---
title: List governance controls
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Governance Controls
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# List governance controls{% #list-governance-controls %}
Copy pageCopied
{% tab title="v2" %}
**Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
| Datadog site      | API endpoint                                                |
| ----------------- | ----------------------------------------------------------- |
| ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/governance/control |
| ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/governance/control |
| app.datadoghq.eu  | GET https://api.datadoghq.eu/api/v2/governance/control      |
| app.ddog-gov.com  | GET https://api.ddog-gov.com/api/v2/governance/control      |
| us2.ddog-gov.com  | GET https://api.us2.ddog-gov.com/api/v2/governance/control  |
| uk1.datadoghq.com | GET https://api.uk1.datadoghq.com/api/v2/governance/control |
| app.datadoghq.com | GET https://api.datadoghq.com/api/v2/governance/control     |
| us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/governance/control |
| us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/governance/control |

### Overview

Retrieve the list of governance controls configured for the organization. Each control pairs a detection definition with the organization's current detection, notification, and mitigation configuration, along with counts of active and mitigated detections.

### Response

{% tab title="200" %}
OK
{% tab title="Model" %}
A list of governance controls.

| Parent field                      | Field                                               | Type      | Description                                                                                   |
| --------------------------------- | --------------------------------------------------- | --------- | --------------------------------------------------------------------------------------------- |
|                                   | data [*required*]                              | [object]  | An array of governance control resources.                                                     |
| data                              | attributes [*required*]                        | object    | The attributes of a governance control.                                                       |
| attributes                        | active_detections_count [*required*]           | int64     | The number of active detections for the control.                                              |
| attributes                        | category [*required*]                          | string    | The value driver the control is grouped under, such as `security` or `cost`.                  |
| attributes                        | created_at [*required*]                        | date-time | The time the control configuration was created.                                               |
| attributes                        | created_by [*required*]                        | string    | The UUID of the user who created the control configuration.                                   |
| attributes                        | description [*required*]                       | string    | A human-readable description of what the control detects.                                     |
| attributes                        | detection_frequency [*required*]               | string    | How often detections are evaluated for the control.                                           |
| attributes                        | detection_parameters [*required*]              | object    | A free-form map of parameter names to their configured values.                                |
| attributes                        | detection_type [*required*]                    | string    | The detection type that uniquely identifies the control.                                      |
| attributes                        | feature_flags [*required*]                     | [string]  | The feature flags that gate the control.                                                      |
| attributes                        | insights [*required*]                          | [string]  | The insight slugs associated with the control.                                                |
| attributes                        | last_detection_at [*required*]                 | date-time | The time of the most recent detection for the control. `null` when there are no detections.   |
| attributes                        | mitigated_detections_count [*required*]        | int64     | The number of mitigated detections for the control.                                           |
| attributes                        | mitigation_parameters [*required*]             | object    | A free-form map of parameter names to their configured values.                                |
| attributes                        | mitigation_type [*required*]                   | string    | The configured mitigation type for the control. Empty when not configured.                    |
| attributes                        | mitigations [*required*]                       | [object]  | The mitigations available for a control.                                                      |
| mitigations                       | action_verb [*required*]                       | string    | The verb describing the mitigation action, such as `revoke` or `delete`.                      |
| mitigations                       | description [*required*]                       | string    | A human-readable description of the mitigation.                                               |
| mitigations                       | execution_modes                                     | [string]  | The execution modes the mitigation supports, such as `manual` or `automatic`.                 |
| mitigations                       | feature_flags [*required*]                     | [string]  | The feature flags that gate the mitigation.                                                   |
| mitigations                       | id [*required*]                                | string    | The unique identifier of the mitigation.                                                      |
| mitigations                       | manual_mitigation_warning [*required*]         | string    | A warning shown to the user before applying the mitigation manually.                          |
| mitigations                       | permissions [*required*]                       | [string]  | The permissions required to apply the mitigation.                                             |
| mitigations                       | requires_ai [*required*]                       | boolean   | Whether the mitigation requires AI to be enabled.                                             |
| mitigations                       | supported_parameters [*required*]              | [object]  | An array of parameter definitions.                                                            |
| supported_parameters              | default_value [*required*]                     |           | The default value of the parameter. The JSON type depends on the parameter's `type`.          |
