# Retrieve Action Plan Findings
source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-mgmt-issue-rmdfn/actionplan/fndg-det-actnpln/index.md

## Overview {#overview}

The `GET Action Plan Findings` endpoint returns a list of open issues or findings that are filtered into a vendor's [action plan](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#action-plan) given your risk policy and assessment tuning settings. You must provide the `toe_id` to retrieve a given vendor's action plan in the API request.

### Filter parameters {#filter-parameters}

RiskRecon recommends using filtering capabilities to limit the amount of data that comes back in the response by using [pagination parameters](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/index.md#pagination-metadata) and the following query parameters in the API request:

* **Filter by an asset value** : You can use the `asset_value` parameter to search for findings with high, medium, or low asset value.
* **Filter by issue severity** : You can use the `severity` parameter to search for findings of high, medium, or low severity.
* **Filter by asset value and issue severity** : You can use both the `asset_value` and `severity` parameters to search for findings with high, medium, or low asset value and severity.
* **Filter by multiple asset values** : You can use the `asset_value` parameter multiple times to search for findings with multiple asset values.
* **Filter by security domain** : You can use the `security_domain` parameter to search for findings of a particular security domain, such as Software Patching (software_patching), Application Security (web_app_security),
* **Filter by security criteria** : You can use the `security_criteria` parameter to search for findings for a particular security criteria within a security domain, such as High Value System Encryption (unencrypted_sensitive_systems) and CMS Authentication (config_web_cms_authentication) within the Application Security domain
* **Filter by CVE ID** : You can also use the `cve_ids` array parameter to search for findings by [CVE ID](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#common-vulnerabilities-and-exposures).  

### View action plan findings on the RiskRecon portal {#view-action-plan-findings-on-the-riskrecon-portal}

A pictorial representation of the action plan findings, similar to the following image, as seen in the **Action Plan - Current Action Plan** tab of the **RiskRecon web portal** is shown here:

![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/actionplanfindings.png)

## Sequence Diagram {#sequence-diagram}

The following diagram shows how to retrieve action plan findings for a TOE:
Diagram retrieve-action-plan-findings

## Execution Steps {#execution-steps}

The following steps describe how to retrieve action plan findings for a TOE:

1. The user sends a `GET` request to retrieve the action plan findings details and puts the `toe_id` as the input parameter.
2. RiskRecon provides the action plan findings details.

## Sample Request and Response {#sample-request-and-response}

For a sample response for this API, visit [Get Action Plan Findings](https://developer.mastercard.com/riskrecon-api/documentation/testing/actionplan-samples/actnpln-fndg-smpl/index.md).

## Use Case Examples {#use-case-examples}

The [Retrieve a list of open issues](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-mgmt-issue-rmdfn/actionplan/fndg-det-actnpln/index.md#retrieve-a-list-of-open-issues) use case discusses two scenarios on how you can use the `GET Action Plan Findings` endpoint to retrieve the number of issues open in an action plan of a TOE:

### Retrieve a list of open issues {#retrieve-a-list-of-open-issues}

* A RiskRecon customer has shared two issues in an action plan to its vendor. During the next scan, another issue is filtered into the vendor's action plan but has not been shared with the vendor. The vendor has not yet resolved any issue. In this scenario, when the customer executes the `GET Action Plan Findings` endpoint, all three open issues would be returned in the endpoint response.

* A RiskRecon customer has shared two issues in an action plan to its vendor. The vendor has resolved one issue from the action plan. During the next scan, yet another issue is filtered into the vendor's action plan but has not been shared with the vendor. In this scenario, when the customer executes the `GET Action Plan Findings` endpoint, two open issues would be returned in the API response.

## Endpoint {#endpoint}


API Reference: `GET /v1/action_plan/findings/{toe_id}`