> ## Documentation Index
> Fetch the complete documentation index at: https://gecko.security/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Get scan endpoint definitions

> Returns the scan endpoint definition that Gecko stored for the scan. Gecko returns the raw value and a parsed object when the stored format is JSON.



## OpenAPI

````yaml /api-reference/openapi.json get /api/v1/scans/{scanId}/endpoints
openapi: 3.1.0
info:
  title: Gecko SAST Scanner API
  version: v1
  description: >-
    Use the Gecko API to launch scans and read scan, repository, and
    vulnerability data for your active team.
servers:
  - url: https://app.gecko.security
    description: Production
security:
  - ApiKeyAuth: []
tags:
  - name: Scans
    description: Launch scans and read scan-level data.
  - name: Repositories
    description: Read repository inventory and repository vulnerability data.
  - name: Vulnerabilities
    description: Read vulnerability data across your active team.
  - name: Utility
    description: Service health and utility endpoints.
paths:
  /api/v1/scans/{scanId}/endpoints:
    get:
      tags:
        - Scans
      summary: Get scan endpoint definitions
      description: >-
        Returns the scan endpoint definition that Gecko stored for the scan.
        Gecko returns the raw value and a parsed object when the stored format
        is JSON.
      operationId: getApiV1ScansByScanIdEndpoints
      parameters:
        - $ref: '#/components/parameters/scanId'
      responses:
        '200':
          description: The scan endpoint definition.
          headers:
            X-RateLimit-Remaining:
              $ref: '#/components/headers/XRateLimitRemaining'
            X-RateLimit-Reset:
              $ref: '#/components/headers/XRateLimitReset'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ScanEndpointsResponse'
              examples:
                yaml:
                  value:
                    version: v1
                    scan_id: f5d35de5-8fc8-4a01-8e28-3bae5d6d26ad
                    format: yaml
                    endpoints: |-
                      openapi: 3.1.0
                      info:
                        title: Example API
                      paths:
                        /health:
                          get:
                            summary: Health
                    parsed: null
                json:
                  value:
                    version: v1
                    scan_id: f5d35de5-8fc8-4a01-8e28-3bae5d6d26ad
                    format: json
                    endpoints: '{"openapi":"3.1.0","info":{"title":"Example API"}}'
                    parsed:
                      openapi: 3.1.0
                      info:
                        title: Example API
        '400':
          description: The scan ID is missing.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error: Scan ID is required
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          description: The API key is not attached to an active team.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error: No active team associated with API key
        '404':
          description: >-
            The scan does not exist or is outside the team scope for the API
            key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error: Scan not found
        '429':
          $ref: '#/components/responses/RateLimitedError'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    scanId:
      name: scanId
      in: path
      required: true
      description: Scan UUID.
      schema:
        type: string
        format: uuid
  headers:
    XRateLimitRemaining:
      description: Requests remaining in the current one-hour window for the API key.
      schema:
        type: integer
    XRateLimitReset:
      description: >-
        ISO 8601 timestamp for when the current one-hour rate-limit window
        resets.
      schema:
        type: string
        format: date-time
    RetryAfter:
      description: Seconds to wait before retrying the request.
      schema:
        type: integer
  schemas:
    ScanEndpointsResponse:
      type: object
      required:
        - version
        - scan_id
        - format
        - endpoints
        - parsed
      properties:
        version:
          type: string
          const: v1
        scan_id:
          type: string
          format: uuid
        format:
          type:
            - string
            - 'null'
          enum:
            - yaml
            - json
            - null
        endpoints:
          type:
            - string
            - 'null'
        parsed:
          type:
            - object
            - 'null'
          additionalProperties: true
    ErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: string
        details:
          type:
            - string
            - 'null'
        hint:
          type:
            - string
            - 'null'
  responses:
    UnauthorizedError:
      description: The API key is missing, malformed, or invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            missingKey:
              value:
                error: API key is required
            badFormat:
              value:
                error: Invalid API key format
            badKey:
              value:
                error: Invalid API key
    RateLimitedError:
      description: The API key reached the per-hour request limit.
      headers:
        Retry-After:
          $ref: '#/components/headers/RetryAfter'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error: Rate limit exceeded
    InternalServerError:
      description: Gecko failed to process the request.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error: Internal server error
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: Team-scoped Gecko API key. Keys start with `gk_`.

````