# Get TOEs by their CVE IDs
source: https://developer.mastercard.com/riskrecon-api/documentation/testing/toe-samples/retrve-toes-cveid-smpl/index.md

Allows you to retrieve companies and their TOE IDs by a valid CVE ID.

## Pre-requisites {#pre-requisites}

Refer to the [Retrieve TOEs by CVE ID](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/toe-by-cve-id/retrve-toes-by-cve-ids/index.md) use case.

## Request URL for the Sandbox environment {#request-url-for-the-sandbox-environment}

    GET https://api.sandbox.riskrecon.com/v1/toes/by_cve

## Request URL for the Production environment {#request-url-for-the-production-environment}

    GET https://api.riskrecon.com/v1/toes/by_cve 

## Test Cases {#test-cases}

### Test Case: Success - Retrieve company names and their TOE IDs by a CVE ID {#test-case-success---retrieve-company-names-and-their-toe-ids-by-a-cve-id}

**Request**

Here is an example of a request made using the `curl` command.

```bash
curl -X 'GET' \
  'https://api.sandbox.riskrecon.com/v1/toes/by_cve?cve_id=CVE-2015-5099' \
  -H 'accept: application/json' \
  -H 'Authorization: valid_JWT_token'
```

**Response**

get:

```json
[
  {
    "toe_id": "8fff85ad-9c05-4148-a81b-4194185badf0",
    "company_name": "Riskrecon, Co."
  }
]
```

### Test Case: Fail - Invalid CVE ID {#test-case-fail---invalid-cve-id}

**Request**

Here is an example, using a curl command, of a request made with a CVE ID whose year is earlier to the allowed year, that is, 1999.

```bash
curl -X 'GET' \
  'https://api.sandbox.riskrecon.com/v1/toes/by_cve?cve_id=CVE-1989-4444' \
  -H 'accept: application/json'
  -H 'Authorization: valid_JWT_token'
```

**Response**

HTTP Error Response 400

```json
{
  "Errors": {
    "Error": [
      {
        "Description": "Bad Request",
        "Details": "Invalid cve_id format",
        "ReasonCode": "BAD_REQUEST",
        "Recoverable": false,
        "Source": "RISKRECON_API"
      }
    ]
  }
}
```

### Test Case: Fail - No products available for the specified CVE ID {#test-case-fail---no-products-available-for-the-specified-cve-id}

**Request**

Here is an example, using a curl command, of a request made with a CVE ID whose year is yet to arrive. There are no products available for the specified CVE ID for the year 2099 yet.

```bash
curl -X 'GET' \
  'https://api.sandbox.riskrecon.com/v1/toes/by_cve?cve_id=CVE-2099-20353' \
  -H 'accept: application/json'
  -H 'Authorization: valid_JWT_token'
```

**Response**

HTTP Error Response 400

```json
{
  "Errors": {
    "Error": [
      {
        "Description": "Bad Request",
        "Details": "No products found for given cve_id",
        "ReasonCode": "BAD_REQUEST",
        "Recoverable": false,
        "Source": "RISKRECON_API"
      }
    ]
  }
}
```