API Overview

You can use Kordon’s API to build scripts and applications that automate processes, integrate with Kordon, and extend Kordon. For example, you could use the API to sync assets with your asset management system.

Each REST API endpoint is documented individually, and the endpoints are categorized by the resource that they primarily affect.

Every request to the REST API includes an HTTP method and a path. Depending on the REST API endpoint, you might also need to specify request headers, authentication information, query parameters, or body parameters.

Where possible, the Kordon REST API strives to use an appropriate HTTP method for each action.

GET Used for retrieving resources.
POST Used for creating resources.
PATCH Used for updating properties of resources.
DELETE Used for deleting resources.

Base URL

All API requests should be made to:

https://YOUR_KORDON_URL/api/v1/

Description Fields

Many objects in the Kordon API include a description field that accepts basic HTML. Kordon uses the Lexical WYSIWYG editor for rich text content. When creating or updating resources with descriptions, you can include HTML formatting such as:

Paragraphs: Your text here
Bold: Bold text or Bold text
Lists: <ul><li>Item</li></ul> or <ol><li>Item</li></ol>
Links: <a href="url">Link text</a>

Example:

{
  "description": "<p>This is a <strong>formatted</strong> description.</p>"
}

API Resources

Authentication - Learn how to authenticate your requests
Error Handling - Understanding API errors and responses
Pagination - Working with paginated results
Users API - Manage user accounts, permission roles and settings
Assets API - Manage information assets
Business Processes API - Manage business processes and their criticality
Controls API - Manage security controls, policies, and procedures
Vendors API - Manage vendor relationships and contracts
Risks API - Manage organizational risks
Findings API - Manage security incidents, non-conformities, and audit findings
Tasks API - Manage tasks and automated workflows