Mark staff member account In-scope

Use the Sprinto Developer API to mark a staff member as in-scope and include them in audit compliance checks.

This cookbook demonstrates how to mark a staff member account as in-scope using the Sprinto Developer API.

When a staff member is marked as in-scope, they are included in your audit compliance scope and mapped to the relevant controls and automated checks configured in your Sprinto account.

This operation is performed using a GraphQL mutation.

Before you begin

Ensure that you have:

A valid API key
Access to the Sprinto API Playground (if using the playground)
The email address of the staff member you want to mark as in-scope

If the provided email address does not belong to an active staff member, the API returns an error.

API Status

The Sprinto Developer API is currently in beta.

Endpoints and schema fields may change as new functionality is introduced.

Mutation: `markStaffAsInScope`

This mutation marks a staff member as in-scope using their email address.

Input Arguments

Argument

Type

Required

Description

email

String

Yes

Email address of the staff member to mark as in-scope

Example Mutation

mutation Mutation($email: String!) {
  markStaffAsInScope(email: $email) {
    user {
      email
      fullName
    }
  }
}

{
  "data": {
    "markStaffAsInScope": {
      "user": {
        "firstName": "John",
        "lastName": "Doe",
        "email": "[email protected]",
        "pk": "edadfasdfdcdcadc"
      }
    }
  }
}

Try yourself: United States: Europe: India

How the mutation works

The request starts with the Mutation root type.
The markStaffAsInScope mutation identifies the staff member using the email argument.
If the operation succeeds, the API returns the updated user object.

Response fields

You can request the following fields from the returned user object:

Field

Type

Description

firstName

String

First name of the staff member

lastName

String

Last name of the staff member

fullName

String

Full name of the staff member

email

String

Email address of the staff member

Response codes and errors

The following response codes may be returned for this mutation:

Status code

Status

Message

Reason

200

Success

The account is marked as in-scope.

The staff member was successfully updated.

200

Error

Invalid email address or a non-staff account.

The email does not belong to a valid staff account or is marked as non-staff.

200

Error

The email was assigned to an offboarded staff member.

Offboarded staff members cannot be marked as in-scope.

401

Unauthorized

Invalid or expired API token.

The API key is invalid or disabled.

429

Too many requests

Too many requests. Please try again later.

The API rate limit has been exceeded.

Next steps

After marking a staff member as in-scope, you can:

Map them to relevant controls and automated checks
Query in-scope staff members using paginated queries
Mark staff members as not-in-scope when required

PreviousSprinto Cookbooks NextMark staff member account Not-In-Scope

Last updated 15 days ago

hashtagBefore you begin

hashtagAPI Status

hashtagMutation: markStaffAsInScope

hashtagInput Arguments

hashtagExample Mutation

hashtagHow the mutation works

hashtagResponse fields

hashtagResponse codes and errors

hashtagNext steps

Before you begin

API Status

Mutation: `markStaffAsInScope`

Input Arguments

Example Mutation

How the mutation works

Response fields

Response codes and errors

Next steps