Skip to main content
Create, read, update, and delete NERC CIP cyber assets via the Raptor Comply API. Keep your CMDB in sync with your live compliance inventory.
Cyber assets are the individual hardware and software components - RTUs, HMIs, servers, applications, and networking devices - that make up your BES Cyber Systems. Full create, read, update, and delete access is available today, making the /cyber-assets endpoints the primary integration surface for keeping your downstream CMDB synchronized with your live Raptor Comply compliance inventory.
Every request to the Raptor Comply API requires the X-API-Key header. See Authentication for setup instructions.

Available endpoints

List all cyber assets

GET /cyber-assets Returns an array of all cyber assets belonging to your organization. Use this endpoint to load your full compliance inventory - for example, to diff it against your CMDB, feed a SIEM, or populate a reporting dashboard.

Request

No path or query parameters are required. Include your authentication headers on every request. 
curl --request GET \
  --url https://api.raptormaps.com/cyber-assets \
  --header 'X-API-Key: YOUR_API_KEY'

Response

Returns 200 OK with a JSON array of cyber asset objects.
id
string
Unique identifier for the cyber asset, prefixed with ca_.
name
string
Human-readable name or hostname of the asset, e.g. RTU-PLANT-01.
cyber_system_id
string
The unique identifier of the BES Cyber System this asset belongs to. Use GET /cyber-systems/{id} to look up system details.
asset_type
string
The classification of the asset. Common values include hardware and software.
organization_slug
string
The slug of the organization that owns this cyber asset.
[
  {
    "id": "ca_01GHI...",
    "name": "RTU-PLANT-01",
    "cyber_system_id": "cs_01DEF...",
    "asset_type": "hardware",
    "organization_slug": "acme-utility"
  }
]

Create a cyber asset

POST /cyber-assets Creates a new cyber asset in your Raptor Comply compliance inventory. Use this endpoint whenever a new device or software component is commissioned at a site, so your compliance record stays current without manual data entry in the platform UI.

Request body

name
string
required
A unique, human-readable name or hostname for the asset, e.g. RTU-PLANT-01. This value appears throughout the Raptor Comply UI and in compliance reports.
cyber_system_id
string
required
The unique identifier of the BES Cyber System this asset belongs to, e.g. cs_01DEF.... The asset inherits the impact rating of its parent system. You can list available systems with GET /cyber-systems.
asset_type
string
required
The classification of the asset. Accepted values are hardware and software. Hardware covers physical devices such as RTUs, PLCs, HMIs, and networking equipment. Software covers applications and operating systems classified under a BCS.

Request

curl --request POST \
  --url https://api.raptormaps.com/cyber-assets \
  --header 'X-API-Key: YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "RTU-PLANT-01",
    "cyber_system_id": "cs_01DEF...",
    "asset_type": "hardware"
  }'

Response

Returns 201 Created with the newly created cyber asset object.
id
string
The system-assigned unique identifier for the new cyber asset, prefixed with ca_.
name
string
The name you provided.
cyber_system_id
string
The BES Cyber System the asset was assigned to.
asset_type
string
The asset classification you provided.
organization_slug
string
The slug of the organization that owns this cyber asset.
{
  "id": "ca_01GHI...",
  "name": "RTU-PLANT-01",
  "cyber_system_id": "cs_01DEF...",
  "asset_type": "hardware",
  "organization_slug": "acme-utility"
}

Get a single cyber asset

GET /cyber-assets/{id} Returns a single cyber asset by its unique identifier. Use this endpoint to fetch the current state of a specific asset - for example, to verify a record before updating it, or to resolve an asset ID received from a webhook or integration event.

Path parameters

id
string
required
The unique identifier of the cyber asset, e.g. ca_01GHI.... You can obtain this value from the id field returned by GET /cyber-assets or from the 201 response body after creating an asset.

Request

curl --request GET \
  --url https://api.raptormaps.com/cyber-assets/ca_01GHI... \
  --header 'X-API-Key: YOUR_API_KEY'

Response

Returns 200 OK with a single cyber asset object.
id
string
Unique identifier for the cyber asset.
name
string
Human-readable name or hostname of the asset.
cyber_system_id
string
The unique identifier of the BES Cyber System this asset belongs to.
asset_type
string
The classification of the asset: hardware or software.
organization_slug
string
The slug of the organization that owns this cyber asset.
{
  "id": "ca_01GHI...",
  "name": "RTU-PLANT-01",
  "cyber_system_id": "cs_01DEF...",
  "asset_type": "hardware",
  "organization_slug": "acme-utility"
}

Update a cyber asset

PATCH /cyber-assets/{id} Partially updates a cyber asset. Send only the fields you want to change - any fields you omit remain unchanged. Use this endpoint to reflect hardware replacements, hostname changes, reclassifications, or reassignments to a different BES Cyber System.

