Control Notes

Control Notes allow you to provide additional information about Controls.

List Control Notes

Find Control Notes matching the provided filters.

🔒 Requires Controls: Get Control Note permission.

Securitybearer
Request
path Parameters
workspaceId
required
number

The Workspace ID associated to the Account

controlId
required
number
query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 50 ]
Default: 20

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
excludeIds
Array of strings

Exclude Control Notes by IDs

Example:
expand[]
Array of strings (ControlNotesExpandEnum)

List of subcollections and sub-objects to expand

Items Value: "owner"
Responses
200
400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/workspaces/{workspaceId}/controls/{controlId}/notes
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
      • "ownerId": 60,
      • "comment": "string",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z",
      • "owner": {
        • "id": 1,
        • "email": "[email protected]",
        • "firstName": "Sally",
        • "lastName": "Smith",
        • "createdAt": "2025-07-01T16:45:55.246Z",
        • "updatedAt": "2025-07-01T16:45:55.246Z"
        }
      }
    ],
  • "pagination": {
    • "cursor": "string"
    }
}
Create Control Note
Create a Note for a given Control.


🔒 Requires Controls: Create Control Note permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
controlId
required
number
 
Request Body schema: application/json
required
comment
required
string  <= 191 characters 
The text of the Note


 
Responses 
201
Created


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


post/workspaces/{workspaceId}/controls/{controlId}/notes
Request samples 
application/json
{
  • "comment": "string"
}
Response samples 
application/json
{
  • "id": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
  • "ownerId": 60,
  • "comment": "string",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "owner": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    }
}
Get Control Note
Get a Note associated with a given Control.


🔒 Requires Controls: Get Control Note permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
controlId
required
number
 
noteId
required
string
 
query Parameters
expand[]
Array of strings (ControlNotesExpandEnum) 
List of subcollections and sub-objects to expand


Items Value: "owner"  
Responses 
200
400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


get/workspaces/{workspaceId}/controls/{controlId}/notes/{noteId}
Request samples 
Response samples 
application/json
{
  • "id": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
  • "ownerId": 60,
  • "comment": "string",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "owner": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    }
}
Update Control Note
Update a Note for a given Control.


🔒 Requires Controls: Update Control Note permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
controlId
required
number
 
noteId
required
string
 
Request Body schema: application/json
required
comment
required
string  <= 191 characters 
The text of the note


 
Responses 
200
400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


put/workspaces/{workspaceId}/controls/{controlId}/notes/{noteId}
Request samples 
application/json
{
  • "comment": "Note comment"
}
Response samples 
application/json
{
  • "id": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
  • "ownerId": 60,
  • "comment": "string",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "owner": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    }
}
Delete Control Note
Delete a Note for a given Control.


🔒 Requires Controls: Delete Control Note permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
controlId
required
number
 
noteId
required
string
 
Responses 
200
Successful


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


delete/workspaces/{workspaceId}/controls/{controlId}/notes/{noteId}
Request samples 
Response samples 
application/json
{
  • "statusCode": 0,
  • "message": "string",
  • "code": 0,
  • "debugInfo": {
    • "name": "string",
    • "message": "string",
    • "stack": "string"
    }
}