> For clean Markdown content of this page, append .md to this URL. For the complete documentation index, see https://learning.postman.com/llms.txt. For full content including API reference and SDK examples, see https://learning.postman.com/llms-full.txt.

# Update detected secret resolution status

PUT https://api.getpostman.com/detected-secrets/{secretId}
Content-Type: application/json

Updates the resolution status of a secret detected in a workspace.

Reference: https://learning.postman.com/api-docs/api-reference/secret-scanner/update-detected-secret-resolutions

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: Postman API
  version: 1.0.0
paths:
  /detected-secrets/{secretId}:
    put:
      operationId: updateDetectedSecretResolutions
      summary: Update detected secret resolution status
      description: Updates the resolution status of a secret detected in a workspace.
      tags:
        - secretScanner
      parameters:
        - name: secretId
          in: path
          description: The secret's ID.
          required: true
          schema:
            $ref: '#/components/schemas/secretId'
        - name: x-api-key
          in: header
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/updateSecretResolutions'
        '400':
          description: Invalid Resolution Type
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/UpdateDetectedSecretResolutionsRequestForbiddenError
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/updateSecretResolutionsRequest'
servers:
  - url: https://api.getpostman.com
    description: https://api.getpostman.com
  - url: https://api.eu.postman.com
    description: https://api.eu.postman.com
components:
  schemas:
    secretId:
      type: string
      title: secretId
    UpdateSecretResolutionsRequestResolution:
      type: string
      enum:
        - FALSE_POSITIVE
        - REVOKED
        - ACCEPTED_RISK
      description: >
        The secret's updated resolution status:

        - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

        - `REVOKED` — The secret is valid, but the user rotated their key to
        resolve the issue.

        - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
        accepts the risk of publishing it.
      title: UpdateSecretResolutionsRequestResolution
    updateSecretResolutionsRequest:
      type: object
      properties:
        resolution:
          $ref: '#/components/schemas/UpdateSecretResolutionsRequestResolution'
          description: >
            The secret's updated resolution status:

            - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

            - `REVOKED` — The secret is valid, but the user rotated their key to
            resolve the issue.

            - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
            accepts the risk of publishing it.
        workspaceId:
          type: string
          description: The ID of the workspace that contains the secret.
      required:
        - resolution
        - workspaceId
      title: updateSecretResolutionsRequest
    UpdateSecretResolutionsResolution:
      type: string
      enum:
        - FALSE_POSITIVE
        - ACCEPTED_RISK
        - REVOKED
        - ACTIVE
      description: >
        The secret's current resolution status:

        - `ACTIVE` — The secret is active.

        - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

        - `REVOKED` — The secret is valid, but the user rotated their key to
        resolve the issue.

        - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
        accepts the risk of publishing it.
      title: UpdateSecretResolutionsResolution
    UpdateSecretResolutionsHistoryItemsResolution:
      type: string
      enum:
        - FALSE_POSITIVE
        - ACCEPTED_RISK
        - REVOKED
        - ACTIVE
      description: >
        The secret's updated resolution status:

        - `ACTIVE` — The secret is active.

        - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

        - `REVOKED` — The secret is valid, but the user rotated their key to
        resolve the issue.

        - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
        accepts the risk of publishing it.
      title: UpdateSecretResolutionsHistoryItemsResolution
    UpdateSecretResolutionsHistoryItems:
      type: object
      properties:
        actor:
          type: number
          format: double
          description: The ID of the user that updated the secret's resolution status.
        createdAt:
          type: string
          format: date-time
          description: The date and time at which the resolution status was updated.
        resolution:
          $ref: '#/components/schemas/UpdateSecretResolutionsHistoryItemsResolution'
          description: >
            The secret's updated resolution status:

            - `ACTIVE` — The secret is active.

            - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

            - `REVOKED` — The secret is valid, but the user rotated their key to
            resolve the issue.

            - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
            accepts the risk of publishing it.
      title: UpdateSecretResolutionsHistoryItems
    updateSecretResolutions:
      type: object
      properties:
        secretHash:
          type: string
          description: The SHA-256 hash of the detected secret.
        workspaceId:
          type: string
          description: The ID of the workspace that contains the secret.
        resolution:
          $ref: '#/components/schemas/UpdateSecretResolutionsResolution'
          description: >
            The secret's current resolution status:

            - `ACTIVE` — The secret is active.

            - `FALSE_POSITIVE` — The discovered secret is not an actual secret.

            - `REVOKED` — The secret is valid, but the user rotated their key to
            resolve the issue.

            - `ACCEPTED_RISK` — The Secret Scanner found the secret, but user
            accepts the risk of publishing it.
        history:
          type: array
          items:
            $ref: '#/components/schemas/UpdateSecretResolutionsHistoryItems'
          description: The history of the secret's resolution status changes.
      title: updateSecretResolutions
    commonErrorTypeTitleStatusInstance:
      type: object
      properties:
        type:
          type: string
          description: The type of error.
        title:
          type: string
          description: A short summary of the problem.
        status:
          type: integer
          description: The HTTP status code generated by the origin server.
        instance:
          type: string
          description: >-
            The URI reference that identifies the specific occurrence of the
            problem.
      title: commonErrorTypeTitleStatusInstance
    CommonErrorTypeTitleDetailStatusType:
      oneOf:
        - type: string
          format: uri-reference
        - type: string
      title: CommonErrorTypeTitleDetailStatusType
    commonErrorTypeTitleDetailStatus:
      type: object
      properties:
        type:
          $ref: '#/components/schemas/CommonErrorTypeTitleDetailStatusType'
        title:
          type: string
          description: A short summary of the problem.
        detail:
          type: string
          description: Information about the error.
        status:
          type: integer
          description: The error's HTTP status code.
      title: commonErrorTypeTitleDetailStatus
    UpdateDetectedSecretResolutionsRequestForbiddenError:
      oneOf:
        - $ref: '#/components/schemas/commonErrorTypeTitleDetailStatus'
        - $ref: '#/components/schemas/commonErrorTypeTitleStatusInstance'
      title: UpdateDetectedSecretResolutionsRequestForbiddenError
  securitySchemes:
    PostmanApiKey:
      type: apiKey
      in: header
      name: x-api-key
    scimApiKey:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        A valid [SCIM API
        key](https://learning.postman.com/docs/administration/scim-provisioning/scim-provisioning-overview/#generating-scim-api-key)
        for calls to SCIM endpoints.
    basicAuth:
      type: http
      scheme: basic

```

## Examples

### Successful Response



**Request**

```json
undefined
```

**Response**

```json
{
  "secretHash": "50dbd2...",
  "workspaceId": "1f0df51a-8658-4ee8-a2a1-d2567dfa09a9",
  "resolution": "ACCEPTED_RISK",
  "history": [
    {
      "actor": 12345678,
      "createdAt": "2024-09-18T18:46:26.000Z",
      "resolution": "FALSE_POSITIVE"
    },
    {
      "actor": 12345678,
      "createdAt": "2024-09-18T18:43:11.000Z",
      "resolution": "ACCEPTED_RISK"
    }
  ]
}
```

**SDK Code**

```python Successful Response
import requests

url = "https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D"

headers = {
    "x-api-key": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.put(url, headers=headers)

print(response.json())
```

```javascript Successful Response
const url = 'https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D';
const options = {
  method: 'PUT',
  headers: {'x-api-key': '<apiKey>', 'Content-Type': 'application/json'},
  body: undefined
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Successful Response
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D"

	req, _ := http.NewRequest("PUT", url, nil)

	req.Header.Add("x-api-key", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Successful Response
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["x-api-key"] = '<apiKey>'
request["Content-Type"] = 'application/json'

response = http.request(request)
puts response.read_body
```

```java Successful Response
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.put("https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D")
  .header("x-api-key", "<apiKey>")
  .header("Content-Type", "application/json")
  .asString();
```

