Skip to main content

Exchange API Release Notes

Tannen Helmers
Updated

This article contains the list of changes for the ProcessUnity Global Risk Exchange API V2 that have been released in 2025.

 

February 2026

 

Risk Index APIs

 

February 2025

High-Level Summary

As of February 2025, there is a significant update to the Global Risk Exchange. 

  • Customers on API V2 require no changes to utilize API with the Exchange release 
  • Tiers will continue to be ordered via the API
  • Minimal enhancements to V2 (no breaking changes) 
    • Added support for ‘Critical’ (ProcessUnity Critical Cyber Risk Questionnaire - 60 controls)
    • A few new fields added to existing API endpoints (can be utilized, if desired, but not required)
    • No fields have been removed
    • Mapping logic from new Exchange data model to API V2 to continue to return same values

 

Summary of Changes (Detailed Changes Below)

  • Request a third party complete and authorize a questionnaire
    • Ability to request ‘Critical’ and ‘Critical Validated’
  • Search for companies or view a Company on the Exchange
    • Questionnaire name for data available in Exchange may return ‘Critical’
  • Response when adding or viewing companies in your third party portfolio
    • Questionnaire name for data available in Exchange may return ‘Critical’
    • Questionnaire name for data available in portfolio, latest questionnaire, and request status may return ‘Critical’
    • Request progress will no longer return ‘Processing’ or ‘Update in Progress’
  • View detailed assessment and risk information for a company in your third party portfolio
    • When attested controls are available and ‘ATTESTED_PROFILE’ used as calculation basis, results will be returned for attested findings and supplemented with predictive findings when attested not available. Previously, when ‘ATTESTED_PROFILE’ was used as calculation basis, only attested controls were returned
    • Metric data available per control
  • View your priority third parties and their associated controls at risk
    • # of attested controls and # total controls available per framework (replaces concept of % attested)
  • View summary assessment and risk information for a company in your third party portfolio for a specified framework
    • # of attested controls and # of total controls available per framework (replaces concept of % attested)
  • View the overall risk posture of a third party
    • Data available in profile will include # of attested controls, # of total controls, # of attested metrics, and # of total metrics
  • Retrieve and download the file from an export request that is ready
    • The data returned will be aligned to the updated Global Risk Exchange

 

 Ordering Examples for Reference

Request Tier Requests in New Exchange Model
      TIER_1_VALIDATED
  • Assessment Request - ProcessUnity Cyber Risk Questionnaire (with Metrics) – 209 controls + 627 metrics = 836
  • Validation Request
      TIER_2_VALIDATED
  • Assessment Request - ProcessUnity Cyber Risk Questionnaire – 209 controls
  • Validation Request
      TIER_2
  • Assessment Request - ProcessUnity Cyber Risk Questionnaire – 209 controls
      CRITICAL_VALIDATED
  • Assessment Request - ProcessUnity Critical Cyber Risk Questionnaire – 60 controls
  • Validation Request
      CRITICAL
  • Assessment Request - ProcessUnity Critical Cyber Risk Questionnaire – 60 controls

 

 

Detailed Changes

Endpoint(s) with updates

Note: Ability to order on non-ProcessUnity frameworks available in the Exchange (custom, standard, industry profiles, etc.) will NOT be supported in API v2. This endpoint will be replaced in API V3 with ability to order on Exchange frameworks

