Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Important API Update: Mandatory API Schema Update for Contact Management

            Modified on Wed, 3 Dec at 4:39 PM

             

            We are issuing this important notification regarding critical updates to our contact assignment logic and API schemas. All services, integrations, and APIs that facilitate contact creation, updating, or data retrieval for contacts must be  updated. This change is necessary to ensure compatibility and maintain full system functionality.


            The Mandate: Supporting Group-Based Assignments

            The catalyst for this extensive update is the implementation of the Apply Group to Additional Contact feature (Version 3.6.0, released October 25, 2025). This enhancement provides efficiency gains by enabling both User and Group-based assignments when managing contacts across supported entities.


            Previously, contact assignments primarily handled individual users. Now, users, including administrators, have the capability to assign existing Groups to multiple-select contact fields. This functionality is visible in the UI when adding or editing contacts, allowing selection between the User type or the Group type.


            Key capabilities enabled by this feature include the ability to:

            • Assign groups as multiple-select contacts.
            • Filter records by either User or Group in list views.
            • Perform bulk updates using User or Group selection.

            Critical API Schema Changes

            To fully support the assignment of both individual users and contact groups, the underlying contact assignment logic and schema have been fundamentally modified.


            The following changes are mandatory for all API requests dealing with contact assignments:

            1. Field Rename: The old field id has been renamed to assignmentId.
            2. New Mandatory Field: A new required field, assignmentType, must be included in the payload.
            3. Required Values: The assignmentType field must explicitly specify the nature of the contact ID, accepting only two values: "USER" or "USER_PROFILE_GROUP".

            Schema Comparison: Before vs. Current

            If your integration uses the old format, it will fail to validate against the new schema, resulting in errors due to missing required fields or incorrect data handling.

            Before (Old Schema Structure)Current (New Mandatory Schema Structure)
            contacts: [ { id: 123, type: "PRIMARY" } ]contacts: [ { assignmentId: 123, type: "PRIMARY", assignmentType: "USER" } ]
            contacts: [ { id: 234, type: "ADDITIONAL" } ]contacts: [ { assignmentId: 234, type: "ADDITIONAL", assignmentType: "USER" } ]
            N/A (Group assignments not supported)contacts: [ { assignmentId: 432, type: "ADDITIONAL", assignmentType: "USER_PROFILE_GROUP" } ]

            Note that traditionally, contacts were referenced using an id field. For Asset creation, id was used to specify contacts. For new entity creation like Audit, Risk Mitigation, and Risk Register, the old schemas also demonstrated the use of the contacts array containing an id and a type. These legacy uses of id within the contacts object must now be replaced by assignmentId and accompanied by the mandatory assignmentType field.


            Impacted API Endpoints and Entities

            This schema change affects all records that utilize the contact management component in API creation (POST), update (PUT), and consumption/retrieval (GET) requests. Based on documented API procedures, the following entities are confirmed to utilize the contact structure and will require updates to their payloads:

            • Asset Management (Asset, Enterprise Asset, Vendor, Engagement): Requests for creating or updating assets, vendors, and engagements utilize the contacts array, which typically contains one primary contact and multiple optional additional contacts.
            • Assessment: Both creating and updating Assessments require a contacts array specifying contact types (e.g., PRIMARY).
            • Finding: Creation and updating of Findings utilize a contacts array where fields like name, description, dueDate, source, and priority are required, and all contact types (except ADDITIONAL) are mandatory in the request.
            • Audit: Creating and Updating Audits requires the contacts array.
            • Risk Mitigation: Creating and Updating Risk Mitigations requires the contacts array.
            • Risk Register: Creating and Updating Risk Registers requires the contacts array.
            • Internal Control: Creating and Updating Internal Controls requires the contacts array.

            Action Required

            Action Required: Please ensure your services consuming this data are updated to handle the new assignmentId and include the mandatory assignmentType field to maintain compatibility. Failure to update these fields will result in API integration failures.


            For detailed instructions and updated documentation, please refer to http://docs.1risk.io/.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0