Risk Management

Retrieve enterprise security posture analytics, compliance data, and key performance indicators via the Admin REST API.

Description

The Risk Management endpoint provides programmatic access to security posture metrics, compliance benchmarks, and organizational KPIs captured by the Keeper Risk Management Dashboard.

The Risk Management Dashboard tracks key utilization metrics across your Keeper Enterprise environment, including user onboarding status, vault activity, two-factor authentication adoption, and adherence to Keeper Security Benchmarks. The Risk Management endpoint exposes this data through a RESTful interface, enabling CSPM (Cloud Security Posture Management) integration and programmatic security posture assessment.

Overview

The Admin REST API Risk Management endpoint delivers comprehensive security posture data from your Keeper Enterprise environment. This capability supports critical security, compliance, and operational use cases:

Security Posture Monitoring Retrieve real-time metrics on user deployment, vault utilization, and 2FA adoption. Track organizational security health across all users and identify gaps in credential protection coverage.

Compliance Automation Programmatically assess adherence to Keeper Security Benchmarks. Integrate benchmark compliance status into GRC (Governance, Risk, and Compliance) platforms for automated compliance reporting against SOX, ISO 27001, HIPAA, PCI-DSS, and internal security policies.

Executive Dashboards Feed security posture analytics and KPIs into business intelligence platforms for executive visibility. Track deployment progress, user adoption trends, and security benchmark remediation over time.

CSPM Integration Incorporate Keeper security posture data into your Cloud Security Posture Management stack. Automate detection of misconfigurations and track remediation progress across your credential management environment.

Native connectors for Security Posture Management tools like Wiz, Tenable, and Savyint are coming soon. For now, administrators can use middleware, such as AWS Cloudtrails and Cloudwatch to broker data from Keeper to Wiz. See AWS Docs.

Prerequisites

Active Keeper Enterprise subscription
Advanced Reporting and Alerts Module (ARAM) add-on enabled
Administrative privileges with reporting permissions
Valid API authentication credentials

Key Metrics Available

The endpoint provides access to the following security posture data:

Metric Category

Description

User Deployment

Total users, active users, invited users, invitation acceptance rates

Vault Utilization

Users who have created records, record creation activity

Users logged in within 30 days, last login timestamps

2FA Adoption

Users with 2FA-protected vaults (non-SSO environments)

License Utilization

Active licenses, available licenses, utilization percentage

Security Benchmarks

Critical items to resolve, completed benchmarks, ignored benchmarks

Security Alerts

High-priority alert counts, occurrence trends, 30-day comparisons

Configuration

Enterprise Stat

Endpoint

GET /api/rest/rmd/get_enterprise_stat

Purpose Retrieve Risk Management recent login count.

Authentication Send your API token in the x-api-token header: x-api-token: Bearer <API_TOKEN>

Headers

Header

Example

x-api-token

Bearer <API_TOKEN>

Query parameters

Request

curl 'https://local.keepersecurity.com/api/rest/rmd/get_enterprise_stat' \
  --header 'x-api-token: Bearer <API_TOKEN>'

Example success response (200)

{
  "users_has_records": 0,
  "users_logged_recent": 1
}

Error codes

Code

Message

Cause

401

Unauthorized

Invalid or missing API token

500

Internal Server Error

Unexpected server error

Security Notes

Treat API tokens like passwords; rotate them on a schedule.
Restrict permissions to the minimum required roles and actions.
Prefer short expirations; use never only for special automation cases.
Store tokens in a secure location (e.g., Keeper Vault).

Enterprise Stat Details

Endpoint

GET /api/rest/rmd/get_enterprise_stat_details

Purpose Retrieve the recent login count (users who logged in the last 30 days) and the number of users who have at least one record in their Vault

Authentication Send your API token in the x-api-token header: x-api-token: Bearer <API_TOKEN>

Headers

Header

Example

x-api-token

Bearer <API_TOKEN>

Query parameters

Request

curl 'https://local.keepersecurity.com/api/rest/rmd/get_enterprise_stat_details' \
  --header 'x-api-token: Bearer <API_TOKEN>'

Example success response (200)

{
  "enterprise_stat_details": [
    {
      "last_logged_in": "2025-11-21 22:11:15",
      "has_records": false,
      "enterprise_user_id": "[email protected]"
    }
  ]
}

Error codes

Code

Message

Cause

401

Unauthorized

Invalid or missing API token

500

Internal Server Error

Unexpected server error

Security Notes

Treat API tokens like passwords; rotate them on a schedule.
Restrict permissions to the minimum required roles and actions.
Prefer short expirations; use never only for special automation cases.
Store tokens in a secure location (e.g., Keeper Vault).

