> ## Documentation Index
> Fetch the complete documentation index at: https://kosli-reference-docs-v2-30-1.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a control

> **Beta** — the Controls feature is in beta. Requests from organizations without it enabled receive `403 Forbidden`.



## OpenAPI

````yaml https://app.kosli.com/api/v2/openapi.json post /controls/{org}
openapi: 3.1.0
info:
  title: Kosli API
  summary: The API for communicating with Kosli
  description: >

    # Authentication 


    When making requests against Kosli API, you can authenticate your requests
    using a bearer token. 

    Set the bearer token in the request Authorization header to a valid API
    key. 

    API Keys can be personal or for service accounts. Check the [service
    accounts
    documentation](https://docs.kosli.com/getting_started/service-accounts/) for
    details. 


    ## Curl example


    ```shell

    curl -H "Authorization: Bearer <<your-api-key>>"
    https://app.kosli.com/api/v2/environments/<<your-org-name>>

    ```
  version: '2.0'
servers:
  - url: https://app.kosli.com/api/v2
    description: EU
  - url: https://app.us.kosli.com/api/v2
    description: US
security:
  - HTTPBearer: []
paths:
  /controls/{org}:
    post:
      tags:
        - Controls
      summary: Create a control
      description: >-
        **Beta** — the Controls feature is in beta. Requests from organizations
        without it enabled receive `403 Forbidden`.
      operationId: post_control
      parameters:
        - name: org
          in: path
          required: true
          schema:
            type: string
            title: Org
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ControlPostInput'
      responses:
        '201':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ControlResponse'
        '400':
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/fastapi_app__errors__BadRequestResponse___locals___BadRequestResponseModel__5
          description: Bad Request
        '403':
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/fastapi_app__errors__ForbiddenResponse___locals___ForbiddenResponseModel__14
          description: Forbidden
        '409':
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/fastapi_app__errors__ConflictResponse___locals___ConflictResponseModel__1
          description: Conflict
      security:
        - HTTPBearer: []
        - HTTPBasic: []
components:
  schemas:
    ControlPostInput:
      properties:
        identifier:
          type: string
          maxLength: 256
          title: Identifier
        name:
          type: string
          title: Name
        description:
          anyOf:
            - type: string
            - type: 'null'
          title: Description
        links:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Links
      additionalProperties: false
      type: object
      required:
        - identifier
        - name
      title: ControlPostInput
    ControlResponse:
      properties:
        identifier:
          type: string
          title: Identifier
        name:
          type: string
          title: Name
        description:
          anyOf:
            - type: string
            - type: 'null'
          title: Description
        links:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Links
        version:
          type: integer
          title: Version
        created_at:
          anyOf:
            - type: number
            - type: 'null'
          title: Created At
        created_by:
          type: string
          title: Created By
        tags:
          additionalProperties:
            type: string
          type: object
          title: Tags
        archived:
          type: boolean
          title: Archived
          default: false
        policies_referencing:
          anyOf:
            - items:
                type: string
              type: array
            - type: 'null'
          title: Policies Referencing
      type: object
      required:
        - identifier
        - name
        - version
        - created_by
      title: ControlResponse
    fastapi_app__errors__BadRequestResponse___locals___BadRequestResponseModel__5:
      properties:
        message:
          type: string
          title: Message
          description: Error message
        errors:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Errors
          description: Validation errors by field
      type: object
      required:
        - message
      title: BadRequestResponseModel
      examples:
        - message: Input payload validation failed
    fastapi_app__errors__ForbiddenResponse___locals___ForbiddenResponseModel__14:
      properties:
        message:
          type: string
          title: Message
          description: Error message
        errors:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Errors
          description: Validation errors by field
      type: object
      required:
        - message
      title: ForbiddenResponseModel
      examples:
        - message: You don't have permission to access this resource
    fastapi_app__errors__ConflictResponse___locals___ConflictResponseModel__1:
      properties:
        message:
          type: string
          title: Message
          description: Error message
        errors:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Errors
          description: Validation errors by field
      type: object
      required:
        - message
      title: ConflictResponseModel
      description: A control with this identifier already exists
      examples:
        - message: A control with this identifier already exists
  securitySchemes:
    HTTPBearer:
      type: http
      scheme: bearer

````