Supergood | LogicManager API

Programmatically access LogicManager risk registers, control libraries, assessments, vendor due diligence, audits, and issue remediation with a stable REST API. Supergood builds and operates production-grade, unofficial LogicManager integrations so your team can automate GRC and audit workflows without heavy custom engineering.

Plain English: LogicManager is governance, risk, and compliance (GRC) software that helps organizations identify and assess risks, map and test controls, manage policies and vendor risk, run audits, and track issues and remediation through configurable workflows. An unofficial API lets you pull risks, controls, assessments, questionnaires, vendors, audits, test results, issues, remediation tasks, and documents—and push new records or updates back into LogicManager.

For a tech company integrating with LogicManager, this means you can ingest real-time risk and control data to power dashboards, sync vendor assessments and findings to your platform, automate audit and control testing from external tools, or enrich your product with issues, remediation tasks, and evidence. You can also trigger attestation workflows, create findings from external scans, attach documents and artifacts, and keep adjacent systems (e.g., SIEM, ITSM like ServiceNow, ticketing like Jira, analytics) in lockstep.

What is LogicManager?

LogicManager (https://www.logicmanager.com/) is a cloud GRC platform that centralizes enterprise risk management, compliance, policy, audit, third-party risk, and incident workflows with a risk-based taxonomy and automated workflows. Teams use LogicManager to maintain a risk and control library, perform risk assessments and tests, manage vendor questionnaires and due diligence, run audits and capture evidence, track issues and remediation plans, manage policies and attestations, and deliver board-ready reports and heatmaps.

Core product areas include:

• Enterprise Risk Management (Risk Register, Risk Taxonomy, Scoring, KRIs)
• Control & Compliance (Control Library, Control Tests, Regulatory Mappings)
• Audit Management (Audit Plans, Workpapers, Findings, Evidence)
• Third-Party Risk (Vendors, Due Diligence, Questionnaires, Risk Tiers)
• Policy & Attestation (Policy Lifecycle, Reviews, Acknowledgments)
• Issues & Remediation (Issues/Findings, CAPAs, Tasks, Workflows)
• Reporting & Analytics (Dashboards, Heatmaps, Benchmarking)

Common data entities:

• Users, Roles/Permissions (GRC Admins, Risk Owners, Control Owners, Auditors)
• Risks (metadata, categories, owners, inherent/residual scores, KRIs)
• Controls (description, test frequency, mappings, effectiveness)
• Assessments & Questionnaires (templates, assignments, responses, status)
• Vendors/Third Parties (risk tier, contacts, assessments, issues)
• Audits (scope, workpapers, tests, findings)
• Issues/Findings (severity, root cause, related risks/controls, status)
• Remediation Plans & Tasks (actions, owners, due dates, progress)
• Policies & Attestations (versions, approvals, acknowledgments)
• Documents/Evidence (attachments, versions, checksums)

The LogicManager Integration Challenge

GRC and audit processes are nuanced, and turning portal-driven workflows into robust APIs is non-trivial:

• Risk taxonomy complexity: Risks, controls, processes, and regulations are interlinked and role-aware
• Scoring and methodology: Likelihood/impact matrices, residual calculations, and KRIs require careful modeling
• Workflow-heavy features: Assessments, approvals, and attestations are optimized for UI flows
• Authentication and SSO: SSO/MFA and rotating cookies complicate headless automation
• Evidence handling: File uploads/downloads, checksums, and retention policies must be respected
• Data spread: Key context spans risk, control, audit, and vendor modules with cross-references

How Supergood Creates LogicManager APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your LogicManager tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements and role-based permissions to ensure compliant access

Use Cases

Risk & Control Data Sync

• Mirror risk and control libraries into your analytics or data warehouse
• Keep risk scoring, owners, and KRIs current for dashboards and heatmaps
• Normalize control mappings to regulations and frameworks for reporting

Vendor Risk & Assessment Automation

• Launch vendor questionnaires from your product and track completion
• Ingest responses, flag risks, and create issues automatically
• Sync vendor tiers and due dates, and push reminders programmatically

Audit, Issues & Remediation

• Create findings from external scans or test tools and attach evidence
• Assign remediation tasks, track SLAs, and close the loop from your app
• Export audit results and workpapers to BI or compliance reporting

Policy Attestations & Evidence

• Trigger policy acknowledgments and harvest attestations at scale
• Store artifacts with checksums and expiry metadata for audits
• Maintain unified audit trails across systems (e.g., Jira, ServiceNow)

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_grc_729c10",
    "name": "GRC Administrator",
    "entitlements": ["risks", "controls", "assessments", "vendors", "audits", "issues"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Risks

GET /risks: List risks with filters and summary details.

