Auth
Organization
- GETGet organization information
- DELDelete organization
- PATCHUpdate organization
- GETGet v1organizationonboarding
- POSTTransfer organization ownership
- GETGet role notification settings
- PUTUpdate role notification settings
- GETList active API keys
- POSTCreate a new API key
- GETGet available API key scopes
- GETGet organization primary color
- POSTUpload organization logo
- DELRemove organization logo
- POSTRevoke an API key
People
- POSTInvite members to the organization
- GETGet all people
- POSTCreate a new member
- GETGet all employee devices with fleet compliance data
- GETGet integration test statistics grouped by assignee
- POSTAdd multiple members to organization
- GETGet members who can read a specific resource type
- PATCHReactivate a deactivated member
- GETGet person by ID
- DELDelete member
- PATCHUpdate member
- GETGet training video completions for a member
- GETGet fleet/device compliance for a member
- DELRemove host (device) from Fleet
- PATCHUnlink device from member
- GETGet current user email notification preferences
- PUTUpdate current user email notification preferences
Risks
Vendors
Internal - Vendors
Context
Policies
- GETGet all policies
- POSTCreate a new policy
- POSTPublish all draft policies
- GETDownload all published policies as a single PDF
- GETGet mapped and all controls for a policy
- POSTMap controls to a policy
- POSTRegenerate policy content using AI
- GETGet a signed URL for the policy PDF
- POSTUpload a PDF to a policy or version
- DELDelete a policy PDF
- GETGet signed URL for policy PDF (alternate path)
- DELRemove a control mapping from a policy
- GETGet policy by ID
- DELDelete policy
- PATCHUpdate policy
- GETGet policy versions
- POSTCreate policy version
- GETGet policy version by ID
- DELDelete policy version
- PATCHUpdate version content
- POSTPublish new policy version
- POSTSet active policy version
- POSTSubmit version for approval
- POSTAccept pending policy changes and publish the version
- POSTDeny pending policy changes
- POSTChat with AI about a policy
Attachments
Device Agent
- POSTPost v1device agentexchange code
- GETGet v1device agentupdates
- HEADHead v1device agentupdates
- POSTPost v1device agentauth code
- GETGet v1device agentmy organizations
- POSTPost v1device agentregister
- POSTPost v1device agentcheck in
- GETGet v1device agentstatus
- GETDownload macOS Device Agent
- GETDownload Windows Device Agent ZIP
Tasks
- GETGet all tasks
- POSTCreate a task
- GETGet task templates
- DELDelete multiple tasks
- PATCHUpdate status for multiple tasks
- PATCHUpdate assignee for multiple tasks
- PATCHReorder tasks
- POSTBulk submit tasks for review
- GETGet page options for tasks overview
- GETGet task by ID
- DELDelete a task
- PATCHUpdate a task
- GETGet task activity
- POSTRegenerate task from template
- POSTSubmit task for review
- POSTApprove a task
- POSTReject a task review
- GETGet task attachments
- POSTUpload attachment to task
- GETGet attachment download URL
- DELDelete task attachment
Task Automations
- GETGet all automations for a task
- POSTCreate a new evidence automation
- GETGet automation details
- DELDelete an automation
- PATCHUpdate an existing automation
- GETGet all runs for a specific automation
- GETGet all versions for an automation
- POSTCreate a published version record for an automation
- GETGet all automation runs for a task
Evidence Export
Evidence Export (Auditor)
Health
Trust Portal
- GETGet complete trust portal settings for admin page
- POSTUpload a favicon for the trust portal
- DELRemove the trust portal favicon
- GETGet domain verification status
- POSTUpload or replace a compliance certificate (PDF only)
- POSTGenerate a temporary signed URL for a compliance certificate
- POSTList uploaded compliance certificates for the organization
- POSTUpload an additional trust portal document
- POSTList additional trust portal documents for the organization
- POSTGenerate a temporary signed URL for a trust portal document
- POSTDelete (deactivate) a trust portal document
- PUTEnable or disable the trust portal
- POSTAdd or update a custom domain for the trust portal
- POSTCheck DNS records for a custom domain
- PUTUpdate trust portal FAQs
- PUTUpdate allowed domains for the trust portal
- PUTUpdate trust portal framework settings
- GETGet trust portal overview
- POSTUpdate trust portal overview section
- GETList custom links for trust portal
- POSTCreate a custom link for trust portal
- POSTUpdate a custom link
- POSTDelete a custom link
- POSTReorder custom links
- POSTUpdate vendor trust portal settings
- GETList vendors configured for trust portal
Trust Access
- POSTSubmit data access request
