Risk Documents

Risk Documents are supporting documents, evidence, or other materials that are associated with a risk.

List Risk Documents

Retrieve all Documents associated with a specific Risk.

🔒 Requires Risk Management: Get Risk Documents permission.

Securitybearer

Request

path Parameters

riskRegisterId required	number In the near future risks will be scoped under risk registers, for now always use a value of 1 Example: 1
required	number or string An integer Risk ID or string Risk ID prefixed with `riskId:`

query Parameters

cursor	string This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a `pagination.cursor` value that can be used in the subsequent request to retrieve the next page of results
size	number [ 1 .. 50 ] Default: 20 Number of results to return
sort	string (SortTypeLimitedEnum) Which field to sort by Enum: "createdAt" "updatedAt"
sortDir	string (SortDirectionEnum) The direction to sort the data Enum: "ASC" "DESC"

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks/{riskId}/documents

Request samples

Response samples

application/json

{"data": [{"id": 1,
"name": "Risk Assessment Document.pdf",
"downloadUrl": "http://localhost:5000/download/risk/1/document",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"pagination": {"cursor": "string"
}
}

Upload Risk Documents

Upload one or more Documents for a given Risk.

🔒 Requires Risk Management: Upload Risk Document permission.

Securitybearer

Request

path Parameters

riskRegisterId required	number In the near future risks will be scoped under risk registers, for now always use a value of 1 Example: 1
required	number or string An integer Risk ID or string Risk ID prefixed with `riskId:`

Request Body schema: multipart/form-data
required

Upload one or more Documents for the Risk

files

required

Array of strings <binary>

Document files to upload (max 10 files, 25MB each)

Responses

201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

413

The file was too large to upload

500

Internal server error

503

Third party system was unavailable

post/risk-registers/{riskRegisterId}/risks/{riskId}/documents

Request samples

Response samples

application/json

{"documents": [{"id": 1,
"name": "Risk Assessment Document.pdf",
"downloadUrl": "http://localhost:5000/download/risk/1/document",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
]
}

Get Risk Document

Retrieve a specific Risk Document by its ID.

🔒 Requires Risk Management: Get Risk Documents permission.

Securitybearer

Request

path Parameters

riskRegisterId required	number In the near future risks will be scoped under risk registers, for now always use a value of 1 Example: 1
documentId required	number The Document ID Example: 123
required	number or string An integer Risk ID or string Risk ID prefixed with `riskId:`

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks/{riskId}/documents/{documentId}

Request samples

Response samples

application/json

{"id": 1,
"name": "Risk Assessment Document.pdf",
"downloadUrl": "http://localhost:5000/download/risk/1/document",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}

Delete Risk Document

Delete a specific Risk Document using the provided Document ID.

🔒 Requires Risk Management: Delete Risk Document permission.

Securitybearer

Request

path Parameters

riskRegisterId required	number In the near future risks will be scoped under risk registers, for now always use a value of 1 Example: 1
documentId required	number The Document ID Example: 123
required	number or string An integer Risk ID or string Risk ID prefixed with `riskId:`

Responses

200

204

No Content

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

delete/risk-registers/{riskRegisterId}/risks/{riskId}/documents/{documentId}

Request samples

Response samples

application/json

{"name": "string",
"statusCode": 0,
"message": "string",
"code": 0,
"debugInfo": {"name": "string",
"message": "string",
"stack": "string"
}
}

Risk Documents

List Risk Documents

path Parameters

query Parameters

Upload Risk Documents

path Parameters

Request Body schema: multipart/form-datarequired

Get Risk Document

path Parameters

Delete Risk Document

path Parameters

Request Body schema: multipart/form-data
required