SimpleRisk has a RESTful API endpoint that is accessible under /api and returns a JSON response.  You can test out the API functionality using cookie-based authentication when logged into SimpleRisk.  The SimpleRisk API Extra adds in the ability to create and rotate user keys that can be added to these API queries (via the key={key} parameter) for automated data insertion and retrieval with SimpleRisk, allowing for easy integration with external systems.  This guide details the available RESTful API endpoints.


Miscellaneous

WHAT: Get the API version

URL: /api/version?key={key}

METHOD: GET


WHAT: Get the current username and user id

URL: /api/whoami?key={key}

METHOD: GET


Risks

WHAT: Get the risk details for risk ID {risk_id}

URL: /api/management/risk/view?key={key}&id={risk_id}

METHOD: GET


WHAT: Submit a new risk

URL: /api/management/risk/add?key={key}

METHOD: POST


WHAT: Update an existing risk's details

URL: /api/management/risk/update?key={key}

METHOD: POST


WHAT: Get the risk scoring history for risk ID {risk_id}

URL: /api/management/risk/scoring_history?key={key}&id={risk_id}

METHOD: GET


Mitigations

WHAT: Get the mitigation details for risk ID {risk_id}

URL: /api/management/mitigation/view?key={key}&id={risk_id}

METHOD: GET


WHAT: Submit a new mitigation

URL: /api/management/mitigation/add?key={key}

METHOD: POST


Management Reviews

WHAT: Get the review details for risk ID {risk_id}

URL: /api/management/review/view?key={key}&id={risk_id}

METHOD: GET


WHAT: Submit a new management review

URL: /api/management/review/add?key={key}

METHOD: POST


Reporting

WHAT: Get the dynamic risk report data

URL: /api/reports/dynamic?key={key}&status={status}&sort={sort}&group={group}

METHOD: GET


Administration

WHAT: Get the contents of any table

URL: /api/admin/tables/fullData?key={key}&table={table_name}

METHOD: GET


WHAT: Get the risk level configuration

URL: /api/risk_levels?key={key}

METHOD: GET


WHAT: Get the list of all SimpleRisk users

URL: /api/admin/users/all?key={key}

METHOD: GET


WHAT: Get the list of all enabled SimpleRisk users

URL: /api/admin/users/enabled?key={key}

METHOD: GET


WHAT: Get the list of all disabled SimpleRisk users

URL: /api/admin/users/disabled?key={key}

METHOD: GET


To Be Classified

URL: /api/management/risk/reopen

METHOD: GET


URL: /api/management/risk/overview

METHOD: GET


URL: /api/management/risk/overview

METHOD: GET


URL: /api/reports/dynamic

METHOD: POST


URL: /api/management/risk/viewhtml

METHOD: GET


URL: /api/management/risk/closerisk

METHOD: GET


URL: /api/management/risk/closerisk

METHOD: POST


URL: /api/management/risk/view_all_reviews

METHOD: GET


URL: /api/management/risk/editdetails

METHOD: GET


URL: /api/management/risk/saveDetails

METHOD: POST


URL: /api/management/risk/saveMitigation

METHOD: POST


URL: /api/management/risk/saveReview

METHOD: POST


URL: /api/management/risk/changestatus

METHOD: GET


URL: /api/management/risk/updateStatus

METHOD: POST


URL: /api/management/risk/scoreaction

METHOD: GET


URL: /api/management/risk/saveScore

METHOD: POST


URL: /api/management/risk/saveSubject

METHOD: POST


URL: /api/management/risk/saveComment

METHOD: POST


URL: /api/management/impportexport/deleteMapping

METHOD: POST


URL: /api/assessment/update

METHOD: POST


URL: /api/datatable/framework-controls

METHOD: GET


URL: /api/mitigation_controls

METHOD: GET


URL: /api/assessment_contacts

METHOD: GET


URL: /api/assessment_questionnaire_questions

METHOD: GET


URL: /api/governance/frameworks

METHOD: GET


URL: /api/governance/update_framework_status

METHOD: POST


URL: /api/governance/update_framework_parent

METHOD: POST


URL: /api/governance/parent_frameworks_dropdown

METHOD: GET


URL: /api/governance/selected_parent_frameworks_dropdown

METHOD: GET


URL: /api/governance/control

METHOD: GET


URL: /api/governance/framework

METHOD: GET


URL: /api/compliance/define_tests

METHOD: GET


URL: /api/compliance/test

METHOD: GET


URL: /api/compliance/initiate_audits

METHOD: GET


URL: /api/compliance/active_audits

METHOD: GET


URL: /api/compliance/save_audit_comment

METHOD: POST


URL: /api/compliance/past_audits

METHOD: GET


URL: /api/compliance/reopen_audit

METHOD: POST