Get the history of changes for a risk

GET

/v1/risks/{id}/history

• Production
• Staging
• Local

Parameters

Path Parameters

id

required

string

String-formatted RiskId, i.e. RSK-1, RSK-00001

Example

RSK-1

Query Parameters

page

integer | null format: int64

page_size

integer | null format: int64

Responses

200

List the risk history

Response for listing history entries

object

entries

required

Array<object>

A single entry in the history list, representing a set of simultaneous changes to an item

object

changes

required

Array

One of:

object

Generic text or enum-display field (status, severity, title, description, …).

object

field

required

string

kind

required

string

Allowed values: text

new

string | null

old

string | null

object

Date / timestamp field. Frontend formats via <Timestamp />.

object

field

required

string

kind

required

string

Allowed values: date

new

string | null format: date-time

old

string | null format: date-time

object

User-assignment field. Frontend renders via <UserChip />.

object

field

required

string

kind

required

string

Allowed values: user

new

One of:

null

null

object

A User as returned by the API.

Profile images are not embedded — clients fetch them from GET /api/v1/{icon} when icon is Some.

object

email

required

string

first_name

required

string

icon

Relative path to the user’s avatar endpoint, e.g. "users/{id}/avatar?v={hash}". None when the user has no avatar.

string | null

id

required

string format: uuid

last_name

required

string

old

One of:

null

null

object

A User as returned by the API.

Profile images are not embedded — clients fetch them from GET /api/v1/{icon} when icon is Some.

object

email

required

string

first_name

required

string

icon

Relative path to the user’s avatar endpoint, e.g. "users/{id}/avatar?v={hash}". None when the user has no avatar.

string | null

id

required

string format: uuid

last_name

required

string

object

Threat-objective set change, computed as a set diff over HashSet<ThreatObjectiveRelation>.

object

added

required

Array<object>

A relational struct that has a threat objective type and its relevancy to a risk.

PartialEq, Eq, and Hash are implemented manually to exclude created_date, which is metadata about when the relation was mutated — not part of the identity.

object

created_date

The time that this relation was mutated

string | null format: date-time

relevance

One of:

null

null

string

The relevancy of the threat objective to the risk. Typically a value of 1, or 2. While the relevancy is null the the database, implementations of retrieving this from postgres should ignore null values.

string

Allowed values: Moderate Substantial

threat_objective

required

The threat objective type

string

Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

field

required

string

kind

required

string

Allowed values: threat_objectives

removed

required

Array<object>

A relational struct that has a threat objective type and its relevancy to a risk.

PartialEq, Eq, and Hash are implemented manually to exclude created_date, which is metadata about when the relation was mutated — not part of the identity.

object

created_date

The time that this relation was mutated

string | null format: date-time

relevance

One of:

null

null

string

The relevancy of the threat objective to the risk. Typically a value of 1, or 2. While the relevancy is null the the database, implementations of retrieving this from postgres should ignore null values.

string

Allowed values: Moderate Substantial

threat_objective

required

The threat objective type

string

Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

is_creation

required

True only for the actual first (creation) history row. False for all subsequent rows, including dummy rows inserted by touch_history() when a comment is added.

boolean

timestamp

required

string format: date-time

user

required

A User as returned by the API.

Profile images are not embedded — clients fetch them from GET /api/v1/{icon} when icon is Some.

object

email

required

string

first_name

required

string

icon

Relative path to the user’s avatar endpoint, e.g. "users/{id}/avatar?v={hash}". None when the user has no avatar.

string | null

id

required

string format: uuid

last_name

required

string

num_pages

required

integer format: int64

page

required

integer format: int64

page_size

required

integer format: int64

total

required

integer format: int64

400

AKRs do not support history

404

Risk not found