Organization
- GETGet organization information
- DELDelete organization
- PATCHUpdate organization
- GETGet organization onboarding status
- POSTTransfer organization ownership
- GETGet role notification settings
- PUTUpdate role notification settings
- GETList active API keys
- POSTCreate a new API key
- GETGet available API key scopes
- GETGet organization primary color
- POSTUpload organization logo
- DELRemove organization logo
- POSTRevoke an API key
People
- POSTInvite members to the organization
- GETGet all people
- POSTCreate a new member
- GETGet all employee devices with fleet compliance data
- GETGet integration test statistics grouped by assignee
- POSTAdd multiple members to organization
- GETGet members who can read a specific resource type
- PATCHReactivate a deactivated member
- GETGet person by ID
- DELDelete member
- PATCHUpdate member
- GETGet training video completions for a member
- GETGet fleet/device compliance for a member
- DELRemove host (device) from Fleet
- PATCHUnlink device from member
- GETGet current user email notification preferences
- PUTUpdate current user email notification preferences
Risks
Vendors
Context
Policies
- GETGet all policies
- POSTCreate a new policy
- POSTPublish all draft policies
- GETDownload all published policies as a single PDF
- GETGet mapped and all controls for a policy
- POSTMap controls to a policy
- POSTRegenerate policy content using AI
- GETGet a signed URL for the policy PDF
- POSTUpload a PDF to a policy or version
- DELDelete a policy PDF
- GETGet signed URL for policy PDF (alternate path)
- DELRemove a control mapping from a policy
- GETGet policy by ID
- DELDelete policy
- PATCHUpdate policy
- GETGet policy versions
- POSTCreate policy version
- GETGet policy version by ID
- DELDelete policy version
- PATCHUpdate version content
- POSTPublish new policy version
- POSTSet active policy version
- POSTSubmit version for approval
- POSTAccept pending policy changes and publish the version
- POSTDeny pending policy changes
- POSTChat with AI about a policy
Attachments
Device Agent
- POSTExchange an auth code for device credentials
- GETDownload a device-agent update
- HEADCheck a device-agent update's metadata
- POSTCreate a device-agent auth code
- GETList organizations for the current device
- POSTRegister a device agent
- POSTSubmit a device check-in
- GETGet device-agent status
- GETDownload macOS Device Agent
- GETDownload Windows Device Agent ZIP
Tasks
- GETGet all tasks
- POSTCreate a task
- GETGet task templates
- DELDelete multiple tasks
- PATCHUpdate status for multiple tasks
- PATCHUpdate assignee for multiple tasks
- PATCHReorder tasks
- POSTBulk submit tasks for review
- GETGet page options for tasks overview
- GETGet task by ID
- DELDelete a task
- PATCHUpdate a task
- GETGet task activity
- POSTRegenerate task from template
- POSTSubmit task for review
- POSTApprove a task
- POSTReject a task review
- GETGet task attachments
- POSTUpload attachment to task
- GETGet attachment download URL
- DELDelete task attachment
Task Automations
- GETGet all automations for a task
- POSTCreate a new evidence automation
- GETGet automation details
- DELDelete an automation
- PATCHUpdate an existing automation
- GETGet all runs for a specific automation
- GETGet all versions for an automation
- POSTCreate a published version record for an automation
- GETGet all automation runs for a task
Evidence Export
Evidence Export (Auditor)
Health
Trust Portal
- GETGet complete trust portal settings for admin page
- POSTUpload a favicon for the trust portal
- DELRemove the trust portal favicon
- GETGet domain verification status
- POSTUpload or replace a compliance certificate (PDF only)
- POSTGenerate a temporary signed URL for a compliance certificate
- POSTList uploaded compliance certificates for the organization
- POSTUpload an additional trust portal document
- POSTList additional trust portal documents for the organization
- POSTGenerate a temporary signed URL for a trust portal document
- POSTDelete (deactivate) a trust portal document
- PUTEnable or disable the trust portal
- POSTAdd or update a custom domain for the trust portal
- POSTCheck DNS records for a custom domain
- PUTUpdate trust portal FAQs
- PUTUpdate allowed domains for the trust portal
- PUTUpdate trust portal framework settings
- GETGet trust portal overview
- POSTUpdate trust portal overview section
- GETList custom links for trust portal
