Auth
Organization
- GETGet organization information
- DELDelete organization
- PATCHUpdate organization
- GETGet v1organizationonboarding
- POSTTransfer organization ownership
- GETGet role notification settings
- PUTUpdate role notification settings
- GETList active API keys
- POSTCreate a new API key
- GETGet available API key scopes
- GETGet organization primary color
- POSTUpload organization logo
- DELRemove organization logo
- POSTRevoke an API key
People
- GETGet all people
- POSTCreate a new member
- GETGet all employee devices with fleet compliance data
- GETGet integration test statistics grouped by assignee
- POSTAdd multiple members to organization
- GETGet members who can read a specific resource type
- GETGet person by ID
- DELDelete member
- PATCHUpdate member
- GETGet training video completions for a member
- GETGet fleet/device compliance for a member
- DELRemove host (device) from Fleet
- PATCHUnlink device from member
- GETGet current user email notification preferences
- PUTUpdate current user email notification preferences
Risks
Vendors
Internal - Vendors
Context
Policies
- GETGet all policies
- POSTCreate a new policy
- POSTPublish all draft policies
- GETDownload all published policies as a single PDF
- GETGet mapped and all controls for a policy
- POSTMap controls to a policy
- POSTRegenerate policy content using AI
- GETGet a signed URL for the policy PDF
- POSTUpload a PDF to a policy or version
- DELDelete a policy PDF
- GETGet signed URL for policy PDF (alternate path)
- DELRemove a control mapping from a policy
- GETGet policy by ID
- DELDelete policy
- PATCHUpdate policy
- GETGet policy versions
- POSTCreate policy version
- GETGet policy version by ID
- DELDelete policy version
- PATCHUpdate version content
- POSTPublish new policy version
- POSTSet active policy version
- POSTSubmit version for approval
- POSTAccept pending policy changes and publish the version
- POSTDeny pending policy changes
- POSTChat with AI about a policy
Attachments
Tasks
- GETGet all tasks
- POSTCreate a task
- DELDelete multiple tasks
- PATCHUpdate status for multiple tasks
- PATCHUpdate assignee for multiple tasks
- PATCHReorder tasks
- POSTBulk submit tasks for review
- GETGet page options for tasks overview
- GETGet task by ID
- DELDelete a task
- PATCHUpdate a task
- GETGet task activity
- POSTRegenerate task from template
- POSTSubmit task for review
- POSTApprove a task
- POSTReject a task review
- GETGet task attachments
- POSTUpload attachment to task
- GETGet attachment download URL
- DELDelete task attachment
Task Automations
- GETGet all automations for a task
- POSTCreate a new evidence automation
- GETGet automation details
- DELDelete an automation
- PATCHUpdate an existing automation
- GETGet all runs for a specific automation
- GETGet all versions for an automation
- POSTCreate a published version record for an automation
- GETGet all automation runs for a task
Evidence Export
Evidence Export (Auditor)
Health
Trust Portal
- GETGet complete trust portal settings for admin page
- POSTUpload a favicon for the trust portal
- DELRemove the trust portal favicon
- GETGet domain verification status
- POSTUpload or replace a compliance certificate (PDF only)
- POSTGenerate a temporary signed URL for a compliance certificate
- POSTList uploaded compliance certificates for the organization
- POSTUpload an additional trust portal document
- POSTList additional trust portal documents for the organization
- POSTGenerate a temporary signed URL for a trust portal document
- POSTDelete (deactivate) a trust portal document
- PUTEnable or disable the trust portal
- POSTAdd or update a custom domain for the trust portal
- POSTCheck DNS records for a custom domain
- PUTUpdate trust portal FAQs
- PUTUpdate allowed domains for the trust portal
- PUTUpdate trust portal framework settings
- GETGet trust portal overview
- POSTUpdate trust portal overview section
- GETList custom links for trust portal
- POSTCreate a custom link for trust portal
- POSTUpdate a custom link
- POSTDelete a custom link
- POSTReorder custom links
- POSTUpdate vendor trust portal settings
- GETList vendors configured for trust portal
Trust Access
- POSTSubmit data access request
- GETList access requests
- GETGet access request details
- POSTApprove access request
- POSTDeny access request
- GETList access grants
- POSTRevoke access grant
- POSTResend access granted email
- GETGet NDA details by token
- POSTPreview NDA by token
- POSTSign NDA
- POSTResend NDA email
- POSTPreview NDA PDF
- POSTReclaim access
- GETGet grant data by access token
- GETList policies by access token
- GETDownload all policies as watermarked PDF
- GETDownload all policies as ZIP with individual PDFs
- GETList compliance resources by access token
- GETList additional documents by access token
- GETDownload all additional documents as a ZIP by access token
- GETDownload additional document by access token
- GETDownload compliance resource by access token
- GETGet FAQs for a trust portal
- GETGet overview section for a trust portal
- GETGet custom links for a trust portal
- GETGet favicon URL for a trust portal
- GETGet vendors/subprocessors for a trust portal
Framework Editor Task Templates
Finding Templates
Findings
Questionnaire
- GETGet v1questionnaire
- GETGet v1questionnaire 1
- DELDelete v1questionnaire
- POSTPost v1questionnaireparse
- POSTPost v1questionnaireanswer single
