The Drova GRC API gives you access to a set of Drova GRC features for use in your own app to integrate with Drova GRC, such as getting GRC Records and Bulk Query data from Drova GRC.
Before you do anything, you should create a Service Account in your Drova GRC site so that you can make API calls.
Any application that wants to integrate with Drova GRC APIs must have authorisation credentials that identify the application to Drova Identity OAuth 2.0 server.
The following steps explain how to create an authorisation credential (Service Account) for your Drova GRC Site. Your applications can then use the credentials to access APIs that you have enabled for that Drova GRC Site.
Go to the Menu > Maintainance > General > Service Accounts
Click on “Add service account” button and enter the info. Ensure you set the right permission for your service account to access the right module.
After creating your Service Account, copy or save the secret.txt file from the Create Service Account popup. Securely store the file in a location that only your application can access.
Please be aware that the Client Secret is only displayed once during the service account creation process. Once you exit this dialogue, you will not have access to it again.
In order to use the Drova GRC API, you must first get an access token from the Service Account by using the get token endpoint.
Plain Text
curl -X POST \
https://auth.drova.com/oauth/token \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "client_credentials",
"client_id": "[client_id]",
"client_secret": "[client_secret]",
"audience": "https://api.drova.com/graphql"
}'audience: The public Drova API server must be https://api.drova.com/graphql
client_id: Your Service Account’s Client ID.
client_secret: Your Service Account’s Client Secret.
The response contains the access_token, token_type, expires_in (seconds), and scopes values, for example:
Plain Text
{
"access_token": "eyJz93a...k4laUWw",
"token_type": "Bearer",
"scope": "grc:triline:compliance:read grc:triline:compliance:write grc:triline:control-inventory:read grc:triline:control-inventory:write grc:triline:event:read grc:triline:event:write grc:triline:kri:read grc:triline:kri:write grc:triline:risk:read grc:triline:risk:write grc:triline:register:read grc:triline:register:write",
"expires_in": 86400,
}The access token's response scope would reflect the Service Account's current permission setting in Drova GRC.
Bellowing is the list of scopes that can be returned from OAuth Server
Scope | Description |
|---|---|
grc:triline:event:read | List of all Event records |
grc:triline:risk:read | List of all Risk records |
grc:triline:control-inventory:read | List of all Control Inventory records |
grc:triline:kri:read | List of all Kri records |
grc:triline:compliance:read | List of all Compliance records |
grc:triline:register:read | List of all Register records |
grc:triline:event:write | Manage all Event records |
grc:triline:risk:write | Manage all Risk records |
grc:triline:control-inventory:write | Manage all Control Inventory records |
grc:triline:kri:write | Manage all Kri records |
grc:triline:compliance:write | Manage all Compliance records |
grc:triline:register:write | Manage all Register records |