Updated on November 24, 2023
Security
Estimated reading: 1 minute
660 views
Authentication
All requests to the TrustCloud API authenticate using a TrustCloud-generated JSON Web Token (JWT). This key is digitally-signed and can be set to expire, or revoked at any time. By using a signed key, authentication and claims can be validated, and by decoupling API access from an individual user, API keys can be revoked without impacting the user’s ability to access TrustCloud.
Access Control
TrustCloud assigns all API Keys with a limited role of API_USER. This role is limited to the following permissions necessary to access the API endpoints in TrustCloud API.Â
 | Create | Read | Update | Delete |
Controls | No | Yes | No | No |
Systems | No | Yes | No | No |
Tests | No | Yes | No | No |
Evidence | Yes | Yes | No | No |