{ "openapi": "3.0.0", "info": { "title": "Drata API", "description": "REST API powering partners and friends šŸ„

When importing into Postman, the folders will be organized by Postman's default hierarchy of Paths. This will appear mismatched with Drata's developer documentation here. In order for it to match our docs, please change the folder organization to Tags in the Import Settings. See below:

1. Open Postman
2. Click on Import in the top left hand corner
3. Select the swagger file to import but don't import just yet
4. Once selected, click on View Import Settings
5. Scroll down to Folder organization: it's defaulted to Paths; change this to Tags
6. Click the back arrow to go back to the import screen and click Import
7. Done!", "version": "V1", "contact": {} }, "servers": [ { "url": "https://public-api.drata.com/public" }, { "url": "https://public-api.eu.drata.com/public" }, { "url": "https://public-api.apac.drata.com/public" } ], "tags": [], "paths": { "/workspaces/{workspaceId}/autopilot/{testId}/retest": { "post": { "description": "Run an autopilot test\n\nšŸ”’ Requires **Monitoring: Trigger Monitor Test** permission.", "operationId": "AutopilotPublicController_retest", "parameters": [ { "name": "testId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "201": { "description": "Created" }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "409": { "description": "There is a conflict in the business rules with this request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Run an autopilot test by test id", "tags": [ "Autopilot" ], "x-drata-permissions": [ "monitors-post-retest" ], "x-product-area": [ "ADAPTIVE_AUTOMATION_AND_CREATE_NEW_TEST" ] } }, "/connections": { "get": { "description": "Find managed connections by provider type and current state\n\nšŸ”’ Requires **Connections: List Connections** permission.", "operationId": "ConnectionsPublicController_getConnections", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: CREATED)", "schema": { "enum": [ "CREATED_AT", "CONNECTED_AT", "CONNECTION_PROVIDER_TYPE", "CONNECTION_CLIENT_TYPE", "CONNECTION_STATE" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "providerTypes", "required": false, "in": "query", "description": "Connection provider types", "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ProviderTypeEnum" } } }, { "name": "state", "required": false, "in": "query", "description": "Connection current state", "schema": { "enum": [ "ACTIVE", "MISCONFIGURED", "CONFIGURED_PENDING_CONFIRMATION", "IN_PROGRESS" ], "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ConnectionsCompactResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "List managed connections given the provided filters", "tags": [ "Connections" ], "x-drata-permissions": [ "connections-get" ], "x-product-area": [ "CONNECTIONS_UI" ] } }, "/connections/upload/csv": { "post": { "description": "Create an IdP connection requires a file to complete the process\n\nšŸ”’ Requires **Personnel: Import Personnel** permission.", "operationId": "ConnectionsPublicController_createIdpConnectionWithCsvFile", "parameters": [], "responses": { "201": { "description": "", "content": { "application/json": { "schema": { "type": "object" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Create an IdP connection with file", "tags": [ "Connections" ], "x-drata-permissions": [ "personnel-importing" ], "x-product-area": [ "CONNECTIONS_UI" ] } }, "/connections/{id}/upload/csv": { "put": { "description": "Update an IdP connection that requires a file to complete the process\n\nšŸ”’ Requires **Personnel: Import Personnel** permission.", "operationId": "ConnectionsPublicController_updateIdpConnectionWithCsvFile", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "type": "object" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "update an IdP connection with file", "tags": [ "Connections" ], "x-drata-permissions": [ "personnel-importing" ], "x-product-area": [ "CONNECTIONS_UI" ] } }, "/connections/upload/json": { "post": { "description": "Create an IdP connection that requires personnel list to complete the process\n\nšŸ”’ Requires **Personnel: Import Personnel** permission.", "operationId": "ConnectionsPublicController_createIdpConnectionWithJsonFile", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateConnectionJsonIdpRequestPublicDto" } } } }, "responses": { "201": { "description": "", "content": { "application/json": { "schema": { "type": "object" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Create an IdP connection with personnel list", "tags": [ "Connections" ], "x-drata-permissions": [ "personnel-importing" ], "x-product-area": [ "CONNECTIONS_UI" ] } }, "/connections/{id}/upload/json": { "put": { "description": "Update an IdP connection that requires personnel list to complete the process\n\nšŸ”’ Requires **Personnel: Import Personnel** permission.", "operationId": "ConnectionsPublicController_updateIdpConnectionWithJsonFile", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateConnectionJsonIdpRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "type": "object" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update an IdP connection with personnel list", "tags": [ "Connections" ], "x-drata-permissions": [ "personnel-importing" ], "x-product-area": [ "CONNECTIONS_UI" ] } }, "/workspaces": { "get": { "description": "List workspaces for an account\n\nšŸ”’ Requires **Workspaces: List Workspaces** permission.", "operationId": "WorkspacesPublicController_listWorkspaces", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data to search term", "schema": { "example": "Acme", "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WorkspacesResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "List workspaces", "tags": [ "Multiple Workspace Support" ], "x-drata-permissions": [ "workspaces-get" ], "x-product-area": [ "WORKSPACE_PLATFORM" ] } }, "/company/info": { "get": { "description": "Get company info\n\nšŸ”’ Requires **Company Settings: Get Company Settings** permission.", "operationId": "CompaniesPublicController_getCompany", "parameters": [], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CompanyResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get company info", "tags": [ "Companies" ], "x-drata-permissions": [ "company-settings-get-info" ], "x-product-area": [ "COMPANY_INFO" ] } }, "/controls": { "get": { "description": "List Controls given the provided search terms and filters\n\nšŸ”’ Requires **Controls: List Controls** permission.", "operationId": "GRCPublicController_getControls", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for control names, codes, or descriptions", "schema": { "example": "Least-Privileged Policy for Customer Data Access", "type": "string" } }, { "name": "frameworkTags", "required": false, "in": "query", "description": "Filter data by controls associated with these framework tags", "schema": { "example": [ "SOC_2", "ISO27001" ], "type": "array", "items": { "type": "string", "enum": [ "NONE", "SOC_2", "ISO27001", "CCPA", "GDPR", "HIPAA", "PCI", "SCF", "NIST80053", "NISTCSF", "CMMC", "NIST800171", "MSSSPA", "FFIEC", "ISO27701", "COBIT", "SOX_ITGC", "ISO270012022", "CCM", "CYBER_ESSENTIALS", "ISO270172015", "ISO270182019", "FEDRAMP", "NISTAI", "PCI4", "NISTCSF2", "NIS2", "DORA", "ISO420012023", "DRATA_ESSENTIALS", "NIST800171R3", "CIS8", "CYBER_ESSENTIALS_32", "FEDRAMP20X", "HITRUST", "MSSSPA11", "ESSENTIAL_EIGHT", "NYDFS", "TISAX", "ISO270182025", "CCPA2026", "ISO277012025", "CPS230", "CUSTOM", "ALL" ] } } }, { "name": "frameworkSlug", "required": false, "in": "query", "description": "Filter data by controls associated with these custom framework Slug", "schema": { "example": "soc2", "type": "string" } }, { "name": "trustServiceCriterion", "required": false, "in": "query", "description": "Filter controls on their Trust Service Criteria", "schema": { "example": [ "AVAILABILITY" ], "enum": [ "AVAILABILITY", "CONFIDENTIALITY", "SECURITY", "PRIVACY", "PROCESS_INTEGRITY", "GENERAL_RULES", "ADMINISTRATIVE_SAFEGUARDS", "PHYSICAL_SAFEGUARDS", "TECHNICAL_SAFEGUARDS", "REQUIREMENTS_ORGANIZATION", "REQUIREMENTS_POLICIES_PROCEDURES", "BASIC", "DERIVED", "NIST80053_PRIVACY" ], "type": "string" } }, { "name": "trustServiceCriteria", "required": false, "in": "query", "description": "Filter controls on their Trust Service Criteria", "schema": { "example": [ "AVAILABILITY", "CONFIDENTIALITY" ], "type": "array", "items": { "type": "string", "enum": [ "AVAILABILITY", "CONFIDENTIALITY", "SECURITY", "PRIVACY", "PROCESS_INTEGRITY", "GENERAL_RULES", "ADMINISTRATIVE_SAFEGUARDS", "PHYSICAL_SAFEGUARDS", "TECHNICAL_SAFEGUARDS", "REQUIREMENTS_ORGANIZATION", "REQUIREMENTS_POLICIES_PROCEDURES", "BASIC", "DERIVED", "NIST80053_PRIVACY" ] } } }, { "name": "ismsCategory", "required": false, "in": "query", "description": "Filter controls on their ISMS requirements", "schema": { "example": [ "CONTEXT_OF_THE_ORGANIZATION", "LEADERSHIP" ], "type": "array", "items": { "type": "string", "enum": [ "CONTEXT_OF_THE_ORGANIZATION", "LEADERSHIP", "PLANNING", "SUPPORT", "OPERATION", "PERFORMANCE_EVALUATION", "IMPROVEMENT" ] } } }, { "name": "isms2022Category", "required": false, "in": "query", "description": "Filter controls on their ISMS requirements", "schema": { "example": [ "CONTEXT_OF_THE_ORGANIZATION", "LEADERSHIP" ], "type": "array", "items": { "type": "string", "enum": [ "CONTEXT_OF_THE_ORGANIZATION", "LEADERSHIP", "PLANNING", "SUPPORT", "OPERATION", "PERFORMANCE_EVALUATION", "IMPROVEMENT" ] } } }, { "name": "isAnnexA2022", "required": false, "in": "query", "description": "Filter controls on if they are an Annex A requirement", "schema": { "example": true, "type": "boolean" } }, { "name": "rules", "required": false, "in": "query", "description": "Filter controls on their Hipaa rules", "schema": { "example": [ "BREACH_NOTIFICATION", "PRIVACY" ], "type": "array", "items": { "type": "string", "enum": [ "SECURITY", "BREACH_NOTIFICATION", "PRIVACY" ] } } }, { "name": "subRules", "required": false, "in": "query", "description": "Filter controls on their Hipaa rules", "schema": { "example": [ "GENERAL_RULES", "ADMINISTRATIVE_SAFEGUARDS" ], "type": "array", "items": { "type": "string", "enum": [ "GENERAL_RULES", "ADMINISTRATIVE_SAFEGUARDS", "PHYSICAL_SAFEGUARDS", "TECHNICAL_SAFEGUARDS", "REQUIREMENTS_ORGANIZATION", "REQUIREMENTS_POLICIES_PROCEDURES" ] } } }, { "name": "pciRequirements", "required": false, "in": "query", "description": "Filter controls on their PCI requirements", "schema": { "example": [ "FIREWALL", "ACCESS_RESTRICTION" ], "type": "array", "items": { "type": "string", "enum": [ "FIREWALL", "PASSWORDS", "DATA_AT_REST_PROTECTION", "DATA_IN_TRANSIT_ENCRYPTION", "MALWARE_PROTECTION", "SECURE_SYSTEM_MANAGEMENT", "ACCESS_RESTRICTION", "SYSTEM_ACCESS_CONTROL", "PHYSICAL_ACCESS_CONTROL", "NETWORK_ACCESS_MONITORING", "VULNERABILITY_TESTING", "INFORMATION_SECURITY_POLICY" ] } } }, { "name": "chapters", "required": false, "in": "query", "description": "Filter controls on their GDPR chapters", "schema": { "example": [ "CONTROLLER_AND_PROCESSOR", "PRINCIPLES" ], "type": "array", "items": { "type": "string", "enum": [ "PRINCIPLES", "RIGHTS_OF_THE_DATA_SUBJECT", "CONTROLLER_AND_PROCESSOR", "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_OR_INTERNATIONAL_ORGANIZATIONS" ] } } }, { "name": "statutes", "required": false, "in": "query", "description": "Filter controls on their CCPA statutes", "schema": { "example": [ "INDIVIDUAL_RIGHTS", "SERVICE_PROVIDER" ], "type": "array", "items": { "type": "string", "enum": [ "INDIVIDUAL_RIGHTS", "SERVICE_PROVIDER", "SECURITY" ] } } }, { "name": "regulations", "required": false, "in": "query", "description": "Filter controls on their CCPA regulations", "schema": { "example": [ "BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS", "NON_DISCRIMINATION" ], "type": "array", "items": { "type": "string", "enum": [ "NOTICES_TO_CONSUMERS", "BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS", "VERIFICATION_OF_REQUESTS", "SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE", "NON_DISCRIMINATION", "GENERAL_PROVISIONS", "REQUIRED_DISCLOSURES_TO_CONSUMERS", "SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES", "TRAINING_AND_RECORD_KEEPING" ] } } }, { "name": "functions", "required": false, "in": "query", "description": "Filter controls on their NIST CSF Functions", "schema": { "example": [ "RECOVER", "RESPOND" ], "type": "array", "items": { "type": "string", "enum": [ "IDENTIFY", "PROTECT", "DETECT", "RESPOND", "RECOVER" ] } } }, { "name": "functions2", "required": false, "in": "query", "description": "Filter controls on their NIST CSF 2.0 Functions", "schema": { "example": [ "GOVERN_GV", "IDENTIFY_ID" ], "type": "array", "items": { "type": "string", "enum": [ "GOVERN_GV", "IDENTIFY_ID", "PROTECT_PR", "DETECT_DE", "RESPOND_RS", "RECOVER_RC" ] } } }, { "name": "sections", "required": false, "in": "query", "description": "Filter controls on their MSSSPA Section", "schema": { "example": [ "DATA_SUBJECTS", "CHOICE_AND_CONSENT" ], "type": "array", "items": { "type": "string", "enum": [ "MANAGEMENT", "NOTICE", "CHOICE_AND_CONSENT", "COLLECTION", "RETENTION", "DATA_SUBJECTS", "DISCLOSURE_TO_THIRD_PARTIES", "QUALITY", "MONITORING_AND_ENFORCEMENT", "SECURITY" ] } } }, { "name": "controlFamilies", "required": false, "in": "query", "description": "Filter controls on their NIST SP 800-171 Control Family", "schema": { "example": [ "ACCESS_CONTROL", "PERSONNEL_SECURITY" ], "type": "array", "items": { "type": "string", "enum": [ "AUDIT_AND_ACCOUNTABILITY", "CONFIGURATION_MANAGEMENT", "IDENTIFICATION_AND_AUTHENTICATION", "INCIDENT_RESPONSE", "MEDIA_PROTECTION", "PERSONNEL_SECURITY", "PHYSICAL_PROTECTION", "SECURITY_ASSESSMENT", "SYSTEM_AND_COMMUNICATIONS_PROTECTION", "SYSTEM_AND_INFORMATION_INTEGRITY", "ACCESS_CONTROL", "AWARENESS_AND_TRAINING", "MAINTENANCE", "RISK_ASSESSMENT" ] } } }, { "name": "controlClasses", "required": false, "in": "query", "description": "Filter controls on their NIST SP 800-171 Control Class", "schema": { "example": [ "TECHNICAL" ], "type": "array", "items": { "type": "string", "enum": [ "TECHNICAL", "OPERATIONAL", "MANAGEMENT" ] } } }, { "name": "iso27701", "required": false, "in": "query", "description": "Filter controls on their ISO27701 requirements", "schema": { "example": [ "ANNEX_A_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" ], "type": "array", "items": { "type": "string", "enum": [ "PIMS_SPECIFIC_REQUIREMENTS", "PIMS_SPECIFIC_GUIDANCE", "ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES", "ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE", "ANNEX_A_CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "ANNEX_A_OBLIGATIONS_TO_PII_PRINCIPALS", "ANNEX_A_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "ANNEX_A_PII_SHARING_TRANSFER_AND_DISCLOSURE" ] } } }, { "name": "cobit", "required": false, "in": "query", "description": "Filter controls on their COBIT requirements", "schema": { "example": [ "ALIGN_PLAN_AND_ORGANIZE" ], "type": "array", "items": { "type": "string", "enum": [ "EVALUATE_DIRECT_AND_MONITOR", "ALIGN_PLAN_AND_ORGANIZE", "BUILD_ACQUIRE_AND_IMPLEMENT", "DELIVER_SERVICE_AND_SUPPORT", "MONITOR_EVALUATE_AND_ASSESS" ] } } }, { "name": "soxitgc", "required": false, "in": "query", "description": "Filter controls on their SOX requirements", "schema": { "example": [ "PROGRAM_DEVELOPMENT" ], "type": "array", "items": { "type": "string", "enum": [ "PROGRAM_DEVELOPMENT", "CHANGE_MANAGEMENT", "SYSTEM_OPERATIONS", "ACCESS_MANAGEMENT" ] } } }, { "name": "controlBaselines", "required": false, "in": "query", "description": "Filter controls on their NIST SP 800-53 Control Baseline", "schema": { "example": [ "OPERATIONAL" ], "type": "array", "items": { "type": "string", "enum": [ "TECHNICAL", "OPERATIONAL", "MANAGEMENT" ] } } }, { "name": "cmmcClasses", "required": false, "in": "query", "description": "Filter controls on their NIST SP 800-53 Control Baseline", "schema": { "example": [ "MANAGEMENT" ], "type": "array", "items": { "type": "string", "enum": [ "TECHNICAL", "OPERATIONAL", "MANAGEMENT" ] } } }, { "name": "domains", "required": false, "in": "query", "description": "Filter controls on their FFIEC Domains", "schema": { "example": [ "CYBERSECURITY_CONTROLS" ], "type": "array", "items": { "type": "string", "enum": [ "CYBER_RISK_MANAGEMENT_AND_OVERSIGHT", "THREAT_INTELLIGENCE_AND_COLLABORATION", "CYBERSECURITY_CONTROLS", "EXTERNAL_DEPENDENCY_MANAGEMENT", "CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" ] } } }, { "name": "assessmentFactors", "required": false, "in": "query", "description": "Filter controls on their FFIEC Assessment Factors", "schema": { "example": [ "GOVERNANCE" ], "type": "array", "items": { "type": "string", "enum": [ "GOVERNANCE", "RISK_MANAGEMENT", "RESOURCES", "TRAINING_AND_CULTURE", "THREAT_INTELLIGENCE", "MONITORING_AND_ANALYZING", "INFORMATION_SHARING", "PREVENTATIVE_CONTROLS", "DETECTIVE_CONTROLS", "CORRECTIVE_CONTROLS", "CONNECTIONS", "RELATIONSHIP_MANAGEMENT", "INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY", "DETECTION_RESPONSE_AND_MITIGATION", "ESCALATION_AND_REPORTING" ] } } }, { "name": "articles", "required": false, "in": "query", "description": "Filters controls by their NIS 2 Articles", "schema": { "example": [ "GOVERNANCE" ], "type": "array", "items": { "type": "string", "enum": [ "GOVERNANCE", "RISK_MANAGEMENT", "REPORTING" ] } } }, { "name": "doraChapters", "required": false, "in": "query", "description": "Filters controls by their DORA Standards", "schema": { "example": [ "ICT_RMF_RTS" ], "type": "array", "items": { "type": "string", "enum": [ "REGULATION", "ICT_RMF_RTS" ] } } }, { "name": "drataFunctions", "required": false, "in": "query", "description": "Filters controls by their Drata Essentials Function", "schema": { "example": [ "DETECT" ], "type": "array", "items": { "type": "string", "enum": [ "PROTECT", "RECOVER", "RESPOND", "IDENTIFY", "DETECT", "GOVERN" ] } } }, { "name": "iso420012023", "required": false, "in": "query", "description": "Filters controls by their ISO42001 Sections", "schema": { "example": [ "AI_SYSTEM_LIFE_CYCLE" ], "type": "array", "items": { "type": "string", "enum": [ "RESOURCES_FOR_AI_SYSTEMS", "INTERNAL_ORGANIZATION", "AI_SYSTEM_LIFE_CYCLE", "ASSESSING_IMPACTS_OF_AI_SYSTEMS", "DATA_FOR_AI_SYSTEMS", "INFORMATION_FOR_INTERESTED_PARTIES_OF_AI_SYSTEMS", "USE_OF_AI_SYSTEMS", "THIRD_PARTY_AND_CUSTOMER_RELATIONSHIPS", "POLICIES_RELATED_TO_AI", "SUPPORT", "OPERATION", "CONTEXT_OF_THE_ORGANIZATION", "PERFORMANCE_EVALUATION", "PLANNING", "LEADERSHIP", "IMPROVEMENT" ] } } }, { "name": "nist800171r3ControlFamilies", "required": false, "in": "query", "description": "Filter controls on their NIST SP 800-171 R3 Control Family", "schema": { "example": [ "ACCESS_CONTROL", "PERSONNEL_SECURITY" ], "type": "array", "items": { "type": "string", "enum": [ "INCIDENT_RESPONSE", "SUPPLY_CHAIN_RISK_MANAGEMENT", "MEDIA_PROTECTION", "AUDIT_AND_ACCOUNTABILITY", "ACCESS_CONTROL", "PHYSICAL_PROTECTION", "CONFIGURATION_MANAGEMENT", "SYSTEM_AND_COMMUNICATIONS_PROTECTION", "IDENTIFICATION_AND_AUTHENTICATION", "PLANNING", "MAINTENANCE", "RISK_ASSESSMENT", "SYSTEM_AND_INFORMATION_INTEGRITY", "SECURITY_ASSESSMENT_AND_MONITORING", "SYSTEM_AND_SERVICES_ACQUISITION", "AWARENESS_AND_TRAINING", "PERSONNEL_SECURITY" ] } } }, { "name": "nist800171r3ControlClasses", "required": false, "in": "query", "description": "Filter controls on their NIST SP 800-171 R3 Control Class", "schema": { "example": [ "TECHNICAL" ], "type": "array", "items": { "type": "string", "enum": [ "OPERATIONAL", "MANAGEMENT", "TECHNICAL" ] } } }, { "name": "cisSafeguards", "required": false, "in": "query", "description": "Filter controls on their NIST SP 800-171 R3 Control Class", "schema": { "example": [ "ACCESS_CONTROL_MANAGEMENT" ], "type": "array", "items": { "type": "string", "enum": [ "SERVICE_PROVIDER_MANAGEMENT", "DATA_PROTECTION", "DATA_RECOVERY", "CONTINUOUS_VULNERABILITY_MANAGEMENT", "APPLICATION_SOFTWARE_SECURITY", "ACCESS_CONTROL_MANAGEMENT", "INVENTORY_AND_CONTROL_OF_SOFTWARE_ASSETS", "NETWORK_INFRASTRUCTURE_MANAGEMENT", "EMAIL_AND_WEB_BROWSER_PROTECTIONS", "NETWORK_MONITORING_AND_DEFENSE", "AUDIT_LOG_MANAGEMENT", "SECURE_CONFIGURATION_OF_ENTERPRISE_ASSETS_AND_SOFTWARE", "INVENTORY_AND_CONTROL_OF_ENTERPRISE_ASSETS", "MALWARE_DEFENSES", "SECURITY_AWARENESS_AND_SKILLS_TRAINING", "PENETRATION_TESTING", "ACCOUNT_MANAGEMENT", "INCIDENT_RESPONSE_MANAGEMENT" ] } } }, { "name": "cyberEssentialsRequirements", "required": false, "in": "query", "description": "Filter controls on their Cyber Essentials v3.2 Requirements", "schema": { "example": [ "FIREWALLS" ], "type": "array", "items": { "type": "string", "enum": [ "MALWARE_PROTECTION", "DEVICE_UNLOCKING_METHOD", "FIREWALLS", "PASSWORD_BASED_AUTHENTICATION", "SECURITY_UPDATE_MANAGEMENT", "SCOPE", "ADMINISTRATIVE_ACCOUNTS", "SECURE_CONFIGURATION", "USER_ACCESS_CONTROL" ] } } }, { "name": "fr20xKSIs", "required": false, "in": "query", "description": "Filter controls on their FedRAMP 20x Requirements", "schema": { "example": [ "CHANGE_MANAGEMENT" ], "type": "array", "items": { "type": "string", "enum": [ "POLICY_AND_INVENTORY", "SERVICE_CONFIGURATION", "MONITORING_LOGGING_AND_AUDITING", "CHANGE_MANAGEMENT", "CLOUD_NATIVE_ARCHITECTURE", "THIRD_PARTY_INFORMATION_RESOURCES", "IDENTITY_AND_ACCESS_MANAGEMENT", "INCIDENT_REPORTING", "CYBERSECURITY_EDUCATION", "RECOVERY_PLANNING" ] } } }, { "name": "hitrustDomains", "required": false, "in": "query", "description": "Filter controls on their HITRUST Requirements", "schema": { "example": [ "ACCESS_CONTROL" ], "type": "array", "items": { "type": "string", "enum": [ "EDUCATION_TRAINING_AND_AWARENESS", "DATA_PROTECTION_AND_PRIVACY", "PHYSICAL_AND_ENVIRONMENTAL_SECURITY", "AUDIT_LOGGING_AND_MONITORING", "INFORMATION_PROTECTION_PROGRAM", "TRANSMISSION_PROTECTION", "THIRD_PARTY_ASSURANCE", "RISK_MANAGEMENT", "ACCESS_CONTROL", "PASSWORD_MANAGEMENT", "VULNERABILITY_MANAGEMENT", "BUSINESS_CONTINUITY_AND_DISASTER_RECOVERY", "MOBILE_DEVICE_SECURITY", "INCIDENT_MANAGEMENT", "ENDPOINT_PROTECTION", "CONFIGURATION_MANAGEMENT", "NETWORK_PROTECTION", "PORTABLE_MEDIA_SECURITY", "WIRELESS_SECURITY" ] } } }, { "name": "mssspa11Sections", "required": false, "in": "query", "description": "Filter controls on their MSSSPA V11 Section", "schema": { "example": [ "SSPAV11_SECURITY" ], "type": "array", "items": { "type": "string", "enum": [ "SSPAV11_SECURITY", "SSPAV11_AI_SYSTEMS", "SSPAV11_RETENTION", "SSPAV11_MANAGEMENT", "SSPAV11_COLLECTION", "SSPAV11_QUALITY", "SSPAV11_CHOICE_AND_CONSENT", "SSPAV11_DATA_SUBJECTS", "SSPAV11_MONITORING_AND_ENFORCEMENT", "SSPAV11_NOTICE", "SSPAV11_SUBCONTRACTORS" ] } } }, { "name": "essentialEight", "required": false, "in": "query", "description": "Filter controls on their Essential Eight", "schema": { "example": [ "ESSENTIAL_EIGHT_APPLICATION_CONTROL" ], "type": "array", "items": { "type": "string", "enum": [ "ESSENTIAL_EIGHT_PATCH_OPERATING_SYSTEMS", "ESSENTIAL_EIGHT_MULTI_FACTOR_AUTHENTICATION", "ESSENTIAL_EIGHT_REGULAR_BACKUPS", "ESSENTIAL_EIGHT_APPLICATION_CONTROL", "ESSENTIAL_EIGHT_RESTRICT_ADMINISTRATIVE_PRIVILEGES", "ESSENTIAL_EIGHT_USER_APPLICATION_HARDENING", "ESSENTIAL_EIGHT_RESTRICT_MICROSOFT_OFFICE_MACROS", "ESSENTIAL_EIGHT_PATCH_APPLICATIONS" ] } } }, { "name": "nydfs", "required": false, "in": "query", "description": "Filter controls on their NYDFS", "schema": { "example": [ "NYDFS_ACCESS_PRIVILEGES_AND_MANAGEMENT" ], "type": "array", "items": { "type": "string", "enum": [ "NYDFS_VULNERABILITY_MANAGEMENT", "NYDFS_ACCESS_PRIVILEGES_AND_MANAGEMENT", "NYDFS_THIRD_PARTY_SERVICE_PROVIDER_SECURITY", "NYDFS_NOTICES_TO_SUPERINTENDENT", "NYDFS_INCIDENT_RESPONSE_AND_BUSINESS_CONTINUITY_MANAGEMENT", "NYDFS_CYBERSECURITY_PERSONNEL_AND_INTELLIGENCE", "NYDFS_CYBERSECURITY_POLICY", "NYDFS_ENCRYPTION_OF_NONPUBLIC_INFORMATION", "NYDFS_AUDIT_TRAIL", "NYDFS_CYBERSECURITY_GOVERNANCE", "NYDFS_ASSET_MANAGEMENT_AND_DATA_RETENTION", "NYDFS_MULTI_FACTOR_AUTHENTICATION", "NYDFS_MONITORING_AND_TRAINING", "NYDFS_CYBERSECURITY_PROGRAM", "NYDFS_APPLICATION_SECURITY", "NYDFS_RISK_ASSESSMENT" ] } } }, { "name": "tisaxCategory", "required": false, "in": "query", "description": "Filter controls on their TISAX Category", "schema": { "example": [ "TISAX_DATA_PROTECTION" ], "type": "array", "items": { "type": "string", "enum": [ "TISAX_DATA_PROTECTION", "TISAX_IT_SECURITY_CYBER_SECURITY", "TISAX_PROTOTYPE_PROTECTION", "TISAX_IS_POLICIES_AND_ORGANIZATION", "TISAX_COMPLIANCE", "TISAX_PHYSICAL_SECURITY", "TISAX_IDENTITY_AND_ACCESS_MANAGEMENT", "TISAX_HUMAN_RESOURCES", "TISAX_SUPPLIER_RELATIONSHIPS" ] } } }, { "name": "tisaxSubcategory", "required": false, "in": "query", "description": "Filter controls on their TISAX Subcategory", "schema": { "example": [ "TISAX_ORGANIZATION_OF_DATA_PROTECTION" ], "type": "array", "items": { "type": "string", "enum": [ "TISAX_INFORMATION_SECURITY_POLICIES", "TISAX_ORGANIZATION_OF_INFORMATION_SECURITY", "TISAX_ASSET_MANAGEMENT", "TISAX_IS_RISK_MANAGEMENT", "TISAX_ASSESSMENTS", "TISAX_INCIDENT_AND_CRISIS_MANAGEMENT", "TISAX_IDENTITY_MANAGEMENT", "TISAX_ACCESS_MANAGEMENT", "TISAX_CRYPTOGRAPHY", "TISAX_OPERATIONS_SECURITY", "TISAX_SYSTEM_ACQUISITIONS_REQUIREMENT_MANAGEMENT_AND_DEVELOPMENT", "TISAX_PHYSICAL_AND_ENVIRONMENTAL_SECURITY", "TISAX_ORGANIZATIONAL_REQUIREMENTS", "TISAX_HANDLING_OF_VEHICLES_COMPONENTS_AND_PARTS", "TISAX_REQUIREMENTS_FOR_TRIAL_VEHICLES", "TISAX_REQUIREMENTS_FOR_EVENTS_AND_SHOOTINGS", "TISAX_DATA_PROTECTION_POLICIES", "TISAX_ORGANIZATION_OF_DATA_PROTECTION", "TISAX_PROCESSING_DIRECTORY", "TISAX_DATA_PROTECTION_IMPACT_ASSESSMENT", "TISAX_DATA_TRANSFERS", "TISAX_HANDLING_REQUESTS_AND_INCIDENTS", "TISAX_HUMAN_RESOURCES", "TISAX_INSTRUCTIONS" ] } } }, { "name": "iso270182025Clause", "required": false, "in": "query", "description": "Filter controls on their ISO270182025 Clause", "schema": { "example": [ "ISO270182025_ACCOUNTABILITY" ], "type": "array", "items": { "type": "string", "enum": [ "ISO270182025_PEOPLE_CONTROLS", "ISO270182025_ORGANIZATIONAL_CONTROLS", "ISO270182025_INFORMATION_SECURITY", "ISO270182025_TECHNOLOGICAL_CONTROLS", "ISO270182025_CONSENT_AND_CHOICE", "ISO270182025_ACCOUNTABILITY", "ISO270182025_PRIVACY_COMPLIANCE", "ISO270182025_USE_RETENTION_AND_DISCLOSURE_LIMITATION", "ISO270182025_PURPOSE_LEGITIMACY_AND_SPECIFICATION", "ISO270182025_DATA_MINIMIZATION", "ISO270182025_PHYSICAL_CONTROLS", "ISO270182025_OPENNESS_TRANSPARENCY_AND_NOTICE" ] } } }, { "name": "ccpa2026Statutes", "required": false, "in": "query", "description": "Filter controls on their CCPA (2026) statutes", "schema": { "example": [ "CCPA2026_INDIVIDUAL_RIGHTS", "CCPA2026_INDIVIDUAL_RIGHTS" ], "type": "array", "items": { "type": "string", "enum": [ "CCPA2026_INDIVIDUAL_RIGHTS", "CCPA2026_SERVICE_PROVIDER", "CCPA2026_SECURITY" ] } } }, { "name": "ccpa2026Regulations", "required": false, "in": "query", "description": "Filter controls on their CCPA (2026) regulations", "schema": { "example": [ "CCPA2026_CONSUMER_REQUESTS", "CCPA2026_GENERAL_PROVISIONS" ], "type": "array", "items": { "type": "string", "enum": [ "CCPA2026_CONSUMER_REQUESTS", "CCPA2026_RISK_ASSESSMENTS", "CCPA2026_SERVICE_PROVIDERS_CONTRACTORS_THIRD_PARTIES", "CCPA2026_CYBERSECURITY_AUDITS", "CCPA2026_REQUIRED_DISCLOSURES_TO_CONSUMERS", "CCPA2026_VERIFICATION", "CCPA2026_NON_DISCRIMINATION", "CCPA2026_GENERAL_PROVISIONS", "CCPA2026_SPECIAL_RULES_REGARDING_CONSUMERS_LESS_THAN_16_YEARS_OF_AGE", "CCPA2026_AUTOMATED_DECISIONMAKING_TECHNOLOGY", "CCPA2026_TRAINING_AND_RECORDKEEPING", "CCPA2026_INSURANCE_COMPANIES" ] } } }, { "name": "iso277012025Clause", "required": false, "in": "query", "description": "Filter controls on their ISO/IEC 27701:2025 Clause", "schema": { "example": [ "ISO277012025_CONTEXT_OF_THE_ORGANIZATION" ], "type": "array", "items": { "type": "string", "enum": [ "ISO277012025_CONTEXT_OF_THE_ORGANIZATION", "ISO277012025_LEADERSHIP", "ISO277012025_PLANNING", "ISO277012025_SUPPORT", "ISO277012025_OPERATION", "ISO277012025_PERFORMANCE_EVALUATION", "ISO277012025_IMPROVEMENT", "ISO277012025_CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "ISO277012025_SECURITY_CONSIDERATIONS", "ISO277012025_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "ISO277012025_PII_SHARING_TRANSFER_AND_DISCLOSURE", "ISO277012025_OBLIGATIONS_TO_PII_PRINCIPALS" ] } } }, { "name": "cps230Paragraphs", "required": false, "in": "query", "description": "Filter controls on their CPS 230 Paragraph", "schema": { "example": [ "CPS_230_BUSINESS_CONTINUITY" ], "type": "array", "items": { "type": "string", "enum": [ "CPS_230_BUSINESS_CONTINUITY", "CPS_230_OPERATIONAL_RISK_MANAGEMENT", "CPS_230_RISK_MANAGEMENT_FRAMEWORK", "CPS_230_KEY_PRINCIPLES", "CPS_230_MANAGEMENT_OF_SERVICE_PROVIDER_ARRANGEMENTS", "CPS_230_ROLES_AND_RESPONSIBILITIES" ] } } }, { "name": "userIds", "required": false, "in": "query", "description": "User Ids of Control Owners", "schema": { "example": [ 1 ], "type": "array", "items": { "type": "number" } } }, { "name": "isOwned", "required": false, "in": "query", "description": "Filter controls on if they have a control owner", "schema": { "example": true, "type": "boolean" } }, { "name": "isReady", "required": false, "in": "query", "description": "Filter controls on if they are ready", "schema": { "example": true, "type": "boolean" } }, { "name": "isAnnexA", "required": false, "in": "query", "description": "Filter controls on if they are an Annex A requirement", "schema": { "example": true, "type": "boolean" } }, { "name": "isArchived", "required": false, "in": "query", "description": "Filter to controls that are or are not archived", "schema": { "example": false, "type": "boolean" } }, { "name": "isMonitored", "required": false, "in": "query", "description": "Filter to controls that are or are not monitored", "schema": { "example": false, "type": "boolean" } }, { "name": "hasEvidence", "required": false, "in": "query", "description": "Filter to controls with or without evidence", "schema": { "example": true, "type": "boolean" } }, { "name": "hasPolicy", "required": false, "in": "query", "description": "Filter to controls with or without policy", "schema": { "example": true, "type": "boolean" } }, { "name": "hasPassingTest", "required": false, "in": "query", "description": "Filter to controls with at least one passing test", "schema": { "example": true, "type": "boolean" } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Exclude controls by array of id", "schema": { "example": [], "type": "array", "items": { "type": "number" } } }, { "name": "excludeRequirementId", "required": false, "in": "query", "description": "Exclude controls if they are mapped to this requirement id", "schema": { "example": [], "type": "number" } }, { "name": "requirementId", "required": false, "in": "query", "description": "Only include controls if they are mapped to this requirement id", "schema": { "example": [], "type": "number" } }, { "name": "excludeTestId", "required": false, "in": "query", "description": "Exclude controls if they are mapped to this test id", "schema": { "example": [], "type": "number" } }, { "name": "testId", "required": false, "in": "query", "description": "Only include controls if they are mapped to this test id", "schema": { "example": [], "type": "number" } }, { "name": "hasTicket", "required": false, "in": "query", "description": "Only include controls if they associted to a task management ticket", "schema": { "example": 0, "enum": [ "IN_PROGRESS", "ARCHIVED" ], "type": "string" } }, { "name": "connectionId", "required": false, "in": "query", "description": "This will be filled in automatic when using a taskManagementStatus.", "schema": { "type": "number" } }, { "name": "reviewersIds", "required": false, "in": "query", "description": "User Ids of Control Reviewers", "schema": { "example": [ 1 ], "type": "array", "items": { "type": "number" } } }, { "name": "taskOwnersIds", "required": false, "in": "query", "description": "User Ids of TaskOwners", "schema": { "example": [ 1 ], "type": "array", "items": { "type": "number" } } }, { "name": "workspaceId", "required": false, "in": "query", "description": "ID of the workspace associated with the controls", "schema": { "example": 1, "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlPaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find controls by search terms and filters", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-get" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/controls/{id}/external-evidence": { "get": { "description": "Get all mapped external evidence to a control\n\nšŸ”’ Requires **Controls: Map External Evidence** permission.", "operationId": "GRCPublicController_getMappedExternalEvidence", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Exclude external evidence by array of id", "schema": { "example": [], "type": "array", "items": { "type": "number" } } } ], "responses": { "200": { "description": "Public Api", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MappedExternalEvidencePaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find control external evidence by control id", "tags": [ "Controls" ], "x-drata-permissions": [ "external-evidence-get" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/external-evidence/{id}/download": { "get": { "description": "Get signed download link for external evidence\n\nšŸ”’ Requires **Controls: Map External Evidence** permission.", "operationId": "GRCPublicController_getEvidenceDownloadUrl", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get external evidence document download url by document id", "tags": [ "Controls" ], "x-drata-permissions": [ "external-evidence-get-download-document" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/workspaces/{workspaceId}/controls/{id}/external-evidence": { "post": { "description": "Upload external evidence to map to a control\n\nšŸ”’ Requires **Controls: Map External Evidence** permission.", "operationId": "GRCPublicController_uploadExternalEvidence", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/UploadEvidencePublicDto" } }, "application/json": { "schema": { "$ref": "#/components/schemas/UploadEvidencePublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MappedExternalEvidenceResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Upload external evidence document by control id", "tags": [ "Controls" ], "x-drata-permissions": [ "external-evidence-post" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/workspaces/{workspaceId}/controls/{controlId}": { "get": { "description": "List all the information for a specific control\n\nšŸ”’ Requires **Controls: Get Control** permission.", "operationId": "GRCPublicController_getControlById", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlShortResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find control by control id", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-get-control" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] }, "put": { "description": "Edit control\n\nšŸ”’ Requires **Controls: Update Control** permission.", "operationId": "GRCPublicController_editControl", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EditControlRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlShortResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Edit control of the account", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-put" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/workspaces/{workspaceId}/controls/{controlId}/evidence/download": { "get": { "description": "Download zip with all control evidence\n\nšŸ”’ Requires **Controls: Download All Control evidence** permission.", "operationId": "GRCPublicController_getDownloadAllEvidence", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get control evidence download url by control id", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-get-download-all-evidence" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/controls/{id}/requirements": { "get": { "description": "Get all mapped requirements from a control id\n\nšŸ”’ Requires **Controls: Get Control** permission.", "operationId": "GRCPublicController_getMappedRequirements", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "frameworkTag", "required": false, "in": "query", "description": "Filter data by controls associated with these framework tags", "schema": { "example": [ "SOC_2", "ISO27001" ], "enum": [ "NONE", "SOC_2", "ISO27001", "CCPA", "GDPR", "HIPAA", "PCI", "SCF", "NIST80053", "NISTCSF", "CMMC", "NIST800171", "MSSSPA", "FFIEC", "ISO27701", "COBIT", "SOX_ITGC", "ISO270012022", "CCM", "CYBER_ESSENTIALS", "ISO270172015", "ISO270182019", "FEDRAMP", "NISTAI", "PCI4", "NISTCSF2", "NIS2", "DORA", "ISO420012023", "DRATA_ESSENTIALS", "NIST800171R3", "CIS8", "CYBER_ESSENTIALS_32", "FEDRAMP20X", "HITRUST", "MSSSPA11", "ESSENTIAL_EIGHT", "NYDFS", "TISAX", "ISO270182025", "CCPA2026", "ISO277012025", "CPS230", "CUSTOM", "ALL" ], "type": "string" } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Exclude notes by array of id", "schema": { "example": [], "type": "array", "items": { "type": "number" } } }, { "name": "frameworkSlug", "required": false, "in": "query", "description": "Filter data by controls associated with these framework slugs. This parameter is intended to be used only for custom frameworks", "schema": { "example": "slug", "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RequirementPaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find control mapped requirements by control id", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-get-control" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/controls/{id}/owners": { "get": { "description": "Get control owners for a control\n\nšŸ”’ Requires **Controls: Get Control** permission.", "operationId": "GRCPublicController_getControlOwnersForAControl", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "User first name, or last name, or email, or full name", "schema": { "example": "John Doe", "type": "string" } }, { "name": "frameworkSlug", "required": false, "in": "query", "description": "Filter data by controls associated with this framework slug", "schema": { "example": "soc2", "type": "string" } }, { "name": "includeUserIds[]", "required": false, "in": "query", "description": "A set of users to return", "schema": { "minItems": 1, "maxItems": 300, "nullable": true, "example": [ 1, 2, 3 ], "type": "array", "items": { "type": "number" } } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Exclude users by array of id", "schema": { "example": [], "type": "array", "items": { "type": "number" } } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlOwnersResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find control owners by control id", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-get-control" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] }, "put": { "description": "Add control owners\n\nšŸ”’ Requires **Controls: Manage Control Owners** permission.", "operationId": "GRCPublicController_putControlOwners", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlOwnerRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlOwnersResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Add control owners by control id", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-put-owners" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/workspaces/{workspaceId}/controls": { "post": { "description": "Create a new custom control\n\nšŸ”’ Requires **Controls: Create Control** permission.\n\nšŸ’Ž Requires your account have the **Custom Controls** feature. Contact your CSM for help upgrading.", "operationId": "GRCPublicController_createControl", "parameters": [ { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/CreateControlRequestPublicDto" } }, "application/json": { "schema": { "$ref": "#/components/schemas/CreateControlRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Add a new control to the account", "tags": [ "Controls" ], "x-drata-entitlement": [ "CUSTOM_CONTROLS" ], "x-drata-permissions": [ "controls-post" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/external-evidence/{id}": { "delete": { "description": "Delete external evidence\n\nšŸ”’ Requires **Controls: Delete Mapped External Evidence** permission.", "operationId": "GRCPublicController_deleteEvidence", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MappedExternalEvidenceResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Remove external evidence by external evidence id", "tags": [ "Controls" ], "x-drata-permissions": [ "external-evidence-delete" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/controls/owners": { "delete": { "description": "Bulk delete control owners\n\nšŸ”’ Requires **Controls: Manage Control Owners** permission.", "operationId": "GRCPublicController_bulkDeleteControlOwners", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlOwnerBulkRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlOwnersResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Bulk delete control owners by control ids and owner ids", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-delete-owners" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/workspaces/{workspaceId}/controls/{controlId}/notes": { "get": { "description": "List all the notes associated with a given control\n\nšŸ”’ Requires **Controls: Get Control Note** permission.", "operationId": "GRCPublicController_getControlNotes", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Exclude Notes by IDs", "schema": { "example": [], "type": "array", "items": { "type": "string" } } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NotesPaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get notes by control ID", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-notes-get" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] }, "post": { "description": "Create a note for a given control\n\nšŸ”’ Requires **Controls: Create Control Note** permission.", "operationId": "GRCPublicController_createControlNote", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateControlNoteRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NoteResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Create a control note", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-notes-post" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/workspaces/{workspaceId}/controls/{controlId}/notes/{noteId}": { "get": { "description": "Gets a note associated with a given control, by note ID\n\nšŸ”’ Requires **Controls: Get Control Note** permission.", "operationId": "GRCPublicController_getControlNote", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "noteId", "required": true, "in": "path", "schema": { "type": "string" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NoteResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get control notes by note ID", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-notes-get" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] }, "put": { "description": "Update a note for a given control\n\nšŸ”’ Requires **Controls: Update Control Note** permission.", "operationId": "GRCPublicController_updateNote", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "noteId", "required": true, "in": "path", "schema": { "type": "string" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NoteRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NoteResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update a control note", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-notes-put" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] }, "delete": { "description": "Delete a note for a given control\n\nšŸ”’ Requires **Controls: Delete Control Note** permission.", "operationId": "GRCPublicController_deleteNote", "parameters": [ { "name": "controlId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "noteId", "required": true, "in": "path", "schema": { "type": "string" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful" }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Delete a control note", "tags": [ "Controls" ], "x-drata-permissions": [ "controls-notes-delete" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/events": { "get": { "description": "List events given the provided search terms and filters.\n\nšŸ”’ Requires **Event Tracking: List Events** permission.", "operationId": "EventsPublicController_listEvents", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "maximum": 1000, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Find an event by ID", "schema": { "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "type": "string" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: CREATED)", "schema": { "example": "CREATED", "enum": [ "CREATED", "DESCRIPTION", "TYPE", "CATEGORY", "USER", "CHECK_RESULTS_STATUS" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: DESC)", "schema": { "example": "DESC", "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "type", "required": false, "in": "query", "description": "Filter data to events of this type", "schema": { "$ref": "#/components/schemas/EventTypeEnum" } }, { "name": "source", "required": false, "in": "query", "description": "Filter data to events of this source", "schema": { "example": "UPLOAD_EXTERNAL_EVIDENCE", "enum": [ "APP", "AUTOPILOT", "PUBLIC_API", "VENDOR_QUESTIONNAIRE", "SCHEDULED", "WORKFLOW", "DRATA_POLICY" ], "type": "string" } }, { "name": "category", "required": false, "in": "query", "description": "Filter data to events of this category", "schema": { "$ref": "#/components/schemas/EventCategoryEnum" } }, { "name": "status", "required": false, "in": "query", "description": "Filter data to events of with this status", "schema": { "example": "PASSED", "enum": [ "READY", "PASSED", "FAILED", "ERROR", "PREAUDIT" ], "type": "string" } }, { "name": "userId", "required": false, "in": "query", "description": "The user to filter events to", "schema": { "example": 1, "type": "number" } }, { "name": "controlId", "required": false, "in": "query", "description": "The control to filter events to", "schema": { "example": 1, "type": "number" } }, { "name": "testId", "required": false, "in": "query", "description": "The test to filter events to", "schema": { "example": 1, "type": "number" } }, { "name": "workspaceId", "required": false, "in": "query", "description": "The workspace to filter events to", "schema": { "example": 1, "type": "number" } }, { "name": "mostRecent", "required": false, "in": "query", "description": "Return the most recent event only if a testId is given", "schema": { "example": false, "type": "boolean" } }, { "name": "eventErrorStatus", "required": false, "in": "query", "description": "Filter events with ERROR status", "schema": { "example": false, "type": "boolean" } }, { "name": "createdAtStartDate", "required": false, "in": "query", "description": "Filters the events to those with a creation date greater than or equal to this date and time.", "schema": { "format": "date-time", "example": "2025-04-22T00:00:00.000Z", "type": "string" } }, { "name": "createdAtEndDate", "required": false, "in": "query", "description": "Filters the events to those with a creation date less than or equal to this date and time", "schema": { "format": "date-time", "example": "2025-04-25T00:00:00.000Z", "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EventsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find events by search terms and filters", "tags": [ "Events" ], "x-drata-permissions": [ "event-tracking-get" ], "x-product-area": [ "EVENT_TRACKING" ] } }, "/events/{id}": { "get": { "description": "Get details for an event.