Go beyond pre-built integrations.
Use the Thirdsentry API to connect to any object in your account. Then take it further with Custom Integrations — create and map custom resources from any tool or system, including ones we don't natively support.
# Push custom evidence from any system
curl -X POST https://api.thirdsentry.com/v1/evidence \
-H "Authorization: Bearer $TS_API_KEY" \
-H "Idempotency-Key: ev-2026-q1-pen-test" \
-H "Content-Type: application/json" \
-d '{
"control_ids": ["CC7.1", "CC7.4"],
"type": "pen_test_report",
"source": "internal-redteam-tool",
"url": "https://files.yourco.com/q1-pentest.pdf"
}'Pre-built integrations get you 80%. The API gets you to 100%.
Every regulated mid-market team has at least one system no vendor has a native integration for — an internal pen-test tool, a legacy HRIS, a homegrown ticketing system, an obscure SaaS the CFO insisted on. The API is how that data still becomes audit evidence.
Push raw data in. Thirdsentry handles normalization, mapping, and continuous testing. Audit-ready output, regardless of where the source lives.
- No data silos — every system in scope, no exceptions
- Engineering writes the integration once, never again
- Same audit guarantees as native integrations
Bring in data from any system
Cloud, on-prem, hybrid, or homegrown — push data in, get audit-ready out.
Ingest from any source via REST endpoint or CSV upload. Thirdsentry handles normalization, mapping, and testing for compliance-related resources — personnel, devices, training records, cloud resources. Anything else gets ingested as a Custom resource, ready for your own schema and tests.
personneldevicestraining_recordscloud_resourcesincident_ticketsAutomate evidence collection at scale
Stop manually uploading evidence when a native integration doesn't exist.
Custom Integrations let you ingest, normalize, and continuously monitor data from the systems your teams already use. No more spreadsheets, no more screenshot uploads, no more 'we'll get to it before the audit.'
Tailor compliance automation to your environment
Custom schemas. Custom tests. Aligned to your internal policies.
Define custom schemas for the resources from your custom integrations. Write custom automated tests against the criteria that matter for your business — internal policies, regulatory requirements, contractual SLAs. The platform runs them on a schedule and surfaces failures.
incident_ticketsseverity == "critical" → resolved_at < 24hSimplify development, save engineering time
Auto-detected resource types. Inferred schemas. Real debug logs.
Our platform infers the structure of incoming resources, suggests schemas, and gives you clear error messages when something is wrong (with hints — not just status codes). A live request log streams every call so you can debug without combing through CloudWatch.
Save time and reduce risk of human error
Automate workflows end-to-end.
Build custom scripts and bots that send evidence to Thirdsentry, pull data into Slack and Jira, or trigger remediation workflows on schedule. The API exposes objects across frameworks, tests, vendors, controls, and more. Less manual work, less error, defensible evidence trail.
Authentication and authorization
Provision or revoke API keys instantly.
API keys inherit the calling user's role via RBAC. Issue keys scoped to read or write, rotate them on demand, revoke instantly from the dashboard. Every key operation writes an AuditLog entry. The same AUDITOR mutation guard that protects in-app actions protects API surface.
tsk_ci-pipeline_…write2 min agoActivetsk_data-warehouse_…read1h agoActivetsk_evidence-bot_…write12h agoActivetsk_old-integration_…read47 days agoRevokedSee it on your data.
30-minute walkthrough. We'll show you how the API + Custom Integrations close the gap your existing TPRM platform leaves open.