> For clean Markdown content of this page, append .md to this URL. For the complete documentation index, see https://learning.postman.com/llms.txt. For full content including API reference and SDK examples, see https://learning.postman.com/llms-full.txt.

# Search detected secrets

POST https://api.getpostman.com/detected-secrets-queries
Content-Type: application/json

Returns all secrets detected by Postman's [Secret Scanner](https://learning.postman.com/docs/administration/secret-scanner/), grouped by workspace or resource. If you pass an empty request body, this endpoint returns all results.

Reference: https://learning.postman.com/api-docs/api-reference/secret-scanner/detected-secrets-queries

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: Postman API
  version: 1.0.0
paths:
  /detected-secrets-queries:
    post:
      operationId: detectedSecretsQueries
      summary: Search detected secrets
      description: >-
        Returns all secrets detected by Postman's [Secret
        Scanner](https://learning.postman.com/docs/administration/secret-scanner/),
        grouped by workspace or resource. If you pass an empty request body,
        this endpoint returns all results.
      tags:
        - secretScanner
      parameters:
        - name: limit
          in: query
          description: The maximum number of rows to return in the response.
          required: false
          schema:
            $ref: '#/components/schemas/limit'
            default: 10
        - name: cursor
          in: query
          description: >-
            The pointer to the first record of the set of paginated results. To
            view the next response, use the `nextCursor` value for this
            parameter.
          required: false
          schema:
            $ref: '#/components/schemas/cursor'
        - name: include
          in: query
          description: >
            The additional fields to be included as a part of the request:

            - `meta.total` — Include the total records found in the `meta`
            response object.
          required: false
          schema:
            $ref: '#/components/schemas/include'
        - name: since
          in: query
          description: >-
            Return only results created since the given time, in [ISO
            8601](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6)
            format. This value cannot be later than the `until` value. To use
            `time-numoffset` format, you must use `%2B` URL-encoding for the `+`
            character.
          required: false
          schema:
            $ref: '#/components/schemas/sinceDateTime'
        - name: until
          in: query
          description: >-
            Return only results created until this given time, in [ISO
            8601](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6)
            format. This value cannot be earlier than the `since` value. To use
            `time-numoffset` format, you must use `%2B` URL-encoding for the `+`
            character.
          required: false
          schema:
            $ref: '#/components/schemas/untilDateTime'
        - name: x-api-key
          in: header
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/detectedSecretsQueries'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/DetectedSecretsQueriesRequestBadRequestError
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/DetectedSecretsQueriesRequestForbiddenError
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/detectedSecretsQueriesRequest'
servers:
  - url: https://api.getpostman.com
    description: https://api.getpostman.com
  - url: https://api.eu.postman.com
    description: https://api.eu.postman.com
components:
  schemas:
    limit:
      type: integer
      default: 10
      title: limit
    cursor:
      type: string
      title: cursor
    include:
      type: string
      title: include
    sinceDateTime:
      type: string
      format: date-time
      title: sinceDateTime
    untilDateTime:
      type: string
      format: date-time
      title: untilDateTime
    DetectedSecretsQueriesRequestStatusesItems:
      type: string
      enum:
        - FALSE_POSITIVE
        - ACCEPTED_RISK
        - REVOKED
      description: >
        The secret resolution status type:

        - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

        - `REVOKED` — The secret is valid, but the user rotated their key to
        resolve the issue.

        - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
        accepts the risk of publishing it.
      title: DetectedSecretsQueriesRequestStatusesItems
    DetectedSecretsQueriesRequestResourcesItemsType:
      type: string
      enum:
        - collection
        - environment
        - extensible-collection
        - globals
        - example
        - request
        - folder
        - extensible-collection-meta
        - extensible-request
        - extensible-folder
        - extensible-example
        - extensible-message
      description: The type of resource.
      title: DetectedSecretsQueriesRequestResourcesItemsType
    DetectedSecretsQueriesRequestResourcesItems:
      type: object
      properties:
        type:
          $ref: '#/components/schemas/DetectedSecretsQueriesRequestResourcesItemsType'
          description: The type of resource.
        ids:
          type: array
          items:
            type: string
          description: A list of resource IDs.
      title: DetectedSecretsQueriesRequestResourcesItems
    DetectedSecretsQueriesRequestWorkspaceVisibilitiesItems:
      type: string
      enum:
        - team
        - public
      description: The type of visibility setting.
      title: DetectedSecretsQueriesRequestWorkspaceVisibilitiesItems
    detectedSecretsQueriesRequest:
      type: object
      properties:
        resolved:
          type: boolean
          description: If true, return secrets with a `resolved` status.
        secretTypes:
          type: array
          items:
            type: string
          description: >-
            A list of secrets types to query. For a list of valid IDs, use the
            GET `/secret-types` endpoint.
        statuses:
          type: array
          items:
            $ref: '#/components/schemas/DetectedSecretsQueriesRequestStatusesItems'
          description: A list of the types of resolution statuses to query.
        resources:
          type: array
          items:
            $ref: '#/components/schemas/DetectedSecretsQueriesRequestResourcesItems'
          description: >-
            A list of resources to query. If you use this query, you cannot also
            pass the `workspaceIds` query.
        workspaceIds:
          type: array
          items:
            type: string
          description: >-
            A list of workspaces IDs to query. If you use this query, you cannot
            also pass the `resources` query.
        workspaceVisibilities:
          type: array
          items:
            $ref: >-
              #/components/schemas/DetectedSecretsQueriesRequestWorkspaceVisibilitiesItems
          description: >-
            A list of workspace [visibility
            settings](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/managing-workspaces/#changing-workspace-visibility)
            to query. This currently supports the `team` and `public` settings.
      title: detectedSecretsQueriesRequest
    DetectedSecretsQueriesMeta:
      type: object
      properties:
        limit:
          type: number
          format: double
          description: The maximum number of records in the paginated response.
        nextCursor:
          type:
            - string
            - 'null'
          format: base64
          description: >-
            The pagination cursor that points to the next record in the results
            set.
        total:
          type: number
          format: double
          description: >-
            The number of records that match the defined criteria. This is only
            returned when the `include` query parameter is passed with the
            `meta.total` value.
      description: The response's meta information for paginated results.
      title: DetectedSecretsQueriesMeta
    DetectedSecretsQueriesDataItemsWorkspaceVisibility:
      type: string
      enum:
        - personal
        - private
        - team
        - public
      description: >-
        The workspace's [visibility
        setting](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/managing-workspaces/#changing-workspace-visibility).
      title: DetectedSecretsQueriesDataItemsWorkspaceVisibility
    DetectedSecretsQueriesDataItemsResolution:
      type: string
      enum:
        - FALSE_POSITIVE
        - ACCEPTED_RISK
        - REVOKED
        - ACTIVE
      description: >
        The secret's current status:

        - `ACTIVE` — The secret is active.

        - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

        - `REVOKED` — The secret is valid, but the user rotated their key to
        resolve the issue.

        - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
        accepts the risk of publishing it.
      title: DetectedSecretsQueriesDataItemsResolution
    DetectedSecretsQueriesDataItems:
      type: object
      properties:
        detectedAt:
          type: string
          format: date-time
          description: The date and time at which the secret was first detected.
        secretType:
          type: string
          description: The type of the secret.
        workspaceVisibility:
          $ref: >-
            #/components/schemas/DetectedSecretsQueriesDataItemsWorkspaceVisibility
          description: >-
            The workspace's [visibility
            setting](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/managing-workspaces/#changing-workspace-visibility).
        secretHash:
          type: string
          description: The SHA-256 hash of the detected secret.
        workspaceId:
          type: string
          description: The ID of the workspace that contains the secret.
        resourceType:
          type: string
          description: If querying by resource, the resource type.
        resourceId:
          type: string
          description: If querying by resource, the resource's ID.
        secretId:
          type: string
          description: The detected secret's ID.
        obfuscatedSecret:
          type: string
          description: The secret's obfuscated value.
        resolution:
          $ref: '#/components/schemas/DetectedSecretsQueriesDataItemsResolution'
          description: >
            The secret's current status:

            - `ACTIVE` — The secret is active.

            - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

            - `REVOKED` — The secret is valid, but the user rotated their key to
            resolve the issue.

            - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
            accepts the risk of publishing it.
        occurrences:
          type: number
          format: double
          description: The number of times the secret was found in the workspace.
      title: DetectedSecretsQueriesDataItems
    detectedSecretsQueries:
      type: object
      properties:
        meta:
          $ref: '#/components/schemas/DetectedSecretsQueriesMeta'
          description: The response's meta information for paginated results.
        data:
          type: array
          items:
            $ref: '#/components/schemas/DetectedSecretsQueriesDataItems'
      title: detectedSecretsQueries
    commonErrorTypeTitleStatusInstance:
      type: object
      properties:
        type:
          type: string
          description: The type of error.
        title:
          type: string
          description: A short summary of the problem.
        status:
          type: integer
          description: The HTTP status code generated by the origin server.
        instance:
          type: string
          description: >-
            The URI reference that identifies the specific occurrence of the
            problem.
      title: commonErrorTypeTitleStatusInstance
    commonErrorTypeTitleDetailStatusInstance:
      type: object
      properties:
        type:
          type: string
          format: uri-reference
          description: >-
            The [URI reference](https://www.rfc-editor.org/rfc/rfc3986) that
            identifies the type of problem.
        title:
          type: string
          description: A short summary of the problem.
        detail:
          type: string
          description: An explanation about the problem.
        status:
          type: integer
          description: The HTTP status code generated by the origin server.
        instance:
          type: string
          description: >-
            The URI reference that identifies the specific occurrence of the
            problem.
      title: commonErrorTypeTitleDetailStatusInstance
    DetectedSecretsQueriesRequestBadRequestError:
      oneOf:
        - $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatusInstance'
      title: DetectedSecretsQueriesRequestBadRequestError
    CommonErrorTypeTitleDetailStatusType:
      oneOf:
        - type: string
          format: uri-reference
        - type: string
      title: CommonErrorTypeTitleDetailStatusType
    commonErrorTypeTitleDetailStatus:
      type: object
      properties:
        type:
          $ref: '#/components/schemas/CommonErrorTypeTitleDetailStatusType'
        title:
          type: string
          description: A short summary of the problem.
        detail:
          type: string
          description: Information about the error.
        status:
          type: integer
          description: The error's HTTP status code.
      title: commonErrorTypeTitleDetailStatus
    DetectedSecretsQueriesRequestForbiddenError:
      oneOf:
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatus'
        - $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
      title: DetectedSecretsQueriesRequestForbiddenError
  securitySchemes:
    PostmanApiKey:
      type: apiKey
      in: header
      name: x-api-key
    scimApiKey:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        A valid [SCIM API
        key](https://learning.postman.com/docs/administration/scim-provisioning/scim-provisioning-overview/#generating-scim-api-key)
        for calls to SCIM endpoints.
    basicAuth:
      type: http
      scheme: basic

```

## Examples

### Successful Response



**Request**

```json
{
  "resolved": true,
  "secretTypes": [
    "1a7ec5d1-dcba-4ec7-8220-3c1ee490416b",
    "3b6ec9d2-dabc-5e67-1220-6coie490416b"
  ],
  "statuses": [
    "ACCEPTED_RISK",
    "REVOKED"
  ],
  "workspaceIds": [
    "0fe6c2f2-022d-48f7-8e7e-3244369445b0",
    "80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0"
  ],
  "workspaceVisibilities": [
    "team"
  ]
}
```

**Response**

```json
{
  "meta": {
    "limit": 2,
    "nextCursor": "MTA4"
  },
  "data": [
    {
      "detectedAt": "2023-05-19T02:45:31.000Z",
      "secretType": "Airtable API Key",
      "workspaceVisibility": "team",
      "secretHash": "07afd1f787f3555d441b04870dbe1025db8309fbeb31f25b3a20f2f1241478b3",
      "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999",
      "secretId": "OTI3OTYx",
      "obfuscatedSecret": "keyTF2WAH******",
      "resolution": "FALSE_POSITIVE",
      "occurrences": 3
    },
    {
      "detectedAt": "2023-03-23T19:38:49.000Z",
      "secretType": "Slack Access Token",
      "workspaceVisibility": "team",
      "secretHash": "08074c0954fd29d1ee82ab5af9b4ad16f56b0907eca72446e98dc97e10da80a3",
      "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999",
      "secretId": "NDcyMjA=",
      "obfuscatedSecret": "xoxp-25519******",
      "resolution": "ACCEPTED_RISK",
      "occurrences": 1
    }
  ]
}
```

**SDK Code**

