Documentation Index
Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
Use this file to discover all available pages before exploring further.
Resource Reference
The Matproof API exposes 182 endpoints across 39 resource groups. This page is a category-organised index of those resources so you can find what you need quickly. For full request/response schemas of any endpoint, the OpenAPI spec is at openapi.json and renders as an interactive playground in the API tab.
Compliance program
| Resource | Operations | Purpose |
|---|
| Organization | get, update, transfer ownership, branding | Your organization’s settings, primary color, logo |
| People | list, get, create, bulk-create, update, link/unlink device | Team-member directory feeding access reviews and offboarding |
| Policies | list, get, create, update, publish, acknowledge | Policy library — generated, customized, published, acknowledged |
| Risks | list, get, create, update, archive | Risk register with likelihood / impact / treatment / linked controls |
| Findings | list, get, create, update, close | Unified gaps view — feeds from audits, pen-tests, device agent, integrations |
| Finding Templates | list, get, create, update, delete | Reusable finding patterns for common gaps |
Frameworks & SOA
| Resource | Operations | Purpose |
|---|
| SOA (Statement of Applicability) | list, get, mark applicable / not-applicable, justify exclusion, export | ISO 27001 SoA workflow |
| Framework Editor Task Templates | list, get, create, update | Tasks attached to custom-framework controls |
| Context | get, update, list snapshots | Organization-wide context the AI uses for policy / questionnaire generation |
Evidence & tasks
| Resource | Operations | Purpose |
|---|
| Tasks | list, get, create, update, complete, attach evidence | Tasks linked to controls that produce evidence on completion |
| Task Management | bulk operations, scheduling, reassignment | Tasks at scale |
| Task Automations | list, run, schedule, log | Recurring tasks driven by automation scripts |
| Task Integrations | configure per-task integration triggers | Cross-tool orchestration |
| Comments | list, create, update, delete | Comments on controls, tasks, evidence |
| Attachments | upload | File uploads attached to evidence or comments |
| Evidence Export | export | Compile evidence packages for audits |
| Evidence Export (Auditor) | auditor-restricted export | Same export with auditor-role scoping |
Integrations & sync
| Resource | Operations | Purpose |
|---|
| Connections | list, create, update, delete, refresh credentials | Connect AWS / Azure / GCP / GitHub / Google Workspace / Entra ID / etc. |
| Sync | trigger sync, list sync runs, view results | Run an integration sync on demand |
| AdminIntegrations | platform-admin operations on integrations | Internal admin tooling |
| TaskIntegrations | per-task integration bindings | Bind specific tasks to specific integrations |
| Variables | list, create, update, delete | Org-level variables (e.g. business names, regulator addresses) referenced from policies and questionnaires |
| Checks | list, get, run, view history | Cloud-test checks (continuous configuration validation) |
Vendor risk & questionnaires
| Resource | Operations | Purpose |
|---|
| Vendors | list, get, create, update, archive | Vendor register feeding GDPR Art. 28 + DORA Art. 28-30 |
| Internal - Vendors | platform-admin operations | Internal vendor management |
| Questionnaire | list, get, create, send, fill, auto-fill, export | AI-powered questionnaires (incoming and outgoing) |
| Knowledge Base | list, get, create, update, delete, search | Saved Q&A pairs that auto-fill draws from |
Trust & sharing
| Resource | Operations | Purpose |
|---|
| Trust Portal | get/update settings, manage published documents, list NDA signatories | Public security portal you share with prospects |
| Trust Access | list, create, get access decisions, NDA-gate documents | Granular access control for sensitive trust documents |
Security testing
| Resource | Operations | Purpose |
|---|
| Security Penetration Tests | create test, get status, list runs, download report | AI-powered external pen-test reports |
| Browserbase | session management, browser automation | Headless-browser evidence capture (used internally by tasks) |
Devices & endpoints
| Resource | Operations | Purpose |
|---|
| Devices | list, get | Devices reported by the Matproof Device Agent |
| Device Agent | check-in (used by the agent itself) | Agent-to-platform reporting endpoints |
Training & awareness
| Resource | Operations | Purpose |
|---|
| Training | assign, complete | Security awareness training tracking |
OAuth (for building Matproof-integrated apps)
| Resource | Operations | Purpose |
|---|
| OAuth | authorize, token, refresh | OAuth 2.0 flow for third-party apps that act on behalf of a Matproof user |
| OAuthApps | register, list, manage | Manage your registered OAuth applications |
AI assistant
| Resource | Operations | Purpose |
|---|
| Assistant Chat | start session, send message, end session | Programmatic access to the in-app AI assistant |
Operational
| Resource | Operations | Purpose |
|---|
| Webhook | configure, list deliveries, redeliver | Webhook subscription management |
| Health | health check | API health endpoint for status pages |
| CloudSecurity | get cloud-security state | Aggregated cloud-security findings across connections |
Sample endpoints
The pages below are concrete walkthroughs of typical endpoints — request shape, response shape, common errors. They use Mintlify’s OpenAPI integration to render the interactive playground inline.
People — list
GET /v1/people — typical list endpoint with pagination
Findings — create
POST /v1/findings — typical create endpoint with idempotency
Vendors — list
GET /v1/vendors — list with filters and DPA fields
Adding more endpoint pages
Want a hand-written page for a specific endpoint? Create an MDX file under api-reference/ with frontmatter pointing to the operation:
---
title: "Create vendor"
openapi: "POST /v1/vendors"
---