Security Alerts Summary

Endpoint

GET /api/rest/rmd/get_security_alerts_summary

Purpose Retrieve summary of events that happened in the last 30 days

Authentication Send your API token in the x-api-token header: x-api-token: Bearer <API_TOKEN>

Headers

Header

Example

x-api-token

Bearer <API_TOKEN>

Query parameters

Request

curl 'https://local.keepersecurity.com/api/rest/rmd/get_enterprise_stat_details' \
  --header 'x-api-token: Bearer <API_TOKEN>'

Example success response (200)

{
  "security_alerts_summary": [
    {
      "event_occurrences": 1,
      "unique_users": 1,
      "last_users": 0,
      "event": "account_recovery_decline",
      "last_events": 0
    }
  ]
}

Error codes

Code

Message

Cause

401

Unauthorized

Invalid or missing API token

500

Internal Server Error

Unexpected server error

Security Notes

Treat API tokens like passwords; rotate them on a schedule.
Restrict permissions to the minimum required roles and actions.
Prefer short expirations; use never only for special automation cases.
Store tokens in a secure location (e.g., Keeper Vault).

Security Alerts Detail

Endpoint

GET /api/rest/rmd/get_security_alerts_detail

Purpose Retrieve details of event that happened in the last 30 days with a comparison to the previous 30 days aet is audit event type (id) example: account_recovery_decline

Authentication Send your API token in the x-api-token header: x-api-token: Bearer <API_TOKEN>

Query parameters

Name

Type

Required

Description

audit_event_type

ISO 8601

Yes

Audit event type from stats

Headers

Header

Example

x-api-token

Bearer <API_TOKEN>

Query parameters

Request

curl 'https://local.keepersecurity.com/api/rest/rmd/audit_event_type=account_recovery_decline' \
  --header 'x-api-token: Bearer <API_TOKEN>'

Example success response (200)

{
  "security_alerts_summary": [
    {
      "event_occurrences": 1,
      "unique_users": 1,
      "last_users": 0,
      "event": "account_recovery_decline",
      "last_events": 0
    }
  ]
}

Error codes

Code

Message

Cause

400

Can't find required query param: audit_event_type value

audit_event_type is missing or not matches internal mapping

401

Unauthorized

Invalid or missing API token

500

Internal Server Error

Unexpected server error

Security Notes

Treat API tokens like passwords; rotate them on a schedule.
Restrict permissions to the minimum required roles and actions.
Prefer short expirations; use never only for special automation cases.
Store tokens in a secure location (e.g., Keeper Vault).

Get security benchmarks

Endpoint

GET /api/rest/rmd/get_security_benchmarks

Purpose Get the list of security benchmark set for the calling enterprise

Authentication Send your API token in the x-api-token header: x-api-token: Bearer <API_TOKEN>

Headers

Header

Example

x-api-token

Bearer <API_TOKEN>

Query parameters

Request

curl 'https://local.keepersecurity.com/api/rest/rmd/get_security_benchmarks' \
  --header 'x-api-token: Bearer <API_TOKEN>'

Example success response (200)

{
  "security_benchmarks": [
    {
      "id": "SB_DEPLOY_ACROSS_ENTIRE_ORGANIZATION",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "last_updated": "2025-12-11 23:37:29",
      "id": "SB_PREVENT_INSTALLATION_OF_UNTRUSTED_EXTENSIONS",
      "auto_resolve": false,
      "status": "RESOLVED"
    },
    {
      "id": "SB_ENABLE_ACCOUNT_TRANSFER_POLICY",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_REDUCE_ADMINISTRATOR_PRIVILEGE",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_ENSURE_OUTSIDE_SSO_ADMINISTRATOR_EXISTS",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_LOCK_DOWN_SSO_PROVIDER",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_CREATE_AT_LEAST_TWO_KEEPER_ADMINISTRATORS",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_ENSURE_TWO_FACTOR_AUTHENTICATION_ADMIN_USERS",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_ENFORCE_STRONG_MASTER_PASSWORD",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_ENSURE_TWO_FACTOR_AUTHENTICATION_FOR_END_USERS",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_CONFIGURE_IP_ALLOWLISTING",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_CREATE_ALERTS",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_DISABLE_BROWSER_PASSWORD_MANAGERS",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_DISABLE_ACCOUNT_RECOVERY",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    },
    {
      "id": "SB_ENFORCE_LEAST_PRIVILEGE_POLICY",
      "auto_resolve": false,
      "status": "UNRESOLVED"
    }
  ]
}