```python Successful Response
import requests

url = "https://api.getpostman.com/detected-secrets-queries"

payload = {
    "resolved": True,
    "secretTypes": ["1a7ec5d1-dcba-4ec7-8220-3c1ee490416b", "3b6ec9d2-dabc-5e67-1220-6coie490416b"],
    "statuses": ["ACCEPTED_RISK", "REVOKED"],
    "workspaceIds": ["0fe6c2f2-022d-48f7-8e7e-3244369445b0", "80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0"],
    "workspaceVisibilities": ["team"]
}
headers = {
    "x-api-key": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript Successful Response
const url = 'https://api.getpostman.com/detected-secrets-queries';
const options = {
  method: 'POST',
  headers: {'x-api-key': '<apiKey>', 'Content-Type': 'application/json'},
  body: '{"resolved":true,"secretTypes":["1a7ec5d1-dcba-4ec7-8220-3c1ee490416b","3b6ec9d2-dabc-5e67-1220-6coie490416b"],"statuses":["ACCEPTED_RISK","REVOKED"],"workspaceIds":["0fe6c2f2-022d-48f7-8e7e-3244369445b0","80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0"],"workspaceVisibilities":["team"]}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Successful Response
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/detected-secrets-queries"

	payload := strings.NewReader("{\n  \"resolved\": true,\n  \"secretTypes\": [\n    \"1a7ec5d1-dcba-4ec7-8220-3c1ee490416b\",\n    \"3b6ec9d2-dabc-5e67-1220-6coie490416b\"\n  ],\n  \"statuses\": [\n    \"ACCEPTED_RISK\",\n    \"REVOKED\"\n  ],\n  \"workspaceIds\": [\n    \"0fe6c2f2-022d-48f7-8e7e-3244369445b0\",\n    \"80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0\"\n  ],\n  \"workspaceVisibilities\": [\n    \"team\"\n  ]\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("x-api-key", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Successful Response
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/detected-secrets-queries")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-api-key"] = '<apiKey>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"resolved\": true,\n  \"secretTypes\": [\n    \"1a7ec5d1-dcba-4ec7-8220-3c1ee490416b\",\n    \"3b6ec9d2-dabc-5e67-1220-6coie490416b\"\n  ],\n  \"statuses\": [\n    \"ACCEPTED_RISK\",\n    \"REVOKED\"\n  ],\n  \"workspaceIds\": [\n    \"0fe6c2f2-022d-48f7-8e7e-3244369445b0\",\n    \"80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0\"\n  ],\n  \"workspaceVisibilities\": [\n    \"team\"\n  ]\n}"

response = http.request(request)
puts response.read_body
```

```java Successful Response
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.getpostman.com/detected-secrets-queries")
  .header("x-api-key", "<apiKey>")
  .header("Content-Type", "application/json")
  .body("{\n  \"resolved\": true,\n  \"secretTypes\": [\n    \"1a7ec5d1-dcba-4ec7-8220-3c1ee490416b\",\n    \"3b6ec9d2-dabc-5e67-1220-6coie490416b\"\n  ],\n  \"statuses\": [\n    \"ACCEPTED_RISK\",\n    \"REVOKED\"\n  ],\n  \"workspaceIds\": [\n    \"0fe6c2f2-022d-48f7-8e7e-3244369445b0\",\n    \"80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0\"\n  ],\n  \"workspaceVisibilities\": [\n    \"team\"\n  ]\n}")
  .asString();
```

```php Successful Response
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.getpostman.com/detected-secrets-queries', [
  'body' => '{
  "resolved": true,
  "secretTypes": [
    "1a7ec5d1-dcba-4ec7-8220-3c1ee490416b",
    "3b6ec9d2-dabc-5e67-1220-6coie490416b"
  ],
  "statuses": [
    "ACCEPTED_RISK",
    "REVOKED"
  ],
  "workspaceIds": [
    "0fe6c2f2-022d-48f7-8e7e-3244369445b0",
    "80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0"
  ],
  "workspaceVisibilities": [
    "team"
  ]
}',
  'headers' => [
    'Content-Type' => 'application/json',
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Successful Response
using RestSharp;

var client = new RestClient("https://api.getpostman.com/detected-secrets-queries");
var request = new RestRequest(Method.POST);
request.AddHeader("x-api-key", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"resolved\": true,\n  \"secretTypes\": [\n    \"1a7ec5d1-dcba-4ec7-8220-3c1ee490416b\",\n    \"3b6ec9d2-dabc-5e67-1220-6coie490416b\"\n  ],\n  \"statuses\": [\n    \"ACCEPTED_RISK\",\n    \"REVOKED\"\n  ],\n  \"workspaceIds\": [\n    \"0fe6c2f2-022d-48f7-8e7e-3244369445b0\",\n    \"80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0\"\n  ],\n  \"workspaceVisibilities\": [\n    \"team\"\n  ]\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift Successful Response
import Foundation