\n\nšŸ”’ Requires **Event Tracking: Get Event** permission.", "operationId": "EventsPublicController_getEventDetails", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EventResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get event details by id", "tags": [ "Events" ], "x-drata-permissions": [ "event-tracking-get-event" ], "x-product-area": [ "EVENT_TRACKING" ] } }, "/monitors": { "get": { "description": "List Monitors given the provided search terms and filters\n\nšŸ”’ Requires **Monitoring: List Monitors** permission.", "operationId": "MonitorsPublicController_listMonitors", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for test names", "schema": { "example": "SSL enforced on company website", "type": "string" } }, { "name": "checkResultStatus", "required": false, "in": "query", "description": "Filter monitors (control test instances) on a result status", "schema": { "example": "ERROR", "enum": [ "READY", "PASSED", "FAILED", "ERROR", "PREAUDIT" ], "type": "string" } }, { "name": "checkResultStatuses", "required": false, "in": "query", "description": "Filter monitors (control test instances) on result statuses", "schema": { "example": [ "PASSED", "FAILED" ], "type": "array", "items": { "type": "string", "enum": [ "READY", "PASSED", "FAILED", "ERROR", "PREAUDIT" ] } } }, { "name": "checkStatus", "required": false, "in": "query", "description": "Filter monitors (control test instances) on system status", "schema": { "example": "ENABLED", "enum": [ "UNUSED", "NEW", "ENABLED", "DISABLED", "TESTING" ], "type": "string" } }, { "name": "source", "required": false, "in": "query", "description": "Filter monitors by test source type (control test instances)", "schema": { "example": "DRATA", "enum": [ "DRATA", "CUSTOM", "EXTERNAL", "ACORN", "DRATA_LIBRARY" ], "type": "string" } }, { "name": "type", "required": false, "in": "query", "description": "Filter Monitors by check type (associated monitor instances)", "schema": { "example": "INFRASTRUCTURE", "enum": [ "POLICY", "IN_DRATA", "AGENT", "INFRASTRUCTURE", "VERSION_CONTROL", "IDENTITY", "TICKETING", "HRIS", "OBSERVABILITY", "CUSTOM" ], "type": "string" } }, { "name": "controlOwner", "required": false, "in": "query", "description": "Owner id to filter against", "schema": { "example": 1, "type": "number" } }, { "name": "getAll", "required": false, "in": "query", "description": "boolean for running through the full pagination", "schema": { "example": true, "type": "boolean" } }, { "name": "includeArchivedControls", "required": false, "in": "query", "description": "boolean for getting archived controls as well", "schema": { "example": true, "type": "boolean" } }, { "name": "controlId", "required": false, "in": "query", "description": "Control id to filter against", "schema": { "example": 1, "type": "number" } }, { "name": "excludeControlId", "required": false, "in": "query", "description": "Control id to filter against", "schema": { "example": 1, "type": "number" } }, { "name": "excludeTestIds", "required": false, "in": "query", "description": "Exclude tests by array of id", "schema": { "example": [], "type": "array", "items": { "type": "number" } } }, { "name": "sortByName", "required": false, "in": "query", "description": "boolean for sorting results by name", "schema": { "example": true, "type": "boolean" } }, { "name": "reportInterval", "required": false, "in": "query", "description": "The interval to group the data on", "schema": { "example": "MONTHLY", "enum": [ "WEEKLY", "MONTHLY" ], "type": "string" } }, { "name": "drafts", "required": false, "in": "query", "description": "boolean for returning drafts instead of published", "schema": { "example": true, "type": "boolean" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlTestsPaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find monitor by search terms and filters", "tags": [ "Monitor Instances" ], "x-drata-permissions": [ "monitors-get" ], "x-product-area": [ "MONITOR_TEST_DETAILS_UI" ] } }, "/workspaces/{workspaceId}/monitors/{testId}/details": { "get": { "description": "Get details for a monitor\n\nšŸ”’ Requires **Monitoring: Get Monitor** permission.", "operationId": "MonitorsPublicController_getControlTestInstance", "parameters": [ { "name": "testId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ControlTestInstanceResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find monitor details by test id", "tags": [ "Monitor Instances" ], "x-drata-permissions": [ "monitors-get-monitor" ], "x-product-area": [ "MONITOR_TEST_DETAILS_UI" ] } }, "/workspaces/{workspaceId}/monitors/{testId}/failures": { "get": { "operationId": "MonitorsPublicController_getMonitorFailedResultsReport", "parameters": [ { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } }, { "name": "testId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "type", "required": true, "in": "query", "description": "Filter monitors by included or excluded", "schema": { "example": "included", "enum": [ "included", "excluded" ], "type": "string" } }, { "name": "checkType", "required": false, "in": "query", "description": "Filter monitors by check type", "schema": { "example": "INFRASTRUCTURE", "enum": [ "POLICY", "IN_DRATA", "AGENT", "INFRASTRUCTURE", "VERSION_CONTROL", "IDENTITY", "TICKETING", "HRIS", "OBSERVABILITY", "CUSTOM" ], "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MonitorFailedResultsResponsesPublicDto" } }, "text/csv": { "schema": { "$ref": "#/components/schemas/MonitorFailedResultsCsvResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get Monitor failed Test results", "tags": [ "Monitor Instances" ], "x-drata-permissions": [ "monitors-get-monitor" ], "x-product-area": [ "MONITOR_TEST_DETAILS_UI" ], "description": "šŸ”’ Requires **Monitoring: Get Monitor** permission." } }, "/workspaces/{id}/frameworks": { "get": { "description": "List frameworks by workspace id\n\nšŸ”’ Requires **Frameworks: List Frameworks** permission.", "operationId": "FrameworksPublicController_getWorkspaceFrameworksReady", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for framework names", "schema": { "type": "string" } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Exclude frameworks by array of id", "schema": { "example": [], "type": "array", "items": { "type": "number" } } }, { "name": "getAll", "required": false, "in": "query", "description": "return all frameworks?", "schema": { "example": false, "type": "boolean" } }, { "name": "isReady", "required": false, "in": "query", "description": "Filter controls on if they are ready", "schema": { "example": true, "type": "boolean" } }, { "name": "isEnabled", "required": false, "in": "query", "description": "Filter frameworks enabled", "schema": { "default": true, "example": true, "type": "boolean" } }, { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WorkspaceFrameworkReadyResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find frameworks by workspace id", "tags": [ "Frameworks" ], "x-drata-permissions": [ "workspaces-get-frameworks" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/frameworks/requirements": { "get": { "description": "List framework requirements for the primary workspace, given the provided search terms and filters\n\nšŸ”’ Requires **Frameworks: List Framework Requirements** permission.", "operationId": "FrameworksPublicController_getAllRequirements", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for requirement name or description/long description", "schema": { "example": "A1.1", "type": "string" } }, { "name": "frameworkSlug", "required": false, "in": "query", "description": "Filter requirements on their framework slug", "schema": { "example": "soc2", "type": "string" } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Exclude requirements by array of id", "schema": { "example": [ 1, 2 ], "type": "array", "items": { "type": "number" } } }, { "name": "excludeControlId", "required": false, "in": "query", "description": "Control id to be excluded", "schema": { "example": 1, "type": "number" } }, { "name": "isInScope", "required": false, "in": "query", "description": "Filter requirements if they are in/out of scope", "schema": { "nullable": true, "example": false, "type": "boolean" } }, { "name": "isReady", "required": false, "in": "query", "description": "Filter requirements if they are or not ready", "schema": { "nullable": true, "example": false, "type": "boolean" } }, { "name": "isInScopeControls", "required": false, "in": "query", "description": "Filter requirements if they are linked to controls that are in/out of scope", "schema": { "nullable": true, "example": false, "type": "boolean" } }, { "name": "topic", "required": false, "in": "query", "description": "Filter requirements on their topic", "schema": { "nullable": true, "example": [ "ADMINISTRATIVE_SAFEGUARDS", "AVAILABILITY" ], "type": "array", "items": { "type": "string", "enum": [ "AVAILABILITY", "CONFIDENTIALITY", "SECURITY", "PRIVACY", "PROCESS_INTEGRITY", "GENERAL_RULES", "ADMINISTRATIVE_SAFEGUARDS", "PHYSICAL_SAFEGUARDS", "TECHNICAL_SAFEGUARDS", "REQUIREMENTS_ORGANIZATION", "REQUIREMENTS_POLICIES_PROCEDURES", "BASIC", "DERIVED", "NIST80053_PRIVACY" ] } } }, { "name": "category", "required": false, "in": "query", "description": "Filter requirements on their category", "schema": { "nullable": true, "example": [ "GDPR_CONTROLLER_AND_PROCESSOR", "SOC_2_CONTROL_ACTIVITIES" ], "type": "array", "items": { "type": "string", "enum": [ "SOC_2_AVAILABILITY", "SOC_2_CONFIDENTIALITY", "SOC_2_CONTROL_ENVIRONMENT", "SOC_2_COMMUNICATION_AND_INFORMATION", "SOC_2_RISK_ASSESSMENT", "SOC_2_MONITORING_ACTIVITIES", "SOC_2_CONTROL_ACTIVITIES", "SOC_2_LOGICAL_AND_PHYSICAL_ACCESS_CONTROLS", "SOC_2_SYSTEM_OPERATIONS", "SOC_2_CHANGE_MANAGEMENT", "SOC_2_RISK_MITIGATION", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_NOTICE_AND_COMMUNICATION_OF_REQUIREMENTS_RELATED_TO_PRIVACY", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_CHOICE_AND_CONSENT", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_COLLECTION", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_USE_RETENTION_AND_DISPOSAL", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_ACCESS", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_DISCLOSURE_AND_NOTIFICATION", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_QUALITY", "SOC_2_PRIVACY_CRITERIA_RELATED_TO_MONITORING_AND_ENFORCEMENT", "SOC_2_PROCESS_INTEGRITY", "ISO27001_CONTEXT_OF_THE_ORGANIZATION", "ISO27001_LEADERSHIP", "ISO27001_PLANNING", "ISO27001_SUPPORT", "ISO27001_OPERATION", "ISO27001_PERFORMANCE_EVALUATION", "ISO27001_IMPROVEMENT", "ISO_INFORMATION_SECURITY_POLICIES", "ISO_ORGANIZATION_OF_INFORMATION_SECURITY", "ISO_HUMAN_RESOURCES_SECURITY", "ISO_ASSET_MANAGEMENT", "ISO_ACCESS_CONTROL", "ISO_CRYPTOGRAPHY", "ISO_PHYSICAL_AND_ENVIRONMENTAL_SECURITY", "ISO_OPERATIONS_SECURITY", "ISO_COMMUNICATIONS_SECURITY", "ISO_SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE", "ISO_SUPPLIER_RELATIONSHIPS", "ISO_INFORMATION_SECURITY_INCIDENT_MANAGEMENT", "ISO27001_INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT", "ISO_COMPLIANCE", "HIPAA_SECURITY", "HIPAA_BREACH_NOTIFICATION", "HIPAA_PRIVACY", "PCI_FIREWALL", "PCI_PASSWORDS", "PCI_DATA_AT_REST_PROTECTION", "PCI_DATA_IN_TRANSIT_ENCRYPTION", "PCI_MALWARE_PROTECTION", "PCI_SECURE_SYSTEM_MANAGEMENT", "PCI_ACCESS_RESTRICTION", "PCI_SYSTEM_ACCESS_CONTROL", "PCI_PHYSICAL_ACCESS_CONTROL", "PCI_NETWORK_ACCESS_MONITORING", "PCI_VULNERABILITY_TESTING", "PCI_INFORMATION_SECURITY_POLICY", "GDPR_PRINCIPLES", "GDPR_RIGHTS_OF_THE_DATA_SUBJECT", "GDPR_CONTROLLER_AND_PROCESSOR", "GDPR_TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_OR_INTERNATIONAL_ORGANIZATIONS", "CCPA_INDIVIDUAL_RIGHTS", "CCPA_SERVICE_PROVIDER", "CCPA_NOTICES_TO_CONSUMERS", "CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS", "CCPA_VERIFICATION_OF_REQUESTS", "CCPA_SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE", "CCPA_NON_DISCRIMINATION", "MSSSPA_MANAGEMENT", "MSSSPA_NOTICE", "MSSSPA_CHOICE_AND_CONSENT", "MSSSPA_COLLECTION", "MSSSPA_RETENTION", "MSSSPA_DATA_SUBJECTS", "MSSSPA_DISCLOSURE_TO_THIRD_PARTIES", "MSSSPA_QUALITY", "MSSSPA_MONITORING_AND_ENFORCEMENT", "NISTCSF_IDENTIFY", "NISTCSF_PROTECT", "NISTCSF_DETECT", "NISTCSF_RESPOND", "NISTCSF_RECOVER", "NIST800171R2_TECHNICAL", "NIST800171R2_OPERATIONAL", "ISO277012019_PIMS_SPECIFIC_REQUIREMENTS", "ISO277012019_PIMS_SPECIFIC_GUIDANCE", "PII_CONTROLS_GUIDANCE", "PII_PROCESSORS_GUIDANCE", "CCPA_SECURITY", "MSSSPA_SECURITY", "NIST800171R2_MANAGEMENT", "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT", "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION", "FFIEC_CYBERSECURITY_CONTROLS", "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT", "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE", "NISTSP80053_TECHNICAL", "NISTSP80053_OPERATIONAL", "NISTSP80053_MANAGEMENT", "CMMC_TECHNICAL", "CMMC_OPERATIONAL", "CMMC_MANAGEMENT", "COBIT_EVALUATE_DIRECT_AND_MONITOR", "COBIT_ALIGN_PLAN_AND_ORGANIZE", "COBIT_BUILD_ACQUIRE_AND_IMPLEMENT", "COBIT_DELIVER_SERVICE_AND_SUPPORT", "COBIT_MONITOR_EVALUATE_AND_ASSESS", "SOX_ITGC_PROGRAM_DEVELOPMENT", "SOX_ITGC_CHANGE_MANAGEMENT", "SOX_ITGC_SYSTEM_OPERATIONS", "SOX_ITGC_ACCESS_MANAGEMENT", "ISO270012022_CONTEXT_OF_THE_ORGANIZATION", "ISO270012022_LEADERSHIP", "ISO270012022_PLANNING", "ISO270012022_SUPPORT", "ISO270012022_OPERATION", "ISO270012022_PERFORMANCE_EVALUATION", "ISO270012022_IMPROVEMENT", "ISO270012022_ORGANIZATIONAL_CONTROLS", "ISO270012022_PEOPLE_CONTROLS", "ISO270012022_PHYSICAL_CONTROLS", "ISO270012022_TECHNOLOGICAL_CONTROLS", "CCM_AUDIT_AND_ASSURANCE", "CCM_APPLICATION_AND_INTERFACE_SECURITY", "CCM_BUSINESS_CONTINUITY_MANAGEMENT_AND_OPERATIONAL_RESILIENCE", "CCM_CHANGE_CONTROL_AND_CONFIGURATION_MANAGEMENT", "CCM_CRYPTOGRAPHY_ENCRYPTION_AND_KEY_MANAGEMENT", "CCM_DATACENTER_SECURITY", "CCM_DATA_SECURITY_AND_PRIVACY_LIFECYCLE_MANAGEMENT", "CCM_GOVERNANCE_RISK_AND_COMPLIANCE", "CCM_HUMAN_RESOURCES", "CCM_IDENTITY_AND_ACCESS_MANAGEMENT", "CCM_INTEROPERABILITY_AND_PORTABILITY", "CCM_INFRASTRUCTURE_AND_VIRTUALIZATION_SECURITY", "CCM_LOGGING_AND_MONITORING", "CCM_SECURITY_INCIDENT_MANAGEMENT_EDISCOVERY_AND_CLOUD_FORENSICS", "CCM_SUPPLY_CHAIN_MANAGEMENT_TRANSPARENCY_AND_ACCOUNTABILITY", "CCM_THREAT_AND_VULNERABILITY_MANAGEMENT", "CCM_UNIVERSAL_ENDPOINT_MANAGEMENT", "CCPA_GENERAL_PROVISIONS", "CCPA_REQUIRED_DISCLOSURES_TO_CONSUMERS", "CCPA_SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES", "CCPA_TRAINING_AND_RECORD_KEEPING", "CYBER_ESSENTIALS_FIREWALLS", "CYBER_ESSENTIALS_SECURE_CONFIGURATION_COMPUTERS_AND_NETWORK_DEVICES", "CYBER_ESSENTIALS_SECURE_CONFIGURATION_DEVICE_UNLOCKING_CREDENTIALS", "CYBER_ESSENTIALS_SECURITY_UPDATE_MANAGEMENT", "CYBER_ESSENTIALS_USER_ACCESS_CONTROL", "CYBER_ESSENTIALS_MALWARE_PROTECTION", "CYBER_ESSENTIALS_DATA_BACKUP", "CYBER_ESSENTIALS_ASSET_MANAGEMENT", "CYBER_ESSENTIALS_VULNERABILITY_MANAGEMENT", "ISO270182019_PII", "FEDRAMP_TECHNICAL", "FEDRAMP_OPERATIONAL", "FEDRAMP_MANAGEMENT", "NISTAI_GOVERN", "NISTAI_MANAGE", "NISTAI_MAP", "NISTAI_MEASURE", "PCI4_NETWORK_SECURITY", "PCI4_SECURE_CONFIGURATIONS", "PCI4_DATA_STORAGE_PROTECTION", "PCI4_DATA_TRANSMISSION_PROTECTION", "PCI4_MALWARE_PROTECTION", "PCI4_SECURE_DEVELOPMENT_AND_MAINTENANCE", "PCI4_ACCESS_MANAGEMENT", "PCI4_IDENTIFICATION_AND_AUTHENTICATION", "PCI4_PHYSICAL_ACCESS_CONTROL", "PCI4_LOGGING_AND_MONITORING", "PCI4_SECURITY_TESTING", "PCI4_ORGANIZATIONAL_POLICIES_AND_PROGRAMS", "PCI4_APPENDIX_1_MULTI_TENANT_SERVICE_PROVIDERS", "PCI4_APPENDIX_2_ENTITIES_USING_SSL_EARLY_TLS", "PCI4_APPENDIX_3_DESIGNATED_ENTITIES_SUPPLEMENTAL_VALIDATION", "ISO277012019_ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "ISO277012019_ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES", "ISO277012019_ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "ISO277012019_ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE", "ISO277012019_ANNEX_A_CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "ISO277012019_ANNEX_A_OBLIGATIONS_TO_PII_PRINCIPLES", "ISO277012019_ANNEX_A_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "ISO277012019_ANNEX_A_PII_SHARING_TRANSFER_AND_DISCLOSURE", "NISTCSF2_GOVERN_GV", "NISTCSF2_IDENTIFY_ID", "NISTCSF2_PROTECT_PR", "NISTCSF2_DETECT_DE", "NISTCSF2_RESPOND_RS", "NISTCSF2_RECOVER_RC", "NIS2_GOVERNANCE", "NIS2_RISK_MANAGEMENT", "NIS2_REPORTING", "DORA_REGULATION", "DORA_ICT_RMF_RTS", "ISO420012023_RESOURCES_FOR_AI_SYSTEMS", "ISO420012023_INTERNAL_ORGANIZATION", "ISO420012023_AI_SYSTEM_LIFE_CYCLE", "ISO420012023_ASSESSING_IMPACTS_OF_AI_SYSTEMS", "ISO420012023_DATA_FOR_AI_SYSTEMS", "ISO420012023_INFORMATION_FOR_INTERESTED_PARTIES_OF_AI_SYSTEMS", "ISO420012023_USE_OF_AI_SYSTEMS", "ISO420012023_THIRD_PARTY_AND_CUSTOMER_RELATIONSHIPS", "ISO420012023_POLICIES_RELATED_TO_AI", "ISO420012023_SUPPORT", "ISO420012023_OPERATION", "ISO420012023_CONTEXT_OF_THE_ORGANIZATION", "ISO420012023_PERFORMANCE_EVALUATION", "ISO420012023_PLANNING", "ISO420012023_LEADERSHIP", "ISO420012023_IMPROVEMENT", "DRATA_ESSENTIALS_PROTECT", "DRATA_ESSENTIALS_RECOVER", "DRATA_ESSENTIALS_RESPOND", "DRATA_ESSENTIALS_IDENTIFY", "DRATA_ESSENTIALS_DETECT", "DRATA_ESSENTIALS_GOVERN", "NIST800171R3_OPERATIONAL", "NIST800171R3_MANAGEMENT", "NIST800171R3_TECHNICAL", "CIS81_SERVICE_PROVIDER_MANAGEMENT", "CIS81_DATA_PROTECTION", "CIS81_DATA_RECOVERY", "CIS81_CONTINUOUS_VULNERABILITY_MANAGEMENT", "CIS81_APPLICATION_SOFTWARE_SECURITY", "CIS81_ACCESS_CONTROL_MANAGEMENT", "CIS81_INVENTORY_AND_CONTROL_OF_SOFTWARE_ASSETS", "CIS81_NETWORK_INFRASTRUCTURE_MANAGEMENT", "CIS81_EMAIL_AND_WEB_BROWSER_PROTECTIONS", "CIS81_NETWORK_MONITORING_AND_DEFENSE", "CIS81_AUDIT_LOG_MANAGEMENT", "CIS81_SECURE_CONFIGURATION_OF_ENTERPRISE_ASSETS_AND_SOFTWARE", "CIS81_INVENTORY_AND_CONTROL_OF_ENTERPRISE_ASSETS", "CIS81_MALWARE_DEFENSES", "CIS81_SECURITY_AWARENESS_AND_SKILLS_TRAINING", "CIS81_PENETRATION_TESTING", "CIS81_ACCOUNT_MANAGEMENT", "CIS81_INCIDENT_RESPONSE_MANAGEMENT", "CYBERESSENTIALS32_MALWARE_PROTECTION", "CYBERESSENTIALS32_DEVICE_UNLOCKING_METHOD", "CYBERESSENTIALS32_FIREWALLS", "CYBERESSENTIALS32_PASSWORD_BASED_AUTHENTICATION", "CYBERESSENTIALS32_SECURITY_UPDATE_MANAGEMENT", "CYBERESSENTIALS32_SCOPE", "CYBERESSENTIALS32_ADMINISTRATIVE_ACCOUNTS", "CYBERESSENTIALS32_SECURE_CONFIGURATION", "CYBERESSENTIALS32_USER_ACCESS_CONTROL", "FR20X_POLICY_AND_INVENTORY", "FR20X_SERVICE_CONFIGURATION", "FR20X_MONITORING_LOGGING_AND_AUDITING", "FR20X_CHANGE_MANAGEMENT", "FR20X_CLOUD_NATIVE_ARCHITECTURE", "FR20X_THIRD_PARTY_INFORMATION_RESOURCES", "FR20X_IDENTITY_AND_ACCESS_MANAGEMENT", "FR20X_INCIDENT_REPORTING", "FR20X_CYBERSECURITY_EDUCATION", "FR20X_RECOVERY_PLANNING", "HITRUST_EDUCATION_TRAINING_AND_AWARENESS", "HITRUST_DATA_PROTECTION_AND_PRIVACY", "HITRUST_PHYSICAL_AND_ENVIRONMENTAL_SECURITY", "HITRUST_AUDIT_LOGGING_AND_MONITORING", "HITRUST_INFORMATION_PROTECTION_PROGRAM", "HITRUST_TRANSMISSION_PROTECTION", "HITRUST_THIRD_PARTY_ASSURANCE", "HITRUST_RISK_MANAGEMENT", "HITRUST_ACCESS_CONTROL", "HITRUST_PASSWORD_MANAGEMENT", "HITRUST_VULNERABILITY_MANAGEMENT", "HITRUST_BUSINESS_CONTINUITY_AND_DISASTER_RECOVERY", "HITRUST_MOBILE_DEVICE_SECURITY", "HITRUST_INCIDENT_MANAGEMENT", "HITRUST_ENDPOINT_PROTECTION", "HITRUST_CONFIGURATION_MANAGEMENT", "HITRUST_NETWORK_PROTECTION", "HITRUST_PORTABLE_MEDIA_SECURITY", "HITRUST_WIRELESS_SECURITY", "MSSSPAV11_SSPAV11_SECURITY", "MSSSPAV11_SSPAV11_AI_SYSTEMS", "MSSSPAV11_SSPAV11_RETENTION", "MSSSPAV11_SSPAV11_MANAGEMENT", "MSSSPAV11_SSPAV11_COLLECTION", "MSSSPAV11_SSPAV11_QUALITY", "MSSSPAV11_SSPAV11_CHOICE_AND_CONSENT", "MSSSPAV11_SSPAV11_DATA_SUBJECTS", "MSSSPAV11_SSPAV11_MONITORING_AND_ENFORCEMENT", "MSSSPAV11_SSPAV11_NOTICE", "MSSSPAV11_SSPAV11_SUBCONTRACTORS", "ESSENTIAL_EIGHT_PATCH_OPERATING_SYSTEMS", "ESSENTIAL_EIGHT_MULTI_FACTOR_AUTHENTICATION", "ESSENTIAL_EIGHT_REGULAR_BACKUPS", "ESSENTIAL_EIGHT_APPLICATION_CONTROL", "ESSENTIAL_EIGHT_RESTRICT_ADMINISTRATIVE_PRIVILEGES", "ESSENTIAL_EIGHT_USER_APPLICATION_HARDENING", "ESSENTIAL_EIGHT_RESTRICT_MICROSOFT_OFFICE_MACROS", "ESSENTIAL_EIGHT_PATCH_APPLICATIONS", "NYDFS_VULNERABILITY_MANAGEMENT", "NYDFS_ACCESS_PRIVILEGES_AND_MANAGEMENT", "NYDFS_THIRD_PARTY_SERVICE_PROVIDER_SECURITY", "NYDFS_NOTICES_TO_SUPERINTENDENT", "NYDFS_INCIDENT_RESPONSE_AND_BUSINESS_CONTINUITY_MANAGEMENT", "NYDFS_CYBERSECURITY_PERSONNEL_AND_INTELLIGENCE", "NYDFS_CYBERSECURITY_POLICY", "NYDFS_ENCRYPTION_OF_NONPUBLIC_INFORMATION", "NYDFS_AUDIT_TRAIL", "NYDFS_CYBERSECURITY_GOVERNANCE", "NYDFS_ASSET_MANAGEMENT_AND_DATA_RETENTION", "NYDFS_MULTI_FACTOR_AUTHENTICATION", "NYDFS_MONITORING_AND_TRAINING", "NYDFS_CYBERSECURITY_PROGRAM", "NYDFS_APPLICATION_SECURITY", "NYDFS_RISK_ASSESSMENT", "TISAX_DATA_PROTECTION", "TISAX_IT_SECURITY_CYBER_SECURITY", "TISAX_PROTOTYPE_PROTECTION", "TISAX_IS_POLICIES_AND_ORGANIZATION", "TISAX_COMPLIANCE", "TISAX_PHYSICAL_SECURITY", "TISAX_IDENTITY_AND_ACCESS_MANAGEMENT", "TISAX_HUMAN_RESOURCES", "TISAX_SUPPLIER_RELATIONSHIPS", "ISO270182025_PEOPLE_CONTROLS", "ISO270182025_ORGANIZATIONAL_CONTROLS", "ISO270182025_INFORMATION_SECURITY", "ISO270182025_TECHNOLOGICAL_CONTROLS", "ISO270182025_CONSENT_AND_CHOICE", "ISO270182025_ACCOUNTABILITY", "ISO270182025_PRIVACY_COMPLIANCE", "ISO270182025_USE_RETENTION_AND_DISCLOSURE_LIMITATION", "ISO270182025_PURPOSE_LEGITIMACY_AND_SPECIFICATION", "ISO270182025_DATA_MINIMIZATION", "ISO270182025_PHYSICAL_CONTROLS", "ISO270182025_OPENNESS_TRANSPARENCY_AND_NOTICE", "CCPA2026_INDIVIDUAL_RIGHTS", "CCPA2026_SERVICE_PROVIDER", "CCPA2026_SECURITY", "CCPA2026_CONSUMER_REQUESTS", "CCPA2026_RISK_ASSESSMENTS", "CCPA2026_SERVICE_PROVIDERS_CONTRACTORS_THIRD_PARTIES", "CCPA2026_CYBERSECURITY_AUDITS", "CCPA2026_REQUIRED_DISCLOSURES_TO_CONSUMERS", "CCPA2026_VERIFICATION", "CCPA2026_NON_DISCRIMINATION", "CCPA2026_GENERAL_PROVISIONS", "CCPA2026_SPECIAL_RULES_REGARDING_CONSUMERS_LESS_THAN_16_YEARS_OF_AGE", "CCPA2026_AUTOMATED_DECISIONMAKING_TECHNOLOGY", "CCPA2026_TRAINING_AND_RECORDKEEPING", "CCPA2026_INSURANCE_COMPANIES", "ISO277012025_CONTEXT_OF_THE_ORGANIZATION", "ISO277012025_LEADERSHIP", "ISO277012025_PLANNING", "ISO277012025_SUPPORT", "ISO277012025_OPERATION", "ISO277012025_PERFORMANCE_EVALUATION", "ISO277012025_IMPROVEMENT", "ISO277012025_CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "ISO277012025_SECURITY_CONSIDERATIONS", "ISO277012025_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "ISO277012025_PII_SHARING_TRANSFER_AND_DISCLOSURE", "ISO277012025_OBLIGATIONS_TO_PII_PRINCIPALS", "CPS230_BUSINESS_CONTINUITY", "CPS230_OPERATIONAL_RISK_MANAGEMENT", "CPS230_RISK_MANAGEMENT_FRAMEWORK", "CPS230_KEY_PRINCIPLES", "CPS230_MANAGEMENT_OF_SERVICE_PROVIDER_ARRANGEMENTS", "CPS230_ROLES_AND_RESPONSIBILITIES", "CUSTOM" ] } } }, { "name": "subCategory", "required": false, "in": "query", "description": "Filter requirements on their subcategory", "schema": { "nullable": true, "example": [ "CODES_OF_CONDUCT_AND_CERTIFICATION", "ISO_COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS" ], "type": "array", "items": { "type": "string", "enum": [ "ISO_MANAGEMENT_DIRECTION_FOR_INFORMATION_SECURITY", "ISO_INTERNAL_ORGANIZATION", "ISO27001_MOBILE_DEVICES_AND_TELEWORKING", "ISO27001_PRIOR_TO_EMPLOYMENT", "ISO_DURING_EMPLOYMENT", "ISO27001_TERMINATION_AND_CHANGE_OF_EMPLOYMENT", "ISO_RESPONSIBILITY_FOR_ASSETS", "ISO_INFORMATION_CLASSIFICATION", "ISO27001_MEDIA_HANDLING", "ISO_BUSINESS_REQUIREMENT_OF_ACCESS_CONTROL", "ISO_USER_ACCESS_MANAGEMENT", "ISO27001_USER_RESPONSIBILITIES", "ISO_SYSTEM_AND_APPLICATION_ACCESS_CONTROL", "ISO_CRYPTOGRAPHIC_CONTROLS", "ISO27001_SECURE_AREAS", "ISO_EQUIPMENT", "ISO_OPERATIONAL_PROCEDURES_AND_RESPONSIBILITIES", "ISO27001_PROTECTION_FROM_MALWARE", "ISO_BACKUP", "ISO_LOGGING_AND_MONITORING", "ISO27001_CONTROL_OF_OPERATIONAL_SOFTWARE", "ISO_TECHNICAL_VULNERABILITY_MANAGEMENT", "ISO27001_INFORMATION_SYSTEMS_AUDIT_CONSIDERATIONS", "ISO_NETWORK_SECURITY_MANAGEMENT", "ISO_INFORMATION_TRANSFER", "ISO_SECURITY_REQUIREMENTS_OF_INFORMATION_SYSTEMS", "ISO_SECURITY_IN_DEVELOPMENT_AND_SUPPORT_PROCESSES", "ISO27001_TEST_DATA", "ISO_INFORMATION_SECURITY_IN_SUPPLIER_RELATIONSHIPS", "ISO27001_SUPPLIER_SERVICE_DELIVERY_MANAGEMENT", "ISO_MANAGING_OF_INFORMATION_SECURITY_INCIDENTS_AND_IMPROVEMENTS", "ISO27001_INFORMATION_SECURITY_CONTINUITY", "ISO27001_REDUNDANCIES", "ISO_COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS", "ISO_INFORMATION_SECURITY_REVIEWS", "GDPR_TRANSPARENCY_AND_MODALITIES", "GDPR_INFORMATION_AND_ACCESS_TO_PERSONAL_DATA", "GDPR_RECTIFICATION_AND_ERASURE", "GDPR_RIGHT_TO_OBJECT_AND_AUTOMATED_INDIVIDUAL_DECISION_MAKING", "GDPR_GENERAL_OBLIGATIONS", "GDPR_SECURITY_OF_PERSONNEL_DATA", "GDPR_DATA_PROTECTION_IMPACT_ASSESSMENT_AND_PRIOR_CONSULTATION", "GDPR_DATA_PROTECTION_OFFICER", "CODES_OF_CONDUCT_AND_CERTIFICATION", "CCPA_RIGHT_TO_KNOW", "CCPA_RIGHT_TO_DELETE", "CCPA_RIGHT_TO_OPT_OUT", "CCPA_RIGHT_TO_NON_DISCRIMINATION", "ASSET_MANAGEMENT", "NISTCSF_BUSINESS_ENVIRONMENT", "GOVERNANCE", "SOX_ITGC_RISK_ASSESSMENT", "NISTCSF_RISK_MANAGEMENT_STRATEGY", "NISTCSF_SUPPLY_CHAIN_RISK_MANAGEMENT", "NISTCSF_IDENTITY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL", "AWARENESS_AND_TRAINING", "NISTCSF_DATA_SECURITY", "NISTCSF_INFORMATION_PROTECTION_PROCESSES_AND_PROCEDURES", "MAINTENANCE", "NISTCSF_PROTECTIVE_TECHNOLOGY", "NISTCSF_ANOMALIES_AND_EVENTS", "NISTCSF_SECURITY_CONTINUOUS_MONITORING", "NISTCSF_DETECTION_PROCESSES", "NISTCSF_RESPONSE_PLANNING", "NISTCSF_COMMUNICATIONS", "NISTCSF_ANALYSIS", "NISTCSF_MITIGATION", "NISTCSF_IMPROVEMENTS", "NISTCSF_RECOVERY_PLANNING", "ACCESS_CONTROL", "NIST800171R2_AUDIT_AND_ACCOUNTABILITY", "NIST800171R2_CONFIGURATION_MANAGEMENT", "NIST800171R2_IDENTIFICATION_AND_AUTHENTICATION", "NIST800171R2_INCIDENT_RESPONSE", "NIST800171R2_MEDIA_PROTECTION", "NIST800171R2_PERSONNEL_SECURITY", "NIST800171R2_PHYSICAL_PROTECTION", "NIST800171R2_SECURITY_ASSESSMENT", "NIST800171R2_SYSTEM_AND_COMMUNICATIONS_PROTECTION", "NIST800171R2_SYSTEM_AND_INFORMATION_INTEGRITY", "CONTEXT_OF_THE_ORGANIZATION", "LEADERSHIP", "PLANNING", "SUPPORT", "OPERATION", "PERFORMANCE_EVALUATION", "IMPROVEMENT", "INFORMATION_SECURITY_POLICIES", "ORGANIZATION_OF_INFORMATION_SECURITY", "HUMAN_RESOURCE_SECURITY", "CRYPTOGRAHY", "PHYSICAL_AND_ENVIRONMENTAL_SECURITY", "OPERATIONS_SECURITY", "COMMUNICATIONS_SECURITY", "SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE", "SUPPLIER_RELATIONSHIPS", "INFORMATION_SECURITY_INCIDENT_MANAGEMENT", "INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT", "COMPLIANCE", "CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "OBLIGATIONS_TO_PII_PRINCIPLES", "PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "PII_SHARING_TRANSFER_AND_DISCLOSURE", "NISTCSF_ASSET_MANAGEMENT", "NISTCSF_RISK_ASSESSMENT", "NISTCSF_AWARENESS_AND_TRAINING", "NISTCSF_MAINTENANCE", "NIST800171R2_ACCESS_CONTROL", "NIST800171R2_AWARENESS_AND_TRAINING", "NIST800171R2_MAINTENANCE", "NIST800171R2_RISK_ASSESSMENT", "FFIEC_GOVERNANCE", "FFIEC_RISK_MANAGEMENT", "FFIEC_RESOURCES", "FFIEC_TRAINING_AND_CULTURE", "FFIEC_THREAT_INTELLIGENCE", "FFIEC_MONITORING_AND_ANALYZING", "FFIEC_INFORMATION_SHARING", "FFIEC_PREVENTATIVE_CONTROLS", "FFIEC_DETECTIVE_CONTROLS", "FFIEC_CORRECTIVE_CONTROLS", "FFIEC_CONNECTIONS", "FFIEC_RELATIONSHIP_MANAGEMENT", "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY", "FFIEC_DETECTION_RESPONSE_AND_MITIGATION", "FFIEC_ESCALATION_AND_REPORTING", "NISTSP80053_ACCESS_CONTROL", "NISTSP80053_AUDIT_AND_ACCOUNTABILITY", "NISTSP80053_IDENTIFICATION_AND_AUTHENTICATION", "NISTSP80053_SYSTEM_AND_COMMUNICATIONS_PROTECTION", "NISTSP80053_AWARENESS_AND_TRAINING", "NISTSP80053_CONFIGURATION_MANAGEMENT", "NISTSP80053_CONTINGENCY_PLANNING", "NISTSP80053_INCIDENT_RESPONSE", "NISTSP80053_MAINTENANCE", "NISTSP80053_MEDIA_PROTECTION", "NISTSP80053_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION", "NISTSP80053_PERSONNEL_SECURITY", "NISTSP80053_SYSTEM_AND_INFORMATION_INTEGRITY", "NISTSP80053_ASSESSMENT_AUTHORIZATION_AND_MONITORING", "NISTSP80053_PLANNING", "NISTSP80053_PROGRAM_MANAGEMENT", "NISTSP80053_PII_PROCESSING_AND_TRANSPARENCY", "NISTSP80053_RISK_ASSESSMENT", "NISTSP80053_SYSTEM_AND_SERVICES_ACQUISITION", "NISTSP80053_SUPPLY_CHAIN_RISK_MANAGEMENT", "CMMC_ACCESS_CONTROL", "CMMC_AUDIT_AND_ACCOUNTABILITY", "CMMC_IDENTIFICATION_AND_AUTHENTICATION", "CMMC_SYSTEM_AND_COMMUNICATIONS_PROTECTION", "CMMC_AWARENESS_AND_TRAINING", "CMMC_CONFIGURATION_MANAGEMENT", "CMMC_INCIDENT_RESPONSE", "CMMC_MAINTENANCE", "CMMC_MEDIA_PROTECTION", "CMMC_PHYSICAL_PROTECTION", "CMMC_PERSONNEL_SECURITY", "CMMC_RECOVERY", "CMMC_SYSTEM_AND_INFORMATION_INTEGRITY", "CMMC_SECURITY_ASSESSMENT", "CMMC_RISK_MANAGEMENT", "ISO270172015_RELATIONSHIP_BETWEEN_CLOUD_SERVICE_CUSTOMER_AND_CLOUD_SERVICE_PROVIDER", "ISO270172015_ACCESS_CONTROL_OF_CLOUD_SERVICE_CUSTOMER_DATA_IN_SHARED_VIRTUAL_ENVIRONMENT", "FEDRAMP_ACCESS_CONTROL", "FEDRAMP_AWARENESS_AND_TRAINING", "FEDRAMP_AUDIT_AND_ACCOUNTABILITY", "FEDRAMP_SECURITY_ASSESSMENT_AND_AUTHORIZATION", "FEDRAMP_CONFIGURATION_MANAGEMENT", "FEDRAMP_CONTINGENCY_PLANNING", "FEDRAMP_IDENTIFICATION_AND_AUTHENTICATION", "FEDRAMP_INCIDENT_RESPONSE", "FEDRAMP_MAINTENANCE", "FEDRAMP_MEDIA_PROTECTION", "FEDRAMP_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION", "FEDRAMP_PLANNING", "FEDRAMP_PERSONNEL_SECURITY", "FEDRAMP_RISK_ASSESSMENT", "FEDRAMP_SYSTEM_AND_SERVICES_ACQUISITION", "FEDRAMP_SYSTEM_AND_COMMUNICATIONS_PROTECTION", "FEDRAMP_SYSTEM_AND_INFORMATION_INTEGRITY", "FEDRAMP_SUPPLY_CHAIN_RISK_MANAGEMENT", "FEDRAMP_ASSESSMENT_AUTHORIZATION_AND_MONITORING", "ISO270182019_CONSENT_AND_CHOICE", "ISO270182019_PURPOSE_LEGITIMACY_AND_SPECIFICATION", "ISO270182019_DATA_MINIMIZATION", "ISO270182019_USE_RETENTION_AND_DISCLOSURE_LIMITATION", "ISO270182019_ACCURACY_AND_QUALITY", "ISO270182019_ACCOUNTABILITY", "ISO270182019_INFORMATION_SECURITY", "ISO270182019_PRIVACY_COMPLIANCE", "ISO27701_ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING", "ISO27701_ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES", "ISO27701_ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT", "ISO27701_ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE", "NISTCSF2_ORGANIZATIONAL_CONTEXT_GV_OC", "NISTCSF2_RISK_MANAGEMENT_STRATEGY_GV_RM", "NISTCSF2_ROLES_RESPONSIBILITIES_AND_AUTHORITIES_GV_RR", "NISTCSF2_POLICY_GV_PO", "NISTCSF2_OVERSIGHT_GV_OV", "NISTCSF2_CYBERSECURITY_SUPPLY_CHAIN_RISK_MANAGEMENT_GV_SC", "NISTCSF2_ASSET_MANAGEMENT_ID_AM", "NISTCSF2_RISK_ASSESSMENT_ID_RA", "NISTCSF2_IMPROVEMENT_ID_IM", "NISTCSF2_IDENTITY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL_PR_AA", "NISTCSF2_AWARENESS_AND_TRAINING_PR_AT", "NISTCSF2_DATA_SECURITY_PR_DS", "NISTCSF2_PLATFORM_SECURITY_PR_PS", "NISTCSF2_TECHNOLOGY_INFRASTRUCTURE_RESILIENCE_PR_IR", "NISTCSF2_CONTINUOUS_MONITORING_DE_CM", "NISTCSF2_ADVERSE_EVENT_ANALYSIS_DE_AE", "NISTCSF2_INCIDENT_MANAGEMENT_RS_MA", "NISTCSF2_INCIDENT_ANALYSIS_RS_AN", "NISTCSF2_INCIDENT_RESPONSE_REPORTING_AND_COMMUNICATION_RS_CO", "NISTCSF2_INCIDENT_MITIGATION_RS_MI", "NISTCSF2_INCIDENT_RECOVERY_PLAN_EXECUTION_RC_RP", "NISTCSF2_INCIDENT_RECOVERY_COMMUNICATION_RC_CO", "DORA_ICT_RISK_MANAGEMENT", "DORA_INFORMATION_SHARING_ARRANGEMENTS", "DORA_ICT_THIRD_PARTY_RISK_MANAGEMENT", "DORA_ICT_RELATED_INCIDENT_MANAGEMENT", "DORA_DIGITAL_OPERATIONAL_RESILIENCE_TESTING", "DORA_SIMPLIFIED_ICT_RISK_MANAGEMENT_FRAMEWORK", "DORA_HUMAN_RESOURCES_POLICY_AND_ACCESS_CONTROL", "DORA_ICT_SECURITY_POLICIES_AND_PROCEDURES", "DORA_ICT_RELATED_INCIDENT_DETECTION_AND_RESPONSE", "DORA_ICT_BUSINESS_CONTINUITY_MANAGEMENT", "DORA_ICT_RISK_MANAGEMENT_FRAMEWORK_REVIEW_REPORT", "NIST800171R3_INCIDENT_RESPONSE", "NIST800171R3_SUPPLY_CHAIN_RISK_MANAGEMENT", "NIST800171R3_MEDIA_PROTECTION", "NIST800171R3_AUDIT_AND_ACCOUNTABILITY", "NIST800171R3_ACCESS_CONTROL", "NIST800171R3_PHYSICAL_PROTECTION", "NIST800171R3_CONFIGURATION_MANAGEMENT", "NIST800171R3_SYSTEM_AND_COMMUNICATIONS_PROTECTION", "NIST800171R3_IDENTIFICATION_AND_AUTHENTICATION", "NIST800171R3_PLANNING", "NIST800171R3_MAINTENANCE", "NIST800171R3_RISK_ASSESSMENT", "NIST800171R3_SYSTEM_AND_INFORMATION_INTEGRITY", "NIST800171R3_SECURITY_ASSESSMENT_AND_MONITORING", "NIST800171R3_SYSTEM_AND_SERVICES_ACQUISITION", "NIST800171R3_AWARENESS_AND_TRAINING", "NIST800171R3_PERSONNEL_SECURITY", "TISAX_INFORMATION_SECURITY_POLICIES", "TISAX_ORGANIZATION_OF_INFORMATION_SECURITY", "TISAX_ASSET_MANAGEMENT", "TISAX_IS_RISK_MANAGEMENT", "TISAX_ASSESSMENTS", "TISAX_INCIDENT_AND_CRISIS_MANAGEMENT", "TISAX_IDENTITY_MANAGEMENT", "TISAX_ACCESS_MANAGEMENT", "TISAX_CRYPTOGRAPHY", "TISAX_OPERATIONS_SECURITY", "TISAX_SYSTEM_ACQUISITIONS_REQUIREMENT_MANAGEMENT_AND_DEVELOPMENT", "TISAX_PHYSICAL_AND_ENVIRONMENTAL_SECURITY", "TISAX_ORGANIZATIONAL_REQUIREMENTS", "TISAX_HANDLING_OF_VEHICLES_COMPONENTS_AND_PARTS", "TISAX_REQUIREMENTS_FOR_TRIAL_VEHICLES", "TISAX_REQUIREMENTS_FOR_EVENTS_AND_SHOOTINGS", "TISAX_DATA_PROTECTION_POLICIES", "TISAX_ORGANIZATION_OF_DATA_PROTECTION", "TISAX_PROCESSING_DIRECTORY", "TISAX_DATA_PROTECTION_IMPACT_ASSESSMENT", "TISAX_DATA_TRANSFERS", "TISAX_HANDLING_REQUESTS_AND_INCIDENTS", "TISAX_HUMAN_RESOURCES", "TISAX_INSTRUCTIONS" ] } } }, { "name": "level", "required": false, "in": "query", "description": "The id of the level", "schema": { "nullable": true, "example": "SECURITY_HIGH", "enum": [ "SECURITY_LOW", "SECURITY_MODERATE", "SECURITY_HIGH", "LEVEL_1", "LEVEL_2", "BASELINE", "EVOLVING", "INTERMEDIATE", "ADVANCED", "INNOVATIVE", "SIMPLIFIED", "STANDARD", "IG1", "IG2", "IG3", "I1", "R2", "E1", "ML1", "ML2", "ML3", "PII_CONTROLLERS", "PII_PROCESSORS", "PROVIDER", "MSP" ], "type": "string" } }, { "name": "customCategory", "required": false, "in": "query", "description": "Filter requirements on their custom category", "schema": { "nullable": true, "example": "Custom Category 1", "type": "string" } }, { "name": "frameworkId", "required": false, "in": "query", "description": "The framework ID", "schema": { "example": 1, "type": "number" } }, { "name": "workspaceId", "required": false, "in": "query", "description": "ID of the Workspace. If this is not sent, it will default to the global workspace.", "schema": { "example": 1, "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RequirementPaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find framework requirements by search terms and filters", "tags": [ "Frameworks" ], "x-drata-permissions": [ "get-frameworks-requirements" ], "x-product-area": [ "REQUIREMENTS_FRAMEWORKS" ] } }, "/tickets": { "post": { "description": "Sync ticket id with data from ticket management provider\n\nšŸ”’ Requires **Ticket Management: Create Ticket** permission.", "operationId": "TicketsPublicController_createTicket", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TicketsCreateRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TicketCreateResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Add a new to ticket to ticket management provider", "tags": [ "Tickets" ], "x-drata-permissions": [ "ticket-management-post" ], "x-product-area": [ "GENERAL_TICKETING" ] } }, "/custom-connections/{connectionId}/resources/{resourceId}/records": { "post": { "description": "This endpoint allows you to upsert custom data records individually or in bulk.\n\n * If a record with a matching identifier is found, it will be updated (upserted). \n\n * If no matching record is found, a new record will be created with a generated ID. \n\n\n **Session Management (Optional):**\n\n * `X-Session-ID`: Unique identifier for session upload\n\n * `X-Session-Complete: true`: Mark session as complete (activates data for evidence generation)\n\n * `X-Session-Abort: true`: Abort session and mark for cleanup\n\n\n When using session management, only data from ACTIVE sessions is used for compliance evaluations.\n \n\nšŸ”’ Requires **Custom Connections Data: Create Custom Connection Data** permission.\n\nšŸ’Ž Requires your account have the **Custom Connections and Tests** feature. Contact your CSM for help upgrading.", "operationId": "CustomDataPublicController_createCustomData", "parameters": [ { "name": "connectionId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "resourceId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "x-session-id", "required": true, "in": "header", "schema": { "type": "string" } }, { "name": "x-session-complete", "required": true, "in": "header", "schema": { "type": "string" } }, { "name": "x-session-abort", "required": true, "in": "header", "schema": { "type": "string" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateCustomDataRequestPublicDto" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "oneOf": [ { "type": "object", "title": "Single Record Operation", "description": "Drata supports creating or updating a single record. The response provides detailed feedback on the operation's outcome.", "properties": { "id": { "type": "string", "example": "fd52f04f-a030-44ea-a5af-40919194ab7e" }, "createdAt": { "type": "string", "example": "2020-07-06 12:00:00.000000" }, "updatedAt": { "type": "string", "example": "2020-07-06 13:00:00.000000" }, "statusCode": { "type": "number", "example": 200 }, "data": { "type": "object", "description": "Custom data information, reflects record sent on request", "additionalProperties": true } }, "example": { "id": "fd52f04f-a030-44ea-a5af-40919194ab7e", "createdAt": "2020-07-06 12:00:00.000000", "updatedAt": "2020-07-06 13:00:00.000000", "statusCode": 200, "data": { "YOUR": "DATA", "PROPERTIES": { "WILL": "BE_HERE" } } } }, { "type": "array", "title": "Bulk Operation", "description": "Drata supports bulk operations to create multiple records simultaneously. The response provides detailed feedback for each individual record operation.", "items": { "properties": { "id": { "type": "string", "example": "fd52f04f-a030-44ea-a5af-40919194ab7e" }, "createdAt": { "type": "string", "example": "2020-07-06 12:00:00.000000" }, "updatedAt": { "type": "string", "example": "2020-07-06 13:00:00.000000" }, "statusCode": { "type": "number", "example": 200 }, "data": { "type": "object", "description": "Custom data information, reflects record sent on request", "additionalProperties": true }, "error": { "type": "object", "properties": { "message": { "type": "string", "description": "Error message", "example": "Schema validation failed for data: [{\"\":\"must have required property 'name'\"}]" }, "code": { "type": "number", "description": "Error code", "example": 28022 } } } } }, "example": [ { "id": "fd52f04f-a030-44ea-a5af-40919194ab7e", "createdAt": "2020-07-06 12:00:00.000000", "updatedAt": "2020-07-06 13:00:00.000000", "statusCode": 200, "data": { "YOUR": "DATA", "PROPERTIES": { "WILL": "BE_HERE" } } }, { "id": "fd52f04f-a030-44ea-a5af-40919194ab7e", "createdAt": "2020-07-06 12:00:00.000000", "updatedAt": "2020-07-06 12:00:00.000000", "statusCode": 201, "data": { "YOUR": "DATA", "PROPERTIES": { "WILL": "BE_HERE" } } }, { "statusCode": 400, "data": { "YOUR": "DATA", "PROPERTIES": { "WILL": "BE_HERE" } }, "error": { "error": { "message": "Schema validation failed for data: [{\"\":\"must have required property 'name'\"}]", "code": 28022 } } } ] } ] } } } }, "201": { "description": "Created", "content": { "application/json": { "schema": { "type": "object", "properties": { "id": { "type": "string", "example": "fd52f04f-a030-44ea-a5af-40919194ab7e" }, "createdAt": { "type": "string", "example": "2020-07-06 12:00:00.000000" }, "updatedAt": { "type": "string", "example": "2020-07-06 13:00:00.000000" }, "statusCode": { "type": "number", "example": 200 }, "data": { "type": "object", "description": "Custom data information, reflects record sent on request", "additionalProperties": true } }, "example": { "id": "fd52f04f-a030-44ea-a5af-40919194ab7e", "createdAt": "2020-07-06 12:00:00.000000", "updatedAt": "2020-07-06 13:00:00.000000", "statusCode": 200, "data": { "YOUR": "DATA", "PROPERTIES": { "WILL": "BE_HERE" } } } } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Upsert Custom Data Records", "tags": [ "Custom Connections" ], "x-drata-entitlement": [ "CUSTOM_CONNECTIONS_AND_TESTS" ], "x-drata-permissions": [ "custom-connections-data-post" ], "x-product-area": [ "CUSTOM_FRAMEWORKS" ] } }, "/custom-connections/{connectionId}/resources/{resourceId}/records/{recordId}": { "put": { "description": "If a record with the id exists it will be updated.\n\nšŸ”’ Requires **Custom Connections Data: Create and Update Custom Connection Data** permission.\n\nšŸ’Ž Requires your account have the **Custom Connections and Tests** feature. Contact your CSM for help upgrading.", "operationId": "CustomDataPublicController_updateCustomData", "parameters": [ { "name": "connectionId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "resourceId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "recordId", "required": true, "in": "path", "schema": { "type": "string" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateCustomDataRequestPublicDto" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CustomDataResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update custom data record by id", "tags": [ "Custom Connections" ], "x-drata-entitlement": [ "CUSTOM_CONNECTIONS_AND_TESTS" ], "x-drata-permissions": [ "custom-connections-data-put" ], "x-product-area": [ "CUSTOM_FRAMEWORKS" ] }, "delete": { "description": "If a record with the id exists it will be deleted\n\nšŸ”’ Requires **Custom Connections Data: Delete Custom Connection Data** permission.\n\nšŸ’Ž Requires your account have the **Custom Connections and Tests** feature. Contact your CSM for help upgrading.", "operationId": "CustomDataPublicController_deleteCustomData", "parameters": [ { "name": "recordId", "required": true, "in": "path", "schema": { "type": "string" } }, { "name": "connectionId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "resourceId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Delete a custom data record by id", "tags": [ "Custom Connections" ], "x-drata-entitlement": [ "CUSTOM_CONNECTIONS_AND_TESTS" ], "x-drata-permissions": [ "custom-connections-data-delete" ], "x-product-area": [ "CUSTOM_FRAMEWORKS" ] } }, "/sessions": { "get": { "description": "Get all custom data sessions for the account with pagination support\n\nšŸ”’ Requires **Custom Connections Management: List Custom Connections** permission.\n\nšŸ’Ž Requires your account have the **Custom Connections and Tests** feature. Contact your CSM for help upgrading.", "operationId": "CustomDataPublicController_getSessions", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "connectionId", "required": false, "in": "query", "description": "Filter sessions by Custom Connection id", "schema": { "example": 1, "type": "number" } }, { "name": "resourceId", "required": false, "in": "query", "description": "Filter sessions by Custom Resource id", "schema": { "example": 1, "type": "number" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SessionsPaginatedResponseDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get all custom data sessions", "tags": [ "Custom Connections" ], "x-drata-entitlement": [ "CUSTOM_CONNECTIONS_AND_TESTS" ], "x-drata-permissions": [ "custom-connections-get" ], "x-product-area": [ "CUSTOM_FRAMEWORKS" ] } }, "/sessions/{sessionId}/evidence": { "get": { "description": "Get paginated evidence data for a specific session by session ID\n\nšŸ”’ Requires **Custom Connections Management: List Custom Connections** permission.\n\nšŸ’Ž Requires your account have the **Custom Connections and Tests** feature. Contact your CSM for help upgrading.", "operationId": "CustomDataPublicController_getSessionEvidence", "parameters": [ { "name": "sessionId", "required": true, "in": "path", "schema": { "type": "string" } }, { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SessionEvidencePaginatedResponseDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get paginated evidence data for a specific session", "tags": [ "Custom Connections" ], "x-drata-entitlement": [ "CUSTOM_CONNECTIONS_AND_TESTS" ], "x-drata-permissions": [ "custom-connections-get" ], "x-product-area": [ "CUSTOM_FRAMEWORKS" ] } }, "/devices/{deviceId}/documents": { "get": { "description": "Get a list of documents for a given device and document type\n\nšŸ”’ Requires **Devices: Manage Device Documents** permission.", "operationId": "DevicePublicController_getDeviceDocuments", "parameters": [ { "name": "deviceId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "type", "required": false, "in": "query", "description": "Filter documents by their type", "schema": { "$ref": "#/components/schemas/DeviceDocumentTypeEnum" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeviceDocumentsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find device documents by document type", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-get-documents" ], "x-product-area": [ "MDM" ] }, "post": { "description": "Upload a new device document for a given device\n\nšŸ”’ Requires **Devices: Manage Device Documents** permission.", "operationId": "DevicePublicController_uploadDocumentForDevice", "parameters": [ { "name": "deviceId", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/DeviceDocumentRequestPublicDto" } }, "application/json": { "schema": { "$ref": "#/components/schemas/DeviceDocumentRequestPublicDto" } } } }, "responses": { "201": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeviceDocumentResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Upload device compliance document by device id", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-post-document" ], "x-product-area": [ "MDM" ] } }, "/devices/documents/{documentId}": { "delete": { "description": "Removes a specific device document using the provided document ID\n\nšŸ”’ Requires **Devices: Manage Device Documents** permission.", "operationId": "DevicePublicController_deleteDeviceDocument", "parameters": [ { "name": "documentId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Delete a Device Document", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-delete-document" ], "x-product-area": [ "MDM" ] } }, "/devices/documents/{documentId}/download": { "get": { "description": "Get device document download URL by document ID\n\nšŸ”’ Requires **Devices: Manage Device Documents** permission.", "operationId": "DevicePublicController_getDeviceDocumentDownloadUrl", "parameters": [ { "name": "documentId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get device document signed download URL", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-get-download-document" ], "x-product-area": [ "MDM" ] } }, "/devices": { "get": { "operationId": "DevicePublicController_getDevices", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "externalId", "required": false, "in": "query", "description": "An externally sourced unique identifier for a device", "schema": { "maxLength": 191, "type": "string" } }, { "name": "expand[]", "required": false, "in": "query", "description": "List of subcollections and sub-objects to expand", "schema": { "example": "COMPLIANCE_CHECKS", "type": "array", "items": { "type": "string", "enum": [ "asset", "complianceChecks", "documents", "identifiers" ] } } }, { "name": "macAddress", "required": false, "in": "query", "description": "The device MAC address", "schema": { "example": "65-F9-3D-85-7B-6B,99-A9-3E-14-7A-3E", "type": "string" } }, { "name": "serialNumber", "required": false, "in": "query", "description": "The device serial number", "schema": { "example": "NKRTSPY456", "type": "string" } }, { "name": "sourceType", "required": false, "in": "query", "description": "Device source type", "schema": { "example": "AGENT", "enum": [ "AGENT", "JAMF", "INTUNE", "KANDJI", "JUMPCLOUD", "HEXNODE_UEM", "UNKNOWN", "RIPPLING", "WORKSPACE_ONE", "KOLIDE", "CUSTOM", "INTUNE_GCC_HIGH", "CUSTOM_XFA", "NINJAONE" ], "type": "string" } }, { "name": "personnelId", "required": false, "in": "query", "description": "Personnel Id", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DevicesPaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get a list of devices", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-get" ], "x-product-area": [ "MDM" ], "description": "šŸ”’ Requires **Devices: List Devices** permission." } }, "/personnel/{personnelId}/devices": { "get": { "operationId": "DevicePublicController_getDevicesForPersonnel", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "externalId", "required": false, "in": "query", "description": "An externally sourced unique identifier for a device", "schema": { "maxLength": 191, "type": "string" } }, { "name": "expand[]", "required": false, "in": "query", "description": "List of subcollections and sub-objects to expand", "schema": { "example": "COMPLIANCE_CHECKS", "type": "array", "items": { "type": "string", "enum": [ "asset", "complianceChecks", "documents", "identifiers" ] } } }, { "name": "macAddress", "required": false, "in": "query", "description": "The device MAC address", "schema": { "example": "65-F9-3D-85-7B-6B,99-A9-3E-14-7A-3E", "type": "string" } }, { "name": "serialNumber", "required": false, "in": "query", "description": "The device serial number", "schema": { "example": "NKRTSPY456", "type": "string" } }, { "name": "sourceType", "required": false, "in": "query", "description": "Device source type", "schema": { "example": "AGENT", "enum": [ "AGENT", "JAMF", "INTUNE", "KANDJI", "JUMPCLOUD", "HEXNODE_UEM", "UNKNOWN", "RIPPLING", "WORKSPACE_ONE", "KOLIDE", "CUSTOM", "INTUNE_GCC_HIGH", "CUSTOM_XFA", "NINJAONE" ], "type": "string" } }, { "name": "personnelId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeviceResponseV11PublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get a list of devices for a given personnel item", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-get" ], "x-product-area": [ "MDM" ], "description": "šŸ”’ Requires **Devices: List Devices** permission." } }, "/devices/{deviceId}": { "get": { "operationId": "DevicePublicController_getDevice", "parameters": [ { "name": "expand[]", "required": false, "in": "query", "description": "List of subcollections and sub-objects to expand", "schema": { "example": "COMPLIANCE_CHECKS", "type": "array", "items": { "type": "string", "enum": [ "asset", "complianceChecks", "documents", "identifiers", "deviceApps" ] } } }, { "name": "deviceId", "required": true, "in": "path", "description": "The device ID", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeviceResponseIdPublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get a specific device", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-get" ], "x-product-area": [ "MDM" ], "description": "šŸ”’ Requires **Devices: List Devices** permission." } }, "/custom-connections/{connectionId}/devices": { "get": { "description": "šŸ§Ŗ **BETA:** Get a list of devices for a given connection\n\nšŸ”’ Requires **Devices: List Devices** permission.", "operationId": "DevicePublicController_getDevicesForCustomConnection", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "externalId", "required": false, "in": "query", "description": "An externally sourced unique identifier for a device", "schema": { "maxLength": 191, "type": "string" } }, { "name": "expand[]", "required": false, "in": "query", "description": "List of subcollections and sub-objects to expand", "schema": { "example": "COMPLIANCE_CHECKS", "type": "array", "items": { "type": "string", "enum": [ "asset", "complianceChecks", "documents", "identifiers" ] } } }, { "name": "macAddress", "required": false, "in": "query", "description": "The device MAC address", "schema": { "example": "65-F9-3D-85-7B-6B,99-A9-3E-14-7A-3E", "type": "string" } }, { "name": "serialNumber", "required": false, "in": "query", "description": "The device serial number", "schema": { "example": "NKRTSPY456", "type": "string" } }, { "name": "personnelId", "required": false, "in": "query", "description": "Personnel Id", "schema": { "type": "number" } }, { "name": "connectionId", "required": true, "in": "path", "description": "\nThe ID of the connection may be obtained in one of two ways:\n* Calling GET /connections and noting the `id` of the desired custom device connection in the response.\n* In the Drata App: \n * **New Device Connection** \n 1. Navigate to *Connections* **>** *MDM*.\n 2. Select the *Available Connections* tab.\n 3. Chose *Custom Device Connection*.\n \n After successfully creating a device connection, the connection ID will be displayed under *Account Information*.\n * **Existing Device Connection**\n 1. Navigate to *Connections* **>** *MDM*.\n 2. Select the *Active Connections* tab.\n 3. View a previously created custom device connection.\n\n The connection ID will be displayed under *Account Information*.\n", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DevicesPaginatedResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get a list of devices for a given connection", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-get" ], "x-product-area": [ "MDM" ] }, "post": { "description": "\nšŸ§Ŗ **BETA:** Create a new device or update an existing device for a custom connection.\n\nAn existing device is searched for based upon matching one or more of these supplied properties in the request payload:\n* `serialNumber`\n* `macAddress`\n* `externalId`\n\nIf an existing device is found, the existing device is updated.\nOtherwise a new device is created.\n \n\nšŸ”’ Requires **Devices: Create Device** permission.", "operationId": "DevicePublicController_createDeviceForCustomConnection", "parameters": [ { "name": "connectionId", "required": true, "in": "path", "description": "\nThe ID of the connection may be obtained in one of two ways:\n* Calling GET /connections and noting the `id` of the desired custom device connection in the response.\n* In the Drata App: \n * **New Device Connection** \n 1. Navigate to *Connections* **>** *MDM*.\n 2. Select the *Available Connections* tab.\n 3. Chose *Custom Device Connection*.\n \n After successfully creating a device connection, the connection ID will be displayed under *Account Information*.\n * **Existing Device Connection**\n 1. Navigate to *Connections* **>** *MDM*.\n 2. Select the *Active Connections* tab.\n 3. View a previously created custom device connection.\n\n The connection ID will be displayed under *Account Information*.\n", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateDeviceRequestPublicDto" } } } }, "responses": { "201": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeviceResponseV11PublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Create a new device or update an existing device for a custom connection", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-post" ], "x-product-area": [ "MDM" ] } }, "/devices/{deviceId}/apps": { "get": { "description": "Get a list of apps associated with a given device\n\nšŸ”’ Requires **Devices: List Devices** permission.", "operationId": "DevicePublicController_getDeviceApps", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "deviceId", "required": true, "in": "path", "description": "The device ID", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeviceAppsPaginatedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get device apps", "tags": [ "Devices" ], "x-drata-permissions": [ "devices-get" ], "x-product-area": [ "MDM" ] } }, "/workspaces/{workspaceId}/evidence-library": { "get": { "description": "List evidence given the provided search terms and filters\n\nšŸ”’ Requires **Evidence Library: List Evidence** permission.", "operationId": "EvidenceLibraryPublicController_listEvidence", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data to search term", "schema": { "nullable": true, "example": "Evidence 1", "type": "string" } }, { "name": "fileKey", "required": false, "in": "query", "description": "Drata S3 file key", "schema": { "maxLength": 191, "example": "UUID-FOLDER/reports/UUID-FOLDER/TestReport.pdf", "type": "string" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: RENEWAL_DATE)", "schema": { "example": "RENEWAL_DATE", "enum": [ "DATE", "CREATED_AT", "DESCRIPTION", "RENEWAL_DATE", "NAME", "USER", "STATUS", "EVIDENCE_TYPE" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "example": "ASC", "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "excludeIds", "required": false, "in": "query", "description": "Evidence ids to exclude from the results", "schema": { "type": "array", "items": { "type": "number" } } }, { "name": "excludeControlId", "required": false, "in": "query", "description": "Exclude policies if mapped to control id", "schema": { "example": 1, "type": "number" } }, { "name": "status", "required": false, "in": "query", "description": "Status for the evidence", "schema": { "example": [ "EXPIRED", "READY" ], "type": "array", "items": { "type": "string", "enum": [ "NEEDS_ARTIFACT", "ERROR", "READY", "EXPIRING_SOON", "EXPIRED", "NEEDS_SOURCE", "NEEDS_ATTENTION" ] } } }, { "name": "versionSourceTypes[]", "required": false, "in": "query", "description": "This value represents the ā€œSource Typeā€ of the current version of this evidence.", "schema": { "example": "FILE", "type": "array", "items": { "type": "string", "enum": [ "FILE", "URL", "TICKET", "TEST" ] } } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceLibraryResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find evidence by workspace id", "tags": [ "Evidence Library" ], "x-drata-permissions": [ "evidence-get" ], "x-product-area": [ "EVIDENCE_LIBRARY" ] }, "post": { "description": "Add evidence\n\nšŸ”’ Requires **Evidence Library: Create Evidence** permission.", "operationId": "EvidenceLibraryPublicController_createEvidence", "parameters": [ { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/EvidenceRequestPublicDto" } }, "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Add evidence by workspace id", "tags": [ "Evidence Library" ], "x-drata-permissions": [ "evidence-post" ], "x-product-area": [ "EVIDENCE_LIBRARY" ] } }, "/workspaces/{workspaceId}/evidence-library/{id}": { "get": { "description": "Get Evidence details\n\nšŸ”’ Requires **Evidence Library: List Evidence** permission.", "operationId": "EvidenceLibraryPublicController_getEvidence", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find Evidence by its ID and workspace ID", "tags": [ "Evidence Library" ], "x-drata-permissions": [ "evidence-get" ], "x-product-area": [ "EVIDENCE_LIBRARY" ] }, "put": { "description": "Update Evidence metadata\n\nšŸ”’ Requires **Evidence Library: Update Evidence** permission.", "operationId": "EvidenceLibraryPublicController_updateEvidence", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/EvidenceRequestPublicDto" } }, "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update evidence by evidence id and workspace id", "tags": [ "Evidence Library" ], "x-drata-permissions": [ "evidence-put" ], "x-product-area": [ "EVIDENCE_LIBRARY" ] }, "delete": { "description": "Delete a piece of evidence.\n\nšŸ”’ Requires **Evidence Library: Delete Evidence** permission.", "operationId": "EvidenceLibraryPublicController_deleteEvidence", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful" }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Remove a piece of evidence by evidence id and workspace id", "tags": [ "Evidence Library" ], "x-drata-permissions": [ "evidence-delete" ], "x-product-area": [ "EVIDENCE_LIBRARY" ] } }, "/workspaces/{workspaceId}/evidence-library/{evidenceId}/version/{versionId}/download": { "get": { "description": "Generates a pre-signed download URL for an Evidence file\n\nšŸ”’ Requires **Evidence Library: List Evidence** permission.", "operationId": "EvidenceLibraryPublicController_getEvidenceDownloadUrl", "parameters": [ { "name": "evidenceId", "required": true, "in": "path", "description": "The ID of the Evidence item", "schema": { "type": "number" } }, { "name": "versionId", "required": true, "in": "path", "description": "The ID of the Evidence version you want to download. Use the `id` value from your chosen version, *not* the `version` value.", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Generate Evidence download URL", "tags": [ "Evidence Library" ], "x-drata-permissions": [ "evidence-get" ], "x-product-area": [ "EVIDENCE_LIBRARY" ] } }, "/workspaces/{workspaceId}/evidence-library/sync/{id}": { "put": { "description": "Update evidence sync\n\nšŸ”’ Requires **Evidence Library: Update Evidence** permission.", "operationId": "EvidenceLibraryPublicController_updateEvidenceSync", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceSyncRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EvidenceSyncResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update evidence sync by evidence id and workspace id", "tags": [ "Evidence Library" ], "x-drata-permissions": [ "evidence-put" ], "x-product-area": [ "EVIDENCE_LIBRARY" ] } }, "/trust-center/controls": { "get": { "description": "Get all the information of the monitoring controls.\n\nšŸ”’ Requires **Trust Center: List Monitoring Controls** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Essentials** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_getControls", "parameters": [ { "name": "workspaceId", "required": false, "in": "query", "description": "ID of the Workspace. If this is not sent, it will default to the global workspace.", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/MonitoringControlsResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "List monitoring controls", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER_ESSENTIALS" ], "x-drata-permissions": [ "trust-center-get-monitoring-controls" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/requests/{id}": { "get": { "description": "Get the trust center request.\n\nšŸ”’ Requires **Trust Center: View Access Request** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Essentials** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_getTrustCenterAccessRequest", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "string" } }, { "name": "workspaceId", "required": true, "in": "query", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterRequestDocumentWithNameResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get trust center access request by request id", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER_ESSENTIALS" ], "x-drata-permissions": [ "trust-center-get-request" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/requests/{id}/approve": { "put": { "description": "Trust Center approve access to private files.\n\nšŸ”’ Requires **Trust Center: Manage Access Request** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Pro** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_approveRequest", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "string" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterApproveRequestRequestPublicDto" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterRequestApproveResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Approve access to private files by request id", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER" ], "x-drata-permissions": [ "trust-center-put-request-approve" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/requests/{id}/deny": { "put": { "description": "Deny access to private files for Trust Center.\n\nšŸ”’ Requires **Trust Center: Manage Access Request** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Pro** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_deniedRequest", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterRequestDeniedResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Deny access to private files by request id", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER" ], "x-drata-permissions": [ "trust-center-put-request-deny" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/private-access": { "get": { "description": "Get the private access info.