- POSTCreate a custom link for trust portal
- POSTUpdate a custom link
- POSTDelete a custom link
- POSTReorder custom links
- POSTUpdate vendor trust portal settings
- GETList vendors configured for trust portal
Trust Access
- POSTSubmit data access request
- GETList access requests
- GETGet access request details
- POSTApprove access request
- POSTDeny access request
- GETList access grants
- POSTRevoke access grant
- POSTResend access granted email
- GETGet NDA details by token
- POSTPreview NDA by token
- POSTSign NDA
- POSTResend NDA email
- POSTPreview NDA PDF
- POSTReclaim access
- GETGet grant data by access token
- GETList policies by access token
- GETDownload all policies as watermarked PDF
- GETDownload all policies as ZIP with individual PDFs
- GETList compliance resources by access token
- GETList additional documents by access token
- GETDownload all additional documents as a ZIP by access token
- GETDownload additional document by access token
- GETDownload compliance resource by access token
- GETGet FAQs for a trust portal
- GETGet overview section for a trust portal
- GETGet custom links for a trust portal
- GETGet favicon URL for a trust portal
- GETGet vendors/subprocessors for a trust portal
Framework Editor Control Templates
- GETList control templates
- POSTCreate a control template
- GETGet a control template by ID
- DELDelete a control template
- PATCHUpdate a control template
- POSTLink a requirement to a control template
- DELUnlink a requirement from a control template
- POSTLink a policy template to a control template
- DELUnlink a policy template from a control template
- POSTLink a task template to a control template
- DELUnlink a task template from a control template
Framework Editor Frameworks
- GETList frameworks
- POSTCreate a framework
- GETGet a framework by ID
- DELDelete a framework
- PATCHUpdate a framework
- POSTImport a framework definition
- GETExport a framework definition
- GETList controls for a framework
- GETList policy templates for a framework
- GETList task templates for a framework
- GETList documents for a framework
- POSTLink a control to a framework
- POSTLink a task template to a framework
- POSTLink a policy template to a framework
Framework Editor Policy Templates
Framework Editor Requirements
Framework Editor Task Templates
Finding Templates
Findings
- GETList findings for organization (optionally filtered)
- POSTCreate a finding (auditor or platform admin only)
- GETList all findings for the organization
- GETGet finding by ID
- DELDelete a finding (auditor or platform admin only)
- PATCHUpdate a finding (status transition rules apply)
- GETGet activity history for a finding
Questionnaire
- GETList questionnaires
- GETGet a questionnaire by ID
- DELDelete a questionnaire
- POSTParse an uploaded questionnaire file
- POSTAnswer a single questionnaire question
- POSTSave a questionnaire answer
- POSTDelete a questionnaire answer
- POSTExport a questionnaire
- POSTUpload and parse a questionnaire file
- POSTUpload a questionnaire file and parse its questions
- POSTUpload a questionnaire file and auto-answer with export
- POSTUpload and auto-answer a questionnaire via trust portal token
- POSTExport questionnaire answers
- POSTUpload a questionnaire file and export auto-generated answers
- POSTAuto-answer a questionnaire
Knowledge Base
- GETList all knowledge base documents for an organization
- GETList all manual answers for an organization
- POSTSave or update a manual answer
- POSTUpload a knowledge base document
- POSTGet a signed download URL for a document
- POSTGet a signed view URL for a document
- POSTDelete a knowledge base document
- POSTTrigger processing of knowledge base documents
- POSTCreate a public access token for a run
- POSTDelete a manual answer
- POSTDelete all manual answers for an organization
SOA
Integrations
- GETCheck OAuth provider availability
- POSTStart an OAuth authorization flow
- GETHandle OAuth provider callback
- GETList configured OAuth apps
- POSTCreate an OAuth app configuration
- GETGet OAuth app setup details
- DELDelete an OAuth app configuration
- GETList available integration providers
- GETGet an integration provider by slug
- GETList integration connections
- POSTCreate an integration connection
- GETGet an integration connection by ID
- DELDelete an integration connection
- PATCHUpdate an integration connection
- POSTTest an integration connection
- POSTPause an integration connection
