Skip to content
English
Customer portal
Contact us
  • There are no suggestions because the search field is empty.

API Extra Installation and Administration Guide

The API Extra supports two types of authentication methods. By default, it utilizes cookie-based authentication. While logged into your SimpleRisk instance, you can make API requests using this method; however, automating requests with cookies can be challenging. To facilitate automation, we also offer key-based authentication, which can be activated for individual users. To obtain your user key, simply log in to your SimpleRisk instance, click on your name located at the top right corner, and select “My Profile” from the dropdown menu. If the API Extra feature is enabled for your account, you will see an option to “Generate API Key.” Clicking this option will provide you with an API key that allows you to interact with SimpleRisk in an automated manner, as if you were logged in as that user. This key will be a lengthy (100 characters) random string composed of upper and lower case letters and digits. Be sure to save it, as your future options will include “Rotate API Key,” which cancels the current key and generates a new one, or “Invalidate API Key,” which simply cancels the existing key.

Features

When you log into your SimpleRisk instance, you can access a comprehensive list of available API calls by navigating to https://path_to_simplerisk/api. This section provides several examples of GET requests you can make to the SimpleRisk API. The SimpleRisk API features a RESTful endpoint located at /api, which returns data in JSON format. You can explore the API's capabilities using cookie-based authentication while logged into SimpleRisk.

Additionally, the SimpleRisk API Extra offers enhanced functionality by allowing you to create and rotate user keys. These keys can be included in your API queries (using the key={key} parameter), facilitating automated data insertion and retrieval. This makes it easier to integrate SimpleRisk with external systems. For more information, this guide outlines the available RESTful API endpoints.

 

 

Miscellaneous

WHAT: Get the API version

URL: /api/version?key={key}

METHOD: GET

WHAT: Get the current username and user id

URL: /api/whoami?key={key}

METHOD: GET

Risks

WHAT: Get the risk details for risk ID {risk_id}

URL: /api/management/risk/view?key={key}&id={risk_id}

METHOD: GET

WHAT: Submit a new risk

URL: /api/management/risk/add?key={key}

METHOD: POST

WHAT: Update an existing risk's details

URL: /api/management/risk/update?key={key}

METHOD: POST

WHAT: Get the risk scoring history for risk ID {risk_id}

URL: /api/management/risk/scoring_history?key={key}&id={risk_id}

METHOD: GET

Mitigations

WHAT: Get the mitigation details for risk ID {risk_id}

URL: /api/management/mitigation/view?key={key}&id={risk_id}

METHOD: GET

WHAT: Submit a new mitigation

URL: /api/management/mitigation/add?key={key}

METHOD: POST

Management Reviews

WHAT: Get the review details for risk ID {risk_id}

URL: /api/management/review/view?key={key}&id={risk_id}

METHOD: GET

WHAT: Submit a new management review

URL: /api/management/review/add?key={key}

METHOD: POST

Reporting

WHAT: Get the dynamic risk report data

URL: /api/reports/dynamic?key={key}&status={status}&sort={sort}&group={group}

METHOD: GET

Administration

WHAT: Get the contents of any table

URL: /api/admin/tables/fullData?key={key}&table={table_name}

METHOD: GET

WHAT: Get the risk level configuration

URL: /api/risk_levels?key={key}

METHOD: GET

WHAT: Get the list of all SimpleRisk users

URL: /api/admin/users/all?key={key}

METHOD: GET

WHAT: Get the list of all enabled SimpleRisk users

URL: /api/admin/users/enabled?key={key}

METHOD: GET

WHAT: Get the list of all disabled SimpleRisk users

URL: /api/admin/users/disabled?key={key}

METHOD: GET

To Be Classified

URL: /api/management/risk/reopen

METHOD: GET

URL: /api/management/risk/overview

METHOD: GET

URL: /api/management/risk/overview

METHOD: GET

URL: /api/reports/dynamic

METHOD: POST

URL: /api/management/risk/viewhtml

METHOD: GET

URL: /api/management/risk/closerisk

METHOD: GET

URL: /api/management/risk/closerisk

METHOD: POST

URL: /api/management/risk/view_all_reviews

METHOD: GET

URL: /api/management/risk/editdetails

METHOD: GET

URL: /api/management/risk/saveDetails

METHOD: POST

URL: /api/management/risk/saveMitigation

METHOD: POST

URL: /api/management/risk/saveReview

METHOD: POST

URL: /api/management/risk/changestatus

METHOD: GET

URL: /api/management/risk/updateStatus

METHOD: POST

URL: /api/management/risk/scoreaction

METHOD: GET

URL: /api/management/risk/saveScore

METHOD: POST

URL: /api/management/risk/saveSubject

METHOD: POST

URL: /api/management/risk/saveComment

METHOD: POST

URL: /api/management/impportexport/deleteMapping

METHOD: POST

URL: /api/assessment/update

METHOD: POST

URL: /api/datatable/framework-controls

METHOD: GET

URL: /api/mitigation_controls

METHOD: GET

URL: /api/assessment_contacts

METHOD: GET

What: Pulls a set of questionnaire questions with the HTML that is used to display it on the Questionnaire Questions table.

URL: /api/assessment/questionnaire_questions?draw=1&start=0&length=10&filter_by_question=

METHOD: GET

URL: /api/governance/frameworks

METHOD: GET

URL: /api/governance/update_framework_status

METHOD: POST

URL: /api/governance/update_framework_parent

METHOD: POST

URL: /api/governance/parent_frameworks_dropdown

METHOD: GET

URL: /api/governance/selected_parent_frameworks_dropdown

METHOD: GET

URL: /api/governance/control

METHOD: GET

URL: /api/governance/framework

METHOD: GET

URL: /api/compliance/define_tests

METHOD: GET

URL: /api/compliance/test

METHOD: GET

URL: /api/compliance/initiate_audits

METHOD: GET

URL: /api/compliance/active_audits

METHOD: POST

URL: /api/compliance/save_audit_comment

METHOD: POST

URL: /api/compliance/past_audits

METHOD: POST

URL: /api/compliance/reopen_audit

METHOD: POST