let headers = [
  "x-api-key": "<apiKey>",
  "Content-Type": "application/json"
]
let parameters = [
  "resolved": true,
  "secretTypes": ["1a7ec5d1-dcba-4ec7-8220-3c1ee490416b", "3b6ec9d2-dabc-5e67-1220-6coie490416b"],
  "statuses": ["ACCEPTED_RISK", "REVOKED"],
  "workspaceIds": ["0fe6c2f2-022d-48f7-8e7e-3244369445b0", "80ab14ae-c17d-4fd6-88d5-99bf13f0b7f0"],
  "workspaceVisibilities": ["team"]
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/detected-secrets-queries")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```

### With include Query Parameter



**Request**

```json
undefined
```

**Response**

```json
{
  "meta": {
    "limit": 2,
    "nextCursor": "MTA4",
    "total": 10
  },
  "data": [
    {
      "detectedAt": "2023-05-19T02:45:31.000Z",
      "secretType": "Airtable API Key",
      "workspaceVisibility": "team",
      "secretHash": "07afd1f787f3555d441b04870dbe1025db8309fbeb31f25b3a20f2f1241478b3",
      "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999",
      "secretId": "OTI3OTYx",
      "obfuscatedSecret": "keyTF2WAH******",
      "resolution": "FALSE_POSITIVE",
      "occurrences": 3
    },
    {
      "detectedAt": "2023-03-23T19:38:49.000Z",
      "secretType": "Slack Access Token",
      "workspaceVisibility": "team",
      "secretHash": "08074c0954fd29d1ee82ab5af9b4ad16f56b0907eca72446e98dc97e10da80a3",
      "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999",
      "secretId": "NDcyMjA=",
      "obfuscatedSecret": "xoxp-25519******",
      "resolution": "ACCEPTED_RISK",
      "occurrences": 1
    }
  ]
}
```

**SDK Code**

```python With include Query Parameter
import requests

url = "https://api.getpostman.com/detected-secrets-queries"

headers = {
    "x-api-key": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, headers=headers)

print(response.json())
```

```javascript With include Query Parameter
const url = 'https://api.getpostman.com/detected-secrets-queries';
const options = {
  method: 'POST',
  headers: {'x-api-key': '<apiKey>', 'Content-Type': 'application/json'},
  body: undefined
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go With include Query Parameter
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/detected-secrets-queries"

	req, _ := http.NewRequest("POST", url, nil)

	req.Header.Add("x-api-key", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby With include Query Parameter
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/detected-secrets-queries")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-api-key"] = '<apiKey>'
request["Content-Type"] = 'application/json'

response = http.request(request)
puts response.read_body
```

```java With include Query Parameter
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.getpostman.com/detected-secrets-queries")
  .header("x-api-key", "<apiKey>")
  .header("Content-Type", "application/json")
  .asString();
```

```php With include Query Parameter
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.getpostman.com/detected-secrets-queries', [
  'headers' => [
    'Content-Type' => 'application/json',
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp With include Query Parameter
using RestSharp;

var client = new RestClient("https://api.getpostman.com/detected-secrets-queries");
var request = new RestRequest(Method.POST);
request.AddHeader("x-api-key", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
IRestResponse response = client.Execute(request);
```

```swift With include Query Parameter
import Foundation

let headers = [
  "x-api-key": "<apiKey>",
  "Content-Type": "application/json"
]

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/detected-secrets-queries")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```

### Filter by Resource Type



**Request**

```json
{
  "resolved": false,
  "secretTypes": [
    "3fd32ec0-c2ee-45f4-9701-878c90127f79"
  ],
  "resources": [
    {
      "type": "example",
      "ids": [
        "12345678-400005df-3cad-480c-a027-ea68aed35b60"
      ]
    }
  ]
}
```

**Response**

```json
{
  "meta": {
    "limit": 30,
    "nextCursor": null
  },
  "data": [
    {
      "detectedAt": "2023-03-23T19:30:58.000Z",
      "secretType": "Basic Auth",
      "workspaceVisibility": "team",
      "secretHash": "3b4db9cb32935e885468d80744a65194b7abdb18bb91ce6cbc2ad7852057d96e",
      "workspaceId": "01cb2666-9e05-47d3-9043-3b4743f42f1a",
      "resourceType": "example",
      "resourceId": "12345678-400005df-3cad-480c-a027-ea68aed35b60",
      "secretId": "MTAxOTQ0Mw==",
      "obfuscatedSecret": "Basic Q2******",
      "resolution": "ACTIVE",
      "occurrences": 3
    }
  ]
}
```

**SDK Code**

