API GRC
Gérez les contrôles de conformité, les preuves, les risques et les audits de manière programmatique.
Contrôles
Points de terminaison
| Méthode | Point de terminaison | Description |
|---|---|---|
| GET | /api/v1/controls | Lister tous les contrôles |
| GET | /api/v1/controls/{id} | Obtenir les détails d'un contrôle |
| PATCH | /api/v1/controls/{id} | Mettre à jour le statut d'un contrôle |
| GET | /api/v1/controls/{id}/evidence | Lister les preuves d'un contrôle |
Lister les contrôles
bash
GET /api/v1/controlsParamètres de requête
| Paramètre | Type | Description |
|---|---|---|
framework | string | Filtre : soc2, iso27001, pci-dss, hipaa, gdpr, nist-csf, dora |
status | string | Filtre : not_started, in_progress, implemented, not_applicable |
category | string | Filtrer par catégorie de contrôle |
Réponse
json
{
"items": [
{
"id": "ctrl_abc123",
"control_id": "CC6.1",
"name": "Logical and Physical Access Controls",
"description": "The entity implements logical access security...",
"status": "implemented",
"implementation_notes": "Access managed via Okta SSO...",
"frameworks": ["SOC 2", "ISO 27001"],
"evidence_count": 5,
"last_assessed": "2025-12-15T00:00:00Z",
"owner": "[email protected]"
}
],
"total": 89,
"page": 1,
"per_page": 20
}Mettre à jour un contrôle
bash
PATCH /api/v1/controls/{control_id}
Content-Type: application/json
{
"status": "implemented",
"implementation_notes": "Implemented using AWS IAM policies",
"owner": "[email protected]",
"next_review_date": "2026-06-01T00:00:00Z"
}Preuves
Points de terminaison
| Méthode | Point de terminaison | Description |
|---|---|---|
| GET | /api/v1/evidence | Lister toutes les preuves |
| POST | /api/v1/evidence | Télécharger une nouvelle preuve |
| GET | /api/v1/evidence/{id} | Obtenir les détails d'une preuve |
| DELETE | /api/v1/evidence/{id} | Supprimer une preuve |
| POST | /api/v1/evidence/{id}/link | Lier aux contrôles |
Lister les preuves
bash
GET /api/v1/evidenceRéponse
json
{
"items": [
{
"id": "evd_abc123",
"name": "AWS IAM Policy Export",
"type": "document",
"file_type": "application/json",
"size_bytes": 45678,
"uploaded_by": "[email protected]",
"uploaded_at": "2025-12-20T14:00:00Z",
"linked_controls": ["CC6.1", "CC6.2", "A.9.1.1"],
"tags": ["access-control", "aws"],
"status": "approved"
}
],
"total": 234
}Télécharger une preuve
bash
POST /api/v1/evidence
Content-Type: multipart/form-data
file: <binary>
name: "Security Policy Document"
description: "Annual security policy review 2025"
control_ids: ["CC1.1", "A.5.1"]
tags: ["policy", "annual-review"]Réponse
json
{
"id": "evd_xyz789",
"name": "Security Policy Document",
"status": "pending_review",
"uploaded_at": "2025-12-21T15:00:00Z",
"scan_status": "clean"
}Registre des risques
Points de terminaison
| Méthode | Point de terminaison | Description |
|---|---|---|
| GET | /api/v1/risks | Lister tous les risques |
| POST | /api/v1/risks | Créer un nouveau risque |
| GET | /api/v1/risks/{id} | Obtenir les détails d'un risque |
| PATCH | /api/v1/risks/{id} | Mettre à jour un risque |
| DELETE | /api/v1/risks/{id} | Supprimer un risque |
Lister les risques
bash
GET /api/v1/risksRéponse
json
{
"items": [
{
"id": "risk_abc123",
"title": "Third-Party Data Breach",
"description": "Risk of data exposure through vendor systems",
"category": "third_party",
"likelihood": 3,
"impact": 5,
"inherent_score": 15,
"residual_score": 6,
"status": "mitigating",
"owner": "[email protected]",
"controls": ["CC9.2", "A.15.1.1"],
"treatment": "mitigate",
"review_date": "2026-01-15T00:00:00Z"
}
],
"total": 45
}Créer un risque
bash
POST /api/v1/risks
Content-Type: application/json
{
"title": "Cloud Service Outage",
"description": "Risk of service disruption due to cloud provider issues",
"category": "operational",
"likelihood": 2,
"impact": 4,
"owner": "[email protected]",
"controls": ["CC7.4", "A.17.1.1"],
"treatment": "mitigate",
"mitigation_plan": "Implement multi-region deployment..."
