What is the Auditor API?
Similar to Drata’s Public API, the Auditor API allows audit firms to develop integrations with their tools of choice. This includes the integration with Fielguide (which is a prebuilt integration). Since auditors have their own auditor tools that they wish to use but need to get certain data out of Drata (e.g. controls, requests, evidence etc.), this API allows our partners to get Audits, Controls, Samples, Evidence and much more in order.
How to Generate API Keys
In order to successfully begin using the API, auditors must generate API keys. This can be done only once they are added to an audit card in AuditHub. From there they perform key generation using the following steps:
Login to Drata as an Auditor
Receive a MagicLink via email - Click on the link to take you to AuditHub
In the top right corner, click on your name/initials then Settings
Under My Settings, click API Keys
From here, you’ll see the list of API you currently have (status and expiration) as well as the ability to create new API Keys using the Create API Key Button. Note you can set a custom expiration date or use the default of 12 months.
Important Note: API keys should be treated as "house keys" and not shared with unauthorized individuals. They currently have an expiration date (set to approximately two years in the future). Users can adjust the expiration date as desired.
API keys should not be shared via email. If possible, share them via 1Password or a similar tool.
If you have any questions or issue while generating API keys or using the API, reach out to your Audit Alliance Manager.