Resilira
Sign inStart free
Docs

Developers

REST API

A read-only, org-scoped REST API for pulling your BCM program data into spreadsheets, BI tools and GRC pipelines.

The Resilira REST API is read-only and scoped to a single organisation — every request returns only the data belonging to the org that owns the API key. It is intended for syncing your continuity program (processes, risks, plans) into BI dashboards, audit workpapers or downstream GRC tooling. It is available on the Business plan and above.

  • Base URL: https://app.resilira.com/api/v1
  • Auth: bearer API key in the Authorization header
  • Format: JSON; every list response is wrapped in a { "data": [...] } envelope
  • Methods: GET only (read-only) — there are no write endpoints

Authentication

Create a key in Settings → API. The full secret (format rsk_live_<id>_<secret>) is shown once at creation — copy it then; only a hash is stored, so it can never be retrieved again. If you lose it, revoke the key and create a new one. Pass it as a bearer token on every request:

curl https://app.resilira.com/api/v1/processes \
  -H "Authorization: Bearer rsk_live_a1b2c3d4_xxxxxxxxxxxxxxxxxxxxxxxx"
Treat the key like a password: it grants read access to your whole org's program data. Keep it server-side, never commit it, and revoke it immediately in Settings → API if exposed.

Endpoints

GET /api/v1/processes — business processes with their derived BIA objectives, ordered by criticality tier. Each item: id, name, tier, rto_minutes, rpo_minutes, mtpd_minutes, criticality_score.

{
  "data": [
    {
      "id": "9b1c…",
      "name": "Payment processing",
      "tier": 1,
      "rto_minutes": 240,
      "rpo_minutes": 60,
      "mtpd_minutes": 1440,
      "criticality_score": 18
    }
  ]
}

GET /api/v1/risks — risks with likelihood × impact scoring, ordered by inherent score (highest first). Each item: id, title, status, likelihood, impact, inherent_score.

GET /api/v1/plans — continuity plans with lifecycle state, ordered by most recently updated. Each item: id, title, type, status, version, review_due_at, approved_at.

GET /api/v1/openapi — the full machine-readable OpenAPI 3.1 description of the API. Point Postman, Insomnia or a code generator at it. This endpoint does not require authentication.

Rate limits

Requests are limited to 120 per minute per API key. Exceeding the limit returns 429 Too Many Requests; retry after the current minute window resets. The API is read-only and org-scoped, so a key can never read or modify another organisation's data.

Errors

Errors return the matching HTTP status with a JSON body of the shape { "error": "message" }.

  • 200 — OK; the response body contains the data envelope.
  • 401 — the API key is missing, malformed, or revoked.
  • 403 — the org is not on the Business plan (or above), so the API entitlement is not active.
  • 429 — rate limit exceeded (120 requests/minute per key).

Versioning

The API is versioned in the path (/api/v1). Additive, backward-compatible changes (new endpoints, new fields) ship within v1; any breaking change would be introduced under a new version prefix.