Skip to main content
All CollectionsAPI
Drata Open API: Upload Evidence for a User
Drata Open API: Upload Evidence for a User

This article shows how to upload Security Training evidence for a specific Drata user.

Harrison Krat avatar
Written by Harrison Krat
Updated over a week ago

HERE'S WHAT

The Drata Open API allows you to upload documents as evidence directly to a specific personnel record. You can leverage the available GET and POST endpoints to automate and streamline the way your team demonstrates compliance for personnel in Drata.

BEFORE DIVING IN

HERE'S HOW

Automate evidence upload for a user

  1. Create a directory for development of scripts for Drata

  2. Run npm i form-data in terminal (npm form-data)

  3. Run npm i node-fetch in terminal (npm fetch)

  4. Run npm i lodash in terminal (npm lodash)

  5. Add "type": "module” to package.json in order for this script to run, due to the use of “import”

  6. Optional: dotenv to import the API key from environment variables, else write the API key strings in the code samples below, run npm i dotenv (npm dotenv)

  7. Example script:

    1. Get request: Retrieve the personnel record by email. Use the personnel record to find the user id.

    2. Post request: Using the user id, upload external evidence, ensure the proper file type and file path are inputted in the code

This script is intended to serve as an example template. You will need to configure your local environment and adjust the code to fit your specific use case.

import FormData from 'form-data';
import fetch from 'node-fetch';
import * as dotenv from 'dotenv';
import * as fs from'fs';
import _ from 'lodash';

dotenv.config()

async function run() {
// 1. Get personnel record by email to identify userId
const query = new URLSearchParams({
q: '[email protected]',
});
query.toString();

let userId;
try {
const resp = await fetch(
`https://public-api.drata.com/public/personnel?${query}`,
{
method: 'GET',
headers: {
Authorization: `Bearer ${process.env.API_KEY}`
}
}
);
const data = await resp.json();
userId = _.get(data, 'data.0.user.id');
} catch (e) {
console.log(e);
}

// 2. Upload file evidence for user by userId
const form = new FormData();
form.append('type', 'SEC_TRAINING');

// 3. Add your file here. If the file exists in the same directory as this script, add only the file name. Else, add the file path.
const file = fs.createReadStream('/Users/username/Desktop/evidence.png');
form.append('file', file);

try {
const resp = await fetch(
`https://public-api.drata.com/public/users/${userId}/documents`,
{
method: 'POST',
headers: {
Authorization: `Bearer ${process.env.API_KEY}`
},
body: form,
}
);
const data = await resp.json();
console.log(data);
} catch (e) {
console.log(e);
}
}

run();

Did this answer your question?