| supported_parameters              | description [*required*]                       | string    | A human-readable description of the parameter.                                                |
| supported_parameters              | display_name [*required*]                      | string    | The human-readable name of the parameter.                                                     |
| supported_parameters              | hidden [*required*]                            | boolean   | Whether the parameter is hidden from the UI.                                                  |
| supported_parameters              | name [*required*]                              | string    | The machine-readable name of the parameter.                                                   |
| supported_parameters              | required [*required*]                          | boolean   | Whether the parameter must be provided.                                                       |
| supported_parameters              | supported_values [*required*]                  | [object]  | The supported values for an enumerated parameter.                                             |
| supported_values                  | label [*required*]                             | string    | The human-readable label for the value.                                                       |
| supported_values                  | value [*required*]                             | string    | The machine-readable value.                                                                   |
| supported_parameters              | type [*required*]                              | string    | The type of the parameter, such as `integer`, `string`, `boolean`, `enum`, or `pattern_list`. |
| mitigations                       | title [*required*]                             | string    | A short, human-readable name for the mitigation.                                              |
| attributes                        | name [*required*]                              | string    | Human-readable name of the control.                                                           |
| attributes                        | next_steps [*required*]                        | string    | Guidance on the next steps to remediate detections for the control.                           |
| attributes                        | notification_frequency [*required*]            | string    | The configured notification frequency for the control. Empty when not configured.             |
| attributes                        | notification_parameters [*required*]           | object    | A free-form map of parameter names to their configured values.                                |
| attributes                        | notification_type [*required*]                 | string    | The configured notification type for the control. Empty when not configured.                  |
| attributes                        | priority [*required*]                          | string    | The priority of the control, such as `High`.                                                  |
| attributes                        | product [*required*]                           | string    | The product the control belongs to.                                                           |
| attributes                        | release_status [*required*]                    | string    | The release status of the control, such as `prod` or `beta`.                                  |
| attributes                        | resource_type [*required*]                     | string    | The type of resource the control evaluates.                                                   |
| attributes                        | resource_type_display_name [*required*]        | string    | The human-readable name of the resource type.                                                 |
| attributes                        | supported_detection_parameters [*required*]    | [object]  | An array of parameter definitions.                                                            |
| supported_detection_parameters    | default_value [*required*]                     |           | The default value of the parameter. The JSON type depends on the parameter's `type`.          |
| supported_detection_parameters    | description [*required*]                       | string    | A human-readable description of the parameter.                                                |
| supported_detection_parameters    | display_name [*required*]                      | string    | The human-readable name of the parameter.                                                     |
| supported_detection_parameters    | hidden [*required*]                            | boolean   | Whether the parameter is hidden from the UI.                                                  |
| supported_detection_parameters    | name [*required*]                              | string    | The machine-readable name of the parameter.                                                   |
| supported_detection_parameters    | required [*required*]                          | boolean   | Whether the parameter must be provided.                                                       |
| supported_detection_parameters    | supported_values [*required*]                  | [object]  | The supported values for an enumerated parameter.                                             |
| supported_values                  | label [*required*]                             | string    | The human-readable label for the value.                                                       |
| supported_values                  | value [*required*]                             | string    | The machine-readable value.                                                                   |
| supported_detection_parameters    | type [*required*]                              | string    | The type of the parameter, such as `integer`, `string`, `boolean`, `enum`, or `pattern_list`. |
| attributes                        | supported_notification_parameters [*required*] | [object]  | An array of parameter definitions.                                                            |
| supported_notification_parameters | default_value [*required*]                     |           | The default value of the parameter. The JSON type depends on the parameter's `type`.          |
| supported_notification_parameters | description [*required*]                       | string    | A human-readable description of the parameter.                                                |
| supported_notification_parameters | display_name [*required*]                      | string    | The human-readable name of the parameter.                                                     |
| supported_notification_parameters | hidden [*required*]                            | boolean   | Whether the parameter is hidden from the UI.                                                  |
| supported_notification_parameters | name [*required*]                              | string    | The machine-readable name of the parameter.                                                   |
| supported_notification_parameters | required [*required*]                          | boolean   | Whether the parameter must be provided.                                                       |
