Introducing Drata’s Open API
A connected and automated risk and compliance ecosystem is now possible with Drata’s Open API. Keep reading to learn how.
At Drata we're guided by our goal to democratize compliance—by making it accessible, effortless, and automated. That's why we are launching Drata's Open API as the next step in making compliance accessible to all.
Drata has built hundreds of native integrations to the most popular and powerful software solutions. However, there are many more unique systems and third-party solutions that you use to meet your business and security objectives. That's where Drata's Open API comes in.
Drata’s Open API will put you in the driver's seat and allow you to architect solutions that meet your specific needs and tech stack with pre-built templates and click-and-go automations with little to no code. Having Drata as the source for all your risk and compliance data gives you a single view to manage both programs.
Instead, you’ll be able to create deep integrations between Drata’s powerful automation and your critical systems, taking you one step closer to a unified and comprehensive risk and compliance program.
The Highlights
Ready to dive in? Here are just a few key features of Drata’s Open API:
APIs for All Your Use Cases
Minimize evidence gaps by integrating to the endpoints that matter. Our APIs were designed based on customer feedback, common use cases, and conversations with developers to address the most common risk and compliance professionals’ needs.
Your team will be able to easily connect Drata’s automation to critical systems like security training solutions, background check providers, MDM systems, and more. Head over to our developer portal to see all the endpoints that we support.
"Drata’s API has been an incredible addition to the product. It’s already saved us hours of work manually uploading evidence that we can now automate and schedule thanks to the API. We’ve also been able to create workflows that pipe evidence to and from Drata to applications that don’t or can’t have a built-in integration."
—Japheth Thompson, Compliance Manager, Pagely
Built on REST Standards for Easier Implementation
Drata's Open API was built on user-friendly REST API standards for smoother implementation. We’ll also provide full documentation to build effective integrations that ensure your tech stack is being continuously monitored and tracked.
Our API documentation includes auto-generated code samples in a variety of languages to help guide you in using our APIs and make the process as simple and straightforward as possible.
Granular Access and Control
Determine what access level you want to give. Scope read and write permissions for every API key granularly, on a per-endpoint basis, and revoke access as you see fit.
You can also choose to restrict key usage to come from IP addresses that you specify.
Visible Audit Trail
Any call that makes a change in your Drata App will be tracked as a separate event or entity—ensuring an audit trail of what’s being done with that key and helping you maintain your security posture.
What Can We Do With Drata’s Open API?
In case you’re wondering how you can implement Drata’s Open API to unify your risk and compliance ecosystem, below are just a few examples:
Automate Evidence Collection From Any System
Our goal is to automate all of compliance, for solutions without a native integration you can use Drata's Open API to pull evidence seamlessly. Now, you’ll be able to easily connect between the two and use Drata to automate evidence collection. So background checks, security training results, personnel information, device compliance, and much more will be monitored in Drata.
Single Pane of Glass: Pull & Combine Data From Drata and Other Sources
“I've wanted a Drata API since the day we purchased. Having an API in Drata has allowed me to manage my vendor data in the place that I want while easily synchronizing the relevant parts over to Drata. Having the API has allowed me to make a simple internal CLI.”
—Kyle Rockman, Platform Engineering Lead, OpsLevel
Streamline your continuous monitoring processes with the ability to push or pull external evidence to Drata controls. In addition, pull a list of in-scope controls based on specific criteria such as framework type, control readiness, monitoring status and control owners.
Push Data Into Drata to Centralize Your Compliance Reporting
With Drata’s Open API, you can easily share control details to another tool or push pertinent control evidence into Drata from any source so you can quickly report your compliance status out to key stakeholders at any time.
Easily Trigger Workflows to Remediate Controls
“Drata bridges the gap between compliance and trust through automation. Our joint customers can use the Tray Connector we built with Drata to put themselves on a faster path to automating the critical security frameworks across their technology stacks. We’re fortunate to share a common investor, GGV Capital, and are bullish on the market potential of our partnership.”
—Mike Vaccaro, VP, Global Partnerships & Alliances, Tray.io
Using an automation tool like Tines, Torq, and Tray.io, and want to trigger actions based on certain Drata events? Easily pull in a list of all event logs, details, and test results to start workflows. Build on workflows that already fit your specific needs and power them with Drata.
For more on our partnership with Tines, check out their Drata stories here. If you have a Torq account and are ready to hit the ground running, check out their Drata templates.
Drata was built for you. This new feature is yet another tool at your fingertips to help achieve continuous compliance and a strong security posture. If you’d like to get more information about our Platform or the Open API, book some time here.