\n\nšŸ”’ Requires **Trust Center: Manage NDA Settings** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Essentials** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_getPrivateAccessData", "parameters": [ { "name": "workspaceId", "required": false, "in": "query", "description": "ID of the Workspace. If this is not sent, it will default to the global workspace.", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterPrivateAccessResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get the private access info.", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER_ESSENTIALS" ], "x-drata-permissions": [ "trust-center-get-private-access" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/company-info/private-access": { "put": { "description": "Update the company information private access section.\n\nšŸ”’ Requires **Trust Center: Manage NDA Settings** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Pro** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_updateCompanyInfoPrivateAccess", "parameters": [ { "name": "workspaceId", "required": false, "in": "query", "description": "Workspace Id", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CompanyInfoPrivateAccessRequestPublicDto" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CompanyInfoResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Edit the company information private access section", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER" ], "x-drata-permissions": [ "trust-center-put-private-access" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/private-documents": { "get": { "description": "Get all the policies, compliance and security reports private documents.\n\nšŸ”’ Requires **Trust Center: List Private Documents** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Essentials** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_getAllPrivateDocuments", "parameters": [ { "name": "q", "required": false, "in": "query", "description": "Filter private documents by searching for name", "schema": { "maxLength": 100, "example": "Report 01", "type": "string" } }, { "name": "workspaceId", "required": false, "in": "query", "description": "ID of the workspace", "schema": { "minimum": 1, "example": 1, "type": "number" } } ], "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterAllPrivateDocumentsResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get all private documents", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER_ESSENTIALS" ], "x-drata-permissions": [ "trust-center-get-private-documents" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/requests": { "get": { "description": "This endpoint returns requests of all statuses except \"pending\" by default\n\nšŸ”’ Requires **Trust Center: List Access Requests** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Essentials** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_getTrustCenterRequests", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "example": "ASC", "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data to search requests", "schema": { "maxLength": 100, "example": "Drata", "type": "string" } }, { "name": "status", "required": false, "in": "query", "description": "Filter request by status", "schema": { "example": "APPROVED", "enum": [ "PROCESS_ERROR", "APPROVED", "DENIED", "NDA_SENT", "NDA_SIGNED", "FILES_SENT", "NDA_EXPIRED", "PENDING", "REVOKED", "ACCESS_EXPIRED", "AUTO_APPROVED" ], "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterRequestsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get trust center access requests", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER_ESSENTIALS" ], "x-drata-permissions": [ "trust-center-get-requests" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] }, "post": { "description": "Create a Trust Center request for private documents.\n\nšŸ”’ Requires **Trust Center: Create Access Request** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Pro** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_createTrustCenterAccessRequest", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrustCenterRequestRequestPublicDto" } } } }, "responses": { "201": { "description": "Created" }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Create trust center request", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER" ], "x-drata-permissions": [ "trust-center-post-request" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/trust-center/reports": { "get": { "description": "Generate Trust Center Report Csv\n\nšŸ”’ Requires **Trust Center: List Trust Center Reports** permission.\n\nšŸ’Ž Requires your account have the **Trust Center Essentials** feature. Contact your CSM for help upgrading.", "operationId": "TrustCenterPublicController_getReport", "parameters": [ { "name": "startDate", "required": true, "in": "query", "description": "Start date to generate the report", "schema": { "example": "2025-07-01T16:45:55.246Z", "type": "string" } }, { "name": "endDate", "required": true, "in": "query", "description": "End date to generate the report", "schema": { "example": "2025-07-01T16:45:55.246Z", "type": "string" } }, { "name": "workspaceId", "required": true, "in": "query", "description": "ID of the Workspace", "schema": { "example": 1, "type": "number" } }, { "name": "reportType", "required": true, "in": "query", "description": "Report type to be generated", "schema": { "example": "SUMMARY", "enum": [ "SUMMARY", "ACCESS_REQUESTS_LIST", "ACCESS_REQUESTS_APPROVED_DOMAINS", "ACCESS_REQUESTS_APPROVED_EMAILS", "DOCUMENT_REQUESTS_FILE_NAME", "PRO_REVENUE_INFLUENCED" ], "type": "string" } } ], "responses": { "200": { "description": "Successful" }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "402": { "description": "You must upgrade your plan to use this feature", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Retrieves CSV data for single Trust Center report", "tags": [ "Trust Center" ], "x-drata-entitlement": [ "TRUST_CENTER_ESSENTIALS" ], "x-drata-permissions": [ "trust-center-get-trust-center-reports" ], "x-product-area": [ "TRUST_CENTER_DRATA" ] } }, "/assets": { "get": { "description": "Find assets by search terms and filters\n\nšŸ”’ Requires **Assets: List Assets** permission.", "operationId": "AssetsPublicController_listAssets", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "maximum": 1000, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching by asset names", "schema": { "example": "Security Program Overview", "type": "string" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: CREATED)", "schema": { "example": "NAME", "enum": [ "NAME", "ASSET_TYPE", "COMPANY_NAME", "DESCRIPTION", "ASSET_PROVIDER", "USER", "APPROVED_AT", "REMOVED_AT", "CREATED", "UPDATED", "EMPLOYMENT_STATUS" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "example": "ASC", "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "assetClassType", "required": false, "in": "query", "description": "Filter assets by class type (associated assets)", "schema": { "example": "DOCUMENT", "enum": [ "HARDWARE", "POLICY", "DOCUMENT", "PERSONNEL", "SOFTWARE", "CODE", "CONTAINER", "COMPUTE", "NETWORKING", "DATABASE", "STORAGE" ], "type": "string" } }, { "name": "assetType", "required": false, "in": "query", "description": "Filter assets by type", "schema": { "example": "PHYSICAL", "enum": [ "PHYSICAL", "VIRTUAL" ], "type": "string" } }, { "name": "assetProvider", "required": false, "in": "query", "description": "Filter assets by provider", "schema": { "example": "AGENT", "enum": [ "DRATA_DEV", "AGENT", "DRATA", "GOOGLE", "MICROSOFT_365", "JAMF", "INTUNE", "OKTA_IDENTITY", "KANDJI", "JUMPCLOUD", "HEXNODE_UEM", "RIPPLING", "AWS", "MERGEDEV_ONELOGIN", "MERGEDEV_JUMPCLOUD", "WORKSPACE_ONE", "CSV_IDP", "AWS_GOV_CLOUD", "AZURE", "GCP", "MICROSOFT_365_GCC_HIGH", "MERGEDEV_CYBERARK", "KOLIDE", "MERGEDEV_PINGONE", "AWS_ORG_UNITS", "INTUNE_GCC_HIGH", "CUSTOM_XFA", "NINJAONE" ], "type": "string" } }, { "name": "userId", "required": false, "in": "query", "description": "Filter data to a user associated to the assets", "schema": { "maximum": 1000000000, "example": 1, "type": "number" } }, { "name": "employmentStatus", "required": false, "in": "query", "description": "Filter data to personnel of this employment status", "schema": { "example": "CURRENT_EMPLOYEE", "enum": [ "CURRENT_EMPLOYEE", "FORMER_EMPLOYEE", "CURRENT_CONTRACTOR", "FORMER_CONTRACTOR", "OUT_OF_SCOPE", "UNKNOWN", "SPECIAL_FORMER_EMPLOYEE", "SPECIAL_FORMER_CONTRACTOR", "FUTURE_HIRE", "SERVICE_ACCOUNT" ], "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AssetsResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "List all the assets", "tags": [ "Assets" ], "x-drata-permissions": [ "assets-get" ], "x-product-area": [ "ASSETS_PAGE" ] }, "post": { "description": "Manually add a new asset to the account\n\nšŸ”’ Requires **Assets: Create Asset** permission.", "operationId": "AssetsPublicController_createAsset", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AssetRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AssetResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "422": { "description": "Unprocessable Entity", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Create one manual asset", "tags": [ "Assets" ], "x-drata-permissions": [ "assets-post" ], "x-product-area": [ "ASSETS_PAGE" ] } }, "/assets/{id}": { "delete": { "description": "Remove a virtual or manually-added asset. āš ļø This is an unrecoverable operation\n\nšŸ”’ Requires **Assets: Delete Asset** permission.", "operationId": "AssetsPublicController_deleteAsset", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AssetResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Remove an asset by asset ID", "tags": [ "Assets" ], "x-drata-permissions": [ "assets-delete" ], "x-product-area": [ "ASSETS_PAGE" ] } }, "/background-check/{userId}/manual": { "post": { "description": "Manually upload a background check URL for a user\n\nšŸ”’ Requires **Personnel: Create Background Check** permission.", "operationId": "BackgroundCheckPublicController_updateBackgroundCheck", "parameters": [ { "name": "userId", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ManualBackgroundCheckRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "409": { "description": "There is a conflict in the business rules with this request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Upload a background check evidence to a user", "tags": [ "Background Check" ], "x-drata-permissions": [ "background-check-post" ], "x-product-area": [ "BACKGROUND_CHECK_SYNC" ] } }, "/personnel": { "get": { "description": "List personnel given the search terms and filters\n\nšŸ”’ Requires **Personnel: List Personnel** permission.", "operationId": "PersonnelPublicController_listPersonnel", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for first name, last name, full name, or email", "schema": { "example": "John Doe", "type": "string" } }, { "name": "employmentStatus", "required": false, "in": "query", "description": "Filter data to personnel of this employment status", "schema": { "example": "CURRENT_EMPLOYEE", "enum": [ "CURRENT_EMPLOYEE", "FORMER_EMPLOYEE", "CURRENT_CONTRACTOR", "FORMER_CONTRACTOR", "OUT_OF_SCOPE", "UNKNOWN", "SPECIAL_FORMER_EMPLOYEE", "SPECIAL_FORMER_CONTRACTOR", "FUTURE_HIRE", "SERVICE_ACCOUNT" ], "type": "string" } }, { "name": "employmentStatuses[]", "required": false, "in": "query", "description": "Filter data to personnel of these employment statuses", "schema": { "example": [ "CURRENT_EMPLOYEE" ], "type": "array", "items": { "type": "string", "enum": [ "CURRENT_EMPLOYEE", "FORMER_EMPLOYEE", "CURRENT_CONTRACTOR", "FORMER_CONTRACTOR", "OUT_OF_SCOPE", "UNKNOWN", "FUTURE_HIRE", "SERVICE_ACCOUNT", "ALL_CURRENT_PERSONNEL", "ALL_FORMER_PERSONNEL", "ALL_PERSONNEL" ] } } }, { "name": "fullCompliance", "required": false, "in": "query", "description": "Filter personnel by a compliance", "schema": { "type": "boolean" } }, { "name": "acceptedPoliciesCompliance", "required": false, "in": "query", "description": "Filter personnel by accepted policies compliance", "schema": { "type": "boolean" } }, { "name": "identityMfaCompliance", "required": false, "in": "query", "description": "Filter personnel by identity MFA compliance", "schema": { "type": "boolean" } }, { "name": "bgCheckCompliance", "required": false, "in": "query", "description": "Filter personnel by background check compliance", "schema": { "type": "boolean" } }, { "name": "agentInstalledCompliance", "required": false, "in": "query", "description": "Filter personnel by monitor agent installation compliance", "schema": { "type": "boolean" } }, { "name": "passwordManagerCompliance", "required": false, "in": "query", "description": "Filter personnel by password manager compliance", "schema": { "type": "boolean" } }, { "name": "autoUpdatesCompliance", "required": false, "in": "query", "description": "Filter personnel by auto updates compliance", "schema": { "type": "boolean" } }, { "name": "locationServicesCompliance", "required": false, "in": "query", "description": "Filter personnel by location services compliance", "schema": { "type": "boolean" } }, { "name": "hdEncryptionCompliance", "required": false, "in": "query", "description": "Filter personnel by HD encryption compliance", "schema": { "type": "boolean" } }, { "name": "antivirusCompliance", "required": false, "in": "query", "description": "Filter personnel by antivirus compliance", "schema": { "type": "boolean" } }, { "name": "lockScreenCompliance", "required": false, "in": "query", "description": "Filter personnel by lock screen compliance", "schema": { "type": "boolean" } }, { "name": "securityTrainingCompliance", "required": false, "in": "query", "description": "Filter personnel by security training compliance", "schema": { "type": "boolean" } }, { "name": "hipaaTrainingCompliance", "required": false, "in": "query", "description": "Filter personnel by HIPAA Training compliance", "schema": { "type": "boolean" } }, { "name": "nistaiTrainingCompliance", "required": false, "in": "query", "description": "Filter personnel by AI Awareness TRaining compliance", "schema": { "type": "boolean" } }, { "name": "deviceCompliance", "required": false, "in": "query", "description": "Filter personnel by their device compliance", "schema": { "type": "boolean" } }, { "name": "multiSecurityTrainingCompliance", "required": false, "in": "query", "description": "Filter personnel by their training compliance", "schema": { "type": "boolean" } }, { "name": "multiTrainingComplianceType", "required": false, "in": "query", "description": "Type of training campaigns (default: SECURITY_TRAINING)", "schema": { "example": "SECURITY_TRAINING", "enum": [ "SECURITY_TRAINING", "HIPAA_TRAINING", "NIST_AI_TRAINING" ], "type": "string" } }, { "name": "offboardingEvidence", "required": false, "in": "query", "description": "Filter personnel by their offboarding evidence compliance", "schema": { "type": "boolean" } }, { "name": "groupIds", "required": false, "in": "query", "description": "List of groups to find personnel by", "schema": { "type": "array", "items": { "type": "number" } } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: NAME)", "schema": { "example": "NAME", "enum": [ "NAME", "EMPLOYMENT_STATUS", "ACCEPTED_POLICIES", "FULL_COMPLIANCE", "IDENTITY_MFA", "BG_CHECK", "AGENT_INSTALLED", "OS_VERSION", "SERIAL_NUM", "PASSWORD_MANAGER", "AUTO_UPDATES", "HDD_ENCRYPTION", "ANTIVIRUS", "APPS_COUNT", "START_DATE", "SEPARATION_DATE", "LOCK_SCREEN", "SECURITY_TRAINING", "HIPAA_TRAINING", "NIST_AI_TRAINING", "OFFBOARDING" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "example": "ASC", "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "mdmSourceType", "required": false, "in": "query", "description": "Filter data to personnel of this Mdm source type", "schema": { "example": "AGENT", "enum": [ "AGENT", "JAMF", "INTUNE", "KANDJI", "JUMPCLOUD", "HEXNODE_UEM", "UNKNOWN", "RIPPLING", "WORKSPACE_ONE", "KOLIDE", "CUSTOM", "INTUNE_GCC_HIGH", "CUSTOM_XFA", "NINJAONE" ], "type": "string" } }, { "name": "inverseMdmSourceTypes[]", "required": false, "in": "query", "description": "Inverse filter data to personnel of these Mdm source types", "schema": { "example": [ "AGENT" ], "type": "array", "items": { "type": "string", "enum": [ "AGENT", "JAMF", "INTUNE", "KANDJI", "JUMPCLOUD", "HEXNODE_UEM", "UNKNOWN", "RIPPLING", "WORKSPACE_ONE", "KOLIDE", "CUSTOM", "INTUNE_GCC_HIGH", "CUSTOM_XFA", "NINJAONE" ] } } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelTableResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find personnel by search terms and filters", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-get" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/personnel/{id}": { "get": { "description": "Get the full detail of a personnel record\n\nšŸ”’ Requires **Personnel: Get Personnel** permission.", "operationId": "PersonnelPublicController_getPersonnelDetails", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get personnel by id", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-get-personnel-details" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/personnel/{email}/email": { "get": { "description": "Get the full detail of a personnel record\n\nšŸ”’ Requires **Personnel: Get Personnel** permission.", "operationId": "PersonnelPublicController_getPersonnelDetailsByEmail", "parameters": [ { "name": "email", "required": true, "in": "path", "schema": { "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get personnel by email", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-get-personnel-details" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/personnel/{id}/contract-dates": { "put": { "description": "Update the hire and separation dates of a personnel record\n\nšŸ”’ Requires **Personnel: Update Personnel's Hire and Separation Dates - applies to V1 only** permission.", "operationId": "PersonnelPublicController_updateContractDates", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelContractDateRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "409": { "description": "There is a conflict in the business rules with this request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update personnel contract dates", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-put-contract-dates" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/personnel/{id}/status": { "put": { "description": "Update the employment status of a personnel record\n\nšŸ”’ Requires **Personnel: Update Personnel's Employment Status - applies to V1 only** permission.", "operationId": "PersonnelPublicController_updateStatus", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelStatusRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "409": { "description": "There is a conflict in the business rules with this request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update personnel employment status", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-put-employment-status" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/personnel/reset-sync/{personnelId}": { "put": { "description": "Re-enable IdP/HRIS sync for a given personnel record\n\nšŸ”’ Requires **Personnel: Reset Personnel's IdP/HRIS Sync Status** permission.", "operationId": "PersonnelPublicController_resetSyncForPersonnel", "parameters": [ { "name": "personnelId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "409": { "description": "There is a conflict in the business rules with this request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Reset personnel sync status", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-put-reset-resync" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/personnel/all/reset-sync": { "put": { "description": "Re-enable IdP/HRIS sync for a all personnel records\n\nšŸ”’ Requires **Personnel: Reset Personnel's IdP/HRIS Sync Status** permission.", "operationId": "PersonnelPublicController_resetSyncForAllPersonnel", "parameters": [], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "409": { "description": "There is a conflict in the business rules with this request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Reset sync status for all personnel", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-put-reset-resync" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/personnel/some/reset-sync": { "put": { "description": "Re-enable IdP/HRIS sync for some personnel records\n\nšŸ”’ Requires **Personnel: Reset Personnel's IdP/HRIS Sync Status** permission.", "operationId": "PersonnelPublicController_resetSyncForSomePersonnel", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelResetStatusRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PersonnelDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "409": { "description": "There is a conflict in the business rules with this request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Reset sync status for some personnel", "tags": [ "Personnel" ], "x-drata-permissions": [ "personnel-put-reset-resync" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/policies": { "get": { "description": "Returns the list of policies and their metadata\n\nšŸ”’ Requires **Policies: List Policies** permission.", "operationId": "PoliciesPublicController_getPolicies", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data to search term", "schema": { "example": "Acceptable Use Policy", "type": "string" } }, { "name": "userId", "required": false, "in": "query", "description": "User ID of the policy owner", "schema": { "example": 1, "type": "number" } }, { "name": "hasPublishedVersion", "required": false, "in": "query", "description": "Filter policies data by current published or latest version", "schema": { "type": "boolean" } }, { "name": "hasApprovedVersion", "required": false, "in": "query", "description": "Temporary property to filter policies data by current published or latest version.\n This property will coexist with the new property hasPublishedVersion until fully migrated to the client.", "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PoliciesResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get policies", "tags": [ "Policies" ], "x-drata-permissions": [ "policies-get-policies" ], "x-product-area": [ "POLICY_CENTER" ] } }, "/policies/{policyId}": { "get": { "description": "Returns a policy by ID\n\nšŸ”’ Requires **Policies: List Policies** permission.", "operationId": "PoliciesPublicController_getPolicy", "parameters": [ { "name": "policyId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PolicyWithReplaceResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get policy by ID", "tags": [ "Policies" ], "x-drata-permissions": [ "policies-get-policies" ], "x-product-area": [ "POLICY_CENTER" ] } }, "/policy-version/{id}/download": { "get": { "description": "Returns the signed URL of a policy version, used to download the document\n\nšŸ”’ Requires **Policies: Get Policy Version** permission.", "operationId": "PoliciesPublicController_getPolicyVersionDownloadUrl", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserSignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get signed URL of a policy version", "tags": [ "Policies" ], "x-drata-permissions": [ "policies-get-policy-version" ], "x-product-area": [ "POLICY_CENTER" ] } }, "/policies/{id}/current-published/download": { "get": { "description": "Returns the signed URL of a policy's current published version, used to download the document\n\nšŸ”’ Requires **Policies: Get Policy Version** permission.", "operationId": "PoliciesPublicController_getCurrentPublishedPolicyDownloadUrl", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "withAppendix", "required": false, "in": "query", "description": "Specify if the downloaded policy will contain appendix", "schema": { "nullable": true, "default": false, "example": true, "type": "boolean" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserSignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get signed URL of a policy's current published version", "tags": [ "Policies" ], "x-drata-permissions": [ "policies-get-policy-version" ], "x-product-area": [ "POLICY_CENTER" ] } }, "/policies/{id}/current-published/download/pdf": { "get": { "description": "Returns the signed URL of a policy's current published version, used to download the PDF version of the document\n\nšŸ”’ Requires **Policies: Get Policy Version** permission.", "operationId": "PoliciesPublicController_getCurrentPublishedPolicyPdfDownloadUrl", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserSignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get signed URL of a policy's current published version as PDF", "tags": [ "Policies" ], "x-drata-permissions": [ "policies-get-policy-version" ], "x-product-area": [ "POLICY_CENTER" ] } }, "/workspaces/{workspaceId}/policies/{policyId}/associated-controls": { "get": { "description": "Returns the controls associated with a policy\n\nšŸ”’ Requires **Controls: List Controls** permission.", "operationId": "PoliciesPublicController_getPolicyAssociatedControls", "parameters": [ { "name": "policyId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: NAME)", "schema": { "example": "NAME", "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data", "schema": { "default": 1, "example": 1, "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "workspaceId", "required": true, "in": "path", "description": "The Workspace ID associated to the Account", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PolicyAssociatedControlsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get controls associated with a policy", "tags": [ "Policies" ], "x-drata-permissions": [ "controls-get" ], "x-product-area": [ "POLICY_CENTER" ] } }, "/user-identities/infrastructure": { "get": { "description": "List infrastructure user identities by username or email\n\nšŸ”’ Requires **Connections: Manage Infrastructure User Identities** permission.", "operationId": "UserIdentitiesPublicController_listInfrastructureUsersIdentities", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for identity id, username or email", "schema": { "example": "1a2b3c", "type": "string" } }, { "name": "clientType", "required": false, "in": "query", "description": "The target client type", "schema": { "example": "AWS", "enum": [ "AWS", "AWS_GOV_CLOUD", "DIGITAL_OCEAN", "GCP", "HEROKU", "AZURE", "AZURE_ORG_UNITS", "MONGO_DB_ATLAS", "CLOUDFLARE", "AWS_ORG_UNITS" ], "type": "string" } }, { "name": "connectionId", "required": false, "in": "query", "description": "The target connection id (more granular than client type)", "schema": { "example": 1, "type": "number" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: USERNAME)", "schema": { "example": "USERNAME", "enum": [ "IDENTITY_ID", "USERNAME", "EMAIL", "CONNECTED_AT", "DISCONNECTED_AT", "SERVICE_ACCOUNT", "HAS_MFA", "ADMIN_ACCESS", "DB_ACCESS", "USER", "CLIENT_ID", "CLIENT_ALIAS", "CONNECTION_STATUS", "CONNECTION_STATUS_MULTIVERSE" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "example": "ASC", "enum": [ "ASC", "DESC" ], "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentitiesInfrastructureResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find infrastructure user identities", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-infrastructure-get-accounts" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/user-identities/infrastructure/{id}/connect": { "put": { "description": "Update the connection status for the target infrastructure user identity\n\nšŸ”’ Requires **Connections: Manage Infrastructure User Identities** permission.", "operationId": "UserIdentitiesPublicController_updateUserIdentityInfrastructureConnection", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityInfrastructureConnectRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityInfrastructureResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update infrastructure user identity connection status", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-infrastructure-put-toggle" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/user-identities/infrastructure/{id}/toggle": { "put": { "description": "Update the toggle setting for the target infrastructure user identity\n\nšŸ”’ Requires **Connections: Manage Infrastructure User Identities** permission.", "operationId": "UserIdentitiesPublicController_toggleUserIdentityInfrastructureSetting", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityInfrastructureToggleRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityInfrastructureResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update target infrastructure user identity toggle settings", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-infrastructure-put-connect" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/user-identities/infrastructure/{id}/service-account": { "put": { "description": "Update the target infrastructure user identity to a service account\n\nšŸ”’ Requires **Connections: Manage Infrastructure User Identities** permission.", "operationId": "UserIdentitiesPublicController_setUserIdentityInfrastructureServiceStatus", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityInfrastructureServiceStatusRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityInfrastructureResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update infrastructure user identity to a service account", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-infrastructure-put-set-service-account" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/user-identities/version-control": { "get": { "description": "List user version control identities for the target client type.\n\nšŸ”’ Requires **Connections: Manage Version Control User Identities** permission.", "operationId": "UserIdentitiesPublicController_listUsersIdentitiesVersionControl", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for identity id, username or email", "schema": { "example": "1a2b3c", "type": "string" } }, { "name": "clientType", "required": false, "in": "query", "description": "The target client type", "schema": { "example": "GITHUB", "enum": [ "BITBUCKET", "GITHUB", "GITHUB_ENTERPRISE", "GITLAB", "GITLAB_ON_PREM", "AZURE_REPOS", "AWS_CODECOMMIT" ], "type": "string" } }, { "name": "connectionId", "required": false, "in": "query", "description": "The target connection id (more granular than client type)", "schema": { "example": 1, "type": "number" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: USERNAME)", "schema": { "example": "USERNAME", "enum": [ "IDENTITY_ID", "USERNAME", "EMAIL", "CONNECTED_AT", "DISCONNECTED_AT", "SERVICE_ACCOUNT", "HAS_MFA", "WRITE_ACCESS", "PUSH_PROD_CODE_ACCESS", "USER", "CLIENT_ID", "CONNECTION_STATUS", "CONNECTION_STATUS_MULTIVERSE" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "example": "ASC", "enum": [ "ASC", "DESC" ], "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentitiesVersionControlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find version control user identities", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-version-control-get-accounts" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/user-identities/version-control/{id}/connect": { "put": { "description": "Update the connection status for the target version control user identity\n\nšŸ”’ Requires **Connections: Manage Version Control User Identities** permission.", "operationId": "UserIdentitiesPublicController_updateUserIdentityVersionControlConnection", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityVersionControlConnectRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityVersionControlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update version control user identity connection status", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-version-control-put-connect" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/user-identities/version-control/{id}/toggle": { "put": { "description": "Update the toggle setting for the target version control user identity\n\nšŸ”’ Requires **Connections: Manage Version Control User Identities** permission.", "operationId": "UserIdentitiesPublicController_toggleUserIdentityVersionControlSetting", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityVersionControlToggleRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityVersionControlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update target version control user identity toggle settings", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-version-control-put-toggle" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/user-identities/version-control/{id}/service-account": { "put": { "description": "Update the target version control user identity to a service account\n\nšŸ”’ Requires **Connections: Manage Version Control User Identities** permission.", "operationId": "UserIdentitiesPublicController_setUserIdentityVersionControlServiceStatus", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityVersionControlServiceStatusRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserIdentityVersionControlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update version control user identity to a service account", "tags": [ "User Identities" ], "x-drata-permissions": [ "user-identity-version-control-put-set-service-account" ], "x-product-area": [ "INFRASTRUCTURE_USER_SYNC" ] } }, "/users/{id}/policies": { "get": { "description": "List the latest policy version that was distributed to a user to see if they've accepted it\n\nšŸ”’ Requires **User Policies: List User's Assigned Policies** permission.", "operationId": "UserPoliciesPublicController_getPolicyVersionsForUser", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserPolicyVersionsResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get User Policy Acknowledgement List", "tags": [ "User Policies" ], "x-drata-permissions": [ "user-policies-get-user-policies" ], "x-product-area": [ "POLICY_CENTER" ] } }, "/users": { "get": { "description": "List users given the provided search terms and filters\n\nšŸ”’ Requires **Users: List Users** permission.", "operationId": "UsersPublicController_listUsers", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "User first name, or last name, or email, or full name", "schema": { "example": "John Doe", "type": "string" } }, { "name": "roles[]", "required": false, "in": "query", "description": "A set of User Roles to filter to", "schema": { "minItems": 1, "example": [ "ADMIN", "TECHGOV" ], "type": "array", "items": { "type": "string", "enum": [ "EMPLOYEE", "TECHGOV", "AUDITOR", "ADMIN", "ACT_AS_READ_ONLY", "APP", "RISK_MANAGER", "WORKSPACE_ADMINISTRATOR", "SERVICE_USER", "REVIEWER", "CONTROL_MANAGER", "PEOPLE_OPS", "POLICY_MANAGER", "DEVOPS_ENGINEER", "KNOWLEDGE_BASE", "TRUST_CENTER_MANAGER", "TRUST_CENTER_REVIEWER", "RISK_REGISTER_OWNER", "INTERNAL_AUDITOR", "RESTRICTED_CONTROL_MANAGER", "RESTRICTED_RISK_MANAGER", "READONLY_ADMIN", "READONLY_TECHGOV", "READONLY_RISK_MANAGER", "READONLY_CONTROL_MANAGER", "READONLY_POLICY_MANAGER", "READONLY_PEOPLE_OPS", "READONLY_WORKSPACE_ADMINISTRATOR", "READONLY_RESTRICTED_CONTROL_MANAGER", "READONLY_RESTRICTED_RISK_MANAGER", "READONLY_RISK_REGISTER_OWNER", "READONLY_REVIEWER", "READONLY_DEVOPS_ENGINEER", "READONLY_TRUST_CENTER_MANAGER" ] } } }, { "name": "excludeUserIds[]", "required": false, "in": "query", "description": "A set of user ids to exclude from the returned set", "schema": { "minItems": 1, "maxItems": 500, "nullable": true, "example": [ 1, 2, 3 ], "type": "array", "items": { "type": "number" } } }, { "name": "excludeRoles[]", "required": false, "in": "query", "description": "A set of roles to exclude from the returned set", "schema": { "minItems": 1, "maxItems": 300, "nullable": true, "example": [ "WORKSPACE_ADMINISTRATOR", "TECHGOV" ], "type": "array", "items": { "type": "string", "enum": [ "EMPLOYEE", "TECHGOV", "AUDITOR", "ADMIN", "ACT_AS_READ_ONLY", "APP", "RISK_MANAGER", "WORKSPACE_ADMINISTRATOR", "SERVICE_USER", "REVIEWER", "CONTROL_MANAGER", "PEOPLE_OPS", "POLICY_MANAGER", "DEVOPS_ENGINEER", "KNOWLEDGE_BASE", "TRUST_CENTER_MANAGER", "TRUST_CENTER_REVIEWER", "RISK_REGISTER_OWNER", "INTERNAL_AUDITOR", "RESTRICTED_CONTROL_MANAGER", "RESTRICTED_RISK_MANAGER", "READONLY_ADMIN", "READONLY_TECHGOV", "READONLY_RISK_MANAGER", "READONLY_CONTROL_MANAGER", "READONLY_POLICY_MANAGER", "READONLY_PEOPLE_OPS", "READONLY_WORKSPACE_ADMINISTRATOR", "READONLY_RESTRICTED_CONTROL_MANAGER", "READONLY_RESTRICTED_RISK_MANAGER", "READONLY_RISK_REGISTER_OWNER", "READONLY_REVIEWER", "READONLY_DEVOPS_ENGINEER", "READONLY_TRUST_CENTER_MANAGER" ] } } }, { "name": "includeUserIds[]", "required": false, "in": "query", "description": "A set of users to return", "schema": { "minItems": 1, "maxItems": 300, "nullable": true, "example": [ 1, 2, 3 ], "type": "array", "items": { "type": "number" } } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UsersResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find users by search terms and filters", "tags": [ "Users" ], "x-drata-permissions": [ "users-get" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/users/{id}": { "get": { "description": "Get the full detail of a user record\n\nšŸ”’ Requires **Users: Get User** permission.", "operationId": "UsersPublicController_getUserById", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get user by id", "tags": [ "Users" ], "x-drata-permissions": [ "user-get" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/users/{email}/email": { "get": { "description": "Get the full detail of a user record\n\nšŸ”’ Requires **Users: Get User** permission.", "operationId": "UsersPublicController_getUserByEmail", "parameters": [ { "name": "email", "required": true, "in": "path", "schema": { "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get user by email", "tags": [ "Users" ], "x-drata-permissions": [ "user-get" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/users/{id}/documents": { "get": { "description": "List user documents given the provided search terms and filters.\n\nšŸ”’ Requires **Users: List User Documents** permission.", "operationId": "UsersPublicController_getAllDocuments", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter documents by name", "schema": { "example": "Security training 2020", "type": "string" } }, { "name": "type", "required": false, "in": "query", "description": "Filter documents by their type", "schema": { "example": "SEC_TRAINING", "enum": [ "SEC_TRAINING", "PASSWORD_MANAGER_EVIDENCE", "AUTO_UPDATES_EVIDENCE", "HARD_DRIVE_ENCRYPTION_EVIDENCE", "ANTIVIRUS_EVIDENCE", "LOCK_SCREEN_EVIDENCE", "MFA_EVIDENCE", "HIPAA_TRAINING_EVIDENCE", "OFFBOARDING_EVIDENCE", "NIST_AI_TRAINING_EVIDENCE" ], "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserAllDocumentsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find user documents by user id", "tags": [ "Users" ], "x-drata-permissions": [ "users-get-documents" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] }, "post": { "description": "Upload document for user.\n\nšŸ”’ Requires **Users: Create User Document** permission.", "operationId": "UsersPublicController_uploadDocumentForUser", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/UserDocumentRequestPublicDto" } }, "application/json": { "schema": { "$ref": "#/components/schemas/UserDocumentRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserDocumentResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Upload a document for user by user id", "tags": [ "Users" ], "x-drata-permissions": [ "users-post-document" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/users/documents/{id}/download": { "get": { "description": "Get signed download link for user document.\n\nšŸ”’ Requires **Users: Download User Document** permission.", "operationId": "UsersPublicController_getUserDocumentDownloadUrl", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SignedUrlResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get user document download link by document id", "tags": [ "Users" ], "x-drata-permissions": [ "users-get-download-user-document" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/users/documents/{docId}/{userId}": { "delete": { "description": "Remove user document.\n\nšŸ”’ Requires **Users: Delete User Document** permission.", "operationId": "UsersPublicController_deleteDocumentForUser", "parameters": [ { "name": "docId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "userId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful" }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Remove user document by document id and user id", "tags": [ "Users" ], "x-drata-permissions": [ "users-delete-document" ], "x-product-area": [ "PERSONNEL_COMPLIANCE" ] } }, "/vendors": { "get": { "description": "List vendors given the provided search terms and filters\n\nšŸ”’ Requires **Vendors: List Vendors** permission.", "operationId": "VendorsPublicController_listVendors", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data to search term", "schema": { "example": "Acme", "type": "string" } }, { "name": "sort", "required": false, "in": "query", "description": "Which type of sort (default: NAME)", "schema": { "example": "NAME", "enum": [ "CATEGORY", "NAME", "POLICY", "RISK", "USER", "TYPE", "STATUS", "IMPACT_LEVEL" ], "type": "string" } }, { "name": "sortDir", "required": false, "in": "query", "description": "Which direction to sort the data (default: ASC)", "schema": { "example": "ASC", "enum": [ "ASC", "DESC" ], "type": "string" } }, { "name": "category", "required": false, "in": "query", "description": "Filter data to vendors of this category", "schema": { "maxItems": 10, "example": [ "ENGINEERING" ], "type": "array", "items": { "type": "string", "enum": [ "ENGINEERING", "PRODUCT", "MARKETING", "CS", "SALES", "FINANCE", "HR", "ADMINISTRATIVE", "SECURITY", "LEGAL", "INFORMATION_TECHNOLOGY", "NONE" ] } } }, { "name": "risk", "required": false, "in": "query", "description": "Filter data to vendors of this risk level", "schema": { "maxItems": 10, "example": [ "MODERATE" ], "type": "array", "items": { "type": "string", "enum": [ "NONE", "LOW", "MODERATE", "HIGH" ] } } }, { "name": "status", "required": false, "in": "query", "description": "The status of vendor", "schema": { "maxItems": 10, "example": [ "UNDER_REVIEW" ], "type": "array", "items": { "type": "string", "enum": [ "PROSPECTIVE", "ACTIVE", "ARCHIVED", "APPROVED", "REJECTED", "FLAGGED", "ON_HOLD", "OFFBOARDED", "UNDER_REVIEW", "NONE" ] } } }, { "name": "contactEmail", "required": false, "in": "query", "description": "The contact email of vendor", "schema": { "format": "email", "example": "user@vendor.com", "type": "string" } }, { "name": "contactName", "required": false, "in": "query", "description": "The name of the primary contact person", "schema": { "example": "John Doe", "type": "string" } }, { "name": "critical", "required": false, "in": "query", "description": "Filter data to vendors depending on if it is considered critical", "schema": { "example": false, "type": "boolean" } }, { "name": "passwordPolicy", "required": false, "in": "query", "description": "Filter data to vendors with this password policy", "schema": { "example": "USERNAME_PASSWORD", "enum": [ "USERNAME_PASSWORD", "SSO", "LDAP", "NONE", "NOT_APPLICABLE", "SCIM", "OTHER" ], "type": "string" } }, { "name": "userId", "required": false, "in": "query", "description": "Filter data to persons responsible for vendors. Accepts multiple user IDs.", "schema": { "maxItems": 10, "example": [ 1 ], "type": "array", "items": { "type": "number", "maximum": 1000000000, "minimum": 1 } } }, { "name": "withLastQuestionnaires", "required": false, "in": "query", "description": "Add last questionnaires to vendors", "schema": { "example": false, "type": "boolean" } }, { "name": "type", "required": false, "in": "query", "description": "Filter data to vendors of this type", "schema": { "maxItems": 10, "example": [ "CONTRACTOR" ], "type": "array", "items": { "type": "string", "enum": [ "VENDOR", "SUPPLIER", "CONTRACTOR", "PARTNER", "OTHER", "NONE" ] } } }, { "name": "impactLevel", "required": false, "in": "query", "description": "Vendor overall impact level", "schema": { "maxItems": 10, "example": [ "INSIGNIFICANT" ], "type": "array", "items": { "type": "string", "enum": [ "INSIGNIFICANT", "MINOR", "MODERATE", "MAJOR", "CRITICAL", "UNSCORED" ] } } }, { "name": "isArchived", "required": false, "in": "query", "description": "Get archived or unarchived vendors", "schema": { "example": false, "type": "boolean" } }, { "name": "renewalDate", "required": false, "in": "query", "description": "Vendor renewal date", "schema": { "example": "2025-07-01T16:45:55.246Z", "type": "string" } }, { "name": "renewalScheduleType", "required": false, "in": "query", "description": "Vendor renewal schedule type", "schema": { "example": "ONE_YEAR", "enum": [ "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "ONE_YEAR", "CUSTOM", "NONE" ], "type": "string" } }, { "name": "renewalDateStatus", "required": false, "in": "query", "description": "Vendor renewal status based on how close it is to the renewal due date", "schema": { "example": "COMPLETED", "enum": [ "NO_RENEWAL", "COMPLETED", "RENEWAL_DUE_SOON", "RENEWAL_DUE" ], "type": "string" } }, { "name": "nextReviewDeadlineStatus", "required": false, "in": "query", "description": "Vendor next review deadline from security review", "schema": { "maxItems": 10, "example": [ "NO_RENEWAL" ], "type": "array", "items": { "type": "string", "enum": [ "NO_RENEWAL", "DUE_SOON", "OVERDUE" ] } } }, { "name": "scheduledQuestionnaireStatus", "required": false, "in": "query", "description": "Vendor scheduled questionnaire status", "schema": { "example": "ENABLED", "enum": [ "ENABLED", "DISABLED" ], "type": "string" } }, { "name": "securityReviewStatus", "required": false, "in": "query", "description": "Vendor security review status", "schema": { "maxItems": 10, "example": [ "NO_SECURITY" ], "type": "array", "items": { "type": "string", "enum": [ "NO_SECURITY", "UP_TO_DATE", "IN_PROGRESS", "NEEDS_REVIEW", "COMPLETED", "NO_PAST_REVIEW" ] } } }, { "name": "sharedAccountId", "required": false, "in": "query", "description": "Shared account id", "schema": { "type": "string" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find vendors by search terms and filters", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-get" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] }, "post": { "description": "Create a new vendor resource in the account\n\nšŸ”’ Requires **Vendors: Create Vendor** permission.", "operationId": "VendorsPublicController_createVendor", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorCreateRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Add a new vendor to the account", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-post" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/vendors/stats": { "get": { "description": "Get vendors stats given inclusion and exclusion arrays\n\nšŸ”’ Requires **Vendors: Get Vendors Statistics** permission.", "operationId": "VendorsPublicController_getVendorsStats", "parameters": [ { "name": "includeScopes", "required": false, "in": "query", "description": "Allow list to include stats", "schema": { "uniqueItems": true, "nullable": true, "example": [ "reminder", "passwordPolicy" ], "type": "array", "items": { "type": "string", "enum": [ "businessUnits", "hasPii", "impactLevel", "isCritical", "subprocessors", "passwordPolicy", "reminder", "risk", "status", "type" ] } } }, { "name": "excludeScopes", "required": false, "in": "query", "description": "List to exclude stats with less precedence than include list", "schema": { "uniqueItems": true, "nullable": true, "example": [ "businessUnits", "passwordPolicy" ], "type": "array", "items": { "type": "string", "enum": [ "businessUnits", "hasPii", "impactLevel", "isCritical", "subprocessors", "passwordPolicy", "reminder", "risk", "status", "type" ] } } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorsStatsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Get vendors statistics", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-get-stats" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/vendors/{id}": { "get": { "description": "Get a vendor\n\nšŸ”’ Requires **Vendors: Get Vendor** permission.", "operationId": "VendorsPublicController_getVendor", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find vendor by id", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-get-vendor" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] }, "put": { "description": "Update a vendor\n\nšŸ”’ Requires **Vendors: Update Vendor** permission.", "operationId": "VendorsPublicController_updateVendor", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorModifyRequestPublicDto" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update vendor details by id", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-put" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] }, "delete": { "description": "Delete a vendor\n\nšŸ”’ Requires **Vendors: Delete Vendor** permission.", "operationId": "VendorsPublicController_deleteVendor", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "Successful" }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Remove a vendor by id", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-delete" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/vendors/{id}/documents": { "post": { "description": "Upload vendor documents\n\nšŸ”’ Requires **Vendors: Upload Vendor Report** permission.", "operationId": "VendorsPublicController_uploadVendorDocument", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/VendorDocumentRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "413": { "description": "The file was too large to upload", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "503": { "description": "Third party system was unavailable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Upload document by vendor id", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-post-document" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/vendors/{id}/status": { "put": { "description": "Update vendor status to archive or activate a vendor\n\nšŸ”’ Requires **Vendors: Update Vendor's Status** permission.", "operationId": "VendorsPublicController_updateVendorStatus", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorStatusRequestPublicDto" } } } }, "responses": { "200": { "description": "Successful", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update vendor status", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-patch-status" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/vendors/{id}/questionnaires": { "get": { "description": "List vendor questionnaires by vendor id\n\nšŸ”’ Requires **Vendors: List Vendor Questionnaire** permission.", "operationId": "VendorsPublicController_listVendorQuestionnaires", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 50, "default": 20, "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/QuestionnairesSentResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find vendor questionnaires by vendor id, page and limit", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-get-questionnaires" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] }, "post": { "description": "Send questionnaire to recipient email\n\nšŸ”’ Requires **Vendors: Send Questionnaire to Vendor** permission.", "operationId": "VendorsPublicController_sendQuestionnaireEmail", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/QuestionnaireSentRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/QuestionnairesSentResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Add a questionnaire to vendor by recipient email", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-post-questionnaires" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/vendors/{id}/questionnaires/manual": { "post": { "description": "Upload security questionnaire\n\nšŸ”’ Requires **Vendors: Upload Security Questionnaire** permission.", "operationId": "VendorsPublicController_saveManualQuestionnaireFiles", "parameters": [ { "name": "id", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "multipart/form-data": { "schema": { "$ref": "#/components/schemas/QuestionnaireUploadRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/QuestionnaireSentResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Upload security questionnaire by vendor id", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-post-upload-questionnaires" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/vendors/{vendorId}/security-reviews": { "post": { "description": "Create a new vendor's security review\n\nšŸ”’ Requires **Vendors: Create Security Review** permission.", "operationId": "VendorsPublicController_createVendorSecurityReview", "parameters": [ { "name": "vendorId", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorSecurityReviewRequestPublicDto" } } } }, "responses": { "201": { "description": "Created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VendorSecurityReviewResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Save a vendor's security review", "tags": [ "Vendors" ], "x-drata-permissions": [ "vendors-post-security-review" ], "x-product-area": [ "VENDOR_PUBLIC_API" ] } }, "/customer-request": { "get": { "description": "Get customer request list\n\nšŸ”’ Requires **Customer Request: Get Customer Request** permission.", "operationId": "CustomerRequestPublicController_getCustomerRequestList", "parameters": [ { "name": "page", "required": false, "in": "query", "description": "Which page of data are you requesting", "schema": { "minimum": 1, "default": 1, "type": "number" } }, { "name": "limit", "required": false, "in": "query", "description": "How many items are you requesting", "schema": { "minimum": 1, "maximum": 200, "default": 20, "type": "number" } }, { "name": "q", "required": false, "in": "query", "description": "Filter data by searching for framework names", "schema": { "type": "string" } }, { "name": "userIds", "required": false, "in": "query", "description": "User Ids of customer request owners", "schema": { "example": [ 1 ], "type": "array", "items": { "type": "number" } } }, { "name": "isOwned", "required": false, "in": "query", "description": "Filter owned requests", "schema": { "example": true, "type": "boolean" } }, { "name": "auditId", "required": true, "in": "query", "description": "Audit ID", "schema": { "example": "123e4567-e89b-12d3-a456-426614174000", "type": "string" } }, { "name": "status", "required": false, "in": "query", "description": "Customer request statuses.", "schema": { "nullable": true, "example": [ "OUTSTANDING" ], "type": "array", "items": { "type": "string", "enum": [ "OUTSTANDING", "IN_REVIEW", "ACCEPTED", "CHANGES_REQUESTED" ] } } }, { "name": "onlyWithNewMessages", "required": false, "in": "query", "description": "Filter data only if request has new messages", "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CustomerRequestsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find customer requests by search terms and filters", "tags": [ "Customer Request" ], "x-drata-permissions": [ "customer-request-get-requests" ], "x-product-area": [ "AUDIT_HUB" ] } }, "/customer-request/{customerRequestId}/details": { "put": { "description": "Update customer request details\n\nšŸ”’ Requires **Customer Request: Update Customer Request** permission.", "operationId": "CustomerRequestPublicController_updateCustomerRequestDetails", "parameters": [ { "name": "customerRequestId", "required": true, "in": "path", "schema": { "type": "number" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateCustomerRequestDetailsRequestPublicDto" } } } }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateCustomerRequestDetailsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Update the properties of customer request entity by given id", "tags": [ "Customer Request" ], "x-drata-permissions": [ "customer-request-update-request-details" ], "x-product-area": [ "AUDIT_HUB" ] } }, "/questionnaires/{questionnaireId}/vendor/{vendorId}": { "get": { "description": "Get