Skip to main content

Overview

The Risk Legion API is a RESTful API built with FastAPI, providing comprehensive access to all platform features including BRA management, control assurance, governance, and administration.

Base URLs

All API endpoints are prefixed with /api/v1.

Authentication

All API endpoints (except /health) require authentication using JWT Bearer tokens.
See Authentication for details on obtaining and using tokens.

Response Format

Success Responses

All successful responses follow this structure:

Paginated Responses

List endpoints return paginated data:

Error Responses

Error responses include:

HTTP Status Codes

Pagination

Query Parameters

Example

Filtering

Most list endpoints support filtering:

Rate Limiting

The API implements rate limiting to ensure fair usage: Rate limit headers are included in responses:
When rate limited, you’ll receive:

API Versioning

The current API version is v1. The version is included in the URL path:

API Reference

Core Endpoints

BRA Management

Create, manage, and approve Business Risk Assessments

Control Assurance

Manage controls and assess effectiveness

Governance

Risk appetite, audit trails, and action plans

Admin Operations

Enterprise and user management

Quick Reference

Interactive Documentation

When running locally, access the interactive API documentation:

SDKs and Tools

cURL

JavaScript/TypeScript

Python

Error Handling Best Practices

Need Help?

Architecture

Learn about the system architecture

Authentication

Detailed authentication guide