Query parameters

• programId: string
• categoryId: string
• ownerId: string
• status: identified | assessed | monitored | closed
• inherentScoreMin, inherentScoreMax: integers
• residualScoreMin, residualScoreMax: integers
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "riskId": "risk_72a1c9",
      "title": "Phishing Attacks",
      "description": "Risk of credential theft through phishing campaigns.",
      "category": {"id": "cat_cyber", "name": "Cybersecurity"},
      "owner": {"id": "u_593a", "name": "GRC Analyst"},
      "status": "monitored",
      "inherentScore": {"likelihood": 4, "impact": 5, "score": 20, "method": "matrix_5x5"},
      "residualScore": {"likelihood": 2, "impact": 3, "score": 6},
      "kri": [{"name": "Phishing Click Rate", "value": 3.2, "unit": "%"}],
      "relatedControls": [
        {"id": "ctl_mfa01", "name": "MFA Enforcement"},
        {"id": "ctl_secaw", "name": "Security Awareness Training"}
      ],
      "lastAssessmentAt": "2026-01-20T13:45:00Z",
      "updatedAt": "2026-01-25T09:12:00Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 125
}

Assessments

POST /assessments: Launch a risk, control, or vendor questionnaire based on a template.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/assessments \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "templateId": "asm_tpl_vendor_2025",
    "subject": {"type": "vendor", "id": "ven_aws_001"},
    "title": "2026 Annual Cloud Provider Risk Assessment",
    "dueDate": "2026-02-15",
    "recipients": [
      {"userId": "u_ven_123", "email": "[email protected]"}
    ],
    "delivery": {"method": "email", "message": "Please complete within 15 days."},
    "notify": {"reminders": true, "cadenceDays": 7},
    "referenceId": "vrm-2026-001"
  }'

Example response

{
  "assessmentId": "asm_9f3182 Gill",
  "status": "sent",
  "dueDate": "2026-02-15",
  "link": "https://tenant.logicmanager.example/portal/assessments/asm_9f3182",
  "createdAt": "2026-01-22T14:03:11Z"
}

Issues & Findings

POST /issues: Create an issue/finding with severity, relationships, and an optional remediation plan.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/issues \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "title": "MFA not enforced on admin accounts",
    "type": "control_failure",
    "severity": "high",
    "description": "Admin group lacks enforced MFA policy on VPN.",
    "source": "external_scan",
    "detectedOn": "2026-01-21",
    "relatedControlId": "ctl_mfa01",
    "relatedRiskId": "risk_72a1c9",
    "ownerId": "u_ops_101",
    "remediationPlan": {
      "description": "Enable MFA and enforce via policy.",
      "dueDate": "2026-02-05",
      "tasks": [
        {"title": "Update VPN policy", "assigneeId": "u_net_301", "dueDate": "2026-01-28"},
        {"title": "Roll out MFA to admins", "assigneeId": "u_sec_221", "dueDate": "2026-02-02"}
      ]
    },
    "attachments": [
      {"fileName": "scan_results.pdf", "uploadToken": "upl_7fa223"}
    ],
    "referenceId": "jira-SEC-1142"
  }'

Example response

{
  "issueId": "iss_51af80",
  "status": "open",
  "severity": "high",
  "remediationTaskIds": ["tsk_rm_9811", "tsk_rm_9812"],
  "createdAt": "2026-01-21T11:20:44Z"
}

Remediation Tasks

PATCH /remediation-tasks/{taskId}: Update task status, due dates, assignees, and progress with audit-friendly comments.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/remediation-tasks/tsk_rm_9811 \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "status": "in_progress",
    "dueDate": "2026-01-30",
    "assigneeId": "u_net_301",
    "percentComplete": 60,
    "addComment": {
      "message": "Policy updated; pending CAB approval.",
      "visibility": "internal"
    }
  }'

Example response

{
  "taskId": "tsk_rm_9811",
  "status": "in_progress",
  "percentComplete": 60,
  "assignee": {"id": "u_net_301", "name": "Network Engineer"},
  "dueDate": "2026-01-30",
  "updatedAt": "2026-01-22T08:15:12Z"
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of risks, controls, assessments, vendors, audits, and issues
• Security: Encrypted transport, scoped tokens, and audit logging; respects LogicManager role-based permissions
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., assessment submissions, approval changes)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume risk/control data sync and assessment/issue processing
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened LogicManager adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as LogicManager evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which LogicManager modules can this integration cover?

Supergood supports workflows across commonly used modules such as Enterprise Risk (Risk Register, KRIs), Control & Compliance (Control Library, Tests), Third-Party Risk (Vendors, Due Diligence), Audit Management (Audits, Workpapers, Findings), Policy & Attestations, and Issues/Remediation—subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you ingest external scan or tool findings to create issues in LogicManager?

Yes. We can normalize findings from scanners or monitoring tools and create issues with severity, related risks/controls, and evidence attachments. Updates can be synchronized two-way with systems like Jira or ServiceNow.

Q: Do you support vendor questionnaires and evidence capture?

Yes. We can launch assessments from templates, manage assignees and reminders, retrieve responses, and upload/download supporting evidence via signed uploads with checksum validation and time-limited URLs.

Related Integrations

ServiceNow GRC API - Connect ITSM and GRC workflows with Supergood

Ready to automate your LogicManager workflows?

Supergood can have your LogicManager integration live in days with no ongoing engineering maintenance.

Get Started →