questionnaire answers\n\nšŸ”’ Requires **Questionnaires: List Questionnaire Answers by Vendor** permission.", "operationId": "QuestionnairesPublicController_getQuestionnaireAnswers", "parameters": [ { "name": "vendorId", "required": true, "in": "path", "schema": { "type": "number" } }, { "name": "questionnaireId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/QuestionnaireVendorAnswersResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find questionnaire answers by vendor and questionnaire", "tags": [ "Questionnaires" ], "x-drata-permissions": [ "questionnaires-answers-by-vendor-get" ], "x-product-area": [ "VENDOR_QUESTIONNAIRES_TYPEFORM" ] } }, "/questionnaires/vendor/{vendorId}/sent": { "get": { "description": "Get questionnaires sent by vendor id\n\nšŸ”’ Requires **Questionnaires: List Questionnaire Answers by Vendor** permission.", "operationId": "QuestionnairesPublicController_getQuestionnairesSentByVendor", "parameters": [ { "name": "vendorId", "required": true, "in": "path", "schema": { "type": "number" } } ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/QuestionnairesVendorsResponsePublicDto" } } } }, "400": { "description": "Malformed data and/or validation errors", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponsePublicDto" } } } }, "401": { "description": "Invalid Authorization", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "403": { "description": "You are not allowed to perform this action", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "412": { "description": "You must accept the Drata terms and conditions to use the API", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExceptionResponseDto" } } } } }, "security": [ { "bearer": [] } ], "summary": "Find all questionnaires sent to a vendor", "tags": [ "Questionnaires" ], "x-drata-permissions": [ "questionnaires-answers-by-vendor-get" ], "x-product-area": [ "VENDOR_QUESTIONNAIRES_TYPEFORM" ] } } }, "components": { "securitySchemes": { "hmac": { "type": "http", "scheme": "hmac" }, "bearer": { "scheme": "bearer", "bearerFormat": "API_KEY", "type": "http" } }, "schemas": { "QuestionnairesVendorsResponsePublicDto": { "type": "object", "properties": { "questionnairesVendors": { "description": "List of questionnaire formIds sent to a vendor", "type": "array", "items": { "$ref": "#/components/schemas/QuestionnaireVendorResponsePublicDto" } } }, "required": [ "questionnairesVendors" ] }, "QuestionnaireVendorResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Questionnaire Vendor ID" }, "title": { "type": "string", "description": "Questionnaire Vendor Title" } }, "required": [ "id", "title" ] }, "QuestionnaireVendorAnswersResponsePublicDto": { "type": "object", "properties": { "responses": { "description": "Questionnaire responses", "type": "array", "items": { "$ref": "#/components/schemas/QuestionnaireResponseResponsePublicDto" } } }, "required": [ "responses" ] }, "QuestionnaireResponseResponsePublicDto": { "type": "object", "properties": { "answers": { "description": "Questionnaire answers", "type": "array", "items": { "$ref": "#/components/schemas/QuestionnaireAnswerResponsePublicDto" } } }, "required": [ "answers" ] }, "QuestionnaireAnswerResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Questionnaire answer ID" }, "question": { "type": "string", "example": "Is there a publicly available URL for your Privacy Policy?", "description": "Questionnaire question" }, "answer": { "type": "string", "example": "Yes, you can get to this right here!", "description": "Questionnaire answer" }, "type": { "type": "string", "description": "Questionnaire answer type" } }, "required": [ "id", "question", "answer", "type" ] }, "UpdateCustomerRequestDetailsResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Customer request id" }, "code": { "type": "string", "example": "000001", "description": "Customer request details code" }, "title": { "type": "string", "example": "This is the title", "description": "Customer request details title" }, "description": { "type": "string", "nullable": true, "example": "This is the description", "description": "Customer request details description" }, "owners": { "description": "Customer List of owners", "type": "array", "items": { "$ref": "#/components/schemas/RequestOwnerResponsePublicDto" } } }, "required": [ "id", "code", "title", "owners" ] }, "RequestOwnerResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User ID" }, "email": { "type": "string", "example": "email@email.com", "description": "User email" }, "firstName": { "type": "string", "nullable": true, "example": "Sally", "description": "User first name" }, "lastName": { "type": "string", "nullable": true, "example": "Smith", "description": "User last name" }, "jobTitle": { "type": "string", "nullable": true, "example": "CEO", "description": "User job title" }, "avatarUrl": { "type": "string", "nullable": true, "example": "https://cdn-prod.imgpilot.com/avatar.png", "description": "User avatar URL" } }, "required": [ "id", "email" ] }, "UpdateCustomerRequestDetailsRequestPublicDto": { "type": "object", "properties": { "title": { "type": "string", "example": "000001", "description": "Customer request details title" }, "description": { "type": "string", "example": "This is the description", "description": "Customer request details description" }, "ownerIds": { "example": [ 1, 2, 3 ], "description": "Array of owner ids", "type": "array", "items": { "type": "number" } } }, "required": [ "title", "ownerIds" ] }, "CustomerRequestsResponsePublicDto": { "type": "object", "properties": { "totalUnreadMessages": { "type": "number", "example": 12, "description": "Total of unread messages" }, "requests": { "description": "Request messages", "allOf": [ { "$ref": "#/components/schemas/CustomerRequestListResponsePublicDto" } ] } }, "required": [ "totalUnreadMessages", "requests" ] }, "CustomerRequestListResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/ResponseDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "ResponseDto": { "type": "object", "properties": {} }, "VendorSecurityReviewResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor security review id" }, "requestedAt": { "type": "string", "format": "date-time", "description": "Requested date" }, "reviewDeadlineAt": { "type": "string", "format": "date-time", "description": "Review deadline date" }, "decision": { "type": "string", "nullable": true, "description": "The decision about the security review", "example": "APPROVED" }, "note": { "type": "string", "nullable": true, "description": "Vendor security review note" }, "status": { "type": "string", "nullable": true, "description": "The status for the security review", "example": "NOT_YET_STARTED", "enum": [ "NOT_YET_STARTED", "IN_PROGRESS", "COMPLETED", "NOT_REQUIRED" ] }, "type": { "type": "string", "nullable": true, "description": "The type for the security review", "example": "SECURITY", "enum": [ "SECURITY", "SOC_REPORT", "UPLOAD_REPORT" ] }, "user": { "description": "The related vendor security review user", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "vendor": { "description": "The related vendor security review", "allOf": [ { "$ref": "#/components/schemas/VendorResponsePublicDto" } ] }, "requesterUser": { "nullable": true, "description": "The related vendor security review requester user", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] } }, "required": [ "id", "requestedAt", "reviewDeadlineAt", "decision", "note", "status", "type", "requesterUser" ] }, "VendorSecurityReviewRequestPublicDto": { "type": "object", "properties": { "title": { "type": "string", "nullable": true, "maxLength": 191, "example": "Security review title", "description": "Vendor security review title" }, "reviewDeadlineAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Vendor security review deadline date", "nullable": false }, "requestedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Vendor security requested date", "nullable": false }, "securityReviewStatus": { "enum": [ "NOT_YET_STARTED", "IN_PROGRESS", "COMPLETED", "NOT_REQUIRED" ], "type": "string", "example": "NOT_YET_STARTED", "description": "The status for the security review" }, "securityReviewType": { "enum": [ "SECURITY", "SOC_REPORT", "UPLOAD_REPORT" ], "type": "string", "example": "SECURITY", "description": "The type for the security review" }, "requesterUserId": { "type": "number", "maximum": 1000000000, "example": 1, "description": "Optional. The user ID of the person that requested the security review. If not provided, defaults to: (1) the vendor's security owner if assigned and active, or (2) the platform admin user.", "nullable": false } }, "required": [ "reviewDeadlineAt", "securityReviewStatus", "securityReviewType" ] }, "QuestionnaireSentResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Questionnaire ID" }, "completedBy": { "type": "string", "nullable": true, "example": "Acme", "description": "Who answer the questionnaire" }, "recipientEmail": { "type": "string", "maxLength": 191, "format": "email", "example": "wc@drata.com", "description": "The email address to receive the questionnaire" }, "isCompleted": { "type": "boolean", "example": "true", "description": "The status of the questionnaire" }, "dateSent": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date when the questionnaire was sent" }, "isManualUpload": { "type": "boolean", "example": "true", "description": "Flag to know if the file is a manual uploaded questionnaire" }, "responseId": { "type": "number", "nullable": true, "example": 1, "description": "The questionnaire response id to the questionnaire data file" }, "title": { "type": "string", "example": "Vendor Questionnaire", "description": "Vendor questionnaire title" } }, "required": [ "id", "completedBy", "recipientEmail", "isCompleted", "dateSent", "isManualUpload", "responseId" ] }, "QuestionnaireUploadRequestPublicDto": { "type": "object", "properties": { "files": { "description": "Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .png", "type": "array", "items": { "type": "string", "format": "binary" } }, "securityReviewId": { "type": "number", "nullable": true, "example": 1, "description": "Security review id, when set this will attach the questionnaire to this security review." } }, "required": [ "files" ] }, "QuestionnaireSentRequestPublicDto": { "type": "object", "properties": { "email": { "type": "string", "maxLength": 191, "format": "email", "example": "wc@drata.com", "description": "The email address to receive the questionnaire" }, "questionnaireId": { "type": "number", "example": 1, "description": "Vendor questionnaire ID" }, "emailSubject": { "type": "string", "maxLength": 191, "description": "The email subject for the vendor questionnaire", "example": "Drata is conducting a security review of you." }, "emailContent": { "type": "string", "maxLength": 768, "description": "The email content for the vendor", "example": "Hi,\n\nWe'd like to conduct a security review and would like some information from you. Use this link to complete the questionnaire.\n\nThank you." }, "securityReviewId": { "type": "number", "example": 1, "description": "Security Review ID" } }, "required": [ "email", "questionnaireId", "emailContent", "securityReviewId" ] }, "QuestionnairesSentResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/QuestionnaireSentResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "VendorStatusRequestPublicDto": { "type": "object", "properties": { "vendorStatus": { "enum": [ "PROSPECTIVE", "ACTIVE", "ARCHIVED", "APPROVED", "REJECTED", "FLAGGED", "ON_HOLD", "OFFBOARDED", "UNDER_REVIEW", "NONE" ], "type": "string", "example": "ARCHIVED", "description": "Status to update the targeted vendor" } }, "required": [ "vendorStatus" ] }, "VendorDocumentRequestPublicDto": { "type": "object", "properties": { "type": { "nullable": true, "enum": [ "COMPLIANCE_REPORT", "COMPLIANCE_REPORT_REVIEW", "BRIDGE_LETTER", "UPLOADED_COMPLIANCE_REPORT_REVIEW", "QUESTIONNAIRE_ATTACHMENT", "SOC_DOCUMENT", "QUESTIONNAIRE_REPORT" ], "type": "string", "example": "COMPLIANCE_REPORT", "description": "Vendor document type" }, "file": { "type": "string", "format": "binary", "description": "Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .png, .csv. MIME type must match the file extension." }, "securityReviewId": { "type": "number", "nullable": true, "example": 1, "description": "Security review id, when set this will attach the document to this security review." } }, "required": [ "file" ] }, "VendorModifyRequestPublicDto": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 191, "example": "Acme", "description": "The name of the vendor" }, "category": { "nullable": true, "enum": [ "ENGINEERING", "PRODUCT", "MARKETING", "CS", "SALES", "FINANCE", "HR", "ADMINISTRATIVE", "SECURITY", "LEGAL", "INFORMATION_TECHNOLOGY", "NONE" ], "type": "string", "example": "ENGINEERING", "description": "The type of vendor" }, "risk": { "enum": [ "NONE", "LOW", "MODERATE", "HIGH" ], "type": "string", "example": "MODERATE", "description": "The level of risk associated with customer data" }, "status": { "nullable": true, "enum": [ "PROSPECTIVE", "ACTIVE", "ARCHIVED", "APPROVED", "REJECTED", "FLAGGED", "ON_HOLD", "OFFBOARDED", "UNDER_REVIEW", "NONE" ], "type": "string", "example": "UNDER_REVIEW", "description": "The status of vendor" }, "critical": { "type": "boolean", "nullable": true, "example": false, "description": "Does this vendor is considered as critical" }, "isSubProcessor": { "type": "boolean", "example": false, "description": "Indicates whether this vendor is considered a sub-processor" }, "isSubProcessorActive": { "type": "boolean", "example": false, "description": "Indicates whether this subprocessor is active" }, "userId": { "type": "number", "nullable": true, "maximum": 1000000000, "example": 1, "description": "The user ID of the person responsible for vendor compliance" }, "url": { "type": "string", "nullable": true, "maxLength": 768, "format": "uri", "example": "https://acme.com", "description": "Vendor URL" }, "privacyUrl": { "type": "string", "nullable": true, "maxLength": 768, "format": "uri", "example": "https://acme.com/privacy", "description": "Vendor Privacy Policy URL" }, "termsUrl": { "type": "string", "nullable": true, "maxLength": 768, "format": "uri", "example": "https://acme.com/terms", "description": "Vendor Terms of Use URL" }, "servicesProvided": { "type": "string", "nullable": true, "maxLength": 30000, "example": "Perform security scans once a month", "description": "Description of the services provided by the vendor" }, "dataStored": { "type": "string", "nullable": true, "maxLength": 30000, "example": "resulting reports of security scans", "description": "Description of the type of data the vendor stores" }, "location": { "type": "string", "maxLength": 30000, "example": "San Diego", "description": "Location where the vendor services are provided" }, "hasPii": { "type": "boolean", "example": true, "description": "Indicates whether this vendor stores any type of Personally Identifiable Information (PII)" }, "passwordPolicy": { "nullable": true, "enum": [ "USERNAME_PASSWORD", "SSO", "LDAP", "NONE", "NOT_APPLICABLE", "SCIM", "OTHER" ], "type": "string", "example": "USERNAME_PASSWORD", "description": "The vendor password policy" }, "passwordRequiresMinLength": { "type": "boolean", "example": true, "description": "Indicates whether there is a minimum length requirement for password" }, "passwordMinLength": { "type": "number", "nullable": true, "minimum": 6, "maximum": 12, "example": 8, "description": "Minimum character length required for a password" }, "passwordRequiresNumber": { "type": "boolean", "example": true, "description": "Indicates whether a password requires numbers" }, "passwordRequiresSymbol": { "type": "boolean", "example": true, "description": "Indicates whether a password requires non-alpha-numeric characters" }, "passwordMfaEnabled": { "type": "boolean", "example": true, "description": "Indicates whether multi-factor authentication is enabled for this vendor" }, "contactAtVendor": { "type": "string", "nullable": true, "maxLength": 191, "example": "John Doe", "description": "Name of the corresponding account manager for this vendor" }, "contactsEmail": { "type": "string", "nullable": true, "maxLength": 1500, "example": "jdoe@company.com;jane@company.com", "description": "Semicolon-separated list of vendor contact email addresses" }, "notes": { "type": "string", "maxLength": 30000, "example": "Meeting once a month to adjust contract", "description": "Additional notes for vendor" }, "renewalDate": { "type": "string", "nullable": true, "example": "2025-07-01T16:45:55.246Z", "description": "Vendor renewal date" }, "renewalScheduleType": { "nullable": true, "enum": [ "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "ONE_YEAR", "CUSTOM", "NONE" ], "type": "string", "example": "ONE_YEAR", "description": "Vendor renewal schedule type" }, "confirmed": { "type": "boolean", "nullable": true, "example": true, "description": "Is all vendor data confirmed?" }, "type": { "nullable": true, "enum": [ "VENDOR", "SUPPLIER", "CONTRACTOR", "PARTNER", "OTHER", "NONE" ], "type": "string", "example": "VENDOR", "description": "Vendor type identifier" }, "accountId": { "type": "string", "maxLength": 36, "example": 36, "description": "Account Id" }, "operationalImpact": { "nullable": true, "enum": [ "NONE", "LOW", "NORMAL", "IMPORTANT", "CRITICAL" ], "type": "string", "example": "IMPORTANT", "description": "Vendor level of operational impact" }, "environmentAccess": { "nullable": true, "enum": [ "NO", "READ_ONLY", "READ_WRITE" ], "type": "string", "example": "READ_ONLY", "description": "Vendor environment access privileges" }, "impactLevel": { "nullable": true, "enum": [ "INSIGNIFICANT", "MINOR", "MODERATE", "MAJOR", "CRITICAL", "UNSCORED" ], "type": "string", "example": "INSIGNIFICANT", "description": "Vendor overall impact level" }, "dataAccessedOrProcessedList": { "nullable": true, "uniqueItems": true, "type": "array", "items": { "type": "string", "enum": [ "GENERAL", "PUBLIC", "CONTROLLED_UNCLASSIFIED", "FINANCIAL", "PROPRIETARY", "EMPLOYEE_PERSONNEL", "PERSONAL_IDENTIFIABLE_INFORMATION", "PROTECTED_HEALTH_INFORMATION", "OTHER_PERSONAL_OR_SENSITIVE", "CARDHOLDER_DATA" ] }, "example": [ "FINANCIAL", "GENERAL" ], "description": "List of data accessed or processed enum type", "maxItems": 300 }, "integrations": { "uniqueItems": true, "example": [ 1, 2, 3 ], "description": "List of vendor IDs", "type": "array", "items": { "type": "number" } }, "cost": { "type": "string", "nullable": true, "example": "1088", "description": "Annual Contract Value for the vendor in Cents unit" }, "excludeIds": { "nullable": true, "description": "Excluded vendor ids.", "example": [ 1, 2 ], "type": "array", "items": { "type": "number" } } } }, "VendorsStatsResponsePublicDto": { "type": "object", "properties": { "reminder": { "nullable": true, "example": [ { "key": "RENEWAL_DUE", "amount": 1 }, { "key": "RENEWAL_DUE_SOON", "amount": 1 } ], "description": "A list with the stats of reminders for Active Vendors", "type": "array", "items": { "$ref": "#/components/schemas/VendorReminderStatsResponsePublicDto" } }, "hasPii": { "nullable": true, "example": [ { "key": "true", "amount": 1 }, { "key": "false", "amount": 1 } ], "description": "A list with the count of Active Vendors grouped by has PII value", "type": "array", "items": { "$ref": "#/components/schemas/VendorHasPiiStatsResponsePublicDto" } }, "businessUnits": { "nullable": true, "example": [ { "key": "ENGINEERING", "amount": 118 }, { "key": "PRODUCT", "amount": 2 } ], "description": "A list with the count of Active Vendors grouped by Business Unit", "type": "array", "items": { "$ref": "#/components/schemas/VendorBusinessUnitStatsResponsePublicDto" } }, "passwordPolicy": { "nullable": true, "example": [ { "key": "USERNAME_PASSWORD", "amount": 118 }, { "key": "SSO", "amount": 2 }, { "key": "NONE", "amount": 2 }, { "key": "LDAP", "amount": 2 } ], "description": "A list with the count of Active Vendors grouped by password policy", "type": "array", "items": { "$ref": "#/components/schemas/VendorPasswordPolicyResponsePublicDto" } }, "status": { "nullable": true, "example": [ { "key": "ACTIVE", "amount": 118 }, { "key": "UNDER_REVIEW", "amount": 1 } ], "description": "A list with the stats of vendors status", "type": "array", "items": { "$ref": "#/components/schemas/VendorStatusStatsResponsePublicDto" } }, "isCritical": { "nullable": true, "example": [ { "key": "Yes", "amount": 10 }, { "key": "No", "amount": 20 } ], "description": "A list with the stats of vendors is critical", "type": "array", "items": { "$ref": "#/components/schemas/VendorIsCriticalStatsResponsePublicDto" } }, "isSubProcessor": { "nullable": true, "example": [ { "key": "true", "amount": 10 }, { "key": "false", "amount": 20 } ], "description": "A list with the count of Active Vendors grouped by is sub-processor value", "type": "array", "items": { "$ref": "#/components/schemas/VendorIsSubProcessorStatsResponsePublicDto" } }, "type": { "nullable": true, "example": [ { "key": "CONTRACTOR", "amount": 1 }, { "key": "NONE", "amount": 2 }, { "key": "OTHER", "amount": 3 }, { "key": "PARTNER", "amount": 4 }, { "key": "SUPPLIER", "amount": 4 }, { "key": "VENDOR", "amount": 5 } ], "description": "A list with the count of Active Vendors grouped by type", "type": "array", "items": { "$ref": "#/components/schemas/VendorTypeStatsResponsePublicDto" } }, "risk": { "nullable": true, "example": [ { "key": "HIGH", "amount": 118 }, { "key": "MODERATE", "amount": 2 }, { "key": "LOW", "amount": 2 }, { "key": "NONE", "amount": 2 } ], "description": "A list with the stats of vendors risk", "type": "array", "items": { "$ref": "#/components/schemas/VendorsRiskStatsResponsePublicDto" } }, "impactLevel": { "nullable": true, "example": [ { "key": "CRITICAL", "amount": 7 }, { "key": "MAJOR", "amount": 12 }, { "key": "MODERATE", "amount": 1 }, { "key": "MINOR", "amount": 5 }, { "key": "INSIGNIFICANT", "amount": 21 }, { "key": "UNSCORED", "amount": 0 } ], "description": "A list with the stats of vendors impact level", "type": "array", "items": { "$ref": "#/components/schemas/VendorImpactLevelStatsResponsePublicDto" } } }, "required": [ "reminder", "hasPii", "businessUnits", "passwordPolicy", "status", "isCritical", "isSubProcessor", "type", "risk", "impactLevel" ] }, "VendorImpactLevelStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "MAJOR", "description": "Level of impact of the vendor" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorsRiskStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "HIGH", "description": "Name of the vendor risk" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorTypeStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "CONTRACTOR", "description": "Name of the vendor type (enum value or custom type name)" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorIsSubProcessorStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "true", "description": "Vendor is sub processor" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorIsCriticalStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "Yes", "description": "Name of the is critical stats" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorStatusStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "ACTIVE", "description": "Name of the vendor status" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorPasswordPolicyResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "USERNAME_PASSWORD", "description": "Name of the password policy" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorBusinessUnitStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "ENGINEERING", "description": "Vendor Business Unit" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorHasPiiStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "true", "description": "Vendor Has Pii" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorReminderStatsResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "RENEWAL_DUE", "description": "Name of the renewal status" }, "amount": { "type": "number", "example": 10, "description": "Count of records" } }, "required": [ "key", "amount" ] }, "VendorResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor ID" }, "name": { "type": "string", "example": "Acme", "description": "The name of a vendor" }, "category": { "type": "string", "nullable": true, "example": "ENGINEERING", "description": "The business domain of the vendor" }, "risk": { "type": "string", "example": "MODERATE", "description": "The vendor risk type" }, "type": { "type": "string", "nullable": true, "example": "CONTRACTOR", "description": "The vendor sub-type (Vendor, Contractor, Supplier, etc)" }, "critical": { "type": "boolean", "nullable": true, "example": false, "description": "Does the vendor is considered critical or not" }, "location": { "type": "string", "nullable": true, "example": "USA", "description": "Vendor location" }, "url": { "type": "string", "nullable": true, "example": "https://acme.com", "description": "Vendor URL" }, "privacyUrl": { "type": "string", "nullable": true, "example": "https://acme.com", "description": "Vendor Privacy Policy URL" }, "termsUrl": { "type": "string", "nullable": true, "example": "https://acme.com", "description": "Vendor Terms of Use URL" }, "trustCenterUrl": { "type": "string", "nullable": true, "example": "https://trust.drata.com", "description": "Vendor Trust Center URL" }, "trustCenterProvider": { "nullable": true, "enum": [ "ANECDOTES", "CONVEYOR", "DRATA", "HYPERCOMPLY", "SAFEBASE", "SCRUT", "SECUREFRAME", "SECURITYPAL", "SKYPHER", "SPRINTO", "TRUSTARC", "TRUSTCLOUD", "VANTA", "WHISTIC", "ZENGRC" ], "type": "string", "example": "DRATA", "description": "The providing service for this Trust Center" }, "servicesProvided": { "type": "string", "nullable": true, "example": "Perform security scans once a month", "description": "Describe vendor services" }, "dataStored": { "type": "string", "nullable": true, "example": "Resulting reports of security scans", "description": "What type of data the vendor stores" }, "hasPii": { "type": "boolean", "example": true, "description": "Does this vendor store any type of PII" }, "passwordPolicy": { "type": "string", "nullable": true, "example": "USERNAME_PASSWORD", "description": "The vendor password policy" }, "passwordRequiresMinLength": { "type": "boolean", "example": true, "description": "Is there a minimum length for user passwords" }, "passwordMinLength": { "type": "number", "nullable": true, "example": 8, "description": "Minimum character length for a password" }, "passwordRequiresNumber": { "type": "boolean", "example": true, "description": "Does a password require numbers" }, "passwordRequiresSymbol": { "type": "boolean", "example": true, "description": "Does a password require non-alpha-numeric characters" }, "passwordMfaEnabled": { "type": "boolean", "example": true, "description": "Is multi-factor authentication enabled for this vendor" }, "contactAtVendor": { "type": "string", "nullable": true, "example": "John Doe", "description": "The name of the corresponding account manager for this vendor" }, "contactsEmail": { "type": "string", "nullable": true, "example": "jdoe@company.com", "description": "The email of the corresponding account manager for this vendor" }, "notes": { "type": "string", "nullable": true, "example": "Meeting once a month to adjust contract", "description": "Additional notes for vendor" }, "logoUrl": { "type": "string", "nullable": true, "example": "https://cdn-prod.imgpilot.com/logo.png", "description": "Vendor logo URL" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Vendor created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Vendor updated date timestamp" }, "user": { "nullable": true, "description": "The user that is responsible for the compliance of this vendor", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "documents": { "description": "A list of vendor documents", "type": "array", "items": { "$ref": "#/components/schemas/VendorDocumentResponsePublicDto" } }, "lastQuestionnaire": { "type": "object", "nullable": true, "properties": { "vendorId": { "type": "number" }, "sendAt": { "type": "string" }, "sentEmail": { "type": "string" }, "file": { "type": "string" }, "respondedAt": { "type": "string" }, "responseId": { "type": "number" }, "isManualUpload": { "type": "boolean" }, "completedBy": { "type": "string" } }, "description": "The last questionnaire associated with the vendor" }, "isSubProcessor": { "type": "boolean", "example": false, "description": "Is this vendor a sub-processor?" }, "isSubProcessorActive": { "type": "boolean", "example": false, "description": "Is this vendor an active Sub-processor?" }, "archivedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp when the status of the vendor changed" }, "status": { "type": "string", "nullable": true, "example": "ACTIVE", "description": "The vendor status" }, "renewalDate": { "type": "string", "nullable": true, "example": "2020-07-06", "description": "Vendor renewal date" }, "renewalScheduleType": { "type": "string", "nullable": true, "example": "ONE_YEAR", "description": "Vendor renewal schedule type" }, "renewalDateStatus": { "type": "string", "nullable": true, "example": "COMPLETED", "description": "Vendor renewal status based on the proximity to the renewal due date" }, "confirmedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp when the vendor details were confirmed" }, "reviews": { "description": "Vendor Reviews", "type": "array", "items": { "$ref": "#/components/schemas/VendorReviewResponsePublicDto" } }, "sharedAccountId": { "type": "string", "nullable": true, "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "Shared account id" }, "isDrataUser": { "type": "boolean", "description": "Is the vendor an user of drata", "example": false, "nullable": true }, "events": { "type": "number", "nullable": true, "description": "The number of event notifications pending for the vendor", "example": 4 }, "integrations": { "nullable": true, "description": "Vendor integrations list", "type": "array", "items": { "$ref": "#/components/schemas/VendorIntegrationResponsePublicDto" } }, "cost": { "type": "string", "nullable": true, "description": "Annual Contract Value for the vendor in Cents unit", "example": "1088" }, "operationalImpact": { "type": "string", "nullable": true, "description": "Vendor level of operational impact", "example": "CRITICAL" }, "environmentAccess": { "type": "string", "nullable": true, "description": "Vendor environment access privileges", "example": "READ_ONLY" }, "impactLevel": { "type": "string", "nullable": true, "description": "Vendor overall impact level", "example": "INSIGNIFICANT" }, "dataAccessedOrProcessedList": { "nullable": true, "description": "List of data accessed or processed", "type": "array", "items": { "type": "string" } }, "latestSecurityReviews": { "nullable": true, "description": "Latest Security Reviews", "type": "array", "items": { "$ref": "#/components/schemas/VendorSecurityReviewResponsePublicDto" } }, "riskCount": { "type": "number", "nullable": true, "description": "The number of associated risks" }, "risksWithAnticipatedCompletionDateCount": { "type": "number", "nullable": true, "description": "The number of risks with anticipated completion date within the next 30 days" }, "vendorRelationshipContact": { "nullable": true, "description": "The vendor relationship contact", "example": { "id": 1, "email": "adam@drata.com", "firstName": "Adam", "lastName": "Attack", "createdAt": "2025-01-08T21:18:10.846Z", "updatedAt": "2025-01-10T23:46:09.000Z" }, "allOf": [ { "$ref": "#/components/schemas/UserCardCompactResponsePublicDto" } ] } }, "required": [ "id", "name", "category", "risk", "type", "critical", "location", "url", "privacyUrl", "termsUrl", "trustCenterUrl", "trustCenterProvider", "servicesProvided", "dataStored", "hasPii", "passwordPolicy", "passwordRequiresMinLength", "passwordMinLength", "passwordRequiresNumber", "passwordRequiresSymbol", "passwordMfaEnabled", "contactAtVendor", "contactsEmail", "notes", "logoUrl", "createdAt", "updatedAt", "user", "documents", "lastQuestionnaire", "isSubProcessor", "isSubProcessorActive", "archivedAt", "status", "renewalDate", "renewalScheduleType", "renewalDateStatus", "confirmedAt", "reviews", "sharedAccountId", "isDrataUser", "events", "integrations", "cost", "operationalImpact", "environmentAccess", "impactLevel", "dataAccessedOrProcessedList", "riskCount", "risksWithAnticipatedCompletionDateCount", "vendorRelationshipContact" ] }, "UserCardCompactResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User ID" }, "email": { "type": "string", "example": "email@email.com", "description": "User email" }, "firstName": { "type": "string", "nullable": true, "example": "Sally", "description": "User first name" }, "lastName": { "type": "string", "nullable": true, "example": "Smith", "description": "User last name" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User updated date timestamp" } }, "required": [ "id", "email", "firstName", "lastName", "createdAt", "updatedAt" ] }, "VendorIntegrationResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor ID" }, "name": { "type": "string", "example": "Acme", "description": "The name of a vendor" } }, "required": [ "id", "name" ] }, "VendorReviewResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor Review ID" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Review last updated date" }, "reviewer": { "type": "string", "nullable": true, "example": "John Doe", "description": "Reviewer name" }, "reviewDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Review date" }, "reportIssueDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Report issue date" }, "socReport": { "type": "string", "nullable": true, "example": "SOC_1", "description": "SOC report type", "enum": [ "SOC_1", "SOC_2", "SOC_3" ] }, "socReportType1": { "type": "boolean", "example": true, "description": "Flag that indicates the SOC report type applies to type 1" }, "socReportType2": { "type": "boolean", "example": true, "description": "Flag that indicates the SOC report type applies to type 2" }, "socType1StartDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Start date for SOC report type 1" }, "socType1EndDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "End date for SOC report type 1" }, "socType2StartDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Start date for SOC report type 2" }, "socType2EndDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "End date for SOC report type 2" }, "reportOpinion": { "type": "string", "nullable": true, "example": "UNQUALIFIED", "description": "Vendor report opinion", "enum": [ "UNQUALIFIED", "QUALIFIED", "ADVERSE", "DISCLAIMER" ] }, "encompassBusinessNeeds": { "type": "boolean", "example": true, "description": "Do control objectives or trust principles encompass business needs?" }, "followUpActivity": { "type": "string", "nullable": true, "example": "User must proceed to...", "description": "Follow up activity if report opinion is qualified" }, "hasMaterialImpact": { "type": "boolean", "example": true, "description": "Do the findings have any material impact on your control environment?" }, "cpaFirm": { "type": "string", "nullable": true, "example": "CPA firm name", "description": "CPA firm that performed the audit" }, "cpaProcedurePerformed": { "type": "string", "nullable": true, "example": "The following procedures were performed...", "description": "Procedures Performed to Assess Reputation of CPA Firm" }, "subserviceOrganization": { "type": "string", "nullable": true, "example": "Subservice Inc.", "description": "Subservice Organizations In Report" }, "subserviceOrganizationUsingInclusiveMethod": { "type": "boolean", "nullable": true, "example": true, "description": "Are Subservice Organizations Presented in the Report Using the Inclusive Method?" }, "subserviceOrganizationProcedurePerformed": { "type": "string", "nullable": true, "example": "The following procedures were performed...", "description": "Procedures Performed to Assess Subservice Organizations" }, "trustServiceCategories": { "description": "Procedures Performed to Assess Subservice Organizations", "type": "array", "items": { "$ref": "#/components/schemas/VendorReviewTrustServiceCategoryMapResponsePublicDto" } }, "userControls": { "description": "Procedures Performed to Assess Subservice Organizations", "type": "array", "items": { "$ref": "#/components/schemas/VendorReviewUserControlResponsePublicDto" } }, "services": { "description": "Procedures Performed to Assess Subservice Organizations", "type": "array", "items": { "$ref": "#/components/schemas/VendorReviewServiceResponsePublicDto" } }, "locations": { "description": "Procedures Performed to Assess Subservice Organizations", "type": "array", "items": { "$ref": "#/components/schemas/VendorReviewLocationResponsePublicDto" } }, "findings": { "description": "Procedures Performed to Assess Subservice Organizations", "type": "array", "items": { "$ref": "#/components/schemas/VendorReviewFindingResponsePublicDto" } } }, "required": [ "id", "updatedAt", "reviewer", "reviewDate", "reportIssueDate", "socReport", "socReportType1", "socReportType2", "socType1StartDate", "socType1EndDate", "socType2StartDate", "socType2EndDate", "reportOpinion", "encompassBusinessNeeds", "followUpActivity", "hasMaterialImpact", "cpaFirm", "cpaProcedurePerformed", "subserviceOrganization", "subserviceOrganizationUsingInclusiveMethod", "subserviceOrganizationProcedurePerformed", "trustServiceCategories", "userControls", "services", "locations", "findings" ] }, "VendorReviewFindingResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor review finding ID" }, "description": { "type": "string", "example": "Finding 1", "description": "Vendor review finding description" } }, "required": [ "id", "description" ] }, "VendorReviewLocationResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor review location ID" }, "city": { "type": "string", "example": "San Diego", "description": "Vendor review location city" }, "stateCountry": { "type": "string", "example": "CA", "description": "Vendor review location state" } }, "required": [ "id", "city", "stateCountry" ] }, "VendorReviewServiceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor review service ID" }, "name": { "type": "string", "example": "Service 1", "description": "Vendor review service name" } }, "required": [ "id", "name" ] }, "VendorReviewUserControlResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor review user control ID" }, "name": { "type": "string", "example": "End User Control 1", "description": "Vendor review user control name" }, "inPlace": { "type": "boolean", "example": true, "description": "Vendor review user control in place" } }, "required": [ "id", "name", "inPlace" ] }, "VendorReviewTrustServiceCategoryMapResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor review trust service category ID" }, "category": { "type": "number", "nullable": true, "example": "AVAILABILITY", "description": "Vendor review trust service category" } }, "required": [ "id", "category" ] }, "VendorDocumentResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor document ID" }, "name": { "type": "string", "example": "AWS SOC 2 2018", "description": "The name the file" }, "fileUrl": { "type": "string", "nullable": true, "example": "http://localhost:5000/download/vendors/1", "description": "The secure URL to access the vendor document" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp indicating the creation date of the vendor document" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp indicating the last update date of the vendor document" } }, "required": [ "id", "name", "fileUrl", "createdAt", "updatedAt" ] }, "VendorCreateRequestPublicDto": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 191, "example": "Acme", "description": "The name of the vendor" }, "category": { "nullable": true, "enum": [ "ENGINEERING", "PRODUCT", "MARKETING", "CS", "SALES", "FINANCE", "HR", "ADMINISTRATIVE", "SECURITY", "LEGAL", "INFORMATION_TECHNOLOGY", "NONE" ], "type": "string", "example": "ENGINEERING", "description": "The type of vendor" }, "risk": { "enum": [ "NONE", "LOW", "MODERATE", "HIGH" ], "type": "string", "example": "MODERATE", "description": "The level of risk associated with customer data" }, "status": { "nullable": true, "enum": [ "PROSPECTIVE", "ACTIVE", "ARCHIVED", "APPROVED", "REJECTED", "FLAGGED", "ON_HOLD", "OFFBOARDED", "UNDER_REVIEW", "NONE" ], "type": "string", "example": "UNDER_REVIEW", "description": "The status of vendor" }, "critical": { "type": "boolean", "nullable": true, "example": false, "description": "Does this vendor is considered as critical" }, "isSubProcessor": { "type": "boolean", "default": false, "example": false, "description": "Indicates whether this vendor is considered a sub-processor" }, "isSubProcessorActive": { "type": "boolean", "default": false, "example": false, "description": "Indicates whether this subprocessor is active" }, "userId": { "type": "number", "nullable": true, "maximum": 1000000000, "example": 1, "description": "The user ID of the person responsible for vendor compliance" }, "url": { "type": "string", "nullable": true, "maxLength": 768, "format": "uri", "example": "https://acme.com", "description": "Vendor URL" }, "privacyUrl": { "type": "string", "nullable": true, "maxLength": 768, "format": "uri", "example": "https://acme.com/privacy", "description": "Vendor Privacy Policy URL" }, "termsUrl": { "type": "string", "nullable": true, "maxLength": 768, "format": "uri", "example": "https://acme.com/terms", "description": "Vendor Terms of Use URL" }, "servicesProvided": { "type": "string", "nullable": true, "maxLength": 30000, "example": "Perform security scans once a month", "description": "Description of the services provided by the vendor" }, "dataStored": { "type": "string", "nullable": true, "maxLength": 30000, "example": "resulting reports of security scans", "description": "Description of the type of data the vendor stores" }, "location": { "type": "string", "maxLength": 30000, "example": "San Diego", "description": "Location where the vendor services are provided" }, "hasPii": { "type": "boolean", "default": false, "example": true, "description": "Indicates whether this vendor stores any type of Personally Identifiable Information (PII)" }, "passwordPolicy": { "nullable": true, "enum": [ "USERNAME_PASSWORD", "SSO", "LDAP", "NONE", "NOT_APPLICABLE", "SCIM", "OTHER" ], "type": "string", "example": "USERNAME_PASSWORD", "description": "The vendor password policy" }, "passwordRequiresMinLength": { "type": "boolean", "default": false, "example": true, "description": "Indicates whether there is a minimum length requirement for password" }, "passwordMinLength": { "type": "number", "nullable": true, "minimum": 6, "maximum": 12, "example": 8, "description": "Minimum character length required for a password" }, "passwordRequiresNumber": { "type": "boolean", "default": false, "example": true, "description": "Indicates whether a password requires numbers" }, "passwordRequiresSymbol": { "type": "boolean", "default": false, "example": true, "description": "Indicates whether a password requires non-alpha-numeric characters" }, "passwordMfaEnabled": { "type": "boolean", "default": false, "example": true, "description": "Indicates whether multi-factor authentication is enabled for this vendor" }, "contactAtVendor": { "type": "string", "nullable": true, "maxLength": 191, "example": "John Doe", "description": "Name of the corresponding account manager for this vendor" }, "contactsEmail": { "type": "string", "nullable": true, "maxLength": 1500, "example": "jdoe@company.com;jane@company.com", "description": "Semicolon-separated list of vendor contact email addresses" }, "notes": { "type": "string", "maxLength": 30000, "example": "Meeting once a month to adjust contract", "description": "Additional notes for vendor" }, "renewalDate": { "type": "string", "nullable": true, "example": "2025-07-01T16:45:55.246Z", "description": "Vendor renewal date" }, "renewalScheduleType": { "nullable": true, "enum": [ "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "ONE_YEAR", "CUSTOM", "NONE" ], "type": "string", "example": "ONE_YEAR", "description": "Vendor renewal schedule type" }, "confirmed": { "type": "boolean", "nullable": true, "example": true, "description": "Is all vendor data confirmed?" }, "type": { "nullable": true, "enum": [ "VENDOR", "SUPPLIER", "CONTRACTOR", "PARTNER", "OTHER", "NONE" ], "type": "string", "example": "VENDOR", "description": "Vendor type identifier" }, "accountId": { "type": "string", "maxLength": 36, "example": 36, "description": "Account Id" }, "operationalImpact": { "nullable": true, "enum": [ "NONE", "LOW", "NORMAL", "IMPORTANT", "CRITICAL" ], "type": "string", "example": "IMPORTANT", "description": "Vendor level of operational impact" }, "environmentAccess": { "nullable": true, "enum": [ "NO", "READ_ONLY", "READ_WRITE" ], "type": "string", "example": "READ_ONLY", "description": "Vendor environment access privileges" }, "impactLevel": { "nullable": true, "enum": [ "INSIGNIFICANT", "MINOR", "MODERATE", "MAJOR", "CRITICAL", "UNSCORED" ], "type": "string", "example": "INSIGNIFICANT", "description": "Vendor overall impact level" }, "dataAccessedOrProcessedList": { "nullable": true, "uniqueItems": true, "type": "array", "items": { "type": "string", "enum": [ "GENERAL", "PUBLIC", "CONTROLLED_UNCLASSIFIED", "FINANCIAL", "PROPRIETARY", "EMPLOYEE_PERSONNEL", "PERSONAL_IDENTIFIABLE_INFORMATION", "PROTECTED_HEALTH_INFORMATION", "OTHER_PERSONAL_OR_SENSITIVE", "CARDHOLDER_DATA" ] }, "example": [ "FINANCIAL", "GENERAL" ], "description": "List of data accessed or processed enum type", "maxItems": 300 }, "integrations": { "uniqueItems": true, "example": [ 1, 2, 3 ], "description": "List of vendor IDs", "type": "array", "items": { "type": "number" } }, "cost": { "type": "string", "nullable": true, "example": "1088", "description": "Annual Contract Value for the vendor in Cents unit" }, "excludeIds": { "nullable": true, "description": "Excluded vendor ids.", "example": [ 1, 2 ], "type": "array", "items": { "type": "number" } } }, "required": [ "name" ] }, "VendorsResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/VendorDirectoryResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "VendorDirectoryResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor ID" }, "name": { "type": "string", "example": "Acme", "description": "The name of a vendor" }, "category": { "type": "string", "nullable": true, "example": "ENGINEERING", "description": "The business domain of the vendor" }, "risk": { "type": "string", "example": "MODERATE", "description": "The vendor risk type" }, "type": { "type": "string", "nullable": true, "example": "CONTRACTOR", "description": "The vendor sub-type (Vendor, Contractor, Supplier, etc)" }, "critical": { "type": "boolean", "nullable": true, "example": false, "description": "Does the vendor is considered critical or not" }, "location": { "type": "string", "nullable": true, "example": "USA", "description": "Vendor location" }, "url": { "type": "string", "nullable": true, "example": "https://acme.com", "description": "Vendor URL" }, "privacyUrl": { "type": "string", "nullable": true, "example": "https://acme.com", "description": "Vendor Privacy Policy URL" }, "termsUrl": { "type": "string", "nullable": true, "example": "https://acme.com", "description": "Vendor Terms of Use URL" }, "trustCenterUrl": { "type": "string", "nullable": true, "example": "https://trust.drata.com", "description": "Vendor Trust Center URL" }, "trustCenterProvider": { "nullable": true, "enum": [ "ANECDOTES", "CONVEYOR", "DRATA", "HYPERCOMPLY", "SAFEBASE", "SCRUT", "SECUREFRAME", "SECURITYPAL", "SKYPHER", "SPRINTO", "TRUSTARC", "TRUSTCLOUD", "VANTA", "WHISTIC", "ZENGRC" ], "type": "string", "example": "DRATA", "description": "The providing service for this Trust Center" }, "servicesProvided": { "type": "string", "nullable": true, "example": "Perform security scans once a month", "description": "Describe vendor services" }, "dataStored": { "type": "string", "nullable": true, "example": "Resulting reports of security scans", "description": "What type of data the vendor stores" }, "hasPii": { "type": "boolean", "example": true, "description": "Does this vendor store any type of PII" }, "passwordPolicy": { "type": "string", "nullable": true, "example": "USERNAME_PASSWORD", "description": "The vendor password policy" }, "passwordRequiresMinLength": { "type": "boolean", "example": true, "description": "Is there a minimum length for user passwords" }, "passwordMinLength": { "type": "number", "nullable": true, "example": 8, "description": "Minimum character length for a password" }, "passwordRequiresNumber": { "type": "boolean", "example": true, "description": "Does a password require numbers" }, "passwordRequiresSymbol": { "type": "boolean", "example": true, "description": "Does a password require non-alpha-numeric characters" }, "passwordMfaEnabled": { "type": "boolean", "example": true, "description": "Is multi-factor authentication enabled for this vendor" }, "contactAtVendor": { "type": "string", "nullable": true, "example": "John Doe", "description": "The name of the corresponding account manager for this vendor" }, "contactsEmail": { "type": "string", "nullable": true, "example": "jdoe@company.com", "description": "The email of the corresponding account manager for this vendor" }, "notes": { "type": "string", "nullable": true, "example": "Meeting once a month to adjust contract", "description": "Additional notes for vendor" }, "logoUrl": { "type": "string", "nullable": true, "example": "https://cdn-prod.imgpilot.com/logo.png", "description": "Vendor logo URL" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Vendor created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Vendor updated date timestamp" }, "user": { "nullable": true, "description": "The user that is responsible for the compliance of this vendor", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "vendorRelationshipContact": { "nullable": true, "description": "The vendor relationship contact", "example": { "id": 1, "email": "adam@drata.com", "firstName": "Adam", "lastName": "Attack", "createdAt": "2025-01-08T21:18:10.846Z", "updatedAt": "2025-01-10T23:46:09.000Z" }, "allOf": [ { "$ref": "#/components/schemas/UserCardCompactResponsePublicDto" } ] }, "documents": { "description": "A list of vendor documents", "type": "array", "items": { "$ref": "#/components/schemas/VendorDocumentResponsePublicDto" } }, "lastQuestionnaire": { "type": "object", "nullable": true, "properties": { "vendorId": { "type": "number" }, "sendAt": { "type": "string" }, "sentEmail": { "type": "string" }, "file": { "type": "string" }, "respondedAt": { "type": "string" }, "responseId": { "type": "number" }, "isManualUpload": { "type": "boolean" }, "completedBy": { "type": "string" } }, "description": "The last questionnaire associated with the vendor" }, "isSubProcessor": { "type": "boolean", "example": false, "description": "Is this vendor a sub-processor?" }, "isSubProcessorActive": { "type": "boolean", "example": false, "description": "Is this vendor an active Sub-processor?" }, "archivedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp when the status of the vendor changed" }, "status": { "type": "string", "nullable": true, "example": "ACTIVE", "description": "The vendor status" }, "renewalDate": { "type": "string", "nullable": true, "example": "2020-07-06", "description": "Vendor renewal date" }, "renewalScheduleType": { "type": "string", "nullable": true, "example": "ONE_YEAR", "description": "Vendor renewal schedule type" }, "renewalDateStatus": { "type": "string", "nullable": true, "example": "COMPLETED", "description": "Vendor renewal status based on the proximity to the renewal due date" }, "confirmedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp when the vendor details were confirmed" }, "reviews": { "description": "Vendor Reviews", "type": "array", "items": { "$ref": "#/components/schemas/VendorReviewResponsePublicDto" } }, "sharedAccountId": { "type": "string", "nullable": true, "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "Shared account id" }, "isDrataUser": { "type": "boolean", "description": "Is the vendor an user of drata", "example": false, "nullable": true }, "events": { "type": "number", "nullable": true, "description": "The number of event notifications pending for the vendor", "example": 4 }, "impactLevel": { "type": "string", "nullable": true, "description": "Vendor overall impact level", "example": "INSIGNIFICANT" }, "securityReview": { "nullable": true, "description": "Vendor Security Review", "allOf": [ { "$ref": "#/components/schemas/VendorSecurityReviewCompactResponsePublicDto" } ] }, "riskCount": { "type": "number", "nullable": true, "description": "The number of associated risks" } }, "required": [ "id", "name", "category", "risk", "type", "critical", "location", "url", "privacyUrl", "termsUrl", "trustCenterUrl", "trustCenterProvider", "servicesProvided", "dataStored", "hasPii", "passwordPolicy", "passwordRequiresMinLength", "passwordMinLength", "passwordRequiresNumber", "passwordRequiresSymbol", "passwordMfaEnabled", "contactAtVendor", "contactsEmail", "notes", "logoUrl", "createdAt", "updatedAt", "user", "vendorRelationshipContact", "documents", "lastQuestionnaire", "isSubProcessor", "isSubProcessorActive", "archivedAt", "status", "renewalDate", "renewalScheduleType", "renewalDateStatus", "confirmedAt", "reviews", "sharedAccountId", "isDrataUser", "events", "impactLevel", "riskCount" ] }, "VendorSecurityReviewCompactResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Vendor security review id" }, "requestedAt": { "type": "string", "format": "date-time", "description": "Requested date" }, "reviewDeadlineAt": { "type": "string", "format": "date-time", "description": "Review deadline date" }, "decision": { "type": "string", "nullable": true, "description": "The decision about the security review", "example": "APPROVED" }, "note": { "type": "string", "nullable": true, "description": "Vendor security review note" }, "status": { "type": "string", "nullable": true, "description": "The status for the security review", "example": "NOT_YET_STARTED", "enum": [ "NOT_YET_STARTED", "IN_PROGRESS", "COMPLETED", "NOT_REQUIRED" ] }, "type": { "type": "string", "nullable": true, "description": "The type for the security review", "example": "SECURITY", "enum": [ "SECURITY", "SOC_REPORT", "UPLOAD_REPORT" ] }, "user": { "description": "The related vendor security review user", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "vendor": { "description": "The related vendor security review", "allOf": [ { "$ref": "#/components/schemas/VendorResponsePublicDto" } ] }, "requesterUser": { "nullable": true, "description": "The related vendor security review requester user", "allOf": [ { "$ref": "#/components/schemas/UserCardCompactResponsePublicDto" } ] } }, "required": [ "id", "requestedAt", "reviewDeadlineAt", "decision", "note", "status", "type", "requesterUser" ] }, "UserDocumentResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User document ID" }, "name": { "type": "string", "example": "Security Training", "description": "The name the file" }, "type": { "type": "string", "enum": [ "SEC_TRAINING", "PASSWORD_MANAGER_EVIDENCE", "AUTO_UPDATES_EVIDENCE", "HARD_DRIVE_ENCRYPTION_EVIDENCE", "ANTIVIRUS_EVIDENCE", "LOCK_SCREEN_EVIDENCE", "MFA_EVIDENCE", "HIPAA_TRAINING_EVIDENCE", "OFFBOARDING_EVIDENCE", "NIST_AI_TRAINING_EVIDENCE" ], "description": "The document