Available API Resources

May 24, 2026

Overview of the resources and operations available through the Imara API.

Overview

Once authenticated, your application can read and write compliance data through the Imara API. Resources are organized by domain and follow standard REST conventions — use GET to read, POST to create, PATCH to update, and DELETE to remove.

Controls

Retrieve the controls in your compliance program, including their status, assigned owner, linked frameworks, and associated evidence.

  • GET /controls — list all controls
  • GET /controls/:id — get a specific control with full details

Evidence

Upload and retrieve evidence items. This is the most common API use case — for example, automatically uploading screenshots, logs, or reports from your systems as compliance evidence.

  • GET /evidence — list evidence items
  • POST /evidence — upload a new evidence item
  • GET /evidence/:id — retrieve a specific evidence item

Frameworks

Query the compliance frameworks active in your account, including control coverage and overall completion percentage.

  • GET /frameworks — list active frameworks

Risks

Read and manage items in your organization's risk register.

  • GET /risks — list all risks
  • GET /risks/:id — get a specific risk

Documents

Access your policy and procedure documents.

  • GET /documents — list documents
  • GET /documents/:id — get a specific document

Vendors

Query your third-party vendor inventory and their compliance status.

  • GET /vendors — list vendors

Action Items

Retrieve open action items and their current status.

  • GET /action-items — list action items

Scopes

Access to each resource group is controlled by the scopes you assign to an API key when creating it. Only enable the scopes your integration actually needs — this limits the impact if a key is ever compromised.

Rate limits

All API responses include rate limit headers so your application can stay within the allowed request rate. When you exceed the limit, the API returns a 429 Too Many Requests response. Implement exponential backoff and retry logic in your code to handle this gracefully.

Available API Resources | Imara Documentation