> ## Documentation Index
> Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Resource Reference

> Catalogue of every resource group exposed by the Matproof REST API — what each covers, common operations, and sample endpoints.

# Resource Reference

The Matproof API exposes **182 endpoints across 39 resource groups**. This page is a category-organised index of those resources so you can find what you need quickly. For full request/response schemas of any endpoint, the OpenAPI spec is at [`openapi.json`](/openapi.json) and renders as an interactive playground in the API tab.

## Compliance program

| Resource              | Operations                                                 | Purpose                                                                      |
| --------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- |
| **Organization**      | get, update, transfer ownership, branding                  | Your organization's settings, primary color, logo                            |
| **People**            | list, get, create, bulk-create, update, link/unlink device | Team-member directory feeding access reviews and offboarding                 |
| **Policies**          | list, get, create, update, publish, acknowledge            | Policy library — generated, customized, published, acknowledged              |
| **Risks**             | list, get, create, update, archive                         | Risk register with likelihood / impact / treatment / linked controls         |
| **Findings**          | list, get, create, update, close                           | Unified gaps view — feeds from audits, pen-tests, device agent, integrations |
| **Finding Templates** | list, get, create, update, delete                          | Reusable finding patterns for common gaps                                    |

## Frameworks & SOA

| Resource                             | Operations                                                             | Purpose                                                                     |
| ------------------------------------ | ---------------------------------------------------------------------- | --------------------------------------------------------------------------- |
| **SOA** (Statement of Applicability) | list, get, mark applicable / not-applicable, justify exclusion, export | ISO 27001 SoA workflow                                                      |
| **Framework Editor Task Templates**  | list, get, create, update                                              | Tasks attached to custom-framework controls                                 |
| **Context**                          | get, update, list snapshots                                            | Organization-wide context the AI uses for policy / questionnaire generation |

## Evidence & tasks

| Resource                      | Operations                                           | Purpose                                                      |
| ----------------------------- | ---------------------------------------------------- | ------------------------------------------------------------ |
| **Tasks**                     | list, get, create, update, complete, attach evidence | Tasks linked to controls that produce evidence on completion |
| **Task Management**           | bulk operations, scheduling, reassignment            | Tasks at scale                                               |
| **Task Automations**          | list, run, schedule, log                             | Recurring tasks driven by automation scripts                 |
| **Task Integrations**         | configure per-task integration triggers              | Cross-tool orchestration                                     |
| **Comments**                  | list, create, update, delete                         | Comments on controls, tasks, evidence                        |
| **Attachments**               | upload                                               | File uploads attached to evidence or comments                |
| **Evidence Export**           | export                                               | Compile evidence packages for audits                         |
| **Evidence Export (Auditor)** | auditor-restricted export                            | Same export with auditor-role scoping                        |

## Integrations & sync

| Resource              | Operations                                        | Purpose                                                                                                    |
| --------------------- | ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **Connections**       | list, create, update, delete, refresh credentials | Connect AWS / Azure / GCP / GitHub / Google Workspace / Entra ID / etc.                                    |
| **Sync**              | trigger sync, list sync runs, view results        | Run an integration sync on demand                                                                          |
| **AdminIntegrations** | platform-admin operations on integrations         | Internal admin tooling                                                                                     |
| **TaskIntegrations**  | per-task integration bindings                     | Bind specific tasks to specific integrations                                                               |
| **Variables**         | list, create, update, delete                      | Org-level variables (e.g. business names, regulator addresses) referenced from policies and questionnaires |
| **Checks**            | list, get, run, view history                      | Cloud-test checks (continuous configuration validation)                                                    |

