Hyperproof API
Hyperproof is compliance, risk, and audit management software used by security, compliance, and risk teams to design controls, collect evidence, manage audits, assess risks, and maintain continuous compliance across frameworks like SOC 2, ISO 27001, HIPAA, and PCI. An unofficial API l
What is Hyperproof?
Hyperproof is a cloud platform for GRC that centralizes compliance operations, continuous controls monitoring, risk management, and audit coordination. Teams use Hyperproof to map controls to frameworks, collect and validate evidence, run internal audits, manage external audit PBC lists, track risks and remediation, and maintain ongoing compliance across security and regulatory obligations.
Core product areas include:
- Compliance Management (Programs, Frameworks, Requirements, Controls, Policies, Tasks)
- Continuous Controls Monitoring (Automated Evidence Collection, Integrations, Control Health)
- Audit Management (Audits, Request Lists/PBCs, Findings, Review/Approval Workflows)
- Risk Management (Risk Register, Assessments, Mitigations, Issues)
- Collaboration & Governance (Owners, Roles/Permissions, Notifications, Reporting)
Common data entities:
- Users, Teams, Roles/Permissions (Admins, Control Owners, Auditors)
- Programs (e.g., SOC 2, ISO 27001), Frameworks, Requirements
- Controls (metadata, mappings, owners, frequency, health)
- Control Tests and Evidence (periods, methods, attachments, reviewers)
- Policies and Exceptions
- Risks (likelihood, impact, score, treatment, linked controls)
- Audits (audit plans, request lists/PBC items, findings, statuses)
- Issues and Remediation Tasks
The Hyperproof Integration Challenge
Security and compliance teams rely on Hyperproof daily, but turning portal-based workflows into API-driven automation is non-trivial:
- Role-aware portals: Admins, control owners, and auditors each see different objects, states, and permissions
- Compliance rigor: Evidence periods, review states, and control health require careful modeling and status transitions
- Portal-first features: Audit requests, findings, and attestations are optimized for front-end flows
- Authentication complexity: SSO/MFA and session lifecycles complicate headless automation
- Data spread: Key objects span frameworks, controls, evidence, risks, and audits with context across multiple views
How Supergood Creates Hyperproof APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Hyperproof tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements and role-based permissions to ensure compliant access
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened Hyperproof adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as Hyperproof evolves.
API Endpoints
Authentication
/sessionsEstablish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
Authentication
/sessions/refreshRefresh an existing token to keep sessions uninterrupted.
Controls
/controlsList controls with filters, framework mappings, owners, and health.
Evidence
/controls/{controlId}/evidenceCreate an evidence item linked to a control with collection details, period coverage, and attachments.
Risks
/risksCreate a risk entry with scoring, treatment plan, and links to mitigating controls.
Audit Requests
/audits/{auditId}/requestsCreate an audit PBC request with due dates, assignees, and linkage to frameworks/controls.
Use Cases
Controls & Framework Data Sync
- Mirror programs, frameworks, requirements, and controls into your internal systems - Keep control metadata current for analytics, reporting, and board dashboards - Normalize owners, frequencies, and mappings across multi-framework compliance
Evidence Automation & Continuous Monitoring
- Create evidence items programmatically from your systems (Okta logs, AWS CloudTrail, Jira tickets) - Schedule control tests, track review states, and push results back to Hyperproof - Attach documents, enforce checksum validation, and retain audit trails
Risk Register & Issues Automation
- Populate risks with scores from your platform’s detections or assessments - Link risks to mitigating controls and assign remediation tasks - Update residual risk after mitigation and drive SLA alerts
Audit Management & PBC Coordination
- Generate audit request lists and route tasks to owners - Sync evidence submissions and approval status into your workflow tools (e.g., ServiceNow, Jira) - Track findings and exceptions, drive follow-ups, and update audit progress
Technical Specifications
Authentication
Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
Response format
JSON with consistent resource schemas and pagination across modules
Rate limits
Tuned for enterprise throughput while honoring customer entitlements and usage controls
Session management
Automatic reauth and cookie/session rotation with health checks
Data freshness
Near real-time retrieval of frameworks, controls, evidence, risks, and audit objects
Security
Encrypted transport, scoped tokens, and audit logging; respects Hyperproof role-based permissions
Webhooks
Optional asynchronous delivery for long-running workflows (e.g., evidence reviews, audit request updates)
Latency
Sub-second responses for list/detail queries under normal load
Throughput
Designed for high-volume control/evidence sync and risk/audit processing
Reliability
Retry logic, backoff, and idempotency keys minimize duplicate actions
Adaptation
Continuous monitoring for UI/API changes with rapid adapter updates
Frequently asked questions
Supergood supports workflows across commonly used modules such as Compliance Management (Programs, Frameworks, Requirements, Controls, Policies), Continuous Controls Monitoring (Evidence, Control Tests, Health), Audit Management (Audits, PBC Request Lists, Findings), and Risk Management (Risk Register, Issues), subject to your licensing and entitlements. We scope coverage during integration assessment.
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Yes. We commonly integrate with systems such as Okta, AWS, Jira, GitHub, and ServiceNow. We normalize evidence metadata and request states to match your schema, deliver updates via webhooks or polling, and honor rate and permission constraints.
Yes. Control health, evidence periods, test results, and review/approval states are modeled consistently in our normalized responses, with status transitions guarded by idempotency and validation rules.