Organization
- GETGet organization information
- DELDelete organization
- PATCHUpdate organization
- GETGet organization onboarding status
- POSTTransfer organization ownership
- GETGet role notification settings
- PUTUpdate role notification settings
- GETList active API keys
- POSTCreate a new API key
- GETGet available API key scopes
- GETGet organization primary color
- POSTUpload organization logo
- DELRemove organization logo
- POSTRevoke an API key
People
- POSTInvite members to the organization
- GETGet all people
- POSTCreate a new member
- GETGet all employee devices with fleet compliance data
- GETGet integration test statistics grouped by assignee
- POSTAdd multiple members to organization
- GETGet members who can read a specific resource type
- PATCHReactivate a deactivated member
- GETGet person by ID
- DELDelete member
- PATCHUpdate member
- GETGet training video completions for a member
- GETGet fleet/device compliance for a member
- DELRemove host (device) from Fleet
- PATCHUnlink device from member
- GETGet current user email notification preferences
- PUTUpdate current user email notification preferences
Risks
Vendors
Context
Policies
- GETGet all policies
- POSTCreate a new policy
- POSTPublish all draft policies
- GETDownload all published policies as a single PDF
- GETGet mapped and all controls for a policy
- POSTMap controls to a policy
- POSTRegenerate policy content using AI
- GETGet a signed URL for the policy PDF
- POSTUpload a PDF to a policy or version
- DELDelete a policy PDF
- GETGet signed URL for policy PDF (alternate path)
- DELRemove a control mapping from a policy
- GETGet policy by ID
- DELDelete policy
- PATCHUpdate policy
- GETGet policy versions
- POSTCreate policy version
- GETGet policy version by ID
- DELDelete policy version
- PATCHUpdate version content
- POSTPublish new policy version
- POSTSet active policy version
- POSTSubmit version for approval
- POSTAccept pending policy changes and publish the version
- POSTDeny pending policy changes
- POSTChat with AI about a policy
Attachments
Device Agent
- POSTExchange an auth code for device credentials
- GETDownload a device-agent update
- HEADCheck a device-agent update's metadata
- POSTCreate a device-agent auth code
- GETList organizations for the current device
- POSTRegister a device agent
- POSTSubmit a device check-in
- GETGet device-agent status
- GETDownload macOS Device Agent
- GETDownload Windows Device Agent ZIP
Tasks
- GETGet all tasks
- POSTCreate a task
- GETGet task templates
- DELDelete multiple tasks
- PATCHUpdate status for multiple tasks
- PATCHUpdate assignee for multiple tasks
- PATCHReorder tasks
- POSTBulk submit tasks for review
- GETGet page options for tasks overview
- GETGet task by ID
- DELDelete a task
- PATCHUpdate a task
- GETGet task activity
- POSTRegenerate task from template
- POSTSubmit task for review
- POSTApprove a task
- POSTReject a task review
- GETGet task attachments
- POSTUpload attachment to task
- GETGet attachment download URL
- DELDelete task attachment
Task Automations
- GETGet all automations for a task
- POSTCreate a new evidence automation
- GETGet automation details
- DELDelete an automation
- PATCHUpdate an existing automation
- GETGet all runs for a specific automation
- GETGet all versions for an automation
- POSTCreate a published version record for an automation
- GETGet all automation runs for a task
Evidence Export
Evidence Export (Auditor)
Health
Trust Portal
- GETGet complete trust portal settings for admin page
- POSTUpload a favicon for the trust portal
- DELRemove the trust portal favicon
- GETGet domain verification status
- POSTUpload or replace a compliance certificate (PDF only)
- POSTGenerate a temporary signed URL for a compliance certificate
- POSTList uploaded compliance certificates for the organization
- POSTUpload an additional trust portal document
- POSTList additional trust portal documents for the organization
- POSTGenerate a temporary signed URL for a trust portal document
- POSTDelete (deactivate) a trust portal document
- PUTEnable or disable the trust portal
- POSTAdd or update a custom domain for the trust portal
- POSTCheck DNS records for a custom domain
- PUTUpdate trust portal FAQs
- PUTUpdate allowed domains for the trust portal
- PUTUpdate trust portal framework settings
- GETGet trust portal overview
- POSTUpdate trust portal overview section
- GETList custom links for trust portal
- POSTCreate a custom link for trust portal
- POSTUpdate a custom link
- POSTDelete a custom link
- POSTReorder custom links
- POSTUpdate vendor trust portal settings
- GETList vendors configured for trust portal
Trust Access
- POSTSubmit data access request
