API reference

ControlGraph exposes a GraphQL API for framework, control, capability, and technology queries. Authenticated REST endpoints manage organizations, assessments, and changes.

GraphQL

Endpoint: POST https://api.controlgraph.io/graphql

Use introspection or explore common queries in the app Explorer. Team plan API keys authenticate with Authorization: Bearer cg_… and require the read:graph scope.

query Frameworks {
  frameworks {
    slug
    name
    controlCount
  }
}

query ControlSearch($q: String!) {
  searchControls(query: $q, limit: 10) {
    identifier
    title
    frameworkSlug
  }
}

REST (authenticated)

POST /assessments — run compliance assessment
GET /changes — framework change feed
GET /org/organizations/mine — list workspaces

← Back to home