Policies

A policy is a document that outlines an organization’s commitment to following standards relevant to its operations. The help docs have more information.

List Policies

List published Policies matching the provided filters.

🔒 Requires Policies: List Policies permission.

Securitybearer
Request
query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 500 ]
Default: 50

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt" "name"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
includeTotalCount
boolean
Default: false

Include total count of all matching records in response. Only honored on first page (when cursor is null).

Example: includeTotalCount=false
expand[]
Array of strings (PolicyListExpandEnum)

List of subcollections and sub-objects to expand

Items Enum: "groups" "weekTimeFrameSlas" "gracePeriodSlas" "p3MatrixSlas" "owner"
name
string <= 191 characters

Filter Policies by name (partial match)

Example: name=Data Protection Policy
statuses[]
Array of strings (PolicyStatusEnum)

Filter Policies by one or more statuses

Items Enum: "ACTIVE" "ARCHIVED" "REPLACED" "UNACCEPTABLE" "OUTDATED"
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/policies
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "name": "Acceptable Use Policy",
      • "scope": "ALL",
      • "status": "ACTIVE",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "currentVersionId": 2,
      • "version": "1",
      • "subVersion": "0",
      • "renewalDate": "2025-07-01T16:45:55.246Z",
      • "publishedAt": "2025-07-01T16:45:55.246Z",
      • "approvedAt": "2025-07-01T16:45:55.246Z",
      • "owner": {
        • "id": 1,
        • "email": "[email protected]",
        • "firstName": "Sally",
        • "lastName": "Smith",
        • "createdAt": "2025-07-01T16:45:55.246Z",
        • "updatedAt": "2025-07-01T16:45:55.246Z"
        },
      • "groups": [
        • {
          • "id": 1,
          • "name": "Engineering Team",
          • "externalId": "external-group-123",
          • "source": "GOOGLE",
          • "connectionId": 1,
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "controls": [
        • {
          • "id": 1,
          • "code": "AC-1",
          • "name": "Access Control",
          • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n                 predetermined criteria. Incidents are escalated per policy.",
          • "isReady": true,
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "weekTimeFrameSlas": [
        • {
          • "id": 1,
          • "timeFrame": "1",
          • "label": "Weekly Review",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "gracePeriodSlas": [
        • {
          • "id": 1,
          • "label": "Grace Period Review",
          • "gracePeriod": "1",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "p3MatrixSlas": [
        • {
          • "id": 1,
          • "label": "P3 Matrix Review",
          • "timeFrame": "1",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ]
      }
    ],
  • "pagination": {
    • "cursor": "string",
    • "totalCount": 0
    }
}
Get Policy
Get a specific published Policy.


🔒 Requires Policies: List Policies permission.


Securitybearer 
Request 
path Parameters
policyId
required
number
 
query Parameters
expand[]
Array of strings (PolicyExpandEnum) 
List of subcollections and sub-objects to expand


Items Enum: "groups" "controls" "weekTimeFrameSlas" "gracePeriodSlas" "p3MatrixSlas" "owner"  
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


get/policies/{policyId}
Request samples 
Response samples 
application/json
{
  • "id": 1,
  • "name": "Acceptable Use Policy",
  • "scope": "ALL",
  • "status": "ACTIVE",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "currentVersionId": 2,
  • "version": "1",
  • "subVersion": "0",
  • "renewalDate": "2025-07-01T16:45:55.246Z",
  • "publishedAt": "2025-07-01T16:45:55.246Z",
  • "approvedAt": "2025-07-01T16:45:55.246Z",
  • "owner": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "groups": [
    • {
      • "id": 1,
      • "name": "Engineering Team",
      • "externalId": "external-group-123",
      • "source": "GOOGLE",
      • "connectionId": 1,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "controls": [
    • {
      • "id": 1,
      • "code": "AC-1",
      • "name": "Access Control",
      • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n                 predetermined criteria. Incidents are escalated per policy.",
      • "isReady": true,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "weekTimeFrameSlas": [
    • {
      • "id": 1,
      • "timeFrame": "1",
      • "label": "Weekly Review",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "gracePeriodSlas": [
    • {
      • "id": 1,
      • "label": "Grace Period Review",
      • "gracePeriod": "1",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "p3MatrixSlas": [
    • {
      • "id": 1,
      • "label": "P3 Matrix Review",
      • "timeFrame": "1",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ]
}
List Policy Versions
List Policy Versions for a specific Policy matching the provided filters.


🔒 Requires Policies: List Policies permission.


Securitybearer 
Request 
path Parameters
policyId
required
number
 
query Parameters
cursor
string
This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results


 
size
number  [ 1 .. 500 ] 
 Default:  50
Number of results to return


 
sort
string (SortTypeLimitedEnum) 
Which field to sort by


 Enum: "createdAt" "updatedAt" "name"  
sortDir
string (SortDirectionEnum) 
The direction to sort the data


 Enum: "ASC" "DESC"  
includeTotalCount
boolean
 Default:  false
Include total count of all matching records in response. Only honored on first page (when cursor is null).


