{ "swagger": "2.0", "info": { "title": "TATER Compliance", "description": "Connect Microsoft Power Automate to TATER compliance data. Trigger flows when scans complete or compliance drifts, and take action on controls, overrides, and risks directly from Power Platform.", "version": "1.0", "contact": { "name": "TATER Support", "url": "https://www.tatersecurity.com", "email": "sales@tatersecurity.com" } }, "host": "api.tatersecurity.com", "basePath": "/api", "schemes": ["https"], "consumes": ["application/json"], "produces": ["application/json"], "securityDefinitions": { "api_key": { "type": "apiKey", "name": "x-api-key", "in": "header", "description": "API key from TATER Settings → API Keys. Include X-Organization-Id header to scope to a specific organization." } }, "security": [{ "api_key": [] }], "paths": { "/reports/powerbi": { "get": { "summary": "Get Compliance Data", "description": "Returns flat, denormalized compliance data tables suitable for Power BI, Excel, or any BI tool. Use the dataset parameter to select which table(s) to retrieve.", "operationId": "GetComplianceData", "parameters": [ { "name": "x-api-key", "in": "header", "required": true, "type": "string", "description": "API key from TATER Settings → API Keys", "x-ms-summary": "API Key" }, { "name": "x-organization-id", "in": "header", "required": false, "type": "string", "description": "Organization ID to scope results (optional)", "x-ms-summary": "Organization ID" }, { "name": "dataset", "in": "query", "required": false, "type": "string", "enum": ["controls", "scans", "risks", "overrides", "overview", "all"], "default": "all", "description": "Which dataset(s) to return. 'all' returns a keyed object; a specific name returns a flat array.", "x-ms-summary": "Dataset" }, { "name": "status", "in": "query", "required": false, "type": "string", "description": "Filter controls by status (Pass, Fail, Manual, Skip, Error). Only applies to the controls dataset.", "x-ms-summary": "Status Filter" }, { "name": "application", "in": "query", "required": false, "type": "string", "description": "Filter controls by application/compliance zone name. Only applies to the controls dataset.", "x-ms-summary": "Application Filter" }, { "name": "limit", "in": "query", "required": false, "type": "integer", "minimum": 1, "maximum": 100, "default": 30, "description": "Maximum number of scans to return (1–100). Only applies to the scans dataset.", "x-ms-summary": "Scan Limit" } ], "responses": { "200": { "description": "Compliance data returned successfully", "schema": { "type": "object", "x-ms-dynamic-schema": { "operationId": "GetComplianceData", "parameters": {} } } }, "401": { "description": "Unauthorized — invalid or missing API key" }, "429": { "description": "Rate limit exceeded — retry after indicated delay" } } } }, "/overrides": { "post": { "summary": "Create Risk Acceptance", "description": "Create a risk acceptance (override) for a compliance control, marking a known failing control as accepted risk with justification and optional expiry date.", "operationId": "CreateRiskAcceptance", "parameters": [ { "name": "x-api-key", "in": "header", "required": true, "type": "string", "x-ms-summary": "API Key" }, { "name": "x-organization-id", "in": "header", "required": false, "type": "string", "x-ms-summary": "Organization ID" }, { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "required": ["controlId", "status"], "properties": { "controlId": { "type": "string", "description": "The ID of the control to create a risk acceptance for", "x-ms-summary": "Control ID" }, "status": { "type": "string", "enum": ["RiskAccepted", "NotApplicable", "CompensatingControl"], "description": "Type of exception", "x-ms-summary": "Exception Type" }, "note": { "type": "string", "description": "Business justification for the risk acceptance", "x-ms-summary": "Justification" }, "approvedBy": { "type": "string", "description": "Name or email of approver", "x-ms-summary": "Approved By" }, "expiryDate": { "type": "string", "format": "date", "description": "Date the risk acceptance expires (ISO 8601, e.g. 