Drata is the world’s most advanced security and compliance automation platform with the mission to help companies earn and keep the trust of their users, customers, partners and prospects. We help thousands of companies streamline compliance for SOC 2, ISO 27001, HIPAA, GDPR, your own custom frameworks, and many more through continuous, automated control monitoring and evidence collection. Using the Drata API, you can access your data to power internal workflows and build creative solutions.
The Drata API uses region-specific base URLs:
All calls to Drata APIs are authenticated with an API key that a user can generate within your Drata app. Allowed resources can be customized per API key.
Please keep your API keys private.
Each request is tracked by its unique IP. The limit is 500 requests per minute. Hitting the limit will block requests for the following 10 minutes.
As of 8/24/23, Reports & Docs was updated to Evidence Library in the Drata web app. Below are the routes that were updated for the Open API:
All keys that were provisioned for the previous endpoints do not need to be modified as the scopes were migrated.