 
 Example:  includeTotalCount=false
expand[]
Array of strings (PolicyVersionExpandEnum) 
List of subcollections and sub-objects to expand


Items Enum: "owner" "weekTimeFrameSlas" "p3MatrixSlas" "gracePeriodSlas" "downloadUrl" "downloadPdfUrl"  
version
number
Filter Policy Versions by version number


 
 Example:  version=1
current
boolean
Filter to only current Policy Versions


 
statuses[]
Array of strings (PolicyVersionStatusEnum) 
Filter Policy Versions by status


Items Enum: "NEEDS_APPROVAL" "APPROVED" "PUBLISHED" "DRAFT" "DISCARDED"  
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


get/policies/{policyId}/policy-versions
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "approvedAt": "2025-07-01T16:45:55.246Z",
      • "changeSummary": "string",
      • "changesExplanation": "string",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "current": true,
      • "description": "string",
      • "policyVersionStatus": "PUBLISHED",
      • "publishedAt": "2025-07-01T16:45:55.246Z",
      • "renewalDate": "2020-07-06",
      • "subVersion": 0,
      • "type": "BUILDER",
      • "updatedAt": "2025-07-01T16:45:55.246Z",
      • "version": 1,
      • "gracePeriodSlas": [
        • {
          • "id": 1,
          • "label": "Grace Period Review",
          • "gracePeriod": "1",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "owner": {
        • "id": 1,
        • "email": "[email protected]",
        • "firstName": "Sally",
        • "lastName": "Smith",
        • "createdAt": "2025-07-01T16:45:55.246Z",
        • "updatedAt": "2025-07-01T16:45:55.246Z"
        },
      • "p3MatrixSlas": [
        • {
          • "id": 1,
          • "label": "P3 Matrix Review",
          • "timeFrame": "1",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "policy": {
        • "id": 1,
        • "name": "Acceptable Use Policy",
        • "description": "string",
        • "createdAt": "2025-07-01T16:45:55.246Z",
        • "updatedAt": "2025-07-01T16:45:55.246Z",
        • "assignedTo": "ALL",
        • "policyStatus": "ACTIVE",
        • "renewalDate": "2025-07-01T16:45:55.246Z"
        },
      • "requiresAcknowledgment": true,
      • "weekTimeFrameSlas": [
        • {
          • "id": 1,
          • "timeFrame": "1",
          • "label": "Weekly Review",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "downloadUrl": "https://s3.amazonaws.com/bucket/file.pdf?signature=...",
      • "downloadPdfUrl": "https://s3.amazonaws.com/bucket/file.pdf?signature=..."
      }
    ],
  • "pagination": {
    • "cursor": "string",
    • "totalCount": 0
    }
}
Get Policy Version
Get a specific Policy Version. Returns policy version details (default) or policy version HTML content based on Accept header.


🔒 Requires Policies: List Policies permission.


Securitybearer 
Request 
path Parameters
policyId
required
number
 
policyVersionId
required
number
 
query Parameters
expand[]
Array of strings (PolicyVersionExpandEnum) 
List of subcollections and sub-objects to expand


Items Enum: "owner" "weekTimeFrameSlas" "p3MatrixSlas" "gracePeriodSlas" "downloadUrl" "downloadPdfUrl"  
Responses 
200
Successful


get/policies/{policyId}/policy-versions/{policyVersionId}
Request samples 
Response samples 
{
  • "id": 1,
  • "approvedAt": "2025-07-01T16:45:55.246Z",
  • "changeSummary": "string",
  • "changesExplanation": "string",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "current": true,
  • "description": "string",
  • "policyVersionStatus": "PUBLISHED",
  • "publishedAt": "2025-07-01T16:45:55.246Z",
  • "renewalDate": "2020-07-06",
  • "subVersion": 0,
  • "type": "BUILDER",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "version": 1,
  • "gracePeriodSlas": [
    • {
      • "id": 1,
      • "label": "Grace Period Review",
      • "gracePeriod": "1",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "owner": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "p3MatrixSlas": [
    • {
      • "id": 1,
      • "label": "P3 Matrix Review",
      • "timeFrame": "1",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "policy": {
    • "id": 1,
    • "name": "Acceptable Use Policy",
    • "description": "string",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z",
    • "assignedTo": "ALL",
    • "policyStatus": "ACTIVE",
    • "renewalDate": "2025-07-01T16:45:55.246Z"
    },
  • "requiresAcknowledgment": true,
  • "weekTimeFrameSlas": [
    • {
      • "id": 1,
      • "timeFrame": "1",
      • "label": "Weekly Review",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "downloadUrl": "https://s3.amazonaws.com/bucket/file.pdf?signature=...",
  • "downloadPdfUrl": "https://s3.amazonaws.com/bucket/file.pdf?signature=..."
}