Similar to Drata’s Public API, the Auditor API allows audit firms to develop integrations with their tools of choice. This includes the integration with Fieldguide (which is a prebuilt integration). Since auditors have their own auditor tools that they wish to use but need to get certain data out of Drata (e.g. controls, requests, evidence etc.), this API allows our partners to get Audits, Controls, Samples, Evidence and much more in order.

In order to successfully begin using the API, auditors must generate API keys. This can be done only once they are added to an audit card in AuditHub. From there they perform key generation using the following steps:

Important Note: API keys should be treated as "house keys" and not shared with unauthorized individuals. They currently have an expiration date (set to approximately two years in the future). Users can adjust the expiration date as desired.
​

API keys should not be shared via email. If possible, share them via 1Password or a similar tool.
​

If you have any questions or issue while generating API keys or using the API, reach out to your Audit Alliance Manager.

API keys can be revoked at any time through self-service in AuditHub.

To revoke an API key:

Important Note: Revoking an API key is permanent and will immediately invalidate any integrations or scripts using that key. If you need assistance revoking API keys for security or compliance purposes, contact Drata Support.