> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ghostsecurity.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Update finding user status

> Update the user defined status of a security finding



## OpenAPI

````yaml https://api.ghostsecurity.ai/openapi.json patch /v2/findings/{id}
openapi: 3.1.0
info:
  contact:
    email: support@ghostsecurity.com
    name: Ghost Security
    url: https://ghostsecurity.com/
  description: 'Provide your Bearer token as: Bearer <token>'
  title: Ghost API
  version: 2.0.0
servers:
  - description: Ghost Security API server
    url: https://api.ghostsecurity.ai
security: []
externalDocs:
  description: ''
  url: ''
paths:
  /v2/findings/{id}:
    patch:
      tags:
        - findings.v2
      summary: Update finding user status
      description: Update the user defined status of a security finding
      parameters:
        - description: Repository ID
          in: path
          name: id
          required: true
          schema:
            type: string
        - description: Project ID
          in: path
          name: project_id
          required: true
          schema:
            type: string
        - description: Finding ID
          in: path
          name: finding_id
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/types.UpdateFindingUserStatusRequest'
        description: Finding status update data
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/exported.Finding'
          description: OK
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/types.ErrorBadRequest'
          description: Bad Request
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/types.ErrorUnauthorized'
          description: Unauthorized
        '404':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/types.ErrorNotFound'
          description: Not Found
        '500':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/types.ErrorInternalServerError'
          description: Internal Server Error
      security:
        - bearerauth: []
components:
  schemas:
    types.UpdateFindingUserStatusRequest:
      description: Finding user status update request
      properties:
        comments:
          description: Triage comments for the finding
          example: Confirmed with team, real issue
          type: string
        project_id:
          example: yhD3A3O2IZY
          type: string
        repo_id:
          description: Optional organization and project IDs for v2 API compatibility
          example: 08PB3zptlr8
          type: string
        user_status:
          description: The new user status for the finding
          enum:
            - open
            - active
            - muted
          example: active
          type: string
      type: object
    exported.Finding:
      properties:
        agent:
          $ref: '#/components/schemas/exported.FindingAgent'
        comments:
          type: string
        created_at:
          type: string
        details:
          $ref: '#/components/schemas/exported.FindingDetails'
        id:
          type: string
        organization_id:
          type: string
        project:
          $ref: '#/components/schemas/exported.FindingProject'
        repo:
          $ref: '#/components/schemas/exported.FindingRepo'
        scan_details:
          $ref: '#/components/schemas/exported.ScanDetails'
        status:
          description: Status and timestamps
          type: string
        updated_at:
          type: string
        user_status:
          type: string
      type: object
    types.ErrorBadRequest:
      description: Error response for bad requests
      properties:
        error:
          description: Error message
          example: Invalid request body
          type: string
      type: object
    types.ErrorUnauthorized:
      description: Error response for unauthorized requests
      properties:
        error:
          description: Error message
          example: Unauthorized
          type: string
      type: object
    types.ErrorNotFound:
      properties:
        error:
          description: Error message
          example: Resource not found
          type: string
      type: object
    types.ErrorInternalServerError:
      description: Error response for internal server errors
      properties:
        error:
          description: Error message
          example: Internal server error
          type: string
      type: object
    exported.FindingAgent:
      description: Finding Agent details
      properties:
        custom_agent_vector_id:
          type: string
        description:
          type: string
        name:
          type: string
        vector:
          type: string
      type: object
    exported.FindingDetails:
      description: Finding Details
      properties:
        code:
          type: string
        description:
          type: string
        endpoint_locations:
          items:
            $ref: '#/components/schemas/exported.EndpointLocation'
          type: array
          uniqueItems: false
        exploit_feasibility:
          type: string
        exploit_walkthrough:
          type: string
        fixed_code:
          type: string
        location:
          $ref: '#/components/schemas/exported.FileLocation'
        remediation:
          type: string
        remediation_effort:
          type: string
        severity:
          type: string
        supporting_files:
          items:
            $ref: '#/components/schemas/exported.FileLocation'
          type: array
          uniqueItems: false
        title:
          type: string
        validation_evidence:
          items:
            $ref: '#/components/schemas/exported.FindingValidationEvidence'
          type: array
          uniqueItems: false
      type: object
    exported.FindingProject:
      properties:
        context:
          $ref: '#/components/schemas/exported.FindingProjectContext'
        id:
          type: string
        name:
          type: string
        purpose:
          type: string
      type: object
    exported.FindingRepo:
      description: Repo and project details
      properties:
        id:
          type: string
        name:
          type: string
        provider:
          type: string
        url:
          type: string
      type: object
    exported.ScanDetails:
      description: Scan details
      properties:
        analyzed_at:
          type: string
        rejected_at:
          type: string
        scan_id:
          type: string
        verified_at:
          type: string
      type: object
    exported.EndpointLocation:
      properties:
        action:
          description: HTTP verb, gRPC RPC method, or GraphQL operation.field
          type: string
        path:
          description: URL path, package.service, or GraphQL endpoint
          type: string
        type:
          description: '"http", "grpc", or "graphql"'
          type: string
      type: object
    exported.FileLocation:
      properties:
        class_name:
          type: string
        file_path:
          type: string
        function_signature:
          type: string
        hash:
          type: string
        line_number:
          type: integer
        method_name:
          type: string
        url:
          type: string
      type: object
    exported.FindingValidationEvidence:
      properties:
        criteria:
          type: string
        rationale:
          type: string
      type: object
    exported.FindingProjectContext:
      properties:
        business_criticality:
          type: string
        deployment:
          type: string
        exposure:
          type: string
        owner:
          type: string
        sensitive_data_types:
          items:
            type: string
          type: array
          uniqueItems: false
      type: object
  securitySchemes:
    bearerauth:
      bearerFormat: JWT
      scheme: bearer
      type: http

````