Policies

Get policies

Returns the list of policies and their metadata

🔒 Requires Policies: List Policies permission.

Securitybearer

Request

query Parameters

page	number >= 1 Default: 1 Which page of data are you requesting
limit	number [ 1 .. 50 ] Default: 20 How many items are you requesting
q	string Filter data to search term Example: q=Acceptable Use Policy
userId	number User ID of the policy owner Example: userId=1
hasPublishedVersion	boolean Filter policies data by current published or latest version
hasApprovedVersion	boolean Temporary property to filter policies data by current published or latest version. This property will coexist with the new property hasPublishedVersion until fully migrated to the client.

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/policies

Request samples

Response samples

application/json

{"data": [{"id": 1,
"currentVersionId": 1,
"name": "Acceptable Use Policy",
"version": "1",
"minorVersion": "1",
"createdAt": "2025-07-01T16:45:55.246Z",
"approvedAt": "2025-07-01T16:45:55.246Z",
"renewalDate": "2025-07-01T16:45:55.246Z",
"hasSla": "Yes",
"currentOwner": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png"
},
"groups": [{"id": 1,
"name": "Operations",
"description": "This is an example",
"email": "[email protected]",
"externalId": "23kemoi23em",
"source": "GOOGLE",
"domain": "email.com",
"type": "GROUP",
"orgUnitPath": "asdas/qweqwe/asdasd",
"membersCount": 10
}
],
"htmlLastUpdated": "2025-07-01T16:45:55.246Z",
"status": "APPROVED",
"publishedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}

Get policy by ID

Returns a policy by ID

🔒 Requires Policies: List Policies permission.

Securitybearer

Request

path Parameters

policyId

required

number

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/policies/{policyId}

Request samples

Response samples

application/json

{"id": 1,
"templateId": 1,
"name": "Acceptable Use Policy",
"currentDescription": "This policy defines how you do XYZ",
"htmlLastUpdated": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"currentOwner": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"policyWeekTimeFrameSLAs": [{"id": 1,
"label": "Policy SLA",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"policyGracePeriodSLAs": [{"id": 1,
"label": "Policy SLA",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"policyP3MatrixSLAs": [{"id": 1,
"label": "Policy SLA",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"groups": [{"id": 1,
"name": "Operations",
"description": "This is an example",
"email": "[email protected]",
"externalId": "23kemoi23em",
"source": "GOOGLE",
"domain": "email.com",
"type": "GROUP",
"orgUnitPath": "asdas/qweqwe/asdasd",
"membersCount": 10
}
],
"assignedTo": "ALL",
"notifyGroups": false,
"reminders": [{"id": 1,
"completedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z"
}
],
"policyStatus": "ACTIVE",
"replacedPolicies": [{"templateId": 1,
"name": "Acceptable Use Policy"
}
],
"replacedBy": "My Custom Policy 1",
"renewalDate": "2025-07-01T16:45:55.246Z",
"disclaimer": "This is a legal disclaimer",
"latestPolicyVersion": {"id": 1,
"version": 1,
"current": false,
"type": "UPLOADED",
"status": "NEEDS_APPROVAL"
},
"currentPublishedPolicyVersion": {"id": 1,
"version": 1,
"subversion": 0
}
}

Get signed URL of a policy version

Returns the signed URL of a policy version, used to download the document

🔒 Requires Policies: Get Policy Version permission.

Securitybearer

Request

path Parameters

required

number

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/policy-version/{id}/download

Request samples

Response samples

application/json

{"signedUrl": "https://somedomain.com/filename.pdf?Signature=ABC123"
}

Get signed URL of a policy's current published version

Returns the signed URL of a policy's current published version, used to download the document

🔒 Requires Policies: Get Policy Version permission.

Securitybearer

Request

path Parameters

required

number

query Parameters

withAppendix

boolean or null

Default: false

Specify if the downloaded policy will contain appendix

Example: withAppendix=true

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/policies/{id}/current-published/download

Request samples

Response samples

application/json

{"signedUrl": "https://somedomain.com/filename.pdf?Signature=ABC123"
}

Get signed URL of a policy's current published version as PDF

Returns the signed URL of a policy's current published version, used to download the PDF version of the document

🔒 Requires Policies: Get Policy Version permission.

Securitybearer

Request

path Parameters

required

number

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/policies/{id}/current-published/download/pdf

Request samples

Response samples

application/json

{"signedUrl": "https://somedomain.com/filename.pdf?Signature=ABC123"
}

Get controls associated with a policy

Returns the controls associated with a policy

🔒 Requires Controls: List Controls permission.

Securitybearer

Request

path Parameters

policyId required	number
workspaceId required	number The Workspace ID associated to the Account

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/workspaces/{workspaceId}/policies/{policyId}/associated-controls

Request samples

Response samples

application/json

{"controls": [{"id": 2,
"code": "DCF-12",
"name": "Privacy Policy",
"description": "Drata authorizes access to information resources, including data...",
"isReady": true
}
]
}