API Documentation
      Back to home
      1. Knowledge Center
      2. API Documentation

      How to Create Risk Controls via API

      This guide provides a step-by-step process for creating risk controls through the Credo AI API. It assumes the use of environment variables for configuration and relies on Python and the requests library to interact with the API. For more details on the endpoint, see our swagger documentation.


      Note

      • Self-hosted customers must replace https://api.credo.ai with your Credo AI URL
      • ${TENANT} is the tenant name used to log in to Credo AI
      • See Authentication for how to get the required ${ACCESS_TOKEN} 

      Step 1: Create a new risk type in Credo AI. 

      • Body params
        • name → Risk type name must be unique
        • description → Risk type description 

      import requests

      url = "https://api.credo.ai/api/v2/${TENANT}/risk_types"

      headers = {

            "Content-type": "application/vnd.api+json",

            "Accept": "application/vnd.api+json",

            "Authorization": "Bearer ${ACCESS_TOKEN}"

      }

      payload = {

        "data": {

          "attributes": {

            "description": "Custom Risk Description",

            "name": "Custom Risk"

          },

          "type": "resource-type"

        }

      }

      response = requests.post(url, json=payload, headers=headers)

      print(response.text)

       


      Step 2: Create a custom policy control base in Credo AI. 

      • Body params
        • id → A unique identifier for the policy control base

      import requests

      url = "https://api.credo.ai/api/v2/${TENANT}/policy_control_bases"

      headers = {

            "Content-type": "application/vnd.api+json",

            "Accept": "application/vnd.api+json",

            "Authorization": "Bearer ${ACCESS_TOKEN}"

      }

      payload = {

        "data": {

          "attributes": {

            "id": "string"

          },

          "type": "resource-type"

        }

      }

      response = requests.post(url, json=payload, headers=headers)

      print(response.text)

      Step 3: Create a new version of custom policy control in Credo AI. 

      • URL params 
        • id → The ID for the risk control base created in step 2
      • Body params
        • risk_type_ids → The ID for the risk type returned from step 1


      import requests

      url ="https://api.credo.ai/api/v2/${TENANT}/policy_control_bases/${Id}/versions"

      headers = {

            "content-type": "application/vnd.api+json"

            "Authorization": "Bearer ${ACCESS_TOKEN}"

      }

      payload = {

        "data": {

          "attributes": {

      "info": {"description": "string"},  

        "risk_type_ids": ["string"]    },

          "type": "resource-type"

        }

      }

      response = requests.post(url, json=payload, headers=headers)

      print(response.text)

       



      Step 4: Update the version of the custom policy control to move it from draft to published in Credo AI. 

      • URL params 
        • id → The ID for the risk control base created in step 2
      • Body params
        • risk_type_ids → The ID for the risk type returned from step 1
        • id → The ID for the policy control version that was returned from step 3
        • draft: true

      import requests

      url = "https://api.credo.ai/api/v2/${TENANT}/policy_control_versions/${id}"

      headers = {

             "content-type": "application/vnd.api+json"

             "Authorization": "Bearer ${ACCESS_TOKEN}"

      }

      payload = {

        "data": {

          "attributes": {

            "draft": false,

            "info": {},

            "risk_type_ids": [

              "NkBkDB9i64w53eVR6ssfzj"

            ]

          },

          "type": "resource-type"

        }

      }

      response = requests.patch(url, json=payload, headers=headers)

      print(response.text)