POST
/
v1
/
risks
Create a new risk
curl --request POST \
  --url https://api.trycomp.ai/v1/risks \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '{
  "title": "Data breach vulnerability in user authentication system",
  "description": "Weak password requirements could lead to unauthorized access to user accounts",
  "category": "technology",
  "department": "it",
  "status": "open",
  "likelihood": "possible",
  "impact": "major",
  "residualLikelihood": "unlikely",
  "residualImpact": "minor",
  "treatmentStrategyDescription": "Implement multi-factor authentication and strengthen password requirements",
  "treatmentStrategy": "mitigate",
  "assigneeId": "mem_abc123def456"
}'
{
  "id": "rsk_abc123def456",
  "title": "Data breach vulnerability in user authentication system",
  "description": "Weak password requirements could lead to unauthorized access to user accounts",
  "category": "technology",
  "department": "it",
  "status": "open",
  "likelihood": "possible",
  "impact": "major",
  "residualLikelihood": "unlikely",
  "residualImpact": "minor",
  "treatmentStrategyDescription": "Implement multi-factor authentication and strengthen password requirements",
  "treatmentStrategy": "mitigate",
  "organizationId": "org_abc123def456",
  "assigneeId": "mem_abc123def456",
  "createdAt": "2023-11-07T05:31:56Z",
  "updatedAt": "2023-11-07T05:31:56Z",
  "authType": "api-key",
  "authenticatedUser": {
    "id": "usr_def456ghi789",
    "email": "[email protected]"
  }
}

Authorizations

X-API-Key
string
header
required

API key for authentication

Headers

X-Organization-Id
string

Organization ID (required for session auth, optional for API key auth)

Body

application/json

Risk creation data

title
string
required

Risk title

Example:

"Data breach vulnerability in user authentication system"

description
string
required

Detailed description of the risk

Example:

"Weak password requirements could lead to unauthorized access to user accounts"

category
enum<string>
required

Risk category

Available options:
customer,
governance,
operations,
other,
people,
regulatory,
reporting,
resilience,
technology,
vendor_management
Example:

"technology"

status
enum<string>
default:open
required

Current status of the risk

Available options:
open,
pending,
closed,
archived
Example:

"open"

likelihood
enum<string>
default:very_unlikely
required

Likelihood of the risk occurring

Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"possible"

impact
enum<string>
default:insignificant
required

Impact if the risk materializes

Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"major"

residualLikelihood
enum<string>
default:very_unlikely
required

Residual likelihood after treatment

Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"unlikely"

residualImpact
enum<string>
default:insignificant
required

Residual impact after treatment

Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"minor"

treatmentStrategy
enum<string>
default:accept
required

Risk treatment strategy

Available options:
accept,
avoid,
mitigate,
transfer
Example:

"mitigate"

department
enum<string>

Department responsible for the risk

Available options:
none,
admin,
gov,
hr,
it,
itsm,
qms
Example:

"it"

treatmentStrategyDescription
string

Description of the treatment strategy

Example:

"Implement multi-factor authentication and strengthen password requirements"

assigneeId
string

ID of the user assigned to this risk

Example:

"mem_abc123def456"

Response

Risk created successfully

id
string

Risk ID

Example:

"rsk_abc123def456"

title
string

Risk title

Example:

"Data breach vulnerability in user authentication system"

description
string

Risk description

Example:

"Weak password requirements could lead to unauthorized access to user accounts"

category
enum<string>
Available options:
customer,
governance,
operations,
other,
people,
regulatory,
reporting,
resilience,
technology,
vendor_management
Example:

"technology"

department
enum<string> | null
Available options:
none,
admin,
gov,
hr,
it,
itsm,
qms
Example:

"it"

status
enum<string>
Available options:
open,
pending,
closed,
archived
Example:

"open"

likelihood
enum<string>
Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"possible"

impact
enum<string>
Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"major"

residualLikelihood
enum<string>
Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"unlikely"

residualImpact
enum<string>
Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"minor"

treatmentStrategyDescription
string | null
Example:

"Implement multi-factor authentication and strengthen password requirements"

treatmentStrategy
enum<string>
Available options:
accept,
avoid,
mitigate,
transfer
Example:

"mitigate"

organizationId
string
Example:

"org_abc123def456"

assigneeId
string | null

ID of the user assigned to this risk

Example:

"mem_abc123def456"

createdAt
string<date-time>

When the risk was created

updatedAt
string<date-time>

When the risk was last updated

authType
enum<string>

How the request was authenticated

Available options:
api-key,
session
authenticatedUser
object

User information (only for session auth)