  • https://api.cybergrx.com/#get-/v2/company/companies
  • https://api.cybergrx.com/#get-/v2/company/companies/-company_id-
    • data_available_in_exchange/questionnaire_name
      • Addition of values in response
        • CRITICAL
      • Value will no longer be supported in response
        • TIER_3
      • Full list of available values in response
        • TIER_1
        • TIER_2
        • CRITICAL
  • https://api.cybergrx.com/#get-/v2/portfolio/third-parties
  • https://api.cybergrx.com/#post-/v2/portfolio/third-parties
  • https://api.cybergrx.com/#get-/v2/portfolio/third-parties/-company_id-
  • https://api.cybergrx.com/#put-/v2/portfolio/third-parties/-company_id-
  • https://api.cybergrx.com/#patch-/v2/portfolio/third-parties/-company_id-
    • data_available_in_exchange/questionnaire_name
      • Addition of values in response
        • CRITICAL
      • Value will no longer be supported in response
        • TIER_3
      • Full list of available values in response
        • TIER_1
        • TIER_2
        • CRITICAL
    • latest_questionnaire/questionnaire_name
      • Addition of values in response
        • CRITICAL
      • Value will no longer be supported in response
        • TIER_3
      • Full list of available values in response
        • TIER_1
        • TIER_2
        • CRITICAL
    • request_status/questionnaire_name
      • Addition of values in response
        • CRITICAL
      • Value will no longer be supported in response
        • TIER_3
      • Full list of available values in response
        • TIER_1
        • TIER_2
        • CRITICAL
    • request_status/request_progress
      • Value will no longer be supported in response
        • PROCESSING
        • UPDATE_IN_PROGRESS
      • Full list of available values in response
        • NOT_CREATED
        • NOT_STARTED
        • IN_PROGRESS
        • COMPLETED
  • https://api.cybergrx.com/#post-/v2/portfolio/third-parties/-company_id-/requests
    • questionnaire_name
      • Addition of values in response
        • CRITICAL
      • Value will no longer be supported in response
        • TIER_3
      • Full list of available values in response
        • TIER_1
        • TIER_2
        • CRITICAL
    • request_status/request_progress
      • Value will no longer be supported in response
        • PROCESSING
        • UPDATE_IN_PROGRESS
      • Full list of available values in response
        • NOT_CREATED
        • NOT_STARTED
        • IN_PROGRESS
        • COMPLETED
  • https://api.cybergrx.com/#get-/v2/reporting/priority-third-parties/-framework_id-
    • New fields
      • framework_cyber_controls_attested – The number of attested controls in the selected framework for the third party
      • framework_cyber_controls_total – The number of total controls in the selected framework 
  • https://api.cybergrx.com/#get-/v2/portfolio/third-parties/-company_id-/risk-navigator/-framework_id-/summary
    • New fields
      • framework_cyber_controls_attested – The number of attested controls in the selected framework for the third party
      • framework_cyber_controls_total – The number of total controls in the selected framework 
  • https://api.cybergrx.com/#get-/v2/portfolio/third-parties/-company_id-/risk-navigator/-framework_id-
    • New fields
      • metrics – This section shows the list of metrics associated with the control. There are three metrics associated with each control.
        • metric_category – Category for the metric. Categories include Coverage, Strength, or Timeliness
        • metric_number – Unique identifier for the metric
        • content_name – High level name for the metric
        • content_prompt – The question for the metric that is displayed to the third party
        • options – This section shows the list of possible answer options for each metric
          • option – Text of the answer option presented to the third party
          • answered – The response to the answer option. Returns ‘true’ or ‘false’
          • order – Number representing the order the answer options are displayed to the third party
    • Update to existing field
      • question_comment – Updated to show the most recent comment rather than the oldest comment
    • Behavior change when ‘ATTESTED_PROFILE’ used as calculation_basis
      • When attested controls are available, results will be returned for attested findings and supplemented with predictive findings when attested not available.  Previously, when ‘ATTESTED_PROFILE’ was used as calculation basis, only attested controls were returned.
  • https:// api.cybergrx.com/#get-/v2/portfolio/third-parties/-company_id-/risk-profile
    • New fields
      • cyber_controls_attested – Number of cyber controls attested
      • cyber_controls_total – Total number of cyber controls
      • cyber_metrics_attested – Number of cyber metrics attested
      • cyber_metrics_total – Total number of cyber metrics
  • https:// api.cybergrx.com/#get-/v2/reporting/exports/-export_id-/download
    • The data returned will be aligned to the updated Global Risk Exchange as of February 2025

 

Mapping Differences in API V2

Mapping logic from new Exchange data model to API v2 implemented to return same values. Data model is completely different post the February Exchange release. Therefore, migration data will have some differences:

  • Tier 3 values will never be returned in API
  • Request progress values of ‘Processing’ and ‘Update In Progress’ will no longer be returned (Minimal impact on legacy request)
  • Data Available in Exchange – If not available, will be an empty array rather than an object with all NULLS
  • Validation request and assessment request will have same value for order purposes. 
    • In the February Exchange release, if a third party approves the assessment request but denies the validation request, then request status will show ‘NOT CREATED’. Customer will need to contact exchangesupport@processunity.com or reorder without validation.
  • Questionnaire Progress Percentage
    • Legacy tiers will be 100% complete if owner attested
    • All other requests will use full Cyber Controls Risk Domain framework + Metrics (209+627=836) to calculate progress even though it may never be 100%. 
      • Example: if completed critical controls, would calculate as 7.17% (60/836) 

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles