Risk Documents

Risk Documents are supporting documents, evidence, or other materials that are associated with a risk.

List Risk Documents

Retrieve all Documents associated with a specific Risk.

🔒 Requires Risk Management: Get Risk Documents permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
required
number or string

An integer Risk ID or string Risk ID prefixed with riskId:

query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 50 ]
Default: 20

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks/{riskId}/documents
Request samples 
Response samples 
application/json
{
  • "data": [],
  • "pagination": {
    • "cursor": "string"
    }
}
Upload Risk Documents
Upload one or more Documents for a given Risk.


🔒 Requires Risk Management: Upload Risk Document permission.


💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.


Securitybearer 
Request 
path Parameters
riskRegisterId
required
number
In the near future risks will be scoped under risk registers, for now always use a value of 1


 
 Example:  1
required
number or string
An integer Risk ID or string Risk ID prefixed with riskId:


 
Request Body schema: multipart/form-data
required
Upload one or more Documents for the Risk


files
required
Array of strings <binary> 
Document files to upload (max 10 files, 25MB each)


 
Responses 
201
Created


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


413
The file was too large to upload


500
Internal server error


503
Third party system was unavailable


post/risk-registers/{riskRegisterId}/risks/{riskId}/documents
Request samples 
Response samples 
application/json
{}
Get Risk Document
Retrieve a specific Risk Document by its ID.


🔒 Requires Risk Management: Get Risk Documents permission.


💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.


Securitybearer 
Request 
path Parameters
riskRegisterId
required
number
In the near future risks will be scoped under risk registers, for now always use a value of 1


 
 Example:  1
documentId
required
number
The Document ID


 
 Example:  123
required
number or string
An integer Risk ID or string Risk ID prefixed with riskId:


 
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


get/risk-registers/{riskRegisterId}/risks/{riskId}/documents/{documentId}
Request samples 
Response samples 
application/json
{}
Delete Risk Document
Delete a specific Risk Document using the provided Document ID.


🔒 Requires Risk Management: Delete Risk Document permission.


💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.


Securitybearer 
Request 
path Parameters
riskRegisterId
required
number
In the near future risks will be scoped under risk registers, for now always use a value of 1


 
 Example:  1
documentId
required
number
The Document ID


 
 Example:  123
required
number or string
An integer Risk ID or string Risk ID prefixed with riskId:


 
Responses 
200
204
No Content


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


delete/risk-registers/{riskRegisterId}/risks/{riskId}/documents/{documentId}
Request samples 
Response samples 
application/json
{
  • "name": "string",
  • "statusCode": 0,
  • "message": "string",
  • "code": 0,
  • "debugInfo": {
    • "name": "string",
    • "message": "string",
    • "stack": "string"
    }
}