Add a new control to the account

Create a new custom control

Securitybearer
Request
path Parameters
workspaceId
required
number

The Workspace ID associated to the Account

Request Body schema:
required
name
required
string <= 191 characters

The name of the control

description
required
string <= 30000 characters

The description of the control

question
string <= 768 characters

The question of the control

code
required
string <= 20 characters

The control code

activity
string <= 768 characters

The activity of the control

externalEvidenceMetadata
Array of objects

Metadata of uploaded evidence

reportIds
Array of numbers

Array of report ids

policyIds
Array of numbers

Array of policy ids

requirementIds
Array of numbers

Array of requirement ids

owners
Array of numbers

Array of owner ids

testIds
Array of numbers

Array of control test ids

externalEvidence
Array of strings <binary>

External evidence files

base64Files
Array of objects

External evidence in Base64 format. Example: {"base64String":"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABg","filename":"excellent-filename"}

Responses
201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Record Not Found

413

The file was too large to upload

500

Internal server error

503

Third party system was unavailable

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

post/workspaces/{workspaceId}/controls
Request samples
No sample
Response samples
application/json
{
  • "id": "123",
  • "name": "Databases Monitored and Alarmed",
  • "code": "DCF-1002",
  • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on predetermined criteria. Incidents are escalated per policy.",
  • "question": "Does the organization implement tools to monitor its databases and notify appropriate personnel of incidents based on predetermined criteria?",
  • "activity": "1. Ensure tools are implemented to monitor databases 2. Ensure notifications based on specific criteria are sent to the appropriate personnel 3. Escalate incidents appropriately",
  • "slug": "databases-monitored-and-alarmed",
  • "archivedAt": "2020-07-06 12:00:00.000000",
  • "frameworkTags": [
    • "SOC_2"
    ],
  • "hasEvidence": false,
  • "isMonitored": false,
  • "hasOwner": false,
  • "policies": "PolicyResponsePublicDto[]",
  • "reports": "ReportControlResponsePublicDto[]",
  • "externalEvidence": "ExternalEvidenceResponsePublicDto[]",
  • "controlTests": "ControlTestResponsePublicDto[]",
  • "frameworkRequirements": "FrameworkRequirementsResponsePublicDto[]",
  • "lastUpdatedBy": "User",
  • "updatedAt": "2020-07-06 12:00:00.000000",
  • "fk_control_template_id": "123",
  • "owners": "UserCardResponsePublicDto[]"
}