> ## Documentation Index
> Fetch the complete documentation index at: https://kosli-reference-docs-v2-30-1.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# List controls

> **Beta** — the Controls feature is in beta. Requests from organizations without it enabled receive `403 Forbidden`.



## OpenAPI

````yaml https://app.kosli.com/api/v2/openapi.json get /controls/{org}
openapi: 3.1.0
info:
  title: Kosli API
  summary: The API for communicating with Kosli
  description: >

    # Authentication 


    When making requests against Kosli API, you can authenticate your requests
    using a bearer token. 

    Set the bearer token in the request Authorization header to a valid API
    key. 

    API Keys can be personal or for service accounts. Check the [service
    accounts
    documentation](https://docs.kosli.com/getting_started/service-accounts/) for
    details. 


    ## Curl example


    ```shell

    curl -H "Authorization: Bearer <<your-api-key>>"
    https://app.kosli.com/api/v2/environments/<<your-org-name>>

    ```
  version: '2.0'
servers:
  - url: https://app.kosli.com/api/v2
    description: EU
  - url: https://app.us.kosli.com/api/v2
    description: US
security:
  - HTTPBearer: []
paths:
  /controls/{org}:
    get:
      tags:
        - Controls
      summary: List controls
      description: >-
        **Beta** — the Controls feature is in beta. Requests from organizations
        without it enabled receive `403 Forbidden`.
      operationId: list_controls
      parameters:
        - name: org
          in: path
          required: true
          schema:
            type: string
            title: Org
        - name: page
          in: query
          required: false
          schema:
            type: integer
            minimum: 1
            description: Page number
            default: 1
            title: Page
          description: Page number
        - name: per_page
          in: query
          required: false
          schema:
            type: integer
            maximum: 100
            minimum: 1
            description: Number of controls per page
            default: 15
            title: Per Page
          description: Number of controls per page
        - name: sort_direction
          in: query
          required: false
          schema:
            $ref: '#/components/schemas/SortDirection'
            description: Sort direction
            default: asc
          description: Sort direction
        - name: search
          in: query
          required: false
          schema:
            anyOf:
              - type: string
              - type: 'null'
            description: >-
              Filter by name or identifier (case-insensitive substring match on
              either field)
            title: Search
          description: >-
            Filter by name or identifier (case-insensitive substring match on
            either field)
        - name: tag
          in: query
          required: false
          schema:
            anyOf:
              - items:
                  type: string
                type: array
              - type: 'null'
            description: >-
              Filter by tag key or key:value. Can be repeated, e.g.
              tag=framework or tag=framework:finos-sdlc
            title: Tag
          description: >-
            Filter by tag key or key:value. Can be repeated, e.g. tag=framework
            or tag=framework:finos-sdlc
        - name: archived
          in: query
          required: false
          schema:
            type: boolean
            description: Return archived controls when true
            default: false
            title: Archived
          description: Return archived controls when true
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ControlListResponse'
        '403':
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/fastapi_app__errors__ForbiddenResponse___locals___ForbiddenResponseModel__12
          description: Forbidden
      security:
        - HTTPBearer: []
        - HTTPBasic: []
components:
  schemas:
    SortDirection:
      type: string
      enum:
        - asc
        - desc
      title: SortDirection
    ControlListResponse:
      properties:
        _links:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Links
        page:
          type: integer
          title: Page
        per_page:
          type: integer
          title: Per Page
        total_pages:
          type: integer
          title: Total Pages
        total_count:
          type: integer
          title: Total Count
        controls:
          items:
            $ref: '#/components/schemas/ControlListItemResponse'
          type: array
          title: Controls
      additionalProperties: false
      type: object
      required:
        - page
        - per_page
        - total_pages
        - total_count
        - controls
      title: ControlListResponse
    fastapi_app__errors__ForbiddenResponse___locals___ForbiddenResponseModel__12:
      properties:
        message:
          type: string
          title: Message
          description: Error message
        errors:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Errors
          description: Validation errors by field
      type: object
      required:
        - message
      title: ForbiddenResponseModel
      examples:
        - message: You don't have permission to access this resource
    ControlListItemResponse:
      properties:
        identifier:
          type: string
          title: Identifier
        name:
          type: string
          title: Name
        description:
          anyOf:
            - type: string
            - type: 'null'
          title: Description
        links:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Links
        version:
          type: integer
          title: Version
        created_at:
          anyOf:
            - type: number
            - type: 'null'
          title: Created At
        created_by:
          type: string
          title: Created By
        tags:
          additionalProperties:
            type: string
          type: object
          title: Tags
      type: object
      required:
        - identifier
        - name
        - version
        - created_by
      title: ControlListItemResponse
  securitySchemes:
    HTTPBearer:
      type: http
      scheme: bearer

````