Auth
Organization
- GETGet organization information
- DELDelete organization
- PATCHUpdate organization
- GETGet v1organizationonboarding
- POSTTransfer organization ownership
- GETGet role notification settings
- PUTUpdate role notification settings
- GETList active API keys
- POSTCreate a new API key
- GETGet available API key scopes
- GETGet organization primary color
- POSTUpload organization logo
- DELRemove organization logo
- POSTRevoke an API key
People
- POSTInvite members to the organization
- GETGet all people
- POSTCreate a new member
- GETGet all employee devices with fleet compliance data
- GETGet integration test statistics grouped by assignee
- POSTAdd multiple members to organization
- GETGet members who can read a specific resource type
- PATCHReactivate a deactivated member
- GETGet person by ID
- DELDelete member
- PATCHUpdate member
- GETGet training video completions for a member
- GETGet fleet/device compliance for a member
- DELRemove host (device) from Fleet
- PATCHUnlink device from member
- GETGet current user email notification preferences
- PUTUpdate current user email notification preferences
Risks
Vendors
Internal - Vendors
Context
Policies
- GETGet all policies
- POSTCreate a new policy
- POSTPublish all draft policies
- GETDownload all published policies as a single PDF
- GETGet mapped and all controls for a policy
- POSTMap controls to a policy
- POSTRegenerate policy content using AI
- GETGet a signed URL for the policy PDF
- POSTUpload a PDF to a policy or version
- DELDelete a policy PDF
- GETGet signed URL for policy PDF (alternate path)
- DELRemove a control mapping from a policy
- GETGet policy by ID
- DELDelete policy
- PATCHUpdate policy
- GETGet policy versions
- POSTCreate policy version
- GETGet policy version by ID
- DELDelete policy version
- PATCHUpdate version content
- POSTPublish new policy version
- POSTSet active policy version
- POSTSubmit version for approval
- POSTAccept pending policy changes and publish the version
- POSTDeny pending policy changes
- POSTChat with AI about a policy
Attachments
Device Agent
- POSTPost v1device agentexchange code
- GETGet v1device agentupdates
- HEADHead v1device agentupdates
- POSTPost v1device agentauth code
- GETGet v1device agentmy organizations
- POSTPost v1device agentregister
- POSTPost v1device agentcheck in
- GETGet v1device agentstatus
- GETDownload macOS Device Agent
- GETDownload Windows Device Agent ZIP
Tasks
- GETGet all tasks
- POSTCreate a task
- DELDelete multiple tasks
- PATCHUpdate status for multiple tasks
- PATCHUpdate assignee for multiple tasks
- PATCHReorder tasks
- POSTBulk submit tasks for review
- GETGet page options for tasks overview
- GETGet task by ID
- DELDelete a task
- PATCHUpdate a task
- GETGet task activity
- POSTRegenerate task from template
- POSTSubmit task for review
- POSTApprove a task
- POSTReject a task review
- GETGet task attachments
- POSTUpload attachment to task
- GETGet attachment download URL
- DELDelete task attachment
Task Automations
- GETGet all automations for a task
- POSTCreate a new evidence automation
- GETGet automation details
- DELDelete an automation
- PATCHUpdate an existing automation
- GETGet all runs for a specific automation
- GETGet all versions for an automation
- POSTCreate a published version record for an automation
- GETGet all automation runs for a task
Evidence Export
Evidence Export (Auditor)
Health
Trust Portal
- GETGet complete trust portal settings for admin page
- POSTUpload a favicon for the trust portal
- DELRemove the trust portal favicon
- GETGet domain verification status
- POSTUpload or replace a compliance certificate (PDF only)
- POSTGenerate a temporary signed URL for a compliance certificate
- POSTList uploaded compliance certificates for the organization
- POSTUpload an additional trust portal document
- POSTList additional trust portal documents for the organization
- POSTGenerate a temporary signed URL for a trust portal document
- POSTDelete (deactivate) a trust portal document
- PUTEnable or disable the trust portal
- POSTAdd or update a custom domain for the trust portal
- POSTCheck DNS records for a custom domain
- PUTUpdate trust portal FAQs
- PUTUpdate allowed domains for the trust portal
- PUTUpdate trust portal framework settings
- GETGet trust portal overview
- POSTUpdate trust portal overview section
- GETList custom links for trust portal
- POSTCreate a custom link for trust portal
- POSTUpdate a custom link
- POSTDelete a custom link
- POSTReorder custom links
- POSTUpdate vendor trust portal settings
- GETList vendors configured for trust portal
Trust Access
- POSTSubmit data access request
- GETList access requests
- GETGet access request details
- POSTApprove access request
- POSTDeny access request
- GETList access grants
- POSTRevoke access grant
- POSTResend access granted email
- GETGet NDA details by token
- POSTPreview NDA by token
- POSTSign NDA
- POSTResend NDA email
- POSTPreview NDA PDF