- GETList access requests
- GETGet access request details
- POSTApprove access request
- POSTDeny access request
- GETList access grants
- POSTRevoke access grant
- POSTResend access granted email
- GETGet NDA details by token
- POSTPreview NDA by token
- POSTSign NDA
- POSTResend NDA email
- POSTPreview NDA PDF
- POSTReclaim access
- GETGet grant data by access token
- GETList policies by access token
- GETDownload all policies as watermarked PDF
- GETDownload all policies as ZIP with individual PDFs
- GETList compliance resources by access token
- GETList additional documents by access token
- GETDownload all additional documents as a ZIP by access token
- GETDownload additional document by access token
- GETDownload compliance resource by access token
- GETGet FAQs for a trust portal
- GETGet overview section for a trust portal
- GETGet custom links for a trust portal
- GETGet favicon URL for a trust portal
- GETGet vendors/subprocessors for a trust portal
Framework Editor Control Templates
- GETGet v1framework editorcontrol template
- POSTPost v1framework editorcontrol template
- GETGet v1framework editorcontrol template 1
- DELDelete v1framework editorcontrol template
- PATCHPatch v1framework editorcontrol template
- POSTPost v1framework editorcontrol template requirements
- DELDelete v1framework editorcontrol template requirements
- POSTPost v1framework editorcontrol template policy templates
- DELDelete v1framework editorcontrol template policy templates
- POSTPost v1framework editorcontrol template task templates
- DELDelete v1framework editorcontrol template task templates
Framework Editor Frameworks
- GETGet v1framework editorframework
- POSTPost v1framework editorframework
- GETGet v1framework editorframework 1
- DELDelete v1framework editorframework
- PATCHPatch v1framework editorframework
- POSTPost v1framework editorframeworkimport
- GETGet v1framework editorframework export
- GETGet v1framework editorframework controls
- GETGet v1framework editorframework policies
- GETGet v1framework editorframework tasks
- GETGet v1framework editorframework documents
- POSTPost v1framework editorframework link control
- POSTPost v1framework editorframework link task
- POSTPost v1framework editorframework link policy
Framework Editor Policy Templates
Framework Editor Requirements
Framework Editor Task Templates
Finding Templates
Findings
Questionnaire
- GETGet v1questionnaire
- GETGet v1questionnaire 1
- DELDelete v1questionnaire
- POSTPost v1questionnaireparse
- POSTPost v1questionnaireanswer single
- POSTPost v1questionnairesave answer
- POSTPost v1questionnairedelete answer
- POSTPost v1questionnaireexport
- POSTPost v1questionnaireupload and parse
- POSTPost v1questionnaireupload and parseupload
- POSTPost v1questionnaireparseupload
- POSTPost v1questionnaireparseuploadtoken
- POSTPost v1questionnaireanswersexport
- POSTPost v1questionnaireanswersexportupload
- POSTPost v1questionnaireauto answer
Knowledge Base
- GETList all knowledge base documents for an organization
- GETList all manual answers for an organization
- POSTSave or update a manual answer
- POSTUpload a knowledge base document
- POSTGet a signed download URL for a document
- POSTGet a signed view URL for a document
- POSTDelete a knowledge base document
- POSTTrigger processing of knowledge base documents
- POSTCreate a public access token for a run
- POSTDelete a manual answer
- POSTDelete all manual answers for an organization
SOA
Integrations
- GETGet v1integrationsoauthavailability
- POSTPost v1integrationsoauthstart
- GETGet v1integrationsoauthcallback
- GETGet v1integrationsoauth apps
- POSTPost v1integrationsoauth apps
- GETGet v1integrationsoauth appssetup
- DELDelete v1integrationsoauth apps
- GETGet v1integrationsconnectionsproviders
- GETGet v1integrationsconnectionsproviders 1
- GETGet v1integrationsconnections
- POSTPost v1integrationsconnections
- GETGet v1integrationsconnections 1
- DELDelete v1integrationsconnections
- PATCHPatch v1integrationsconnections
- POSTPost v1integrationsconnections test
- POSTPost v1integrationsconnections pause
- POSTPost v1integrationsconnections resume
- POSTPost v1integrationsconnections disconnect
- POSTPost v1integrationsconnections ensure valid credentials
- PUTPut v1integrationsconnections credentials
- GETGet v1integrationschecksproviders
- GETGet v1integrationschecksconnections
- POSTPost v1integrationschecksconnections run
- POSTPost v1integrationschecksconnections run 1
- GETGet v1integrationsvariablesproviders
- GETGet v1integrationsvariablesconnections
- POSTPost v1integrationsvariablesconnections
- GETGet v1integrationsvariablesconnections options