## Vendor risk & questionnaires

| Resource               | Operations                                       | Purpose                                                |
| ---------------------- | ------------------------------------------------ | ------------------------------------------------------ |
| **Vendors**            | list, get, create, update, archive               | Vendor register feeding GDPR Art. 28 + DORA Art. 28-30 |
| **Internal - Vendors** | platform-admin operations                        | Internal vendor management                             |
| **Questionnaire**      | list, get, create, send, fill, auto-fill, export | AI-powered questionnaires (incoming and outgoing)      |
| **Knowledge Base**     | list, get, create, update, delete, search        | Saved Q\&A pairs that auto-fill draws from             |

## Trust & sharing

| Resource         | Operations                                                            | Purpose                                               |
| ---------------- | --------------------------------------------------------------------- | ----------------------------------------------------- |
| **Trust Portal** | get/update settings, manage published documents, list NDA signatories | Public security portal you share with prospects       |
| **Trust Access** | list, create, get access decisions, NDA-gate documents                | Granular access control for sensitive trust documents |

## Security testing

| Resource                       | Operations                                          | Purpose                                                      |
| ------------------------------ | --------------------------------------------------- | ------------------------------------------------------------ |
| **Security Penetration Tests** | create test, get status, list runs, download report | AI-powered external pen-test reports                         |
| **Browserbase**                | session management, browser automation              | Headless-browser evidence capture (used internally by tasks) |

## Devices & endpoints

| Resource         | Operations                          | Purpose                                                                 |
| ---------------- | ----------------------------------- | ----------------------------------------------------------------------- |
| **Devices**      | list, get                           | Devices reported by the [Matproof Device Agent](/features/device-agent) |
| **Device Agent** | check-in (used by the agent itself) | Agent-to-platform reporting endpoints                                   |

## Training & awareness

| Resource     | Operations       | Purpose                              |
| ------------ | ---------------- | ------------------------------------ |
| **Training** | assign, complete | Security awareness training tracking |

## OAuth (for building Matproof-integrated apps)

| Resource      | Operations                | Purpose                                                                   |
| ------------- | ------------------------- | ------------------------------------------------------------------------- |
| **OAuth**     | authorize, token, refresh | OAuth 2.0 flow for third-party apps that act on behalf of a Matproof user |
| **OAuthApps** | register, list, manage    | Manage your registered OAuth applications                                 |

## AI assistant

| Resource           | Operations                               | Purpose                                        |
| ------------------ | ---------------------------------------- | ---------------------------------------------- |
| **Assistant Chat** | start session, send message, end session | Programmatic access to the in-app AI assistant |

## Operational

| Resource          | Operations                            | Purpose                                               |
| ----------------- | ------------------------------------- | ----------------------------------------------------- |
| **Webhook**       | configure, list deliveries, redeliver | Webhook subscription management                       |
| **Health**        | health check                          | API health endpoint for status pages                  |
| **CloudSecurity** | get cloud-security state              | Aggregated cloud-security findings across connections |

***

## Sample endpoints

The pages below are concrete walkthroughs of typical endpoints — request shape, response shape, common errors. They use Mintlify's OpenAPI integration to render the interactive playground inline.

<CardGroup cols={2}>
  <Card title="People — list" href="/api-reference/people-list">
    GET /v1/people — typical list endpoint with pagination
  </Card>

  <Card title="Findings — create" href="/api-reference/findings-create">
    POST /v1/findings — typical create endpoint with idempotency
  </Card>

  <Card title="Vendors — list" href="/api-reference/vendors-list">
    GET /v1/vendors — list with filters and DPA fields
  </Card>
</CardGroup>

For everything else, browse the interactive playground at [openapi.json](/openapi.json) — every endpoint is documented with full request and response schemas, parameter descriptions, and a try-it-now button.

## Adding more endpoint pages

Want a hand-written page for a specific endpoint? Create an MDX file under `api-reference/` with frontmatter pointing to the operation:

```yaml theme={null}
---
title: "Create vendor"
openapi: "POST /v1/vendors"
---
```

Mintlify renders the operation's full schema, parameters, request body, and response — and you can add prose above and below for context, code samples, and gotchas specific to your use case.