- GETList access requests
- GETGet access request details
- POSTApprove access request
- POSTDeny access request
- GETList access grants
- POSTRevoke access grant
- POSTResend access granted email
- GETGet NDA details by token
- POSTPreview NDA by token
- POSTSign NDA
- POSTResend NDA email
- POSTPreview NDA PDF
- POSTReclaim access
- GETGet grant data by access token
- GETList policies by access token
- GETDownload all policies as watermarked PDF
- GETDownload all policies as ZIP with individual PDFs
- GETList compliance resources by access token
- GETList additional documents by access token
- GETDownload all additional documents as a ZIP by access token
- GETDownload additional document by access token
- GETDownload compliance resource by access token
- GETGet FAQs for a trust portal
- GETGet overview section for a trust portal
- GETGet custom links for a trust portal
- GETGet favicon URL for a trust portal
- GETGet vendors/subprocessors for a trust portal
Framework Editor Control Templates
- GETList control templates
- POSTCreate a control template
- GETGet a control template by ID
- DELDelete a control template
- PATCHUpdate a control template
- POSTLink a requirement to a control template
- DELUnlink a requirement from a control template
- POSTLink a policy template to a control template
- DELUnlink a policy template from a control template
- POSTLink a task template to a control template
- DELUnlink a task template from a control template
Framework Editor Frameworks
- GETList frameworks
- POSTCreate a framework
- GETGet a framework by ID
- DELDelete a framework
- PATCHUpdate a framework
- POSTImport a framework definition
- GETExport a framework definition
- GETList controls for a framework
- GETList policy templates for a framework
- GETList task templates for a framework
- GETList documents for a framework
- POSTLink a control to a framework
- POSTLink a task template to a framework
- POSTLink a policy template to a framework
Framework Editor Policy Templates
Framework Editor Requirements
Framework Editor Task Templates
Finding Templates
Findings
Questionnaire
- GETList questionnaires
- GETGet a questionnaire by ID
- DELDelete a questionnaire
- POSTParse an uploaded questionnaire file
- POSTAnswer a single questionnaire question
- POSTSave a questionnaire answer
- POSTDelete a questionnaire answer
- POSTExport a questionnaire
- POSTUpload and parse a questionnaire file
- POSTUpload a questionnaire file and parse its questions
- POSTUpload a questionnaire file and auto-answer with export
- POSTUpload and auto-answer a questionnaire via trust portal token
- POSTExport questionnaire answers
- POSTUpload a questionnaire file and export auto-generated answers
- POSTAuto-answer a questionnaire
Knowledge Base
- GETList all knowledge base documents for an organization
- GETList all manual answers for an organization
- POSTSave or update a manual answer
- POSTUpload a knowledge base document
- POSTGet a signed download URL for a document
- POSTGet a signed view URL for a document
- POSTDelete a knowledge base document
- POSTTrigger processing of knowledge base documents
- POSTCreate a public access token for a run
- POSTDelete a manual answer
- POSTDelete all manual answers for an organization
SOA
Integrations
- GETCheck OAuth provider availability
- POSTStart an OAuth authorization flow
- GETHandle OAuth provider callback
- GETList configured OAuth apps
- POSTCreate an OAuth app configuration
- GETGet OAuth app setup details
- DELDelete an OAuth app configuration
- GETList available integration providers
- GETGet an integration provider by slug
- GETList integration connections
- POSTCreate an integration connection
- GETGet an integration connection by ID
- DELDelete an integration connection
- PATCHUpdate an integration connection
- POSTTest an integration connection
- POSTPause an integration connection
- POSTResume an integration connection
- POSTDisconnect an integration
- POSTEnsure valid credentials for a connection
- GETList services enabled on a connection
- PUTSet services enabled on a connection
- PUTUpdate integration credentials
- GETList check definitions for a provider
- GETList checks for a connection
- POSTRun all checks for a connection
- POSTRun a single check on a connection
- GETList variable definitions for a provider
- GETList connection variables
- POSTUpdate connection variables
- GETGet options for a connection variable
- GETList checks for a task template
- GETList checks attached to a task
- POSTRun a check for a task
- POSTDisconnect checks from a task
- POSTReconnect checks to a task
- GETList check runs for a task
- POSTSync Google Workspace employees
- POSTGet Google Workspace sync status
