Use GET /v1/findings (API key) or the MCP list_findings tool (OAuth) to browse findings programmatically. Both surfaces use the same filters and return the same summary fields.
List findings
curl -G "https://api.mindfort.app/v1/findings" \
-H "Authorization: Bearer ${MINDFORT_API_KEY}" \
--data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
--data-urlencode "status=ACTIVE" \
--data-urlencode "exclude_secured=true" \
--data-urlencode "sort_by=severity" \
--data-urlencode "limit=25"
Query parameters
| Parameter | Default | Description |
|---|
target_id | — | Filter to one target (UUID from Target Inventory) |
assessment_id | — | Filter to findings from one assessment run (UUID from Assessments) |
status | ACTIVE | Lifecycle filter: ACTIVE, RESOLVED, or ARCHIVED |
exclude_secured | false | When true, omit informational secured probes (severity=info) |
severity | — | Filter by severity: critical, high, medium, low, or info |
sort_by | severity | severity (highest score first) or created_at |
limit | 25 | Page size (max 100) |
offset | 0 | Offset for pagination |
Response
Each item in findings includes:
| Field | Description |
|---|
id | Finding UUID |
title | Finding title |
severity | critical, high, medium, low, or info |
severity_score | Numeric score (may be 0 for low-severity or informational items) |
status | ACTIVE, RESOLVED, or ARCHIVED |
target_id | Target UUID |
created_at | ISO 8601 timestamp |
total, limit, and offset for pagination. Paginate until offset + len(findings) >= total.
Match the dashboard
The MindFort UI uses tabs and filters that map to API parameters:
| Dashboard view | API / MCP equivalent |
|---|
| Open (vulnerable only, default) | status=ACTIVE and exclude_secured=true |
| Open (include secured probes) | status=ACTIVE (omit exclude_secured or exclude_secured=false) |
| Resolved | status=RESOLVED |
| Archived | status=ARCHIVED |
| Findings from one assessment | assessment_id=<uuid> |
Without exclude_secured=true, list results include informational secured probe findings (severity=info) that the dashboard hides on the default Open tab. This is the most common reason API or MCP counts look higher than the UI.
Examples
Vulnerabilities for a target (matches default Open tab):
curl -G "https://api.mindfort.app/v1/findings" \
-H "Authorization: Bearer ${MINDFORT_API_KEY}" \
--data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
--data-urlencode "exclude_secured=true"
curl -G "https://api.mindfort.app/v1/findings" \
-H "Authorization: Bearer ${MINDFORT_API_KEY}" \
--data-urlencode "assessment_id=${MINDFORT_ASSESSMENT_ID}" \
--data-urlencode "exclude_secured=true"
curl -G "https://api.mindfort.app/v1/findings" \
-H "Authorization: Bearer ${MINDFORT_API_KEY}" \
--data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
--data-urlencode "status=ARCHIVED"
Get finding details
curl "https://api.mindfort.app/v1/findings/${MINDFORT_FINDING_ID}" \
-H "Authorization: Bearer ${MINDFORT_API_KEY}"
description, impact, evidence, approach, remediation_advice, and status.
Update status
curl -X POST "https://api.mindfort.app/v1/findings/${MINDFORT_FINDING_ID}/status" \
-H "Authorization: Bearer ${MINDFORT_API_KEY}" \
-H "Content-Type: application/json" \
-d '{"status":"RESOLVED"}'
ACTIVE, RESOLVED, ARCHIVED.
MCP
The MCP guide exposes the same filters on the list_findings tool. Pass target_id, assessment_id, status, exclude_secured, severity, sort_by, limit, and offset as tool arguments.
After a server update, you do not need to reinstall MCP — keep the same https://api.mindfort.app/mcp URL and restart your agent or start a new chat so it picks up the latest tool schema. 
