Favorites
The favorites endpoints back the My STIGs and My Controls pages in the stigviewer UI. They are a flat per-user favorite set — not the same as the multi-user, shareable collections exposed by Lists and Control Collections. All endpoints require a SAMS token.
My STIGs
List favorited STIGs
GET /api/v1/my-stigs
Response
{
"slugs": ["rhel-08", "windows-server-2022"],
"items": [
{ "slug": "rhel-08", "addedAt": "2026-05-16T08:15:00Z" },
{ "slug": "windows-server-2022", "addedAt": "2026-05-17T14:22:00Z" }
]
}
Favorite STIGs
POST /api/v1/my-stigs
- Name
slugs- Type
- array
- Description
Array of STIG slugs to add. Duplicates are silently ignored.
Response
{ "success": true, "added": 2, "total": 2 }
Remove STIG favorites
DELETE /api/v1/my-stigs
- Name
slugs- Type
- array
- Description
Array of STIG slugs to remove.
Response
{ "success": true, "removed": 1 }
My Controls
List favorited controls
GET /api/v1/my-controls
- Name
framework- Type
- string
- Description
Filter to a single framework (
nist-800-53,nist-800-171, ordod-8500).
Response
{
"total": 3,
"controls": [
{
"controlId": "AC-2",
"framework": "nist-800-53",
"addedAt": "2026-05-16T08:15:00Z",
"identifier": "AC-2",
"title": "Account Management",
"family": "Access Control",
"statement": "The organization manages..."
}
]
}
Favorite a control
POST /api/v1/my-controls
- Name
controlId- Type
- string
- Description
Control identifier (e.g.
AC-2).
- Name
framework- Type
- string
- Description
Framework key (e.g.
nist-800-53).
Response
{ "success": true, "id": "fav-uuid", "controlId": "AC-2", "framework": "nist-800-53" }
Remove a control favorite
DELETE /api/v1/my-controls
- Name
controlId- Type
- string
- Description
Control identifier.
- Name
framework- Type
- string
- Description
Framework key.
Response
{ "success": true, "controlId": "AC-2", "framework": "nist-800-53" }