# Retrieve TOE ID Rating source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/portfolio-management/portfolio/get-toe-rating/index.md ## Overview {#overview} The `GET TOE ID Rating` endpoint enables users to retrieve cybersecurity and privacy ratings for a specific Target of Evaluation (TOE). It supports both current and historical rating data, offering flexibility for various risk assessment needs. The ratings span multiple security domains and criteria, providing detailed insights into a vendor's security posture. Additionally, the endpoint includes support for privacy ratings for customers subscribed to the RiskRecon privacy module, allowing you to evaluate vendors across both cybersecurity and privacy dimensions. This helps analysts make informed decisions during vendor onboarding, monitoring, and compliance reviews. ## Sequence Diagram {#sequence-diagram} Diagram retrieve-toe-rating ## Execution Steps {#execution-steps} The following steps describe how to retrieve cybersecurity and privacy ratings for a TOE ID: 1. The user sends a `GET` request specifying a TOE ID, optionally including: * `risk_dimension_list` to specify whether to retrieve cyber, privacy, or both ratings. * `current_rating_only` to control whether to return only the latest ratings or the full historical data. 2. Based on the parameters: * If `risk_dimension_list` =`cyber` and `current_rating_only`=`true`, only the latest cybersecurity ratings are returned. * If `risk_dimension_list`=`cyber` and `current_rating_only`=`false`, all historical cybersecurity ratings are returned. * If `risk_dimension_list`=`privacy` and `current_rating_only`=`true`, only the latest privacy ratings are returned. * If `risk_dimension_list`=`privacy` and `current_rating_only`=`false`, all historical privacy ratings are returned. * If no risk dimension parameter is provided, the response defaults to the cyber ratings. * If both dimensions are requested, the response includes both cyber and privacy ratings. If the vendor lacks one or both licenses, the API returns an error specifying which licenses are missing. 3. RiskRecon returns the ratings, including scores and grades across relevant domains and criteria. Privacy ratings are returned only if the account and vendor have the necessary licenses. ## Sample Request and Response {#sample-request-and-response} For a sample response of this API, see \[Get TOE Rating\]/documentation/testing/toe-samples/get-toe-rating-smpl/. ## Use Case Examples {#use-case-examples} This endpoint provides detailed cybersecurity and privacy ratings for a Target of Evaluation (TOE). #### Evaluate a Vendor's Cybersecurity and Privacy Posture {#evaluate-a-vendors-cybersecurity-and-privacy-posture} The cyber and privacy ratings reflect the vendor's performance in key domains. High scores indicate strong controls and low risk, supporting confident onboarding or continued engagement. * Cyber rating: a * Cyber rating numeric: 9.9 * Privacy rating: a * Privacy rating numeric: 9.2 #### Assess Risk by Security Domain and Criteria {#assess-risk-by-security-domain-and-criteria} This evaluates specific areas of a vendor's security posture, such as software patching, application security, or web encryption. You can also drill down into specific security criteria (e.g., Phishing Sites, OpenSSL patching) to understand how well a vendor performs in targeted risk dimensions. This helps pinpoint strengths and weaknesses in the vendor's controls. * Security domain: patching_app_server * Rating: a * Rating numeric: 8.6 * Risk dimension: cyber * Security criteria: threatintel_phishing_site #### Track Latest and Historical Risk Analysis {#track-latest-and-historical-risk-analysis} Use the current_rating_only parameter to retrieve either the most recent or historical ratings for a vendor's risk analysis. This helps in understanding how a vendor's posture has evolved over time. * `current_rating_only` = `true` → Get the latest analysis of a TOE * `current_rating_only` = `false` → Get the full history of analyses ## Endpoint {#endpoint} API Reference: `GET /v1/toes/{toe_id}/ratings`