Get scan alert message

get

https://api.stackhawk.com/api/v1/scan/{scanId}/uri/{alertUriId}/messages/{messageId}

Scan Alert Messages

Provides the scan alert and message payloads (request and response) identified with the finding.

Alert Message Response

The overall container with details for this specific scan alert.

Parameter	Default	Description
scanMessage	{}	The scan message container that holds request and response details.
uri	""	The uri or path of the alert finding.
evidence	""	The associated evidence of the alert finding.
otherInfo	""	Additional info associated with this alert finding.
description	""	The details of the alert finding.
param	""	Parameters associated with this alert finding.
validationCommand	""	The generated validation command (e.g., curl) to reproduce the request.

Validation Command

To include a validation command in the response, set the includeValidationCommand query parameter to true:

GET /api/v1/scan/{scanId}/uri/{alertUriId}/messages/{messageId}?includeValidationCommand=true

When enabled, the validationCommand field contains a formatted command that can be used to reproduce the request that triggered this finding. This command includes:

The HTTP method (GET, POST, etc.)
The full URL with the application host prepended to relative paths
All request headers formatted as -H "Header: Value" flags
The request body (if present) with proper shell escaping

This allows you to easily validate and reproduce findings by copying and pasting the command into your terminal.

Note: By default, includeValidationCommand is false and the validation command will not be generated.

Scan Message

The request sent and response received by the scanner.

Parameter	Default	Description
id	""	The unique identifier for the message.
requestHeader	""	All request headers.
cookieParams	""	All request cookies.
requestBody	""	The request body.
responseHeader	""	The response headers.
responseBody	""	The response body.

See the Scan Results Analysis guide for further details on how to use these endpoints.