New APIs - anyone managed to master adding new exclusions?

I'm working with the new policy APIs for our Central Enterprise instance.  I can drill into one of our customers and pull back all the policy settings for all policies easily enough, & I'm happy that I'm correctly authenticated.

However, I'm trying to make a PATCH request to the /settings/endpoint.threat-protection.exclusions.scanning with a JSON package download but am hitting "badRequest" errors, with a message of "Setting must include a value field".

I've formed my JSON to what I can see on the API documentation at Endpoint Policy Settings Object Schemas | Sophos Central APIs but I've clearly got something wrong.

No magic wand from support yet & have scoured the docs & am either missing a pointer or it's not there!.  With this command I'm trying to add a new exclusion for on demand & access to a specific policy.  Anyone able to point out my obvious mistakes?

ta.

Ash - JSON follows:

{
  "properties": {
    "scanMode": {
      "enum": [
        "onDemandAndOnAccess"
      ]
    },
    "type": {
      "enum": [
        "path"
      ]
    },
    "value": {
      "type": "c:\\temp\\MytestFile.txt"
    },
    "required": [
      "true"
    ]
    },
  "$id": "">api.central.sophos.com/.../scanningExclusion.json",
  "$schema": "">json-schema.org/.../schema",
  "type": "object"
}



Added tags
[edited by: Gladys at 12:13 PM (GMT -7) on 8 Aug 2022]