> ## Documentation Index
> Fetch the complete documentation index at: https://docs.synack.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Add or Remove Multiple Assets to/from Asessment

> Associate or disassociate zero or more assets from a listing. Allows the caller to provide lists of assets to add to and/or remove from being associated with a listing. Unknown assets are ignored.



## OpenAPI

````yaml /asset-v2-openapi.yaml patch /v2/listings/{listingUid}/assets
openapi: 3.0.3
info:
  title: Asset Service
  version: 2.1.020
  contact:
    name: Synack Engineering
    email: engineering@synack.com
servers:
  - url: https://client.synack.com/api/asset
    description: Commercial
  - url: https://client.synack.us/api/asset
    description: FedRAMP (Medium)
security: []
tags:
  - name: asset-relationships
    description: Relationships between assets.
  - name: Assets
    description: Assets managed by Synack.
  - name: cloudaccounts
    description: Cloud account assets.
  - name: credentials
    description: Credentials are restricted to authorized users.
  - name: Hosts
    description: Host assets.
  - name: Assessments
    description: Assets are associated with listings.
  - name: mobileapps
    description: Mobile application assets.
  - name: networks
    description: Network assets.
  - name: ports
    description: Ports for single host assets.
  - name: scoperules
    description: >-
      Scope-rules provide fine grained control for what is in and out of scope
      for an asset.
  - name: scripts
    description: Scripts for mobile and web applications.
  - name: userroles
    description: Defines persona-specific user roles for asset credential management.
  - name: users
    description: Users of credentials.
  - name: webapps
    description: Web application assets.
paths:
  /v2/listings/{listingUid}/assets:
    parameters:
      - $ref: '#/components/parameters/ListingUIDPath'
    patch:
      tags:
        - Assessments
      description: >-
        Associate or disassociate zero or more assets from a listing. Allows the
        caller to provide lists of assets to add to and/or remove from being
        associated with a listing. Unknown assets are ignored.
      operationId: patchListingAssets
      requestBody:
        description: >-
          Asset UIDs to add associations to and/or remove associations from the
          listing.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BulkListingAsset'
      responses:
        '204':
          $ref: '#/components/responses/204NoContent'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '413':
          $ref: '#/components/responses/413RequestEntityTooLarge'
        '422':
          $ref: '#/components/responses/422EntityNotProcessable'
        '500':
          $ref: '#/components/responses/500InternalServerError'
        '503':
          $ref: '#/components/responses/503ServiceUnavailable'
      security:
        - OAuth2:
            - asset_gw
            - asset_client_ow
            - asset_client_lw
            - asset_boss_ow
            - asset_boss_lw
components:
  parameters:
    ListingUIDPath:
      name: listingUid
      in: path
      schema:
        $ref: '#/components/schemas/ListingUID'
      required: true
      description: Unique identifier for an listing.
  schemas:
    BulkListingAsset:
      type: object
      description: Asset UIDs to associate to and/or remove from a listing.
      properties:
        add:
          type: array
          description: Asset UIDs to associate to the listing.
          items:
            $ref: '#/components/schemas/ListingAsset'
        remove:
          type: array
          description: Asset UIDs to remove from the listing.
          items:
            $ref: '#/components/schemas/AssetUID'
    ListingUID:
      type: string
      pattern: ^[-_0-9a-z]{1,50}
      description: Unique identifier for an listing.
      readOnly: true
    ListingAsset:
      allOf:
        - $ref: '#/components/schemas/AssetListing'
        - type: object
          description: Assignment of an asset to a listing.
          properties:
            assetUid:
              $ref: '#/components/schemas/AssetUID'
    AssetUID:
      type: string
      pattern: ^[0-9a-f]{24}
      description: Unique identifier for an asset.
    ProblemDetails:
      type: object
      description: >-
        See [RFC 7807: Problem Details for HTTP
        APIs](https://tools.ietf.org/html/rfc7807)
      properties:
        type:
          type: string
          readOnly: true
        title:
          type: string
          readOnly: true
        status:
          type: integer
          format: int32
          minimum: 100
          maximum: 511
          description: HTTP Status code.
          readOnly: true
        detail:
          type: string
          description: Message detailing the problem.
          readOnly: true
        instance:
          type: string
          description: generated problem instance number to correlate with logs
          readOnly: true
        failedValidation:
          type: array
          description: Array of failed validation rules.
          readOnly: true
          items:
            $ref: '#/components/schemas/FailedValidation'
        failedValidations:
          type: array
          description: Array of indexed failed validation rules.
          readOnly: true
          items:
            $ref: '#/components/schemas/IndexedFailedValidations'
        maxBatchSize:
          type: integer
          description: Maximum processable batch size.
          readOnly: true
        batchSize:
          type: integer
          description: Batch size sent when batch is too large.
          readOnly: true
    AssetListing:
      type: object
      description: Listings the asset is assigned to.
      properties:
        listingUid:
          $ref: '#/components/schemas/ListingUID'
        scope:
          $ref: '#/components/schemas/Scope'
        scopeRules:
          description: Out of scope locations for this asset.
          type: array
          items:
            $ref: '#/components/schemas/ScopeRule'
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: >-
            Automatically set by the server to the time the listing asset
            association was created.
