Certification Data API
Documented programmatic access to FedRAMP Certification Data (CDS-TRC-PAC). Machine-readable spec: OpenAPI 3 (JSON).
Getting access
Public data needs no credentials: GET /public_info.json and
GET /status.json.
Interactive users: provision yourself at /request-access (federal .gov/.mil; automatic; customers; reviewed under NDA), then sign in at /auth/login. Your session authorizes the same API endpoints.
Machine clients (agency systems, automation): request Feed.Reader
client credentials from security@virtualdojo.com
(issued under the access agreement). Then obtain a token via the OAuth 2.0
client-credentials flow against the VirtualDojo Entra tenant and call the API with
Authorization: Bearer <token>. Every access is logged (CDS-TRC-ACL).
Endpoints
| Endpoint | Auth | Description |
|---|---|---|
GET /public_info.json |
public | Public certification data (CDS-CSO-PUB) |
GET /status.json |
public | Current + historical availability (CDS-CSO-AVR) |
GET /api/reports |
bearer / session | Index of validation runs and certification-package documents |
GET /api/results/latest |
bearer / session | Latest KSI validation results (per-KSI/FRR statuses; evidence detail is tiered) |
GET /api/results/{run} |
bearer / session | Results for a specific run |
GET /api/certification-package |
bearer / session | Certification package document index |
GET /api/certification-package/{doc} |
bearer / session | A certification-package document (FedRAMP 20x JSON schema) |
Data tiers: federal agency and FedRAMP consumers receive full evidence detail including the Security Decision Record; customer-tier consumers receive summary-level results (CDS-CSO-RIS). Human-readable renderings of every machine-readable document are available under /reports (CDS-TRC-HMR).