Public API
Learn how to use our Public API to add, retrieve and delete evidence
Updated over a week ago

You can automate your evidence gathering and control testing on the PolicyCo platform. There are a few important concepts to understand before you get started.

Each user has unique API keys

From a security standpoint, each PolicyCo user has the ability to generate their own unique API key. The rational here is that it's best to limit API activity based on the role of the user in the organization.

If a user is set as an assignee for a specific evidence template / control test, their API key is eligible to POST and DELETE evidence. If multiple users need to perform these operation, be sure to add all relevant users as assignees. This will allow their API key to work.

X-API-KEY Header

We manage authentication with an X-API-KEY header.


This support article is minimal. Full documentation can be viewed here. If you need one on on assistance, please reach out to us via our support link and we can schedule some time with your technical team to demonstrate the feature.

Did this answer your question?