- POSTSync Rippling employees
- POSTGet Rippling sync status
- POSTSync JumpCloud employees
- POSTGet JumpCloud sync status
- GETGet the currently configured employee sync provider
- POSTSet the employee sync provider
- GETList employee sync providers available to the org
- POSTSync employees for a dynamic provider
CloudSecurity
- GETList recent cloud security activity
- GETList supported cloud providers
- GETList cloud security findings
- POSTTrigger a security scan for a connection
- POSTDetect available cloud services for a connection
- POSTDetect the GCP organization for a connection
- POSTSelect GCP projects for a connection
- POSTSet up GCP for a connection
- POSTResolve a GCP setup step
- POSTSet up Azure for a connection
- POSTValidate Azure credentials for a connection
- POSTTrigger a cloud security run for a connection
- GETGet a cloud security scan run by ID
- POSTCreate a legacy cloud integration
- POSTValidate legacy AWS credentials
- DELDelete a legacy cloud integration
Remediation
Browserbase
- GETGet organization browser context status
- POSTGet or create organization browser context
- POSTCreate a new browser session
- POSTClose a browser session
- POSTNavigate to a URL
- POSTCheck authentication status
- POSTCreate a browser automation
- GETGet all browser automations for a task
- GETGet a browser automation by ID
- DELDelete a browser automation
- PATCHUpdate a browser automation
- POSTStart automation with live view
- POSTExecute automation on existing session
- POSTRun a browser automation
- GETGet run history for an automation
- GETGet a specific run by ID
Task Management
Assistant Chat
Roles
Training
Org Chart
Evidence Forms
- GETList evidence forms
- GETGet submission statuses for all forms
- GETGet current user submissions
- GETGet pending submission count for current user
- GETGet form definition and submissions
- GETGet a single submission
- DELDelete a submission
- POSTSubmit evidence form entry
- POSTUpload a file as an evidence submission
- PATCHReview a submission
- POSTUpload evidence form file
- GETExport form submissions to CSV
Frameworks
- GETList framework instances for the organization
- POSTAdd frameworks to the organization
- GETList available frameworks (requires session, no active org needed — used during onboarding)
- GETGet overview compliance scores
- GETGet a single framework instance with full detail
- DELDelete a framework instance
- GETGet a specific requirement with related controls
- POSTCreate a custom framework for this organization
- POSTAdd a custom requirement to a framework instance
- POSTLink (clone) existing requirements from another framework into this one
- POSTLink existing org controls to a requirement
Controls
- GETList controls with relations
- POSTCreate a new control
- GETGet dropdown options for creating controls
- GETGet control detail with progress
- DELDelete a control
- POSTLink existing policies to a control
- POSTLink existing tasks to a control
- POSTLink existing requirements to a control
- POSTLink required document types to a control
- DELRemove a required document type from a control
Email - Unsubscribe
Secrets
Security Penetration Tests
Create a new control
curl --request POST \
--url http://localhost:3333/v1/controls \
--header 'Content-Type: application/json' \
--data '
{
"name": "Access Control",
"description": "Manages user access to systems",
"policyIds": [
"<string>"
],
"taskIds": [
"<string>"
],
"requirementMappings": [
{
"frameworkInstanceId": "<string>",
"requirementId": "<string>",
"customRequirementId": "<string>"
}
],
"documentTypes": [
"board_meeting"
]
}
'Controls
Create a new control
POST
/
v1
/
controls
Create a new control
curl --request POST \
--url http://localhost:3333/v1/controls \
--header 'Content-Type: application/json' \
--data '
{
"name": "Access Control",
"description": "Manages user access to systems",
"policyIds": [
"<string>"
],
"taskIds": [
"<string>"
],
"requirementMappings": [
{
"frameworkInstanceId": "<string>",
"requirementId": "<string>",
"customRequirementId": "<string>"
}
],
"documentTypes": [
"board_meeting"
]
}
'Body
application/json
Control name
Example:
"Access Control"
Control description
Example:
"Manages user access to systems"
Policy IDs to connect
Task IDs to connect
Requirement mappings
Show child attributes
Show child attributes
Evidence form types to require on this control
Available options:
board_meeting, it_leadership_meeting, risk_committee_meeting, meeting, access_request, whistleblower_report, penetration_test, rbac_matrix, infrastructure_inventory, employee_performance_evaluation, network_diagram, tabletop_exercise Response
201 - undefined
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.