Drata's Evidence Library serves as a repository for all the evidence you need to collect across your controls. The help docs have more information.
Find Evidence Library Items by search terms and filters.
🔒 Requires Evidence Library: List Evidence permission.
Successful
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "data": [
- {
- "id": 1,
- "name": "Security Policy Document",
- "description": "This document outlines our security policies and procedures.",
- "implementationGuidance": "Follow the company security training guidelines and ensure all employees complete the training within 30 days of onboarding.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "user": {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}, - "versions": [
- {
- "id": 1,
- "type": "URL",
- "current": true,
- "createdAt": "2025-07-01T16:45:55.246Z"
}
], - "renewalSchema": {
- "renewalDate": "2020-07-06",
- "renewalScheduleType": "ONE_YEAR"
}, - "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
]
}
], - "pagination": {
- "cursor": "string"
}
}
Create a new Evidence Library Item.
🔒 Requires Evidence Library: Create Evidence permission.
Created
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "id": 1,
- "name": "Security Policy Document",
- "description": "This document outlines our security policies and procedures.",
- "implementationGuidance": "Follow the company security training guidelines and ensure all employees complete the training within 30 days of onboarding.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "user": {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}, - "versions": [
- {
- "id": 1,
- "type": "URL",
- "current": true,
- "createdAt": "2025-07-01T16:45:55.246Z"
}
], - "renewalSchema": {
- "renewalDate": "2020-07-06",
- "renewalScheduleType": "ONE_YEAR"
}, - "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
]
}
Get a specific Evidence Library Item by ID.
🔒 Requires Evidence Library: List Evidence permission.
Successful
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "id": 1,
- "name": "Security Policy Document",
- "description": "This document outlines our security policies and procedures.",
- "implementationGuidance": "Follow the company security training guidelines and ensure all employees complete the training within 30 days of onboarding.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "user": {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}, - "versions": [
- {
- "id": 1,
- "type": "URL",
- "current": true,
- "createdAt": "2025-07-01T16:45:55.246Z"
}
], - "renewalSchema": {
- "renewalDate": "2020-07-06",
- "renewalScheduleType": "ONE_YEAR"
}, - "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
]
}
Update an existing Evidence Library Item.
🔒 Requires Evidence Library: Update Evidence permission.
Successful
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "id": 1,
- "name": "Security Policy Document",
- "description": "This document outlines our security policies and procedures.",
- "implementationGuidance": "Follow the company security training guidelines and ensure all employees complete the training within 30 days of onboarding.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "user": {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}, - "versions": [
- {
- "id": 1,
- "type": "URL",
- "current": true,
- "createdAt": "2025-07-01T16:45:55.246Z"
}
], - "renewalSchema": {
- "renewalDate": "2020-07-06",
- "renewalScheduleType": "ONE_YEAR"
}, - "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
]
}
Delete an Evidence Library Item.
🔒 Requires Evidence Library: Delete Evidence permission.
No Content
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "statusCode": 0,
- "message": "string",
- "code": 0,
- "debugInfo": {
- "name": "string",
- "message": "string",
- "stack": "string"
}
}