Skip to main content

GRC API documentation

Explore our comprehensive API documentation on data integrations to securely connect your software applications with Ansarada GRC site.

Christine Wong avatar
Written by Christine Wong
Updated over 11 months ago

The Ansarada GRC API provides access to various features for integration with Ansarada GRC site, including retrieving GRC records and bulk query data. Before proceeding, create a service account on your Ansarada GRC site so that you can make API calls.

Authorization

In order to use the API, you must first get an access token from the service account by using the get token endpoint.

Plain Text

curl -X POST \
  https://auth.au.ansarada.com/oauth/token \
  -H 'Content-Type: application/json' \
  -d '{
    "grant_type": "client_credentials",
    "client_id": "[client_id]",
    "client_secret": "[client_secret]",
    "audience": "https://api.ansarada.com/graphql"
}'

  • audience: This must be https://api.ansarada.com/graphql

  • client_id: Your service account’s Client ID.

  • client_secret: Your service account’s Client Secret.

The response contains the access_token, token_type, expires_in (seconds), and scopes values, for example:

Plain Text

{
  "access_token": "eyJz93a...k4laUWw",
  "token_type": "Bearer",
  "scope": "grc:triline:compliance:read grc:triline:compliance:write grc:triline:control-inventory:read grc:triline:control-inventory:write grc:triline:event:read grc:triline:event:write grc:triline:kri:read grc:triline:kri:write grc:triline:risk:read grc:triline:risk:write grc:triline:register:read grc:triline:register:write",
  "expires_in": 86400,
}

Scopes

The access token's response scope would reflect the service account's current permission setting in Ansarada GRC site.

Below is the list of scopes that can be returned from OAuth Server:

Scope

Description

grc:triline:event:read

List of all Event records

grc:triline:risk:read

List of all Risk records

grc:triline:control-inventory:read

List of all Control Inventory records

grc:triline:kri:read

List of all Kri records

grc:triline:compliance:read

List of all Compliance records

grc:triline:register:read

List of all Register records

grc:triline:event:write

Manage all Event records

grc:triline:risk:write

Manage all Risk records

grc:triline:control-inventory:write

Manage all Control Inventory records

grc:triline:kri:write

Manage all Kri records

grc:triline:compliance:write

Manage all Compliance records

grc:triline:register:write

Manage all Register records

⚠️Good to know: In the current release, service accounts can access only the Risk, Events and Registers modules with view/read permission. 🔜 Please stay tuned for updates on additional module access. 🔜

See Example Video below.


Next step: Query Ansarada GRC data with GraphQL

👉 Query Ansarada GRC records with GraphQL

👉 Perform bulk operations with Ansarada GRC GraphQL API


​Example Video:

Attachment icon
GRC API - Authorization.mp4
Did this answer your question?