VirtualDojo Trust Center

Certification Data API

Documented programmatic access to FedRAMP Certification Data (CDS-TRC-PAC). Machine-readable spec: OpenAPI 3 (JSON).

Getting access

Public data needs no credentials: GET /public_info.json and GET /status.json.

Interactive users: provision yourself at /request-access (federal .gov/.mil; automatic; customers; reviewed under NDA), then sign in at /auth/login. Your session authorizes the same API endpoints.

Machine clients (agency systems, automation): request Feed.Reader client credentials from security@virtualdojo.com (issued under the access agreement). Then obtain a token via the OAuth 2.0 client-credentials flow against the VirtualDojo Entra tenant and call the API with Authorization: Bearer <token>. Every access is logged (CDS-TRC-ACL).

Endpoints

EndpointAuthDescription
GET /public_info.json public Public certification data (CDS-CSO-PUB)
GET /status.json public Current + historical availability (CDS-CSO-AVR)
GET /api/reports bearer / session Index of validation runs and certification-package documents
GET /api/results/latest bearer / session Latest KSI validation results (per-KSI/FRR statuses; evidence detail is tiered)
GET /api/results/{run} bearer / session Results for a specific run
GET /api/certification-package bearer / session Certification package document index
GET /api/certification-package/{doc} bearer / session A certification-package document (FedRAMP 20x JSON schema)

Data tiers: federal agency and FedRAMP consumers receive full evidence detail including the Security Decision Record; customer-tier consumers receive summary-level results (CDS-CSO-RIS). Human-readable renderings of every machine-readable document are available under /reports (CDS-TRC-HMR).