API Documentation
Welcome!
Welcome to Sprinto’s developer docs. Our API documentation is your one-stop solution to find comprehensive information and developer tooling.
Introduction
Sprinto is a modern GRC automation platform on a mission to simplify the often tedious tasks associated with governance, risk, and compliance programs. Thousands of customers trust Sprinto to streamline and automate their GRC efforts efficiently.
The Sprinto Developer API is designed to help you extend Sprinto's automation capabilities. The Developer API allows you to programmatically access and edit your Sprinto data, create useful extensions to our UI, integrate automation into workflows, and more.
We're genuinely excited to see what you build with the Developer API. If you have any questions, feedback, or comments, feel free to reach out to Sprinto support.
What you can do with Sprinto Developer API
Our customers commonly use the Sprinto Developer API to create custom workflows, tools, apps, reports, and dashboards tailored to their needs. Here are a few examples:
- Collecting evidence for security requirements in your Sprinto account.
- Uploading background verification (BGV) reports for staff members, aiding the staff onboarding process.
- Scoping the staff accounts for effectively managing their compliance requirements.
Communicating with our API
Sprinto APIs use the GraphQL architecture and follow the GraphQL specification. GraphQL is a powerful and developer-friendly query language for the modern web. We use GraphQL internally to power the Sprinto web application, and we want to bring you the full capability of the Sprinto platform - no holds barred.
All API calls require the use of the HTTPS protocol to maintain data transmission security. Also, the API accepts and returns responses in JSON file format.
Base URL
You can use the following API base URLs based on your geographic location to make your calls:
- United States:
https://app.sprinto.com/dev-api/graphql
- Europe:
https://eu.sprinto.com/dev-api/explorer
- India:
https://in.sprinto.com/dev-api/explorer
Authentication
All the API calls made on the Sprinto Developer API are authenticated via an API key. API keys can be generated through the Sprinto web application by any Sprinto user with admin privileges.
API keys are private and should not be shared with anyone.
Best practices
- Avoid using the API key in client-side JavaScript.
- Do not embed the API key in a webpage.
- Refrain from storing API keys in your source code.
- Revoke the API key access immediately from the Sprinto application if the API key is feared to be exposed due to any reason.
We will discuss further in the documentation about how to generate and use API keys.
Rate limitation
All requests to the Sprinto Developer API are rate-limited based on the IP address and API key. The limits imposed for each criterion are the following:
- IP Address: 10 req/min
- API Key: 10 req/min
Exceeding this limit results in a 10-minute block on your API access.
Each API request is tracked by its unique API address.
API status
The Sprinto Developer API is in beta
- Endpoints may change as we add more functionality.
We always seek to improve the Developer API based on our customer feedback. We take immense care to ensure that existing API use cases are not disrupted. However, we cannot provide any formal guarantees on uptime or backward compatibility at this time. The API is subject to change as we add more functionality.
Updated 12 months ago