{"openapi":"3.1.0","info":{"title":"Tech Risk & Compliance - Compliance Automation","version":"1.0","contact":{"name":"OneTrust Support","url":"https://my-onetrust-com.surrey.idm.oclc.org/s/contactsupport"},"license":{"name":"Apache 2.0","url":"https://www.apache.org/licenses/LICENSE-2.0"},"description":"The Compliance Automation APIs are used to integrate external systems and streamline the flow of data with Compliance Automation in the OneTrust Platform."},"servers":[{"url":"https://{hostname}/api/compliance-wr","variables":{"hostname":{"default":"hostname","description":"The OneTrust hostname such as app.onetrust.com, app-eu.onetrust.com, app-de.onetrust.com, app-uk.onetrust.com, app-apac.onetrust.com, trial.onetrust.com, or uat.onetrust.com."}}}],"tags":[{"name":"Initiatives","description":"The Initiatives APIs are used to manage compliance initiatives for standards and frameworks.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-compliance-automation.json"}}],"x-onetrust":{"spec-label":"OpenAPI 3.1.0"},"x-readme":{"explorer-enabled":false,"proxy-enabled":false,"metrics-enabled":false},"paths":{"/v1/initiatives/search":{"post":{"operationId":"findAllInitiativesByFilterUsingPOST","summary":"Get List of Initiatives","description":"Use this API to retrieve a list of all initiatives or search for initiatives based on the specified criteria.","tags":["Initiatives"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-compliance-automation.json"},"parameters":[{"name":"page","in":"query","description":"The page number of the results.","schema":{"description":"Results page to be retrieved (0..N). Example- '?page=1","type":"integer","format":"int32","default":0,"minimum":0},"example":1},{"name":"size","in":"query","description":"The number of results per page.","schema":{"description":"Number of records per page (1..50). Example- '?size=20","type":"integer","format":"int32","default":20,"maximum":50,"minimum":1},"example":50},{"name":"sort","in":"query","description":"The sort criteria that dictates the order of the results.","schema":{"type":"string","default":"createdDate,desc","enum":["id,asc","id,desc","number,asc","number,desc","name,asc","name,desc","createdDate,asc","createdDate,desc"],"pattern":"^(id|number|name|createdDate),(asc|desc)$"},"example":"id,desc"}],"requestBody":{"content":{"application/json":{"schema":{"example":{"criteria":{"filters":[{"field":"owner","value":["dcdd78fe-9676-4168-9c4f-87bfc68f1414"],"operator":"EQUAL_TO"}]}},"$ref":"#/components/schemas/PageSearchRequest","enum":["organization","owner","category","approvers","closedBy","resolutionType"]}}}},"responses":{"200":{"description":"Initiatives fetched successfully","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/InitiativeResponse"}}}}},"400":{"description":"Unsupported filter field","content":{"application/json":{"schema":{"type":"object","example":{"errors":[{"title":"custom field is not supported in filter","detail":"custom field is not supported in filter","code":"ERROR_INITIATIVE_MANAGEMENT_INVALID_REQUEST"}],"traceId":"dcdd78fe-9676-4168-9c4f-87bfc68f1414"}}}}},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["COMPLIANCE_AUTOMATION_READ"]}]}},"/v1/initiatives/{initiativeId}":{"get":{"operationId":"getInitiativeUsingGET","summary":"Get Initiative","description":"Use this API to retrieve details for a specific initiative. The response will include details such as the created date, workflow, and stage.","tags":["Initiatives"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-compliance-automation.json"},"parameters":[{"name":"initiativeId","in":"path","description":"The unique identifier of the initiative.","required":true,"schema":{"type":"string","format":"uuid","example":"dcdd78fe-9676-4168-9c4f-87bfc68f1414"}}],"responses":{"200":{"description":"Initiative details fetched successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InitiativeResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"404":{"description":"Initiative not found.","content":{"application/json":{"schema":{"type":"object","example":{"errors":[],"traceId":"dcdd78fe-9676-4168-9c4f-87bfc68f1414"}}}}},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["COMPLIANCE_AUTOMATION_READ"]}]},"put":{"operationId":"updateInitiativeUsingPUT","summary":"Update Initiative","description":"Use this API to update details of a specific initiative.","tags":["Initiatives"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/tech-risk-compliance-compliance-automation.json"},"parameters":[{"name":"initiativeId","in":"path","description":"The unique identifier of the initiative.","required":true,"schema":{"type":"string","format":"uuid","example":"dcdd78fe-9676-4168-9c4f-87bfc68f1414"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"example":{"name":"Updated Initiative Name","observationStartDT":"2024-12-31T23:59:59Z","observationEndDT":"2025-12-31T23:59:59Z","ownerIds":["78a6237c-f99e-4d18-9dcb-fea88a72f0fd"]},"$ref":"#/components/schemas/InitiativeUpdateRequest","required":["name","observationEndDT","observationStartDT","ownerIds"]}}}},"responses":{"202":{"description":"Accepted","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InitiativeResponse"}}}},"400":{"description":"Missing required