Changelog
Back to All

ControlMap API – Assessment & Query Surface Changes

April 6th, 2026

Summary

Introduces new assessment-related endpoints across ControlMap, including client and partner assessment summaries, assessment question retrieval and search, answer management, mapping operations, and assessment responses. This release also deprecates several legacy GET list endpoints in favor of POST-based querying patterns and adds a new refresh_status field to evidence responses.

Changes

ControlMap

  • Assessment controller

    • Partner assessment summary endpoint added
    • Type: addition
    • Notes: Adds GET /controlmap/v1/clients/assessments/common/summary for partner-level assessment overview across clients.

  • Assessment controller

    • Client assessment summary endpoint added
    • Type: addition
    • Notes: Adds GET /controlmap/v1/clients/{client_id}/assessments/common/summary for client-specific assessment summary retrieval.

  • Assessment controller

    • Assessment question search endpoint added
    • Type: addition
    • Notes: Adds POST /controlmap/v1/clients/{client_id}/assessments/common/questions/search for filtered and paginated assessment question queries.

  • Assessment controller

    • Assessment question detail endpoint added
    • Type: addition
    • Notes: Adds GET /controlmap/v1/clients/{client_id}/assessments/common/questions/{question_code} for retrieving a single assessment question by code.

  • Assessment controller

    • Assessment answer management endpoints added
    • Type: addition
    • Notes: Adds PUT and DELETE /controlmap/v1/clients/{client_id}/assessments/common/questions/{question_code}/answer to save and clear answers for an assessment question.

  • Assessment controller

    • Assessment mapping endpoints added
    • Type: addition
    • Notes: Adds POST and DELETE /controlmap/v1/clients/{client_id}/assessments/common/questions/{question_code}/mappings to map and unmap assessment questions to evidences, action items, policies, and procedures.

  • Assessment controller

    • Assessment response endpoints added
    • Type: addition
    • Notes: Adds POST and PATCH /controlmap/v1/clients/{client_id}/assessments/common/questions/{question_code}/responses, plus DELETE /controlmap/v1/clients/{client_id}/assessments/common/questions/{question_code}/responses/{response_id}, for creating, updating, and deleting assessment question responses.

  • Evidence controller

    • refresh_status added to evidence response
    • Type: addition
    • Notes: EvidenceResponse now includes refresh_status, allowing clients to surface evidence freshness state.

  • Evidence controller

    • Legacy GET list endpoint deprecated
    • Type: deprecation
    • Notes: GET /controlmap/v1/clients/{client_id}/evidences is now deprecated. Consumers should move toward the POST search/query pattern where applicable.

  • Risk controller

    • Legacy GET list endpoint deprecated
    • Type: deprecation
    • Notes: GET /controlmap/v1/clients/{client_id}/risks is now deprecated in favor of the existing POST-based query pattern.

  • Action Item controller

    • Legacy GET list endpoint deprecated
    • Type: deprecation
    • Notes: GET /controlmap/v1/clients/{client_id}/action-items is now deprecated in favor of the existing POST-based query pattern.

Dates

  • Effective: [2026-04-06]