- POSTPost v1questionnairesave answer
- POSTPost v1questionnairedelete answer
- POSTPost v1questionnaireexport
- POSTPost v1questionnaireupload and parse
- POSTPost v1questionnaireupload and parseupload
- POSTPost v1questionnaireparseupload
- POSTPost v1questionnaireparseuploadtoken
- POSTPost v1questionnaireanswersexport
- POSTPost v1questionnaireanswersexportupload
- POSTPost v1questionnaireauto answer
Knowledge Base
- GETList all knowledge base documents for an organization
- GETList all manual answers for an organization
- POSTSave or update a manual answer
- POSTUpload a knowledge base document
- POSTGet a signed download URL for a document
- POSTGet a signed view URL for a document
- POSTDelete a knowledge base document
- POSTTrigger processing of knowledge base documents
- POSTCreate a public access token for a run
- POSTDelete a manual answer
- POSTDelete all manual answers for an organization
SOA
Integrations
- GETGet v1integrationsoauthavailability
- POSTPost v1integrationsoauthstart
- GETGet v1integrationsoauthcallback
- GETGet v1integrationsoauth apps
- POSTPost v1integrationsoauth apps
- GETGet v1integrationsoauth appssetup
- DELDelete v1integrationsoauth apps
- GETGet v1integrationsconnectionsproviders
- GETGet v1integrationsconnectionsproviders 1
- GETGet v1integrationsconnections
- POSTPost v1integrationsconnections
- GETGet v1integrationsconnections 1
- DELDelete v1integrationsconnections
- PATCHPatch v1integrationsconnections
- POSTPost v1integrationsconnections test
- POSTPost v1integrationsconnections pause
- POSTPost v1integrationsconnections resume
- POSTPost v1integrationsconnections disconnect
- POSTPost v1integrationsconnections ensure valid credentials
- PUTPut v1integrationsconnections credentials
- GETGet v1integrationschecksproviders
- GETGet v1integrationschecksconnections
- POSTPost v1integrationschecksconnections run
- POSTPost v1integrationschecksconnections run 1
- GETGet v1integrationsvariablesproviders
- GETGet v1integrationsvariablesconnections
- POSTPost v1integrationsvariablesconnections
- GETGet v1integrationsvariablesconnections options
- GETGet v1integrationstaskstemplate checks
- GETGet v1integrationstasks checks
- POSTPost v1integrationstasks run check
- GETGet v1integrationstasks runs
- POSTPost v1integrationssyncgoogle workspaceemployees
- POSTPost v1integrationssyncgoogle workspacestatus
- POSTPost v1integrationssyncripplingemployees
- POSTPost v1integrationssyncripplingstatus
- POSTPost v1integrationssyncrampemployees
- POSTPost v1integrationssyncjumpcloudemployees
- POSTPost v1integrationssyncjumpcloudstatus
- POSTPost v1integrationssyncrampstatus
- GETGet v1integrationssyncemployee sync provider
- POSTPost v1integrationssyncemployee sync provider
AdminIntegrations
CloudSecurity
Browserbase
- GETGet organization browser context status
- POSTGet or create organization browser context
- POSTCreate a new browser session
- POSTClose a browser session
- POSTNavigate to a URL
- POSTCheck authentication status
- POSTCreate a browser automation
- GETGet all browser automations for a task
- GETGet a browser automation by ID
- DELDelete a browser automation
- PATCHUpdate a browser automation
- POSTStart automation with live view
- POSTExecute automation on existing session
- POSTRun a browser automation
- GETGet run history for an automation
- GETGet a specific run by ID
Task Management
Assistant Chat
Roles
Training
Org Chart
Evidence Forms
- GETList evidence forms
- GETGet submission statuses for all forms
- GETGet current user submissions
- GETGet pending submission count for current user
- GETGet form definition and submissions
- GETGet a single submission
- DELDelete a submission
- POSTSubmit evidence form entry
- POSTUpload a file as an evidence submission
- PATCHReview a submission
- POSTUpload evidence form file
- GETExport form submissions to CSV
Frameworks
- GETList framework instances for the organization
- POSTAdd frameworks to the organization
- GETList available frameworks (requires session, no active org needed — used during onboarding)
- GETGet overview compliance scores
- GETGet a single framework instance with full detail
- DELDelete a framework instance
- GETGet a specific requirement with related controls
Controls
Secrets
Security Penetration Tests
Create a custom role
Copy
Ask AI
curl --request POST \
--url http://localhost:3333/v1/roles \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"name": "Compliance Lead",
"permissions": {
"control": [
"read",
"update"
],
"policy": [
"read",
"update"
],
"risk": [
"read"
]
}
}
'Copy
Ask AI
{
"id": "rol_abc123",
"name": "compliance-lead",
"permissions": {},
"isBuiltIn": false,
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z"
}Roles
Create a custom role
Create a new custom role with specified permissions. Only admins and owners can create roles.
POST
/
v1
/
roles
Create a custom role
Copy
Ask AI
curl --request POST \
--url http://localhost:3333/v1/roles \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"name": "Compliance Lead",
"permissions": {
"control": [
"read",
"update"
],
"policy": [
"read",
"update"
],
"risk": [
"read"
]
}
}
'Copy
Ask AI
{
"id": "rol_abc123",
"name": "compliance-lead",
"permissions": {},
"isBuiltIn": false,
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z"
}Authorizations
API key for authentication
Body
application/json
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.