":"string","enum":["UNVERIFIED","ACTIVE","EXPIRED","SIGNATURE_VERIFIED","INVALID_SIGNATURE"]},"KeyKind":{"type":"string","enum":["UNSPECIFIED","NIGHTFALL","OKTA","STRIPE","AWS","SLACK","SQUARE","CONFLUENT","AZURE","PLAID","GITHUB","TWILIO","GITLAB","GOOGLE_API","COINBASE","ELASTICSEARCH","SPLUNK","ZAPIER","SALESFORCE","DATADOG","TWITTER","FACEBOOK","JIRA","PAYPAL","CONFLUENCE","SLACK_WEBHOOK","AMAZON_MWS","JWT","GCP","RAPID_API","SNYK","NOTION","SENDGRID","POSTMARK","POSTMAN"]},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/violations/{violationId}/findings":{"get":{"summary":"Fetch violation findings","description":"Get findings for a specific violation","parameters":[{"name":"violationId","in":"path","description":"The UUID of the violation","required":true,"schema":{"type":"string","format":"uuid"}},{"name":"pageToken","in":"query","description":"Cursor for getting the next page of results","schema":{"type":"string"}},{"name":"limit","in":"query","description":"Number of findings to fetch in one page (max 1000)","schema":{"type":"integer","format":"int32","maximum":1000,"default":1000}}],"responses":{"200":{"description":"Successful response","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"findings":{"type":"array","items":{"$ref":"#/components/schemas/Finding"}},"nextPageToken":{"type":"string","description":"Next page cursor, omitted if end of results reached"}}}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"Violation does not exist","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Take an action on Violations > Perform an action on a list of violations. If an action can't be performed on a violation, that violation is ignored. Depending on the action, it could be processed immediately or queued. ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"Action":{"type":"string","enum":["ACKNOWLEDGE","REDACT","QUARANTINE","ALLOW_QUARANTINE","REJECT_QUARANTINE","REMOVE_INTERNAL_USERS","REMOVE_EXTERNAL_USERS","DOMAIN_WIDE_LINK","RESTRICTED_LINK","DELETE","IGNORE","NOTIFY_SLACK","NOTIFY_EMAIL","UNACKNOWLEDGE","DISABLE_DOWNLOAD","CREATE_JIRA_ISSUE","MARK_AS_PRIVATE","DELETE_ATTACHMENT","MANUAL_UNDO","RESOLVE","NOTIFY_TEAMS","NOTIFY_GITHUB","SOFT_DELETE","HARD_DELETE","RESTRICT_TO_OWNER"]},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/violations/actions":{"post":{"summary":"Take an action on Violations","description":"Perform an action on a list of violations. If an action can't be performed on a violation, that violation is ignored. Depending on the action, it could be processed immediately or queued.","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"violationUUIDs":{"type":"array","items":{"type":"string","format":"uuid"},"description":"The UUIDs of the violations to perform the action on"},"action":{"$ref":"#/components/schemas/Action","description":"The action to perform on the violations"}},"required":["violationUUIDs","action"]}}}},"responses":{"200":{"description":"Successful response (processed immediately)","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"submitted":{"type":"array","items":{"type":"string","format":"uuid"},"description":"violation UUIDs that were processed"}}}}}},"202":{"description":"Accepted response (queued for processing)","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"submitted":{"type":"array","items":{"type":"string","format":"uuid"},"description":"violation UUIDs that were queued for processing"}}}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Fetch annotation > Fetch an annotation by ID ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"Annotation":{"type":"object","properties":{"id":{"type":"string","format":"uuid","description":"The annotation id"},"type":{"$ref":"#/components/schemas/AnnotationType","description":"The annotation type"},"comment":{"type":"string","description":"The annotation comment"},"autoApply":{"type":"boolean","description":"Whether the annotation applies to all findings of this sensitive data"}}},"AnnotationType":{"type":"string","enum":["DETECTOR_FALSE_POSITIVE","COMPANY_IGNORED_FALSE_POSITIVE","DETECTOR_TRUE_POSITIVE"]},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/annotations/{annotationId}":{"get":{"summary":"Fetch annotation","description":"Fetch an annotation by ID","parameters":[{"name":"annotationId","in":"path","description":"The UUID of the annotation to fetch","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Successful response","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Annotation"}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"Annotation does not exist","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Annotate finding > Annotate a finding ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"AnnotationType":{"type":"string","enum":["DETECTOR_FALSE_POSITIVE","COMPANY_IGNORED_FALSE_POSITIVE","DETECTOR_TRUE_POSITIVE"]},"Annotation":{"type":"object","properties":{"id":{"type":"string","format":"uuid","description":"The annotation id"},"type":{"$ref":"#/components/schemas/AnnotationType","description":"The annotation type"},"comment":{"type":"string","description":"The annotation comment"},"autoApply":{"type":"boolean","description":"Whether the annotation applies to all findings of this sensitive data"}}},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/findings/{findingId}/annotate":{"post":{"summary":"Annotate finding","description":"Annotate a finding","parameters":[{"name":"findingId","in":"path","description":"The UUID of the finding to annotate","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"type":{"$ref":"#/components/schemas/AnnotationType","description":"The annotation type"},"comment":{"type":"string","description":"The comment to add to the annotation"},"autoApply":{"type":"boolean","default":true,"description":"Whether the annotation applies to all findings of this sensitive data (defaults to true)"}},"required":["type"]}}}},"responses":{"200":{"description":"Successful response","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Annotation"}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"409":{"description":"Finding already annotated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Remove finding annotation > Remove the annotation for a finding ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/findings/{findingId}/unannotate":{"post":{"summary":"Remove finding annotation","description":"Remove the annotation for a finding","parameters":[{"name":"findingId","in":"path","description":"The UUID of the finding to unannotate","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Successful response (even if annotation does not exist)","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ``` ## Fetch violation activity feed > Fetch the activity feed for a specific violation ```json {"openapi":"3.0.3","info":{"title":"Nightfall Workflow DLP API","version":"1.0.0"},"servers":[{"url":"https://api.nightfall.ai/dlp/v1"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"ActivityFeedLog":{"type":"object","properties":{"id":{"type":"string","format":"uuid","description":"Unique identifier for the activity log entry"},"message":{"type":"string","description":"Human-readable message describing the activity"},"timestamp":{"type":"integer","description":"Unix timestamp in seconds when the activity occurred"},"type":{"allOf":[{"$ref":"#/components/schemas/ActivityLogType"}],"description":"Type of activity"},"data":{"allOf":[{"$ref":"#/components/schemas/LogData"}],"description":"Optional structured data for the activity log"}}},"ActivityLogType":{"type":"string","enum":["CREATION","ANALYST_ACTION","STATUS_CHANGE","ANALYST_COMMENT","ANALYST_ANNOTATION","DATA_EXPOSURE","END_USER_VIOLATION_ANNOTATION","AUTOMATED_ACTION","DELAYED_REMEDIATION","END_USER_ACTION","ANALYST_USER_INFO_ANNOTATION","RISK_SCORE_UPDATE","ANALYST_ACTION_FAILED","AUTOMATED_ACTION_FAILED","POLICIES_UPDATE","DELAYED_REMEDIATION_UPDATE","AUTOMATED_ACTION_SKIPPED"]},"LogData":{"oneOf":[{"$ref":"#/components/schemas/AnalystActionLog"},{"$ref":"#/components/schemas/StatusChangeLog"},{"$ref":"#/components/schemas/AnalystCommentLog"},{"$ref":"#/components/schemas/AnalystAnnotationLog"},{"$ref":"#/components/schemas/DataExposureLog"},{"$ref":"#/components/schemas/EndUserViolationAnnotationLog"},{"$ref":"#/components/schemas/AutomatedActionLog"},{"$ref":"#/components/schemas/DelayedRemediationLog"},{"$ref":"#/components/schemas/EndUserActionLog"},{"$ref":"#/components/schemas/AnalystUserInfoAnnotationLog"},{"$ref":"#/components/schemas/RiskScoreUpdateLog"},{"$ref":"#/components/schemas/AnalystActionFailedLogData"},{"$ref":"#/components/schemas/AutomatedActionFailedLogData"},{"$ref":"#/components/schemas/PoliciesUpdateLogData"},{"$ref":"#/components/schemas/DelayedRemediationUpdateLogData"},{"$ref":"#/components/schemas/AutomatedActionSkippedLog"}]},"AnalystActionLog":{"type":"object","description":"Log entry for an action taken by an analyst.","properties":{"action":{"allOf":[{"$ref":"#/components/schemas/DisplayAction"}],"description":"The action taken by the analyst"},"userUUID":{"type":"string","format":"uuid","description":"UUID of the user who took the action"},"userName":{"type":"string","description":"Name of the user who took the action"},"userEmail":{"type":"string","description":"Email of the user who took the action"},"receiverEmail":{"type":"string","description":"Email of the receiver (if applicable)"},"actionLogData":{"allOf":[{"$ref":"#/components/schemas/ActionLogData"}],"description":"Additional data related to the action log"}}},"DisplayAction":{"type":"string","enum":["ACKNOWLEDGE","NOTIFY","REDACT","QUARANTINE","ALLOW_QUARANTINE","REJECT_QUARANTINE","REMOVE_INTERNAL_USERS","REMOVE_EXTERNAL_USERS","DOMAIN_WIDE_LINK","RESTRICTED_LINK","DELETE","IGNORE","NOTIFY_SLACK","NOTIFY_EMAIL","UNACKNOWLEDGE","DISABLE_DOWNLOAD","ENCRYPT","BLOCK","CREATE_JIRA_ISSUE","MARK_AS_PRIVATE","DELETE_ATTACHMENT","RELEASE","UNDO","BULK_ANNOTATE_FALSE_POSITIVE","BULK_ANNOTATE_BUSINESS_JUSTIFICATION","RESOLVE","MANUAL_UNDO","NOTIFY_TEAMS","NOTIFY_GITHUB","SUSPEND_ACCOUNT","RELEASE_EMAIL","QUARANTINE_EMAIL","HARD_DELETE","SOFT_DELETE","RESTRICT_TO_OWNER","APPLY_LABELS","DISABLE_FORWARDING","SET_EXPIRATION","PERSISTENT_PROTECTION","FREEZE_USER","RESTRICT_DOWNLOAD_PROFILE","UNFREEZE_USER","REVOKE_ACCESS","ANNOTATE_VIOLATION_FALSE_POSITIVE_AND_RESOLVE","DELETE_FILE","BLOCK_UPLOAD","RISK_ANNOTATION"]},"ActionLogData":{"type":"object","description":"Additional data related to the action log","properties":{"applyLabelsActionLogData":{"$ref":"#/components/schemas/ApplyLabelsActionLogData"},"setExpirationActionLogData":{"$ref":"#/components/schemas/SetExpirationActionLogData"},"revokeAccessActionLogData":{"$ref":"#/components/schemas/RevokeAccessActionLogData"},"notifyEmailActionLogData":{"$ref":"#/components/schemas/NotifyEmailActionLogData"},"genericActionLogData":{"$ref":"#/components/schemas/GenericActionLogData"},"blockActionActionLogData":{"$ref":"#/components/schemas/BlockActionActionLogData"}}},"ApplyLabelsActionLogData":{"type":"object","properties":{"activityType":{"description":"The type of label activity performed","allOf":[{"$ref":"#/components/schemas/LabelingActivityType"}]},"labels":{"type":"array","items":{"type":"string"},"description":"List of labels applied"},"labelUpdatesOnResource":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of resource to label updates"},"failureReason":{"type":"string","description":"Reason for failure, if any"}}},"LabelingActivityType":{"type":"string","enum":["LABELS_SUCCESSFULLY_APPLIED","LABELS_FAILED_TO_APPLY","LABELS_UPDATED_ON_RESOURCE"]},"SetExpirationActionLogData":{"type":"object","properties":{"expirationTime":{"type":"integer","description":"Expiration time as a Unix timestamp (seconds)"}}},"RevokeAccessActionLogData":{"type":"object","properties":{"revokedEmails":{"type":"array","items":{"type":"string"},"description":"List of emails whose access was revoked"},"unRevokedEmails":{"type":"array","items":{"type":"string"},"description":"List of emails whose access was restored"}}},"NotifyEmailActionLogData":{"type":"object","properties":{"receiverEmail":{"type":"string","description":"Email of the receiver of the notification"}}},"GenericActionLogData":{"type":"object","properties":{"additionalContext":{"type":"string","description":"Additional context about the action taken"}}},"BlockActionActionLogData":{"type":"object","description":"Additional data related to a block action","properties":{"isBlocked":{"type":"boolean","description":"Whether the action was a hard block"},"blockReason":{"type":"string","description":"Reason the block was applied (set when isBlocked is true)"},"skippedReason":{"type":"string","description":"Reason the block was skipped (set when isBlocked is false)"}}},"StatusChangeLog":{"type":"object","description":"Log entry for a change in status of a violation or finding.","properties":{"newStatus":{"allOf":[{"$ref":"#/components/schemas/ViolationStatus"}],"description":"The new status after the change"}}},"ViolationStatus":{"type":"string","enum":["ACTIVE","PENDING","QUARANTINED","ACTIONED","ARCHIVED","REPORTED","IGNORED","PENDING_ACTION","REVIEWING","SCHEDULED_REMEDIATION","ACTION_FAILED"]},"AnalystCommentLog":{"type":"object","description":"Log entry for a comment made by an analyst.","properties":{"userUUID":{"type":"string","format":"uuid","description":"UUID of the user who made the comment (if the comment is made by non system user)"},"userName":{"type":"string","description":"System user if comment added by system"}}},"AnalystAnnotationLog":{"type":"object","description":"Log entry for an annotation made by an analyst.","properties":{"userUUID":{"type":"string","format":"uuid","description":"UUID of the user who made the annotation (if the annotation is made by non system user)"},"userName":{"type":"string","description":"System user if comment added by system"},"annotationType":{"description":"The type of annotation","allOf":[{"$ref":"#/components/schemas/AnnotationType"}]},"detectorUUID":{"type":"string","description":"Detector UUID associated