Security

Estimated reading: 1 minute 660 views

Authentication

All requests to the TrustCloud API authenticate using a TrustCloud-generated JSON Web Token (JWT). This key is digitally-signed and can be set to expire, or revoked at any time. By using a signed key, authentication and claims can be validated, and by decoupling API access from an individual user, API keys can be revoked without impacting the user’s ability to access TrustCloud.

Access Control

TrustCloud assigns all API Keys with a limited role of API_USER. This role is limited to the following permissions necessary to access the API endpoints in TrustCloud API.

	Create	Read	Update	Delete
Controls	No	Yes	No	No
Systems	No	Yes	No	No
Tests	No	Yes	No	No
Evidence	Yes	Yes	No	No

API Reference

TrustCloud API Reference

Tagged:
TrustCloudAPI

Learning

Platform Overview

TrustOps

TrustShare

TrustRegister

AuditLens

Changelogs

TrustCloud API

Courses

GRC Launchpad

Forums

Welcome

TrustCloud Q&A

GRC Q&A

Champions

Companies

Resources

Trusted Partners

Articles

Glossary

Code of Conduct

Support

Report a bug

TrustCloud Blog

Go to TrustCloud.ai

Security

Authentication

Access Control

API Reference

Join the conversation Cancel reply

ON THIS PAGE

SHARE THIS PAGE

SUBSCRIBE

Want to see how to turn GRC into a profit center?

Resources

Platform

TOPICS

ABOUT US