Developer Resources (API, MCP)

This section is suited for users looking to integrate Secureframe with their own systems via API.

Search

Secureframe Developer Portal (API)

The Secureframe Developer Portal provides API documentation and tools to help developers integrate Secureframe with their existing systems.

Whether you need to automate compliance workflows, fetch audit data, or manage users programmatically, the Developer Portal gives you the resources to extend Secureframe’s capabilities.

What You Can Do

With the Secureframe API, you can:

  • Automate compliance workflows – Streamline policy management, security training, and access control.
  • Fetch and analyze compliance data – Pull reports, audit logs, and personnel compliance statuses.
  • Manage users and integrations – Programmatically add personnel, assign roles, and sync third-party integrations.

How to Get Started

  • Visit the Secureframe Developer Portal.
  • Review the API authentication methods and generate API keys.
  • Explore the API reference and example requests.
  • Start building and testing your integration.

Creating your API Key

In order to start utilizing APIs in Secureframe you will need to establish an API Key. 

  • Head into Secureframe, click on your profile in the top right corner, then click Company Settings. 
  • Then click on the API keys tab, then Create API Key on the right hand side of the screen. 
  • Assign an Owner, add your API Key Name, then Generate Key

For additional help, check out our Integration Guides or contact Secureframe Support for assistance.

Retrieve Evidence via API

One of the most common ways customers use Secureframe’s API is to query evidence records directly. This allows you to pull compliance data into your own dashboards, automate reporting, and streamline audit preparation.

Example:
Use GET /evidences/{id} to return a single evidence record by ID.

 
curl -X GET "https://api.secureframe.com/evidences/{id}" \ -H "Authorization: YOUR_API_KEY_HERE"

Sample response:

{ "data": { "id": "4976feca-6276-4993-bfeb-53cbbbba6f08", "type": "string", "attributes": { }, "relationships": { }, "links": { } }, "includes": { } }

This use case is especially helpful when building integrations for audit exports, compliance monitoring, or internal evidence review.

Explore More API Use Cases

While evidence retrieval is a popular entry point, Secureframe’s Developer API supports many other workflows, including:

  • Listing and managing controls and tests

  • Managing users and their assigned compliance tasks

  • Automating policy and training assignments

  • Integrating Secureframe data with external tools or monitoring systems

Visit the Secureframe Developer Portal for the full catalog of endpoints, request/response formats, and interactive documentation.

API Base URLs by Region

Secureframe supports different API base URLs depending on your region. Make sure you're using the correct endpoint based on where your Secureframe instance is hosted.

Region API Base URL Example
US (default) https://api.secureframe.com curl -i -X GET https://api.secureframe.com/users
UK https://api-uk.secureframe.com curl -i -X GET https://api-uk.secureframe.com/users

Authorization headers remain the same across regions:
-H 'Authorization: API_KEY API_SECRET'

If you're unsure which region your account belongs to, check your login domain (e.g., app-uk.secureframe.com for UK) or reach out to Secureframe Support.

Frequently Asked Questions (FAQ)

How to get or create an API key for Secureframe?

  • Head into Secureframe, click on your profile in the top right corner, then click Company Settings. 
  • Then click on the API keys tab, then Create API Key on the right hand side of the screen. 
  • Assign an Owner, add your API Key Name, then Generate Key
    • Note: Only Super Admins can create an API Key in Secureframe

What do I need to include when authenticating with the API?

When making API requests, you must include both your API Key and Secret in the Authorization header. Example: php-template

 
--header 'Authorization: <YOUR_API_KEY> <YOUR_SECRET_KEY>'

You can generate and manage your API Key and Secret from the Secureframe Console under:
Your Profile → Company Settings → API Keys.

⚠️ API Secrets are only viewable once at the time of creation. If lost, you'll need to generate a new one.

Can I use just the API Key without the secret?

  • No. Both the API Key and the Secret must be included in the Authorization header for the API call to succeed.

Why can't I retrieve more than 100 users using the per_page parameter in the Secureframe API?

The Secureframe API currently enforces a maximum limit of 100 records per page, even if you pass a higher value for per_page. This means:

  • per_page=200 will still return only 100 records.

  • To retrieve more than 100 users, you must use pagination.

What to do:

Use the page parameter in combination with per_page=100 to iterate through results.

Example:

GET /users?per_page=100&page=1
GET /users?per_page=100&page=2

Repeat requests, incrementing the page value until no new results are returned.

🔁 Tip: Automate this in your script by checking if the current page’s response contains fewer than 100 users—this usually signals you've reached the last page.

How can I find test IDs to export test results programmatically using the API?

If you're trying to export test results via the Secureframe API (similar to using the “Export” button in the UI), you’ll first need to identify the relevant test IDs.

To retrieve test IDs:

  • Use this API endpoint: GET /testsThis endpoint returns a list of all tests, including their associated id values.

Once you have the list of test IDs, you can use them to pull test data or results programmatically from your environment (e.g., from an EC2 instance) using your API integration.

💡Tip: The test IDs will appear as long alphanumeric strings in the response payload under the id field.

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.