```php Successful Response
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('PUT', 'https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D', [
  'headers' => [
    'Content-Type' => 'application/json',
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Successful Response
using RestSharp;

var client = new RestClient("https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D");
var request = new RestRequest(Method.PUT);
request.AddHeader("x-api-key", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
IRestResponse response = client.Execute(request);
```

```swift Successful Response
import Foundation

let headers = [
  "x-api-key": "<apiKey>",
  "Content-Type": "application/json"
]

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PUT"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```

### Update Secret Resolutions



**Request**

```json
{
  "resolution": "ACCEPTED_RISK",
  "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999"
}
```

**Response**

```json
{
  "secretHash": "50dbd2...",
  "workspaceId": "1f0df51a-8658-4ee8-a2a1-d2567dfa09a9",
  "resolution": "ACCEPTED_RISK",
  "history": [
    {
      "actor": 12345678,
      "createdAt": "2024-09-18T18:46:26.000Z",
      "resolution": "FALSE_POSITIVE"
    },
    {
      "actor": 12345678,
      "createdAt": "2024-09-18T18:43:11.000Z",
      "resolution": "ACCEPTED_RISK"
    }
  ]
}
```

**SDK Code**

```python Update Secret Resolutions
import requests

url = "https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D"

payload = {
    "resolution": "ACCEPTED_RISK",
    "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999"
}
headers = {
    "x-api-key": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.put(url, json=payload, headers=headers)

print(response.json())
```

```javascript Update Secret Resolutions
const url = 'https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D';
const options = {
  method: 'PUT',
  headers: {'x-api-key': '<apiKey>', 'Content-Type': 'application/json'},
  body: '{"resolution":"ACCEPTED_RISK","workspaceId":"e361eeb4-00dd-4225-9774-6146a2555999"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Update Secret Resolutions
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D"

	payload := strings.NewReader("{\n  \"resolution\": \"ACCEPTED_RISK\",\n  \"workspaceId\": \"e361eeb4-00dd-4225-9774-6146a2555999\"\n}")

	req, _ := http.NewRequest("PUT", url, payload)

	req.Header.Add("x-api-key", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Update Secret Resolutions
require 'uri'
require 'net/http'

url = URI("https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["x-api-key"] = '<apiKey>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"resolution\": \"ACCEPTED_RISK\",\n  \"workspaceId\": \"e361eeb4-00dd-4225-9774-6146a2555999\"\n}"

response = http.request(request)
puts response.read_body
```

```java Update Secret Resolutions
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.put("https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D")
  .header("x-api-key", "<apiKey>")
  .header("Content-Type", "application/json")
  .body("{\n  \"resolution\": \"ACCEPTED_RISK\",\n  \"workspaceId\": \"e361eeb4-00dd-4225-9774-6146a2555999\"\n}")
  .asString();
```

```php Update Secret Resolutions
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('PUT', 'https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D', [
  'body' => '{
  "resolution": "ACCEPTED_RISK",
  "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999"
}',
  'headers' => [
    'Content-Type' => 'application/json',
    'x-api-key' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Update Secret Resolutions
using RestSharp;

var client = new RestClient("https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D");
var request = new RestRequest(Method.PUT);
request.AddHeader("x-api-key", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"resolution\": \"ACCEPTED_RISK\",\n  \"workspaceId\": \"e361eeb4-00dd-4225-9774-6146a2555999\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift Update Secret Resolutions
import Foundation

let headers = [
  "x-api-key": "<apiKey>",
  "Content-Type": "application/json"
]
let parameters = [
  "resolution": "ACCEPTED_RISK",
  "workspaceId": "e361eeb4-00dd-4225-9774-6146a2555999"
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.getpostman.com/detected-secrets/MTc0ODA0Mw%3D%3D")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PUT"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```