type" }, "fileUrl": { "type": "string", "nullable": true, "example": "http://localhost:5000/download/documents/1", "description": "The secure URL to download the user document" }, "renewalDate": { "type": "string", "format": "date", "example": "2026-10-27", "description": "Document's renewal date, after which the document is no longer consider valid evidence" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User Document created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User Document updated date timestamp" } }, "required": [ "id", "name", "type", "fileUrl", "renewalDate", "createdAt", "updatedAt" ] }, "UserDocumentRequestPublicDto": { "type": "object", "properties": { "type": { "enum": [ "MFA_EVIDENCE", "SEC_TRAINING", "HIPAA_TRAINING_EVIDENCE", "OFFBOARDING_EVIDENCE" ], "type": "string", "example": "SEC_TRAINING", "description": "The user document type" }, "file": { "type": "string", "format": "binary", "description": "Accepted file extensions: .pdf, .docx, .odt, .doc, .xlsx, .ods, .pptx, .odp, .gif, .jpg, .jpeg, .png" }, "base64File": { "type": "string", "example": { "base64String": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABg", "filename": "excellent-filename" }, "description": "JSON string with external evidence in Base64 format." }, "completionDate": { "type": "string", "format": "date-time", "example": "2020-07-06", "description": "The date when the compliance was completed" } }, "required": [ "type" ] }, "UserAllDocumentsResponsePublicDto": { "type": "object", "properties": { "documents": { "description": "Full list of user documents", "type": "array", "items": { "$ref": "#/components/schemas/UserDocumentResponsePublicDto" } } }, "required": [ "documents" ] }, "UserResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User ID" }, "entryId": { "type": "string", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "User Entry ID" }, "email": { "type": "string", "example": "email@email.com", "description": "User email" }, "firstName": { "type": "string", "nullable": true, "example": "Sally", "description": "User first name" }, "lastName": { "type": "string", "nullable": true, "example": "Smith", "description": "User last name" }, "jobTitle": { "type": "string", "nullable": true, "example": "CEO", "description": "User job title" }, "avatarUrl": { "type": "string", "nullable": true, "example": "https://cdn-prod.imgpilot.com/avatar.png", "description": "User avatar URL" }, "drataTermsAgreedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User agreed to the Drata terms date timestamp" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User updated date timestamp" }, "roles": { "example": [ "ROLE", "ANOTHER_ROLE" ], "description": "User roles", "type": "array", "items": { "type": "string" } }, "backgroundChecks": { "nullable": true, "description": "The Background Checks array DTO", "type": "array", "items": { "$ref": "#/components/schemas/BackgroundCheckResponsePublicDto" } }, "identities": { "description": "User identities", "type": "array", "items": { "$ref": "#/components/schemas/UserIdentityResponsePublicDto" } }, "documents": { "description": "User documents", "type": "array", "items": { "$ref": "#/components/schemas/UserDocumentsResponsePublicDto" } } }, "required": [ "id", "entryId", "email", "createdAt", "updatedAt", "roles", "identities" ] }, "UserDocumentsResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/UserDocumentResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "UserIdentityResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User identity ID" }, "identityId": { "type": "string", "example": "1a2b3c", "description": "External service unique id" }, "username": { "type": "string", "example": "Username", "description": "External service username" }, "connectedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was linked to an application user" }, "disconnectedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was unlinked to an application user" }, "hasMfa": { "type": "boolean", "example": true, "description": "Indicates the external user MFA status" }, "user": { "description": "The linked system user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "connection": { "description": "ConnectionResponsePublicDto", "allOf": [ { "$ref": "#/components/schemas/ConnectionResponsePublicDto" } ] }, "hasIdp": { "type": "boolean", "example": true, "description": "Indicates if user is connected with Idp" }, "secondaryEmail": { "type": "string", "example": "johndoe@test.com", "description": "Secondary email for custom user identity" }, "firstName": { "type": "string", "example": "John", "description": "First name for custom user identity" }, "lastName": { "type": "string", "example": "Doe", "description": "Last name for custom user identity" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Start date from the user identity" }, "separatedAt": { "type": "string", "format": "date-time", "description": "Separation date from the user identity", "example": "2025-07-01T16:45:55.246Z" }, "isContractor": { "type": "boolean", "example": true, "description": "If `true`, this user identity is identified as a contractor user" }, "jobTitle": { "type": "string", "example": "Engineer", "description": "User identity job title" }, "managerId": { "type": "string", "example": "x00jk12-2312", "description": "User identity manager's id" }, "managerName": { "type": "string", "description": "User identity manager's name" } }, "required": [ "id", "identityId", "username", "connectedAt", "disconnectedAt", "hasMfa", "user", "connection", "hasIdp", "secondaryEmail", "firstName", "lastName", "startedAt", "separatedAt", "jobTitle", "managerId", "managerName" ] }, "ConnectionResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "1", "description": "The connection id" }, "clientType": { "type": "string", "example": "GOOGLE", "description": "The client type" }, "state": { "type": "string", "example": "ACTIVE", "description": "The state of the connection" }, "connected": { "type": "boolean", "example": false, "description": "Connection status" }, "connectedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this connection was successfully established" }, "failedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this connection failed" }, "companyId": { "type": "number", "example": "12341234", "description": "The associated external company id. Specific to the gusto connection" }, "assignmentId": { "type": "string", "example": "FLk12AsS", "description": "The associated external assignment id. Specific to the curricula connection" }, "user": { "description": "The user that established the connection", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "accountId": { "type": "string", "description": "The related account id to that connection" }, "clientId": { "type": "string", "example": "abc123", "description": "The client id from the external system associated to this connection" }, "clientAlias": { "type": "string", "example": "My-connection-alias-1", "description": "Alias for the connection" }, "manuallyUpdatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Connection manuallyUpdatedAts timestamp" }, "aliasUpdatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Connection alias updated-at timestamp for manually updated aliases" }, "deletedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Connection deletedAt timestamp" }, "requestorId": { "type": "number", "example": "328d3016-71f3-4485-af20-06ce8044da18", "description": "RequestorId value" }, "product": { "type": "object", "description": "product background check" }, "writeAccessEnabled": { "type": "boolean", "example": false, "description": "Write scope is enabled on the connection" }, "sourcePreference": { "type": "string", "example": "LABEL", "description": "User source preference for Jira" }, "securityLabel": { "type": "string", "example": "Jira Security Label", "description": "Used in Jira to categorize tickets as security issues." }, "jqlQuery": { "type": "string", "example": "project = IT AND type = \"Offboarding\"", "description": "Query used in Jira to categorize tickets" }, "authorized": { "type": "boolean", "example": true, "description": "account authorized flag for Checkr" }, "workspaces": { "example": [ { "id": 1, "name": "Drata", "description": "Platform to track SOC 2 compliance within the organization", "howItWorks": null, "url": "https://app.drata.com", "logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png", "primary": true } ], "description": "Workspaces related to the connection", "type": "array", "items": { "$ref": "#/components/schemas/WorkspaceResponsePublicDto" } }, "providerTypes": { "example": [ 5 ], "description": "Provider types associated with this connection", "type": "array", "items": { "$ref": "#/components/schemas/ConnectionProviderTypeResponsePublicDto" } }, "code": { "nullable": true, "enum": [ 10000, 10001, 10010, 10020, 10030, 10040, 10050, 10060, 10070, 10080, 10090, 10100, 10110, 10120, 10125, 10130, 10140, 10145, 10150, 10160, 10170, 10171, 10180, 10190, 10200, 10210, 10220, 10230, 10240, 10250, 10260, 10270, 10271, 10272, 10273, 10274, 10275, 10276, 10277, 10278, 10279, 10280, 10281, 10282, 10283, 10290, 10300, 10310, 10311, 10318, 10319, 10320, 10321, 10322, 10323, 10324, 10325, 10326, 10327, 10328, 10329, 10330, 10331, 10332, 10333, 10340, 10350, 10360, 10361, 10370, 10380, 10390, 10391, 10392, 10400, 10410, 10420, 10430, 10440, 10450, 10460, 10470, 10480, 10490, 10500, 10510, 10520, 10530, 10540, 10550, 10555, 10560, 10561, 10570, 10571, 10575, 10576, 10577, 10580, 10590, 10600, 10610, 10620, 10630, 10635, 10640, 10645, 10650, 10651, 10652, 10660, 10661, 10700, 10710, 10720, 10730, 10740, 10750, 10760, 10761, 10770, 10780, 10790, 10800, 10810, 10820, 10830, 10900, 10910, 10920, 10921, 10930, 10940, 10950, 10960, 10961, 10970, 10971, 10972, 10973, 10974, 10975, 10976, 10980, 10990, 11000, 11010, 11020, 11030, 11031, 11032, 11040, 11041, 11050, 11060, 11061, 11070, 11071, 11072, 11080, 11082, 11083, 11084, 11085, 11086, 11087, 11092, 12000, 12010, 12020, 12021, 12022, 12023, 12024, 12030, 12040, 12050, 12060, 12070, 12071, 12080, 12090, 12100, 12200, 12210, 12220, 12230, 12240, 12250, 12260, 12270, 12271, 12272, 12273, 12274, 12280, 12290, 12291, 12300, 12310, 12320, 12330, 12340, 12400, 12410, 12420, 12430, 12450, 12500, 12501, 13000, 13001, 13010, 13011, 13020, 13030, 13040, 13050, 13051, 13060, 13061, 13070, 13080, 13090, 13091, 13100, 13110, 13120, 13130, 13140, 13150, 13160, 13170, 13171, 13180, 13181, 13190, 13200, 13210, 13220, 13230, 13300, 13301, 13302, 13303, 14000, 13240, 14001, 14010, 14020, 14030, 14040, 14050, 14060, 14070, 14080, 14090, 14100, 14110, 14120, 14130, 14140, 14150, 14160, 14161, 14162, 14170, 14180, 14190, 14200, 14210, 14212, 14213, 14220, 14230, 14240, 14250, 14260, 14270, 14271, 14280, 15002, 15003, 15004, 15005, 15007, 15008, 1509, 15010, 15011, 15012, 15013, 15014, 15015, 15040, 15041, 15042, 15043, 15044, 15045, 15046, 15047, 15048, 15049, 15050, 15051, 15052, 15053, 15054, 15055, 15056, 15057, 15058, 15060, 15061, 16000, 16010, 16011, 16020, 16021, 16030, 17001, 17002, 17003, 17004, 17005, 17006, 17007, 17008, 17009, 17010, 17011, 17012, 17013, 17014, 17015, 17100, 17101, 17102, 17103, 17104, 17105, 17106, 17107, 17108, 17109, 18000, 18001, 18002, 18003, 18004, 19000, 19001, 20000, 20001, 20002, 20010, 20011, 20012, 21001, 21002, 21003, 21004, 21005, 21006, 21007, 21008, 21009, 21010, 21011, 21012, 21013, 21014, 21015, 21016, 21017, 21018, 21019, 22000, 22001, 22002, 22003, 22004, 22005, 22006, 22010, 22015, 22016, 22017, 22020, 22030, 22040, 22041, 22042, 22990, 22991, 23000, 23001, 23002, 23010, 23020, 23030, 23040, 23041, 23042, 23050, 23060, 23070, 23080, 25001, 25050, 25051, 25002, 25003, 25004, 25005, 25006, 25007, 25008, 25009, 25010, 25011, 25012, 25020, 25021, 25022, 25023, 25030, 25060, 25070, 25080, 25090, 25100, 25110, 25120, 25130, 25140, 25150, 25160, 25170, 25180, 25190, 25200, 25210, 25220, 25230, 25240, 25250, 25260, 25270, 25280, 25290, 25300, 25310, 25311, 25312, 25320, 25330, 25340, 25350, 25360, 25370, 25380, 25390, 25400, 26410, 26420, 26440, 25420, 25430, 25440, 25450, 25460, 27000, 25500, 26430, 27001, 27002, 27010, 27020, 27021, 27030, 27040, 27050, 27060, 27070, 27071, 27080, 27081, 27090, 28000, 28010, 28020, 28021, 28022, 28023, 28024, 28025, 28026, 28027, 28028, 28029, 28032, 28033, 28034, 28030, 28031, 28050, 28100, 28110, 28200, 28300, 28310, 28320, 28330, 28340, 28350, 28360, 28370, 28380, 28390, 28400, 28460, 28470, 28480, 28490, 28500, 28510, 28520, 28530, 28540, 28541, 285422, 28543, 28544, 28550, 28560, 28570, 28580, 28590, 29000, 29010, 29040, 29050, 29060, 29070, 29080, 29090, 29100, 30000, 30001, 30002, 30003, 30004, 30010, 30011, 30012, 30013, 30014, 30015, 30020, 30021, 30022, 30023 ], "type": "number", "example": 10010, "description": "ErrorCode" }, "groupLabel": { "type": "string", "nullable": true, "example": "Everyone", "description": "Used by some IDPs to only sync users from a specific group" } }, "required": [ "id", "clientType", "state", "connected", "connectedAt", "failedAt", "companyId", "assignmentId", "user", "accountId", "clientId", "clientAlias", "manuallyUpdatedAt", "aliasUpdatedAt", "deletedAt", "requestorId", "product", "writeAccessEnabled", "sourcePreference", "securityLabel", "jqlQuery", "authorized", "workspaces", "code", "groupLabel" ] }, "ConnectionProviderTypeResponsePublicDto": { "type": "object", "properties": { "value": { "type": "string", "example": "MDM", "description": "The provider type" }, "isEnabled": { "type": "boolean", "example": true, "description": "Provider type status" } }, "required": [ "value", "isEnabled" ] }, "WorkspaceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Product ID" }, "name": { "type": "string", "example": "Drata Automation", "description": "Product name" }, "description": { "type": "string", "example": "Drata automates SOC 2 compliance", "description": "Product description" }, "howItWorks": { "type": "string", "example": "Connect your systems to the Drata Autopilot system and sit back and relax!", "description": "How does the Product Work?" }, "url": { "type": "string", "example": "https://drata.com", "description": "Product URL" }, "logo": { "type": "string", "example": "https://cdn-prod.imgpilot.com/logo.png", "description": "Product Logo URL" }, "primary": { "type": "boolean", "example": false, "description": "Primary Product" }, "frameworks": { "example": "FrameworkResponseDto[]", "description": "Frameworks associated to the product.", "type": "array", "items": { "$ref": "#/components/schemas/FrameworkResponsePublicDto" } } }, "required": [ "id", "name", "description", "howItWorks", "url", "logo", "primary" ] }, "FrameworkResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "123", "description": "Framework id" }, "name": { "type": "string", "example": "SOC2", "description": "Framework name" }, "hasLevel": { "type": "boolean", "example": true, "description": "Does the framework have a level" }, "levelLabel": { "type": "string", "nullable": true, "example": true, "description": "What is the framework level" }, "selectedLevel": { "type": "string", "nullable": true, "example": "42", "description": "id of the level tag" }, "privacy": { "type": "boolean", "nullable": true, "example": true, "description": "privacy flag for NIST80053" }, "description": { "type": "string", "example": "Report on controls at a Service Organization", "description": "Framework description" }, "longDescription": { "type": "string", "description": "A longer description describing the framework in detail" }, "slug": { "type": "string", "example": "soc2-slug", "description": "Framework Slug used to identify the framework" }, "tag": { "type": "string", "example": "SOC2", "description": "A tag representing the framework" }, "label": { "type": "string", "example": "SOC 2", "description": "A pill name representing the framework" }, "totalInScopeControls": { "type": "number", "example": "42", "description": "The number of associated Drata controls" }, "numInScopeRequirements": { "type": "number", "example": "42", "description": "The number of associated Drata requirements that are in scope" }, "numReadyInScopeRequirements": { "type": "number", "example": "42", "description": "The number of associated Drata requirements that are \"ready\"" }, "enabledAt": { "type": "string", "nullable": true, "format": "date-time", "example": true, "description": "State of the framework for the tenant" }, "frameworkEnabled": { "type": "boolean", "example": true, "description": "State of the framework for the tenant" }, "controlsEnabled": { "type": "boolean", "example": true, "description": "State of the controls for this framework for the tenant" }, "color": { "type": "string", "example": "#174880", "description": "The font color assigned for this framework" }, "bgColor": { "type": "string", "example": "#174880", "description": "The background color assigned for this framework" }, "activeLogo": { "type": "string", "nullable": true, "example": "https://drata.com", "description": "The URL of the active logo" }, "inactiveLogo": { "type": "string", "nullable": true, "example": "https://drata.com", "description": "The URL of the inactive logo" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Account created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Account updated date timestamp" }, "isReady": { "type": "boolean", "example": true, "description": "Is the framework ready" }, "productFrameworkEnabled": { "type": "boolean", "example": true, "description": "State of the framework for the product" }, "customFrameworkId": { "type": "string", "example": "123e4567-e89b-12d3-a456-426614174000", "description": "Custom framework id" }, "type": { "type": "string", "enum": [ "SOC_2_TYPE_1", "SOC_2_TYPE_2", "ISO_27001", "HIPAA", "PCI", "GDPR", "SCF", "NIST80053", "NISTCSF", "CMMC", "NIST800171", "MSSSPA", "FFIEC", "CCPA", "ISO_27701", "COBIT", "SOX_ITGC", "ISO_27001_2022", "CCM", "CYBER_ESSENTIALS", "ISO_27017_2015", "ISO_27018_2019", "NISTAI", "PCI4", "FEDRAMP", "NISTCSF2", "NIS2", "DORA", "ISO_42001_2023", "DRATA_ESSENTIALS", "NIST800171R3", "CIS8", "CYBER_ESSENTIALS_32", "FEDRAMP20X", "HITRUST", "MSSSPA11", "ESSENTIAL_EIGHT", "NYDFS", "TISAX", "ISO_27018_2025", "CCPA2026", "ISO_27701_2025", "CPS230", "CUSTOM" ], "example": "CUSTOM", "description": "The type of the auditor framework" } }, "required": [ "id", "name", "hasLevel", "levelLabel", "selectedLevel", "privacy", "description", "longDescription", "slug", "tag", "label", "totalInScopeControls", "numInScopeRequirements", "numReadyInScopeRequirements", "enabledAt", "frameworkEnabled", "controlsEnabled", "color", "bgColor", "activeLogo", "inactiveLogo", "createdAt", "updatedAt", "isReady" ] }, "BackgroundCheckResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "The Background Check Id" }, "userId": { "type": "number", "example": 1, "description": "The user ID" }, "status": { "type": "string", "example": "OK", "description": "The status of the KarmaCheck case" }, "caseId": { "type": "string", "example": "abc123", "description": "The case ID of the KarmaCheck background check" }, "caseInvitationId": { "type": "string", "example": "abc123", "description": "The case invitation ID of the KarmaCheck background check" }, "url": { "type": "string", "example": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "The URL of the background check" }, "manualCheckDate": { "type": "string", "example": "2020-07-06", "description": "The date this background check was manually uploaded" }, "manuallyCheckUrl": { "type": "string", "example": "url.com", "description": "The url of manual background check" }, "type": { "type": "string", "example": "CERTN", "description": "The background check type" }, "source": { "type": "string", "example": "DRATA", "description": "The background check source" }, "reportData": { "type": "string", "description": "The background check report data" }, "user": { "description": "The related background check user", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "outOfScopeReason": { "type": "string", "example": "abc123", "description": "the reason it was marked out of scope" }, "outOfScopeAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "when it was marked out of scope date timestamp" }, "invitationEmail": { "type": "string", "example": "email@email.com", "description": "Invitation email" }, "linkedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Report linked to a user date timestamp" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Report created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Report updated date timestamp" } }, "required": [ "id", "userId", "status", "caseId", "caseInvitationId", "url", "manualCheckDate", "manuallyCheckUrl", "type", "source", "reportData", "user", "outOfScopeReason", "outOfScopeAt", "invitationEmail", "linkedAt", "createdAt", "updatedAt" ] }, "UsersResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/UserResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "UserPolicyVersionsResponsePublicDto": { "type": "object", "properties": { "userPolicyVersions": { "description": "The set of current policy versions for a target user", "type": "array", "items": { "$ref": "#/components/schemas/UserPolicyVersionResponsePublicDto" } } }, "required": [ "userPolicyVersions" ] }, "UserPolicyVersionResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User policy version ID" }, "acceptedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User policy version accepted at date timestamp" }, "policyVersion": { "description": "The associated policy version", "allOf": [ { "$ref": "#/components/schemas/PolicyVersionResponsePublicDto" } ] }, "policy": { "description": "The policy associated to the policy version (de-normalized)", "allOf": [ { "$ref": "#/components/schemas/PolicyResponsePublicDto" } ] } }, "required": [ "id", "policyVersion", "policy" ] }, "PolicyResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Policy ID" }, "templateId": { "type": "number", "nullable": true, "example": 1, "description": "The template id used to create this policy, null for custom policies" }, "name": { "type": "string", "example": "Acceptable Use Policy", "description": "The policy name" }, "currentDescription": { "type": "string", "example": "This policy defines how you do XYZ", "description": "The current version's policy description" }, "htmlLastUpdated": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time the html was saved to the DB" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Policy created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Policy last updated date timestamp" }, "currentOwner": { "description": "The user that is assigned as the owner of this policy", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "versions": { "example": "PolicyVersionResponsePublicDto[]", "description": "The versions of the policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyVersionResponsePublicDto" } }, "policyWeekTimeFrameSLAs": { "example": "PolicyWeekTimeFrameSLAResponsePublicDto[]", "description": "The set of policy week timeframe SLAs for this policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyWeekTimeFrameSLAResponsePublicDto" } }, "policyGracePeriodSLAs": { "example": "PolicyGracePeriodSLAResponsePublicDto[]", "description": "The set of policy grace period SLAs for this policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyGracePeriodSLAResponsePublicDto" } }, "policyP3MatrixSLAs": { "example": "PolicyP3MatrixSLAResponsePublicDto[]", "description": "The set of policy week timeframe SLAs for this policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyP3MatrixSLAResponsePublicDto" } }, "groups": { "description": "The identity groups assigned to the policy", "type": "array", "items": { "$ref": "#/components/schemas/GroupResponsePublicDto" } }, "assignedTo": { "type": "string", "example": "ALL", "description": "The type of policy scope" }, "notifyGroups": { "type": "boolean", "example": false, "description": "Indicates if a notification to a group is send on the policy" }, "reminders": { "example": "ReminderResponsePublicDto[]", "description": "The set of incomplete reminders for this policy", "type": "array", "items": { "$ref": "#/components/schemas/ReminderResponsePublicDto" } }, "policyStatus": { "type": "string", "example": "ACTIVE", "description": "The current status of the policy (ACTIVE, ARCHIVED, REPLACED)" } }, "required": [ "id", "templateId", "name", "currentDescription", "htmlLastUpdated", "createdAt", "updatedAt", "currentOwner", "versions", "groups", "assignedTo", "notifyGroups", "reminders", "policyStatus" ] }, "ReminderResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Reminder ID" }, "completedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date of reminder completion" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Reminder created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Reminder updated date timestamp" }, "deletedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Reminder deleted date timestamp" } }, "required": [ "id", "completedAt", "createdAt", "updatedAt", "deletedAt" ] }, "GroupResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Group ID" }, "name": { "type": "string", "example": "Operations", "description": "The group name" }, "description": { "type": "string", "example": "This is an example", "description": "The group description" }, "email": { "type": "string", "example": "email@email.com", "description": "Owner email" }, "externalId": { "type": "string", "example": "23kemoi23em", "description": "External ID" }, "source": { "type": "string", "example": "GOOGLE", "description": "The string enum source. DEPRECATED: This field will be removed in a future release.", "deprecated": true }, "domain": { "type": "string", "example": "email.com", "description": "Domain of the group" }, "type": { "type": "string", "example": "GROUP", "description": "Group type" }, "orgUnitPath": { "type": "string", "example": "asdas/qweqwe/asdasd", "description": "Org unit path" }, "membersCount": { "type": "number", "example": 10, "description": "Members count" } }, "required": [ "id", "name", "description", "email", "externalId", "source", "domain", "type", "orgUnitPath", "membersCount" ] }, "PolicyP3MatrixSLAResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "SLA Id" }, "label": { "type": "string", "example": "Policy SLA", "description": "The label for this SLA" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "SLA created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "SLA updated date timestamp" } }, "required": [ "id", "label", "createdAt", "updatedAt" ] }, "PolicyGracePeriodSLAResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "SLA Id" }, "label": { "type": "string", "example": "Policy SLA", "description": "The label for this SLA" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "SLA created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "SLA updated date timestamp" } }, "required": [ "id", "label", "createdAt", "updatedAt" ] }, "PolicyWeekTimeFrameSLAResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "SLA Id" }, "label": { "type": "string", "example": "Policy SLA", "description": "The label for this SLA" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "SLA created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "SLA updated date timestamp" } }, "required": [ "id", "label", "createdAt", "updatedAt" ] }, "PolicyVersionResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Policy version ID" }, "version": { "type": "number", "example": 1, "description": "The policy version" }, "minorVersion": { "type": "number", "example": 1, "description": "The policy minor version (same as sub version)" }, "subVersion": { "type": "number", "example": 1, "description": "The policy sub version" }, "current": { "type": "boolean", "example": true, "description": "Is this the current policy (last uploaded/created)" }, "type": { "type": "string", "example": "UPLOADED", "description": "The policy version type" }, "fileUrl": { "type": "string", "nullable": true, "example": "http://localhost:5000/download/policies/1", "description": "The secure URL to the policy version" }, "docViewer": { "type": "string", "example": "NATIVE", "description": "The type of document viewer to use" }, "description": { "type": "string", "nullable": true, "example": "This policy defines how you do XYZ", "description": "The policy version description" }, "html": { "type": "string", "nullable": true, "example": "Text", "description": "The policy version description html" }, "weekTimeFrameSLAs": { "example": "WeekTimeFrameSLAResponsePublicDto[]", "description": "The set of week timeframe SLA values for this policy version", "type": "array", "items": { "$ref": "#/components/schemas/WeekTimeFrameSLAResponsePublicDto" } }, "p3MatrixSLAs": { "example": "P3MatrixSLAsResponsePublicDto[]", "description": "The set of P3 Matrix SLA values for this policy", "type": "array", "items": { "$ref": "#/components/schemas/P3MatrixSLAResponsePublicDto" } }, "gracePeriodSLAs": { "example": "GracePeriodSLAResponsePublicDto[]", "description": "The set of grace period SLA values for this policy version", "type": "array", "items": { "$ref": "#/components/schemas/GracePeriodSLAResponsePublicDto" } }, "renewalDate": { "type": "string", "example": "2025-07-01T16:45:55.246Z", "description": "Policy renewal date" }, "approvedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date and time when the policy version was approved" }, "publishedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date and time when the policy version was published" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date and time when the policy version was created" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date and time when the policy version was updated" }, "htmlLastUpdated": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date and time when the policy version html was updated" }, "owner": { "nullable": true, "description": "The user that is assigned as the owner of this policy", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "changesExplanation": { "type": "string", "nullable": true, "example": "- This is what changes in the new version. - And this is another change.", "description": "The description of the changes done in the update" }, "changeSummary": { "type": "string", "nullable": true, "example": "Updated section 3.2 to reflect new access control requirements.", "description": "A brief summary of the changes made in this policy version" }, "originalFileName": { "type": "string", "nullable": true, "example": "- AcceptancePolicy.pdf", "description": "- the original name of the file" }, "externalProvider": { "type": "string", "nullable": true, "example": "CONFLUENCE", "description": "the external poicy provider of the current version", "enum": [ "GOOGLE", "OKTA", "MICROSOFT_365", "AWS", "GCP", "AZURE", "HEROKU", "GITHUB", "GITLAB", "BITBUCKET", "SHORTCUT", "JIRA", "ASANA", "GUSTO", "KARMACHECK", "GITHUB_ISSUES", "RIPPLING", "CERTN", "MERGEDEV_ADP_WORKFORCE_NOW", "MERGEDEV_BAMBOO_HR", "MERGEDEV_HR_PARTNER", "MERGEDEV_HI_BOB", "MERGEDEV_HUMAANS", "MERGEDEV_PERSONIO", "MERGEDEV_SAGE", "DIGITAL_OCEAN", "MERGEDEV_KALLIDUS", "MERGEDEV_TRINET", "MERGEDEV_TRINET_HR", "MERGEDEV_FRESHTEAM", "MERGEDEV_SAP_SUCCESSFACTORS", "TRELLO", "GITLAB_ISSUES", "MERGEDEV_JUSTWORKS", "LINEAR", "PIVOTAL_TRACKER", "WORK_OS", "MERGEDEV_PAYLOCITY", "MONGO_DB_ATLAS", "TARGET_PROCESS", "CLICKUP", "CHECKR", "MERGEDEV_WORKDAY", "ZOHO", "CLOUDFLARE", "JAMF", "AZURE_BOARDS", "AZURE_REPOS", "MERGEDEV_HR_CLOUD", "INTUNE", "OKTA_IDENTITY", "GOODHIRE", "KANDJI", "AWS_CODECOMMIT", "FIBERY", "CURRICULA", "JUMPCLOUD", "HEXNODE_UEM", "RIPPLING_MDM", "AWS_ORG_UNITS", "KNOWBE4", "MERGEDEV_UKG_PRO", "MERGEDEV_UKG_READY", "DATADOG", "SLACK", "DOCUSIGN", "MICROSOFT_TEAMS", "AWS_INSPECTOR", "MERGEDEV_ONELOGIN", "MERGEDEV_JUMPCLOUD", "CONFLUENCE", "WORKSPACE_ONE", "NEW_RELIC", "MERGEDEV_SERVICENOW", "RAPID7", "MERGEDEV_AHA", "MERGEDEV_BASECAMP", "MERGEDEV_BITBUCKET", "MERGEDEV_FRESHDESK", "MERGEDEV_FRESHSERVICE", "MERGEDEV_HEIGHT", "MERGEDEV_HIVE", "MERGEDEV_TEAMWORK", "MERGEDEV_WRIKE", "MERGEDEV_ZENDESK", "CSV_IDP", "APIDECK", "AWS_GOV_CLOUD", "SENTINEL_ONE", "MERGEDEV_NAMELY", "MERGEDEV_INSPERITY_PREMIER", "MERGEDEV_DAYFORCE", "MERGEDEV_ALEXISHR", "MERGEDEV_BREATHE", "MERGEDEV_CHARLIE", "MERGEDEV_CHARTHOP", "MERGEDEV_DEEL", "MERGEDEV_FACTORIAL", "MERGEDEV_INTELLIHR", "MERGEDEV_KEKA", "MERGEDEV_LUCCA", "MERGEDEV_OFFICIENT", "MERGEDEV_PAYCHEX", "MERGEDEV_PEOPLE_HR", "MERGEDEV_OYSTERHR", "MERGEDEV_PAYCOR", "HUBSPOT", "ZOOM", "AUTH0", "SENTRY", "ZAPIER", "SNOWFLAKE", "MIRO", "MERGEDEV_EMPLOYMENT_HERO", "SEGMENT", "WIZ", "XERO", "GITHUB_CODE", "ATLASSIAN", "PAGER_DUTY", "STACKONE_SMARTRECRUITERS", "STACKONE_TEAMTAILOR", "CROWDSTRIKE", "GITHUB_ENTERPRISE", "NOTION", "STACKONE_KLAVIYO", "STACKONE_LASTPASS", "STACKONE_LEAPSOME", "STACKONE_LEVER", "STACKONE_ORACLEHCM", "STACKONE_PINPOINT", "STACKONE_PIPEDRIVE", "STACKONE_RECRUITEE", "STACKONE_WEBEX", "STACKONE_WORKABLE", "STACKONE_ZELT", "STACKONE_BITWARDEN", "STACKONE_SALESLOFT", "STACKONE_DIXA", "STACKONE_FRESHSALES", "STACKONE_CANVA", "STACKONE_GREENHOUSE", "STACKONE_ASHBY", "STACKONE_ATTIO", "STACKONE_CONTENTFUL", "COVERDASH", "MERGEDEV_FRONT", "SALESFORCE", "STACKONE_ELASTIC", "STACKONE_RENDER", "STACKONE_TERRAFORM", "STACKONE_DOMO", "STACKONE_ENVOY", "STACKONE_SCALEWAY", "STACKONE_JETBRAINS", "STACKONE_FIVETRAN", "STACKONE_INTERCOM", "STACKONE_AUTODESK", "GITHUB_ACTIONS", "AZURE_ORG_UNITS", "MICROSOFT_365_GCC_HIGH", "STACKONE_AIRCALL", "STACKONE_15FIVE", "STACKONE_ROLLBAR", "STACKONE_EGNYTE", "STACKONE_QLIK", "STACKONE_BULLHORN", "STACKONE_OPENVPN", "STACKONE_SOPHOS", "STACKONE_MEISTERTASK", "STACKONE_TALENTLMS", "STACKONE_ONEFLOW", "STACKONE_RING_CENTRAL", "STACKONE_ARTICULATE", "STACKONE_DIALPAD", "STACKONE_TABLEAU", "AZURE_DEVOPS", "STACKONE_1PASSWORD", "STACKONE_MIXPANEL", "STACKONE_SONARCLOUD", "STACKONE_TWILIO", "STACKONE_ANSIBLE", "STACKONE_LATTICE", "STACKONE_WEBFLOW", "STACKONE_LACEWORK", "STACKONE_DATABRICKS", "STACKONE_IFS", "STACKONE_TRAVISCI", "STACKONE_MATILLIONETL", "STACKONE_OPTIMIZELY", "UAR_CSV", "STERLING", "HIRERIGHT", "VETTY", "MERGEDEV_CYBERARK", "SALESFORCE_UAR", "GOOGLE_ADMIN_CONSOLE", "VERCEL", "STACKONE_DUO", "STACKONE_GONG", "STACKONE_IRONCLAD", "STACKONE_SCORO", "STACKONE_TEAMVIEWER_REMOTE", "STACKONE_SPOTDRAFT", "STACKONE_SPENDESK", "STACKONE_SENDGRID", "STACKONE_SMARTSHEET", "STACKONE_CHECKMK", "LEEN_TENABLE", "LEEN_QUALYS", "LEEN_SEMGREP", "LEEN_SNYK", "LEEN_CROWDSTRIKE_VMS", "LEEN_MS_DEFENDER_VMS", "LEEN_SENTINELONE_VMS", "GITLAB_ON_PREM", "CUSTOM", "LEEN_RAPID7_VMS", "BAMBOO_HR", "GITLAB_ISSUES_ON_PREM", "GITHUB_ISSUES_ENTERPRISE", "BITBUCKET_CODE", "LEEN_ARNICA", "STACKONE_NETLIFY", "STACKONE_OPENAI", "KOLIDE", "MERGEDEV_JIRA_DATA_CENTER", "MERGEDEV_PINGONE", "GOOGLE_ADMIN_CONSOLE_OAUTH", "GOOGLE_OAUTH", "STACKONE_ANTHROPIC", "INTUNE_GCC_HIGH", "STACKONE_DROPBOX", "STACKONE_DROPBOX_SIGN", "STACKONE_HARVEST", "STACKONE_KAMELEOON", "STACKONE_MAKE", "STACKONE_RETOOL", "STACKONE_TOGGL", "STACKONE_BOX", "MERGEDEV_ZOHO_PEOPLE", "MERGEDEV_ZOHO_DESK", "LEEN_WIZ_VMS", "LEEN_WIZ_CODE", "LEEN_AIKIDO", "MERGEDEV_LATTICE_HRIS", "MERGEDEV_DARWINBOX", "MERGEDEV_PAYCOM", "AZURE_GCC_HIGH", "AZURE_MG_GCC_HIGH", "STACKONE_EASY_LLAMA", "MERGEDEV_LEAPSOME", "CUSTOM_XFA", "LEEN_MS_DEFENDER_VMS_GCC_HIGH", "STACKONE_CORNERSTONE", "STACKONE_DOCEBO", "STACKONE_GO1", "STACKONE_LINKEDIN_LEARNING", "STACKONE_SAP_LEARNING", "STACKONE_WORKDAY_LEARNING", "STACKONE_360LEARNING", "STACKONE_BRAINIER", "STACKONE_COURSERA", "STACKONE_XYLEME", "STACKONE_INFOSEC", "STACKONE_PEOPLE_FLUENT", "STACKONE_UDEMY", "AIKIDO", "AZURE_ENTRA_ID", "GOOGLE_CLOUD_IDENTITY", "HYPERCOMPLY", "INTRUDER", "IRIS_AI", "JIT", "TINES", "TORQ", "TRAY", "SWIF", "LEEN_ORCA_SECURITY", "ZIP", "CUSTOM_MDM", "LEEN_UPWIND", "WORK_OS_SCIM", "LEEN_GITLAB_VMS", "NINJAONE_MDM", "FIELDGUIDE", "OKTA_OAUTH", "IRONCLAD_VENDOR", "CUSTOM_HRIS" ] }, "composedVersion": { "type": "number", "example": 1.1, "description": "The composed version (version + subversion)" }, "status": { "nullable": true, "enum": [ "NEEDS_APPROVAL", "APPROVED", "PUBLISHED", "DRAFT", "DISCARDED" ], "type": "string", "example": "DRAFT", "description": "The policy version status (same as policyVersionStatus)." }, "policyVersionStatus": { "nullable": true, "enum": [ "NEEDS_APPROVAL", "APPROVED", "PUBLISHED", "DRAFT", "DISCARDED" ], "type": "string", "example": "NEEDS_APPROVAL", "description": "The current status of the policy version (NEEDS_APPROVAL, APPROVED, PUBLISHED, DRAFT, DELETED)" }, "approver": { "nullable": true, "description": "The user who approved this policy", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "hasExpiredRenewalDate": { "type": "boolean", "example": true, "description": "Indicates if the renewal date has expired" } }, "required": [ "id", "version", "minorVersion", "subVersion", "current", "type", "fileUrl", "docViewer", "description", "html", "renewalDate", "createdAt", "updatedAt", "owner", "changesExplanation", "changeSummary", "originalFileName", "externalProvider", "composedVersion", "status", "policyVersionStatus", "approver", "hasExpiredRenewalDate" ] }, "GracePeriodSLAResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Grace period SLA ID" }, "policyGracePeriodSLAId": { "type": "number", "example": 1, "description": "The corresponding policy grace period SLA ID this value is for" }, "gracePeriod": { "type": "string", "example": "SEVEN_DAYS", "description": "The grace period value" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Updated date timestamp" } }, "required": [ "id", "policyGracePeriodSLAId", "gracePeriod", "createdAt", "updatedAt" ] }, "P3MatrixSLAResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Week time frame SLA ID" }, "policyP3MatrixSLAId": { "type": "number", "example": 1, "description": "The corresponding P3 matrix SLA ID this value is for" }, "definition": { "type": "string", "example": "Vulnerabilities that cause a privilege escalation on the platform from unprivileged...", "description": "The description for this matrix item" }, "severity": { "type": "string", "example": "LOW", "description": "The severity level" }, "timeFrame": { "type": "string", "example": "ONE_DAY", "description": "The time frame value" }, "examples": { "type": "string", "example": "Vulnerabilities that result in compromising the system such as Sql injection...", "description": "Examples of when this SLA is relevant" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Updated date timestamp" } }, "required": [ "id", "policyP3MatrixSLAId", "definition", "severity", "timeFrame", "examples", "createdAt", "updatedAt" ] }, "WeekTimeFrameSLAResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Week time frame SLA ID" }, "policyWeekTimeFrameSLAId": { "type": "number", "example": 1, "description": "The corresponding policy week time frame SLA ID this value is for" }, "timeFrame": { "type": "string", "example": "ONE_DAY", "description": "The week time frame value" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Updated date timestamp" } }, "required": [ "id", "policyWeekTimeFrameSLAId", "timeFrame", "createdAt", "updatedAt" ] }, "UserIdentityVersionControlServiceStatusRequestPublicDto": { "type": "object", "properties": { "serviceAccount": { "type": "boolean", "example": true, "description": "Determines service account state" }, "serviceAccountReason": { "type": "string", "maxLength": 30000, "example": "This account is used to deploy", "description": "Reason why this account is being marked as a service account" } }, "required": [ "serviceAccount", "serviceAccountReason" ] }, "UserIdentityVersionControlToggleRequestPublicDto": { "type": "object", "properties": { "toggle": { "type": "boolean", "example": true, "description": "Toggle value for the setting" }, "toggleField": { "enum": [ "VERSION_CONTROL_WRITE_ACCESS", "VERSION_CONTROL_PUSH_PROD_CODE_ACCESS" ], "type": "string", "example": "VERSION_CONTROL_WRITE_ACCESS", "description": "The target toggle to update" } }, "required": [ "toggle" ] }, "UserIdentityVersionControlResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User identity ID" }, "identityId": { "type": "string", "example": "1a2b3c", "description": "External service unique id" }, "username": { "type": "string", "example": "Username", "description": "External service username" }, "email": { "type": "string", "example": "email@email.com", "description": "External service email" }, "connectedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was linked to an application user" }, "disconnectedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was unlinked to an application user" }, "serviceAccount": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was marked a service account" }, "serviceAccountReason": { "type": "string", "example": "This user is used to deploy code", "description": "Description of why this was marked as a service account" }, "user": { "description": "The linked system user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "serviceAccountDesignator": { "description": "The service account designator user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "hasMfa": { "type": "boolean", "example": true, "description": "Indicates the external user MFA status" }, "connection": { "description": "ConnectionResponsePublicDto", "allOf": [ { "$ref": "#/components/schemas/ConnectionResponsePublicDto" } ] }, "lastCheckedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The last time the user identity was last checked by the syncing service" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "updated date timestamp" }, "writeAccess": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Indicates external user write access ability" }, "pushProductionCodeAccess": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Indicates external user production code access ability" } }, "required": [ "id", "identityId", "username", "email", "connectedAt", "disconnectedAt", "serviceAccount", "serviceAccountReason", "user", "serviceAccountDesignator", "hasMfa", "connection", "lastCheckedAt", "createdAt", "updatedAt", "writeAccess", "pushProductionCodeAccess" ] }, "UserIdentityVersionControlConnectRequestPublicDto": { "type": "object", "properties": { "userId": { "type": "number", "nullable": true, "example": 1, "description": "The desired user id to link or null to unlink" } }, "required": [ "userId" ] }, "UserIdentitiesVersionControlResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/UserIdentityVersionControlResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "UserIdentityInfrastructureServiceStatusRequestPublicDto": { "type": "object", "properties": { "serviceAccount": { "type": "boolean", "example": true, "description": "Determines service account state" }, "serviceAccountReason": { "type": "string", "maxLength": 30000, "example": "This account is used to deploy", "description": "Reason why this account is being marked as a service account" } }, "required": [ "serviceAccount", "serviceAccountReason" ] }, "UserIdentityInfrastructureToggleRequestPublicDto": { "type": "object", "properties": { "toggle": { "type": "boolean", "example": true, "description": "Toggle value for the setting" }, "toggleField": { "enum": [ "INFRASTRUCTURE_ADMIN_ACCESS", "INFRASTRUCTURE_DB_ACCESS" ], "type": "string", "example": "INFRASTRUCTURE_ADMIN_ACCESS", "description": "The toggle field type to update" } }, "required": [ "toggle" ] }, "UserIdentityInfrastructureResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User identity ID" }, "identityId": { "type": "string", "example": "1a2b3c", "description": "External service unique id" }, "username": { "type": "string", "example": "Username", "description": "External service username" }, "email": { "type": "string", "example": "email@email.com", "description": "External service email" }, "connectedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was linked to an application user" }, "disconnectedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was unlinked to an application user" }, "serviceAccount": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this external user was marked a service account" }, "serviceAccountReason": { "type": "string", "example": "This user is used to deploy code", "description": "Description of why this was marked as a service account" }, "user": { "description": "The linked system user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "serviceAccountDesignator": { "description": "The service account designator user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "hasMfa": { "type": "boolean", "example": true, "description": "Indicates the external user MFA status" }, "connection": { "description": "ConnectionResponsePublicDto", "allOf": [ { "$ref": "#/components/schemas/ConnectionResponsePublicDto" } ] }, "lastCheckedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The last time the user identity was last checked by the syncing service" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "updated date timestamp" }, "adminAccess": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Indicates external user admin access ability" }, "dbAccess": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Indicates external user production database access ability" } }, "required": [ "id", "identityId", "username", "email", "connectedAt", "disconnectedAt", "serviceAccount", "serviceAccountReason", "user", "serviceAccountDesignator", "hasMfa", "connection", "lastCheckedAt", "createdAt", "updatedAt", "adminAccess", "dbAccess" ] }, "UserIdentityInfrastructureConnectRequestPublicDto": { "type": "object", "properties": { "userId": { "type": "number", "nullable": true, "example": 1, "description": "The desired user id to link or null to unlink" } }, "required": [ "userId" ] }, "UserIdentitiesInfrastructureResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/UserIdentityInfrastructureResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "PolicyAssociatedControlsResponsePublicDto": { "type": "object", "properties": { "controls": { "description": "Controls mapped to this policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyControlSummaryResponsePublicDto" } } }, "required": [ "controls" ] }, "PolicyControlSummaryResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "description": "Control ID", "example": 2 }, "code": { "type": "string", "description": "Control code", "example": "DCF-12" }, "name": { "type": "string", "description": "Name of the control", "example": "Privacy Policy" }, "description": { "type": "string", "description": "The description of the control", "example": "Drata authorizes access to information resources, including data..." }, "isReady": { "type": "boolean", "description": "Is control ready?", "example": true } }, "required": [ "id", "code", "name", "description", "isReady" ] }, "UserSignedUrlResponsePublicDto": { "type": "object", "properties": { "signedUrl": { "type": "string", "example": "https://somedomain.com/filename.pdf?Signature=ABC123", "description": "The short lived signed URL to link directly to the private file" } }, "required": [ "signedUrl" ] }, "PolicyWithReplaceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Policy ID" }, "templateId": { "type": "number", "nullable": true, "example": 1, "description": "The template id used to create this policy, null for custom policies" }, "name": { "type": "string", "example": "Acceptable Use Policy", "description": "The policy name" }, "currentDescription": { "type": "string", "example": "This policy defines how you do XYZ", "description": "The current version's policy description" }, "htmlLastUpdated": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time the html was saved to the DB" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Policy created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Policy last updated date timestamp" }, "currentOwner": { "description": "The user that is assigned as the owner of this policy", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "policyWeekTimeFrameSLAs": { "description": "The set of policy week timeframe SLAs for this policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyWeekTimeFrameSLAResponsePublicDto" } }, "policyGracePeriodSLAs": { "description": "The set of policy grace period SLAs for this policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyGracePeriodSLAResponsePublicDto" } }, "policyP3MatrixSLAs": { "description": "The set of policy week timeframe SLAs for this policy", "type": "array", "items": { "$ref": "#/components/schemas/PolicyP3MatrixSLAResponsePublicDto" } }, "groups": { "description": "The identity groups assigned to the policy", "type": "array", "items": { "$ref": "#/components/schemas/GroupResponsePublicDto" } }, "assignedTo": { "type": "string", "example": "ALL", "enum": [ "ALL", "GROUP", "NONE" ], "description": "The type of policy scope" }, "notifyGroups": { "type": "boolean", "example": false, "description": "Indicates if a notification to a group is send on the policy" }, "reminders": { "description": "The set of incomplete reminders for this policy", "type": "array", "items": { "$ref": "#/components/schemas/ReminderResponsePublicDto" } }, "policyStatus": { "type": "string", "example": "ACTIVE", "enum": [ "ACTIVE", "ARCHIVED", "REPLACED", "UNACCEPTABLE", "OUTDATED" ], "description": "The current status of the policy (ACTIVE, ARCHIVED, REPLACED)" }, "replacedPolicies": { "description": "The Template policies that this current policy is replacing, if applies", "type": "array", "items": { "$ref": "#/components/schemas/ReplacedPolicyResponsePublicDto" } }, "replacedBy": { "type": "string", "example": "My Custom Policy 1", "description": "The name of the custom policy that replaces this policy, if applies" }, "renewalDate": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Policy without version's renewal date" }, "disclaimer": { "type": "string", "example": "This is a legal disclaimer", "description": "Policy's legal disclaimer" }, "latestPolicyVersion": { "nullable": true, "example": { "id": 1, "version": 1, "current": false, "type": "UPLOADED", "status": "NEEDS_APPROVAL" }, "description": "Latest policy version ", "allOf": [ { "$ref": "#/components/schemas/PolicyVersionResponsePublicDto" } ] }, "currentPublishedPolicyVersion": { "nullable": true, "example": { "id": 1, "version": 1, "subversion": 0 }, "description": "Current published policy version ", "allOf": [ { "$ref": "#/components/schemas/CurrentPublishedPolicyVersionResponsePublicDto" } ] } }, "required": [ "id", "templateId", "name", "currentDescription", "htmlLastUpdated", "createdAt", "updatedAt", "currentOwner", "groups", "assignedTo", "notifyGroups", "reminders", "policyStatus", "replacedPolicies", "renewalDate" ] }, "CurrentPublishedPolicyVersionResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Current published policy version id" }, "version": { "type": "number", "example": 1, "description": "Current published policy version number" }, "subVersion": { "type": "number", "example": 1, "description": "Current published policy version subversion number" }, "changeSummary": { "type": "string", "nullable": true, "example": "Updated section 3.2 to reflect new access control requirements.", "description": "A brief summary of the changes made in this policy version" } }, "required": [ "id", "version", "subVersion", "changeSummary" ] }, "ReplacedPolicyResponsePublicDto": { "type": "object", "properties": { "templateId": { "type": "number", "example": 1, "description": "The template id" }, "name": { "type": "string", "example": "Acceptable Use Policy", "description": "The template name" } }, "required": [ "templateId", "name" ] }, "PoliciesResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/PolicySummarizedResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "PolicySummarizedResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "The policy ID" }, "currentVersionId": { "type": "number", "nullable": true, "example": 1, "description": "The current policy version ID" }, "name": { "type": "string", "example": "Acceptable Use Policy", "description": "The policy name" }, "version": { "type": "string", "nullable": true, "example": "1", "description": "The policy version" }, "minorVersion": { "type": "string", "nullable": true, "example": "1", "description": "The policy minor version" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Policy created date timestamp" }, "approvedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Policy version approved at date timestamp" }, "renewalDate": { "type": "string", "nullable": true, "example": "2025-07-01T16:45:55.246Z", "description": "Policy without version's renewal date" }, "hasSla": { "type": "string", "example": "Yes", "description": "Policy has SLA? Yes | No" }, "currentOwner": { "nullable": true, "description": "The user that is assigned as the owner of this policy", "allOf": [ { "$ref": "#/components/schemas/PolicyOwnerResponsePublicDto" } ] }, "groups": { "description": "The identity groups assigned to the policy", "type": "array", "items": { "$ref": "#/components/schemas/GroupResponsePublicDto" } }, "htmlLastUpdated": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time the html was saved to the DB" }, "status": { "type": "string", "nullable": true, "example": "APPROVED", "description": "Current policy version status" }, "publishedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Current policy version published at date" }, "changeSummary": { "type": "string", "nullable": true, "example": "Updated section 3.2 to reflect new access control requirements.", "description": "A brief summary of the changes made in this policy version" } }, "required": [ "id", "currentVersionId", "name", "version", "minorVersion", "createdAt", "approvedAt", "renewalDate", "hasSla", "currentOwner", "groups", "htmlLastUpdated", "status", "publishedAt", "changeSummary" ] }, "PolicyOwnerResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User ID" }, "email": { "type": "string", "example": "email@email.com", "description": "User email" }, "firstName": { "type": "string", "nullable": true, "example": "Sally", "description": "User first name" }, "lastName": { "type": "string", "nullable": true, "example": "Smith", "description": "User last name" }, "avatarUrl": { "type": "string", "nullable": true, "example": "https://cdn-prod.imgpilot.com/avatar.png", "description": "User avatar URL" } }, "required": [ "id", "email" ] }, "PersonnelResetStatusRequestPublicDto": { "type": "object", "properties": { "personnelIds": { "example": [ 1, 2, 3 ], "description": "List of personnel ids", "type": "array", "items": { "type": "number" } } } }, "PersonnelStatusRequestPublicDto": { "type": "object", "properties": { "employmentStatus": { "enum": [ "CURRENT_EMPLOYEE", "FORMER_EMPLOYEE", "CURRENT_CONTRACTOR", "FORMER_CONTRACTOR", "OUT_OF_SCOPE", "UNKNOWN", "SPECIAL_FORMER_EMPLOYEE", "SPECIAL_FORMER_CONTRACTOR", "FUTURE_HIRE", "SERVICE_ACCOUNT" ], "type": "string", "example": "CURRENT_EMPLOYEE", "description": "The new employment status for this personnel" }, "notHumanReason": { "type": "string", "maxLength": 30000, "example": "This is not a real personnel, but a placeholder for anyone in charge of X", "description": "Explains why the employment status of this personnel is marked as OUT_OF_SCOPE. This field is required if the employmentStatus is set to OUT_OF_SCOPE." }, "separationDate": { "type": "string", "example": "2020-07-06", "description": "The date when this personnel was separated from the company system. This field is required if the employmentStatus is either FORMER_EMPLOYEE or