Devici Threat Model
This feature can only be used when Decision Engine is enabled and the "Import from Devici" feature has been enabled.
Get the current Devici Threat Model for a project
This endpoint retrieves the current threat model for a specific Project resource, as specified by the id parameter. If no threat model exists, the server will respond with 404 Not Found
GET /api/v2/projects/{project_id}/devici/threat-models/current/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the project to retrieve |
GET /api/v2/projects/3/devici/threat-models/current/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": 8,
"import_status": "success",
"last_updated": "2026-06-02T16:23:19.785002-04:00",
"last_updated_by": "example@sdelements.com"
}
Expand Parameters
See the Expand Parameters section for more details.
| Parameter | Description |
|---|---|
| last_updated_by | Expands the user information |
GET /api/v2/projects/3/devici/threat-models/current/?expand=last_updated_by HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": 4,
"import_status": "pending",
"last_updated": "2026-06-08T15:57:57.714563-04:00",
"last_updated_by": {
"id": 1,
"email": "example@sdelements.com",
"first_name": "Example",
"last_name": "User"
}
}
Include Parameters
See the Include Parameters section for more details.
| Parameter | Description |
|---|---|
| attributes | Includes a list of attributes, along with which elements they map to, and which SD Elements attributes they were mapped to |
| components | Includes a list of components |
| dataflows | Includes a list of dataflows |
| external_project | Includes metadata from the Devici Threat Model |
| mapped_attributes | Includes a list of attributes (same as ?include=attributes), along with which SD Elements attributes they were mapped to |
| representations | Includes a list of Devici canvases |
| trust_zones | Includes a list of trust zones |
GET /api/v2/projects/3/devici/threat-models/current/?include=components,dataflows,external_project,mapped_attributes,representations,trust_zones HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"components": [
{
"attributes": [
"45a967fa-1fe9-4bb6-b71c-71567c1bdaba"
],
"representations": [
"5f7504f5-8ce2-4255-841a-506a397f7b4d"
],
"id": "f658ba58-264c-46f4-9dd9-c117d4263787",
"type": "process",
"name": "Process"
}
],
"dataflows": [],
"external_project": {
"name": "Draft threat model",
"url": "https://app.devici.com/collections/63af3ecb-a74d-4eeb-b67b-82e90cb00800/d/5f7504f5-8ce2-4255-841a-506a397f7b4d"
},
"id": 4,
"import_status": "pending",
"last_updated": "2026-06-08T15:57:57.714563-04:00",
"last_updated_by": "example@sdelements.com",
"mapped_attributes": [
{
"id": "45a967fa-1fe9-4bb6-b71c-71567c1bdaba",
"type": "devici",
"name": "Django",
"description": "A high-level Python web framework that encourages rapid development and clean, pragmatic design.",
"mapped_to": [
{
"id": "AT306",
"name": "Django"
}
]
}
],
"representations": [
{
"id": "5f7504f5-8ce2-4255-841a-506a397f7b4d",
"name": "Canvas 1"
}
],
"trust_zones": []
}
Import a Devici Threat Model via File Upload
POST /api/v2/projects/{project_id}/devici/threat-models/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the project to be imported to |
Body Parameters
| Fields | Required | Description |
|---|---|---|
| file | Yes | The Devici OTM file to be imported |
POST /api/v2/projects/1/devici/threat-models/ HTTP/1.1
Content-Type: multipart/form-data
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
Content-Disposition: form-data; name="file"; filename="project_threat_model.json"
Content-Type: application/json
<truncated>
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": 8,
"import_status": "success",
"last_updated": "2026-06-02T16:23:19.785002-04:00",
"last_updated_by": "example@sdelements.com"
}
Import a Devici Threat Model via JSON
POST /api/v2/projects/{project_id}/devici/threat-models/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the project to be imported to |
Body Parameters
| Fields | Required | Description |
|---|---|---|
| data | Yes | The JSON content of the Devici OTM file. |
POST /api/v2/projects/1/devici/threat-models/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"data": {
"components": [],
"dataflows": []
}
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": 8,
"import_status": "success",
"last_updated": "2026-06-02T16:23:19.785002-04:00",
"last_updated_by": "example@sdelements.com"
}
Delete a Devici Threat Model
This endpoint deletes the threat model for a Project resource, as specified by the id parameter.
DELETE /api/v2/projects/{project_id}/devici/threat-models/current/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the project that the threat model belongs to |
DELETE /api/v2/projects/1/devici/threat-models/current/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT
Get the Devici Threat Model JSON schema
This endpoint retrieves a simplified JSON schema for Devici threat model (OTM) files. This JSON schema can be used to validate OTM files, and is the same validation that SD Elements performs when a user uploads an OTM file.
GET /api/v2/devici/threat-model-schema/
GET /api/v2/devici/threat-model-schema/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"$schema":"http://json-schema.org/draft-07/schema#",
"title": "SD Elements Devici Threat Model",
"$comment": "Validates the subset of Devici Threat Model JSON that is used by SD Elements.",
"properties": [
"..."
]
}