Main Site HUB Security Scorecard API 4.2 Submit feedback for items on my scorecard


4.2 Submit feedback for items on my scorecard


SecurityScorecard allows you to provide feedback (refute) items on your Scorecard. You can use this to identify issues that are resolved, have compensating controls for or should not be attributed to your organization.

Send Feedback (Refute) to SecurityScorecard

This API endpoint allows you to refute items on your scorecard. You can check out the full specification for this endpoint here

Resource URI



Name Required Description
Domain Y The primary domain identifying a company in SecurityScorecard.
Issue Type Y You can find the Issue Type key from the API response for issue types metadata. The key field for each issue type can be used as a parameter here.
Issue ID’s Y The unique ID’s of the findings you are refuting
Feedback_type Y

The reason for the refute. Reasons include

  • 'technical_remediation': I have fixed this
  • 'compensating_control': I have a compensating control
  • 'misattribution': This is not my IP or domain
  • 'false_positive': I cannot reproduce this issue and I think it's incorrect

Note: additional feedback types might be introduced in the future.

Comment N An additional comment provided by the creator of this feedback

Sample Code:

            curl -X POST \
                -H 'Accept: application/json' \
                -H 'Authorization: Token <Your API Key>' \
                -H 'Content-Type: application/json' \
                -H 'cache-control: no-cache' \
                -d '{ "issue_ids": ["c6d1b501-a433-5174-9a9a-237671f3fc2f", "d6f22280-01df-5dbd-af06-e4fd6c936815", "6d15431e-ed42-59a3-9400-c6988249b6cd"], "feedback_type": "technical_remediation", "comment": "Ran antivirus program, discovered the issue and fixed it."}'

Sample Response:

    "id": "d4438249-03ff-4204-8d9b-602f229e3ae6"