- GETGet v1integrationstaskstemplate checks
- GETGet v1integrationstasks checks
- POSTPost v1integrationstasks run check
- GETGet v1integrationstasks runs
- POSTPost v1integrationssyncgoogle workspaceemployees
- POSTPost v1integrationssyncgoogle workspacestatus
- POSTPost v1integrationssyncripplingemployees
- POSTPost v1integrationssyncripplingstatus
- POSTPost v1integrationssyncjumpcloudemployees
- POSTPost v1integrationssyncjumpcloudstatus
- GETGet v1integrationssyncemployee sync provider
- POSTPost v1integrationssyncemployee sync provider
- GETGet v1integrationssyncavailable providers
- POSTPost v1integrationssyncdynamic employees
AdminIntegrations
DynamicIntegrations
- GETGet v1internaldynamic integrations
- PUTPut v1internaldynamic integrations
- POSTPost v1internaldynamic integrations
- GETGet v1internaldynamic integrations 1
- DELDelete v1internaldynamic integrations
- PATCHPatch v1internaldynamic integrations
- POSTPost v1internaldynamic integrations checks
- DELDelete v1internaldynamic integrations checks
- PATCHPatch v1internaldynamic integrations checks
- POSTPost v1internaldynamic integrations activate
- POSTPost v1internaldynamic integrations deactivate
- POSTPost v1internaldynamic integrationsvalidate
- GETGet v1internaldynamic integrations check runs
- GETGet v1internaldynamic integrationscheck runs
CloudSecurity
Browserbase
- GETGet organization browser context status
- POSTGet or create organization browser context
- POSTCreate a new browser session
- POSTClose a browser session
- POSTNavigate to a URL
- POSTCheck authentication status
- POSTCreate a browser automation
- GETGet all browser automations for a task
- GETGet a browser automation by ID
- DELDelete a browser automation
- PATCHUpdate a browser automation
- POSTStart automation with live view
- POSTExecute automation on existing session
- POSTRun a browser automation
- GETGet run history for an automation
- GETGet a specific run by ID
Task Management
Assistant Chat
Roles
Training
Org Chart
Evidence Forms
- GETList evidence forms
- GETGet submission statuses for all forms
- GETGet current user submissions
- GETGet pending submission count for current user
- GETGet form definition and submissions
- GETGet a single submission
- DELDelete a submission
- POSTSubmit evidence form entry
- POSTUpload a file as an evidence submission
- PATCHReview a submission
- POSTUpload evidence form file
- GETExport form submissions to CSV
Frameworks
- GETList framework instances for the organization
- POSTAdd frameworks to the organization
- GETList available frameworks (requires session, no active org needed — used during onboarding)
- GETGet overview compliance scores
- GETGet a single framework instance with full detail
- DELDelete a framework instance
- GETGet a specific requirement with related controls
Controls
Internal - Email
Secrets
Security Penetration Tests
Pentest Billing
Admin - Organizations
- GETList all organizations (platform admin)
- GETGet organization details (platform admin)
- PATCHActivate organization access (platform admin)
- PATCHDeactivate organization access (platform admin)
- POSTInvite member to organization (platform admin)
- GETGet audit logs for an organization (platform admin)
- GETList pending invitations (platform admin)
- DELRevoke invitation (platform admin)
Admin - Findings
Admin - Policies
Admin - Tasks
Admin - Vendors
Admin - Context
Update vendor
curl --request PATCH \
--url http://localhost:3333/v1/vendors/{id} \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"name": "<string>",
"description": "<string>",
"category": "cloud",
"status": "not_assessed",
"inherentProbability": "very_unlikely",
"inherentImpact": "insignificant",
"residualProbability": "very_unlikely",
"residualImpact": "insignificant",
"website": "<string>",
"isSubProcessor": true,
"assigneeId": "<string>"
}
'{
"id": "vnd_abc123def456",
"name": "CloudTech Solutions Inc.",
"description": "Cloud infrastructure provider offering AWS-like services including compute, storage, and networking solutions for enterprise customers.",
"category": "cloud",
"status": "assessed",
"inherentProbability": "possible",
"inherentImpact": "moderate",
"residualProbability": "unlikely",
"residualImpact": "minor",
"website": "https://www.cloudtechsolutions.com",
"organizationId": "org_abc123def456",
"assigneeId": "mem_abc123def456",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"authType": "api-key",
"authenticatedUser": {
"id": "usr_def456ghi789",
"email": "user@example.com"
}
}Vendors
Update vendor
Partially updates a vendor. Only provided fields will be updated. Supports both API key authentication (X-API-Key header) and session authentication (Bearer token or cookies).