with the annotation"},"findingCount":{"type":"integer","description":"Number of findings affected"},"autoApplied":{"type":"boolean","description":"Whether the annotation was auto-applied"},"logType":{"description":"The log type","allOf":[{"$ref":"#/components/schemas/AnalystAnnotationLogType"}]},"redactedQuote":{"type":"string","description":"Redacted sensitive data"}}},"AnnotationType":{"type":"string","enum":["DETECTOR_FALSE_POSITIVE","COMPANY_IGNORED_FALSE_POSITIVE","DETECTOR_TRUE_POSITIVE"]},"AnalystAnnotationLogType":{"type":"string","enum":["ANNOTATION_ADDED","ANNOTATION_UPDATED","ANNOTATION_REMOVED"]},"DataExposureLog":{"type":"object","description":"Log entry for a data exposure event.","properties":{"userName":{"type":"string","description":"Name of the user who triggered the data exposure event"},"userEmail":{"type":"string","description":"Email of the user who triggered the data exposure event"},"detectorUUID":{"type":"string","description":"Detector UUID associated with the data exposure event"},"findingCount":{"type":"integer","description":"Number of findings affected by the data exposure event"},"redactedQuote":{"type":"string","description":"Redacted sensitive data involved in the exposure"},"dataExposureType":{"description":"The type of data exposure","allOf":[{"$ref":"#/components/schemas/DataExposureType"}]}}},"DataExposureType":{"type":"string","enum":["FINDINGS_ADDED","FINDINGS_REMOVED"]},"EndUserViolationAnnotationLog":{"type":"object","description":"Log entry for an annotation made by an end user on a violation.","properties":{"annotationType":{"description":"The type of annotation","allOf":[{"$ref":"#/components/schemas/AnnotationType"}]},"userName":{"type":"string","description":"Name of the end user who made the annotation"},"userEmail":{"type":"string","description":"Email of the end user who made the annotation"}}},"AutomatedActionLog":{"type":"object","description":"Log entry for an automated action taken by the system.","properties":{"action":{"allOf":[{"$ref":"#/components/schemas/DisplayAction"}],"description":"The automated action performed"},"policyUUIDs":{"type":"array","items":{"type":"string"},"description":"List of policy UUIDs associated with the automated action"},"receiverEmail":{"type":"string","description":"Email address of the receiver of the automated action"},"actionLogData":{"$ref":"#/components/schemas/ActionLogData"}}},"DelayedRemediationLog":{"type":"object","description":"Log entry for a delayed remediation event.","properties":{"action":{"allOf":[{"$ref":"#/components/schemas/DisplayAction"}],"description":"The delayed remediation action performed"},"policyUUIDs":{"type":"array","items":{"type":"string"},"description":"List of policy UUIDs associated with the delayed remediation action"},"expectedRemediationTime":{"type":"integer","description":"Expected remediation time in seconds"}}},"EndUserActionLog":{"type":"object","description":"Log entry for an action taken by an end user.","properties":{"action":{"allOf":[{"$ref":"#/components/schemas/DisplayAction"}],"description":"The action taken by the end user"},"userName":{"type":"string","description":"Name of the end user who took the action"},"userEmail":{"type":"string","description":"Email of the end user who took the action"},"actionLogData":{"$ref":"#/components/schemas/ActionLogData"}}},"AnalystUserInfoAnnotationLog":{"type":"object","description":"Log entry for an annotation of user info by an analyst.","properties":{"userUUID":{"type":"string","format":"uuid","description":"UUID of the user who made the annotation (if the annotation is made by non system user)"},"userName":{"type":"string","description":"System user if comment added by system"}}},"RiskScoreUpdateLog":{"type":"object","description":"Log entry for an update to the risk score label.","properties":{"prevLabel":{"description":"The previous risk score label before the update","allOf":[{"$ref":"#/components/schemas/ViolationRisk"}]},"newLabel":{"description":"The new risk score label after the update","allOf":[{"$ref":"#/components/schemas/ViolationRisk"}]},"cause":{"description":"The cause or reason for the risk score label update","allOf":[{"$ref":"#/components/schemas/RiskScoreUpdateCause"}]}}},"ViolationRisk":{"type":"string","enum":["UNSPECIFIED","LOW","MEDIUM","HIGH","CRITICAL","NO_RISK"]},"RiskScoreUpdateCause":{"type":"string","enum":["FINDINGS_DEDUPED","FINDINGS_ANNOTATION","USER_OVERRIDE","UNSPECIFIED"]},"AnalystActionFailedLogData":{"type":"object","properties":{"action":{"type":"string","description":"The action that failed"},"userUUID":{"type":"string","format":"uuid","description":"UUID of the user who attempted the