List all AKRs (Adversarial Key Risks).

GET

/v1/risks/akr

• Production
• Staging
• Local

Parameters

Query Parameters

id

Array<integer>

title_contains

string | null

description_contains

string | null

free_text_contains

string | null

id_contains

string | null

status

array | null

Allowed values: New Urgency Proposed Remediation Closure Proposed Closed

likelihood

array | null

Allowed values: Remote Unlikely Possible Probable Imminent

impact

array | null

Allowed values: Very Low Low Medium High Severe

urgency

array | null

Allowed values: Info Low Medium High Critical

source

array | null

threat_objectives

array | null

Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

created_date

array | null

updated_date

array | null

discovered_date

array | null

due_date

array | null

expected_date

array | null

closed_date

array | null

assigned_to

array | null

order_by

string | null

page

integer | null format: int64

page_size

integer | null format: int64

Responses

200

List AKRs with register-context fields

Paginated response for the AKR register.

object

key_risks

Array<object>

default:

Register row for Adversarial Key Risks (AKRs). A KeyRisk plus the relational data shown on the AKR register: threat objectives, incident associations, and comment count. AKRs cannot be tagged.

object

comments

required

integer format: int64

incident_associations

required

Array<string>

Example

INC-00001

key_risk

required

The core view of an Adversarial Key Risk (AKR).

Relational data — threat objectives, comments, and incident associations — is exposed on KeyRiskRegisterEntry, not here.

object

assigned_to

One of:

null

null

object

A User as returned by the API.

Profile images are not embedded — clients fetch them from GET /api/v1/{icon} when icon is Some.

object

email

required

string

first_name

required

string

icon

Relative path to the user’s avatar endpoint, e.g. "users/{id}/avatar?v={hash}". None when the user has no avatar.

string | null

id

required

string format: uuid

last_name

required

string

closed_date

string | null format: date-time

control_statement

string | null

created_date

required

string format: date-time

description

required

string

discovered_date

required

string format: date-time

due_date

string | null format: date-time

expected_date

string | null format: date-time

id

required

string

Example

AKR-00001

impact

One of:

null

null

string

string

Allowed values: Very Low Low Medium High Severe

likelihood

One of:

null

null

string

string

Allowed values: Remote Unlikely Possible Probable Imminent

remediation_task

string | null

status

required

The status of a risk

string

Allowed values: New Urgency Proposed Remediation Closure Proposed Closed

title

required

string

type

required

string

Allowed values: Code Configuration Control Deficiency Policy Procedural Vulnerability Third-party

updated_date

required

string format: date-time

urgency

One of:

null

null

string

Derived from likelihood and impact. Null when either is missing.

string

Allowed values: Info Low Medium High Critical

threat_objectives

required

Array<object>

A relational struct that has a threat objective type and its relevancy to a risk.

PartialEq, Eq, and Hash are implemented manually to exclude created_date, which is metadata about when the relation was mutated — not part of the identity.

object

created_date

The time that this relation was mutated

string | null format: date-time

relevance

One of:

null

null

string

The relevancy of the threat objective to the risk. Typically a value of 1, or 2. While the relevancy is null the the database, implementations of retrieving this from postgres should ignore null values.

string

Allowed values: Moderate Substantial

threat_objective

required

The threat objective type

string

Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

total

integer

0