Business Processes API

Manage your organization’s business processes, their criticality levels, and relationships to assets, risks, and vendors.

Criticality Levels

Available criticality levels:

• low - Low business impact
• medium - Medium business impact
• high - High business impact

Relationships

Business processes can be related to:

• Assets - Information assets used or produced by the process
• Vendors - Third-party vendors involved in the process
• Controls - Controls that govern or protect the process
• Risks - Risks that could disrupt or impact the process

Permissions

The permissions object indicates what actions the current user can perform:

• update - Can modify the business process
• destroy - Can delete the business process
• connect - Can link the business process to other objects
• changelog - Can view the business process’s change history

GET /business-processes/

List all business processes with optional filtering.

Query Parameters

Parameter	Type	Description
criticality[]	array	Filter by criticality: low, medium, high.
owner[]	array	Filter by owner user IDs.
labels[]	array	Filter by label IDs. Use none for processes without labels.

Array parameters

To filter by multiple values, repeat the parameter with [] brackets for each value. For example:

?criticality[]=high&criticality[]=medium

curl --location GET \
--url "https://YOUR_KORDON_DOMAIN/api/v1/business-processes/" \
--header "Authorization: Bearer YOUR-TOKEN"

Example with filters:

curl --location GET \
--url "https://YOUR_KORDON_DOMAIN/api/v1/business-processes/?criticality[]=high&owner[]=user-uuid-here" \
--header "Authorization: Bearer YOUR-TOKEN"

Example Response

Status: 200

{
    "data": [
        {
            "id": "5a35e67e-f6b7-488d-86a2-6d7943ea6119",
            "assets": [
                {
                    "id": "1ac63eb0-6012-4f8a-b46a-d8e0b1dea3e8",
                    "state": "live",
                    "title": "CRM"
                }
            ],
            "created_at": "2025-11-10T07:14:58+00:00",
            "criticality": "medium",
            "currency": null,
            "description": "<p>Important business process</p>",
            "labels": [],
            "monetary_value": 1,
            "owner": {
                "id": "fbe8dc76-b1a8-4ce2-866d-15f90c9a20f6",
                "active": true,
                "color": "#52C41A",
                "kind": "person",
                "name": "Linus Caldwell"
            },
            "permissions": {
                "update": true,
                "destroy": true,
                "connect": true,
                "changelog": true
            },
            "risks": [],
            "tasks": [],
            "title": "Sales",
            "updated_at": "2025-11-13T15:43:45+00:00",
            "vendors": []
        }
    ],
    "meta": {
        "total_count": 1,
        "page": 1,
        "permissions": {
            "create": true
        },
        "per_page": 10
    }
}

GET /business-processes/:id

Retrieve a specific business process by ID.

curl --location GET \
--url "https://YOUR_KORDON_DOMAIN/api/v1/business-processes/5a35e67e-f6b7-488d-86a2-6d7943ea6119" \
--header "Authorization: Bearer YOUR-TOKEN"

Example Response

Status: 200

{
    "data": {
        "id": "5a35e67e-f6b7-488d-86a2-6d7943ea6119",
        "assets": [
            {
                "id": "1ac63eb0-6012-4f8a-b46a-d8e0b1dea3e8",
                "state": "live",
                "title": "CRM"
            }
        ],
        "created_at": "2025-11-10T07:14:58+00:00",
        "criticality": "medium",
        "currency": "USD",
        "description": "<p>Important business process</p>",
        "labels": [],
        "monetary_value": 100000,
        "owner": {
            "id": "fbe8dc76-b1a8-4ce2-866d-15f90c9a20f6",
            "active": true,
            "color": "#52C41A",
            "kind": "person",
            "name": "Linus Caldwell"
        },
        "permissions": {
            "update": true,
            "destroy": true,
            "connect": true,
            "changelog": true
        },
        "risks": [],
        "tasks": [],
        "title": "Sales",
        "updated_at": "2025-11-13T15:43:45+00:00",
        "vendors": []
    }
}

POST /business-processes/

Create a new business process.

Required Parameters:

• title - Business process title
• owner_id - User ID of the process owner

Optional Parameters:

• description - Detailed description of the business process (HTML supported)
• criticality - Criticality level (low, medium, or high)
• monetary_value - Financial value associated with the process
• currency - Currency code (e.g., “USD”, “EUR”, “GBP”)

curl --location POST \
--url "https://YOUR_KORDON_DOMAIN/api/v1/business-processes/" \
--header "Authorization: Bearer YOUR-TOKEN" \
--header "Content-Type: application/json" \
--data '{
    "business_process": {
        "title": "Customer Onboarding",
        "owner_id": "fbe8dc76-b1a8-4ce2-866d-15f90c9a20f6",
        "criticality": "high",
        "monetary_value": 250000,
        "currency": "USD",
        "description": "<p>Process for onboarding new customers</p>"
    }
}'

PATCH /business-processes/:id

Update an existing business process.

curl --location PATCH \
--url "https://YOUR_KORDON_DOMAIN/api/v1/business-processes/5a35e67e-f6b7-488d-86a2-6d7943ea6119" \
--header "Authorization: Bearer YOUR-TOKEN" \
--header "Content-Type: application/json" \
--data '{
    "criticality": "high",
    "monetary_value": 500000
}'

Example Response

Status: 200

The response will include the full data of the updated business process.

DELETE /business-processes/:id

Remove a business process.

curl --location DELETE \
--url "https://YOUR_KORDON_DOMAIN/api/v1/business-processes/5a35e67e-f6b7-488d-86a2-6d7943ea6119" \
--header "Authorization: Bearer YOUR-TOKEN"

Example Response

Status: 200

{
    "data": {
        "id": "5a35e67e-f6b7-488d-86a2-6d7943ea6119"
    }
}

Criticality Levels

Available criticality levels:

• low - Low business impact
• medium - Medium business impact
• high - High business impact

Managing Business Process Connections

Business processes can be connected to Controls, Risks, Vendors, and Assets.

PATCH /business-processes/:id/connections

Update the connections for a business process.

Connection Parameters

Parameter	Type	Description
control_ids	array	IDs of controls to connect
risk_ids	array	IDs of risks to connect
vendor_ids	array	IDs of vendors to connect
asset_ids	array	IDs of assets to connect

Partial Updates

Only connection types included in the request are updated. Omitted connection types remain unchanged.

Replacing Connections

When updating a connection type, you must include all IDs you want connected, not just the new ones.

• To add a connection: include all existing IDs plus the new ID
• To remove a connection: include all IDs except the one to remove
• To remove all connections of a type: include an empty array []

Invalid IDs are ignored.

Example: Update business process connections

curl --location PATCH \
--url "https://YOUR_KORDON_DOMAIN/api/v1/business-processes/5a35e67e-f6b7-488d-86a2-6d7943ea6119/connections" \
--header "Authorization: Bearer YOUR-TOKEN" \
--header "Content-Type: application/json" \
--data '{
    "connections": {
        "control_ids": [
            "18211d00-904f-4ca9-a212-1e616a687d83"
        ],
        "asset_ids": [
            "0fb11fe0-85de-423d-ba63-b76598a9c743",
            "16615652-dcea-4250-8068-ab19e0dc046d"
        ],
        "vendor_ids": [
            "b00f71e5-9cb4-4995-96e6-0e5710f85e0a"
        ],
        "risk_ids": [
            "3efe0045-3562-4aa5-96bd-b17f13c4de79"
        ]
    }
}'

Example Response

Status: 200

The response returns the full business process object with all updated connections.