- POSTReclaim access
- GETGet grant data by access token
- GETList policies by access token
- GETDownload all policies as watermarked PDF
- GETDownload all policies as ZIP with individual PDFs
- GETList compliance resources by access token
- GETList additional documents by access token
- GETDownload all additional documents as a ZIP by access token
- GETDownload additional document by access token
- GETDownload compliance resource by access token
- GETGet FAQs for a trust portal
- GETGet overview section for a trust portal
- GETGet custom links for a trust portal
- GETGet favicon URL for a trust portal
- GETGet vendors/subprocessors for a trust portal
Framework Editor Control Templates
- GETGet v1framework editorcontrol template
- POSTPost v1framework editorcontrol template
- GETGet v1framework editorcontrol template 1
- DELDelete v1framework editorcontrol template
- PATCHPatch v1framework editorcontrol template
- POSTPost v1framework editorcontrol template requirements
- DELDelete v1framework editorcontrol template requirements
- POSTPost v1framework editorcontrol template policy templates
- DELDelete v1framework editorcontrol template policy templates
- POSTPost v1framework editorcontrol template task templates
- DELDelete v1framework editorcontrol template task templates
Framework Editor Frameworks
- GETGet v1framework editorframework
- POSTPost v1framework editorframework
- GETGet v1framework editorframework 1
- DELDelete v1framework editorframework
- PATCHPatch v1framework editorframework
- GETGet v1framework editorframework controls
- GETGet v1framework editorframework policies
- GETGet v1framework editorframework tasks
- GETGet v1framework editorframework documents
- POSTPost v1framework editorframework link control
- POSTPost v1framework editorframework link task
- POSTPost v1framework editorframework link policy
Framework Editor Policy Templates
Framework Editor Requirements
Framework Editor Task Templates
Finding Templates
Findings
Questionnaire
- GETGet v1questionnaire
- GETGet v1questionnaire 1
- DELDelete v1questionnaire
- POSTPost v1questionnaireparse
- POSTPost v1questionnaireanswer single
- POSTPost v1questionnairesave answer
- POSTPost v1questionnairedelete answer
- POSTPost v1questionnaireexport
- POSTPost v1questionnaireupload and parse
- POSTPost v1questionnaireupload and parseupload
- POSTPost v1questionnaireparseupload
- POSTPost v1questionnaireparseuploadtoken
- POSTPost v1questionnaireanswersexport
- POSTPost v1questionnaireanswersexportupload
- POSTPost v1questionnaireauto answer
Knowledge Base
- GETList all knowledge base documents for an organization
- GETList all manual answers for an organization
- POSTSave or update a manual answer
- POSTUpload a knowledge base document
- POSTGet a signed download URL for a document
- POSTGet a signed view URL for a document
- POSTDelete a knowledge base document
- POSTTrigger processing of knowledge base documents
- POSTCreate a public access token for a run
- POSTDelete a manual answer
- POSTDelete all manual answers for an organization
SOA
Integrations
- GETGet v1integrationsoauthavailability
- POSTPost v1integrationsoauthstart
- GETGet v1integrationsoauthcallback
- GETGet v1integrationsoauth apps
- POSTPost v1integrationsoauth apps
- GETGet v1integrationsoauth appssetup
- DELDelete v1integrationsoauth apps
- GETGet v1integrationsconnectionsproviders
- GETGet v1integrationsconnectionsproviders 1
- GETGet v1integrationsconnections
- POSTPost v1integrationsconnections
- GETGet v1integrationsconnections 1
- DELDelete v1integrationsconnections
- PATCHPatch v1integrationsconnections
- POSTPost v1integrationsconnections test
- POSTPost v1integrationsconnections pause
- POSTPost v1integrationsconnections resume
- POSTPost v1integrationsconnections disconnect
- POSTPost v1integrationsconnections ensure valid credentials
- PUTPut v1integrationsconnections credentials
- GETGet v1integrationschecksproviders
- GETGet v1integrationschecksconnections
- POSTPost v1integrationschecksconnections run
- POSTPost v1integrationschecksconnections run 1
- GETGet v1integrationsvariablesproviders
- GETGet v1integrationsvariablesconnections
- POSTPost v1integrationsvariablesconnections
- GETGet v1integrationsvariablesconnections options
- GETGet v1integrationstaskstemplate checks
- GETGet v1integrationstasks checks
- POSTPost v1integrationstasks run check
- GETGet v1integrationstasks runs
- POSTPost v1integrationssyncgoogle workspaceemployees
- POSTPost v1integrationssyncgoogle workspacestatus
- POSTPost v1integrationssyncripplingemployees
- POSTPost v1integrationssyncripplingstatus
- POSTPost v1integrationssyncrampemployees
- POSTPost v1integrationssyncjumpcloudemployees
- POSTPost v1integrationssyncjumpcloudstatus
- POSTPost v1integrationssyncrampstatus
- GETGet v1integrationssyncemployee sync provider
- POSTPost v1integrationssyncemployee sync provider
- POSTPost v1integrationssyncrampdiscover roles
- GETGet v1integrationssyncramprole mapping
