Risk Documents

Risk Documents are supporting documents, evidence, or other materials that are associated with a risk.

List Risk Documents

Retrieve all Documents associated with a specific Risk.

🔒 Requires Risk Management: Get Risk Documents permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
required
number or string

An integer Risk ID or string Risk ID prefixed with riskId:

query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 50 ]
Default: 20

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks/{riskId}/documents
Request samples
Response samples
application/json
{
  • "data": [],
  • "pagination": {
    • "cursor": "string"
    }
}

Upload Risk Documents

Upload one or more Documents for a given Risk.

🔒 Requires Risk Management: Upload Risk Document permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
required
number or string

An integer Risk ID or string Risk ID prefixed with riskId:

Request Body schema: multipart/form-data
required

Upload one or more Documents for the Risk

files
required
Array of strings <binary>

Document files to upload (max 10 files, 25MB each)

Responses
201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

413

The file was too large to upload

500

Internal server error

503

Third party system was unavailable

post/risk-registers/{riskRegisterId}/risks/{riskId}/documents
Request samples
Response samples
application/json
{}

Get Risk Document

Retrieve a specific Risk Document by its ID.

🔒 Requires Risk Management: Get Risk Documents permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
documentId
required
number

The Document ID

Example: 123
required
number or string

An integer Risk ID or string Risk ID prefixed with riskId:

Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks/{riskId}/documents/{documentId}
Request samples
Response samples
application/json
{}

Delete Risk Document

Delete a specific Risk Document using the provided Document ID.

🔒 Requires Risk Management: Delete Risk Document permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
documentId
required
number

The Document ID

Example: 123
required
number or string

An integer Risk ID or string Risk ID prefixed with riskId:

Responses
200
204

No Content

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

delete/risk-registers/{riskRegisterId}/risks/{riskId}/documents/{documentId}
Request samples
Response samples
application/json
{
  • "name": "string",
  • "statusCode": 0,
  • "message": "string",
  • "code": 0,
  • "debugInfo": {
    • "name": "string",
    • "message": "string",
    • "stack": "string"
    }
}