Skip to main content
The compliance endpoints let you enable frameworks, run assessments against your connected providers, retrieve control-level results, and export reports as PDF or CSV. Supported frameworks include CIS AWS Foundations Benchmark, SOC 2, NIST 800-53, and PCI-DSS. Base path: /api/v1/compliance

GET /compliance/frameworks — list available frameworks

Returns all frameworks available in your account. 
GET /api/v1/compliance/frameworks
Authorization: Bearer <token>

Response

[
  {
    "id": "cis-aws",
    "name": "CIS AWS Foundations Benchmark",
    "version": "2.0",
    "enabled": true
  },
  {
    "id": "soc2",
    "name": "SOC 2 Type II",
    "version": null,
    "enabled": false
  }
]

POST /compliance/frameworks//enable — enable a framework

Enables a framework for one or more providers. 
POST /api/v1/compliance/frameworks/{framework_id}/enable
Authorization: Bearer <token>
Content-Type: application/json

Request body (optional)

provider_ids
array
IDs of the providers to scope this framework to. If omitted, all connected providers are included.
{
  "provider_ids": [1, 2]
}

DELETE /compliance/frameworks//enable — disable a framework

Disables a framework and stops future assessments for it. 
DELETE /api/v1/compliance/frameworks/{framework_id}/enable
Authorization: Bearer <token>

POST /compliance/assess — run an assessment

Runs a compliance assessment. If no body is provided, all enabled frameworks run against all providers. 
POST /api/v1/compliance/assess
Authorization: Bearer <token>
Content-Type: application/json

Request body (optional)

framework_id
string
Run only this framework.
provider_id
integer
Scope to a specific provider.
{
  "framework_id": "cis-aws",
  "provider_id": 1
}

Response 202

{
  "job_id": 67,
  "status": "running"
}

GET /compliance/assessments — list assessments

Returns past assessments. 
GET /api/v1/compliance/assessments
Authorization: Bearer <token>

Query parameters

framework_id
string
Filter by framework.
provider_id
integer
Filter by provider.
page
integer
default:"1"
Page number.
per_page
integer
default:"20"
Results per page.

GET /compliance/assessments/ — get assessment results

Returns the full assessment with control-level results and failed resources. 
GET /api/v1/compliance/assessments/{id}
Authorization: Bearer <token>

Response

{
  "id": 1,
  "framework_id": "cis-aws",
  "provider_id": 1,
  "score": 0.724,
  "total_controls": 58,
  "passed": 42,
  "failed": 16,
  "created_at": "2024-01-15T04:00:00Z",
  "controls": [
    {
      "id": "cis-aws-2.1.1",
      "category": "Storage",
      "title": "Ensure S3 encryption-at-rest",
      "severity": "high",
      "status": "failed",
      "failed_resources": [
        { "resource_id": 5, "name": "data-lake-bucket" }
      ]
    }
  ]
}
score
number
A value between 0 and 1 representing the percentage of controls that passed.

GET /compliance/assessments//export — export assessment report

Downloads the assessment as a PDF or CSV file. 
GET /api/v1/compliance/assessments/{id}/export?format=pdf
Authorization: Bearer <token>

Query parameters

format
string
required
Export format: pdf or csv.
The response uses the appropriate Content-Type header: application/pdf or text/csv.