2027-01-01)", "x-ms-summary": "Expiry Date" } } } } ], "responses": { "201": { "description": "Risk acceptance created" }, "400": { "description": "Invalid request body" }, "401": { "description": "Unauthorized" } } } }, "/risks": { "post": { "summary": "Create Risk", "description": "Create a new entry in the TATER Risk Register.", "operationId": "CreateRisk", "parameters": [ { "name": "x-api-key", "in": "header", "required": true, "type": "string", "x-ms-summary": "API Key" }, { "name": "x-organization-id", "in": "header", "required": false, "type": "string", "x-ms-summary": "Organization ID" }, { "name": "body", "in": "body", "required": true, "schema": { "type": "object", "required": ["title"], "properties": { "title": { "type": "string", "description": "Risk title", "x-ms-summary": "Title" }, "category": { "type": "string", "description": "Risk category (e.g. Technical, Operational, Compliance)", "x-ms-summary": "Category" }, "likelihood": { "type": "integer", "minimum": 1, "maximum": 5, "description": "Likelihood score 1–5", "x-ms-summary": "Likelihood" }, "impact": { "type": "integer", "minimum": 1, "maximum": 5, "description": "Impact score 1–5", "x-ms-summary": "Impact" }, "status": { "type": "string", "enum": ["Open", "Mitigating", "Accepted", "Closed"], "description": "Risk treatment status", "x-ms-summary": "Status" }, "owner": { "type": "string", "description": "Risk owner (name or email)", "x-ms-summary": "Owner" }, "mitigationPlan": { "type": "string", "description": "Description of mitigation actions", "x-ms-summary": "Mitigation Plan" } } } } ], "responses": { "201": { "description": "Risk created" }, "400": { "description": "Invalid request body" }, "401": { "description": "Unauthorized" } } } }, "/audit-log": { "get": { "summary": "Get Audit Log", "description": "Retrieve the activity audit trail for your organization. Supports date range and action type filtering.", "operationId": "GetAuditLog", "parameters": [ { "name": "x-api-key", "in": "header", "required": true, "type": "string", "x-ms-summary": "API Key" }, { "name": "x-organization-id", "in": "header", "required": false, "type": "string", "x-ms-summary": "Organization ID" }, { "name": "action", "in": "query", "required": false, "type": "string", "description": "Filter by action type (e.g. create, update, delete)", "x-ms-summary": "Action Filter" }, { "name": "entityType", "in": "query", "required": false, "type": "string", "description": "Filter by entity type (e.g. override, scan, risk)", "x-ms-summary": "Entity Type Filter" }, { "name": "limit", "in": "query", "required": false, "type": "integer", "default": 50, "description": "Maximum records to return", "x-ms-summary": "Limit" } ], "responses": { "200": { "description": "Audit log entries", "schema": { "type": "array", "items": { "type": "object" } } }, "401": { "description": "Unauthorized" } } } }, "/scans/trigger": { "post": { "summary": "Trigger Compliance Scan", "description": "Queue a new compliance scan job via Azure Automation. Returns a job ID that can be used to check scan status.", "operationId": "TriggerScan", "parameters": [ { "name": "x-api-key", "in": "header", "required": true, "type": "string", "x-ms-summary": "API Key" }, { "name": "x-organization-id", "in": "header", "required": false, "type": "string", "x-ms-summary": "Organization ID" }, { "name": "body", "in": "body", "required": false, "schema": { "type": "object", "properties": { "scanType": { "type": "string", "enum": ["M365", "Endpoint", "Graph"], "description": "Type of scan to trigger", "x-ms-summary": "Scan Type" } } } } ], "responses": { "202": { "description": "Scan queued", "schema": { "type": "object", "properties": { "jobId": { "type": "string" }, "status": { "type": "string" } } } }, "401": { "description": "Unauthorized" } } } } }, "x-ms-connector-metadata": [ { "propertyName": "Website", "propertyValue": "https://www.tatersecurity.com" }, { "propertyName": "Privacy policy", "propertyValue": "https://www.tatersecurity.com/privacy.html" }, { "propertyName": "Categories", "propertyValue": "Security;IT Operations" } ] }