}Référentiels
Points de terminaison
| Méthode | Point de terminaison | Description |
|---|---|---|
| GET | /api/v1/frameworks | Lister les référentiels activés |
| GET | /api/v1/frameworks/{id} | Obtenir les détails d'un référentiel |
| GET | /api/v1/frameworks/{id}/progress | Obtenir la progression de conformité |
Obtenir la progression d'un référentiel
bash
GET /api/v1/frameworks/soc2/progressRéponse
json
{
"framework": "SOC 2 Type II",
"overall_score": 78,
"by_category": {
"CC1": {"name": "Control Environment", "score": 85, "controls": 5, "implemented": 4},
"CC2": {"name": "Communication", "score": 80, "controls": 4, "implemented": 3},
"CC3": {"name": "Risk Assessment", "score": 75, "controls": 6, "implemented": 4},
"CC4": {"name": "Monitoring", "score": 70, "controls": 5, "implemented": 3},
"CC5": {"name": "Control Activities", "score": 80, "controls": 8, "implemented": 6},
"CC6": {"name": "Logical Access", "score": 90, "controls": 10, "implemented": 9},
"CC7": {"name": "System Operations", "score": 75, "controls": 6, "implemented": 4},
"CC8": {"name": "Change Management", "score": 70, "controls": 4, "implemented": 3},
"CC9": {"name": "Risk Mitigation", "score": 65, "controls": 3, "implemented": 2}
},
"gaps": [
{
"control_id": "CC4.2",
"name": "Monitoring Security Events",
"priority": "high",
"recommendation": "Implement SIEM solution"
}
]
}Fournisseurs
Points de terminaison
| Méthode | Point de terminaison | Description |
|---|---|---|
| GET | /api/v1/vendors | Lister tous les fournisseurs |
| POST | /api/v1/vendors | Ajouter un nouveau fournisseur |
| GET | /api/v1/vendors/{id} | Obtenir les détails d'un fournisseur |
| PATCH | /api/v1/vendors/{id} | Mettre à jour un fournisseur |
Lister les fournisseurs
bash
GET /api/v1/vendorsRéponse
json
{
"items": [
{
"id": "vendor_abc123",
"name": "AWS",
"category": "cloud_infrastructure",
"criticality": "critical",
"risk_level": "low",
"soc2_certified": true,
"iso27001_certified": true,
"last_assessment": "2025-11-01T00:00:00Z",
"next_review": "2026-05-01T00:00:00Z",
"contracts": 3,
"data_types": ["customer_data", "system_logs"]
}
],
"total": 28
}Missions d'audit
Points de terminaison
| Méthode | Point de terminaison | Description |
|---|---|---|
| GET | /api/v1/audits | Lister les missions d'audit |
| POST | /api/v1/audits | Créer une mission d'audit |
| GET | /api/v1/audits/{id} | Obtenir les détails d'un audit |
| GET | /api/v1/audits/{id}/requests | Lister les demandes d'audit |
Lister les audits
bash
GET /api/v1/auditsRéponse
json
{
"items": [
{
"id": "audit_abc123",
"name": "SOC 2 Type II 2025",
"framework": "SOC 2",
"auditor": "Big Four LLP",
"status": "in_progress",
"start_date": "2025-11-01",
"end_date": "2025-12-31",
"requests_total": 45,
"requests_completed": 32,
"progress": 71
}
],
"total": 3
}Rapports de conformité
Générer un rapport
bash
POST /api/v1/reports
Content-Type: application/json
{
"type": "compliance_summary",
"framework": "soc2",
"format": "pdf",
"include_evidence": true,
"date_range": {
"from": "2025-01-01",
"to": "2025-12-31"
}
}Réponse
json
{
"id": "report_xyz789",
"status": "generating",
"estimated_completion": "2025-12-21T15:05:00Z"
}Obtenir un rapport
bash
GET /api/v1/reports/{report_id}Lorsqu'il est prêt :
json
{
"id": "report_xyz789",
"status": "completed",
"download_url": "https://storage.cyberorigen.com/reports/...",
"expires_at": "2025-12-22T15:00:00Z"
}