- POSTResume an integration connection
- POSTDisconnect an integration
- POSTEnsure valid credentials for a connection
- GETList services enabled on a connection
- PUTSet services enabled on a connection
- PUTUpdate integration credentials
- GETList check definitions for a provider
- GETList checks for a connection
- POSTRun all checks for a connection
- POSTRun a single check on a connection
- GETList variable definitions for a provider
- GETList connection variables
- POSTUpdate connection variables
- GETGet options for a connection variable
- GETList checks for a task template
- GETList checks attached to a task
- POSTRun a check for a task
- POSTDisconnect checks from a task
- POSTReconnect checks to a task
- GETList check runs for a task
- POSTSync Google Workspace employees
- POSTGet Google Workspace sync status
- POSTSync Rippling employees
- POSTGet Rippling sync status
- POSTSync JumpCloud employees
- POSTGet JumpCloud sync status
- GETGet the currently configured employee sync provider
- POSTSet the employee sync provider
- GETList employee sync providers available to the org
- POSTSync employees for a dynamic provider
CloudSecurity
- GETList recent cloud security activity
- GETList supported cloud providers
- GETList cloud security findings
- POSTTrigger a security scan for a connection
- POSTDetect available cloud services for a connection
- POSTDetect the GCP organization for a connection
- POSTSelect GCP projects for a connection
- POSTSet up GCP for a connection
- POSTResolve a GCP setup step
- POSTSet up Azure for a connection
- POSTValidate Azure credentials for a connection
- POSTTrigger a cloud security run for a connection
- GETGet a cloud security scan run by ID
- POSTCreate a legacy cloud integration
- POSTValidate legacy AWS credentials
- DELDelete a legacy cloud integration
Remediation
Browserbase
- GETGet organization browser context status
- POSTGet or create organization browser context
- POSTCreate a new browser session
- POSTClose a browser session
- POSTNavigate to a URL
- POSTCheck authentication status
- POSTCreate a browser automation
- GETGet all browser automations for a task
- GETGet a browser automation by ID
- DELDelete a browser automation
- PATCHUpdate a browser automation
- POSTStart automation with live view
- POSTExecute automation on existing session
- POSTRun a browser automation
- GETGet run history for an automation
- GETGet a specific run by ID
Task Management
Assistant Chat
Roles
Training
Org Chart
Evidence Forms
- GETList evidence forms
- GETGet submission statuses for all forms
- GETGet current user submissions
- GETGet pending submission count for current user
- GETGet form definition and submissions
- GETGet a single submission
- DELDelete a submission
- POSTSubmit evidence form entry
- POSTUpload a file as an evidence submission
- PATCHReview a submission
- POSTUpload evidence form file
- GETExport form submissions to CSV
Frameworks
- GETList framework instances for the organization
- POSTAdd frameworks to the organization
- GETList available frameworks (requires session, no active org needed — used during onboarding)
- GETGet overview compliance scores
- GETGet a single framework instance with full detail
- DELDelete a framework instance
- GETGet a specific requirement with related controls
Controls
Email - Unsubscribe
Secrets
Security Penetration Tests
Update a finding (status transition rules apply)
curl --request PATCH \
--url http://localhost:3333/v1/findings/{id} \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"status": "open",
"type": "soc2",
"severity": "low",
"content": "<string>",
"revisionNote": {}
}
'Findings
Update a finding (status transition rules apply)
PATCH
/
v1
/
findings
/
{id}
Update a finding (status transition rules apply)
curl --request PATCH \
--url http://localhost:3333/v1/findings/{id} \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"status": "open",
"type": "soc2",
"severity": "low",
"content": "<string>",
"revisionNote": {}
}
'Authorizations
API key for authentication
Path Parameters
Finding ID
Body
application/json
Finding status
Available options:
open, ready_for_review, needs_revision, closed Finding type
Available options:
soc2, iso27001 Severity
Available options:
low, medium, high, critical Finding content/message
Maximum string length:
5000Auditor note when requesting revision
Response
200 - undefined
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.