FORMER_CONTRACTOR" } }, "required": [ "employmentStatus" ] }, "PersonnelContractDateRequestPublicDto": { "type": "object", "properties": { "startDate": { "type": "string", "example": "2020-07-06", "description": "The date when this person started working on the company" }, "separationDate": { "type": "string", "example": "2020-07-06", "description": "The date when this person was separated from the company system." } }, "required": [ "startDate" ] }, "PersonnelTableResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/PersonnelDetailsTableResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" }, "dataAll": { "type": "object", "example": {}, "description": "Object containing properties that apply to the whole no paginated set of data" } }, "required": [ "data", "page", "limit", "total", "dataAll" ] }, "PersonnelDetailsTableResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Personnel Id" }, "employmentStatus": { "type": "string", "enum": [ "CURRENT_EMPLOYEE", "FORMER_EMPLOYEE", "CURRENT_CONTRACTOR", "FORMER_CONTRACTOR", "OUT_OF_SCOPE", "UNKNOWN", "SPECIAL_FORMER_EMPLOYEE", "SPECIAL_FORMER_CONTRACTOR", "FUTURE_HIRE", "SERVICE_ACCOUNT" ], "description": "The employment status of the personnel" }, "notHumanReason": { "type": "string", "nullable": true, "example": "This is not a real personnel, but a placeholder for anyone in charge of X", "description": "Explains why the employment status of this personnel is marked as OUT_OF_SCOPE" }, "osVersion": { "type": "string", "nullable": true, "example": "Windows 3.1", "description": "The OS version this personnel uses. DEPRECATED: Use devices[].osVersion instead", "deprecated": true }, "serialNumber": { "type": "string", "nullable": true, "example": "1A2B3C4D", "description": "The serial number of the machine this personnel uses. DEPRECATED: Use devices[].serialNumber instead", "deprecated": true }, "user": { "description": "The user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "reasonProvider": { "nullable": true, "description": "The user who provided the reason why this personnel was marked as OUT_OF_SCOPE", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "complianceChecks": { "example": "[]", "description": "Company products", "type": "array", "items": { "$ref": "#/components/schemas/ComplianceCheckResponsePublicDto" } }, "complianceTests": { "example": "[]", "description": "Compliance Tests", "type": "array", "items": { "$ref": "#/components/schemas/ComplianceTestResponsePublicDto" } }, "startDate": { "type": "string", "example": "2020-07-06", "description": "The date when this personnel was onboarded onto the company system" }, "separationDate": { "type": "string", "nullable": true, "example": "2020-07-06", "description": "The date when this personnel was separated from the company system" }, "statusUpdatedAt": { "type": "string", "nullable": true, "format": "date-time", "description": "The date when this personnel was manually updated" }, "data": { "description": "The Personnel Data DTO. DEPRECATED: Use devices[] array instead for device-specific information", "deprecated": true, "allOf": [ { "$ref": "#/components/schemas/PersonnelDataResponsePublicDto" } ] }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Personnel created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Personnel updated date timestamp" }, "devices": { "example": "[]", "description": "A list of the devices registered to the personnel", "type": "array", "items": { "$ref": "#/components/schemas/DeviceResponsePublicDto" } }, "agentEnabled": { "type": "boolean", "example": false, "description": "The agent status (ON/OFF)" }, "manualUploadEnabled": { "type": "boolean", "example": false, "description": "Manual evidence upload status (ON/OFF)" }, "devicesCount": { "type": "number", "description": "Number of devices associated to the personnel" }, "devicesFailingComplianceCount": { "type": "number", "description": "Number of devices that are not in compliance associated to the personnel" } }, "required": [ "id", "employmentStatus", "osVersion", "serialNumber", "user", "complianceChecks", "startDate", "statusUpdatedAt", "data", "createdAt", "updatedAt", "devices", "agentEnabled", "manualUploadEnabled" ] }, "DeviceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Device Id" }, "osVersion": { "type": "string", "nullable": true, "example": "MacOS 10.15.6", "description": "The device operating system version" }, "serialNumber": { "type": "string", "nullable": true, "example": "C02T6CDJGTFL", "description": "The device serial number" }, "model": { "type": "string", "nullable": true, "example": "MacBook Pro", "description": "The device model" }, "macAddress": { "type": "string", "nullable": true, "example": "65-F9-3D-85-7B-6B,99-A9-3E-14-7A-3E", "description": "The device MAC address" }, "encryptionEnabled": { "type": "boolean", "nullable": true, "example": false, "description": "Denotes device actual encryption status" }, "encryptionExplanation": { "type": "object", "nullable": true, "example": "No encryption provided", "description": "Encryption explanation" }, "firewallEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual firewall status" }, "firewallExplanation": { "type": "object", "nullable": true, "example": "{}", "description": "Firewall explanation" }, "lastCheckedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time device data checked by the source" }, "sourceType": { "type": "string", "example": "AGENT", "description": "The device source type" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device updated date timestamp" }, "deletedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device deleted date timestamp" }, "appsCount": { "type": "number", "nullable": true, "example": 20, "description": "The number of applications installed" }, "complianceChecks": { "example": [], "description": "The device compliance checks list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceComplianceCheckResponsePublicDto" } }, "identifiers": { "example": [], "description": "The device identifiers list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceIdentifierResponsePublicDto" } }, "documents": { "example": [], "description": "The device documents list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceDocumentResponsePublicDto" } }, "isDeviceCompliant": { "type": "boolean", "example": false, "description": "Is device compliant" }, "screenLockTime": { "type": "number", "nullable": true, "example": "60", "description": "The number of seconds the lock screen must be enabled before this device is prompted to enter a password" }, "screenLockExplanation": { "type": "object", "nullable": true, "example": { "minutesIdleBeforeSleep": "2", "minutesSleepingBeforePasswordIsRequired": "2" }, "description": "Screen lock explanation" }, "antivirusEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual antivirus status" }, "antivirusExplanation": { "type": "object", "nullable": true, "example": "No matching app was found", "description": "Antivirus explanation" }, "autoUpdateEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual auto-update status" }, "autoUpdateExplanation": { "type": "object", "nullable": true, "example": "No compliances found", "description": "Auto update explanation" }, "passwordManagerEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual password manager status" }, "passwordManagerExplanation": { "type": "object", "nullable": true, "example": { "passwordManagerApps": [ "1password 7" ] }, "description": "Password manager explanation" }, "agentVersion": { "type": "string", "nullable": true, "example": "1.0", "description": "The agent version this device uses" } }, "required": [ "id", "osVersion", "serialNumber", "model", "macAddress", "encryptionEnabled", "encryptionExplanation", "firewallEnabled", "firewallExplanation", "lastCheckedAt", "sourceType", "createdAt", "updatedAt", "deletedAt", "appsCount", "isDeviceCompliant", "screenLockTime", "screenLockExplanation", "antivirusEnabled", "antivirusExplanation", "autoUpdateEnabled", "autoUpdateExplanation", "passwordManagerEnabled", "passwordManagerExplanation", "agentVersion" ] }, "DeviceIdentifierResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Device identifier Id" }, "type": { "type": "string", "example": "SERIAL_NUMBER", "description": "The identifier type" }, "identifier": { "type": "string", "example": "C02CG123DC79", "description": "The identifier value" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Identifier createdAt timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Identifier updatedAt timestamp" } }, "required": [ "id", "type", "identifier", "createdAt", "updatedAt" ] }, "DeviceComplianceCheckResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Device compliance check ID" }, "status": { "type": "string", "example": "PASS", "description": "Denotes actual compliance" }, "type": { "type": "string", "example": "PASSWORD_MANAGER", "description": "The compliance type" }, "expiresAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this compliance is due for a re-verification" }, "checkFrequency": { "type": "string", "example": "DAILY", "description": "How often should this check be run for compliance" }, "lastCheckedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Compliance check last checked timestamp" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Compliance check creation timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Compliance check updated timestamp" } }, "required": [ "id", "status", "type", "expiresAt", "checkFrequency", "lastCheckedAt", "createdAt", "updatedAt" ] }, "PersonnelDataResponsePublicDto": { "type": "object", "properties": { "osVersion": { "type": "string", "nullable": true, "example": "MacOS 10.15.6", "description": "The Operating System version this personnel uses" }, "serialNumber": { "type": "string", "nullable": true, "example": "C02T6CDJGTFL", "description": "Workstation Serial Number this personnel uses" }, "screenLockTime": { "type": "number", "nullable": true, "example": "60", "description": "The number of seconds the lock screen must be enabled before this personnel is prompted to enter a password" }, "agentVersion": { "type": "string", "nullable": true, "example": "1.0", "description": "The Agent version this personnel uses" }, "macAddress": { "type": "string", "nullable": true, "example": "65-F9-3D-85-7B-6B,99-A9-3E-14-7A-3E", "description": "The MAC addresses of the machine this personnel uses" }, "lastcheckedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Personnel data last checked by agent timestamp" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Personnel created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Personnel updated date timestamp" } }, "required": [ "createdAt", "updatedAt" ] }, "ComplianceTestResponsePublicDto": { "type": "object", "properties": { "monitorId": { "type": "number", "example": 1, "description": "Monitor ID" }, "autopilotTaskType": { "type": "string", "enum": [ "IDENTITY_PROVIDER_MFA_ENABLED", "IDENTITY_PROVIDER_UNKNOWN_EMAIL", "INTERNAL_POLICY_INCIDENT_RESPONSE", "INTERNAL_POLICY_INCIDENT_RESPONSE_FOLLOW_UPS", "INTERNAL_POLICY_INCIDENT_RESPONSE_LESSONS_LEARNED", "INTERNAL_POLICY_INCIDENT_RESPONSE_TEAM", "INTERNAL_POLICY_DATA_CLASSIFICATION", "INTERNAL_POLICY_SDLC", "INTERNAL_POLICY_ACCEPTABLE_USE", "INTERNAL_POLICY_ACCESS_CONTROL", "INTERNAL_POLICY_INFORMATION_SECURITY", "INTERNAL_POLICY_CODE_OF_CONDUCT", "INTERNAL_POLICY_DATA_PROTECTION", "INTERNAL_POLICY_PASSWORD", "INTERNAL_POLICY_BACKUPS", "INTERNAL_POLICY_PHYSICAL_SECURITY", "INTERNAL_POLICY_RISK_ASSESSMENT", "INTERNAL_POLICY_DISASTER_RECOVERY", "INTERNAL_POLICY_ENCRYPTION", "INTERNAL_POLICY_SYSTEM_ACCESS_CONTROL", "INTERNAL_POLICY_RESPONSIBLE_DISCLOSURE", "INTERNAL_POLICY_EMPLOYEE_CONFIDENTIALITY", "INTERNAL_POLICY_EMPLOYEE_ACCESS_TO_CUSTOMER_DATA", "INTERNAL_POLICY_RISK_REMEDIATION", "INTERNAL_POLICY_VULNERABILITY_MANAGEMENT", "INTERNAL_DOCUMENT_ORGANIZATIONAL_CHART", "COMPANY_POLICIES_APPROVED", "COMPANY_POLICIES_CREATED", "COMPANY_BOD_UNIQUE", "INTERNAL_REPORT_RISK_ASSESSMENT", "INTERNAL_REPORT_RISK_REMEDIATION", "INTERNAL_REPORT_VULNERABILITY", "INTERNAL_REPORT_PENETRATION", "INTERNAL_REPORT_DISASTER_RECOVERY", "INTERNAL_REPORT_BACKUP_AND_COMPLETENESS", "INTERNAL_REPORT_ARCHITECTURAL_DIAGRAM", "INTERNAL_REPORT_NETWORK_DIAGRAM", "INTERNAL_URL_SUPPORT", "INTERNAL_URL_PRIVACY_POLICY", "INTERNAL_URL_TERMS_OF_SERVICE", "EMPLOYEES_POLICIES_APPROVED", "EMPLOYEES_ACCEPTABLE_USE_POLICY", "EMPLOYEES_CODE_OF_CONDUCT_POLICY", "EMPLOYEES_DATA_PROTECTION_POLICY", "AGENT_PASSWORD_MANAGER", "AGENT_ANTI_VIRUS_APPLICATION", "AGENT_AUTO_UPDATES_ENABLED", "CONTRACTORS_CODE_OF_CONDUCT_POLICY", "CONTRACTORS_ACCEPTABLE_USE_POLICY", "COMPANY_INFRASTRUCTURE_MFA_ENABLED", "COMPANY_INFRASTRUCTURE_SSL_ENABLED", "COMPANY_WEBSITE_SSL_ENFORCED", "COMPANY_WEBSITE_SSL_CERT_NOT_EXPIRED", "COMPANY_WEBSITE_SSL_CERT_STRONG_CIPHERS", "COMPANY_WEBSITE_SSL_HAS_KNOWN_ISSUES", "COMPANY_PRIORITIZE_SECURITY_ISSUES", "VERSION_CONTROL_ENABLED", "VERSION_CONTROL_MFA_ENABLED", "VERSION_CONTROL_CODE_REVIEW_PROCESS", "INFRASTRUCTURE_AUTHORIZATION_DETAILS", "INFRASTRUCTURE_PUBLIC_SSH_DENIED", "INFRASTRUCTURE_DATA_ENCRYPTED", "INFRASTRUCTURE_DATA_MULTI_AZ", "INFRASTRUCTURE_STORAGE_ENCRYPTED", "INFRASTRUCTURE_DATA_MONITOR_CPU", "INFRASTRUCTURE_DATA_MONITOR_READ_IO", "INFRASTRUCTURE_DATA_MONITOR_WRITE_IO", "INFRASTRUCTURE_DATA_MONITOR_FREE_STORAGE", "INFRASTRUCTURE_INSTANCE_MONITOR_CPU", "INFRASTRUCTURE_DISALLOWS_TRAFFIC", "INFRASTRUCTURE_HAS_WAF", "INFRASTRUCTURE_HAS_BALANCERS", "INFRASTRUCTURE_QUEUE_MONITOR_MESSAGE_AGE", "INFRASTRUCTURE_CLOUD_DATA_FREE_STORAGE", "INFRASTRUCTURE_CREDENTIAL_REPORT", "INFRASTRUCTURE_STORAGE_RESTRICTED", "INFRASTRUCTURE_STORAGE_VERSIONING", "INFRASTRUCTURE_DATA_BACKUPS", "INTERNAL_INFRASTRUCTURE_IDENTITIES_REMOVED", "INTERNAL_INFRASTRUCTURE_IDENTITIES_UNIQUE", "INFRASTRUCTURE_STORAGE_WAF", "INTERNAL_VERSION_CONTROL_IDENTITIES_UNIQUE", "INTERNAL_VERSION_CONTROL_IDENTITIES_REMOVED", "INTERNAL_INFRASTRUCTURE_LINKED", "INTERNAL_VERSION_CONTROL_IDENTITIES_ONLY_AUTHORIZED_ACCESS", "INTERNAL_POLICY_PASSWORD_MANAGER_REQUIRED", "INTERNAL_POLICY_SECURITY_AWARENESS", "INTERNAL_POLICY_SECURITY_ENCRYPTION", "INTERNAL_URL_EXTERNAL_JOBS", "EMPLOYEES_SECURITY_COMPLIANCE", "EMPLOYEES_BACKGROUND_CHECK_COMPLIANCE", "EMPLOYEES_LOCK_SCREEN_COMPLIANCE", "EMPLOYEES_HARD_DRIVE_ENCRYPTED_COMPLIANCE", "VERSION_CONTROL_WRITE_ACCESS_TO_REPOSITORY", "VERSION_CONTROL_WRITE_ACCESS_TO_PRODUCTION_CODE", "CONTRACTORS_BACKGROUND_CHECK_COMPLIANCE", "COMPANY_SECURITY_COMMITTEE", "INTERNAL_DOCUMENT_PERFORMANCE_EVALUATION", "INTERNAL_DOCUMENT_EMPLOYEE_AGREEMENT", "INTERNAL_DOCUMENT_ENGINEERING_JOB_DESCRIPTION", "INTERNAL_DOCUMENT_MSA", "INTERNAL_POLICY_DATA_RETENTION", "INTERNAL_POLICY_CUSTOMER_DATA_RETENTION", "INTERNAL_POLICY_CLEAN_DESK", "INTERNAL_POLICY_SENSITIVE_DATA_DISPOSAL", "INFRASTRUCTURE_ROOT_ACCOUNT_UNUSED", "CONTRACTORS_POLICIES_APPROVED", "CONTRACTORS_DATA_PROTECTION_POLICY", "LOGS_ARE_CENTRALLY_STORED", "ONLY_AUTHORIZED_USERS_CAN_ACCESS_LOG_SINKS", "LOGS_ARE_RETAINED_FOR_365_DAYS", "ENCRYPTION_IN_TRANSIT", "EXCESSIVE_PRIVILEGES_ASSIGNED", "EXTERNAL_EXPOSURE_OF_CLOUD_RESOURCES", "LOGS_MONITORED_FOR_SUSPICIOUS_ACTIVITY", "CAPACITY_AND_USAGE_MONITORING", "FORMER_PERSONNEL_OFFBOARDED", "INFRASTRUCTURE_FAILED_BACKUPS_ADDRESSED_IN_TIMELY_MANNER", "AUTO_SCALE_SERVER_INSTANCES", "INFRASTRUCTURE_CLOUD_DATA_MONITOR_CPU_LOAD", "INFRASTRUCTURE_CLOUDTRAIL_LOG_FILE_INTEGRITY", "INFRASTRUCTURE_FAILED_BACKUP_ALERTS", "INFRASTRUCTURE_SQL_FREEABLE_MEMORY_MONITORED", "INFRASTRUCTURE_DAILY_BACKUP_JOB_STATUS_MONITORED", "CUSTOM_TEST", "DRAFT_TEST", "INFRASTRUCTURE_IAM_PASSWORD_MINIMUM_LENGTH", "INFRASTRUCTURE_BUCKET_ACCESS_LOGGING", "INFRASTRUCTURE_RDS_MINIMUM_VERSION_UPGRADE", "INFRASTRUCTURE_CMK_ROTATION", "INFRASTRUCTURE_IAM_PASSWORD_REUSE", "VULNERABILITY_CRITICAL_ADDRESSED", "VULNERABILITY_HIGH_ADDRESSED", "INFRASTRUCTURE_IAM_ACCESS_KEY_ROTATION", "INFRASTRUCTURE_MFA_FOR_ROOT_ACCOUNT", "INFRASTRUCTURE_EBS_VOLUME_ENCRYPTION", "INFRASTRUCTURE_HARDWARE_MFA_FOR_ROOT_ACCOUNT", "INFRASTRUCTURE_VPC_FLOW_LOGGING", "INFRASTRUCTURE_S3_HTTP_REQUEST_DENIED", "INFRASTRUCTURE_IAM_GROUP_BASED_ACCESS_CONTROL", "INFRASTRUCTURE_IAM_UNUSED_CREDENTIALS", "INFRASTRUCTURE_CLOUD_TRAIL_LOGS_ENCRYPTED", "INFRASTRUCTURE_IAM_PRINCIPLE_OF_LEAST_PRIVILEGE", "INFRASTRUCTURE_SECURITY_GROUPS_RESTRICT_PUBLIC_RDP_ACCESS", "INFRASTRUCTURE_S3_OBJECT_LEVEL_LOGGING_FOR_RW_EVENTS", "INFRASTRUCTURE_EFS_ENCRYPTED_AT_REST", "INFRASTRUCTURE_RDS_PUBLIC_ACCESS_RESTRICTED", "INFRASTRUCTURE_VPC_DEFAULT_SECURITY_GROUPS_RESTRICT_ALL_TRAFFIC", "INFRASTRUCTURE_ACLS_PUBLIC_REMOTE_ADMIN_ACCESS_RESTRICTED", "VULNERABILITY_CRITICAL_ADDRESSED_SNYK", "VULNERABILITY_HIGH_ADDRESSED_SNYK", "VULNERABILITY_CRITICAL_ADDRESSED_TENABLE_VULNERABILITY_MANAGEMENT", "VULNERABILITY_HIGH_ADDRESSED_TENABLE_VULNERABILITY_MANAGEMENT", "VULNERABILITY_CRITICAL_ADDRESSED_QUALYS", "VULNERABILITY_HIGH_ADDRESSED_QUALYS", "VULNERABILITY_CRITICAL_ADDRESSED_SEMGREP", "VULNERABILITY_HIGH_ADDRESSED_SEMGREP", "VULNERABILITY_CRITICAL_ADDRESSED_CROWDSTRIKE_FALCON_EXPOSURE_MANAGEMENT", "VULNERABILITY_HIGH_ADDRESSED_CROWDSTRIKE_FALCON_EXPOSURE_MANAGEMENT", "VULNERABILITY_CRITICAL_ADDRESSED_SENTINELONE_SINGULARITY_VULNERABILITY_MANAGEMENT", "VULNERABILITY_HIGH_ADDRESSED_SENTINELONE_SINGULARITY_VULNERABILITY_MANAGEMENT", "VULNERABILITY_CRITICAL_ADDRESSED_MS_DEFENDER_VMS", "VULNERABILITY_HIGH_ADDRESSED_MS_DEFENDER_VMS", "VULNERABILITY_CRITICAL_ADDRESSED_RAPID7_VMS", "VULNERABILITY_HIGH_ADDRESSED_RAPID7_VMS", "INFRASTRUCTURE_CLASSIC_LOAD_BALANCER_LATENCY_MONITORED", "INFRASTRUCTURE_CLASSIC_LOAD_BALANCER_SERVER_ERRORS_MONITORED", "INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_UNHEALTHY_HOSTS_MONITORED", "INFRASTRUCTURE_CLASSIC_LOAD_BALANCER_UNHEALTHY_HOSTS_MONITORED", "INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_SERVER_ERRORS_MONITORED", "INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_TARGET_RESPONSE_TIME_MONITORED", "INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_REDIRECTS_HTTP_TO_HTTPS", "INFRASTRUCTURE_LAMBDA_ERROR_RATE_MONITORED", "INFRASTRUCTURE_EC2_INSTANCES_IMDSV1_DISABLED", "INFRASTRUCTURE_SECURITY_GROUPS_HTTP_ACCESS_RESTRICTED", "INFRASTRUCTURE_DATABASE_WRITES_IO_MONITORED", "INFRASTRUCTURE_DYNAMODB_POINT_IN_TIME_ENABLED", "INFRASTRUCTURE_LOG_ALERT_FOR_CREATE_POLICY_ASSIGNMENT", "INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_POLICY_ASSIGNMENT", "INFRASTRUCTURE_NSG_SSH_PUBLIC_ACCESS_RESTRICTED", "INFRASTRUCTURE_STORAGE_ACCOUNTS_ACCESSED_VIA_PRIVATE_ENDPOINTS", "INFRASTRUCTURE_WEB_APP_REDIRECTS_HTTP_TRAFFIC_TO_HTTPS", "INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_PUBLIC_IP_ADDRESS", "INFRASTRUCTURE_SQL_SERVERS_AUDITING", "INFRASTRUCTURE_STORAGE_ACCOUNTS_SECURE_TLS_CONFIGURATION", "INFRASTRUCTURE_LOG_ALERT_FOR_MANAGE_PUBLIC_IP_ADDRESS_RULE", "INFRASTRUCTURE_AUDIT_LOGS_ENABLED_FOR_EKS_CLUSTER", "INFRASTRUCTURE_PUBLIC_ACCESS_TO_CLUSTERS_CONTROL_PLANE_IS_RESTRICTED", "INFRASTRUCTURE_PRIVATE_ACCESS_TO_CLUSTERS_CONTROL_PLANE_IS_RESTRICTED", "INFRASTRUCTURE_LOG_ALERT_FOR_MANAGE_NETWORK_SECURITY_GROUP", "INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_NETWORK_SECURITY_GROUP", "INFRASTRUCTURE_LOG_ALERT_FOR_MANAGE_SECURITY_SOLUTION", "VULNERABILITY_CRITICAL_ADDRESSED_ARNICA", "VULNERABILITY_HIGH_ADDRESSED_ARNICA", "INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_SECURITY_SOLUTION", "INFRASTRUCTURE_POSTGRESQL_DATABASE_SERVER_LOG_CHECKPOINTS", "VULNERABILITY_CRITICAL_ADDRESSED_AIKIDO", "VULNERABILITY_HIGH_ADDRESSED_AIKIDO", "VULNERABILITY_CRITICAL_ADDRESSED_WIZ_VMS", "VULNERABILITY_HIGH_ADDRESSED_WIZ_VMS", "VULNERABILITY_CRITICAL_ADDRESSED_WIZ_CODE", "VULNERABILITY_HIGH_ADDRESSED_WIZ_CODE", "INFRASTRUCTURE_LOG_ALERT_FOR_CREATE_OR_UPDATE_SQL_SERVER_FIREWALL_RULE", "INFRASTRUCTURE_KEY_VAULTS_KEY_EXPIRATION", "INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_SQL_SERVER_FIREWALL_RULE", "INFRASTRUCTURE_SQL_DATA_ENCRYPTION", "VULNERABILITY_CRITICAL_ADDRESSED_MS_DEFENDER_VMS_GCC_HIGH", "VULNERABILITY_HIGH_ADDRESSED_MS_DEFENDER_VMS_GCC_HIGH", "VULNERABILITY_CRITICAL_ADDRESSED_ORCA_SECURITY", "VULNERABILITY_HIGH_ADDRESSED_ORCA_SECURITY", "VULNERABILITY_CRITICAL_ADDRESSED_UPWIND", "VULNERABILITY_HIGH_ADDRESSED_UPWIND", "VULNERABILITY_CRITICAL_ADDRESSED_GITLAB_VMS", "VULNERABILITY_HIGH_ADDRESSED_GITLAB_VMS", "INFRASTRUCTURE_AUTO_SCALING", "INFRASTRUCTURE_BACKUP_RETENTION", "INFRASTRUCTURE_TDE_ENABLED", "INFRASTRUCTURE_VERSIONING_ENABLED", "INFRASTRUCTURE_ZONE_REDUNDANCY", "INFRASTRUCTURE_LOGGING_ENABLED", "INFRASTRUCTURE_TLS_VERSION", "INFRASTRUCTURE_VPC_CONFIGURATION", "INFRASTRUCTURE_ENCRYPTION_IN_TRANSIT", "INFRASTRUCTURE_SECURITY_GROUPS", "INFRASTRUCTURE_BROAD_NETWORK_ACCESS_PATTERNS", "INFRASTRUCTURE_PUBLIC_ACCESS_RESTRICTED", "INFRASTRUCTURE_DENY_BY_DEFAULT", "INFRASTRUCTURE_AUTOMATIC_SOFTWARE_UPDATES", "INFRASTRUCTURE_LOG_INTEGRITY", "INFRASTRUCTURE_TLS_CIPHERS", "INFRASTRUCTURE_WAF_ENABLED", "INFRASTRUCTURE_AUTOMATED_BACKUPS", "INFRASTRUCTURE_SECURE_API_VERSION", "INFRASTRUCTURE_LOG_RETENTION", "INFRASTRUCTURE_DISABLE_DEFAULT_ACCOUNTS", "INFRASTRUCTURE_SECRET_ROTATION", "INFRASTRUCTURE_DELETION_PROTECTION", "INFRASTRUCTURE_TAGGING", "INFRASTRUCTURE_KEY_ROTATION", "INFRASTRUCTURE_RUNTIME_CONFIGURATION", "INFRASTRUCTURE_DATA_RETENTION", "INFRASTRUCTURE_BROAD_POLICY_ACCESS_PATTERNS", "INFRASTRUCTURE_RBAC", "INFRASTRUCTURE_AUTOMATIC_REPAIRS", "INFRASTRUCTURE_CONNECTION_DRAINING", "INFRASTRUCTURE_HIGH_AVAILABILITY", "INFRASTRUCTURE_POLICY_BASED_ACCESS_CONTROL" ], "description": "Autopilot Task Type" }, "controlTestInstanceId": { "type": "number", "example": 43, "description": "Control Test Instance ID" }, "testId": { "type": "number", "example": 43, "description": "Test ID" }, "name": { "type": "string", "example": "MFA on Identity Provider", "description": "Test name" }, "checkStatus": { "type": "string", "enum": [ "UNUSED", "NEW", "ENABLED", "DISABLED", "TESTING" ], "description": "Check Status" }, "checkResultStatus": { "type": "string", "enum": [ "READY", "PASSED", "FAILED", "ERROR", "PREAUDIT" ], "description": "Check Result Status" }, "lastCheck": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time Drata checked for compliance" } }, "required": [ "monitorId", "autopilotTaskType", "controlTestInstanceId", "testId", "name", "checkStatus", "checkResultStatus", "lastCheck" ] }, "ComplianceCheckResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Compliance check ID" }, "status": { "type": "string", "enum": [ "MISCONFIGURED", "PASS", "FAIL", "EXCLUDED" ], "description": "Denotes actual compliance" }, "type": { "type": "string", "enum": [ "FULL_COMPLIANCE", "ACCEPTED_POLICIES", "IDENTITY_MFA", "BG_CHECK", "AGENT_INSTALLED", "PASSWORD_MANAGER", "HDD_ENCRYPTION", "ANTIVIRUS", "AUTO_UPDATES", "LOCK_SCREEN", "SECURITY_TRAINING", "LOCATION_SERVICES", "HIPAA_TRAINING", "OFFBOARDING", "NIST_AI_TRAINING" ], "description": "The compliance type" }, "completionDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date the user completed the compliance activity. A null value indicates the user is not compliant, possibly because evidence was deleted or is past its renewal date." }, "expiresAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When this compliance is due for a re-verification" }, "checkFrequency": { "type": "string", "enum": [ "ONCE", "HOURLY", "QID", "DAILY", "WEEKLY", "BIWEEKLY", "MONTHLY", "QUARTERLY", "YEARLY" ], "description": "How often should this check be run for compliance" }, "lastCheckedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time Drata checked for compliance" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Compliance check creation timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Compliance check updated timestamp" } }, "required": [ "id", "status", "type", "completionDate", "expiresAt", "checkFrequency", "lastCheckedAt", "createdAt", "updatedAt" ] }, "PersonnelDetailsResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Personnel Id" }, "employmentStatus": { "type": "string", "enum": [ "CURRENT_EMPLOYEE", "FORMER_EMPLOYEE", "CURRENT_CONTRACTOR", "FORMER_CONTRACTOR", "OUT_OF_SCOPE", "UNKNOWN", "SPECIAL_FORMER_EMPLOYEE", "SPECIAL_FORMER_CONTRACTOR", "FUTURE_HIRE", "SERVICE_ACCOUNT" ], "description": "The employment status of the personnel" }, "notHumanReason": { "type": "string", "nullable": true, "example": "This is not a real personnel, but a placeholder for anyone in charge of X", "description": "Explains why the employment status of this personnel is marked as OUT_OF_SCOPE" }, "osVersion": { "type": "string", "nullable": true, "example": "Windows 3.1", "description": "The OS version this personnel uses. DEPRECATED: Use devices[].osVersion instead", "deprecated": true }, "serialNumber": { "type": "string", "nullable": true, "example": "1A2B3C4D", "description": "The serial number of the machine this personnel uses. DEPRECATED: Use devices[].serialNumber instead", "deprecated": true }, "user": { "description": "The user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "reasonProvider": { "nullable": true, "description": "The user who provided the reason why this personnel was marked as OUT_OF_SCOPE", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "complianceChecks": { "example": "[]", "description": "Company products", "type": "array", "items": { "$ref": "#/components/schemas/ComplianceCheckResponsePublicDto" } }, "complianceTests": { "example": "[]", "description": "Compliance Tests", "type": "array", "items": { "$ref": "#/components/schemas/ComplianceTestResponsePublicDto" } }, "startDate": { "type": "string", "example": "2020-07-06", "description": "The date when this personnel was onboarded onto the company system" }, "separationDate": { "type": "string", "nullable": true, "example": "2020-07-06", "description": "The date when this personnel was separated from the company system" }, "statusUpdatedAt": { "type": "string", "nullable": true, "format": "date-time", "description": "The date when this personnel was manually updated" }, "data": { "description": "The Personnel Data DTO. DEPRECATED: Use devices[] array instead for device-specific information", "deprecated": true, "allOf": [ { "$ref": "#/components/schemas/PersonnelDataResponsePublicDto" } ] }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Personnel created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Personnel updated date timestamp" }, "devices": { "example": "[]", "description": "A list of the devices registered to the personnel", "type": "array", "items": { "$ref": "#/components/schemas/DeviceResponsePublicDto" } } }, "required": [ "id", "employmentStatus", "osVersion", "serialNumber", "user", "complianceChecks", "startDate", "statusUpdatedAt", "data", "createdAt", "updatedAt", "devices" ] }, "ManualBackgroundCheckRequestPublicDto": { "type": "object", "properties": { "url": { "type": "string", "maxLength": 768, "format": "uri", "example": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "The URL of the background check" }, "filedAt": { "type": "string", "example": "2020-07-06", "description": "The date when this background check data was uploaded to Drata" } }, "required": [ "url", "filedAt" ] }, "AssetResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Assessment ID" }, "name": { "type": "string", "example": "MacbookPro 13", "description": "The name of the asset" }, "description": { "type": "string", "example": "MacbookPro 13", "description": "The description of the asset" }, "assetType": { "type": "string", "example": "PHYSICAL", "description": "The asset type" }, "assetProvider": { "type": "string", "example": "AGENT", "description": "The asset source provider" }, "approvedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When the asset was approved (if applicable)" }, "removedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When the asset stopped being tracked" }, "assetClassTypes": { "example": "AssetClassTypeResponseDto[]", "description": "Asset class types associated to this asset", "type": "array", "items": { "$ref": "#/components/schemas/AssetClassTypeResponsePublicDto" } }, "company": { "type": "string", "example": "Acme, Inc", "description": "The owning company of the asset" }, "owner": { "description": "The user response DTO", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "employmentStatus": { "type": "string", "example": "CURRENT_EMPLOYEE", "description": "The employment status of the personnel" }, "notes": { "type": "string", "description": "The asset notes" }, "assetReferenceType": { "type": "string", "example": "PERSONNEL", "description": "The asset reference type" }, "uniqueId": { "type": "string", "example": "C02T6CDJGTFL", "description": "Unique Id associated with this asset" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "asset created timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "asset update timestamp" }, "device": { "description": "The device response DTO", "allOf": [ { "$ref": "#/components/schemas/DeviceResponsePublicDto" } ] }, "externalId": { "type": "string", "example": "i-0c844e3b433e4e3f", "description": "An externally sourced unique identifier for a virtual asset" }, "externalOwnerId": { "type": "string", "example": "account-353", "description": "Used to track the source of virtual assets, typically an account id." } }, "required": [ "id", "name", "description", "assetType", "assetProvider", "approvedAt", "removedAt", "assetClassTypes", "company", "owner", "notes", "assetReferenceType", "uniqueId", "createdAt", "updatedAt", "device", "externalId" ] }, "AssetClassTypeResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Asset class type ID" }, "assetClassType": { "type": "string", "example": "DOCUMENT", "description": "The string enum asset class type" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "asset class type created timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "asset class type update timestamp" } }, "required": [ "id", "assetClassType", "createdAt", "updatedAt" ] }, "AssetRequestPublicDto": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 191, "example": "Asset name", "description": "The asset name" }, "description": { "type": "string", "maxLength": 191, "example": "This is a description", "description": "The asset description" }, "notes": { "type": "string", "maxLength": 191, "example": "This is a note", "description": "The asset notes" }, "assetClassTypes": { "type": "array", "items": { "type": "string", "enum": [ "HARDWARE", "POLICY", "DOCUMENT", "PERSONNEL", "SOFTWARE", "CODE", "CONTAINER", "COMPUTE", "NETWORKING", "DATABASE", "STORAGE" ] }, "example": [ "HARDWARE", "PERSONNEL" ], "description": "The asset class types" }, "assetType": { "enum": [ "PHYSICAL", "VIRTUAL" ], "type": "string", "example": "PHYSICAL", "description": "The asset type" }, "ownerId": { "type": "number", "example": 1, "description": "The owner id" }, "uniqueId": { "type": "string", "example": "C02T6CDJGTFL", "description": "Unique Id associated with this asset" }, "removedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date the asset was removed" }, "externalId": { "type": "string", "example": "i-0c844e3b433e4e3f", "description": "An externally sourced unique identifier for a virtual asset" }, "externalOwnerId": { "type": "string", "example": "account-353", "description": "Used to track the source of virtual assets, typically an account id" } }, "required": [ "name", "description", "assetClassTypes", "assetType", "ownerId" ] }, "AssetsResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/AssetResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "TrustCenterRequestRequestPublicDto": { "type": "object", "properties": { "email": { "type": "string", "format": "email", "example": "example@email.com", "description": "Email of requester" }, "name": { "type": "string", "example": "FirstName", "description": "First name of requester" }, "lastname": { "type": "string", "example": "LastName", "description": "Last name of requester" }, "company": { "type": "string", "example": "Company", "description": "Company of requester" }, "acceptTerms": { "type": "boolean", "example": true, "description": "Accept the NDA terms and conditions" }, "documents": { "example": [ { "documentId": 1, "type": "POLICY" }, { "documentId": 2, "type": "SECURITY_REPORT" } ], "description": "Private documents to request access", "type": "array", "items": { "$ref": "#/components/schemas/TrustCenterRequestDocumentTypePublicDto" } }, "flowType": { "enum": [ "SELF", "DIGITAL_SIGNATURE", "NO_NDA_REQUIRED", "SALESFORCE_CRM" ], "type": "string", "example": "SELF", "description": "Type of private flow" } }, "required": [ "email", "name", "lastname", "company", "acceptTerms", "documents", "flowType" ] }, "TrustCenterRequestDocumentTypePublicDto": { "type": "object", "properties": { "documentId": { "type": "number", "description": "The private document id", "example": 1 }, "type": { "enum": [ "COMPLIANCE", "POLICY", "SECURITY_REPORT" ], "type": "string", "description": "The private document type", "example": "SECURITY_REPORT" } }, "required": [ "documentId", "type" ] }, "TrustCenterRequestsResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/TrustCenterRequestResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "TrustCenterRequestResponsePublicDto": { "type": "object", "properties": { "requestId": { "type": "string", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "Request ID" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Created at" }, "expirationDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "End date" }, "name": { "type": "string", "example": "Adam", "description": "The requester name" }, "lastname": { "type": "string", "example": "Markowitz", "description": "The requester last name" }, "email": { "type": "string", "format": "email", "example": "adam@drata.com", "description": "The requester email" }, "company": { "type": "string", "example": "Socpilot", "description": "The requester company" }, "flowType": { "type": "string", "example": "SELF", "description": "Private Flow Type" }, "isAutoApproved": { "type": "boolean", "example": false, "description": "Whether the request is auto approved or not" }, "status": { "type": "string", "example": "APPROVED", "description": "Status of the request" }, "reviewedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Reviewed at" } }, "required": [ "requestId", "createdAt", "expirationDate", "name", "lastname", "email", "company", "flowType", "isAutoApproved" ] }, "TrustCenterAllPrivateDocumentsResponsePublicDto": { "type": "object", "properties": { "privateDocuments": { "type": "array", "items": { "type": "object", "properties": { "id": { "type": "number" }, "name": { "type": "string" }, "type": { "enum": [ "COMPLIANCE", "POLICY", "SECURITY_REPORT" ] }, "file": { "type": "string" }, "created_at": { "type": "string", "format": "date-time" }, "version": { "type": "number" }, "isPublic": { "type": "boolean", "nullable": true } } }, "description": "Policies, Compliance and Security Reports private documents" } }, "required": [ "privateDocuments" ] }, "CompanyInfoResponsePublicDto": { "type": "object", "properties": { "name": { "type": "string", "example": "Drata", "description": "Company's common name" }, "securityEmails": { "type": "string", "example": "security@drata.com", "description": "Company's security/compliance email" }, "about": { "type": "string", "example": "We are a startup ...", "description": "About the company" }, "privacyUrl": { "type": "string", "example": "https://drata.com/privacy", "description": "Company's privacy url" }, "privacyDescription": { "type": "string", "example": "Drata Inc is a company ...", "description": "Company's privacy description" }, "headerTemplate": { "type": "string", "example": "
Drata
", "description": "Header template in HTML format" }, "footerTemplate": { "type": "string", "example": "", "description": "Footer template in HTML format" }, "favicon": { "type": "object", "properties": { "name": { "type": "string" }, "file": { "type": "string" } }, "example": { "name": "Favicon", "file": "https://drata.com/favicon.ico" }, "description": "Favicon URL for Trust Page" }, "nda": { "type": "object", "properties": { "name": { "type": "string" }, "file": { "type": "string" } }, "example": { "name": "NDA", "file": "https://drata.com/nda.pdf" }, "description": "NDA for Trust Page" }, "contactUrl": { "type": "string", "example": "https://acme.drata.net/contactus", "description": "Company's contact url" }, "aboutUpdatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "About updated at timestamp" }, "privacyUpdatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Privacy updated at timestamp" } }, "required": [ "name", "securityEmails", "about", "privacyDescription", "headerTemplate", "favicon", "nda", "aboutUpdatedAt", "privacyUpdatedAt" ] }, "CompanyInfoPrivateAccessRequestPublicDto": { "type": "object", "properties": { "securityEmails": { "type": "string", "maxLength": 768, "example": "security@drata.com", "description": "Company's security/compliance email" }, "removeNda": { "type": "boolean", "example": true, "description": "Remove the current NDA?" }, "preapprovedEmailDomains": { "example": "domain.com", "description": "List of preapproved email domains", "type": "array", "items": { "type": "string" } } } }, "TrustCenterPrivateAccessResponsePublicDto": { "type": "object", "properties": { "flowType": { "type": "string", "example": "SELF", "description": "Private flow type" }, "preapprovedEmailDomains": { "example": [ { "id": 1, "name": "domain.com", "createdAt": "2020-07-06", "deletedAt": null } ], "description": "List of preapproved email domains", "type": "array", "items": { "$ref": "#/components/schemas/TrustCenterPreapprovedEmailDomainResponsePublicDto" } }, "preapprovedEmailAddresses": { "example": [ { "id": 1, "name": "user@domain.com", "createdAt": "2025-07-01T16:45:55.246Z", "deletedAt": null } ], "description": "List of preapproved email addresses", "type": "array", "items": { "$ref": "#/components/schemas/TrustCenterPreapprovedEmailAddressResponsePublicDto" } } }, "required": [ "flowType", "preapprovedEmailDomains", "preapprovedEmailAddresses" ] }, "TrustCenterPreapprovedEmailAddressResponsePublicDto": { "type": "object", "properties": { "name": { "type": "string", "example": "user@domain.com", "description": "Preapproved email address" } }, "required": [ "name" ] }, "TrustCenterPreapprovedEmailDomainResponsePublicDto": { "type": "object", "properties": { "name": { "type": "string", "example": "domain.com", "description": "Preapproved email domain name" } }, "required": [ "name" ] }, "TrustCenterRequestDeniedResponsePublicDto": { "type": "object", "properties": { "isDenied": { "type": "boolean", "description": "Access request denied" } }, "required": [ "isDenied" ] }, "TrustCenterRequestApproveResponsePublicDto": { "type": "object", "properties": { "isApproved": { "type": "boolean", "description": "Access request approved", "example": true }, "trackingId": { "type": "string", "description": "Digital Signature Request tracking ID", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd" } }, "required": [ "isApproved" ] }, "TrustCenterApproveRequestRequestPublicDto": { "type": "object", "properties": { "expiration": { "type": "number", "maximum": 1825, "example": 365, "description": "Number of days to expire" }, "expirationType": { "enum": [ "DAYS", "WEEKS", "MONTHS", "YEARS" ], "type": "string", "example": "DAYS", "description": "Default Access Length Type" }, "isNewExpiration": { "type": "boolean", "example": false, "description": "Is update expiration date checked" } }, "required": [ "expirationType" ] }, "TrustCenterRequestDocumentWithNameResponsePublicDto": { "type": "object", "properties": { "email": { "type": "string", "description": "Requester Email", "example": "example@drata.com" }, "firstName": { "type": "string", "description": "Requester first name", "example": "Alondra" }, "lastName": { "type": "string", "description": "Requester last name", "example": "Ramos" }, "company": { "type": "string", "description": "Requester company", "example": "Acme" }, "requestId": { "type": "string", "description": "Request ID", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd" }, "managedBy": { "type": "string", "description": "Admin account", "example": "Brayan Perez" }, "documents": { "type": "array", "items": { "type": "object", "properties": { "id": { "type": "number" }, "name": { "type": "string" }, "type": { "enum": [ "COMPLIANCE", "POLICY", "SECURITY_REPORT" ] }, "file": { "type": "string" }, "created_at": { "type": "string", "format": "date-time" }, "version": { "type": "number" }, "isPublic": { "type": "boolean" } } }, "description": "Request documents", "example": "[{\n id: 5,\n name: Report 5,\n approvedAt: 2025-07-01T16:45:55.246Z,\n deniedAt: 2025-07-01T16:45:55.246Z\n }]" }, "statuses": { "description": "Request statuses", "example": "[{\n status: 'APPROVED',\n source: 'SELF',\n createdAt: 2025-07-01T16:45:55.246Z,\n user: 'John Doe',\n }]", "type": "array", "items": { "$ref": "#/components/schemas/TrustCenterRequestStatusPublicDto" } }, "ndaUrl": { "type": "string", "description": "DocuSign NDA URL", "example": "https://acme.com" }, "flowType": { "type": "string", "example": "SELF", "description": "Private flow type" }, "autoApproveType": { "type": "string", "nullable": true, "example": "SELF", "description": "Auto approved type" } }, "required": [ "email", "firstName", "lastName", "company", "requestId", "managedBy", "documents", "statuses", "flowType", "autoApproveType" ] }, "TrustCenterRequestStatusPublicDto": { "type": "object", "properties": { "status": { "type": "string", "description": "Status", "enum": [ "PROCESS_ERROR", "APPROVED", "DENIED", "NDA_SENT", "NDA_SIGNED", "FILES_SENT", "NDA_EXPIRED", "PENDING", "REVOKED", "ACCESS_EXPIRED", "AUTO_APPROVED" ], "example": "APPROVED" }, "source": { "type": "string", "description": "Status creation source", "enum": [ "SELF", "DOCUSIGN", "SALESFORCE" ], "example": "SELF" }, "createdAt": { "type": "string", "format": "date-time", "description": "Date of status creation", "example": "2025-07-01T16:45:55.246Z" }, "user": { "type": "string", "description": "Status creation user name", "example": "John Doe" } }, "required": [ "status", "source", "createdAt" ] }, "MonitoringControlsResponsePublicDto": { "type": "object", "properties": { "isSLADisplayed": { "type": "boolean", "description": "SLA is or not displayed" }, "slaTime": { "type": "number", "description": "Time of compliance" }, "controls": { "type": "object", "description": "Controls of the tenant" } }, "required": [ "isSLADisplayed", "slaTime", "controls" ] }, "EvidenceSyncResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Evidence id" } }, "required": [ "id" ] }, "EvidenceSyncRequestPublicDto": { "type": "object", "properties": { "safeBaseSyncStatus": { "enum": [ "NOT_SYNCED", "PENDING", "COMPLETE", "ERROR" ], "type": "string", "example": "COMPLETE", "description": "The SafeBase sync status of the document" }, "safeBaseDocumentId": { "type": "string", "nullable": true, "example": "1234", "description": "The Safebase document ID" } }, "required": [ "safeBaseSyncStatus" ] }, "EvidenceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Evidence id" }, "name": { "type": "string", "example": "Security training", "description": "The name of the evidence" }, "description": { "type": "string", "example": "Security Training completed evidence test", "description": "The description of the evidence" }, "implementationGuidance": { "type": "string", "example": "Example of architectural diagram www.drata/arch-diagram-example.com", "description": "Guidance for implementing evidence" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Evidence created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Evidence updated date timestamp" }, "user": { "description": "The user that uploaded the evidence", "allOf": [ { "$ref": "#/components/schemas/UserCardResponsePublicDto" } ] }, "controls": { "description": "Array of controls mapped to this evidence", "type": "array", "items": { "$ref": "#/components/schemas/ControlMonitorResponsePublicDto" } }, "renewalSchema": { "description": "The renewal schema of evidence", "allOf": [ { "$ref": "#/components/schemas/EvidenceLibraryRenewalSchemaResponsePublicDto" } ] }, "isExpired": { "type": "boolean", "example": false, "description": "The evidence is expired; passed its renewal date" }, "versions": { "example": [ { "id": 1, "source": "https://drata.com/evidence", "type": "URL", "version": 1, "current": true, "filedAt": "2020-07-06" } ], "description": "Library document linked versions data", "type": "array", "items": { "$ref": "#/components/schemas/EvidenceLibraryVersionResponsePublicDto" } } }, "required": [ "id", "name", "description", "implementationGuidance", "createdAt", "updatedAt", "user", "controls", "renewalSchema", "isExpired", "versions" ] }, "EvidenceLibraryVersionResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Evidence version ID. Use this value for API operations." }, "source": { "type": "string", "example": "http://www.example.com", "description": "Evidence version source" }, "type": { "type": "string", "example": "URL", "description": "Evidence version type" }, "version": { "type": "number", "example": 1, "description": "Version number (sequential counter). This is *not* the version ID - use the `id` field for API operations." }, "current": { "type": "boolean", "example": true, "description": "Set if the version is the current" }, "filedAt": { "type": "string", "nullable": true, "example": "2020-07-06", "description": "Evidence version creation date" }, "metadata": { "example": { "originalFileName": "evidence.pdf", "mimeType": "pdf", "fileCreatedAt": "2020-07-06" }, "description": "Evidence version metadata", "allOf": [ { "$ref": "#/components/schemas/EvidenceLibraryVersionMetadataResponsePublicDto" } ] } }, "required": [ "id", "source", "type", "version", "current", "metadata" ] }, "EvidenceLibraryVersionMetadataResponsePublicDto": { "type": "object", "properties": { "originalFileName": { "type": "string", "example": "evidence.pdf", "description": "Evidence file name" }, "extension": { "type": "string", "example": "pdf", "description": "Evidence file type" }, "fileCreatedAt": { "type": "string", "format": "date-time", "example": "2020-07-06", "description": "Evidence file creation date" } } }, "EvidenceLibraryRenewalSchemaResponsePublicDto": { "type": "object", "properties": { "renewalDate": { "type": "string", "nullable": true, "example": "2020-07-06", "description": "Evidence renewal date" }, "renewalScheduleType": { "type": "string", "example": "ONE_YEAR", "description": "The renewal date schedule type of evidence", "enum": [ "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "ONE_YEAR", "CUSTOM", "NONE" ] } } }, "ControlMonitorResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "123", "description": "Control id" }, "name": { "type": "string", "example": "Databases Monitored and Alarmed", "description": "Control name" }, "code": { "type": "string", "example": "DCF-1002", "description": "Control code" }, "description": { "type": "string", "example": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on predetermined criteria. Incidents are escalated per policy.", "description": "Control description" }, "question": { "type": "string", "example": "Does the organization implement tools to monitor its databases and notify appropriate personnel of incidents based on predetermined criteria?", "description": "Control question" }, "activity": { "type": "string", "example": "1. Ensure tools are implemented to monitor databases 2. Ensure notifications based on specific criteria are sent to the appropriate personnel 3. Escalate incidents appropriately", "description": "Control activity" }, "slug": { "type": "string", "example": "databases-monitored-and-alarmed", "description": "Control slug" }, "archivedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date control was archived at or NULL" } }, "required": [ "id", "name", "code", "description", "question", "activity", "slug", "archivedAt" ] }, "UserCardResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "User ID" }, "entryId": { "type": "string", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "User Entry ID" }, "email": { "type": "string", "example": "email@email.com", "description": "User email" }, "firstName": { "type": "string", "nullable": true, "example": "Sally", "description": "User first name" }, "lastName": { "type": "string", "nullable": true, "example": "Smith", "description": "User last name" }, "jobTitle": { "type": "string", "nullable": true, "example": "CEO", "description": "User job title" }, "avatarUrl": { "type": "string", "nullable": true, "example": "https://cdn-prod.imgpilot.com/avatar.png", "description": "User avatar URL" }, "drataTermsAgreedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User agreed to the Drata terms date timestamp" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "User updated date timestamp" } }, "required": [ "id", "entryId", "email", "createdAt", "updatedAt" ] }, "EvidenceRequestPublicDto": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 191, "example": "Security Training", "description": "Document name" }, "description": { "type": "string", "nullable": true, "maxLength": 30000, "example": "Security Training completed evidence", "description": "Library document description" }, "renewalDate": { "type": "string", "example": "2020-07-06", "description": "Library document renewal date" }, "renewalScheduleType": { "enum": [ "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "ONE_YEAR", "CUSTOM", "NONE" ], "type": "string", "example": "ONE_YEAR", "description": "Library Document renewal schedule type" }, "file": { "type": "string", "format": "binary", "description": "Accepted file extensions: .pdf, .docx, .odt, .doc, .xlsx, .ods, .pptx, .odp, .gif, .jpg, .jpeg, .png, .json, .csv, .md, .markdown, .txt, .html, .log, .zip, .msg, .mp4" }, "base64File": { "type": "string", "example": { "base64String": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABg", "filename": "excellent-filename" }, "description": "JSON string with external evidence in Base64 format." }, "source": { "enum": [ "URL", "S3_FILE", "TICKET_PROVIDER", "NONE", "GOOGLE_DRIVE", "ONE_DRIVE", "BOX", "DROPBOX", "SHARE_POINT", "TEST_RESULT" ], "type": "string", "example": "URL", "description": "The type of evidence. For local files, please use S3_FILE" }, "url": { "type": "string", "nullable": true, "maxLength": 768, "format": "uri", "example": "https://url.com", "description": "The url to the evidence" }, "filedAt": { "type": "string", "example": "2020-07-06", "description": "The date in which the evidence was originally filed/created" }, "ownerId": { "type": "number", "example": 1, "description": "Owner id" }, "controlIds": { "nullable": true, "example": [ 1, 2 ], "description": "List of control IDs", "type": "array", "items": { "type": "number" } }, "ticketUrl": { "type": "string", "nullable": true, "example": "https://acme.jira.com/browse/ISSUE-1234", "description": "Ticket provider url", "format": "uri" } }, "required": [ "name", "renewalDate", "renewalScheduleType", "source", "filedAt", "ownerId" ] }, "EvidenceLibraryResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/EvidenceResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "DeviceAppsPaginatedResponsePublicDto": { "type": "object", "properties": { "data": { "description": "The set of installed apps for this device", "example": [ { "id": 242, "installedApp": "Photoshop version 26.0 license 1a2b3c" }, { "id": 243, "installedApp": "Microsoft Word version 2411 (Build 18227.20162) license 9w9e8b" } ], "type": "array", "items": { "$ref": "#/components/schemas/DeviceAppResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "DeviceAppResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Installed app Id" }, "installedApp": { "type": "string", "example": "Adobe Photoshop version 3.3 license 1a2b3c4d", "description": "The app description" } }, "required": [ "id", "installedApp" ] }, "CreateDeviceRequestPublicDto": { "type": "object", "properties": { "personnelId": { "type": "number", "example": 1, "description": "Personnel Id" }, "alias": { "type": "string", "maxLength": 191, "example": "danielm-01", "description": "Name of the device." }, "antivirusEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Flag to indicate antivirus software is installed and enabled" }, "antivirusExplanation": { "type": "object", "example": { "antivirusApps": [ "Crowdstrike windows sensor" ] }, "description": "Any additional information to explain the antivirusEnabled value" }, "appList": { "description": "List of installed applications", "type": "array", "items": { "$ref": "#/components/schemas/AppTypeRequestPublicDto" } }, "autoUpdateEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Flag to indicate auto-update enabled or disabled" }, "autoUpdateExplanation": { "type": "object", "example": "Disabled", "description": "Any additional information to explain the autoUpdateEnabled value" }, "browserExtensions": { "description": "List of installed browser extensions", "type": "array", "items": { "$ref": "#/components/schemas/AppTypeRequestPublicDto" } }, "externalId": { "type": "string", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "An externally-sourced unique identifier for a device" }, "firewallEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Flag to indicate the firewall is enabled or disabled" }, "firewallExplanation": { "type": "object", "example": "On", "description": "Any additional information to explain the firewallEnabled value" }, "passwordManagerEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Flag to indicate a password manager is in use" }, "encryptionEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Flag to indicate hard disk is encrypted" }, "encryptionExplanation": { "type": "object", "example": { "bootPartitionEncryptionDetails": { "partitionFileVault2Percent": 100, "partitionFileVault2State": "ENCRYPTED", "partitionName": "Macintosh HD (Boot Partition)" } }, "description": "Any additional information to explain the encryptionEnabled value" }, "model": { "type": "string", "maxLength": 191, "example": "Mac16,1", "description": "Hardware model" }, "serialNumber": { "type": "string", "example": "BKH8RXT4T9", "description": "Hardware serial number" }, "macAddress": { "type": "string", "nullable": true, "example": "01-23-45-67-89-AB", "description": "MAC address" }, "passwordManagerExplanation": { "type": "object", "example": { "passwordManagerApps": [ "1password" ] }, "description": "Any additional information to explain the hasPasswordManager value" }, "platformName": { "example": "MACOS", "description": "The Operating System (OS) platform name of the device", "allOf": [ { "$ref": "#/components/schemas/AgentPlatformEnum" } ] }, "platformVersion": { "type": "string", "maxLength": 191, "description": "The Operating System (OS) platform version of the device" }, "screenLockEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Flag to indicate hard disk is encrypted" }, "screenLockExplanation": { "type": "object", "example": "ScreenLock delay is immediate", "description": "Any additional information to explain the screenLockTime value" }, "screenLockTime": { "type": "number", "example": 15, "description": "Amount of time before display is turned off" }, "windowsServices": { "description": "List of applicable Windows services", "type": "array", "items": { "$ref": "#/components/schemas/WindowsServiceRequestPublicDto" } } }, "required": [ "personnelId", "platformName", "platformVersion" ] }, "WindowsServiceRequestPublicDto": { "type": "object", "properties": { "description": { "type": "string", "example": "Security feature that monitors and controls network traffic entering and exiting the device", "description": "Windows service description." }, "name": { "type": "string", "example": "Windows Firewall", "description": "Windows service name" }, "startType": { "type": "string", "example": "Automatic", "description": "Windows service" }, "status": { "type": "string", "example": "Running", "description": "Windows service status" } }, "required": [ "description", "name", "startType", "status" ] }, "AgentPlatformEnum": { "type": "string", "enum": [ "MACOS", "WINDOWS", "LINUX", "UNIX", "ANDROID" ] }, "AppTypeRequestPublicDto": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 191, "example": "Microsoft Defender Antivirus", "description": "Name of application" }, "version": { "type": "string", "maxLength": 191, "example": "1.421.12.0", "description": "Version of application" }, "description": { "type": "string", "nullable": true, "example": "Microsoft Defender Antivirus", "description": "Protects against new malware and attack techniques." } }, "required": [ "name", "version" ] }, "DeviceResponseIdPublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Device Id" }, "osVersion": { "type": "string", "nullable": true, "example": "MacOS 10.15.6", "description": "The device operating system version" }, "serialNumber": { "type": "string", "nullable": true, "example": "C02T6CDJGTFL", "description": "The device serial number" }, "model": { "type": "string", "nullable": true, "example": "MacBook Pro", "description": "The device model" }, "macAddress": { "type": "string", "nullable": true, "example": "65-F9-3D-85-7B-6B,99-A9-3E-14-7A-3E", "description": "The device MAC address" }, "encryptionEnabled": { "type": "boolean", "nullable": true, "example": false, "description": "Denotes device actual encryption status" }, "encryptionExplanation": { "type": "object", "nullable": true, "example": "No encryption provided", "description": "Encryption explanation" }, "firewallEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual firewall status" }, "firewallExplanation": { "type": "object", "nullable": true, "example": "{}", "description": "Firewall explanation" }, "lastCheckedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time device data checked by the source" }, "sourceType": { "type": "string", "example": "AGENT", "description": "The device source type" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device updated date timestamp" }, "deletedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device deleted date timestamp" }, "appsCount": { "type": "number", "nullable": true, "example": 20, "description": "The number of applications installed" }, "complianceChecks": { "example": [], "description": "The device compliance checks list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceComplianceCheckResponsePublicDto" } }, "identifiers": { "example": [], "description": "The device identifiers list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceIdentifierResponsePublicDto" } }, "documents": { "example": [], "description": "The device documents list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceDocumentResponsePublicDto" } }, "isDeviceCompliant": { "type": "boolean", "example": false, "description": "Is device compliant" }, "screenLockTime": { "type": "number", "nullable": true, "example": 30, "description": "Denotes device actual screenLock time" }, "screenLockExplanation": { "type": "object", "nullable": true, "example": { "minutesIdleBeforeSleep": "2", "minutesSleepingBeforePasswordIsRequired": "2" }, "description": "Screen lock explanation" }, "antivirusEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual antivirus status" }, "antivirusExplanation": { "type": "object", "nullable": true, "example": "No matching app was found", "description": "Antivirus explanation" }, "autoUpdateEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual auto-update status" }, "autoUpdateExplanation": { "type": "object", "nullable": true, "example": "No compliances found", "description": "Auto update explanation" }, "passwordManagerEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual password manager status" }, "passwordManagerExplanation": { "type": "object", "nullable": true, "example": { "passwordManagerApps": [ "1password 7" ] }, "description": "Password manager explanation" }, "asset": { "example": { "id": 651, "name": "MacBook Pro - Space Black 16-inch", "description": "MacBook Pro Space Black - with 16-inch Liquid Retina XDR display", "assetType": "PHYSICAL", "assetProvider": "AGENT", "removedAt": null, "notes": null, "assetReferenceType": "WORKSTATION", "externalId": null, "externalOwnerId": null, "uniqueId": "zgf5nl7bie2qnw0z2xxx", "createdAt": "2025-01-08T21:31:55.610Z", "updatedAt": "2025-01-08T21:31:55.610Z" }, "description": "The asset associated with this device", "allOf": [ { "$ref": "#/components/schemas/AssetWithoutPersonnelResponsePublicDto" } ] }, "userId": { "type": "number", "nullable": true, "example": 1, "description": "User Id" }, "personnelId": { "type": "number", "example": 1, "description": "Personnel Id" }, "externalId": { "type": "string", "nullable": true, "maxLength": 191, "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "An externally sourced unique identifier for a device" }, "apps": { "example": [], "description": "Apps associated with the given device", "type": "array", "items": { "$ref": "#/components/schemas/DeviceAppResponsePublicDto" } } }, "required": [ "id", "osVersion", "serialNumber", "model", "macAddress", "encryptionEnabled", "encryptionExplanation", "firewallEnabled", "firewallExplanation", "lastCheckedAt", "sourceType", "createdAt", "updatedAt", "deletedAt", "appsCount", "isDeviceCompliant", "screenLockTime", "screenLockExplanation", "antivirusEnabled", "antivirusExplanation", "autoUpdateEnabled", "autoUpdateExplanation", "passwordManagerEnabled", "passwordManagerExplanation", "userId", "personnelId", "externalId" ] }, "AssetWithoutPersonnelResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Assessment ID" }, "name": { "type": "string", "example": "MacBook Pro - Space Black 16-inch", "description": "The name of the asset" }, "description": { "type": "string", "example": "MacBook Pro Space Black - with 16-inch Liquid Retina XDR display", "description": "The description of the asset" }, "assetType": { "type": "string", "example": "PHYSICAL", "description": "The asset type" }, "assetProvider": { "type": "string", "example": "AGENT", "description": "The asset source provider" }, "approvedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When the asset was approved (if applicable)" }, "removedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When the asset stopped being tracked" }, "company": { "type": "string", "example": "Acme, Inc", "description": "The owning company of the asset" }, "notes": { "type": "string", "nullable": true, "description": "The asset notes" }, "assetReferenceType": { "type": "string", "nullable": true, "example": "PERSONNEL", "description": "The asset reference type" }, "uniqueId": { "type": "string", "example": "C02T6CDJGTFL", "description": "Unique Id associated with this asset" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "asset created timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "asset update timestamp" }, "externalId": { "type": "string", "example": "i-0c844e3b433e4e3f", "description": "An externally sourced unique identifier for a virtual asset" }, "externalOwnerId": { "type": "string", "example": "account-353", "description": "Used to track the source of virtual assets, typically an account id." } }, "required": [ "id", "name", "description", "assetType", "assetProvider", "approvedAt", "company", "assetReferenceType", "uniqueId", "createdAt", "updatedAt" ] }, "DeviceResponseV11PublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Device Id" }, "osVersion": { "type": "string", "nullable": true, "example": "MacOS 10.15.6", "description": "The device operating system version" }, "serialNumber": { "type": "string", "nullable": true, "example": "C02T6CDJGTFL", "description": "The device serial number" }, "model": { "type": "string", "nullable": true, "example": "MacBook Pro", "description": "The device model" }, "macAddress": { "type": "string", "nullable": true, "example": "65-F9-3D-85-7B-6B,99-A9-3E-14-7A-3E", "description": "The device MAC address" }, "encryptionEnabled": { "type": "boolean", "nullable": true, "example": false, "description": "Denotes device actual encryption status" }, "encryptionExplanation": { "type": "object", "nullable": true, "example": "No encryption provided", "description": "Encryption explanation" }, "firewallEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual firewall status" }, "firewallExplanation": { "type": "object", "nullable": true, "example": "{}", "description": "Firewall explanation" }, "lastCheckedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Last time device data checked by the source" }, "sourceType": { "type": "string", "example": "AGENT", "description": "The device source type" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device updated date timestamp" }, "deletedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The device deleted date timestamp" }, "appsCount": { "type": "number", "nullable": true, "example": 20, "description": "The number of applications installed" }, "complianceChecks": { "example": [], "description": "The device compliance checks list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceComplianceCheckResponsePublicDto" } }, "identifiers": { "example": [], "description": "The device identifiers list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceIdentifierResponsePublicDto" } }, "documents": { "example": [], "description": "The device documents list", "type": "array", "items": { "$ref": "#/components/schemas/DeviceDocumentResponsePublicDto" } }, "isDeviceCompliant": { "type": "boolean", "example": false, "description": "Is device compliant" }, "screenLockTime": { "type": "number", "nullable": true, "example": 30, "description": "Denotes device actual screenLock time" }, "screenLockExplanation": { "type": "object", "nullable": true, "example": { "minutesIdleBeforeSleep": "2", "minutesSleepingBeforePasswordIsRequired": "2" }, "description": "Screen lock explanation" }, "antivirusEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual antivirus status" }, "antivirusExplanation": { "type": "object", "nullable": true, "example": "No matching app was found", "description": "Antivirus explanation" }, "autoUpdateEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual auto-update status" }, "autoUpdateExplanation": { "type": "object", "nullable": true, "example": "No compliances found", "description": "Auto update explanation" }, "passwordManagerEnabled": { "type": "boolean", "nullable": true, "example": true, "description": "Denotes device actual password manager status" }, "passwordManagerExplanation": { "type": "object", "nullable": true, "example": { "passwordManagerApps": [ "1password 7" ] }, "description": "Password manager explanation" }, "asset": { "example": { "id": 651, "name": "MacBook Pro - Space Black 16-inch", "description": "MacBook Pro Space Black - with 16-inch Liquid Retina XDR display", "assetType": "PHYSICAL", "assetProvider": "AGENT", "removedAt": null, "notes": null, "assetReferenceType": "WORKSTATION", "externalId": null, "externalOwnerId": null, "uniqueId": "zgf5nl7bie2qnw0z2xxx", "createdAt": "2025-01-08T21:31:55.610Z", "updatedAt": "2025-01-08T21:31:55.610Z" }, "description": "The asset associated with this device", "allOf": [ { "$ref": "#/components/schemas/AssetWithoutPersonnelResponsePublicDto" } ] }, "userId": { "type": "number", "nullable": true, "example": 1, "description": "User Id" }, "personnelId": { "type": "number", "example": 1, "description": "Personnel Id" }, "externalId": { "type": "string", "nullable": true, "maxLength": 191, "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "An externally sourced unique identifier for a device" } }, "required": [ "id", "osVersion", "serialNumber", "model", "macAddress", "encryptionEnabled", "encryptionExplanation", "firewallEnabled", "firewallExplanation", "lastCheckedAt", "sourceType", "createdAt", "updatedAt", "deletedAt", "appsCount", "isDeviceCompliant", "screenLockTime", "screenLockExplanation", "antivirusEnabled", "antivirusExplanation", "autoUpdateEnabled", "autoUpdateExplanation", "passwordManagerEnabled", "passwordManagerExplanation", "userId", "personnelId", "externalId" ] }, "DevicesPaginatedResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Get list of devices based on pagination limits", "example": [ { "externalId": "3000", "personnelId": 206, "userId": 207, "id": 3, "osVersion": "MacOS 11", "serialNumber": "q77gfdp0xg03vcu6t1fi", "model": "MacBook Pro 14-in(2021)", "macAddress": "91:2b:4a:7a:51:73", "encryptionEnabled": null, "firewallEnabled": null, "gateKeeperEnabled": null, "lastCheckedAt": "2024-11-25T22:16:23.479Z", "sourceType": "AGENT", "createdAt": "2024-11-25T22:16:23.479Z", "updatedAt": "2024-12-08T22:20:15.041Z", "deletedAt": null, "appsCount": null }, { "externalId": "4000", "personnelId": 305, "userId": 306, "id": 4, "osVersion": "MacOS 12", "serialNumber": "locldk8eyxn28eyb3ktj", "model": "MacBook Pro 16-in(2021)", "macAddress": "0f:8a:67:b2:90:ad", "encryptionEnabled": null, "firewallEnabled": null, "gateKeeperEnabled": null, "lastCheckedAt": "2024-11-25T22:16:23.705Z", "sourceType": "AGENT", "createdAt": "2024-11-25T22:16:23.705Z", "updatedAt": "2024-12-08T22:20:15.041Z", "deletedAt": null, "appsCount": null } ], "type": "array", "items": { "$ref": "#/components/schemas/DeviceResponseV11PublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "DeviceDocumentResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Device document ID" }, "type": { "type": "string", "example": "PASSWORD_MANAGER_EVIDENCE", "description": "The device document type" }, "name": { "type": "string", "example": "Password Manager Evidence", "description": "The document name" }, "fileUrl": { "type": "string", "nullable": true, "example": "http://localhost:5000/download/device-documents/1", "description": "The secure URL to the device document" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Device document created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Device document updated date timestamp" } }, "required": [ "id", "type", "name", "fileUrl", "createdAt", "updatedAt" ] }, "DeviceDocumentRequestPublicDto": { "type": "object", "properties": { "type": { "enum": [ "PASSWORD_MANAGER_EVIDENCE", "AUTO_UPDATES_EVIDENCE", "HARD_DRIVE_ENCRYPTION_EVIDENCE", "ANTIVIRUS_EVIDENCE", "LOCK_SCREEN_EVIDENCE" ], "type": "string", "example": "PASSWORD_MANAGER_EVIDENCE", "description": "The device document type" }, "file": { "type": "string", "format": "binary", "description": "Accepted file extensions: .pdf, .docx, .odt, .doc, .xlsx, .ods, .pptx, .odp, .gif, .jpg, .jpeg, .png" }, "base64File": { "type": "string", "example": { "base64String": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABg", "filename": "excellent-filename" }, "description": "JSON string with external evidence in Base64 format." } }, "required": [ "type" ] }, "DeviceDocumentsResponsePublicDto": { "type": "object", "properties": { "documents": { "description": "Full list of device documents", "type": "array", "items": { "$ref": "#/components/schemas/DeviceDocumentResponsePublicDto" } } }, "required": [ "documents" ] }, "DeviceDocumentTypeEnum": { "type": "string", "enum": [ "PASSWORD_MANAGER_EVIDENCE", "AUTO_UPDATES_EVIDENCE", "HARD_DRIVE_ENCRYPTION_EVIDENCE", "ANTIVIRUS_EVIDENCE", "LOCK_SCREEN_EVIDENCE" ] }, "SessionEvidencePaginatedResponseDto": { "type": "object", "properties": { "data": { "description": "The evidence data (array of custom data records with dynamic fields)", "additionalProperties": true, "example": [ { "id": "record-1", "name": "John Doe", "email": "john@example.com" }, { "id": "record-2", "name": "Jane Smith", "email": "jane@example.com" } ], "type": "array", "items": { "type": "object" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" }, "sessionId": { "type": "string", "example": "session-abc-123", "description": "The session ID" }, "connectionId": { "type": "number", "example": 123, "description": "The connection ID" }, "customResourceId": { "type": "number", "example": 456, "description": "The custom resource ID" } }, "required": [ "data", "page", "limit", "total", "sessionId", "connectionId", "customResourceId" ] }, "SessionsPaginatedResponseDto": { "type": "object", "properties": { "data": { "description": "List of custom data sessions", "example": [ { "id": "session-123", "connectionId": 1, "customResourceId": 1, "status": "ACTIVE" } ], "type": "array", "items": { "$ref": "#/components/schemas/SessionResponseDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "SessionResponseDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "The session ID" }, "sessionId": { "type": "string", "example": "session-abc-123", "description": "The unique session identifier" }, "connectionId": { "type": "number", "example": 123, "description": "The connection ID" }, "customResourceId": { "type": "number", "example": 456, "description": "The custom resource ID" }, "status": { "type": "string", "example": "ACTIVE", "description": "The session status (IN_PROGRESS, ACTIVE, CANCELED, ARCHIVED)" }, "createdAt": { "type": "string", "format": "date-time", "example": "2024-01-15T10:30:00.000Z", "description": "The session creation timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2024-01-15T10:35:00.000Z", "description": "The session last update timestamp" }, "activatedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2024-01-15T10:35:00.000Z", "description": "The timestamp when session was activated" }, "canceledAt": { "type": "string", "nullable": true, "format": "date-time", "example": null, "description": "The timestamp when session was canceled" }, "workspaces": { "type": "array", "items": { "type": "object", "properties": { "id": { "type": "number", "example": 1 }, "name": { "type": "string", "example": "Production Workspace" } } }, "example": [ { "id": 1, "name": "Production Workspace" }, { "id": 2, "name": "Development Workspace" } ], "description": "The workspaces (products) this connection belongs to" } }, "required": [ "id", "sessionId", "connectionId", "customResourceId", "status", "createdAt", "updatedAt" ] }, "CustomDataResponsePublicDto": { "type": "object", "properties": { "id": { "type": "string", "example": 1, "description": "Custom data internal id" } }, "required": [ "id" ] }, "UpdateCustomDataRequestPublicDto": { "type": "object", "properties": { "data": { "type": "object", "additionalProperties": true, "description": "The Custom data to be created", "example": { "type": "object", "required": [ "comment_id", "user", "text" ], "properties": { "comment_id": { "type": "number" }, "user": { "type": "object", "required": [ "id", "name", "email", "has_bought" ], "properties": { "id": { "type": "number" }, "name": { "type": "string" }, "email": { "type": "string" }, "has_bought": { "type": "boolean" } } }, "text": { "type": "string" } } }, "nullable": false } }, "required": [ "data" ] }, "CreateCustomDataRequestPublicDto": { "type": "object", "properties": { "data": { "type": "object", "description": "The Custom data to be created", "example": { "id": "some-id-here-uuid4", "name": "John", "last_name": "Wick", "age": 5, "data": { "foo": "bar" } } } }, "required": [ "data" ] }, "TicketCreateResponsePublicDto": { "type": "object", "properties": { "key": { "type": "string", "example": "SF-332", "description": "Issue key" }, "self": { "type": "string", "example": "https://api.atlassian.com/ex/jira/97b4114f-0065-4a2b-a9e0-8a37cae80ddd/rest/api/3/issue/42210", "description": "Issue self" }, "transition": { "type": "object", "nullable": true, "example": null, "description": "Issue transition" } }, "required": [ "key", "self", "transition" ] }, "TicketsCreateRequestPublicDto": { "type": "object", "properties": { "connectionId": { "type": "number", "example": 1, "description": "Connection ID" }, "projectId": { "type": "string", "example": 10000, "description": "Project ID" }, "issueTypeId": { "type": "string", "example": 10001, "description": "IssueType ID" }, "fields": { "minItems": 1, "description": "The value keys used to fill out the expected ticket management provider schema", "type": "array", "items": { "$ref": "#/components/schemas/TicketsCreateFieldRequestPublicDto" } }, "monitorInstanceId": { "type": "number", "example": 1, "description": "Monitor Instance id this task is associated to" }, "controlId": { "type": "number", "example": 1, "description": "Control Id this task is associated to" }, "getParsedRequestDto": { "type": "object" } }, "required": [ "connectionId", "projectId", "issueTypeId", "fields", "monitorInstanceId", "controlId", "getParsedRequestDto" ] }, "TicketsCreateFieldRequestPublicDto": { "type": "object", "properties": { "field": { "type": "string", "maxLength": 191, "example": "summary", "description": "Field name" }, "type": { "type": "string", "maxLength": 191, "example": "string", "description": "Type of the incoming data, used for validation" }, "value": { "type": "string", "maxLength": 191, "example": "My Ticket", "description": "Value for the incoming issue field" } }, "required": [ "field", "type", "value" ] }, "WorkspaceFrameworkReadyResponsePublicDto": { "type": "object", "properties": { "frameworks": { "description": "Frameworks associated to the workspace.", "type": "array", "items": { "$ref": "#/components/schemas/FrameworkResponsePublicDto" } } } }, "MonitorFailedResultsCsvResponsePublicDto": { "type": "object", "properties": { "Provider Name": { "nullable": true, "enum": [ "IDENTITY", "INFRASTRUCTURE", "VERSION_CONTROL", "TICKETING", "HRIS", "BACKGROUND_CHECK", "SINGLE_SIGN_ON", "ENTERPRISE_SSO", "MDM", "SECURITY_TRAINING", "OBSERVABILITY", "COMMUNICATION", "DIGITAL_SIGNATURE", "EXTERNAL_POLICY", "VULNERABILITY", "CODEBASE", "AUTOMATION_TOOLS", "SECURITY_REVIEWS", "EDR", "USER_ACCESS_REVIEW", "CSPM", "CYBER_INSURANCE", "CRM" ], "type": "string", "example": "AWS", "description": "Infrastructure provider type" }, "Client ID or Client Alias": { "type": "string", "nullable": true, "example": "{550e8400-e29b-41d4-a716-446655440000}", "description": "Account ID or Client Alias" }, "Resource Name": { "type": "string", "example": "foo / bar", "description": "Resource Name" }, "Failing message": { "type": "string", "nullable": true, "example": "Something went wrong", "description": "Failing message" }, "Org Unit ID": { "type": "string", "nullable": true, "example": "r-xxxx / ou-xxxx-yyyyyyyy", "description": "Organizational Unit ID" }, "Resource ARN": { "type": "string", "nullable": true, "example": "arn:aws:iam::259468815732:role/DrataAutopilotRole ", "description": "Resource ARN" }, "Account ID": { "type": "string", "nullable": true, "example": "259468815732", "description": "Account or Sub Account ID" }, "Account Name": { "type": "string", "nullable": true, "example": "drata-test-mgmt", "description": "Account or Sub Account Name" }, "Region": { "type": "string", "nullable": true, "example": "us-west-2", "description": "Region" }, "Associated Help Article": { "type": "string", "nullable": true, "example": "https://help.drata.com/en/articles/4778759-test-storage-data-versioned-or-retained", "description": "Associated Help Article" }, "Excluded By": { "type": "string", "nullable": true, "example": "John Doe", "description": "User that excluded the finding" }, "Exclusion Date": { "type": "string", "nullable": true, "example": "2025-07-15", "description": "Date when the finding was excluded" }, "Exclusion Reason": { "type": "string", "nullable": true, "example": "For testing purposes", "description": "Reason of why the finding was excluded" }, "Email": { "type": "string", "nullable": true, "example": "adam@drata.com", "description": "Email of the user" }, "Device Metadata": { "type": "string", "nullable": true, "example": "{\"devices\":[{\"osVersion\":\"Red hat linux\",\"serialNumber\":\"dsb0xxbl8nbx8jybeuoa\",\"model\":\"Dell vostro high performance\"}]}", "description": "Device metadata" } }, "required": [ "Resource Name" ] }, "MonitorFailedResultsResponsesPublicDto": { "type": "object", "properties": { "data": { "description": "Monitor failed results", "type": "array", "items": { "$ref": "#/components/schemas/MonitorFailedResultsResponsePublicDto" } } }, "required": [ "data" ] }, "MonitorFailedResultsResponsePublicDto": { "type": "object", "properties": { "organizationalUnitId": { "type": "string", "nullable": true, "example": "ou-1001", "description": "The organizational unit ID" }, "accountId": { "type": "string", "nullable": true, "example": "123456789012", "description": "The account ID" }, "accountName": { "type": "string", "nullable": true, "example": "test-mgmt", "description": "The account name" }, "providerName": { "example": "AWS", "description": "Infrastructure provider type", "allOf": [ { "$ref": "#/components/schemas/ProviderTypeEnum" } ] }, "clientId": { "type": "string", "example": 259468815732, "description": "Client ID" }, "clientAlias": { "type": "string", "example": "test-mgmt", "description": "Client Alias" }, "id": { "type": "string", "example": "AIDATY2ML5V2DQJUJ6TYY / us-west-2 / 259468815732", "description": "ID" }, "resourceName": { "type": "string", "example": "TestUser", "description": "Resource Name" }, "displayName": { "type": "string", "example": "TestUser / us-west-2 / 259468815732", "description": "The Monitor Test display name" }, "resourceArn": { "type": "string", "nullable": true, "example": "arn:aws:iam::259468815732:user/TestUser", "description": "Resource ARN" }, "cause": { "description": "The cause of this Monitor failure", "type": "array", "items": { "$ref": "#/components/schemas/MonitorCauseResponsePublicDto" } }, "associatedHelpArticle": { "type": "string", "nullable": true, "example": "https://help.drata.com/en/articles/4778759-test-storage-data-versioned-or-retained", "description": "Associated Help Article" }, "failingMessage": { "type": "string", "nullable": true, "description": "The underlying error text" } }, "required": [ "providerName", "clientId", "clientAlias", "id", "resourceName", "displayName", "resourceArn", "cause", "associatedHelpArticle", "failingMessage" ] }, "MonitorCauseResponsePublicDto": { "type": "object", "properties": { "fact": { "type": "string", "example": "passwordPolicy", "description": "The fact being tested" }, "path": { "type": "string", "example": "MinimumPasswordLength", "description": "The specific path to the fact" }, "value": { "type": "number", "example": 14, "description": "The target value to compare the fact to" }, "operator": { "type": "string", "example": "greaterThanOrEqual", "description": "The arithmetic operator connecting the fact and the value" }, "result": { "type": "boolean", "example": false, "description": "Failed or not" }, "factResult": { "type": "number", "example": 8, "description": "The actual value of the fact" } }, "required": [ "fact", "path", "value", "operator", "result", "factResult" ] }, "ControlTestInstanceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Control Test Instance ID" }, "name": { "type": "string", "example": "A Version Control System is being Used", "description": "Name of control test instance" }, "description": { "type": "string", "example": "Inspected Drata's version control system...", "description": "The description of the control test instance" }, "checkResultStatus": { "type": "string", "example": "PASSED", "description": "The compliance status of this control test instance" }, "lastCheck": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp since this control test has been evaluated for compliance" }, "checkStatus": { "type": "string", "example": "ENABLED", "description": "The system status of this control test instance" }, "disabledMessage": { "type": "string", "example": "Disabled since it is not applicable to the company", "description": "Description regarding why this control test instance is disabled" }, "priority": { "type": "string", "example": "NORMAL", "description": "The priority of this control test instance relative to the rest" }, "autoEnabledAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Control test instance auto enabled timestamp" }, "testId": { "type": "number", "example": "42", "description": "A unique identifier for the control test instance" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Control test instance created timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Control test instance update timestamp" }, "monitorInstances": { "example": "MonitorInstanceResponseDto[]", "description": "Monitor instances associated to this control test instance", "type": "array", "items": { "$ref": "#/components/schemas/MonitorInstanceResponsePublicDto" } }, "disablingUser": { "description": "The user who has disabled this control test instance, if any", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "controls": { "example": "ControlMonitorResponseDto[]", "description": "Controls associated to this control test instance - usually at least one", "type": "array", "items": { "$ref": "#/components/schemas/ControlMonitorResponsePublicDto" } }, "monitorInstanceExclusions": { "example": "ExclusionDto[]", "description": "Monitor instance exclusions for this control test instance", "type": "array", "items": { "$ref": "#/components/schemas/MonitorMetadataExclusionResponsePublicDto" } } }, "required": [ "id", "name", "description", "checkResultStatus", "lastCheck", "checkStatus", "disabledMessage", "priority", "autoEnabledAt", "testId", "createdAt", "updatedAt", "monitorInstances", "disablingUser", "controls", "monitorInstanceExclusions" ] }, "MonitorMetadataExclusionResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "1", "description": "The id of the exclusion" }, "targetId": { "type": "string", "example": "sg-12345", "description": "The id of the target exclusion" }, "targetName": { "type": "string", "example": "Drata Default Security Group", "description": "The name of the target exclusion" }, "exclusionReason": { "type": "string", "example": "An excluded resource", "description": "The reason for the excluded resource" }, "exclusionDesignator": { "description": "The exclusion designatore", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "connection": { "description": "The associated connection if this exclusion has one", "allOf": [ { "$ref": "#/components/schemas/ConnectionResponsePublicDto" } ] }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Exclusion created timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Exclusion update timestamp" } }, "required": [ "id", "targetId", "targetName", "exclusionReason", "exclusionDesignator", "connection", "createdAt", "updatedAt" ] }, "MonitorInstanceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Monitor instance id" }, "checkResultStatus": { "type": "string", "example": "PASSED", "description": "Denotes monitor check pass/fail/issue" }, "checkFrequency": { "type": "string", "example": "DAILY", "description": "How often should this monitor instance be running" }, "monitorInstanceCheckTypes": { "description": "The monitor instance associated check types", "type": "array", "items": { "$ref": "#/components/schemas/MonitorInstanceCheckTypeResponsePublicDto" } }, "autopilotTaskType": { "type": "string", "example": "IDENTITY_PROVIDER_MFA_ENABLED", "description": "The autopilot task type" }, "failedTestDescription": { "type": "string", "example": "This test fails when the SSL certificate cannot be verified", "description": "The description of why this monitor instance would fail" }, "evidenceCollectionDescription": { "type": "string", "example": "Curl call to the website", "description": "The description of the means to gather evidence" }, "remedyDescription": { "type": "string", "example": "Enable SSL on your company website", "description": "The description of how to remedy this monitor instance" }, "metadata": { "description": "A map of MonitorInstanceMetadataResponseDto objects mapped to their connection ids", "type": "array", "items": { "$ref": "#/components/schemas/MonitorInstanceMetadataResponsePublicDto" } }, "enabled": { "type": "boolean", "example": true, "description": "Controls whether this monitor instance is on/off" }, "url": { "type": "string", "example": "https://help.drata.com", "description": "The Help Desk URL for this monitor" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Monitor instance creation timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Monitor instance updated timestamp" } }, "required": [ "id", "checkResultStatus", "checkFrequency", "monitorInstanceCheckTypes", "autopilotTaskType", "failedTestDescription", "evidenceCollectionDescription", "remedyDescription", "metadata", "enabled", "url", "createdAt", "updatedAt" ] }, "MonitorInstanceMetadataResponsePublicDto": { "type": "object", "properties": { "checkResultStatus": { "type": "string", "example": "PASSED", "description": "Denotes monitor check pass/fail/issue" }, "type": { "type": "string", "example": "LIST", "description": "The monitor data type" }, "source": { "type": "string", "example": "AWS", "description": "The monitor data source" }, "connectionId": { "type": "number", "example": "1", "description": "The source connection id" }, "clientId": { "type": "string", "example": "drata-acme", "description": "The source connection client id" }, "clientAlias": { "type": "string", "example": "my-connection-alias", "description": "The alias of the connection." }, "clientType": { "type": "string", "example": "AWS", "description": "The source connection client type string representation" }, "pass": { "description": "A list of of passed MonitorMetadataDataResponseDto", "type": "array", "items": { "$ref": "#/components/schemas/MonitorMetadataDataResponsePublicDto" } }, "fail": { "description": "A list of of failed MonitorMetadataDataResponseDto", "type": "array", "items": { "$ref": "#/components/schemas/MonitorMetadataDataResponsePublicDto" } }, "exclusions": { "description": "A list of of MonitorMetadataExclusionsResponseDto", "type": "array", "items": { "$ref": "#/components/schemas/MonitorMetadataExclusionResponsePublicDto" } }, "message": { "type": "string", "description": "The metadata message string" }, "policyScope": { "type": "string", "description": "The Policy Scope of the monitor if required" }, "policyName": { "type": "string", "description": "The Policy Name of the monitor if required" }, "groups": { "type": "array", "items": { "type": "object", "properties": { "id": { "type": "number" }, "name": { "type": "string" } } }, "description": "The Policy group of the monitor if required" } }, "required": [ "checkResultStatus", "type", "source", "connectionId", "clientId", "clientAlias", "clientType", "pass", "fail", "exclusions", "message", "policyScope", "policyName", "groups" ] }, "MonitorMetadataDataResponsePublicDto": { "type": "object", "properties": { "id": { "type": "string", "example": "123", "description": "The metadata data id" }, "name": { "type": "string", "example": "Risk Assessment Report", "description": "The name of the data" }, "displayName": { "type": "string", "example": "The Risk Assessment Report", "description": "The display name of the data" }, "email": { "type": "string", "example": "joe@google.com", "description": "The email of the data" }, "avatarUrl": { "type": "string", "example": "https://avatar.url", "description": "The avatar of the data" }, "url": { "type": "string", "example": "https://tracking.com/issues/420" }, "groups": { "example": "[\"group1\", \"group2\"]", "type": "array", "items": { "type": "string" } } }, "required": [ "id", "name", "displayName", "email", "avatarUrl", "url" ] }, "MonitorInstanceCheckTypeResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Monitor instance chek type ID" }, "checkType": { "type": "string", "example": "AGENT", "description": "The check type" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Monitor instance check type creation timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Monitor instance check type updated timestamp" } }, "required": [ "id", "checkType", "createdAt", "updatedAt" ] }, "ControlTestsPaginatedResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/ControlTestResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "ControlTestResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Control Test Instance ID" }, "name": { "type": "string", "example": "A Version Control System is being Used", "description": "Name of control test instance" }, "description": { "type": "string", "example": "Inspected Drata's version control system...", "description": "The description of the control test instance" }, "checkResultStatus": { "type": "string", "example": "PASSED", "description": "The compliance status of this control test instance" }, "lastCheck": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Timestamp since this control test has been evaluated for complaince" }, "checkStatus": { "type": "string", "example": "ENABLED", "description": "The system status of this control test instance" }, "disabledMessage": { "type": "string", "example": "Disabled since it is not applicable to the company", "description": "Description regarding why this control test instance is disabled" }, "priority": { "type": "string", "example": "NORMAL", "description": "The priority of this control test instance relative to the rest" }, "autoEnabledAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Control test instance auto enabled timestamp" }, "testId": { "type": "number", "example": "42", "description": "A unique identifier for the control test instance" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Control test instance created timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Control test instance update timestamp" }, "monitorInstances": { "example": "MonitorInstanceResponseDto[]", "description": "Monitor instances associated to this control test instance", "type": "array", "items": { "$ref": "#/components/schemas/MonitorInstanceResponsePublicDto" } }, "disablingUser": { "description": "The user who has disabled this control test instance, if any", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "controls": { "example": "ControlMonitorResponseDto[]", "description": "Controls associated to this control test instance - usually at least one", "type": "array", "items": { "$ref": "#/components/schemas/ControlMonitorResponsePublicDto" } }, "monitorInstanceExclusions": { "example": "ExclusionDto[]", "description": "Monitor instance exclusions for this control test instance", "type": "array", "items": { "$ref": "#/components/schemas/MonitorMetadataExclusionResponsePublicDto" } }, "graph": { "type": "object", "properties": { "labels": { "type": "array", "items": { "type": "string" } }, "passed": { "type": "array", "items": { "type": "number" } }, "failed": { "type": "array", "items": { "type": "number" } }, "errored": { "type": "array", "items": { "type": "number" } } }, "additionalProperties": false, "example": "ControlTestInstanceHistoryType", "description": "Graph of control test. history" }, "eventTypes": { "type": "array", "items": { "$ref": "#/components/schemas/EventTypeEnum" }, "description": "Control event type array from all monitors" } }, "required": [ "id", "name", "description", "checkResultStatus", "lastCheck", "checkStatus", "disabledMessage", "priority", "autoEnabledAt", "testId", "createdAt", "updatedAt", "monitorInstances", "disablingUser", "controls", "monitorInstanceExclusions", "graph", "eventTypes" ] }, "EventResponsePublicDto": { "type": "object", "properties": { "id": { "type": "string", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "Event UUID" }, "type": { "type": "string", "example": "COMPANY_DATA_UPDATED", "description": "The type of event" }, "category": { "type": "string", "example": "COMPANY", "description": "The type of event" }, "source": { "type": "string", "example": "APP", "description": "The source of the event (APP or AUTOPILOT)" }, "description": { "type": "string", "example": "Wile E. Coyote updated the company info.", "description": "The description of the event" }, "metadata": { "type": "object", "properties": { "dto": { "type": "object", "additionalProperties": true, "nullable": true }, "targetEntity": { "type": "object", "additionalProperties": true, "nullable": true }, "targetEntities": { "type": "array", "items": { "type": "object", "additionalProperties": true, "nullable": true } }, "fileKey": { "type": "string", "nullable": true }, "sourceData": { "type": "object", "additionalProperties": true, "nullable": true }, "taskType": { "type": "number", "nullable": true }, "request": { "type": "object", "additionalProperties": true, "nullable": true }, "response": { "type": "object", "additionalProperties": true, "nullable": true } }, "example": "EventMetadataType", "description": "The event metadata in JSON" }, "status": { "type": "string", "nullable": true, "example": "PASSED", "description": "The result of the test if the event type is an Autopilot test, otherwise null" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Report created date timestamp" }, "user": { "nullable": true, "description": "The user that uploaded the report", "allOf": [ { "$ref": "#/components/schemas/UserResponsePublicDto" } ] }, "connection": { "type": "object", "nullable": true, "description": "The associated connection if this event has one" }, "requestDescription": { "type": "string", "nullable": true, "example": "Data was fetched from https://xyz.com/api/v1/data", "description": "The human readable explanation of the workings of the associated AP test" }, "issues": { "type": "array", "items": { "type": "object", "additionalProperties": true }, "description": "The issues associated to this event, if any" } }, "required": [ "id", "type", "category", "source", "description", "metadata", "status", "createdAt", "user", "connection", "requestDescription", "issues" ] }, "EventsResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/EventResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "EventCategoryEnum": { "type": "string", "enum": [ "AUTOPILOT", "AGENT", "POLICY", "PERSONNEL", "REPORT", "VENDOR", "ASSET", "COMPANY", "ASSESSMENT", "AUDIT", "MONITOR", "USER", "CONNECTION", "GRC", "MDM", "QUESTIONNAIRE", "DEVICE", "TRUST_PAGES", "TRUST_CENTER_PRIVATE_ACCESS", "RISK", "COMPANY_NOTIFICATION", "CUSTOM_FRAMEWORKS", "MULTIPLE_PRODUCT_SUPPORT", "PUBLIC_API_KEY", "SERVICE_PROVIDER", "TASK", "AUTOPILOT_RECIPE_SCHEDULE", "RESYNC", "EVIDENCE", "AUTOPILOT_RECIPE", "ACCESS_REVIEW", "DOCUMENT_SCANNED", "CLOUD_STORAGE", "VENDOR_PROFILE", "CODEBASE", "EXCEPTION_MANAGEMENT", "WORKFLOWS", "CUSTOM_CONNECTION", "TRUST_CENTER_REPORTS", "OUTBOUND_WEBHOOKS", "SAFEBASE_MIGRATION", "TRUST_ACCESS_REQUEST", "SAFEBASE_ONBOARDING" ] }, "EventTypeEnum": { "type": "string", "enum": [ "COMPANY_DATA_UPDATED", "COMPANY_LOGO_UPDATED", "COMPANY_KEY_PERSONNEL_UPDATED", "COMPANY_ROLES_UPDATED", "COMPANY_SECURITY_DATA_UPDATED", "COMPANY_DOCUMENT_UPLOADED", "COMPANY_DOCUMENT_DOWNLOADED", "COMPANY_DOCUMENT_DELETED", "COMPANY_HUMAN_RESOURCES_DATA_UPDATED", "EMPLOYMENT_STATUS_UPDATED", "REMINDER_EMAIL_SENT", "POLICIES_DOWNLOAD_ALL", "POLICY_DOWNLOADED", "POLICY_VERSION_UPLOADED", "POLICY_VERSION_ADDED", "POLICY_VERSION_UPDATED", "POLICY_OWNER_APPROVED", "USER_POLICY_ACCEPTED", "REPORTS_DOWNLOAD_ALL", "REPORT_DOWNLOADED", "REPORT_CREATED", "REPORT_UPDATED", "REPORT_DELETED", "VENDORS_DOWNLOAD_ALL", "VENDOR_CREATED", "VENDOR_UPDATED", "VENDOR_DELETED", "VENDOR_DOCUMENT_UPLOADED", "VENDOR_DOCUMENT_DELETED", "VENDOR_DOCUMENT_DOWNLOADED", "AUTOPILOT_FREQUENCY_UPDATED", "TERMS_AGREED", "AUTOPILOT_USER_CREATED", "AUTOPILOT_USER_UPDATED", "AUTOPILOT_PERSONNEL_SEPARATED", "AUTOPILOT_COMPLIANCE_CHECK_UPDATED", "AGENT_USER_DATA_UPDATED", "USER_DOCUMENT_UPLOADED", "USER_DOCUMENT_DELETED", "USER_DOCUMENT_DOWNLOADED", "BACKGROUND_CHECK_STARTED", "PROVIDER_CONNECTION_CREATED", "PROVIDER_CONNECTION_REMOVED", "USER_IDENTITY_VERSION_CONTROL_LINK_UPDATED", "USER_IDENTITY_VERSION_CONTROL_TOGGLE_UPDATED", "USER_IDENTITY_VERSION_CONTROL_SERVICE_ACCOUNT_UPDATED", "USER_IDENTITY_PERSONNEL_SYNCED", "USER_IDENTITY_VERSION_CONTROL_SYNCED", "USER_IDENTITY_VERSION_CONTROL_USER_UPDATED", "USER_IDENTITY_VERSION_CONTROL_USER_CREATED", "USER_IDENTITY_VERSION_CONTROL_USER_DISCONNECTED", "AP_IDENTITY_PROVIDER_MFA_ENABLED", "AP_IDENTITY_PROVIDER_UNKNOWN_EMAIL", "AP_INTERNAL_POLICY_INCIDENT_RESPONSE", "AP_INTERNAL_POLICY_INCIDENT_RESPONSE_FOLLOW_UPS", "AP_INTERNAL_POLICY_INCIDENT_RESPONSE_LESSONS_LEARNED", "AP_INTERNAL_POLICY_INCIDENT_RESPONSE_TEAM", "AP_INTERNAL_POLICY_DATA_CLASSIFICATION", "AP_INTERNAL_POLICY_SDLC", "AP_INTERNAL_POLICY_ACCEPTABLE_USE", "AP_INTERNAL_POLICY_ACCESS_CONTROL", "AP_INTERNAL_POLICY_INFORMATION_SECURITY", "AP_INTERNAL_POLICY_CODE_OF_CONDUCT", "AP_INTERNAL_POLICY_DATA_PROTECTION", "AP_INTERNAL_POLICY_PASSWORD", "AP_INTERNAL_POLICY_BACKUPS", "AP_INTERNAL_POLICY_PHYSICAL_SECURITY", "AP_INTERNAL_POLICY_RISK_ASSESSMENT", "AP_INTERNAL_POLICY_DISASTER_RECOVERY", "AP_INTERNAL_POLICY_ENCRYPTION", "AP_INTERNAL_POLICY_SYSTEM_ACCESS_CONTROL", "AP_INTERNAL_POLICY_RESPONSIBLE_DISCLOSURE", "AP_INTERNAL_POLICY_EMPLOYEE_CONFIDENTIALITY", "AP_INTERNAL_POLICY_EMPLOYEE_ACCESS_TO_CUSTOMER_DATA", "AP_INTERNAL_POLICY_RISK_REMEDIATION", "AP_INTERNAL_POLICY_VULNERABILITY_MANAGEMENT", "AP_INTERNAL_DOCUMENT_ORGANIZATIONAL_CHART", "AP_COMPANY_POLICIES_APPROVED", "AP_COMPANY_POLICIES_CREATED", "AP_COMPANY_BOD_UNIQUE", "AP_INTERNAL_REPORT_RISK_ASSESSMENT", "AP_INTERNAL_REPORT_RISK_REMEDIATION", "AP_INTERNAL_REPORT_VULNERABILITY", "AP_INTERNAL_REPORT_PENETRATION", "AP_INTERNAL_REPORT_DISASTER_RECOVERY", "AP_INTERNAL_REPORT_BACKUP_AND_COMPLETENESS", "AP_INTERNAL_REPORT_ARCHITECTURAL_DIAGRAM", "AP_INTERNAL_REPORT_NETWORK_DIAGRAM", "AP_INTERNAL_URL_SUPPORT", "AP_INTERNAL_URL_PRIVACY_POLICY", "AP_INTERNAL_URL_TERMS_OF_SERVICE", "AP_EMPLOYEES_POLICIES_APPROVED", "AP_EMPLOYEES_ACCEPTABLE_USE_POLICY", "AP_EMPLOYEES_CODE_OF_CONDUCT_POLICY", "AP_EMPLOYEES_DATA_PROTECTION_POLICY", "AP_AGENT_PASSWORD_MANAGER", "AP_AGENT_ANTI_VIRUS_APPLICATION", "AP_AGENT_AUTO_UPDATES_ENABLED", "AP_CONTRACTORS_CODE_OF_CONDUCT_POLICY", "AP_CONTRACTORS_ACCEPTABLE_USE_POLICY", "AP_COMPANY_INFRASTRUCTURE_MFA_ENABLED", "AP_COMPANY_INFRASTRUCTURE_SSL_ENABLED", "AP_COMPANY_WEBSITE_SSL_ENFORCED", "AP_COMPANY_WEBSITE_SSL_CERT_NOT_EXPIRED", "AP_COMPANY_WEBSITE_SSL_CERT_STRONG_CIPHERS", "AP_COMPANY_WEBSITE_SSL_HAS_KNOWN_ISSUES", "AP_COMPANY_PRIORITIZE_SECURITY_ISSUES", "AP_VERSION_CONTROL_ENABLED", "AP_VERSION_CONTROL_MFA_ENABLED", "AP_VERSION_CONTROL_CODE_REVIEW_PROCESS", "AP_INFRASTRUCTURE_AUTHORIZATION_DETAILS", "AP_INFRASTRUCTURE_PUBLIC_SSH_DENIED", "AP_INFRASTRUCTURE_DATA_ENCRYPTED", "AP_INFRASTRUCTURE_DATA_MULTI_AZ", "AP_INFRASTRUCTURE_STORAGE_ENCRYPTED", "AP_INFRASTRUCTURE_DATA_MONITOR_CPU", "AP_INFRASTRUCTURE_DATA_MONITOR_READ_IO", "AP_INFRASTRUCTURE_DATA_MONITOR_WRITE_IO", "AP_INFRASTRUCTURE_DATA_MONITOR_FREE_STORAGE", "AP_INFRASTRUCTURE_INSTANCE_MONITOR_CPU", "AP_INFRASTRUCTURE_DISALLOWS_TRAFFIC", "AP_INFRASTRUCTURE_HAS_WAF", "AP_INFRASTRUCTURE_HAS_BALANCERS", "AP_INFRASTRUCTURE_QUEUE_MONITOR_MESSAGE_AGE", "AP_INFRASTRUCTURE_CLOUD_DATA_FREE_STORAGE", "AP_INFRASTRUCTURE_CREDENTIAL_REPORT", "USER_IDENTITY_INFRASTRUCTURE_LINK_UPDATED", "USER_IDENTITY_INFRASTRUCTURE_TOGGLE_UPDATED", "USER_IDENTITY_INFRASTRUCTURE_SERVICE_ACCOUNT_UPDATED", "USER_IDENTITY_INFRASTRUCTURE_SYNCED", "USER_IDENTITY_INFRASTRUCTURE_USER_UPDATED", "USER_IDENTITY_INFRASTRUCTURE_USER_CREATED", "USER_IDENTITY_INFRASTRUCTURE_USER_DISCONNECTED", "AGENT_UNREGISTERED", "ASSETS_DOWNLOAD_ALL", "BACKGROUND_CHECK_MANUAL", "BACKGROUND_CHECK_DELETED", "AP_INFRASTRUCTURE_STORAGE_RESTRICTED", "AP_INFRASTRUCTURE_STORAGE_VERSIONING", "AP_INFRASTRUCTURE_DATA_BACKUPS", "AP_INTERNAL_INFRASTRUCTURE_IDENTITIES_REMOVED", "AP_INTERNAL_INFRASTRUCTURE_IDENTITIES_UNIQUE", "AP_INFRASTRUCTURE_STORAGE_WAF", "AP_INTERNAL_VERSION_CONTROL_IDENTITIES_UNIQUE", "AP_INTERNAL_VERSION_CONTROL_IDENTITIES_REMOVED", "AP_INTERNAL_INFRASTRUCTURE_LINKED", "AP_INTERNAL_VERSION_CONTROL_IDENTITIES_ONLY_AUTHORIZED_ACCESS", "AP_INTERNAL_POLICY_PASSWORD_MANAGER_REQUIRED", "AP_INTERNAL_POLICY_SECURITY_AWARENESS", "AP_INTERNAL_POLICY_SECURITY_ENCRYPTION", "AP_INTERNAL_URL_EXTERNAL_JOBS", "AP_EMPLOYEES_SECURITY_COMPLIANCE", "AP_EMPLOYEES_BACKGROUND_CHECK_COMPLIANCE", "AP_EMPLOYEES_LOCK_SCREEN_COMPLIANCE", "AP_EMPLOYEES_HARD_DRIVE_ENCRYPTED_COMPLIANCE", "AP_VERSION_CONTROL_WRITE_ACCESS_TO_REPOSITORY", "AP_VERSION_CONTROL_WRITE_ACCESS_TO_PRODUCTION_CODE", "AP_CONTRACTORS_BACKGROUND_CHECK_COMPLIANCE", "AP_COMPANY_SECURITY_COMMITTEE", "AP_INTERNAL_DOCUMENT_PERFORMANCE_EVALUATION", "AP_INTERNAL_DOCUMENT_EMPLOYEE_AGREEMENT", "AP_INTERNAL_DOCUMENT_ENGINEERING_JOB_DESCRIPTION", "AP_INTERNAL_DOCUMENT_MSA", "AP_INTERNAL_POLICY_DATA_RETENTION", "AP_INTERNAL_POLICY_CUSTOMER_DATA_RETENTION", "AP_INTERNAL_POLICY_CLEAN_DESK", "AP_INTERNAL_POLICY_SENSITIVE_DATA_DISPOSAL", "COMPANY_SECURITY_REPORT_SETTING_UPDATED", "COMPANY_SECURITY_REPORT_SHAREABLE_UPDATED", "COMPANY_SECURITY_REPORT_SHARE_TOKEN_UPDATED", "MONITOR_EXCLUSION_CREATED", "MONITOR_EXCLUSION_UPDATED", "MONITOR_EXCLUSION_DELETED", "AP_INFRASTRUCTURE_ROOT_ACCOUNT_UNUSED", "POLICY_ADDED", "POLICY_VERSION_DELETED", "COMPANY_ARCHIVED_DOWNLOADED", "PROVIDER_CONNECTION_UPDATED", "ARCHIVE_CONTROL", "UNARCHIVE_CONTROL", "EXTERNAL_EVIDENCE_DELETED", "REPORT_ASSOCIATED_TO_CONTROL", "REPORT_UNASSOCIATED_TO_CONTROL", "UPLOAD_EXTERNAL_EVIDENCE", "POLICY_ASSOCIATED_TO_CONTROL", "POLICY_UNASSOCIATED_TO_CONTROL", "REQUIREMENT_ASSOCIATED_TO_CONTROL", "REQUIREMENT_UNASSOCIATED_TO_CONTROL", "BACKGROUND_CHECK_COMPLETED", "MDM_USER_DATA_UPDATED", "CREATE_CONTROL", "MANUAL_ASSET_CREATED", "MANUAL_ASSET_UPDATED", "MANUAL_ASSET_DELETED", "ASSET_NOTES_UPDATED", "COMPANY_WORKSTATION_CONFIGURATION_UPDATED", "COMPANY_LINKS_DOWNLOADED", "COMPANY_PACKAGE_DOWNLOADED", "CONNECTIONS_AUDIT_PACKAGE_DOWNLOADED", "HUMAN_RESOURCES_AUDIT_PACKAGE_DOWNLOADED", "INFRASTRUCTURE_ACCESS_AUDIT_PACKAGE_DOWNLOADED", "VERSION_CONTROL_AUDIT_PACKAGE_DOWNLOADED", "EDIT_CONTROL_INFO", "FORCE_SYNC_ON_A_PERSON", "FORCE_SYNC_ON_ALL", "CONTROL_OWNER_ADDED", "CONTROL_OWNER_DELETED", "POLICY_REVERT_TO_LATEST_TEMPLATE", "POLICY_REVERT_TO_LATEST_VERSION", "CONTROL_EVIDENCE_PACKAGE_GENERATED", "AUDITOR_TOGGLE_READ_ONLY", "FRAMEWORK_AUDIT_DETAILS_EDITED", "VENDOR_MANUAL_UPLOAD", "QUESTIONNAIRE_ARCHIVE_DOWNLOADED", "VENDOR_QUESTIONNAIRE_RESPONSE_SAVED", "VENDOR_QUESTIONNAIRE_EMAIL_SENT", "GROUPS_IDENTITY_CREATED", "GROUPS_IDENTITY_DELETED", "GROUPS_PERSONNEL_IDENTITY_ADDED", "GROUPS_PERSONNEL_IDENTITY_REMOVED", "GROUPS_IDENTITY_UPDATED", "BACKGROUND_LINKED_TO_PERSONNEL", "BACKGROUND_UNLINKED_FROM_PERSONNEL", "SECURITY_AWARENESS_TRAINING_RESET", "POLICY_ASSIGNED_ALL", "POLICY_ASSIGNED_NONE", "POLICY_ASSIGNED_GROUPS", "GROUPS_PERSONNEL_DELETED", "GROUPS_PERSONNEL_ADDED", "GROUPS_DELETED", "POLICY_BECAME_ORPHAN", "AP_CONTRACTORS_POLICIES_APPROVED", "AP_CONTRACTORS_DATA_PROTECTION_POLICY", "COMPANY_HIPAA_TRAINING_DATA_UPDATED", "CONTROL_NOTE_ADDED", "CONTROL_NOTE_DELETED", "CONTROL_NOTE_EDITED", "AUDITOR_ADDED", "AUDITOR_REMOVED", "AUDITOR_HAS_ENTERED_TO_TENANT_DETAILS", "AUDITOR_DOES_A_READ_ONLY", "ACCOUNT_INFORMATION_PACKAGE_CREATION", "HIPAA_TRAINING_RESET", "SECURITY_AWARENESS_TRAINING_UPDATED", "AP_SECURITY_AWARENESS_TRAINING", "DEVICE_UNLINKED", "DEVICE_LINKED", "DEVICE_DOCUMENT_DELETED", "DEVICE_SWITCHED", "DEVICE_DOCUMENT_DOWNLOADED", "TRUST_PAGES_SAVED", "EXTERNAL_EVIDENCE_URL_EDITED", "REQUIREMENT_OUT_OF_SCOPE", "REQUIREMENT_IN_SCOPE", "CONTROLS_ASSOCIATED", "CONTROLS_UNASSOCIATED", "EXTERNAL_EVIDENCE_EDITED", "APPROVED_REQUEST", "DENIED_REQUEST", "NEW_REQUEST", "AUTO_APPROVE_REQUEST", "AP_INFRASTRUCTURE_ASSETS_SYNCED", "POLICY_ARCHIVED", "POLICY_REPLACED", "POLICY_RESTORE_ARCHIVED", "POLICY_RESTORE_REPLACED", "POLICY_RESTART_FROM_LATEST_TEMPLATE", "POLICY_RESTART_FROM_DRAFT", "AP_LOGS_ARE_CENTRALLY_STORED", "AP_LOGS_ARE_RETAINED_FOR_365_DAYS", "USER_IDENTITY_OBSERVABILITY_USER_CREATED", "USER_IDENTITY_OBSERVABILITY_USER_UPDATED", "USER_IDENTITY_OBSERVABILITY_SYNCED", "USER_IDENTITY_OBSERVABILITY_USER_DISCONNECTED", "USER_IDENTITY_OBSERVABILITY_LINK_UPDATED", "USER_IDENTITY_OBSERVABILITY_SERVICE_ACCOUNT_UPDATED", "OBSERVABILITY_ACCESS_AUDIT_PACKAGE_DOWNLOADED", "CONTROL_TEST_DELETED", "CONTROL_TEST_ADDED", "RISK_ADDED", "RISK_EDITED", "RISK_ASSESSMENT_REPORT_GENERATED", "RISK_TREATMENT_REPORT_GENERATED", "RISK_CATEGORY_CREATED", "RISK_CATEGORY_REMOVED", "RISK_OWNERS_ASSIGNED", "RISK_SET_APPLICABLE", "RISK_SET_NOT_APPLICABLE", "RISK_TREATMENT_SET", "RISK_SCORED", "RISK_ALL_REGISTERED_SCORED", "RISK_ALL_REGISTERED_TREATED", "COMPANY_NOTIFICATION_CREATED", "COMPANY_NOTIFICATION_DELETED", "COMPANY_NOTIFICATION_EDITED", "COMPANY_NOTIFICATION_DISABLED", "COMPANY_NOTIFICATION_ENABLED", "USER_IDENTITY_OBSERVABILITY_TOGGLE_UPDATED", "AP_CAPACITY_AND_USAGE_MONITORING", "AP_ONLY_AUTHORIZED_USERS_CAN_ACCESS_LOG_SINKS", "AP_LOGS_MONITORED_FOR_SUSPICIOUS_ACTIVITY", "CUSTOM_FRAMEWORK_CREATED", "CUSTOM_FRAMEWORK_DELETED", "CUSTOM_REQUIREMENTS_CREATED", "CUSTOM_REQUIREMENTS_DELETED", "BACKGROUND_CHECK_CANCELED", "TICKET_CREATED_CONTROL", "TICKET_CREATED_MONITOR_INSTANCE", "PRE_APPROVED_DOMAIN_REMOVED", "PRE_APPROVED_DOMAIN_ADDED", "TICKET_CREATED_RISK", "PERSONNEL_BG_CHECKS_REVOKED", "WORKSPACE_CREATED", "WORKSPACE_EDITED", "DRATA_SUPPORT_ACCESS_GRANTED", "DRATA_SUPPORT_ACCESS_REMOVED", "PUBLIC_API_KEY_CREATED", "PUBLIC_API_KEY_UPDATED", "PUBLIC_API_KEY_REVOKED", "VULNERABILITY_FINDINGS_SYNCED", "VULNERABILITY_FINDING_CREATED", "VULNERABILITY_FINDING_UPDATED", "VULNERABILITY_AUDIT_PACKAGE_DOWNLOAD", "POLICY_TEMPLATE_DOWNLOADED", "EXTERNAL_DOCUMENT_LINKED_TO_POLICY", "PUBLIC_API_KEY_ALLOW_LIST_IP_ADDRESSES_EDITED", "TICKET_UNLINKED_CONTROL", "TICKET_UNLINKED_MONITOR_INSTANCE", "TICKET_UNLINKED_RISK", "AP_FORMER_PERSONNEL_OFFBOARDED", "PERSONNEL_OFFBOARDING_TICKET_LINKED", "PERSONNEL_OFFBOARDING_TICKET_UNLINKED", "AUTOMATED_OFFBOARDING_TOGGLE", "AUTOMATED_OFFBOARDING_CONFIGURED", "AUTOMATED_OFFBOARDING_FAILED", "DEVICE_DOCUMENT_UPLOADED", "DEVICE_DELETED", "CUSTOM_REQUIREMENTS_UPDATED", "DEVICE_FAILED", "VENDOR_SECURITY_QUESTIONNAIRE_CREATED", "VENDOR_SECURITY_QUESTIONNAIRE_UPDATED", "VENDOR_SECURITY_QUESTIONNAIRE_DELETED", "RISK_DASHBOARD_DOWNLOADED", "NDA_UPLOADED", "NDA_DELETED", "RISK_NOTE_ADDED", "RISK_NOTE_UPDATED", "RISK_NOTE_DELETED", "ASSET_OWNER_UPDATED", "CONTROL_TEST_INSTANCE_NOTE_ADDED", "CONTROL_TEST_INSTANCE_NOTE_DELETED", "CONTROL_TEST_INSTANCE_NOTE_EDITED", "SERVICE_PROVIDER_DELETED", "SERVICE_PROVIDER_ADDED", "REVOKE_REQUEST", "WIZARD_STEP_SAVED", "NON_DISCLOSURE", "TASK_CREATED", "TASK_DELETED", "TASK_COMPLETED", "TASK_UNCOMPLETED", "TASK_UPDATED", "RISK_ASSESSMENT_OWNER_ASSIGNED", "RISK_ASSESSMENT_DUE_DATE_SET", "PERSONNEL_EXCLUSION_CREATED", "PERSONNEL_EXCLUSION_UPDATED", "PERSONNEL_EXCLUSION_ARCHIVED", "RISKS_DELETED", "RESYNC_DATA", "AUTOPILOT_SCHEDULE_CREATED", "AUTOPILOT_SCHEDULE_UPDATED", "AUTOPILOT_SCHEDULE_DELETED", "VULNERABILITY_DOWNLOAD_ALL", "AUTOPILOT_PERSONNEL_EXCLUSION_ARCHIVED", "PRE_APPROVED_EMAIL_REMOVED", "PRE_APPROVED_EMAIL_ADDED", "EVIDENCE_DELETED", "EVIDENCE_CREATED", "EVIDENCE_DOWNLOADED", "EVIDENCE_UPDATED", "EVIDENCE_ASSOCIATED_TO_CONTROL", "EVIDENCE_UNASSOCIATED_TO_CONTROL", "AUDITOR_ADDED_TO_AUDIT", "AUDITOR_REMOVED_FROM_AUDIT", "TRUST_CONTENT_SAVED", "EVIDENCE_DOWNLOAD_ALL", "AUDITHUB_REQUEST_MESSAGE_DELETED", "AUTOPILOT_SCHEDULE_REVERTED", "AUTOPILOT_RECIPE_CUSTOMIZED", "AUTOPILOT_RECIPE_REVERTED", "USER_ROLE_CREATED", "USER_ROLE_DELETED", "RESENT_EVIDENCE_SAMPLE_DOWNLOAD_EMAIL", "RESENT_EVIDENCE_SAMPLE_DOWNLOAD_EMAIL_MULTIPLE_WORKSPACE", "TICKET_CREATED_APPLICATION_USERS", "CUSTOMER_REQUEST_DETAILS_EDITED", "FILE_UPLOAD_REJECTED", "FILE_UPLOAD_UNSUPPORTED", "ACCESS_REVIEW_PERIOD_CREATED", "ACCESS_REVIEW_PERIOD_IN_PROGRESS", "ACCESS_REVIEW_PERIOD_COMPLETED", "ACCESS_REVIEW_APPLICATION_REVIEWER_UPDATED", "ACCESS_REVIEW_APPLICATION_REVIEWER_NOTIFIED", "PERSONNEL_REVIEW_STATUS_CHANGED", "ACCESS_REVIEW_TICKET_LINKED_TO_PERSONNEL", "ACCESS_REVIEW_MANUAL_EVIDENCE_UPLOADED", "ACCESS_REVIEW_APPLICATION_COMPLETED", "CONTROL_APPROVAL_ADDED", "CONTROL_APPROVAL_EDITED", "CONTROL_APPROVAL_REVIEW_ADDED", "CONTROL_APPROVAL_REVIEW_REMOVED", "CONTROL_APPROVAL_SENT_TO_APPROVERS", "CONTROL_APPROVAL_APPROVE", "CONTROL_APPROVAL_REQUEST_CHANGES", "CONTROL_APPROVAL_REMOVED", "CONTROL_APPROVAL_STATUS_CHANGED", "VENDOR_RISK_REPORT_GENERATED", "DEVICE_ASSIGNATION_AGENT", "DEVICE_ASSIGNATION_AGENT_DELETED", "GENERAL_TASK_CREATED", "GENERAL_TASK_DELETED", "GENERAL_TASK_COMPLETED", "GENERAL_TASK_UNCOMPLETED", "GENERAL_TASK_UPDATED", "CONTROL_TASK_CREATED", "CONTROL_TASK_DELETED", "CONTROL_TASK_COMPLETED", "CONTROL_TASK_UNCOMPLETED", "CONTROL_TASK_UPDATED", "RISK_TASK_CREATED", "RISK_TASK_DELETED", "RISK_TASK_COMPLETED", "RISK_TASK_UNCOMPLETED", "RISK_TASK_UPDATED", "CLOUD_FILE_USER_DISCONNECTED", "CLOUD_FILE_USER_CONNECTED", "DRATA_TO_DRATA_ENABLED", "DRATA_TO_DRATA_DISABLED", "AUTOPILOT_BACKGROUND_CHECK_LINKED_TO_PERSONNEL", "REQUIREMENT_INFO_EDITED", "FRAMEWORK_BASELINE_UPDATED", "COMPANY_NIST_AI_TRAINING_DATA_UPDATED", "NIST_AI_TRAINING_RESET", "CONTROL_APPROVAL_APPROVE_WITHOUT_DATELINE", "AP_INFRASTRUCTURE_FAILED_BACKUPS_ADDRESSED_IN_TIMELY_MANNER", "AP_AUTO_SCALE_SERVER_INSTANCES", "AP_INFRASTRUCTURE_CLOUD_DATA_MONITOR_CPU_LOAD", "AP_INFRASTRUCTURE_FAILED_BACKUP_ALERTS", "AP_INFRASTRUCTURE_CLOUDTRAIL_LOG_FILE_INTEGRITY", "POLICY_DETAILS_UPDATED", "RISK_SETTINGS_UPDATED", "AP_INFRASTRUCTURE_DAILY_BACKUP_JOB_STATUS_MONITORED", "AP_INFRASTRUCTURE_SQL_FREEABLE_MEMORY_MONITORED", "AP_CUSTOM_TEST", "AP_DRAFT_TEST", "USER_ROLE_RESTRICTED", "USER_ROLE_UNRESTRICTED", "CONTROL_APPROVAL_SCHEDULED", "CONTROL_APPROVAL_SCHEDULED_FAILED", "CONTROL_TEMPLATE_APPLIED", "CONTROL_INFORMATION_LINKED_ACROSS_OTHER_WORKSPACES", "CONTROL_INFORMATION_UNLINKED_FROM_OTHER_WORKSPACES", "FORCE_SYNC_ON_SOME", "USER_IDENTITY_ACCESS_REVIEW_LINK_UPDATED", "FRAMEWORK_SAQ_UPDATED", "SPECIAL_FORMER_PERSONNEL_ADDED", "AP_ENCRYPTION_IN_TRANSIT", "AP_EXCESSIVE_PRIVILEGES_ASSIGNED", "AP_EXTERNAL_EXPOSURE_OF_CLOUD_RESOURCES", "CONTROL_TEST_INSTANCE_DRAFT_TEST_CREATED", "CONTROL_TEST_INSTANCE_CUSTOM_TEST_EDITED", "CONTROL_TEST_INSTANCE_DRAFT_TEST_DELETED", "CONTROL_TEST_INSTANCE_DRAFT_TEST_PUBLISHED", "CONTROL_TEST_INSTANCE_DRAFT_TEST_LOGIC_EDITED", "HIPAA_TRAINING_UPDATED", "NIST_AI_TRAINING_UPDATED", "CONTROL_TEST_INSTANCE_PUBLISH_TEST_DELETED", "CODE_REPOSITORY_ADDED", "CODE_REPOSITORY_REMOVED", "CODE_REPOSITORY_SETTINGS_UPDATED", "AUTO_RESET_SETTING_UPDATED", "VENDOR_QUESTIONNAIRE_ANSWER_SAVED", "CUSTOM_FIELD_CREATED", "CUSTOM_FIELD_DELETED", "CUSTOM_FIELD_UPDATED", "CUSTOM_FIELD_PLACED", "CUSTOM_FIELD_UNPLACED", "CUSTOM_FIELD_SECTION_UPDATED", "CUSTOM_FORMULA_CALCULATED", "CUSTOM_FORMULA_CREATED", "CUSTOM_FORMULA_DELETED", "CUSTOM_FORMULA_UPDATED", "AP_INFRASTRUCTURE_IAM_PASSWORD_MINIMUM_LENGTH", "AP_INFRASTRUCTURE_BUCKET_ACCESS_LOGGING", "AP_INFRASTRUCTURE_RDS_MINIMUM_VERSION_UPGRADE", "AP_INFRASTRUCTURE_CMK_ROTATION", "AP_INFRASTRUCTURE_IAM_PASSWORD_REUSE", "VULNERABILITY_SLA_SETTING_CREATED", "VULNERABILITY_SLA_SETTING_UPDATED", "AP_VULNERABILITY_CRITICAL_ADDRESSED", "AP_VULNERABILITY_HIGH_ADDRESSED", "FINDING_EXCLUDED", "FINDING_INCLUDED", "PROVIDER_CONNECTION_ERROR", "RISKS_DOWNLOADED", "RISKS_FILTERED_VIEW_DOWNLOADED", "AP_INFRASTRUCTURE_IAM_ACCESS_KEY_ROTATION", "AP_INFRASTRUCTURE_MFA_FOR_ROOT_ACCOUNT", "AP_INFRASTRUCTURE_EBS_VOLUME_ENCRYPTION", "AP_INFRASTRUCTURE_HARDWARE_MFA_FOR_ROOT_ACCOUNT", "AP_INFRASTRUCTURE_VPC_FLOW_LOGGING", "AP_INFRASTRUCTURE_S3_HTTP_REQUEST_DENIED", "AP_INFRASTRUCTURE_IAM_GROUP_BASED_ACCESS_CONTROL", "AP_INFRASTRUCTURE_IAM_UNUSED_CREDENTIALS", "AP_INFRASTRUCTURE_CLOUD_TRAIL_LOGS_ENCRYPTED", "AP_INFRASTRUCTURE_IAM_PRINCIPLE_OF_LEAST_PRIVILEGE", "AP_INFRASTRUCTURE_SECURITY_GROUPS_RESTRICT_PUBLIC_RDP_ACCESS", "AP_INFRASTRUCTURE_S3_OBJECT_LEVEL_LOGGING_FOR_RW_EVENTS", "AP_INFRASTRUCTURE_EFS_ENCRYPTED_AT_REST", "AP_INFRASTRUCTURE_RDS_PUBLIC_ACCESS_RESTRICTED", "AP_INFRASTRUCTURE_VPC_DEFAULT_SECURITY_GROUPS_RESTRICT_ALL_TRAFFIC", "AP_INFRASTRUCTURE_ACLS_PUBLIC_REMOTE_ADMIN_ACCESS_RESTRICTED", "CUSTOMER_REQUEST_DETAILS_EDITED_MULTIPLE_WORKSPACES", "FRAMEWORK_AUDIT_DETAILS_EDITED_MULTIPLE_WORKSPACES", "AP_VULNERABILITY_CRITICAL_ADDRESSED_SNYK", "AP_VULNERABILITY_HIGH_ADDRESSED_SNYK", "AP_VULNERABILITY_CRITICAL_ADDRESSED_TENABLE_VULNERABILITY_MANAGEMENT", "AP_VULNERABILITY_HIGH_ADDRESSED_TENABLE_VULNERABILITY_MANAGEMENT", "AP_VULNERABILITY_CRITICAL_ADDRESSED_QUALYS", "AP_VULNERABILITY_HIGH_ADDRESSED_QUALYS", "AP_VULNERABILITY_CRITICAL_ADDRESSED_SEMGREP", "AP_VULNERABILITY_HIGH_ADDRESSED_SEMGREP", "AP_VULNERABILITY_CRITICAL_ADDRESSED_SENTINEL_ONE_VMS", "AP_VULNERABILITY_HIGH_ADDRESSED_SENTINEL_ONE_VMS", "AP_VULNERABILITY_CRITICAL_ADDRESSED_CROWDSTRIKE_FALCON_EXPOSURE_MANAGEMENT", "AP_VULNERABILITY_HIGH_ADDRESSED_CROWDSTRIKE_FALCON_EXPOSURE_MANAGEMENT", "AP_VULNERABILITY_CRITICAL_ADDRESSED_MS_DEFENDER", "AP_VULNERABILITY_HIGH_ADDRESSED_MS_DEFENDER", "EVIDENCE_BULK_DELETED", "CONTROL_EVIDENCE_DOWNLOADED", "AP_VULNERABILITY_CRITICAL_ADDRESSED_RAPID7_VMS", "AP_VULNERABILITY_HIGH_ADDRESSED_RAPID7_VMS", "AP_VULNERABILITY_CRITICAL_ADDRESSED_SENTINELONE_SINGULARITY_VULNERABILITY_MANAGEMENT", "AP_VULNERABILITY_HIGH_ADDRESSED_SENTINELONE_SINGULARITY_VULNERABILITY_MANAGEMENT", "AP_VULNERABILITY_CRITICAL_ADDRESSED_MS_DEFENDER_VMS", "AP_VULNERABILITY_HIGH_ADDRESSED_MS_DEFENDER_VMS", "AP_INFRASTRUCTURE_CLASSIC_LOAD_BALANCER_LATENCY_MONITORED", "AP_INFRASTRUCTURE_CLASSIC_LOAD_BALANCER_SERVER_ERRORS_MONITORED", "AP_INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_UNHEALTHY_HOSTS_MONITORED", "AP_INFRASTRUCTURE_CLASSIC_LOAD_BALANCER_UNHEALTHY_HOSTS_MONITORED", "AP_INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_SERVER_ERRORS_MONITORED", "AP_INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_TARGET_RESPONSE_TIME_MONITORED", "AP_INFRASTRUCTURE_APPLICATION_LOAD_BALANCER_REDIRECTS_HTTP_TO_HTTPS", "AP_INFRASTRUCTURE_LAMBDA_ERROR_RATE_MONITORED", "AP_INFRASTRUCTURE_EC2_INSTANCES_IMDSV1_DISABLED", "AP_INFRASTRUCTURE_SECURITY_GROUPS_HTTP_ACCESS_RESTRICTED", "AP_INFRASTRUCTURE_DATABASE_WRITES_IO_MONITORED", "AP_INFRASTRUCTURE_DYNAMODB_POINT_IN_TIME_ENABLED", "CAC_CODE_REVIEW_REQUESTED", "EXCEPTION_WORKFLOW_CREATED", "EXCEPTION_WORKFLOW_DELETED", "EXCEPTION_WORKFLOW_UPDATED", "EXCEPTION_REQUEST_CREATED", "RISK_SET_ACTIVE", "RISK_ARCHIVED", "RISK_ADDED_FROM_LIBRARY", "NOTIFICATION_WORKFLOW_CREATED", "WORKFLOW_PUBLISHED", "WORKFLOW_UNPUBLISHED", "WORKFLOW_DELETED", "WORKFLOW_ARCHIVED", "WORKFLOW_RESTORED", "WORKFLOW_DRAFT_SAVED", "RISK_CLOSED", "ENTITLEMENT_ENABLED", "ENTITLEMENT_DISABLED", "PROVIDER_WORKSPACE_CONNECTION_CREATED", "PROVIDER_WORKSPACE_CONNECTION_REMOVED", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_CREATE_POLICY_ASSIGNMENT", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_POLICY_ASSIGNMENT", "AP_INFRASTRUCTURE_NSG_SSH_PUBLIC_ACCESS_RESTRICTED", "AP_INFRASTRUCTURE_STORAGE_ACCOUNTS_ACCESSED_VIA_PRIVATE_ENDPOINTS", "AP_INFRASTRUCTURE_WEB_APP_REDIRECTS_HTTP_TRAFFIC_TO_HTTPS", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_PUBLIC_IP_ADDRESS", "AP_INFRASTRUCTURE_SQL_SERVERS_AUDITING", "AP_INFRASTRUCTURE_STORAGE_ACCOUNTS_SECURE_TLS_CONFIGURATION", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_MANAGE_PUBLIC_IP_ADDRESS_RULE", "CUSTOM_DATA_RECORD_REMOVED", "AP_INFRASTRUCTURE_AUDIT_LOGS_ENABLED_FOR_EKS_CLUSTER", "AP_INFRASTRUCTURE_PUBLIC_ACCESS_TO_CLUSTERS_CONTROL_PLANE_IS_RESTRICTED", "AP_INFRASTRUCTURE_PRIVATE_ACCESS_TO_CLUSTERS_CONTROL_PLANE_IS_RESTRICTED", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_MANAGE_NETWORK_SECURITY_GROUP", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_NETWORK_SECURITY_GROUP", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_MANAGE_SECURITY_SOLUTION", "WORKFLOW_NOTIFICATION_SENT", "CUSTOM_RESOURCE_RECORD_CREATED", "RISK_MAPPED_TO_CONTROL", "RISK_UNMAPPED_FROM_CONTROL", "AP_VULNERABILITY_CRITICAL_ADDRESSED_ARNICA", "AP_VULNERABILITY_HIGH_ADDRESSED_ARNICA", "CUSTOM_RESOURCE_RECORD_UPDATED", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_SECURITY_SOLUTION", "AP_INFRASTRUCTURE_POSTGRESQL_DATABASE_SERVER_LOG_CHECKPOINTS", "NEW_REPORT", "MAPPED_TESTS_RESET_ON_CONTROL", "CUSTOM_RESOURCE_RECORD_REMOVED", "ARTIFACT_BULK_DELETED", "EVIDENCE_BULK_OWNER_UPDATE", "MAPPED_POLICIES_RESET_ON_CONTROL", "AP_VULNERABILITY_CRITICAL_ADDRESSED_AIKIDO", "AP_VULNERABILITY_HIGH_ADDRESSED_AIKIDO", "AP_VULNERABILITY_CRITICAL_ADDRESSED_WIZ_VMS", "AP_VULNERABILITY_HIGH_ADDRESSED_WIZ_VMS", "AP_VULNERABILITY_HIGH_ADDRESSED_WIZ_CODE", "AP_VULNERABILITY_CRITICAL_ADDRESSED_WIZ_CODE", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_CREATE_OR_UPDATE_SQL_SERVER_FIREWALL_RULE", "AP_INFRASTRUCTURE_KEY_VAULTS_KEY_EXPIRATION", "AP_INFRASTRUCTURE_LOG_ALERT_FOR_DELETE_SQL_SERVER_FIREWALL_RULE", "AP_INFRASTRUCTURE_SQL_DATA_ENCRYPTION", "AP_VULNERABILITY_CRITICAL_ADDRESSED_MS_DEFENDER_VMS_GCC_HIGH", "AP_VULNERABILITY_HIGH_ADDRESSED_MS_DEFENDER_VMS_GCC_HIGH", "AP_VULNERABILITY_CRITICAL_ADDRESSED_ORCA_SECURITY", "AP_VULNERABILITY_HIGH_ADDRESSED_ORCA_SECURITY", "AP_VULNERABILITY_CRITICAL_ADDRESSED_UPWIND", "AP_VULNERABILITY_HIGH_ADDRESSED_UPWIND", "AP_VULNERABILITY_CRITICAL_ADDRESSED_GITLAB_VMS", "AP_VULNERABILITY_HIGH_ADDRESSED_GITLAB_VMS", "POLICY_VERSION_STATUS_DRAFT_CREATED", "POLICY_VERSION_STATUS_DRAFT_FINALIZED", "POLICY_VERSION_APPROVED", "POLICY_VERSION_PUBLISHED", "POLICY_VERSION_MODIFIED_RESTARTED_APPROVAL", "POLICY_DELETED", "POLICY_VERSION_ALERT_CONFIGURED", "POLICY_VERSION_STATUS_DRAFT_DELETED", "POLICY_VERSION_AUTO_ACKNOWLEDGMENT", "POLICY_OWNER_UPDATED", "FRAMEWORK_ENABLED", "FRAMEWORK_DISABLED", "CONTROLS_DISABLED", "CONTROLS_ARCHIVED", "POLICY_RENEW_WITHOUT_UPDATE", "POLICY_VERSION_REQUEST_CHANGES", "POLICY_VERSION_MODIFIED_NO_REQUIRED_APPROVAL", "POLICY_VERSION_APPROVED_BY_APPROVER", "POLICY_VERSION_DRAFT_FINALIZED", "POLICY_VERSION_APPROVAL_SETTINGS_UPDATED", "FRAMEWORK_LEVEL_IMPACT_UPDATED", "POLICY_VERSION_APPROVED_BY_APPROVER_TIER", "POLICY_VERSION_APPROVAL_OVERRIDE", "REQUEST_MESSAGE_SENT", "REQUEST_STATUS_CHANGED", "POLICY_VERSION_STATUS_CANCEL_APPROVAL", "WORKSPACE_DELETED", "GENERAL_TASK_RECURRING_DELETED", "CONTROL_TASK_RECURRING_DELETED", "RISK_TASK_RECURRING_DELETED", "TASK_RECURRING_DELETED", "WORKFLOW_WEBHOOK_SENT", "VENDOR_SECURITY_REVIEW_STARTED", "VENDOR_SECURITY_REVIEW_COMPLETED", "VENDOR_SECURITY_REVIEW_APPROVAL_STATUS_CHANGED", "VENDOR_SOC_REPORT_REVIEW_STARTED", "VENDOR_SOC_REPORT_REVIEW_COMPLETED", "VENDOR_SOC_REPORT_REVIEW_APPROVAL_STATUS_CHANGED", "CONTROLS_UNARCHIVED", "SAFEBASE_SYNC_PENDING", "SAFEBASE_SYNC_ERROR", "SAFEBASE_SYNC_COMPLETE", "SAFEBASE_MIGRATION_PENDING", "SAFEBASE_MIGRATION_MIGRATED", "SAFEBASE_MIGRATION_ERROR", "SAFEBASE_MIGRATION_COMPLETE", "TRUST_CENTER_INGRESS_DENIED", "CONNECTION_IDP_RANKING_UPDATED", "MONITOR_FINDINGS_ZIP_GENERATED", "MONITOR_FINDINGS_CSV_GENERATED", "FILE_UPLOAD_SIZE_EXCEEDED", "PASSWORD_PROTECTED_FILE", "COMPANY_OPT_IN_AI", "RISK_REGISTER_CREATED", "RISK_REGISTER_UPDATED", "RISK_REGISTER_DELETED", "SAFEBASE_ONBOARDING_ERROR", "SAFEBASE_ONBOARDING_CONFLICT", "SAFEBASE_ONBOARDING_COMPLETED", "RISKS_MOVED_TO_REGISTER", "CONNECTION_HRIS_RANKING_UPDATED", "EVIDENCE_BULK_RENEWAL_DATE_UPDATE", "AGENTIC_INITIAL_ASSESSMENT_REVIEW_COMPLETED", "VENDOR_SECURITY_REVIEW_EXECUTIVE_SUMMARY_GENERATED", "VENDOR_RECURRING_SECURITY_REVIEW_STARTED", "AI_VERSION_COMPARISON_GENERATED", "BULK_IMPORTED_RISKS", "VENDOR_SECURITY_REVIEW_OBSERVATION_CREATED", "VENDOR_SECURITY_REVIEW_OBSERVATION_UPDATED", "VENDOR_SECURITY_REVIEW_OBSERVATION_DELETED", "VENDOR_SECURITY_REVIEW_INTERNAL_NOTE_CREATED", "VENDOR_SECURITY_REVIEW_INTERNAL_NOTE_UPDATED", "VENDOR_SECURITY_REVIEW_INTERNAL_NOTE_DELETED", "VENDOR_SECURITY_REVIEW_ASSESSMENT_AI_OVERRIDE", "VENDOR_SECURITY_REVIEW_TITLE_UPDATED", "AP_INFRASTRUCTURE_AUTO_SCALING", "AP_INFRASTRUCTURE_BACKUP_RETENTION", "AP_INFRASTRUCTURE_TDE_ENABLED", "AP_INFRASTRUCTURE_VERSIONING_ENABLED", "AP_INFRASTRUCTURE_ZONE_REDUNDANCY", "AP_INFRASTRUCTURE_LOGGING_ENABLED", "AP_INFRASTRUCTURE_TLS_VERSION", "AP_INFRASTRUCTURE_VPC_CONFIGURATION", "AP_INFRASTRUCTURE_ENCRYPTION_IN_TRANSIT", "AP_INFRASTRUCTURE_SECURITY_GROUPS", "AP_INFRASTRUCTURE_BROAD_NETWORK_ACCESS_PATTERNS", "AP_INFRASTRUCTURE_PUBLIC_ACCESS_RESTRICTED", "AP_INFRASTRUCTURE_DENY_BY_DEFAULT", "AP_INFRASTRUCTURE_AUTOMATIC_SOFTWARE_UPDATES", "AP_INFRASTRUCTURE_LOG_INTEGRITY", "AP_INFRASTRUCTURE_TLS_CIPHERS", "AP_INFRASTRUCTURE_WAF_ENABLED", "AP_INFRASTRUCTURE_AUTOMATED_BACKUPS", "AP_INFRASTRUCTURE_SECURE_API_VERSION", "AP_INFRASTRUCTURE_LOG_RETENTION", "AP_INFRASTRUCTURE_DISABLE_DEFAULT_ACCOUNTS", "FRAMEWORK_CONTROL_MAPPING_RESET", "MAPPED_CONTROLS_RESET_ON_REQUIREMENT", "MAPPED_REQUIREMENTS_RESET_ON_CONTROL", "AUTOPILOT_USER_DELETED_ROLE", "AP_INFRASTRUCTURE_BROAD_POLICY_ACCESS_PATTERNS", "AP_INFRASTRUCTURE_RBAC", "AP_INFRASTRUCTURE_RUNTIME_CONFIGURATION", "AP_INFRASTRUCTURE_TAGGING", "AP_INFRASTRUCTURE_DELETION_PROTECTION", "AP_INFRASTRUCTURE_DATA_RETENTION", "AP_INFRASTRUCTURE_KEY_ROTATION", "AP_INFRASTRUCTURE_SECRET_ROTATION", "TICKET_DOWNLOAD", "AP_INFRASTRUCTURE_AUTOMATIC_REPAIRS", "AP_INFRASTRUCTURE_CONNECTION_DRAINING", "AP_INFRASTRUCTURE_HIGH_AVAILABILITY", "AP_INFRASTRUCTURE_POLICY_BASED_ACCESS_CONTROL" ] }, "NoteRequestPublicDto": { "type": "object", "properties": { "comment": { "type": "string", "maxLength": 191, "example": "Note comment", "description": "The text of the note" } }, "required": [ "comment" ] }, "NoteResponsePublicDto": { "type": "object", "properties": { "id": { "type": "string", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "Note UUID" }, "comment": { "type": "string", "example": "This is a good comment", "description": "The main comment of the note" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Note created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Note updated date timestamp" }, "owner": { "description": "The user that created the note", "allOf": [ { "$ref": "#/components/schemas/UserCardResponsePublicDto" } ] } }, "required": [ "id", "comment", "createdAt", "updatedAt", "owner" ] }, "CreateControlNoteRequestPublicDto": { "type": "object", "properties": { "comment": { "type": "string", "maxLength": 191, "example": "Note comment", "description": "The text of the note" } }, "required": [ "comment" ] }, "NotesPaginatedResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Set of notes based on the pagination limits", "example": [ { "id": "72c9c910-ef35-4a1c-bfdf-9898063ba77b", "comment": "Another note about our Acceptable Use Policy.", "createdAt": "2024-11-18T22:53:51.064Z", "updatedAt": "2024-11-18T22:53:51.064Z", "owner": { "id": 2, "email": "john.smart@drata.com", "firstName": "John", "lastName": "Smart", "jobTitle": "CEO", "avatarUrl": "https://cdn.drata.com/icon/icon_fwhite_bblue_72-circle.png", "drataTermsAgreedAt": "2024-11-14T17:23:06.667Z", "createdAt": "2024-11-14T17:23:06.667Z", "updatedAt": "2024-11-14T17:23:06.667Z" } }, { "id": "7bb294c8-0087-4b8a-ab50-2c003e18cbcb", "comment": "Our Acceptable Use Policy needs to be flushed out.", "createdAt": "2024-11-18T22:52:54.157Z", "updatedAt": "2024-11-18T22:52:54.157Z", "owner": { "id": 2, "email": "faith.facts@drata.com", "firstName": "Faith", "lastName": "Facts", "jobTitle": "CIO", "avatarUrl": "https://cdn.drata.com/icon/icon_fwhite_bblue_72-circle.png", "drataTermsAgreedAt": "2024-11-14T17:23:06.667Z", "createdAt": "2024-11-14T17:23:06.667Z", "updatedAt": "2024-11-14T17:23:06.667Z" } } ], "type": "array", "items": { "$ref": "#/components/schemas/NoteResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "ControlOwnerBulkRequestPublicDto": { "type": "object", "properties": { "ownerIds": { "example": [ 1, 2, 3 ], "description": "Array of owner ids", "type": "array", "items": { "type": "number" } }, "controlIds": { "example": [ 1, 2, 3 ], "description": "Array of control ids", "type": "array", "items": { "type": "number" } } }, "required": [ "ownerIds", "controlIds" ] }, "ControlResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "123", "description": "Control id" }, "name": { "type": "string", "example": "Databases Monitored and Alarmed", "description": "Control name" }, "code": { "type": "string", "example": "DCF-1002", "description": "Control code" }, "description": { "type": "string", "example": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on predetermined criteria. Incidents are escalated per policy.", "description": "Control description" }, "question": { "type": "string", "example": "Does the organization implement tools to monitor its databases and notify appropriate personnel of incidents based on predetermined criteria?", "description": "Control question" }, "activity": { "type": "string", "example": "1. Ensure tools are implemented to monitor databases 2. Ensure notifications based on specific criteria are sent to the appropriate personnel 3. Escalate incidents appropriately", "description": "Control activity" }, "slug": { "type": "string", "example": "databases-monitored-and-alarmed", "description": "Control slug" }, "archivedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date control was archived at or NULL" }, "frameworkTags": { "example": [ "SOC_2" ], "description": "Framework tags associated with the control", "type": "array", "items": { "type": "string" } }, "hasEvidence": { "type": "boolean", "example": false, "description": "Indicates if the control has evidence" }, "isMonitored": { "type": "boolean", "example": false, "description": "Indicates if the control has a test" }, "hasOwner": { "type": "boolean", "example": false, "description": "Indicates if the control has at least one owner" }, "policies": { "example": "PolicyResponsePublicDto[]", "description": "Policies array, limited to id, name, createdAt, file", "type": "array", "items": { "$ref": "#/components/schemas/PolicyResponsePublicDto" } }, "reports": { "example": "ReportControlResponsePublicDto[]", "description": "Control reports", "type": "array", "items": { "$ref": "#/components/schemas/EvidenceLibraryControlResponsePublicDto" } }, "externalEvidence": { "example": "ExternalEvidenceResponsePublicDto[]", "description": "ExternalEvidences array", "type": "array", "items": { "$ref": "#/components/schemas/ExternalEvidenceResponsePublicDto" } }, "controlTests": { "example": "ControlTestResponsePublicDto[]", "description": "Control tests array", "type": "array", "items": { "$ref": "#/components/schemas/ControlTestResponsePublicDto" } }, "frameworkRequirements": { "example": "FrameworkRequirementsResponsePublicDto[]", "description": "A list of associated requirements grouped by frameworks", "type": "array", "items": { "$ref": "#/components/schemas/FrameworkRequirementsResponsePublicDto" } }, "lastUpdatedBy": { "example": "User", "description": "Last user to update the control", "allOf": [ { "$ref": "#/components/schemas/UserCardResponsePublicDto" } ] }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date control was last updated" }, "fk_control_template_id": { "type": "number", "example": "123", "description": "Control template id, used to determine if control is custom" }, "owners": { "example": "UserCardResponsePublicDto[]", "description": "owners of the control", "type": "array", "items": { "$ref": "#/components/schemas/UserCardResponsePublicDto" } } }, "required": [ "id", "name", "code", "description", "question", "activity", "slug", "archivedAt", "frameworkTags", "hasEvidence", "isMonitored", "hasOwner", "policies", "reports", "externalEvidence", "controlTests", "frameworkRequirements", "lastUpdatedBy", "updatedAt", "fk_control_template_id", "owners" ] }, "FrameworkRequirementsResponsePublicDto": { "type": "object", "properties": { "frameworkTag": { "type": "string", "example": "HIPAA", "description": "The framework tag this requirement is associated to" }, "requirements": { "example": "PaginationResponseDto", "description": "A list of requirements associated to this framework", "type": "array", "items": { "$ref": "#/components/schemas/RequirementDetailResponsePublicDto" } } }, "required": [ "frameworkTag", "requirements" ] }, "RequirementDetailResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "1213123", "description": "Requirement id" }, "name": { "type": "string", "example": "CC1.1", "description": "Requirement name" }, "description": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values.", "description": "Requirement description" }, "longDescription": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values.", "description": "Requirement long description" }, "additionalInfo": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values.", "description": "Additional info surrounding requirement" }, "additionalInfo2": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values 2.", "description": "Additional info surrounding requirement 2" }, "additionalInfo3": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values 3.", "description": "Additional info surrounding requirement 3" }, "isReady": { "type": "boolean", "example": "true", "description": "Is requirement \"ready\"" }, "rationale": { "type": "string", "example": "This requirement is not needed.", "description": "Requirement rationale for out of scope." }, "archivedAt": { "type": "string", "format": "date-time", "example": "2020-07-06", "description": "Date the requirement was marked out of scope" }, "frameworkName": { "type": "string", "example": "SOC 2", "description": "The framework name this requirement is associated to" }, "controls": { "type": "array", "items": { "type": "object", "properties": { "id": { "type": "number" }, "code": { "type": "string" }, "isReady": { "type": "boolean" }, "controlNumber": { "type": "number" }, "archivedAt": { "type": "string", "format": "date-time" } } }, "description": "Necessary control properties mapped to this requirement, sorted by isReady and then controlNumber" }, "topic": { "type": "string", "description": "" }, "category": { "type": "string", "description": "" }, "subCategory": { "type": "string", "description": "" }, "customFrameworkId": { "type": "number", "example": "123e4567-e89b-12d3-a456-426614174000", "description": "Custom Framework ID" }, "customCategory": { "type": "string", "description": "" } }, "required": [ "id", "name", "description", "longDescription", "additionalInfo", "additionalInfo2", "additionalInfo3", "isReady", "frameworkName", "controls", "topic", "category", "subCategory" ] }, "ExternalEvidenceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "123", "description": "ExternalEvidence id" }, "name": { "type": "string", "example": "Compelling ExternalEvidence", "description": "ExternalEvidence name" }, "description": { "type": "string", "example": "This is very good evidence", "description": "ExternalEvidence description" }, "file": { "type": "string", "example": "/path/to/file.pdf", "description": "Path to file" }, "url": { "type": "string", "example": "https://url.com", "description": "Url path" }, "createdAt": { "type": "string", "example": "2021-06-02", "description": "ExternalEvidence createdAt date" }, "renewalDate": { "type": "string", "example": "2020-07-06", "description": "Report renewal date" }, "renewalScheduleType": { "type": "string", "example": "ONE_YEAR", "description": "The renewal date schedule type of report" }, "isExpired": { "type": "boolean", "example": false, "description": "The report is expired; passed its renewal date" } }, "required": [ "id", "name", "description", "file", "url", "createdAt", "renewalDate", "renewalScheduleType", "isExpired" ] }, "EvidenceLibraryControlResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": 1, "description": "Evidence id" }, "name": { "type": "string", "example": "Security training", "description": "The name of the evidence" }, "description": { "type": "string", "example": "Security Training completed evidence test", "description": "The description of the evidence" }, "versions": { "example": [ { "id": 1, "source": "https://drata.com/evidence", "type": "URL", "version": 1, "current": true, "filedAt": "2020-07-06" } ], "description": "Library document linked versions data", "type": "array", "items": { "$ref": "#/components/schemas/EvidenceLibraryVersionResponsePublicDto" } }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Evidence created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Evidence updated date timestamp" }, "renewalSchema": { "description": "The renewal schema of evidence", "allOf": [ { "$ref": "#/components/schemas/EvidenceLibraryRenewalSchemaResponsePublicDto" } ] }, "isExpired": { "type": "boolean", "example": false, "description": "The evidence is expired; passed its renewal date" } }, "required": [ "id", "name", "description", "versions", "createdAt", "updatedAt", "renewalSchema", "isExpired" ] }, "CreateControlRequestPublicDto": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 191, "example": "Good Control Name", "description": "The name of the control" }, "description": { "type": "string", "maxLength": 30000, "example": "A very good description", "description": "The description of the control" }, "code": { "type": "string", "maxLength": 20, "example": "DRA-69", "description": "The control code" }, "question": { "type": "string", "maxLength": 768, "example": "A very good question", "description": "The question of the control" }, "activity": { "type": "string", "maxLength": 768, "example": "A very good activity", "description": "The activity of the control" }, "externalEvidenceMetadata": { "type": "string", "example": [ { "originalFile": "old-filename.pdf", "filename": "excellent-filename.pdf", "description": "This is a very good file that everyone likes.", "creationDate": "2020-07-06 12:00:00.000000", "name": "Evidence Name", "renewalDate": "2020-07-06", "renewalScheduleType": "ONE_YEAR" } ], "description": "JSON string of metadata of uploaded evidence" }, "reportIds": { "example": [ 1, 2, 3 ], "description": "Array of report IDs", "type": "array", "items": { "type": "number" } }, "policyIds": { "example": [ 1, 2, 3 ], "description": "Array of policy IDs", "type": "array", "items": { "type": "number" } }, "requirementIds": { "example": [ 1, 2, 3 ], "description": "Array of requirement IDs", "type": "array", "items": { "type": "number" } }, "owners": { "example": [ 1, 2, 3 ], "description": "Array of owner IDs", "type": "array", "items": { "type": "number" } }, "testIds": { "example": [ 1, 2, 3 ], "description": "Array of control test IDs", "type": "array", "items": { "type": "number" } }, "externalEvidence": { "description": "External evidence files", "example": [ "-F 'file=<>'" ], "type": "array", "items": { "type": "string", "format": "binary" } }, "base64Files": { "type": "string", "example": [ { "base64String": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABg", "filename": "excellent-filename" } ], "description": "JSON string with array of external evidence in Base64 format." } }, "required": [ "name", "description", "code" ] }, "ControlOwnerRequestPublicDto": { "type": "object", "properties": { "ownerIds": { "example": [ 1, 2, 3 ], "description": "Array of owner ids", "type": "array", "items": { "type": "number" } } }, "required": [ "ownerIds" ] }, "ControlOwnersResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/UserCardResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "RequirementPaginatedResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Requirements associated to the framework.", "type": "array", "items": { "$ref": "#/components/schemas/RequirementListResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "page", "limit", "total" ] }, "RequirementListResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "1213123", "description": "Requirement id" }, "name": { "type": "string", "example": "CC1.1", "description": "Requirement name" }, "description": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values.", "description": "Requirement description" }, "longDescription": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values.", "description": "Requirement long description" }, "additionalInfo": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values.", "description": "Additional info surrounding requirement" }, "additionalInfo2": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values 2.", "description": "Additional info surrounding requirement 2" }, "additionalInfo3": { "type": "string", "example": "The entity demonstrates a commitment to integrity and ethical values 3.", "description": "Additional info surrounding requirement 3" }, "isReady": { "type": "boolean", "example": "true", "description": "Is requirement \"ready\"" }, "rationale": { "type": "string", "example": "This requirement is not needed.", "description": "Requirement rationale for out of scope." }, "archivedAt": { "type": "string", "format": "date-time", "example": "2020-07-06", "description": "Date the requirement was marked out of scope" }, "frameworkName": { "type": "string", "example": "SOC 2", "description": "The framework name this requirement is associated to" }, "controls": { "type": "array", "items": { "type": "object", "properties": { "id": { "type": "number" }, "code": { "type": "string" }, "isReady": { "type": "boolean" }, "controlNumber": { "type": "number" }, "archivedAt": { "type": "string", "format": "date-time" } } }, "example": "ControlReadyType[]", "description": "Controls the requirement is mapped to" }, "totalInScopeControls": { "type": "number", "example": 6, "description": "Number of Controls the requirement is mapped to" }, "frameworkId": { "type": "number", "example": 1, "description": "The framework ID" } }, "required": [ "id", "name", "description", "longDescription", "additionalInfo", "additionalInfo2", "additionalInfo3", "isReady", "frameworkName", "controls", "totalInScopeControls", "frameworkId" ] }, "EditControlRequestPublicDto": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 191, "example": "Good Control Name", "description": "The name of the control" }, "description": { "type": "string", "maxLength": 30000, "example": "A very good description", "description": "The description of the control" }, "question": { "type": "string", "maxLength": 768, "example": "A very good question", "description": "The question of the control" }, "code": { "type": "string", "maxLength": 20, "example": "DRA-69", "description": "The control code" }, "activity": { "type": "string", "maxLength": 768, "example": "A very good activity", "description": "The activity of the control" } }, "required": [ "name", "description" ] }, "ControlShortResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "123", "description": "Control id" }, "name": { "type": "string", "example": "Databases Monitored and Alarmed", "description": "Control name" }, "code": { "type": "string", "example": "DCF-1002", "description": "Control code" }, "description": { "type": "string", "example": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on predetermined criteria. Incidents are escalated per policy.", "description": "Control description" }, "question": { "type": "string", "example": "Does the organization implement tools to monitor its databases and notify appropriate personnel of incidents based on predetermined criteria?", "description": "Control question" }, "activity": { "type": "string", "example": "1. Ensure tools are implemented to monitor databases", "description": "Control activity" }, "slug": { "type": "string", "example": "databases-monitored-and-alarmed", "description": "Control slug" }, "archivedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date control was archived at or NULL" }, "lastUpdatedBy": { "example": "User", "description": "Last user to update the control", "allOf": [ { "$ref": "#/components/schemas/UserCardResponsePublicDto" } ] }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date control was last updated" }, "fk_control_template_id": { "type": "number", "example": "123", "description": "Control template id, used to determine if control is custom" }, "hasEvidence": { "type": "boolean", "example": true, "description": "Boolean if control has any linked polices, reports, externalEvidence, or controlTests" }, "hasPolicy": { "type": "boolean", "example": true, "description": "Boolean if control has any linked polices" }, "isReady": { "type": "boolean", "example": "true", "description": "Is control \"ready\"" }, "hasTicket": { "type": "boolean", "example": "true", "description": "This Control is associated to a Task Management Ticket" } }, "required": [ "id", "name", "code", "description", "question", "activity", "slug", "archivedAt", "lastUpdatedBy", "updatedAt", "fk_control_template_id", "hasEvidence", "hasPolicy", "isReady", "hasTicket" ] }, "MappedExternalEvidenceResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "123", "description": "Control id" }, "slug": { "type": "string", "example": "databases-monitored-and-alarmed", "description": "Control slug" }, "externalEvidence": { "example": "ExternalEvidenceResponseDto[]", "description": "ExternalEvidences array", "type": "array", "items": { "$ref": "#/components/schemas/ExternalEvidenceResponsePublicDto" } } }, "required": [ "id", "slug", "externalEvidence" ] }, "UploadEvidencePublicDto": { "type": "object", "properties": { "file": { "type": "string", "example": "-F 'file=<>'", "format": "binary", "description": "Accepted file extensions: .pdf, .docx, .odt, .doc, .xlsx, .ods, .pptx, .odp, .gif, .jpg, .jpeg, .png, .json, .csv, .md, .markdown, .txt, .zip" }, "url": { "type": "string", "maxLength": 768, "format": "uri", "example": "https://url.com", "description": "The url to the evidence" }, "filename": { "type": "string", "maxLength": 191, "example": "Screenshot ExternalEvidence", "description": "The name of the evidence" }, "base64File": { "type": "string", "example": { "base64String": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABg", "filename": "excellent-filename" }, "description": "JSON string with external evidence in Base64 format." }, "description": { "type": "string", "maxLength": 30000, "example": "A screenshot of a computer screen", "description": "The description of the evidence" }, "creationDate": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Creation date" }, "renewalDate": { "type": "string", "example": "2020-07-06", "description": "Report renewal date" }, "renewalScheduleType": { "enum": [ "ONE_MONTH", "TWO_MONTHS", "THREE_MONTHS", "SIX_MONTHS", "ONE_YEAR", "CUSTOM", "NONE" ], "type": "string", "example": "ONE_YEAR", "description": "The renewal date schedule type of report" } }, "required": [ "creationDate", "renewalDate", "renewalScheduleType" ] }, "SignedUrlResponsePublicDto": { "type": "object", "properties": { "signedUrl": { "type": "string", "example": "https://somedomain.com/filename.pdf?Signature=ABC123", "description": "The short lived signed URL to link directly to the private file" }, "fileBuffer": { "type": "object", "nullable": true, "description": "The file on buffer format. This only applies for txt files.", "example": { "buffer": "RXhhbXBsZSB0ZXh0IGNvbnRlbnQ=" } } }, "required": [ "signedUrl", "fileBuffer" ] }, "MappedExternalEvidencePaginatedResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/ExternalEvidenceResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "ControlPaginatedResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Data set based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/ControlListResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "ControlListResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "123", "description": "Control id" }, "name": { "type": "string", "example": "Databases Monitored and Alarmed", "description": "Control name" }, "code": { "type": "string", "example": "DCF-1002", "description": "Control code" }, "description": { "type": "string", "example": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on predetermined criteria. Incidents are escalated per policy.", "description": "Control description" }, "slug": { "type": "string", "example": "databases-monitored-and-alarmed", "description": "Control slug" }, "workspaceId": { "type": "number", "example": 2, "description": "Workspace(product) id associated to control" }, "archivedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date control was archived at or NULL" }, "frameworkTags": { "example": [ "SOC_2", "CCPA" ], "description": "Framework tags associated with the control", "type": "array", "items": { "type": "string" } }, "hasEvidence": { "type": "boolean", "example": false, "description": "Indicates if the control has any evidence" }, "hasOwner": { "type": "boolean", "example": false, "description": "Indicates if the control has any owners" }, "isMonitored": { "type": "boolean", "example": false, "description": "Indicates if the control has a test" }, "topics": { "type": "array", "items": { "type": "string", "enum": [ "AVAILABILITY", "CONFIDENTIALITY", "SECURITY", "PRIVACY", "PROCESS_INTEGRITY", "GENERAL_RULES", "ADMINISTRATIVE_SAFEGUARDS", "PHYSICAL_SAFEGUARDS", "TECHNICAL_SAFEGUARDS", "REQUIREMENTS_ORGANIZATION", "REQUIREMENTS_POLICIES_PROCEDURES", "BASIC", "DERIVED", "NIST80053_PRIVACY" ] }, "example": [ 1, 2 ], "description": "Trust Service Criteria associated with the control" }, "isReady": { "type": "boolean", "example": "true", "description": "Is control \"ready\"" }, "hasTicket": { "type": "boolean", "example": "true", "description": "This Control is associated to a Task Managment Ticket" } }, "required": [ "id", "name", "code", "description", "slug", "workspaceId", "archivedAt", "frameworkTags", "hasEvidence", "hasOwner", "isMonitored", "topics", "isReady", "hasTicket" ] }, "CompanyResponsePublicDto": { "type": "object", "properties": { "accountId": { "type": "string", "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "The account ID for the company" }, "domain": { "type": "string", "example": "domain.com", "description": "Company's domain" }, "name": { "type": "string", "example": "Acme", "description": "Company's common name" }, "legalName": { "type": "string", "example": "Acme Inc.", "description": "Company's full legal name" }, "year": { "type": "number", "example": 2014, "description": "Year the company was founded" }, "description": { "type": "string", "example": "We make tools", "description": "The description of the company" }, "phoneNumber": { "type": "string", "example": "800-555-5555", "description": "Company's phone number" }, "address": { "type": "string", "example": "742 Evergreen Terrace, Springfield, OH 45501", "description": "The address of the company" }, "privacyUrl": { "type": "string", "example": "https://acme.com/privacy", "description": "Company's privacy URL" }, "termsUrl": { "type": "string", "example": "https://acme.com/terms", "description": "Company's terms of use URL" }, "supportUrl": { "type": "string", "example": "https://help.acme.com", "description": "Company's support/help URL" }, "jobsUrl": { "type": "string", "example": "https://jobs.acme.com", "description": "The URL where your open jobs are publicly posted online" }, "securityEmail": { "type": "string", "example": "security@acme.com", "description": "Company's security/compliance email" }, "logoUrl": { "type": "string", "example": "https://cdn-prod.imgpilot.com/logo.png", "description": "User avatar URL" }, "securityTraining": { "type": "string", "nullable": true, "example": "DRATA_PROVIDED", "description": "Security Awareness Training option" }, "hipaaTraining": { "type": "string", "nullable": true, "example": "DRATA_PROVIDED", "description": "HIPAA Training option" }, "backgroundCheck": { "type": "string", "nullable": true, "example": "CERTN", "description": "The type of background check option" }, "securityReport": { "description": "Information about the security report", "allOf": [ { "$ref": "#/components/schemas/SecurityReportResponsePublicDto" } ] }, "workspaces": { "example": "[]", "description": "Company workspaces", "type": "array", "items": { "$ref": "#/components/schemas/WorkspaceResponsePublicDto" } }, "adminOnboardedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Company completed onboarded date timestamp" }, "renewalPeriodStartDate": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Company entered annual renewal time date timestamp" }, "securityTrainingLink": { "type": "string", "example": "https://security-training-service.com", "description": "Link to custom security training" }, "hipaaTrainingLink": { "type": "string", "example": "https://hipaa-training-service.com", "description": "Link to custom HIPAA Training" }, "connections": { "type": "array", "items": { "$ref": "#/components/schemas/ConnectionResponsePublicDto" } }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Account created date timestamp" }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Account updated date timestamp" }, "frameworks": { "example": "FrameworkResponsePublicDto[]", "description": "Enabled frameworks for this account", "type": "array", "items": { "$ref": "#/components/schemas/FrameworkResponsePublicDto" } }, "agentEnabled": { "type": "boolean", "example": false, "description": "The agent status (ON/OFF)" }, "manualUploadEnabled": { "type": "boolean", "example": false, "description": "Manual evidence upload status (ON/OFF)" }, "drataSupportAccess": { "nullable": true, "description": "Data to determine if Drata Support has access to the account", "allOf": [ { "$ref": "#/components/schemas/DrataSupportAccessResponsePublicDto" } ] }, "entitlements": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string" }, "description": { "type": "string" }, "type": { "type": "string" }, "featureId": { "type": "number", "nullable": true }, "metadata": { "type": "object", "additionalProperties": true } } }, "example": [ { "name": "Trust Center", "description": "The Trust Center Pages feature", "type": "TRUST_CENTER" } ], "description": "The tenants admin accounts" }, "language": { "type": "string", "example": "ENGLISH_US", "description": "Account language" } }, "required": [ "accountId", "domain", "name", "legalName", "year", "description", "phoneNumber", "address", "privacyUrl", "termsUrl", "supportUrl", "jobsUrl", "securityEmail", "logoUrl", "securityTraining", "hipaaTraining", "backgroundCheck", "securityReport", "workspaces", "adminOnboardedAt", "renewalPeriodStartDate", "connections", "createdAt", "updatedAt", "frameworks", "agentEnabled", "manualUploadEnabled", "drataSupportAccess", "entitlements", "language" ] }, "DrataSupportAccessResponsePublicDto": { "type": "object", "properties": { "enabledAt": { "type": "string", "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When the admin enabled access for Drata Support" }, "expiresAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "When the time window expires for Drata Support" }, "type": { "type": "string", "example": "READ_ONLY", "description": "The type of access granted for Drata Support" } }, "required": [ "enabledAt", "expiresAt", "type" ] }, "SecurityReportResponsePublicDto": { "type": "object", "properties": { "visibility": { "type": "string", "example": "PASSING", "description": "The type of tests to return in the security report based on the result status" }, "sharing": { "type": "boolean", "example": true, "description": "Indicates if the security report can be shared publicly" }, "shareToken": { "type": "string", "nullable": true, "example": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd", "description": "The token used to share the security report" } }, "required": [ "visibility", "sharing", "shareToken" ] }, "WorkspacesResponsePublicDto": { "type": "object", "properties": { "data": { "description": "Products related to the connection", "example": [ { "id": 1, "name": "Drata", "description": "Platform to track SOC 2 compliance within the organization", "howItWorks": null, "url": "https://app.drata.com", "logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png", "primary": true } ], "type": "array", "items": { "$ref": "#/components/schemas/WorkspaceResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "UpdateConnectionJsonIdpRequestPublicDto": { "type": "object", "properties": { "personnelData": { "description": "The list of personnel", "type": "array", "items": { "$ref": "#/components/schemas/PersonnelDataPublicDto" } } }, "required": [ "personnelData" ] }, "PersonnelDataPublicDto": { "type": "object", "properties": { "id": { "type": "string", "maxLength": 191, "example": "233", "description": "The personnel identifier" }, "firstName": { "type": "string", "maxLength": 191, "example": "Neil", "description": "The personnel first name" }, "lastName": { "type": "string", "maxLength": 191, "example": "Armstrong", "description": "The personnel last name" }, "email": { "type": "string", "maxLength": 191, "format": "email", "example": "david@mail.com", "description": "The personnel email" }, "avatarUrl": { "type": "string", "maxLength": 768, "format": "uri", "example": "https://i.pravatar.cc/150?img=60", "description": "The personnel avatar picture" }, "contractor": { "type": "boolean", "example": false, "description": "Indicates if the personnel is contractor" }, "isMfaEnabled": { "type": "boolean", "example": true, "description": "Indicates if the personnel has mfa enabled, true for enabled, false for disabled" }, "jobTitle": { "type": "string", "maxLength": 191, "example": "painter", "description": "The personnel job title" }, "customerId": { "type": "string", "maxLength": 191, "example": "A232-23983", "description": "The customer id" }, "date": { "type": "string", "maxLength": 191, "format": "date-time", "example": "2024-10-18T01:28:40", "description": "The employment start date for the personnel. Format is ISO 8601 (YYYY-MM-DDTHH:mm:ss), American (MM/DD/YYYY), or RFC 3339 (YYYY-MM-DDTHH:mm:ssZ)" } }, "required": [ "id", "firstName", "lastName", "email", "contractor", "isMfaEnabled", "date" ] }, "CreateConnectionJsonIdpRequestPublicDto": { "type": "object", "properties": { "personnelData": { "description": "The list of personnel", "type": "array", "items": { "$ref": "#/components/schemas/PersonnelDataPublicDto" } } }, "required": [ "personnelData" ] }, "ConnectionsCompactResponsePublicDto": { "type": "object", "properties": { "data": { "description": "List of connections based on the pagination limits", "type": "array", "items": { "$ref": "#/components/schemas/ConnectionCompactResponsePublicDto" } }, "page": { "type": "number", "example": 1, "description": "Which page of data are you requesting" }, "limit": { "type": "number", "example": 10, "description": "How many items are you requesting" }, "total": { "type": "number", "example": 100, "description": "How many items are in the overall set" } }, "required": [ "data", "page", "limit", "total" ] }, "ConnectionCompactResponsePublicDto": { "type": "object", "properties": { "id": { "type": "number", "example": "1", "description": "The connection ID" }, "clientType": { "example": "GOOGLE", "description": "The client type", "allOf": [ { "$ref": "#/components/schemas/ClientTypeEnum" } ] }, "state": { "type": "string", "enum": [ "ACTIVE", "MISCONFIGURED", "CONFIGURED_PENDING_CONFIRMATION", "IN_PROGRESS" ], "example": "ACTIVE", "description": "The state of the connection" }, "connected": { "type": "boolean", "example": false, "description": "Connection status" }, "connectedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The date when this connection was successfully established" }, "failedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "The date when this connection failed" }, "clientId": { "type": "string", "nullable": true, "example": "abc123", "description": "The client ID from the external system associated to this connection" }, "clientAlias": { "type": "string", "nullable": true, "example": "My-connection-alias-1", "description": "Alias for the connection" }, "aliasUpdatedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date when the connection alias was updated for manually updated aliases" }, "deletedAt": { "type": "string", "nullable": true, "format": "date-time", "example": "2025-07-01T16:45:55.246Z", "description": "Date when connection was deleted" }, "providerTypes": { "description": "Provider types associated with this connection", "type": "array", "items": { "$ref": "#/components/schemas/ConnectionProviderTypeResponsePublicDto" } }, "code": { "type": "number", "nullable": true, "example": 10010, "description": "ErrorCode" }, "groupLabel": { "type": "string", "nullable": true, "example": "Everyone", "description": "Used by some IDPs to only sync users from a specific group" } }, "required": [ "id", "clientType", "state", "connected", "connectedAt", "failedAt", "clientId", "clientAlias", "aliasUpdatedAt", "deletedAt", "code" ] }, "ClientTypeEnum": { "type": "string", "enum": [ "GOOGLE", "OKTA", "MICROSOFT_365", "AWS", "GCP", "AZURE", "HEROKU", "GITHUB", "GITLAB", "BITBUCKET", "SHORTCUT", "JIRA", "ASANA", "GUSTO", "KARMACHECK", "GITHUB_ISSUES", "RIPPLING", "CERTN", "MERGEDEV_ADP_WORKFORCE_NOW", "MERGEDEV_BAMBOO_HR", "MERGEDEV_HR_PARTNER", "MERGEDEV_HI_BOB", "MERGEDEV_HUMAANS", "MERGEDEV_PERSONIO", "MERGEDEV_SAGE", "DIGITAL_OCEAN", "MERGEDEV_KALLIDUS", "MERGEDEV_TRINET", "MERGEDEV_TRINET_HR", "MERGEDEV_FRESHTEAM", "MERGEDEV_SAP_SUCCESSFACTORS", "TRELLO", "GITLAB_ISSUES", "MERGEDEV_JUSTWORKS", "LINEAR", "PIVOTAL_TRACKER", "WORK_OS", "MERGEDEV_PAYLOCITY", "MONGO_DB_ATLAS", "TARGET_PROCESS", "CLICKUP", "CHECKR", "MERGEDEV_WORKDAY", "ZOHO", "CLOUDFLARE", "JAMF", "AZURE_BOARDS", "AZURE_REPOS", "MERGEDEV_HR_CLOUD", "INTUNE", "OKTA_IDENTITY", "GOODHIRE", "KANDJI", "AWS_CODECOMMIT", "FIBERY", "CURRICULA", "JUMPCLOUD", "HEXNODE_UEM", "RIPPLING_MDM", "AWS_ORG_UNITS", "KNOWBE4", "MERGEDEV_UKG_PRO", "MERGEDEV_UKG_READY", "DATADOG", "SLACK", "DOCUSIGN", "MICROSOFT_TEAMS", "AWS_INSPECTOR", "MERGEDEV_ONELOGIN", "MERGEDEV_JUMPCLOUD", "CONFLUENCE", "WORKSPACE_ONE", "NEW_RELIC", "MERGEDEV_SERVICENOW", "RAPID7", "MERGEDEV_AHA", "MERGEDEV_BASECAMP", "MERGEDEV_BITBUCKET", "MERGEDEV_FRESHDESK", "MERGEDEV_FRESHSERVICE", "MERGEDEV_HEIGHT", "MERGEDEV_HIVE", "MERGEDEV_TEAMWORK", "MERGEDEV_WRIKE", "MERGEDEV_ZENDESK", "CSV_IDP", "APIDECK", "AWS_GOV_CLOUD", "SENTINEL_ONE", "MERGEDEV_NAMELY", "MERGEDEV_INSPERITY_PREMIER", "MERGEDEV_DAYFORCE", "MERGEDEV_ALEXISHR", "MERGEDEV_BREATHE", "MERGEDEV_CHARLIE", "MERGEDEV_CHARTHOP", "MERGEDEV_DEEL", "MERGEDEV_FACTORIAL", "MERGEDEV_INTELLIHR", "MERGEDEV_KEKA", "MERGEDEV_LUCCA", "MERGEDEV_OFFICIENT", "MERGEDEV_PAYCHEX", "MERGEDEV_PEOPLE_HR", "MERGEDEV_OYSTERHR", "MERGEDEV_PAYCOR", "HUBSPOT", "ZOOM", "AUTH0", "SENTRY", "ZAPIER", "SNOWFLAKE", "MIRO", "MERGEDEV_EMPLOYMENT_HERO", "SEGMENT", "WIZ", "XERO", "GITHUB_CODE", "ATLASSIAN", "PAGER_DUTY", "STACKONE_SMARTRECRUITERS", "STACKONE_TEAMTAILOR", "CROWDSTRIKE", "GITHUB_ENTERPRISE", "NOTION", "STACKONE_KLAVIYO", "STACKONE_LASTPASS", "STACKONE_LEAPSOME", "STACKONE_LEVER", "STACKONE_ORACLEHCM", "STACKONE_PINPOINT", "STACKONE_PIPEDRIVE", "STACKONE_RECRUITEE", "STACKONE_WEBEX", "STACKONE_WORKABLE", "STACKONE_ZELT", "STACKONE_BITWARDEN", "STACKONE_SALESLOFT", "STACKONE_DIXA", "STACKONE_FRESHSALES", "STACKONE_CANVA", "STACKONE_GREENHOUSE", "STACKONE_ASHBY", "STACKONE_ATTIO", "STACKONE_CONTENTFUL", "COVERDASH", "MERGEDEV_FRONT", "SALESFORCE", "STACKONE_ELASTIC", "STACKONE_RENDER", "STACKONE_TERRAFORM", "STACKONE_DOMO", "STACKONE_ENVOY", "STACKONE_SCALEWAY", "STACKONE_JETBRAINS", "STACKONE_FIVETRAN", "STACKONE_INTERCOM", "STACKONE_AUTODESK", "GITHUB_ACTIONS", "AZURE_ORG_UNITS", "MICROSOFT_365_GCC_HIGH", "STACKONE_AIRCALL", "STACKONE_15FIVE", "STACKONE_ROLLBAR", "STACKONE_EGNYTE", "STACKONE_QLIK", "STACKONE_BULLHORN", "STACKONE_OPENVPN", "STACKONE_SOPHOS", "STACKONE_MEISTERTASK", "STACKONE_TALENTLMS", "STACKONE_ONEFLOW", "STACKONE_RING_CENTRAL", "STACKONE_ARTICULATE", "STACKONE_DIALPAD", "STACKONE_TABLEAU", "AZURE_DEVOPS", "STACKONE_1PASSWORD", "STACKONE_MIXPANEL", "STACKONE_SONARCLOUD", "STACKONE_TWILIO", "STACKONE_ANSIBLE", "STACKONE_LATTICE", "STACKONE_WEBFLOW", "STACKONE_LACEWORK", "STACKONE_DATABRICKS", "STACKONE_IFS", "STACKONE_TRAVISCI", "STACKONE_MATILLIONETL", "STACKONE_OPTIMIZELY", "UAR_CSV", "STERLING", "HIRERIGHT", "VETTY", "MERGEDEV_CYBERARK", "SALESFORCE_UAR", "GOOGLE_ADMIN_CONSOLE", "VERCEL", "STACKONE_DUO", "STACKONE_GONG", "STACKONE_IRONCLAD", "STACKONE_SCORO", "STACKONE_TEAMVIEWER_REMOTE", "STACKONE_SPOTDRAFT", "STACKONE_SPENDESK", "STACKONE_SENDGRID", "STACKONE_SMARTSHEET", "STACKONE_CHECKMK", "LEEN_TENABLE", "LEEN_QUALYS", "LEEN_SEMGREP", "LEEN_SNYK", "LEEN_CROWDSTRIKE_VMS", "LEEN_MS_DEFENDER_VMS", "LEEN_SENTINELONE_VMS", "GITLAB_ON_PREM", "CUSTOM", "LEEN_RAPID7_VMS", "BAMBOO_HR", "GITLAB_ISSUES_ON_PREM", "GITHUB_ISSUES_ENTERPRISE", "BITBUCKET_CODE", "LEEN_ARNICA", "STACKONE_NETLIFY", "STACKONE_OPENAI", "KOLIDE", "MERGEDEV_JIRA_DATA_CENTER", "MERGEDEV_PINGONE", "GOOGLE_ADMIN_CONSOLE_OAUTH", "GOOGLE_OAUTH", "STACKONE_ANTHROPIC", "INTUNE_GCC_HIGH", "STACKONE_DROPBOX", "STACKONE_DROPBOX_SIGN", "STACKONE_HARVEST", "STACKONE_KAMELEOON", "STACKONE_MAKE", "STACKONE_RETOOL", "STACKONE_TOGGL", "STACKONE_BOX", "MERGEDEV_ZOHO_PEOPLE", "MERGEDEV_ZOHO_DESK", "LEEN_WIZ_VMS", "LEEN_WIZ_CODE", "LEEN_AIKIDO", "MERGEDEV_LATTICE_HRIS", "MERGEDEV_DARWINBOX", "MERGEDEV_PAYCOM", "AZURE_GCC_HIGH", "AZURE_MG_GCC_HIGH", "STACKONE_EASY_LLAMA", "MERGEDEV_LEAPSOME", "CUSTOM_XFA", "LEEN_MS_DEFENDER_VMS_GCC_HIGH", "STACKONE_CORNERSTONE", "STACKONE_DOCEBO", "STACKONE_GO1", "STACKONE_LINKEDIN_LEARNING", "STACKONE_SAP_LEARNING", "STACKONE_WORKDAY_LEARNING", "STACKONE_360LEARNING", "STACKONE_BRAINIER", "STACKONE_COURSERA", "STACKONE_XYLEME", "STACKONE_INFOSEC", "STACKONE_PEOPLE_FLUENT", "STACKONE_UDEMY", "AIKIDO", "AZURE_ENTRA_ID", "GOOGLE_CLOUD_IDENTITY", "HYPERCOMPLY", "INTRUDER", "IRIS_AI", "JIT", "TINES", "TORQ", "TRAY", "SWIF", "LEEN_ORCA_SECURITY", "ZIP", "CUSTOM_MDM", "LEEN_UPWIND", "WORK_OS_SCIM", "LEEN_GITLAB_VMS", "NINJAONE_MDM", "FIELDGUIDE", "OKTA_OAUTH", "IRONCLAD_VENDOR", "CUSTOM_HRIS" ] }, "ProviderTypeEnum": { "type": "string", "enum": [ "IDENTITY", "INFRASTRUCTURE", "VERSION_CONTROL", "TICKETING", "HRIS", "BACKGROUND_CHECK", "SINGLE_SIGN_ON", "ENTERPRISE_SSO", "MDM", "SECURITY_TRAINING", "OBSERVABILITY", "COMMUNICATION", "DIGITAL_SIGNATURE", "EXTERNAL_POLICY", "VULNERABILITY", "EDR", "USER_ACCESS_REVIEW", "CSPM", "CODEBASE", "CYBER_INSURANCE", "CRM", "CUSTOM", "AUTOMATION_TOOLS", "SECURITY_REVIEWS", "PROCUREMENT", "AUDITS" ] }, "ExceptionResponseDto": { "type": "object", "properties": { "statusCode": { "type": "number" }, "message": { "type": "string" }, "code": { "type": "number" }, "debugInfo": { "type": "object", "properties": { "name": { "type": "string" }, "message": { "type": "string" }, "stack": { "type": "string" } }, "required": [ "name", "message" ] } }, "required": [ "statusCode", "message", "code" ] }, "ExceptionResponsePublicDto": { "type": "object", "properties": { "statusCode": { "type": "number" }, "message": { "type": "string" }, "code": { "type": "number" }, "debugInfo": { "type": "object", "properties": { "name": { "type": "string" }, "message": { "type": "string" }, "stack": { "type": "string" } }, "required": [ "name", "message" ] } }, "required": [ "statusCode", "message", "code" ] } } } }