User Documents

User Documents allow you to provide manual evidence of User and Personnel compliance.

Upload User Document

Upload a User Document.

🔒 Requires Users: Create User Document permission.

Securitybearer

Request

path Parameters

userId

required

number

A Drata integer ID or an email address of the form 'email:value'.

Request Body schema:
multipart/form-data
required

type required	string The user document type Enum: "MFA_EVIDENCE" "SEC_TRAINING" "HIPAA_TRAINING_EVIDENCE" "OFFBOARDING_EVIDENCE"
file	string <binary> Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .png
base64File	string JSON string with external evidence in Base64 format.
completionDate	string <date-time> The date when the compliance was completed

Responses

201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

413

The file was too large to upload

500

Internal server error

503

Third party system was unavailable

post/users/{userId}/documents

Request samples

No sample

Response samples

application/json

{"id": 1,
"userId": 0,
"downloadUrl": {"signedUrl": "https://somedomain.com/filename.pdf?Signature=ABC123",
"fileBuffer": {"buffer": "RXhhbXBsZSB0ZXh0IGNvbnRlbnQ="
}
},
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2020-07-06",
"updatedAt": "2020-07-06"
}

List User Documents

Find User Documents matching the provided filters.

🔒 Requires Users: List User Documents permission.

Securitybearer

Request

path Parameters

userId

required

number

A Drata integer ID or an email address of the form 'email:value'.

query Parameters

cursor	string This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a `pagination.cursor` value that can be used in the subsequent request to retrieve the next page of results
size	number [ 1 .. 50 ] Default: 20 Number of results to return
sort	string (SortTypeLimitedEnum) Which field to sort by Enum: "createdAt" "updatedAt"
sortDir	string (SortDirectionEnum) The direction to sort the data Enum: "ASC" "DESC"
expand[]	Array of strings (UserDocumentExpandEnum) List of subcollections and sub-objects to expand Items Value: "downloadUrl"
name	string Filter documents by name Example: name=Security training
type	string Filter documents by their type Enum: "SEC_TRAINING" "PASSWORD_MANAGER_EVIDENCE" "AUTO_UPDATES_EVIDENCE" "HARD_DRIVE_ENCRYPTION_EVIDENCE" "ANTIVIRUS_EVIDENCE" "LOCK_SCREEN_EVIDENCE" "MFA_EVIDENCE" "HIPAA_TRAINING_EVIDENCE" "OFFBOARDING_EVIDENCE" "NIST_AI_TRAINING_EVIDENCE" Example: type=SEC_TRAINING

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/users/{userId}/documents

Request samples

Response samples

application/json

{"data": [{"id": 1,
"userId": 0,
"downloadUrl": {"signedUrl": "https://somedomain.com/filename.pdf?Signature=ABC123",
"fileBuffer": {"buffer": "RXhhbXBsZSB0ZXh0IGNvbnRlbnQ="
}
},
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2020-07-06",
"updatedAt": "2020-07-06"
}
],
"pagination": {"cursor": "string"
}
}

Get User Document

Get the full detail of a User Document.

🔒 Requires Users: List User Documents permission.

Securitybearer

Request

path Parameters

documentId required	number
userId required	number A Drata integer ID or an email address of the form 'email:value'.

query Parameters

expand[]

Array of strings (UserDocumentExpandEnum)

List of subcollections and sub-objects to expand

Items Value: "downloadUrl"

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/users/{userId}/documents/{documentId}

Request samples

Response samples

application/json

{"id": 1,
"userId": 0,
"downloadUrl": {"signedUrl": "https://somedomain.com/filename.pdf?Signature=ABC123",
"fileBuffer": {"buffer": "RXhhbXBsZSB0ZXh0IGNvbnRlbnQ="
}
},
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2020-07-06",
"updatedAt": "2020-07-06"
}

Delete User Document

🔒 Requires Users: Delete User Document permission.

Securitybearer

Request

path Parameters

documentId required	number
userId required	number A Drata integer ID or an email address of the form 'email:value'

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

delete/users/{userId}/documents/{documentId}

Request samples

Response samples

application/json

{"name": "string",
"statusCode": 0,
"message": "string",
"code": 0,
"debugInfo": {"name": "string",
"message": "string",
"stack": "string"
}
}

User Documents

Upload User Document

path Parameters

Request Body schema: multipart/form-dataapplication/jsonmultipart/form-datarequired

List User Documents

path Parameters

query Parameters

Get User Document

path Parameters

query Parameters

Delete User Document

path Parameters

Request Body schema:
multipart/form-data
required