Skip to Content
Welcome to the Novantra documentation.
DevelopersOverview

Developers

For integrators building on top of Novantra: ingesting governance records into a warehouse, pushing findings from scanners, wiring submission events into a regulator portal, or building a custom dashboard against Novantra data.

If you’re starting from zero, Getting Started walks you from “I have a workspace” to “I made my first call” in about thirty minutes.

Where the API lives

The public API is at /api/v1/.... It is curated, versioned, and scope-token authenticated. It is not a re-export of Novantra’s internal application routes; those are unstable and not for external use.

See REST API for the section index, or jump straight to:

What v1 covers today

Reads across the v1-scope foundation modules: Frameworks, Controls, Risks, Evidence, Assessments, Findings, Exceptions, Monitoring, Indicators, Submissions, Assets, Party Engagements, Change Management, Vulnerability Management.

Targeted writes where an external system is the natural source: creating Findings from scanners, creating Evidence claims with attachments, posting Submission package events.

Webhooks for important state transitions on Findings, Evidence claims, Submission packages, and Assessments.

What’s not in v1

Organization administration, member and role mutation, license operations, billing, key management, backup and restore, bulk destructive writes, cross-organization operations. These require deeper authorization design and remain inside the Novantra application UI for now.

Integration boundaries

The following capabilities are outside the v1 contract:

  • Long-lived API tokens for headless integrators that cannot complete a client-credentials flow.
  • Bulk read endpoints for large warehouse ingest patterns.

Check Versioning and your account team for the supported integration path.

Last updated on
Getting Started