Organization
People
Vendors
Internal - Vendors
Context
Policies
- GETGet all policies
- POSTCreate a new policy
- GETDownload all published policies as a single PDF
- GETGet policy by ID
- DELDelete policy
- PATCHUpdate policy
- GETGet policy versions
- POSTCreate policy version
- GETGet policy version by ID
- DELDelete policy version
- PATCHUpdate version content
- POSTPublish new policy version
- POSTSet active policy version
- POSTSubmit version for approval
- POSTChat with AI about a policy
Attachments
Tasks
- GETGet all tasks
- DELDelete multiple tasks
- PATCHUpdate status for multiple tasks
- PATCHUpdate assignee for multiple tasks
- POSTBulk submit tasks for review
- GETGet task by ID
- PATCHUpdate a task
- GETGet task activity
- POSTSubmit task for review
- POSTApprove a task
- POSTReject a task review
- GETGet task attachments
- POSTUpload attachment to task
- GETGet attachment download URL
- DELDelete task attachment
Internal - Tasks
Task Automations
Evidence Export
Evidence Export (Auditor)
Health
Trust Portal
- GETGet domain verification status
- POSTUpload or replace a compliance certificate (PDF only)
- POSTGenerate a temporary signed URL for a compliance certificate
- POSTList uploaded compliance certificates for the organization
- POSTUpload an additional trust portal document
- POSTList additional trust portal documents for the organization
- POSTGenerate a temporary signed URL for a trust portal document
- POSTDelete (deactivate) a trust portal document
- GETGet trust portal overview
- POSTUpdate trust portal overview section
- GETList custom links for trust portal
- POSTCreate a custom link for trust portal
- POSTUpdate a custom link
- POSTDelete a custom link
- POSTReorder custom links
- POSTUpdate vendor trust portal settings
- GETList vendors configured for trust portal
Trust Access
- POSTSubmit data access request
- GETList access requests
- GETGet access request details
- POSTApprove access request
- POSTDeny access request
- GETList access grants
- POSTRevoke access grant
- POSTResend access granted email
- GETGet NDA details by token
- POSTPreview NDA by token
- POSTSign NDA
- POSTResend NDA email
- POSTPreview NDA PDF
- POSTReclaim access
- GETGet grant data by access token
- GETList policies by access token
- GETDownload all policies as watermarked PDF
- GETDownload all policies as ZIP with individual PDFs
- GETList compliance resources by access token
- GETList additional documents by access token
- GETDownload all additional documents as a ZIP by access token
- GETDownload additional document by access token
- GETDownload compliance resource by access token
- GETGet FAQs for a trust portal
- GETGet overview section for a trust portal
- GETGet custom links for a trust portal
- GETGet favicon URL for a trust portal
- GETGet vendors/subprocessors for a trust portal
Framework Editor Task Templates
Finding Templates
Findings
Questionnaire
- POSTPost v1questionnaireparse
- POSTPost v1questionnaireanswer single
- POSTPost v1questionnairesave answer
- POSTPost v1questionnairedelete answer
- POSTPost v1questionnaireexport
- POSTPost v1questionnaireupload and parse
- POSTPost v1questionnaireupload and parseupload
- POSTPost v1questionnaireparseupload
- POSTPost v1questionnaireparseuploadtoken
- POSTPost v1questionnaireanswersexport
- POSTPost v1questionnaireanswersexportupload
- POSTPost v1questionnaireauto answer
Knowledge Base
- GETList all knowledge base documents for an organization
- POSTUpload a knowledge base document
- POSTGet a signed download URL for a knowledge base document
- POSTGet a signed view URL for a knowledge base document
- POSTDelete a knowledge base document
- POSTTrigger processing of knowledge base documents
- POSTCreate a public access token for a Trigger.dev run
- POSTDelete a manual answer
- POSTDelete all manual answers for an organization
SOA
OAuth
OAuthApps
Connections
- GETGet v1integrationsconnectionsproviders
- GETGet v1integrationsconnectionsproviders 1
- GETGet v1integrationsconnections
- POSTPost v1integrationsconnections
- GETGet v1integrationsconnections 1
- DELDelete v1integrationsconnections
- PATCHPatch v1integrationsconnections
- POSTPost v1integrationsconnections test
- POSTPost v1integrationsconnections pause
- POSTPost v1integrationsconnections resume
- POSTPost v1integrationsconnections disconnect
- POSTPost v1integrationsconnections ensure valid credentials
- PUTPut v1integrationsconnections credentials
AdminIntegrations
Checks
Variables
TaskIntegrations
Sync
- POSTPost v1integrationssyncgoogle workspaceemployees
- POSTPost v1integrationssyncgoogle workspacestatus
- POSTPost v1integrationssyncripplingemployees
- POSTPost v1integrationssyncripplingstatus
- POSTPost v1integrationssyncrampemployees
- POSTPost v1integrationssyncjumpcloudemployees
- POSTPost v1integrationssyncjumpcloudstatus
- POSTPost v1integrationssyncrampstatus
- GETGet v1integrationssyncemployee sync provider
- POSTPost v1integrationssyncemployee sync provider
CloudSecurity
Browserbase
- GETGet organization browser context status
- POSTGet or create organization browser context
- POSTCreate a new browser session
- POSTClose a browser session
- POSTNavigate to a URL
- POSTCheck authentication status
- POSTCreate a browser automation
- GETGet all browser automations for a task
- GETGet a browser automation by ID
- DELDelete a browser automation
- PATCHUpdate a browser automation
- POSTStart automation with live view
- POSTExecute automation on existing session
- POSTRun a browser automation
- GETGet run history for an automation
- GETGet a specific run by ID
Task Management
Assistant Chat
Training
Org Chart
Evidence Forms
- GETList evidence forms
- GETGet submission statuses for all forms
- GETGet current user submissions
- GETGet pending submission count for current user
- GETGet form definition and submissions
- GETGet a single submission
- POSTSubmit evidence form entry
- POSTUpload a file as an evidence submission
- PATCHReview a submission
- POSTUpload evidence form file
- GETExport form submissions to CSV
Create penetration test
Copy
Ask AI
curl --request POST \
--url http://localhost:3333/v1/security-penetration-tests \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"targetUrl": "https://app.example.com",
"repoUrl": "https://github.com/org/repo",
"githubToken": "<string>",
"configYaml": "<string>",
"pipelineTesting": false,
"workspace": "<string>",
"mockCheckout": true,
"webhookUrl": "<string>",
"testMode": false
}
'Security Penetration Tests
Create penetration test
Creates a new penetration test run and returns the run metadata.
POST
/
v1
/
security-penetration-tests
Create penetration test
Copy
Ask AI
curl --request POST \
--url http://localhost:3333/v1/security-penetration-tests \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"targetUrl": "https://app.example.com",
"repoUrl": "https://github.com/org/repo",
"githubToken": "<string>",
"configYaml": "<string>",
"pipelineTesting": false,
"workspace": "<string>",
"mockCheckout": true,
"webhookUrl": "<string>",
"testMode": false
}
'Authorizations
API key for authentication
Headers
Organization ID (required for session auth, optional for API key auth)
Body
application/json
Target URL for the penetration test scan
Example:
"https://app.example.com"
Repository URL containing the target application code
Example:
"https://github.com/org/repo"
GitHub token used for cloning private repositories
Optional YAML configuration for the pentest run
Whether to enable pipeline testing mode
Workspace identifier used by the pentest engine
Set false to reject non-mocked checkout flows for strict behavior
Optional webhook URL to notify when report generation completes
Whether to run the pentest in simulation mode
Response
Penetration test created
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.