Skip to main content
All CollectionsAPI
Drata Open API
Drata Open API

This article covers how to configure Drata Open APIs

Faraz Yaghouti avatar
Written by Faraz Yaghouti
Updated over a week ago

HERE'S WHAT

Drata Open API gives users the ultimate flexibility to push and pull data from/to Drata, integrate any custom workflow with Drata platform and bring data from any third party integration solution that supports APIs.

BEFORE DIVING IN

  • See our full API developer documentation at https://developers.drata.com/docs/.

  • The full API key will only be shown once when you create the key. You will not be able to access it again. Please make sure to save that key.

  • A rate limit of 500 requests / minute will be enforced per unique source IP .

HERE'S HOW

Create an API key

Here’s how to create an API key for your organization:

  • Click on company settings and click on “API Keys

  • Create a “Name” for your API key. This name cannot be changed once it is active.

  • You can set an expiration date for your API key. A default of “12 months” has been set. Instead you can set a custom date or set the key to never expire.

  • You can restrict key usage to the specified addresses. You can input as many addresses as you’d like to allow traffic from. If left empty, your API key will allow traffic from all sources.

  • You have 3 options for access: Custom, All Read, or All Read and Write

    • Custom: You can open the endpoint categories underneath and select the specific scopes you want enabled for that API key

    • All Read: Selecting this will enable all current and future read scopes for the API key

    • All Read and Write: Selecting this will enable all current and future scopes for the API key

  • Once you click save, you will be prompted to acknowledge that you have saved your API key info in a secure location. You will not be able to access the full API key again. After clicking “Done”, your API key will be active.

Viewing your API keys

Once you create an API key, you will be presented with a table with all keys created for your organization.

  • You can See the API key name, the status of the key, who the key was created by, when the key was last used to make a request, and when the key expires. You can also revoke the key.

Status of your API keys

There are 4 statuses for an API key:

  • Active: The key can be used to make requests for the scopes it’s been provisioned for.

  • Expires soon: The key can still be used to make requests for the scopes it’s been provisioned for. The key will expire within 30 days.

  • Expired: The key cannot be used to make requests. An expired key cannot be converted into an active key. Expirations for a key are permanent.

  • Revoked: An admin decided to manually revoke access for the key. The key can no longer be used to make requests. A revoked key cannot be converted into an active key.

API Key Details

Here is how to access your API key details:

  • Click on the API key you want to view the details for. You can then view the details and scopes provisioned for that key.

Here is how to edit your API key details:

  • What you cannot change for your API key: Name and the API key

  • Click on the edit icon to change the expiration date:

  • You can renew the key for 12 more months, select a custom date, or set the key to never expire.

Here’s how to edit the scopes provisioned for your API key:

  • Click on the API key you want to edit

  • Check or uncheck the scopes you want to edit for the API key. Scopes can be edited at any time for your API key as long as it has not expired or been revoked.

Revoking an API key

Here’s how you can revoke an active API key:

  • Click on the trash can icon on the API keys table:

  • You will be prompted with a warning confirming you want to Revoke the API key.

  • You can also open the API key details and click on the trash can icon at the top to revoke the key.

  • You can still access the details of a revoked key by clicking on the key.

Note: Revoking an API key cannot be undone. Once revoked, that key can no longer make authenticated calls to the Drata API.

API Documentation

To learn more about each API, please visit our API Documentation Page.

Did this answer your question?