Programmatic access to your risk intelligence.
The ONTRACE.AI REST API enables programmatic access to your risk register, compliance data, and ISMS workflows. Integrate with existing systems, build custom dashboards, and automate security workflows — all through a clean, versioned API.
Full API documentation is available to customers within the platform. This page provides a high-level overview. Endpoint references, authentication flows, schema definitions, and interactive API explorer are accessible after onboarding.
Capabilities
What the ONTRACE.AI API enables
Build powerful integrations, automate workflows, and connect your ISMS to the broader security technology ecosystem.
Risk Data Access
Query your live risk register programmatically — retrieve risk ratings, control statuses, and treatment plans from any external system or BI tool.
Compliance Reporting
Pull compliance posture data, evidence records, and audit trail information into your existing reporting infrastructure or executive dashboards.
Workflow Automation
Trigger risk assessments, update treatment plans, and manage task assignments programmatically from CI/CD pipelines, SOAR platforms, or custom automation.
Data Export & Integration
Export risk and compliance data to your SIEM, data warehouse, or business intelligence tools for consolidated reporting across your security program.
Evidence Submission
Submit evidence artefacts directly via API — connect your existing tooling to automatically provide compliance evidence without manual upload.
Webhook Callbacks
Subscribe to events — risk status changes, new findings, audit deadlines — and receive real-time notifications to your systems.
API Structure
Clean, predictable, developer-friendly.
Illustrative example showing the API's response structure. Full schema documentation is available within the platform.
// Illustrative example — not real API syntax
// Full documentation available to customers within the platform
GET /api/v1/risks?status=open&severity=high
Authorization: Bearer {YOUR_API_KEY}
// Response structure
{
"data": [
{
"id": "risk_abc123",
"title": "Insufficient access controls on production database",
"severity": "high",
"status": "treatment_in_progress",
"owner": "security@company.com",
"framework_mappings": ["ISO 27001 A.9.4", "SOC 2 CC6.1"],
"updated_at": "2026-03-15T14:23:00Z"
}
],
"pagination": {
"cursor": "eyJpZCI6InJpc2tfYWJjMTIzIn0",
"has_more": true
}
}Technical Overview
Authentication, versioning, and rate limits.
Authentication
API key and OAuth 2.0 based authentication. Keys are scoped to specific resources and permission levels — read-only, read-write, or admin. Credentials are managed within the ONTRACE.AI platform dashboard.
Credential management is available within the platform. Full authentication documentation is provided to customers upon onboarding.
Rate Limits
Tiered rate limits based on your subscription tier. Standard and Enterprise tiers have different request quotas to ensure reliable performance. Rate limit headers are included in all API responses for transparent tracking.
Specific limits are detailed in the platform documentation available to customers.
Versioning
The API uses URL-based versioning (e.g., /api/v1/). Backwards compatibility is maintained within major versions. Deprecation notices are provided with minimum 12 months advance notice before any breaking changes.
Endpoints & Format
RESTful HTTPS endpoints returning JSON. All timestamps in ISO 8601 format. Pagination uses cursor-based pagination for efficient large dataset traversal. Standard HTTP status codes throughout.
Developer Experience
SDKs coming soon.
Official client libraries will reduce integration time to minutes. In the meantime, the REST API works with any HTTP client or API framework.
Want to be notified when SDKs are available? Contact us
Common Integration Patterns
Security dashboards
Pull risk data into Grafana, Power BI, or Tableau for executive reporting.
SOAR automation
Trigger risk updates from security orchestration platforms after incident response.
CI/CD pipelines
Check compliance posture during deployments — block releases if critical risks are open.
SIEM correlation
Feed security events into ONTRACE to automatically update risk ratings in real time.
API Access
Ready to integrate?
API access is available as part of ONTRACE.AI subscriptions. Full documentation, interactive API explorer, and client examples are available within the platform after onboarding.
Contact our team to discuss API requirements, integration scope, and access tiers.