Add a new control to the account

Create a new custom control

Securitybearer
Request
path Parameters
workspaceId
required
number

The Workspace ID associated to the Account

Request Body schema:
required
name
required
string <= 191 characters

The name of the control

description
required
string <= 30000 characters

The description of the control

question
string <= 768 characters

The question of the control

code
string <= 20 characters

The control code

activity
string <= 768 characters

The activity of the control

externalEvidenceMetadata
string

JSON string of metadata of uploaded evidence

reportIds
Array of numbers

Array of report ids

policyIds
Array of numbers

Array of policy ids

requirementIds
Array of numbers

Array of requirement ids

owners
Array of numbers

Array of owner ids

testIds
Array of numbers

Array of control test ids

externalEvidence
Array of strings <binary>

External evidence files

base64Files
string

JSON string with aray of external evidence in Base64 format.

Responses
201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

402

Response Code 402

You must pay to activate this feature

403

You are not allowed to perform this action

404

Record Not Found

412

Response Code: 412

You must accept the Drata terms and conditions to use the API

413

The file was too large to upload

500

Internal server error

503

Third party system was unavailable

post/workspaces/{workspaceId}/controls
Request samples
No sample
Response samples
application/json
{
  • "id": "123",
  • "name": "Databases Monitored and Alarmed",
  • "code": "DCF-1002",
  • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on predetermined criteria. Incidents are escalated per policy.",
  • "question": "Does the organization implement tools to monitor its databases and notify appropriate personnel of incidents based on predetermined criteria?",
  • "activity": "1. Ensure tools are implemented to monitor databases 2. Ensure notifications based on specific criteria are sent to the appropriate personnel 3. Escalate incidents appropriately",
  • "slug": "databases-monitored-and-alarmed",
  • "archivedAt": "2025-07-01T16:45:55.246Z",
  • "frameworkTags": [
    • "SOC_2"
    ],
  • "hasEvidence": false,
  • "isMonitored": false,
  • "hasOwner": false,
  • "policies": "PolicyResponsePublicDto[]",
  • "reports": "ReportControlResponsePublicDto[]",
  • "externalEvidence": "ExternalEvidenceResponsePublicDto[]",
  • "controlTests": "ControlTestResponsePublicDto[]",
  • "frameworkRequirements": "FrameworkRequirementsResponsePublicDto[]",
  • "lastUpdatedBy": "User",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "fk_control_template_id": "123",
  • "owners": "UserCardResponsePublicDto[]"
}