Assets API
POST /assets/
Section titled “POST /assets/”Create a single asset.
| Field | Type | Required | Description |
|---|---|---|---|
title | string | Yes | Display name shown throughout Kordon. |
description | string | Yes | Rich-text description that can include HTML. |
manager_id | UUID | Yes | User ID for the asset manager. |
owner_id | UUID | Yes | User ID for the asset owner. |
asset_value | string | Yes | Value: low, medium, or high. |
state | string | No | Lifecycle state: live, planned, or deprecated. Defaults to live. |
label_ids | array | No | Array of label UUIDs to attach to the asset. |
curl --location 'https://YOUR_KORDON_DOMAIN/api/v1/assets/' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer YOUR-TOKEN' \--data '{ "asset": { "title": "New asset name", "manager_id": "98dcb717-al70-4c89-8246-0bb026wc215b", "owner_id": "98dcb717-al70-4c89-8246-0bb026wc215b", "asset_value": "medium", "state": "live", "description": "<p>This was created through the API</p>", "label_ids": ["81bb6227-005f-4b1e-bf11-fbb9b96adb4d"] }}'Example response:
Response of a creation request will include the full data of the created object.
Status 200
{ "data": { "id": "4c38aec4-989f-4f1d-85ce-fcad34820716", "asset_value": "medium", "controls": [], "created_at": "2024-08-28T14:27:26+00:00", "description": "<p>This was created through the API</p>", "has_empty_controls": true, "has_failing_controls": false, "has_not_mitigated_risks": false, "labels": [], "manager": { "id": "98dcb717-al70-4c89-8246-0bb026wc215b", "name": "Jaana Manana" }, "most_problematic_connection": {}, "owner": { "id": "98dcb717-al70-4c89-8246-0bb026wc215b", "name": "Jaana Manana" }, "risks": [], "state": "live", "sum_of_risk_scores": 0, "tasks": [], "title": "New asset name", "updated_at": "2024-08-28T14:27:26+00:00" }}GET /assets/:id
Section titled “GET /assets/:id”Get a single asset by ID.
curl --location --request GET 'https://YOUR_KORDON_DOMAIN/api/v1/assets/580ee34d-4634-43b5-b082-952fdf4bd9b3' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer YOUR-TOKEN'Example response
Status: 200
{ "data": { "id": "580ee34d-4634-43b5-b082-952fdf4bd9b3", "asset_value": "medium", "business_processes": [], "controls": [], "created_at": "2025-02-06T13:49:49+00:00", "description": "<p>Something is written here</p>", "labels": [], "manager": { "id": "eb58a210-3532-4412-98cb-5d14e56f0f62", "name": "Pierre Zapp" }, "owner": { "id": "eb58a210-3532-4412-98cb-5d14e56f0f62", "name": "Pierre Zapp" }, "risks": [], "state": "live", "sum_of_risk_scores": 0, "tasks": [], "title": "GCP", "updated_at": "2025-02-06T13:49:49+00:00", "vendors": [], "classification": null, "vendor_contact_email": null }}GET /assets/
Section titled “GET /assets/”List all assets
Query Parameters
| Parameter | Type | Description |
|---|---|---|
state[] | array | Filter by state: live, planned, deprecated. |
asset_value[] | array | Filter by value: low, medium, high. |
health[] | array | Filter by health status: with_failing_controls, with_no_controls, with_unmitigated_risks. |
owner[] | array | Filter by owner user IDs. |
manager[] | array | Filter by manager user IDs. |
labels[] | array | Filter by label IDs. Use none for assets without labels. |
curl --location --request GET 'https://YOUR_KORDON_DOMAIN/api/v1/assets/' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer YOUR-TOKEN'Example with filters:
curl --location --request GET 'https://YOUR_KORDON_DOMAIN/api/v1/assets/?state[]=live&state[]=planned&asset_value[]=high&health[]=with_failing_controls' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer YOUR-TOKEN'Example response
Status: 200
{ "data": [ { "id": "580ee34d-4634-43b5-b082-952fdf4bd9b3", "asset_value": "medium", "business_processes": [], "controls": [], "created_at": "2025-02-06T13:49:49+00:00", "description": "<p>Something is written here</p>", "labels": [], "manager": { "id": "eb58a210-3532-4412-98cb-5d14e56f0f62", "name": "Pierre Zapp" }, "owner": { "id": "eb58a210-3532-4412-98cb-5d14e56f0f62", "name": "Pierre Zapp" }, "permissions": { "update": true, "destroy": true, "connect": true }, "risks": [], "state": "live", "sum_of_risk_scores": 0, "tasks": [], "title": "GCP", "updated_at": "2025-02-06T13:49:49+00:00", "vendors": [], "classification": null, "vendor_contact_email": null } ], "meta": { "total_count": 14, "page": 1, "permissions": { "create": true }, "per_page": "1" }}PATCH /assets/:id
Section titled “PATCH /assets/:id”Update a single asset. Only include the fields you want to update.
