API

Mawidabp exposes a REST JSON API to query findings (issues and improvement opportunities) from external systems. The API is read-only and is designed for integrations with BI tools, CMDBs, ticketing systems, or corporate dashboards.

Base URL

Each organization has its own subdomain:

https://<organization>.mawidabp.com/api/v1

For example, for an organization named demo:

https://demo.mawidabp.com/api/v1

Authentication

All endpoints use JWT (JSON Web Token). The token is sent in the Authorization header with the Bearer prefix:

Authorization: Bearer <jwt_token>

The token is obtained from Mawidabp (the same place used for Power BI): Follow-up → Findings → Link section. The user's profile must have permission to view the token.

Authentication errors

Code	Message	Description
401	`Invalid token`	The provided token is invalid.
401	`Expired token`	The token expired and must be renewed.

Example error response:

{
  "error": "Invalid token"
}

Endpoints

GET `/api/v1/:completion_state/findings`

Returns findings (issues and opportunities) filtered by completion state.

Path parameters

Parameter	Type	Required	Values	Description
`completion_state`	string	yes	`complete`, `incomplete`	Filter by state.

Statuses grouped by `completion_state`

incomplete returns findings in:

Being implemented
Not confirmed
Confirmed
No response
Implemented
Notify

complete returns findings in:

Implemented / Audited
Dismissed / Not applicable
Risk assumed
Differs in criteria

Response

200 OK, JSON array where each element is a finding.

Field	Type	Description
`Informe`	string	Review identification.
`Proyecto`	string	Plan project name.
`Fecha de emisión`	string	Report issue date (DD/MM/YY).
`Acta`	string	Final audit report summary / minutes.
`Unidad organizativa`	string	Organizational unit name.
`Unidad de negocio`	string	Business unit name.
`Código`	string	Unique finding code.
`Id`	string	Numeric identifier.
`Etiquetas`	string	Tags separated by commas.
`Título`	string	Finding title.
`Observación / Oportunidad`	string	Detailed description.
`Estado`	string	Current status (see status table).
`Riesgo`	string	`Alto`, `Medio`, or `Bajo`.
`Prioridad`	string	`Alta`, `Media`, or `Baja`.
`Efecto`	string	Effect or impact.
`Responsable`	string	Process responsible parties.
`Auditados`	string	Assigned auditees.
`Auditores`	string	Assigned auditors.
`Buena práctica`	string	Related best practice.
`Proceso`	string	Associated business process.
`Objetivo de control`	string	Related control objective.
`Fecha de origen`	string	Finding origin date.
`Fecha de implementación`	string	Committed date.
`Fecha de solución`	string	Closure date if already solved.
`Fecha de cambio a "Implementada"`	string	When it moved to Implemented.
`Fecha del último cambio de estado`	string	Last status change recorded.
`Reprogramada`	string	`Sí` / `No`.
`Cantidad de reprogramaciones`	string	Number of reschedules.
`Reiterada`	string	Parent finding ID if it is a reiteration.
`Comentarios de auditoría`	string	Auditor comments.
`Recomendaciones de auditoría`	string	Recommended actions.
`Respuesta/Acciones correctivas`	string	Auditee response.

note

Field names are returned in Spanish for consistency with the application's primary language.

Example

curl -X GET "https://demo.mawidabp.com/api/v1/incomplete/findings" \
  -H "Authorization: Bearer <token>"

[
  {
    "Informe": "AI-2024-001",
    "Proyecto": "Auditoría de sistemas",
    "Fecha de emisión": "15/03/24",
    "Acta": "Revisión del proceso de control de accesos",
    "Unidad organizativa": "Tecnología",
    "Unidad de negocio": "Sistemas de Información",
    "Código": "O001",
    "Id": "12345",
    "Etiquetas": "seguridad, accesos",
    "Título": "Deficiencia en gestión de contraseñas",
    "Observación / Oportunidad": "Se detectó que las políticas de contraseñas no cumplen con los estándares mínimos de seguridad.",
    "Estado": "En proceso de implementación",
    "Riesgo": "Alto",
    "Prioridad": "Alta",
    "Efecto": "Exposición a accesos no autorizados",
    "Responsable": "Juan Pérez, María García",
    "Auditados": "Carlos López",
    "Auditores": "Ana Martínez, Pedro Sánchez",
    "Buena práctica": "Seguridad de la información",
    "Proceso": "Control de accesos",
    "Objetivo de control": "Gestión de credenciales",
    "Fecha de origen": "01/01/24",
    "Fecha de implementación": "30/04/24",
    "Fecha de solución": "-",
    "Reprogramada": "No",
    "Cantidad de reprogramaciones": "0",
    "Reiterada": "",
    "Comentarios de auditoría": "Se requiere actualización de políticas",
    "Recomendaciones de auditoría": "Implementar política de contraseñas según ISO 27001",
    "Respuesta/Acciones correctivas": "Se iniciará el proceso de actualización en el próximo mes"
  }
]

