Sprinto Developer API

Welcome to Sprinto’s Developer API documentation. This documentation provides comprehensive guidance and developer resources to help you integrate Sprinto into your workflows and build custom automations.

Sprinto is a modern governance, risk, and compliance (GRC) automation platform designed to simplify and streamline compliance programmes. Thousands of organisations rely on Sprinto to efficiently manage their GRC requirements.

The Sprinto Developer API enables you to extend Sprinto’s automation capabilities by allowing programmatic access to Sprinto data. You can use the API to build integrations, automate workflows, and create extensions that work seamlessly with the Sprinto platform.

If you have questions, feedback, or suggestions while using the Developer API, contact Sprinto Support.

What you can do with the Sprinto Developer API

Customers commonly use the Sprinto Developer API to build custom workflows, tools, reports, and dashboards tailored to their compliance needs. Typical use cases include:

• Collecting and managing evidence for security and compliance requirements.

• Uploading background verification (BGV) reports to support staff onboarding.

• Scoping staff accounts to accurately manage compliance responsibilities.

Communicating with the API

The Sprinto Developer API uses a GraphQL architecture and follows the GraphQL specification. GraphQL provides a flexible and efficient way to query and manipulate data and is the same technology used internally to power the Sprinto web application.

All API requests must use the HTTPS protocol to ensure secure data transmission. The API accepts requests and returns responses in JSON format.

Base URL

Use the appropriate base URL based on your data residency region:

• United States: https://app.sprinto.com/dev-api/graphql

• Europe: https://eu.sprinto.com/dev-api/explorer

• India: https://in.sprinto.com/dev-api/explorer

Authentication

All Sprinto Developer API requests require authentication using an API key. Any Sprinto user with administrator privileges can generate API keys from the Sprinto web application.

Security note

API keys are confidential credentials and must be handled securely.

Best practices

• Do not use API keys in client-side JavaScript.

• Do not embed API keys in webpages.

• Avoid committing API keys to source code repositories.

• Revoke the API key immediately from the Sprinto application if it is suspected to be exposed.

Further sections in this documentation explain how to generate and use API keys.

Rate limiting

All requests to the Sprinto Developer API are rate-limited based on both IP address and API key.

If either limit is exceeded, API access is blocked for 10 minutes.

Each API request is tracked using its unique API endpoint.

API status

The Sprinto Developer API is currently in beta. Endpoints and functionality may change as new features are introduced.

Sprinto actively incorporates customer feedback to improve the Developer API. While care is taken to minimise disruption to existing integrations, formal guarantees on uptime or backward compatibility are not provided during the beta phase. The API is subject to change as functionality evolves.