Sprinto Developer API

Mark staff member account In-scope

The following API template demonstrates marking any staff account as "In-scope".

By marking a staff member as "In-scope", you include them as part of your audit compliance scope. All In-scope staff members get mapped against controls and automated checks you have configured for your Sprinto account.

🚧

The Sprinto Developer API is in beta

  • Endpoints may change as we add more functionality.

Before we begin

Marking staff account In-scope

You need the staff member's email address to whom you want to mark In-scope. Below is the mutation code you can use to perform the query.
Enter a staff member's email address for the email argument through the variable section on the Sprinto API Playground. If you don't enter a valid email address, you will receive an error response from the server.

mutation Mutation($email: String!) {
  markStaffAsInScope(email: $email) {
    user {
      email
      fullName
    }
  }
}
{  
  "data": {  
    "markStaffAsInScope": {  
      "user": {  
        "firstName": "John",  
        "pk": "edadfasdfdcdcadc",  //dummy UUID  
        "lastName": "Doe",  
        "email": "[email protected]"  
      }  
    }  
  }  
}

Try yourself: United States: Europe: India

The above example API call starts with a root type,Mutation followed up with the mutation operation markStaffAsInScope defining the call is for marking staff account In-scope.

The argument email is used to provide the staff member's email address.

Upon successfully marking the staff member as in-scope, the API returns the user object, which was updated as part of this request.

You can specify the following response fields in the returned user object field:

Response fieldTypeDescription
lastNameStringLast name of the staff member
firstNameStringFirst name of the staff member
fullNameStringFull name of the staff member
emailStringEmail address of the staff member

Below is the list of response codes and response messages you can get from the server for your executed API call:

Response codeStatusMessageReason
200SuccessThe account is marked as in scope.
200ErrorInvalid email address or a non-staff account.A staff member with this email isn’t in the system. Make sure you haven’t marked this email as a non-staff account.
200ErrorThe email was assigned to an offboarded staff member.The staff member must be part of the organisation to mark them as in-scope. They must not be offboarded.
401UnauthorizedInvalid or expired API token.The API key is invalid or disabled.
429Too many requestsThere are too many requests. Please try again after some time.You’ve breached the rate limits for the API. Please refer to rate-limitation.