Sprinto Developer API

Mark staff member account Not-In-Scope

The following how-to guide explains how to mark a staff account as Not-in-scope using the Sprinto API.

You can add staff members to your Sprinto account by integrating external HRMS or email service providers. When you link a system as a staff source, all its staff accounts are included in the audit scope by default unless you specify otherwise. If there are accounts you don't want in the audit scope, you can mark them as "not in scope." This ensures Sprinto won't perform any security tasks (like policy acceptance or training) for those accounts.

🚧

The Sprinto Developer API is in beta

  • Endpoints may change as we add more functionality.

Before we begin

  • Ensure that you are using a valid API key.
  • Ensure that you have the email address of the staff member you want to mark as not in scope.

Mark staff as Not-In-scope

You need to have the staff member's email address you want to scope out. Below is the Mutation code you can use to perform the query.
Enter a staff member's email address for the email argument through the variable section on the Sprinto API Playground. If you don't enter a valid email address, you will receive an error response from the server.

mutation MarkStaffAsNotInScope($email: String!, $reason: String) {
  markStaffAsNotInScope(email: $email, reason: $reason) {
    user {
      fullName
    }
  }
}
{
  "email": "[email protected]",     //Dummy email address
  "reason": "Testing the API call"
}

Try yourself: United States: Europe: India

The above API call starts with the keyword mutation, followed up with operation name markStaffAsNotInScope showing that it is a writing data type API call to mark a staff account as not in scope.

The argument email should be provided with the target staff member's email address.
Additionally, you may provide an optional reason to mark the email as not-in-scope.

Upon successfully marking the staff member as not in-scope, the API returns the user object, which was updated as part of this request.

Following are the response fields you can use for the following API call:

Response fieldTypeDescription
lastNameStringLast name of the staff member.
firstNameStringFirst name of the staff member.
fullNameStringFull name of the staff member.
emailStringEmail address of the staff member.

Below is the list of response codes and response messages you can get from the server for your executed API call:

Response codeStatusMessageReason
200SuccessThe account is marked as in scope.
200ErrorInvalid email address or a non-staff account.A staff member with this email isn’t in the system. Make sure you haven’t already marked this email as a non-staff account.
200ErrorThe email was assigned to an offboarded staff member.The staff member must be part of the organization to mark them as not-in-scope. They must not be offboarded.
401UnauthorizedInvalid or expired API token.The API key is invalid or disabled.
429Too many requestsThere are too many requests. Please try again after some time.You’ve breached the rate limits for the API. Please refer to rate-limitation.