Use Sprinto’s Open API to supplement your Security Compliance
Sprinto’s Open API is a lightweight API that allows you to connect and scale your compliance journey, enabling you to automate the evidence collection process from any systems you have access to. It allows you to integrate your critical systems such as a Security Training Provider, Performance Tools, Infrastructure assets to push information seamlessly into Sprinto.
Sprinto’s Open API gives you the flexibility to push data in any of the formats you have configured your platform in, lets say you use a HTTP client such as Node-Axios or a command-line interface like Curl, you are covered!
When Should you use APIs
Do you use service providers that Sprinto does not integrate with? or have a batch job that you want to push to Sprinto asynchronously?. We understand that every organization has its own unique scenarios and set of service providers. Also, information security is an ever-growing checklist and if your organization would want to scale your information security program quickly and effectively then we have got you covered on Sprinto.
What Use-cases Can be solved using APIs
Sprinto provides an API to upload custom evidence against any checks running in the system. This can be a powerful tool to collect evidence in Sprinto without human intervention. A few of the many use-cases of APIs is listed below:
1
DB backup evidence for self-hosted DBs
Consider a check requiring that production data stores should be regularly backed up. For standard data stores like RDS in AWS, Sprinto can read this information via the integration. But if you have a self-hosted DB on an EC2 instance, Sprinto cannot find the relevant information via the integration.
Now, for a self-hosted DB, you would have also set up a backup system yourself. In many cases, this is a script that is set up to run periodically and take the backup. Here you can very easily capture the output of the script showing the time of backup etc and send it to Sprinto via the API.
2
Evidence for Disaster Recovery exercise
For the periodic disaster recovery exercise, if it is done via an automated system, the same system can also post the output of the exercise to Sprinto via the API as evidence of having run the process.
3
Employee Performance/BG verification/Training Checks
You as a company may have internal tools to run training programs or conduct background checks or hiring evaluation. You can use our APIs to push employee information against those checks and ensure that you are security compliant at all times.
Sprinto’s Open API allows you to push data from any system that you are already using, without blocking the security compliance.
How to use Custom Evidence APIs on Sprinto
You could easily utilize the APIs exposed from our platform to set up your own automation workflows
Find failing check for which you want to upload Custom evidence on the Dashboard
Select the failing check and click on it, a side navigation will show you the External evidence option through API
The request endpoint details, method, and the particular check primary key details are mentioned
To find the API key for authentication, click on the “API Keys here” link on the side drawer
Select the option that says “Create new api token” to generate the API token
The API page will also give you examples of various methods that can be used to push data into Sprinto.