attributes","content":{"application/json":{"schema":{"type":"object","example":"{\"errors\": [{\"code\": \"ERROR_GENERIC_BIND\", \"source\": \"OneTrust\", \"detail\": \"Unable to process request due to invalid content/data type: name\", \"title\": \"Bad Request\"}, ], \"traceId\": \"dcdd78fe-9676-4168-9c4f-87bfc68f1414\"}"}}}},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["COMPLIANCE_AUTOMATION_WRITE"]}]}}},"components":{"schemas":{"InitiativeUpdateRequest":{"type":"object","properties":{"name":{"description":"The name of the initiative.","type":"string","example":"NIST 800-53 Compliance Initiative"},"observationStartDT":{"description":"The start date and time for which the initiative will be observed.","type":"string","format":"date-time","example":"2024-12-31T23:59:59Z"},"observationEndDT":{"description":"The end date and time for which the initiative will be observed.","type":"string","format":"date-time","example":"2025-12-31T23:59:59Z"},"ownerIds":{"description":"The list of unique identifiers of the users responsible for the initiative.","type":"array","items":{"type":"string","format":"uuid","description":"List of owner IDs"}}}},"EntityBasicUserInformation":{"type":"object","properties":{"id":{"description":"The unique identifier of the user who last modified the initiative.","type":"string","format":"uuid","example":"f2229953-b4b5-4042-8cb9-b78038cc4c46"},"name":{"description":"The name of the user who last modified the initiative.","type":"string","example":"First Last"},"email":{"description":"The email address of the user who last modified the initiative.","type":"string","example":"user@gmail.com"},"initials":{"description":"The initials of the user who last modified the initiative.","type":"string","example":"FL"}}},"EntityRecordAuditInformation":{"type":"object","properties":{"createdDate":{"description":"The date and time that the initiative was created.","type":"string","format":"date-time","example":"2021-05-13T13:06:49.853Z"},"lastUpdatedDate":{"description":"The date and time that the initiative was last updated.","type":"string","format":"date-time","example":"2021-05-13T13:06:49.853Z"},"createdBy":{"description":"The details of the user who created the initiative.","example":{"id":"c21319953-b4b5-4042-8cb9-b78038cc4c51","name":"Name"},"$ref":"#/components/schemas/EntityBasicUserInformation"},"lastModifiedBy":{"description":"The details of the user who last modified the initiative.","example":{"id":"c21319953-b4b5-4042-8cb9-b78038cc4c51","name":"Name"},"$ref":"#/components/schemas/EntityBasicUserInformation"}},"required":["createdDate"]},"EntityWorkflowInformation":{"type":"object","properties":{"id":{"description":"The unique identifier of the workflow.","type":"string","format":"uuid","example":"b271c01a-89a9-41b1-8185-0a3e2bfdad84"},"name":{"description":"The name of the workflow.","type":"string","example":"Vendor On-Boarding Workflow"},"type":{"description":"The type of workflow.","type":"string","example":"Vendor"},"workflowMode":{"description":"The mode in which the workflow was created.","type":"string","example":"BASIC","enum":["ADVANCED, BASIC"]},"stageId":{"description":"The unique identifier of the workflow stage.","type":"string","format":"uuid","example":"9fc111cb-c379-4f08-8aff-5be954c1a6e6"},"stageName":{"description":"The name of the workflow stage.","type":"string","example":"Start On-Boarding"}},"required":["id","name","stageId","stageName","type"]},"InitiativeResponse":{"type":"object","properties":{"id":{"description":"The unique identifier of the initiative.","type":"string","format":"uuid","example":"ab129a431-3d3d-4352-9daf-71f6ea2b3d70"},"number":{"description":"The sequential order in which the initiative was created.","type":"integer","format":"int64","example":1},"name":{"description":"The name of the initiative.","type":"string","example":"NIST 800-53 Compliance Initiative"},"orgGroupId":{"description":"The unique identifier of the organization accountable for managing the initiative.","type":"string","format":"uuid","example":"cb49a431-3d3d-4352-9daf-71f6ea2b3d89"},"complianceScore":{"description":"The compliance score of the initiative.","type":"integer","format":"int32","example":76},"scopeId":{"description":"The unique identifier of the inventory record associated with the iniatiative.","type":"string","format":"uuid","example":"9a038a54-5842-49c5-920e-06e74f7cff9e"},"scopeName":{"description":"The name of the inventory record associated with the initiative.","type":"string","example":"Azure SQL Server"},"scopeType":{"description":"The type of inventory record associated with the initiative.","type":"string","example":"Assets"},"organizationName":{"description":"The name of the organization accountable for managing the initiative.","type":"string","example":"OneTrust HR"},"legislations":{"description":"The details of the standards or frameworks associated with the initiative.","type":"array","items":{"$ref":"#/components/schemas/LegislationInformation"}},"observationStartDT":{"description":"The start date and time for which the initiative will be observed.","type":"string","format":"date-time","example":"2024-01-01T23:59:59Z"},"observationEndDT":{"description":"The end date and time for which the initiative will be