Fetch a source file
GET/api/v1/assessments/:assessment_id/files/:file_path
Fetch the contents of a single file from the merged archive.
Only available for code-audit and white-box assessments.
The response is streamed as inert text with hardened browser handling
and supports ETag revalidation. Large files (>1 MB) return 413.
- Scope required:
assessments:read. - Rate-limit tier: read (default).
- Path traversal attempts (
../ leading/) return 400.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
File contents served as inert text. MIME metadata remains available from the source-files index.
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.