action"},"userName":{"type":"string","description":"Name of the user who attempted the action"},"userEmail":{"type":"string","description":"Email of the user who attempted the action"},"failureReason":{"type":"string","description":"Reason for the failure"}}},"AutomatedActionFailedLogData":{"type":"object","properties":{"action":{"type":"string","description":"The automated action that failed"},"policyUUIDs":{"type":"array","items":{"type":"string","format":"uuid"},"description":"List of policy UUIDs associated with the action"},"failureReason":{"type":"string","description":"Reason for the failure"}}},"PoliciesUpdateLogData":{"type":"object","description":"Log entry for policy changes","properties":{"addedPolicyUUIDs":{"type":"array","items":{"type":"string","format":"uuid"},"description":"List of policy UUIDs that were added on a violation update"},"removedPolicyUUIDs":{"type":"array","items":{"type":"string","format":"uuid"},"description":"List of policy UUIDs that were removed on a violation update"}}},"DelayedRemediationUpdateLogData":{"type":"object","description":"Log entry for a delayed remediation action update event.","properties":{"action":{"allOf":[{"$ref":"#/components/schemas/DisplayAction"}],"description":"The delayed remediation action that was updated"},"policyUUIDs":{"type":"array","items":{"type":"string","format":"uuid"},"description":"List of policy UUIDs associated with the delayed remediation action, empty implies remediation was canceled"},"removedPolicyUUIDs":{"type":"array","items":{"type":"string","format":"uuid"},"description":"List of policy UUIDs that were removed from the delayed remediation action"},"expectedRemediationTime":{"type":"integer","description":"Expected remediation time in seconds"}}},"AutomatedActionSkippedLog":{"type":"object","description":"Log entry for an automated action that was skipped by the system.","properties":{"action":{"allOf":[{"$ref":"#/components/schemas/DisplayAction"}],"description":"The automated action that was skipped"},"policyUUIDs":{"type":"array","items":{"type":"string"},"description":"List of policy UUIDs associated with the skipped action"},"actionLogData":{"$ref":"#/components/schemas/ActionLogData"}}},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"A status code to uniquely describe this error."},"message":{"type":"string","description":"A message associated with the status code."},"description":{"type":"string","description":"Additional details to explain what may have occurred. Omitted if empty."}}}}},"paths":{"/violations/{violationId}/activity":{"get":{"summary":"Fetch violation activity feed","description":"Fetch the activity feed for a specific violation","parameters":[{"name":"violationId","in":"path","description":"The UUID of the violation","required":true,"schema":{"type":"string","format":"uuid"}},{"name":"limit","in":"query","description":"Number of activity items to fetch in one page","schema":{"type":"integer","format":"int32","maximum":100,"default":50}},{"name":"createdAfter","in":"query","description":"Unix timestamp in seconds, filters activity created > the value","schema":{"type":"integer"}},{"name":"createdBefore","in":"query","description":"Unix timestamp in seconds, filters activity created < the value","schema":{"type":"integer"}},{"name":"descending","in":"query","description":"Whether to sort results in descending order (default false)","schema":{"type":"boolean","default":false}},{"name":"pageToken","in":"query","description":"Cursor for getting the next page of results","schema":{"type":"string"}}],"responses":{"200":{"description":"Successful response","headers":{"X-Rate-Limit-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next second before being throttled"}},"X-Quota-Remaining":{"schema":{"type":"integer","description":"How many remaining requests you can make within the next quota period"}},"X-Quota-Period-End":{"schema":{"type":"string","format":"date-time","description":"When the current quota period expires"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"activities":{"type":"array","items":{"$ref":"#/components/schemas/ActivityFeedLog"}},"nextPageToken":{"type":"string","description":"Next page cursor, omitted if end of results reached"}}}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Authentication failure","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"Violation does not exist","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Rate Limit Exceeded or Daily Quota Exceeded","headers":{"Retry-After":{"schema":{"type":"integer","description":"Seconds after which to retry the request"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Nightfall Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}} ```