HERE'S WHAT

The Drata Open API allows you to upload documents as evidence directly to a specific personnel record. You can leverage the available GET and POST endpoints to automate and streamline the way your team demonstrates compliance for personnel in Drata.

BEFORE DIVING IN

See our full API developer documentation at https://developers.drata.com/docs/.
Review the Find personnel by search terms and filters and Upload a document for user by user id end points.
See this help article on how to generate an API key. Scope the key for both read and write access for the user and personnel data entities.
A rate limit of 500 requests / minute will be enforced per unique source IP.
Identify the email address of the existing personnel record in Drata.
Save the compliance evidence as a document that is an accepted file type.

HERE'S HOW

Automate evidence upload for a user

Create a directory for development of scripts for Drata
Run npm i form-data in terminal (npm form-data)
Run npm i node-fetch in terminal (npm fetch)
Run npm i lodash in terminal (npm lodash)
Add "type": "module” to package.json in order for this script to run, due to the use of “import”
Optional: dotenv to import the API key from environment variables, else write the API key strings in the code samples below, run npm i dotenv (npm dotenv)
Example script:
1. Get request: Retrieve the personnel record by email. Use the personnel record to find the user id.
2. Post request: Using the user id, upload external evidence, ensure the proper file type and file path are inputted in the code

This script is intended to serve as an example template. You will need to configure your local environment and adjust the code to fit your specific use case.

import FormData from 'form-data';
import fetch from 'node-fetch';
import * as dotenv from 'dotenv';
import * as fs from'fs';
import _ from 'lodash';

dotenv.config()

async function run() {
    // 1. Get personnel record by email to identify userId
    const query = new URLSearchParams({
        q: '[email protected]',
    });
    query.toString();

    let userId;
    try {
        const resp = await fetch(
            `https://public-api.drata.com/public/personnel?${query}`,
            {
            method: 'GET',
            headers: {
                Authorization: `Bearer ${process.env.API_KEY}`
            }
            }
        );
        const data = await resp.json();
        userId = _.get(data, 'data.0.user.id');
    } catch (e) {
        console.log(e);
    }

		// 2. Upload file evidence for user by userId
    const form = new FormData();
    form.append('type', 'SEC_TRAINING');

    // 3. Add your file here. If the file exists in the same directory as this script, add only the file name. Else, add the file path.
    const file = fs.createReadStream('/Users/username/Desktop/evidence.png');
    form.append('file', file);

    try {
        const resp = await fetch(
            `https://public-api.drata.com/public/users/${userId}/documents`,
            {
            method: 'POST',
            headers: {
                Authorization: `Bearer ${process.env.API_KEY}`
            },
            body: form,
            }
        );
        const data = await resp.json();
        console.log(data);
    } catch (e) {
        console.log(e);
    }
}

run();