```python Filter by Resource Type
import requests

url = "https://api.getpostman.com/detected-secrets-queries"

payload = {
    "resolved": False,
    "secretTypes": ["3fd32ec0-c2ee-45f4-9701-878c90127f79"],
    "resources": [
        {
            "type": "example",
            "ids": ["12345678-400005df-3cad-480c-a027-ea68aed35b60"]
        }
    ]
}
headers = {
    "x-api-key": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript Filter by Resource Type
const url = 'https://api.getpostman.com/detected-secrets-queries';
const options = {
  method: 'POST',
  headers: {'x-api-key': '<apiKey>', 'Content-Type': 'application/json'},
  body: '{"resolved":false,"secretTypes":["3fd32ec0-c2ee-45f4-9701-878c90127f79"],"resources":[{"type":"example","ids":["12345678-400005df-3cad-480c-a027-ea68aed35b60"]}]}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Filter by Resource Type
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/detected-secrets-queries"

	payload := strings.NewReader("{\n  \"resolved\": false,\n  \"secretTypes\": [\n    \"3fd32ec0-c2ee-45f4-9701-878c90127f79\"\n  ],\n  \"resources\": [\n    {\n      \"type\": \"example\",\n      \"ids\": [\n        \"12345678-400005df-3cad-480c-a027-ea68aed35b60\"\n      ]\n    }\n  ]\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("x-api-key", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Filter by Resource Type
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/detected-secrets-queries")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-api-key"] = '<apiKey>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"resolved\": false,\n  \"secretTypes\": [\n    \"3fd32ec0-c2ee-45f4-9701-878c90127f79\"\n  ],\n  \"resources\": [\n    {\n      \"type\": \"example\",\n      \"ids\": [\n        \"12345678-400005df-3cad-480c-a027-ea68aed35b60\"\n      ]\n    }\n  ]\n}"

response = http.request(request)
puts response.read_body
```

```java Filter by Resource Type
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.getpostman.com/detected-secrets-queries")
  .header("x-api-key", "<apiKey>")
  .header("Content-Type", "application/json")
  .body("{\n  \"resolved\": false,\n  \"secretTypes\": [\n    \"3fd32ec0-c2ee-45f4-9701-878c90127f79\"\n  ],\n  \"resources\": [\n    {\n      \"type\": \"example\",\n      \"ids\": [\n        \"12345678-400005df-3cad-480c-a027-ea68aed35b60\"\n      ]\n    }\n  ]\n}")
  .asString();
```

```php Filter by Resource Type
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.getpostman.com/detected-secrets-queries', [
  'body' => '{
  "resolved": false,
  "secretTypes": [
    "3fd32ec0-c2ee-45f4-9701-878c90127f79"
  ],
  "resources": [
    {
      "type": "example",
      "ids": [
        "12345678-400005df-3cad-480c-a027-ea68aed35b60"
      ]
    }
  ]
}',
  'headers' => [
    'Content-Type' => 'application/json',
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Filter by Resource Type
using RestSharp;

var client = new RestClient("https://api.getpostman.com/detected-secrets-queries");
var request = new RestRequest(Method.POST);
request.AddHeader("x-api-key", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"resolved\": false,\n  \"secretTypes\": [\n    \"3fd32ec0-c2ee-45f4-9701-878c90127f79\"\n  ],\n  \"resources\": [\n    {\n      \"type\": \"example\",\n      \"ids\": [\n        \"12345678-400005df-3cad-480c-a027-ea68aed35b60\"\n      ]\n    }\n  ]\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift Filter by Resource Type
import Foundation

let headers = [
  "x-api-key": "<apiKey>",
  "Content-Type": "application/json"
]
let parameters = [
  "resolved": false,
  "secretTypes": ["3fd32ec0-c2ee-45f4-9701-878c90127f79"],
  "resources": [
    [
      "type": "example",
      "ids": ["12345678-400005df-3cad-480c-a027-ea68aed35b60"]
    ]
  ]
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/detected-secrets-queries")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```