Skip to main content
POST
/
v1
/
findings
Create a finding (auditor or platform admin only)
curl --request POST \
  --url http://localhost:3333/v1/findings \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "type": "soc2",
  "content": "<string>",
  "taskId": "<string>",
  "evidenceSubmissionId": "<string>",
  "evidenceFormType": "board-meeting",
  "policyId": "<string>",
  "vendorId": "<string>",
  "riskId": "<string>",
  "memberId": "<string>",
  "deviceId": "<string>",
  "area": "people",
  "severity": "medium",
  "templateId": "<string>"
}
'

Authorizations

X-API-Key
string
header
required

API key for authentication

Body

application/json
type
enum<string>
default:soc2
required

Type of finding (SOC 2 or ISO 27001)

Available options:
soc2,
iso27001
content
string
required

Finding content/message

Maximum string length: 5000
taskId
string

Task ID

evidenceSubmissionId
string

Evidence submission ID

evidenceFormType
enum<string>

Evidence form type

Available options:
board-meeting,
it-leadership-meeting,
risk-committee-meeting,
meeting,
access-request,
whistleblower-report,
penetration-test,
rbac-matrix,
infrastructure-inventory,
employee-performance-evaluation,
network-diagram,
tabletop-exercise
policyId
string

Policy ID

vendorId
string

Vendor ID

riskId
string

Risk ID

memberId
string

Member ID (person this finding targets)

deviceId
string

Device ID

area
enum<string>

Broad area when the finding is not tied to a specific item

Available options:
people,
documents,
compliance,
risks,
vendors,
policies,
other
severity
enum<string>
default:medium

Severity

Available options:
low,
medium,
high,
critical
templateId
string

Finding template ID

Response

201 - undefined