| supported_notification_parameters | supported_values [*required*]                  | [object]  | The supported values for an enumerated parameter.                                             |
| supported_values                  | label [*required*]                             | string    | The human-readable label for the value.                                                       |
| supported_values                  | value [*required*]                             | string    | The machine-readable value.                                                                   |
| supported_notification_parameters | type [*required*]                              | string    | The type of the parameter, such as `integer`, `string`, `boolean`, `enum`, or `pattern_list`. |
| attributes                        | task [*required*]                              | string    | A short description of the remediation task for the control.                                  |
| attributes                        | type [*required*]                              | string    | The control type, such as `Proactive` or `Detection`.                                         |
| attributes                        | usage_concern [*required*]                     | string    | The usage concern the control addresses, such as `Security` or `Cost Optimization`.           |
| data                              | id [*required*]                                | string    | The unique identifier of the control.                                                         |
| data                              | type [*required*]                              | enum      | JSON:API resource type for a governance control. Allowed enum values: `governance_control`    |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": [
    {
      "attributes": {
        "active_detections_count": 12,
        "category": "security",
        "created_at": "2024-01-15T09:30:00Z",
        "created_by": "11111111-2222-3333-4444-555555555555",
        "description": "Identifies API keys that have not been used within your specified time threshold, helping reduce security risks from dormant credentials.",
        "detection_frequency": "daily",
        "detection_parameters": {},
        "detection_type": "unused_api_keys",
        "feature_flags": [
          []
        ],
        "insights": [
          []
        ],
        "last_detection_at": "2024-03-01T12:00:00Z",
        "mitigated_detections_count": 3,
        "mitigation_parameters": {},
        "mitigation_type": "revoke_api_key",
        "mitigations": [
          {
            "action_verb": "revoke",
            "description": "Automatically identifies and revokes inactive API keys to improve security and reduce potential attack surface.",
            "execution_modes": [
              "manual",
              "automatic"
            ],
            "feature_flags": [
              []
            ],
            "id": "revoke_api_key",
            "manual_mitigation_warning": "These API keys will be revoked immediately upon confirmation. To revoke future API keys, you must go through this flow again.",
            "permissions": [
              "api_keys_write",
              "api_keys_delete"
            ],
            "requires_ai": false,
            "supported_parameters": [
              {
                "default_value": 30,
                "description": "Number of days of inactivity before an API key is considered unused.",
                "display_name": "Unused API Key Threshold",
                "hidden": false,
                "name": "api_key_threshold",
                "required": false,
                "supported_values": [
                  {
                    "label": "30 days",
                    "value": "thirty"
                  }
                ],
                "type": "integer"
              }
            ],
            "title": "Revoke Unused API Keys"
          }
        ],
        "name": "Unused API Keys",
        "next_steps": "Review and revoke API keys that are no longer in use to maintain a secure authentication posture.",
        "notification_frequency": "",
        "notification_parameters": {},
        "notification_type": "",
        "priority": "High",
        "product": "api_keys",
        "release_status": "prod",
        "resource_type": "api_key",
        "resource_type_display_name": "API Key",
        "supported_detection_parameters": [
          {
            "default_value": 30,
            "description": "Number of days of inactivity before an API key is considered unused.",
            "display_name": "Unused API Key Threshold",
            "hidden": false,
            "name": "api_key_threshold",
            "required": false,
            "supported_values": [
              {
                "label": "30 days",
                "value": "thirty"
              }
            ],
            "type": "integer"
          }
        ],
        "supported_notification_parameters": [
          {
            "default_value": 30,
            "description": "Number of days of inactivity before an API key is considered unused.",
            "display_name": "Unused API Key Threshold",
            "hidden": false,
            "name": "api_key_threshold",
            "required": false,
            "supported_values": [
              {
                "label": "30 days",
                "value": "thirty"
              }
            ],
            "type": "integer"
          }
        ],
        "task": "Review and revoke unused API keys.",
        "type": "Proactive",
        "usage_concern": "Security"
      },
      "id": "0d4e6f8a-1b2c-3d4e-5f6a-7b8c9d0e1f2a",
      "type": "governance_control"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Parent field | Field                    | Type     | Description                                                                     |
| ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- |
|              | errors [*required*] | [object] | A list of errors.                                                               |
| errors       | detail                   | string   | A human-readable explanation specific to this occurrence of the error.          |
| errors       | meta                     | object   | Non-standard meta-information about the error                                   |
| errors       | source                   | object   | References to the source of the error.                                          |
| source       | header                   | string   | A string indicating the name of a single request header which caused the error. |
| source       | parameter                | string   | A string indicating which URI query parameter caused the error.                 |
| source       | pointer                  | string   | A JSON pointer to the value in the request document that caused the error.      |
| errors       | status                   | string   | Status code of the response.                                                    |
| errors       | title                    | string   | Short human-readable summary of the error.                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="401" %}
Unauthorized
{% tab title="Model" %}
API error response.