Updatable Fields
| Field | Type | Description |
|---|---|---|
title | string | Display name shown throughout Kordon. |
description | string | Rich-text description (HTML supported). |
manager_id | UUID | User ID for the asset manager. |
owner_id | UUID | User ID for the asset owner. |
asset_value | string | Value: low, medium, or high. |
state | string | Lifecycle state: live, planned, or deprecated. |
label_ids | array | Array of label UUIDs to attach to the asset. |
You can also update custom fields by including them in the request body.
curl --location --request PATCH 'https://YOUR_KORDON_DOMAIN/api/v1/assets/a16083dc-2938-4c97-b77b-4669b53eae9a' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer YOUR-TOKEN' \--data '{ "asset": { "title": "Updated Asset Name", "asset_value": "high", "state": "planned", "label_ids": ["81bb6227-005f-4b1e-bf11-fbb9b96adb4d"] }}'Example with custom field:
In this example, internal_department_id is a custom field of the asset object.
curl --location --request PATCH 'https://YOUR_KORDON_DOMAIN/api/v1/assets/a16083dc-2938-4c97-b77b-4669b53eae9a' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer YOUR-TOKEN' \--data '{ "asset": { "internal_department_id": "12" }}'Response will have the full data of the now updated object.
Status: 200
{ "data": { "id": "0cbd4eb0-ac1d-4ec8-a426-e353bb65991a", "asset_value": "medium", "controls": [], "created_at": "2024-08-28T14:26:29+00:00", "description": "<p>tere tere</p>", "has_empty_controls": true, "has_failing_controls": false, "has_not_mitigated_risks": false, "labels": [], "manager": { "id": "98dcb717-al70-4c89-8246-0bb026wc215b", "name": "Jaana Manana", "user_type": "user" }, "most_problematic_connection": {}, "owner": { "id": "98dcb717-al70-4c89-8246-0bb026wc215b", "name": "Jaana Manana", "user_type": "user" }, "risks": [], "state": "live", "sum_of_risk_scores": 0, "tasks": [], "title": "The laptops", "updated_at": "2024-08-30T05:20:19+00:00", "internal_department_id": "12" }, "meta": { "custom_fields": [ { "name": "internal_department_id", "label": "Internal department ID", "kind": "string" } ] }}DELETE /assets/:id
Section titled “DELETE /assets/:id”Delete an asset.
curl --location --request DELETE 'https://YOUR_KORDON_DOMAIN/api/v1/assets/e856da13-f02e-4e3d-addc-ab96f4395a7b' \--header 'Authorization: Bearer YOUR-TOKEN' \--data ''Response of a deletion request will include the id of the just deleted object.
Example response:
Status 200
{ "data": { "id": "e856da13-f02e-4e3d-addc-ab96f4395a7b" }}