Path parameters

id
string
required
The unique identifier of the cyber asset to update, e.g. ca_01GHI....

Request body

All body fields are optional. Include only the fields you want to update.
name
string
An updated name or hostname for the asset.
cyber_system_id
string
The unique identifier of the BES Cyber System to reassign this asset to. Use this when an asset is moved between systems during a reclassification exercise.
asset_type
string
An updated asset classification. Accepted values are hardware and software.

Request

The example below renames an existing asset without touching any other fields. 
curl --request PATCH \
  --url https://api.raptormaps.com/cyber-assets/ca_01GHI... \
  --header 'X-API-Key: YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "RTU-PLANT-01-REPLACED"
  }'

Response

Returns 200 OK with the full updated cyber asset object reflecting all current field values. 
{
  "id": "ca_01GHI...",
  "name": "RTU-PLANT-01-REPLACED",
  "cyber_system_id": "cs_01DEF...",
  "asset_type": "hardware",
  "organization_slug": "acme-utility"
}

Delete a cyber asset

DELETE /cyber-assets/{id} Permanently removes a cyber asset from your Raptor Comply compliance inventory. Use this endpoint when a device is decommissioned or a software component is retired, so your compliance record accurately reflects your current environment.
Deletion is permanent. Once you delete a cyber asset it cannot be recovered via the API. If you need to retain historical compliance records, archive or export the asset data before deleting.

Path parameters

id
string
required
The unique identifier of the cyber asset to delete, e.g. ca_01GHI....

Request

curl --request DELETE \
  --url https://api.raptormaps.com/cyber-assets/ca_01GHI... \
  --header 'X-API-Key: YOUR_API_KEY'

Response

Returns 204 No Content on success. The response body is empty. If no asset with the given ID exists, the API returns 404 Not Found.

Coming soon

The following endpoints exist in the Raptor Comply API but are not yet available via API-key authentication. They are documented here so you can plan bulk-import and scoped-query workflows in advance. Subscribe to release notes to be notified when each batch becomes available.
The endpoints below are coming soon and are not yet accessible with your API key. Requests to these paths will not succeed. Check back for updates.

Download the CSV import template

GET /cyber-assets/import/template Operation: getCyberAssetsImportTemplate - Downloads a pre-formatted CSV template you can populate and submit to the bulk import endpoint.

List cyber assets by system

GET /cyber-systems/{cyberSystemId}/cyber-assets Operation: getCyberAssetsBySystem - Returns all cyber assets belonging to the specified BES Cyber System. Useful for scoped inventory queries without filtering the full asset list client-side.

Bulk import cyber assets for a system

POST /cyber-systems/{cyberSystemId}/cyber-assets/import Operation: importCyberAssets - Bulk-creates cyber assets under the specified BES Cyber System from a CSV file. Use the GET /cyber-assets/import/template endpoint to obtain the correct CSV format before submitting.

List cyber assets by facility

GET /facilities/{facilityId}/cyber-assets Operation: getCyberAssetsByFacility - Returns all cyber assets associated with the specified facility, across all BES Cyber Systems at that site.

Export cyber assets for a facility as CSV

GET /facilities/{facilityId}/cyber-assets/export Operation: exportCyberAssetsCsv - Exports all high- and medium-impact cyber assets at the specified facility as a downloadable CSV file. Useful for offline compliance reporting or handoff to auditors.

Export low-impact cyber assets for a facility as CSV

GET /facilities/{facilityId}/cyber-assets/export-low Operation: exportLowCyberAssetsCsv - Exports all low-impact cyber assets at the specified facility as a downloadable CSV file. Use this alongside exportCyberAssetsCsv to produce a complete facility-level asset export separated by impact tier.

List cyber assets by control center

GET /control-centers/{controlCenterId}/cyber-assets Operation: getCyberAssetsByControlCenter - Returns all cyber assets associated with the specified control center, across all BES Cyber Systems under that operational hub.

Export cyber assets for a control center as CSV

GET /control-centers/{controlCenterId}/cyber-assets/export Operation: exportControlCenterCyberAssetsCsv - Exports all high- and medium-impact cyber assets associated with the specified control center as a downloadable CSV file.

Export low-impact cyber assets for a control center as CSV

GET /control-centers/{controlCenterId}/cyber-assets/export-low Operation: exportControlCenterLowCyberAssetsCsv - Exports all low-impact cyber assets associated with the specified control center as a downloadable CSV file. Use alongside exportControlCenterCyberAssetsCsv for a complete control-center-level asset export separated by impact tier.