Unlocking the Power of Integration

If your organisation has purchased the ISMS.online Integrations Package, you gain access to our public API—a flexible way to connect ISMS.online with your other business systems. Whether you're using in-house development resources or a third-party integration platform, the public API enables seamless data exchange and workflow automation across tools.

What Can the API Do?

The API currently supports interaction with any Track in ISMS.online. Common use cases include:

  • Raising security incidents directly from another system to centralise visibility and incident response.
  • Sending threats or vulnerabilities from threat intelligence tools into ISMS.online for coordinated monitoring and resolution.
  • Automatically updating your asset inventory by syncing data from your existing asset management solution.

Supported fields for new Track items include:

  • Name
  • Description
  • Due date
  • Category assignment
  • User assignment

We’ll continue to release additional API endpoints over time to support more integration scenarios.

Developer Documentation

Our developer portal provides comprehensive, step-by-step guidance for using the API. It includes clear instructions, practical code examples, and helpful resources to support developers of all experience levels.


What’s Included in the Integrations Package?

In addition to the public API, the Integrations Package also includes support for:

To learn more or to purchase the package, visit our Marketplace, contact your Customer Success Manager, or email the support team at support@isms.online.

Granting API Key Permissions

Any platform user can be given permission to generate API keys. This must be enabled by an Organisation Administrator using the steps below:


  • From the top-right menu, select Organisation Settings



  • Go to the Users tab


  • Select the relevant user and open the User Settings tab



  • Under the API Keys section, tick the checkbox to allow key generation, then Save




Generating an API Key

Once permission has been granted, users can generate a new API key by:

  • Navigating to their User Preferences page
  • Clicking Generate new API Key



  • Entering a label and selecting an expiry period



  • Copying the API key when presented—this is the only time the key will be visible

Please ensure you copy the key immediately, as it cannot be retrieved later for security reasons.


Key Management and Considerations

  • Each application you connect requires a separate API key.
  • API keys are scoped by access—users can only perform actions in Tracks they have access to.
  • Users can revoke their own API keys at any time. Only Organisation Administrators can revoke keys issued to other users.
  • Revoking an API key or removing a user’s key generation permission will immediately disable all API activity associated with that key.

If you have any questions about using the public API or setting up integrations, our support team is happy to help. Reach out via support@isms.online or use the live chat within the platform.