- POSTPost v1integrationssyncramprole mapping
AdminIntegrations
DynamicIntegrations
- GETGet v1internaldynamic integrations
- PUTPut v1internaldynamic integrations
- POSTPost v1internaldynamic integrations
- GETGet v1internaldynamic integrations 1
- DELDelete v1internaldynamic integrations
- PATCHPatch v1internaldynamic integrations
- POSTPost v1internaldynamic integrations checks
- DELDelete v1internaldynamic integrations checks
- PATCHPatch v1internaldynamic integrations checks
- POSTPost v1internaldynamic integrations activate
- POSTPost v1internaldynamic integrations deactivate
CloudSecurity
Browserbase
- GETGet organization browser context status
- POSTGet or create organization browser context
- POSTCreate a new browser session
- POSTClose a browser session
- POSTNavigate to a URL
- POSTCheck authentication status
- POSTCreate a browser automation
- GETGet all browser automations for a task
- GETGet a browser automation by ID
- DELDelete a browser automation
- PATCHUpdate a browser automation
- POSTStart automation with live view
- POSTExecute automation on existing session
- POSTRun a browser automation
- GETGet run history for an automation
- GETGet a specific run by ID
Task Management
Assistant Chat
Roles
Training
Org Chart
Evidence Forms
- GETList evidence forms
- GETGet submission statuses for all forms
- GETGet current user submissions
- GETGet pending submission count for current user
- GETGet form definition and submissions
- GETGet a single submission
- DELDelete a submission
- POSTSubmit evidence form entry
- POSTUpload a file as an evidence submission
- PATCHReview a submission
- POSTUpload evidence form file
- GETExport form submissions to CSV
Frameworks
- GETList framework instances for the organization
- POSTAdd frameworks to the organization
- GETList available frameworks (requires session, no active org needed — used during onboarding)
- GETGet overview compliance scores
- GETGet a single framework instance with full detail
- DELDelete a framework instance
- GETGet a specific requirement with related controls
Controls
Internal - Email
Secrets
Security Penetration Tests
Pentest Billing
Admin - Organizations
- GETList all organizations (platform admin)
- GETGet organization details (platform admin)
- PATCHActivate organization access (platform admin)
- PATCHDeactivate organization access (platform admin)
- POSTInvite member to organization (platform admin)
- GETGet audit logs for an organization (platform admin)
- GETList pending invitations (platform admin)
- DELRevoke invitation (platform admin)
Admin - Findings
Admin - Policies
Admin - Tasks
Admin - Vendors
Admin - Context
Admin - Evidence
Get all risks
Copy
Ask AI
curl --request GET \
--url http://localhost:3333/v1/risks \
--header 'X-API-Key: <api-key>'Copy
Ask AI
{
"data": [
{
"id": "rsk_abc123def456",
"title": "Data breach vulnerability in user authentication system",
"description": "Weak password requirements could lead to unauthorized access to user accounts",
"category": "technology",
"status": "open",
"likelihood": "possible",
"impact": "major",
"treatmentStrategy": "mitigate",
"assigneeId": "mem_abc123def456",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z"
}
],
"count": 15,
"authType": "api-key",
"authenticatedUser": {
"id": "usr_def456ghi789",
"email": "user@example.com"
}
}Risks
Get all risks
Returns all risks for the authenticated organization. Supports both API key authentication (X-API-Key header) and session authentication (Bearer token or cookies).
GET
/
v1
/
risks
Get all risks
Copy
Ask AI
curl --request GET \
--url http://localhost:3333/v1/risks \
--header 'X-API-Key: <api-key>'Copy
Ask AI
{
"data": [
{
"id": "rsk_abc123def456",
"title": "Data breach vulnerability in user authentication system",
"description": "Weak password requirements could lead to unauthorized access to user accounts",
"category": "technology",
"status": "open",
"likelihood": "possible",
"impact": "major",
"treatmentStrategy": "mitigate",
"assigneeId": "mem_abc123def456",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z"
}
],
"count": 15,
"authType": "api-key",
"authenticatedUser": {
"id": "usr_def456ghi789",
"email": "user@example.com"
}
}Authorizations
API key for authentication
Query Parameters
Search by title (case-insensitive contains)
Example:
"data breach"
Page number (1-indexed)
Required range:
x >= 1Example:
1
Number of items per page
Required range:
1 <= x <= 250Example:
50
Sort by field
Available options:
createdAt, updatedAt, title, status Sort direction
Available options:
asc, desc Filter by status
Available options:
open, pending, closed, archived Filter by category
Available options:
customer, fraud, governance, operations, other, people, regulatory, reporting, resilience, technology, vendor_management Filter by department
Available options:
none, admin, gov, hr, it, itsm, qms Filter by assignee member ID
Example:
"mem_abc123def456"
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.