| Parent field | Field                    | Type     | Description                                                                     |
| ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- |
|              | errors [*required*] | [object] | A list of errors.                                                               |
| errors       | detail                   | string   | A human-readable explanation specific to this occurrence of the error.          |
| errors       | meta                     | object   | Non-standard meta-information about the error                                   |
| errors       | source                   | object   | References to the source of the error.                                          |
| source       | header                   | string   | A string indicating the name of a single request header which caused the error. |
| source       | parameter                | string   | A string indicating which URI query parameter caused the error.                 |
| source       | pointer                  | string   | A JSON pointer to the value in the request document that caused the error.      |
| errors       | status                   | string   | Status code of the response.                                                    |
| errors       | title                    | string   | Short human-readable summary of the error.                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="403" %}
Forbidden
{% tab title="Model" %}
API error response.

| Parent field | Field                    | Type     | Description                                                                     |
| ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- |
|              | errors [*required*] | [object] | A list of errors.                                                               |
| errors       | detail                   | string   | A human-readable explanation specific to this occurrence of the error.          |
| errors       | meta                     | object   | Non-standard meta-information about the error                                   |
| errors       | source                   | object   | References to the source of the error.                                          |
| source       | header                   | string   | A string indicating the name of a single request header which caused the error. |
| source       | parameter                | string   | A string indicating which URI query parameter caused the error.                 |
| source       | pointer                  | string   | A JSON pointer to the value in the request document that caused the error.      |
| errors       | status                   | string   | Status code of the response.                                                    |
| errors       | title                    | string   | Short human-readable summary of the error.                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/governance/control" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" 
                
##### 

```python
"""
List governance controls returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.governance_controls_api import GovernanceControlsApi

configuration = Configuration()
configuration.unstable_operations["list_governance_controls"] = True
with ApiClient(configuration) as api_client:
    api_instance = GovernanceControlsApi(api_client)
    response = api_instance.list_governance_controls()

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
##### 

```ruby
# List governance controls returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.list_governance_controls".to_sym] = true
end
api_instance = DatadogAPIClient::V2::GovernanceControlsAPI.new
p api_instance.list_governance_controls()
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
##### 

```go
// List governance controls returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.ListGovernanceControls", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewGovernanceControlsApi(apiClient)
	resp, r, err := api.ListGovernanceControls(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `GovernanceControlsApi.ListGovernanceControls`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `GovernanceControlsApi.ListGovernanceControls`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
##### 

```java
// List governance controls returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.GovernanceControlsApi;
import com.datadog.api.client.v2.model.GovernanceControlsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.listGovernanceControls", true);
    GovernanceControlsApi apiInstance = new GovernanceControlsApi(defaultClient);

    try {
      GovernanceControlsResponse result = apiInstance.listGovernanceControls();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling GovernanceControlsApi#listGovernanceControls");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
##### 

```rust
// List governance controls returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_governance_controls::GovernanceControlsAPI;

#[tokio::main]
async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.ListGovernanceControls", true);
    let api = GovernanceControlsAPI::with_config(configuration);
    let resp = api.list_governance_controls().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
##### 

```typescript
/**
 * List governance controls returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.listGovernanceControls"] = true;
const apiInstance = new v2.GovernanceControlsApi(configuration);

apiInstance
  .listGovernanceControls()
  .then((data: v2.GovernanceControlsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
{% /tab %}
