SimpleRisk has a RESTful API endpoint that is accessible under /api and returns a JSON response. You can test out the API functionality using cookie-based authentication when logged into SimpleRisk. The SimpleRisk API Extra adds in the ability to create and rotate user keys that can be added to these API queries (via the key={key} parameter) for automated data insertion and retrieval with SimpleRisk, allowing for easy integration with external systems. This guide details the available RESTful API endpoints.
Miscellaneous
WHAT: Get the API version
URL: /api/version?key={key}
METHOD: GET
WHAT: Get the current username and user id
URL: /api/whoami?key={key}
METHOD: GET
Risks
WHAT: Get the risk details for risk ID {risk_id}
URL: /api/management/risk/view?key={key}&id={risk_id}
METHOD: GET
WHAT: Submit a new risk
URL: /api/management/risk/add?key={key}
METHOD: POST
WHAT: Update an existing risk's details
URL: /api/management/risk/update?key={key}
METHOD: POST
WHAT: Get the risk scoring history for risk ID {risk_id}
URL: /api/management/risk/scoring_history?key={key}&id={risk_id}
METHOD: GET
Mitigations
WHAT: Get the mitigation details for risk ID {risk_id}
URL: /api/management/mitigation/view?key={key}&id={risk_id}
METHOD: GET
WHAT: Submit a new mitigation
URL: /api/management/mitigation/add?key={key}
METHOD: POST
Management Reviews
WHAT: Get the review details for risk ID {risk_id}
URL: /api/management/review/view?key={key}&id={risk_id}
METHOD: GET
WHAT: Submit a new management review
URL: /api/management/review/add?key={key}
METHOD: POST
Reporting
WHAT: Get the dynamic risk report data
URL: /api/reports/dynamic?key={key}&status={status}&sort={sort}&group={group}
METHOD: GET
Administration
WHAT: Get the contents of any table
URL: /api/admin/tables/fullData?key={key}&table={table_name}
METHOD: GET
WHAT: Get the risk level configuration
URL: /api/risk_levels?key={key}
METHOD: GET
WHAT: Get the list of all SimpleRisk users
URL: /api/admin/users/all?key={key}
METHOD: GET
WHAT: Get the list of all enabled SimpleRisk users
URL: /api/admin/users/enabled?key={key}
METHOD: GET
WHAT: Get the list of all disabled SimpleRisk users
URL: /api/admin/users/disabled?key={key}
METHOD: GET
To Be Classified
URL: /api/management/risk/reopen
METHOD: GET
URL: /api/management/risk/overview
METHOD: GET
URL: /api/management/risk/overview
METHOD: GET
URL: /api/reports/dynamic
METHOD: POST
URL: /api/management/risk/viewhtml
METHOD: GET
URL: /api/management/risk/closerisk
METHOD: GET
URL: /api/management/risk/closerisk
METHOD: POST
URL: /api/management/risk/view_all_reviews
METHOD: GET
URL: /api/management/risk/editdetails
METHOD: GET
URL: /api/management/risk/saveDetails
METHOD: POST
URL: /api/management/risk/saveMitigation
METHOD: POST
URL: /api/management/risk/saveReview
METHOD: POST
URL: /api/management/risk/changestatus
METHOD: GET
URL: /api/management/risk/updateStatus
METHOD: POST
URL: /api/management/risk/scoreaction
METHOD: GET
URL: /api/management/risk/saveScore
METHOD: POST
URL: /api/management/risk/saveSubject
METHOD: POST
URL: /api/management/risk/saveComment
METHOD: POST
URL: /api/management/impportexport/deleteMapping
METHOD: POST
URL: /api/assessment/update
METHOD: POST
URL: /api/datatable/framework-controls
METHOD: GET
URL: /api/mitigation_controls
METHOD: GET
URL: /api/assessment_contacts
METHOD: GET
What: Pulls a set of questionnaire questions with the HTML that is used to display it on the Questionnaire Questions table.
URL: /api/assessment/questionnaire_questions?draw=1&start=0&length=10&filter_by_question=
METHOD: GET
URL: /api/governance/frameworks
METHOD: GET
URL: /api/governance/update_framework_status
METHOD: POST
URL: /api/governance/update_framework_parent
METHOD: POST
URL: /api/governance/parent_frameworks_dropdown
METHOD: GET
URL: /api/governance/selected_parent_frameworks_dropdown
METHOD: GET
URL: /api/governance/control
METHOD: GET
URL: /api/governance/framework
METHOD: GET
URL: /api/compliance/define_tests
METHOD: GET
URL: /api/compliance/test
METHOD: GET
URL: /api/compliance/initiate_audits
METHOD: GET
URL: /api/compliance/active_audits
METHOD: POST
URL: /api/compliance/save_audit_comment
METHOD: POST
URL: /api/compliance/past_audits
METHOD: POST
URL: /api/compliance/reopen_audit
METHOD: POST