Skip to main content
PATCH
/
v1
/
risks
/
{id}
Update risk
curl --request PATCH \
  --url http://localhost:3333/v1/risks/{id} \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "title": "Data breach vulnerability in user authentication system",
  "description": "Weak password requirements could lead to unauthorized access to user accounts",
  "category": "technology",
  "department": "it",
  "status": "open",
  "likelihood": "possible",
  "impact": "major",
  "residualLikelihood": "unlikely",
  "residualImpact": "minor",
  "treatmentStrategyDescription": "Implement multi-factor authentication and strengthen password requirements",
  "treatmentStrategy": "mitigate",
  "assigneeId": "mem_abc123def456"
}
'
{
  "id": "rsk_abc123def456",
  "title": "Data breach vulnerability in user authentication system",
  "description": "Weak password requirements could lead to unauthorized access to user accounts",
  "category": "technology",
  "department": "it",
  "status": "open",
  "likelihood": "possible",
  "impact": "major",
  "residualLikelihood": "unlikely",
  "residualImpact": "minor",
  "treatmentStrategyDescription": "Implement multi-factor authentication and strengthen password requirements",
  "treatmentStrategy": "mitigate",
  "organizationId": "org_abc123def456",
  "assigneeId": "mem_abc123def456",
  "createdAt": "2023-11-07T05:31:56Z",
  "updatedAt": "2023-11-07T05:31:56Z",
  "authType": "api-key",
  "authenticatedUser": {
    "id": "usr_def456ghi789",
    "email": "user@example.com"
  }
}

Authorizations

X-API-Key
string
header
required

API key for authentication

Headers

X-Organization-Id
string

Organization ID (required for session auth, optional for API key auth)

Path Parameters

id
string
required

Risk ID

Example:

"rsk_abc123def456"

Body

application/json

Risk update data

title
string

Risk title

Example:

"Data breach vulnerability in user authentication system"

description
string

Detailed description of the risk

Example:

"Weak password requirements could lead to unauthorized access to user accounts"

category
enum<string>

Risk category

Available options:
customer,
fraud,
governance,
operations,
other,
people,
regulatory,
reporting,
resilience,
technology,
vendor_management
Example:

"technology"

department
enum<string>

Department responsible for the risk

Available options:
none,
admin,
gov,
hr,
it,
itsm,
qms
Example:

"it"

status
enum<string>
default:open

Current status of the risk

Available options:
open,
pending,
closed,
archived
Example:

"open"

likelihood
enum<string>
default:very_unlikely

Likelihood of the risk occurring

Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"possible"

impact
enum<string>
default:insignificant

Impact if the risk materializes

Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"major"

residualLikelihood
enum<string>
default:very_unlikely

Residual likelihood after treatment

Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"unlikely"

residualImpact
enum<string>
default:insignificant

Residual impact after treatment

Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"minor"

treatmentStrategyDescription
string

Description of the treatment strategy

Example:

"Implement multi-factor authentication and strengthen password requirements"

treatmentStrategy
enum<string>
default:accept

Risk treatment strategy

Available options:
accept,
avoid,
mitigate,
transfer
Example:

"mitigate"

assigneeId
string

ID of the user assigned to this risk

Example:

"mem_abc123def456"

Response

Risk updated successfully

id
string

Risk ID

Example:

"rsk_abc123def456"

title
string

Risk title

Example:

"Data breach vulnerability in user authentication system"

description
string

Risk description

Example:

"Weak password requirements could lead to unauthorized access to user accounts"

category
enum<string>
Available options:
customer,
governance,
operations,
other,
people,
regulatory,
reporting,
resilience,
technology,
vendor_management
Example:

"technology"

department
enum<string> | null
Available options:
none,
admin,
gov,
hr,
it,
itsm,
qms
Example:

"it"

status
enum<string>
Available options:
open,
pending,
closed,
archived
Example:

"open"

likelihood
enum<string>
Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"possible"

impact
enum<string>
Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"major"

residualLikelihood
enum<string>
Available options:
very_unlikely,
unlikely,
possible,
likely,
very_likely
Example:

"unlikely"

residualImpact
enum<string>
Available options:
insignificant,
minor,
moderate,
major,
severe
Example:

"minor"

treatmentStrategyDescription
string | null
Example:

"Implement multi-factor authentication and strengthen password requirements"

treatmentStrategy
enum<string>
Available options:
accept,
avoid,
mitigate,
transfer
Example:

"mitigate"

organizationId
string
Example:

"org_abc123def456"

assigneeId
string | null

ID of the user assigned to this risk

Example:

"mem_abc123def456"

createdAt
string<date-time>

When the risk was created

updatedAt
string<date-time>

When the risk was last updated

authType
enum<string>

How the request was authenticated

Available options:
api-key,
session
authenticatedUser
object

User information (only for session auth)