Skip to content
Kordon Learn

Assets API

POST /assets/

Section titled “POST /assets/”

Create a single asset.

FieldTypeRequiredDescription
titlestringYesDisplay name shown throughout Kordon.
descriptionstringYesRich-text description that can include HTML.
manager_idUUIDYesUser ID for the asset manager.
owner_idUUIDYesUser ID for the asset owner.
asset_valuestringNoValue such as low, medium, or high.
statestringYesOptional lifecycle state, e.g., live, planning, deprecated.
Terminal window
curl --location 'https://YOUR_KORDON_DOMAIN/api/v1/assets/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer YOUR-TOKEN' \
--data '{
    "asset": {
        "title": "New asset name",
        "manager_id": "98dcb717-al70-4c89-8246-0bb026wc215b",
        "owner_id": "98dcb717-al70-4c89-8246-0bb026wc215b",
        "asset_value": "medium",
        "state": "live",
        "description": "<p>This was created through the API</p>"
    }
}'

Example response:

Response of a creation request will include the full data of the created object.

Status 200

{
    "data": {
        "id": "4c38aec4-989f-4f1d-85ce-fcad34820716",
        "asset_value": "medium",
        "controls": [],
        "created_at": "2024-08-28T14:27:26+00:00",
        "description": "<p>This was created through the API</p>",
        "has_empty_controls": true,
        "has_failing_controls": false,
        "has_not_mitigated_risks": false,
        "labels": [],
        "manager": {
            "id": "98dcb717-al70-4c89-8246-0bb026wc215b",
            "name": "Jaana Manana"
        },
        "most_problematic_connection": {},
        "owner": {
            "id": "98dcb717-al70-4c89-8246-0bb026wc215b",
            "name": "Jaana Manana"
        },
        "risks": [],
        "state": "live",
        "sum_of_risk_scores": 0,
        "tasks": [],
        "title": "New asset name",
        "updated_at": "2024-08-28T14:27:26+00:00"
    }
}

GET /assets/

Section titled “GET /assets/”

List all Assets.

Terminal window
curl --location --request GET 'https://YOUR_KORDON_DOMAIN/api/v1/assets/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer YOUR-TOKEN' \
--data ''

Example response

Status: 200

{
    "data": [
        {
            "id": "580ee34d-4634-43b5-b082-952fdf4bd9b3",
            "asset_value": "medium",
            "business_processes": [],
            "controls": [],
            "created_at": "2025-02-06T13:49:49+00:00",
            "description": "<p>Something is written here</p>",
            "labels": [],
            "manager": {
                "id": "eb58a210-3532-4412-98cb-5d14e56f0f62",
                "name": "Pierre Zapp"
            },
            "owner": {
                "id": "eb58a210-3532-4412-98cb-5d14e56f0f62",
                "name": "Pierre Zapp"
            },
            "permissions": {
                "update": true,
                "destroy": true,
                "connect": true
            },
            "risks": [],
            "state": "live",
            "sum_of_risk_scores": 0,
            "tasks": [],
            "title": "GCP",
            "updated_at": "2025-02-06T13:49:49+00:00",
            "vendors": [],
            "classification": null,
            "vendor_contact_email": null
        }
    ],
    "meta": {
        "total_count": 14,
        "page": 1,
        "permissions": {
            "create": true
        },
        "per_page": "1"
    }
}

PATCH /assets/:id:

Section titled “PATCH /assets/:id:”

Update a single asset

In this example, internal_department_id is a custom field of the asset object.

Terminal window
curl --location --request PATCH 'https://YOUR_KORDON_DOMAIN/api/v1/assets/a16083dc-2938-4c97-b77b-4669b53eae9a' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer YOUR-TOKEN' \
--data '{
    "asset": {
        "internal_department_id": "12"
    }
}'

Response will have the full data of the now updated object.

Status: 200

{
  "data": {
    "id": "0cbd4eb0-ac1d-4ec8-a426-e353bb65991a",
    "asset_value": "medium",
    "controls": [],
    "created_at": "2024-08-28T14:26:29+00:00",
    "description": "<p>tere tere</p>",
    "has_empty_controls": true,
    "has_failing_controls": false,
    "has_not_mitigated_risks": false,
    "labels": [],
    "manager": {
      "id": "98dcb717-al70-4c89-8246-0bb026wc215b",
      "name": "Jaana Manana",
      "user_type": "user"
    },
    "most_problematic_connection": {},
    "owner": {
      "id": "98dcb717-al70-4c89-8246-0bb026wc215b",
      "name": "Jaana Manana",
      "user_type": "user"
    },
    "risks": [],
    "state": "live",
    "sum_of_risk_scores": 0,
    "tasks": [],
    "title": "The laptops",
    "updated_at": "2024-08-30T05:20:19+00:00",
    "internal_department_id": "12"
  },
  "meta": {
    "custom_fields": [
      {
        "name": "internal_department_id",
        "label": "Internal department ID",
        "kind": "string"
      }
    ]
  }
}

DELETE /assets/:id:

Section titled “DELETE /assets/:id:”

Delete an asset.

Terminal window
curl --location --request DELETE 'https://YOUR_KORDON_DOMAIN/api/v1/assets/e856da13-f02e-4e3d-addc-ab96f4395a7b' \
--header 'Authorization: Bearer YOUR-TOKEN' \
--data ''

Response of a deletion request will include the id of the just deleted object.

Example response:

Status 200

{
    "data": {
        "id": "e856da13-f02e-4e3d-addc-ab96f4395a7b"
    }
}