Error codes

Code

Message

Cause

401

Unauthorized

Invalid or missing API token

500

Internal Server Error

Unexpected server error

Security Notes

Treat API tokens like passwords; rotate them on a schedule.
Restrict permissions to the minimum required roles and actions.
Prefer short expirations; use never only for special automation cases.
Store tokens in a secure location (e.g., Keeper Vault).

Set security benchmarks

Endpoint

POST /api/rest/rmd/set_security_benchmarks

Purpose Set a list of security benchmark. Corresponding audit events will be logged.

Authentication Send your API token in the x-api-token header: x-api-token: Bearer <API_TOKEN>

Headers

Header

Example

x-api-token

Bearer <API_TOKEN>

Query parameters

Request

curl -X POST -H 'x-api-token: Bearer <API_TOKEN>' -H 'Content-Type: application/json' \
 'https://local.keepersecurity.com/api/rest/rmd/set_security_benchmarks' \
 -d '[{"benchmark": "SB_PREVENT_INSTALLATION_OF_UNTRUSTED_EXTENSIONS", "status": "RESOLVED"}]'

Example success response (200)

{
  "security_benchmarks": [
    {
      "id": "SB_PREVENT_INSTALLATION_OF_UNTRUSTED_EXTENSIONS",
      "auto_resolve": false,
      "status": "RESOLVED"
    }
  ]
}

Error codes

Code

Message

Cause

401

Unauthorized

Invalid or missing API token

500

Internal Server Error

Unexpected server error

PreviousARAM Events NextMSP Billing

Last updated 2 days ago

Was this helpful?

hashtagDescription

hashtagOverview

hashtagNative connectors for Security Posture Management tools like Wiz, Tenable, and Savyint are coming soon. For now, administrators can use middleware, such as AWS Cloudtrails and Cloudwatch to broker data from Keeper to Wiz. See AWS Docsarrow-up-right.

hashtagPrerequisites

hashtagKey Metrics Available

hashtagConfiguration

hashtagEnterprise Stat

hashtagHeaders

hashtagQuery parameters

hashtagExample success response (200)

hashtagError codes

hashtagSecurity Notes

hashtagEnterprise Stat Details

hashtagHeaders

hashtagQuery parameters

hashtagExample success response (200)

hashtagError codes

hashtagSecurity Notes

hashtagSecurity Alerts Summary

hashtagHeaders

hashtagQuery parameters

hashtagExample success response (200)

hashtagError codes

hashtagSecurity Notes

hashtagSecurity Alerts Detail

hashtagQuery parameters

hashtagHeaders

hashtagQuery parameters

hashtagExample success response (200)

hashtagError codes

hashtagSecurity Notes

hashtagGet security benchmarks

hashtagHeaders

hashtagQuery parameters

hashtagExample success response (200)

hashtagError codes

hashtagSecurity Notes

hashtagSet security benchmarks

hashtagHeaders

hashtagQuery parameters

hashtagExample success response (200)

hashtagError codes

hashtag

Description

Overview

Native connectors for Security Posture Management tools like Wiz, Tenable, and Savyint are coming soon. For now, administrators can use middleware, such as AWS Cloudtrails and Cloudwatch to broker data from Keeper to Wiz. See AWS Docs.

Prerequisites

Key Metrics Available

Configuration

Enterprise Stat

Headers

Query parameters

Example success response (200)

Error codes

Security Notes

Enterprise Stat Details

Headers

Query parameters

Example success response (200)

Error codes

Security Notes

Security Alerts Summary

Headers

Query parameters

Example success response (200)

Error codes

Security Notes

Security Alerts Detail

Query parameters

Headers

Query parameters

Example success response (200)

Error codes

Security Notes

Get security benchmarks

Headers

Query parameters

Example success response (200)

Error codes

Security Notes

Set security benchmarks

Headers

Query parameters

Example success response (200)

Error codes