Mark staff member account In-scope
The following API template demonstrates marking any staff account as "In-scope".
By marking a staff member as "In-scope", you include them as part of your audit compliance scope. All In-scope staff members get mapped against controls and automated checks you have configured for your Sprinto account.
The Sprinto Developer API is in beta
- Endpoints may change as we add more functionality.
Before we begin
- Ensure that you have a valid API key. If you are using API playground, ensure you have complete Playground initial setup.
Marking staff account In-scope
You need the staff member's email address to whom you want to mark In-scope. Below is the mutation code you can use to perform the query.
Enter a staff member's email address for the email argument through the variable section on the Sprinto API Playground. If you don't enter a valid email address, you will receive an error response from the server.
mutation Mutation($email: String!) {
markStaffAsInScope(email: $email) {
user {
email
fullName
}
}
}
{
"data": {
"markStaffAsInScope": {
"user": {
"firstName": "John",
"pk": "edadfasdfdcdcadc", //dummy UUID
"lastName": "Doe",
"email": "[email protected]"
}
}
}
}
Try yourself: United States: Europe: India
The above example API call starts with a root type,Mutation followed up with the mutation operation markStaffAsInScope defining the call is for marking staff account In-scope.
The argument email is used to provide the staff member's email address.
Upon successfully marking the staff member as in-scope, the API returns the user object, which was updated as part of this request.
You can specify the following response fields in the returned user object field:
| Response field | Type | Description |
|---|---|---|
lastName | String | Last name of the staff member |
firstName | String | First name of the staff member |
fullName | String | Full name of the staff member |
email | String | Email address of the staff member |
Below is the list of response codes and response messages you can get from the server for your executed API call:
| Response code | Status | Message | Reason |
|---|---|---|---|
| 200 | Success | The account is marked as in scope. | |
| 200 | Error | Invalid email address or a non-staff account. | A staff member with this email isn’t in the system. Make sure you haven’t marked this email as a non-staff account. |
| 200 | Error | The email was assigned to an offboarded staff member. | The staff member must be part of the organisation to mark them as in-scope. They must not be offboarded. |
| 401 | Unauthorized | Invalid or expired API token. | The API key is invalid or disabled. |
| 429 | Too many requests | There are too many requests. Please try again after some time. | You’ve breached the rate limits for the API. Please refer to rate-limitation. |
Updated 10 months ago