PATCH
/
v1
/
vendors
/
{id}
Update vendor
curl --request PATCH \
--url http://localhost:3333/v1/vendors/{id} \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"name": "<string>",
"description": "<string>",
"category": "cloud",
"status": "not_assessed",
"inherentProbability": "very_unlikely",
"inherentImpact": "insignificant",
"residualProbability": "very_unlikely",
"residualImpact": "insignificant",
"website": "<string>",
"isSubProcessor": true,
"assigneeId": "<string>"
}
'{
"id": "vnd_abc123def456",
"name": "CloudTech Solutions Inc.",
"description": "Cloud infrastructure provider offering AWS-like services including compute, storage, and networking solutions for enterprise customers.",
"category": "cloud",
"status": "assessed",
"inherentProbability": "possible",
"inherentImpact": "moderate",
"residualProbability": "unlikely",
"residualImpact": "minor",
"website": "https://www.cloudtechsolutions.com",
"organizationId": "org_abc123def456",
"assigneeId": "mem_abc123def456",
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z",
"authType": "api-key",
"authenticatedUser": {
"id": "usr_def456ghi789",
"email": "user@example.com"
}
}Authorizations
API key for authentication
Path Parameters
Vendor ID
Example:
"vnd_abc123def456"
Body
application/json
Vendor update data
Vendor name
Vendor description
Vendor category
Available options:
cloud, infrastructure, software_as_a_service, finance, marketing, sales, hr, other Assessment status
Available options:
not_assessed, in_progress, assessed Inherent probability
Available options:
very_unlikely, unlikely, possible, likely, very_likely Inherent impact
Available options:
insignificant, minor, moderate, major, severe Residual probability
Available options:
very_unlikely, unlikely, possible, likely, very_likely Residual impact
Available options:
insignificant, minor, moderate, major, severe Vendor website URL
Whether the vendor is a sub-processor
Assignee member ID
Response
Vendor updated successfully
Vendor ID
Example:
"vnd_abc123def456"
Vendor name
Example:
"CloudTech Solutions Inc."
Vendor description
Example:
"Cloud infrastructure provider offering AWS-like services including compute, storage, and networking solutions for enterprise customers."
Available options:
cloud, infrastructure, software_as_a_service, finance, marketing, sales, hr, other Example:
"cloud"
Available options:
not_assessed, in_progress, assessed Example:
"assessed"
Available options:
very_unlikely, unlikely, possible, likely, very_likely Example:
"possible"
Available options:
insignificant, minor, moderate, major, severe Example:
"moderate"
Available options:
very_unlikely, unlikely, possible, likely, very_likely Example:
"unlikely"
Available options:
insignificant, minor, moderate, major, severe Example:
"minor"
Example:
"https://www.cloudtechsolutions.com"
Example:
"org_abc123def456"
ID of the user assigned to manage this vendor
Example:
"mem_abc123def456"
When the vendor was created
When the vendor was last updated
How the request was authenticated
Available options:
api-key, session User information (only for session auth)
Show child attributes
Show child attributes
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.