observed.","type":"string","format":"date-time","example":"2025-12-31T23:59:59Z"},"owners":{"description":"The details of the user responsible for the initiative.","type":"array","items":{"$ref":"#/components/schemas/UserInfo"}},"creationStatus":{"description":"The creation status of the initiative.","type":"string","example":"SUCCESS"},"inventories":{"description":"The details of the inventory records associated with the initiative.","type":"array","items":{"$ref":"#/components/schemas/InventoryDetailIdentifier"}},"workflowAndStage":{"description":"The details of the workflow and stage.","$ref":"#/components/schemas/EntityWorkflowInformation"},"auditFields":{"description":"The activity details of when the initiative was created and last updated.","$ref":"#/components/schemas/EntityRecordAuditInformation"}}},"InventoryDetailIdentifier":{"type":"object","properties":{"id":{"description":"The unique identifier of the inventory record associated with the iniatiative.","type":"string","format":"uuid","example":"ab129a431-3d3d-4352-9daf-71f6ea2b3d70"},"name":{"description":"The name of the inventory record associated with the initiative.","type":"string","example":"Azure SQL Server"},"organization":{"description":"The details of the organization responsible for the inventory record.","$ref":"#/components/schemas/OrgGroupBasicDetailResponse"},"inventoryType":{"description":"The type of inventory record associated with the initiative.","type":"string","example":"Assets"},"number":{"description":"The sequential number of the inventory record associated with the initiative.","type":"integer","format":"int64","example":1}}},"LegislationInformation":{"type":"object","properties":{"name":{"description":"The name of the standard or framework.","type":"string","example":"GDPR Privacy (2018)"},"frameworkId":{"description":"The unique identifier of the standard or framework.","type":"string","format":"uuid","example":"cb49a431-3d3d-4352-9daf-71f6ea2b3d89"},"otFrameworkIdentifier":{"description":"The OneTrust system identifier of the standard or framework.","type":"string","format":"uuid","example":"78a6237c-f99e-4d18-9dcb-fea88a72f0fd"}}},"OrgGroupBasicDetailResponse":{"type":"object","properties":{"guid":{"description":"The unique identifier of the organization responsible for the inventory record.","type":"string","format":"uuid"},"name":{"description":"The name of the organization responsible for the inventory record.","type":"string"},"languageId":{"description":"The ID of the default language for the organization responsible for the inventory record.","type":"integer","format":"int64"}}},"UserInfo":{"type":"object","properties":{"id":{"description":"The unique identifier of the user responsible for the initiative.","type":"string","format":"uuid","example":"cb49a431-3d3d-4352-9daf-71f6ea2b3d89"},"active":{"description":"This flag indicates whether the user responsible for the initiative is active.","type":"boolean","example":true},"name":{"description":"The name of the user responsible for the initiative.","type":"string","example":"John Smith"}}},"AttributePredicate":{"type":"object","properties":{"field":{"description":"The field by which to filter results.","type":"string"},"operator":{"description":"The relationship that must be met between the field and the value.","type":"string","enum":["EQUAL_TO","NOT_EQUAL_TO","GREATER_THAN","GREATER_THAN_EQUAL_TO","LESS_THAN","LESS_THAN_EQUAL_TO","BETWEEN"]},"value":{"description":"The value by which to filter results.","type":"object","oneOf":[{"type":"string","format":"uuid"},{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]},"toValue":{"description":"The end value by which to filter results.","type":"object","oneOf":[{"type":"string","format":"date"},{"type":"string","format":"date-time"},{"type":"string"},{"type":"number"}]}},"required":["field"]},"AttributeQueryCriteria":{"type":"object","properties":{"filters":{"description":"The criteria used to filter results.","type":"array","items":{"$ref":"#/components/schemas/AttributePredicate"},"uniqueItems":true},"fullText":{"description":"The search terms by which to filter results. A maximum of 500 characters is allowed.","type":"string","maxLength":500,"minLength":0}},"example":{"fullText":"Expired Policies","filters":[{"field":"organization","value":["ff9e09ee-3a89-4af7-acc0-ccc45ba34970"],"operator":"EQUAL_TO"},{"field":"owner","value":["f4894a72-c2a1-4b1d-85af-176bf16558f8","aca8be12-c379-4577-a9ff-6d31e70299c1"],"operator":"EQUAL_TO"}]}},"PageSearchRequest":{"type":"object","properties":{"criteria":{"description":"The details of the filter criteria.","example":{"fullText":"Expired Policies","filters":[{"field":"organization","value":["ff9e09ee-3a89-4af7-acc0-ccc45ba34970"],"operator":"EQUAL_TO"},{"field":"owner","value":["f4894a72-c2a1-4b1d-85af-176bf16558f8","aca8be12-c379-4577-a9ff-6d31e70299c1"],"operator":"EQUAL_TO"}]},"$ref":"#/components/schemas/AttributeQueryCriteria"}}}},"securitySchemes":{"OAUTH2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://{hostname}/api/access/v1/oauth/token","scopes":{"COMPLIANCE_AUTOMATION_READ":"Access to read compliance automation components from external systems","COMPLIANCE_AUTOMATION_WRITE":"Access to read and write compliance automation components from external systems"}}}}}}}