GET `/api/v1/issues`

Returns final approved issues. Useful for integrations that only need the subset of issues officially approved by the committee.

Response

200 OK, JSON array.

Field	Type	Description
`Código`	string	Unique issue code.
`Id`	string	Numeric identifier.
`Título`	string	Issue title.
`Estado`	string	Current status.
`Riesgo`	string	Risk level.
`Fecha de origen`	string	Origin date.
`Fecha de implementación`	string	Committed date.
`Fecha de solución`	string	Closure date if applicable.

Optional additional fields

Depending on the organization's configuration, the following may be included:

Field	Type	Description
`Fecha de creación`	string	Approval date.
`Importancia`	string	Importance value (`0.10`, `0.25`, `0.65`).
`Vencimiento`	string	Due value (0 to 1).
`Gestión por importancia`	string	Management percentage.

Dynamic columns based on the organization's tag groups may also appear.

Example

curl -X GET "https://demo.mawidabp.com/api/v1/issues" \
  -H "Authorization: Bearer <token>"

[
  {
    "Código": "O001",
    "Id": "12345",
    "Título": "Deficiencia en gestión de contraseñas",
    "Estado": "En proceso de implementación",
    "Riesgo": "Alto",
    "Fecha de origen": "01/01/24",
    "Fecha de implementación": "30/04/24",
    "Fecha de solución": "-"
  }
]

Reference values

Statuses

Value	Description
`En proceso de implementación`	Finding being worked on.
`No confirmada`	Pending confirmation.
`Confirmada`	Finding confirmed.
`Sin respuesta`	Awaiting auditee response.
`A regularizar`	Awaiting regularization.
`Implementada`	Implementation completed, pending verification.
`Implementada / Auditada`	Verified and closed.
`Riesgo asumido`	Risk accepted by the organization.
`Notificar`	Requires notification.
`Incompleta`	Incomplete information.
`Reiterada`	Recurring finding.
`Anulada`	Finding cancelled.
`Difiere criterio`	Difference in interpretation.
`Desestimada / No aplica`	Finding dismissed or not applicable.
`Falla`	Failed implementation.

Risk levels

Alto, Medio, Bajo.

Priority levels

Alta, Media, Baja.

Empty responses

An endpoint with no results returns an empty array:

[]

Not 404.

Best practices

Cache when possible: the API has no explicit rate limiting, but it is designed for periodic consumption, not for tight loops. A refresh every 15 minutes is enough for most cases.
Store the token securely: a secret manager, an encrypted environment variable, a pipeline configuration. Not in code.
Handle 401 errors by regenerating the token: if your integration runs unattended, it pays to alert when the token expires.

Support

For questions, new endpoint needs, or problems, write to soporte@mawidabp.com.

Base URL​

Authentication​

Authentication errors​

Endpoints​

GET /api/v1/:completion_state/findings​

Path parameters​

Statuses grouped by completion_state​

Response​

Example​

GET /api/v1/issues​

Response​

Optional additional fields​

Example​

Reference values​

Statuses​

Risk levels​

Priority levels​

Empty responses​

Best practices​

Support​

Base URL

Authentication

Authentication errors

Endpoints

GET `/api/v1/:completion_state/findings`

Path parameters

Statuses grouped by `completion_state`

Response

Example

GET `/api/v1/issues`

Response

Optional additional fields

Example

Reference values

Statuses

Risk levels

Priority levels

Empty responses

Best practices

Support