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: >-
            Automatically set by the server to the time the listing asset
            association is updated.
    FailedValidation:
      type: object
      required:
        - message
      properties:
        property:
          type: string
          readOnly: true
        value:
          type: string
          readOnly: true
        message:
          type: string
          readOnly: true
    IndexedFailedValidations:
      type: object
      properties:
        index:
          type: integer
          description: >-
            Zero-based index indicating the which item in request containing an
            array of items has failed validation.
          readOnly: true
        failedValidation:
          type: array
          description: Array of failed validation rules.
          readOnly: true
          items:
            $ref: '#/components/schemas/FailedValidation'
    Scope:
      description: >
        Set to _in_-scope means automated and manual testing _should_ occur;
        _out_-of-scope means automated and manual testing _must not_ occur;
        _discovered_ means observed through automated discovery and may be
        automatically removed if not observed again during subseqent discovery
        activities.
      type: string
      enum:
        - in
        - out
        - discovered
        - blocked
    ScopeRule:
      allOf:
        - $ref: '#/components/schemas/ScopeRuleSummary'
        - $ref: '#/components/schemas/Updatable'
    ScopeRuleSummary:
      type: object
      description: >-
        Part of the scope of an asset that is included/excluded from a specific
        activity.
      required:
        - uid
        - rule
        - scope
        - appliesTo
      properties:
        uid:
          $ref: '#/components/schemas/UID'
        rule:
          $ref: '#/components/schemas/WebRULE'
          description: >-
            A textual definition of the scope rule. Format will vary by
            assetType.
        scope:
          $ref: '#/components/schemas/ScopeRuleInclusion'
        appliesTo:
          $ref: '#/components/schemas/ScopeRuleApplicability'
    Updatable:
      allOf:
        - $ref: '#/components/schemas/Creatable'
        - type: object
          properties:
            updatedAt:
              type: string
              format: date-time
              readOnly: true
              description: >-
                Automatically set by the server to the time the request was
                processed whenever the resource is updated.
            updatedBy:
              $ref: '#/components/schemas/OperationUserUID'
    UID:
      type: string
      pattern: ^[0-9a-f]{12}
      readOnly: true
      description: Unique Identifier.
    WebRULE:
      type: string
      pattern: >-
        ^(/([a-zA-Z0-9_-~!$&'()+,;=:@.]|%[0-9a-fA-F]{2})+/)*(/?((([A-z]|[0-9]|[-_~])|%[0-9a-fA-F]{2}|[!$&'()*+,;=]|[:@])|[/?])*){0,1}//(#((([A-z]|[0-9]|[-_~.])|%[0-9a-fA-F]{2}|[!$&'()*+,;=]|[:@])|[/?])*){0,1}/?$
      description: Rule for web asset validation
    ScopeRuleInclusion:
      type: string
      enum:
        - in
        - out
    ScopeRuleApplicability:
      type: string
      enum:
        - scanners
        - srt
        - both
    Creatable:
      type: object
      required:
        - createdAt
        - createdBy
      properties:
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: >-
            Automatically set by the server to the time the request was
            processed whenever the resource was created.
        createdBy:
          $ref: '#/components/schemas/OperationUserUID'
    OperationUserUID:
      type: string
      pattern: ^[0-9a-f]{12}
      readOnly: true
      description: >-
        Automatically set by the server to the requesting user whenever the
        resource is updated. May be a user account or a service account if the
        action is performed by an automated.
  responses:
    204NoContent:
      description: No content.
    401Unauthorized:
      description: Unauthorized.
    403Forbidden:
      description: Forbidden
    404NotFound:
      description: Not found.
    413RequestEntityTooLarge:
      description: >-
        Returned generally when the size of the request body is too large to
        process, or specifically when the request contains too many items,
        typically in a bulk API operation.
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ProblemDetails'
    422EntityNotProcessable:
      description: Entity Not Processable
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ProblemDetails'
    500InternalServerError:
      description: Internal Server Error.
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ProblemDetails'
    503ServiceUnavailable:
      description: Service Unavailable.
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ProblemDetails'
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: login.synack.com
          scopes:
            asset_lr: Grants per-listing read access for all types of assets.
            asset_srt_lr: Grants per-listing read access to assets that may be read by SRTs.
            asset_or: >-
              Grants organization-level read access for all types of assets
              owned by a particular organization.
            asset_boss_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by BOSS users.
            asset_boss_lw: >-
              Grants per-listing write access to assets that may be modified by
              BOSS users.
            asset_client_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by Client users.
            asset_client_lw: >-
              Grants per-listing write access to assets that may be modified by
              Client users.
            asset_user_or: >-
              Grants user-level read access to asset stats that owned by a
              particular organization.
            asset_gr: >-
              Grants unrestricted read access to all assets. Except for
              credential data of cloud accout assets.
            asset_gw: Grants unrestricted write access to all assets.
            asset_scan_gr: >-
              Grants unrestricted read access to all assets. Including
              credential data of cloud account assets.

````