API documentation
Complete API reference for VerifyWise. Explore endpoints for authentication, projects, compliance frameworks, AI governance, and more.
https://your-domain.com/apiAuthentication
Most endpoints require JWT authentication. Include the token in your headers:
Authorization: Bearer <token>Response format
All responses follow a consistent JSON structure:
{ "message": "ok", "data": {...} }Version
Current API version with full compatibility:
v1.7.0Getting started
Authentication
Register users, authenticate with login credentials, manage session tokens, and handle password resets across your application.
Tokens
Generate, rotate, and revoke API tokens for programmatic access. Configure token scopes, expiration policies, and usage limits.
LLM keys
Manage API keys for LLM providers. Store, test, and rotate keys for OpenAI, Anthropic, and other AI service providers.
Core resources
Users
Create, update, and delete user accounts. Retrieve user profiles, manage team memberships, and configure notification preferences.
Organizations
Manage organizations with multi-tenancy support. Create workspaces, configure org-level settings, and handle member invitations.
Projects
Create and manage compliance projects. Assign team members, track progress, set deadlines, and organize work across frameworks.
Roles
Define and assign user roles with granular permissions. Control access to resources, features, and actions across your organization.
Vendors
Register and manage third-party vendors and suppliers. Track vendor compliance status, review contracts, and assess vendor risk.
Policies
Define and manage organizational policies. Version policy documents, track approval workflows, and link policies to compliance controls.
Tasks
Create and manage tasks linked to compliance work. Assign owners, set due dates, track completion, and link to entities.
Training
Manage training records including courses, attendance, completion status, and certification tracking for compliance awareness.
Evidence hub
Store and manage compliance evidence in a centralized repository. Link documents to controls, track review status, and maintain audit trails.
Files
Upload, download, and manage files attached to compliance records. Supports evidence documents, policy files, and report attachments.
Notes
Create and manage notes attached to any entity. Add context, commentary, and discussion threads to projects, risks, and controls.
Share links
Create and manage shareable links to compliance resources. Set expiration dates, access permissions, and track link usage.
Datasets
Register and manage datasets used in AI model training and evaluation. Track lineage, quality metrics, and compliance attributes.
Risk management
Project risks
Identify, assess, and track project-level risks. Assign risk owners, set mitigation plans, and monitor risk status over time.
Vendor risks
Assess and monitor risks associated with third-party vendors. Link risks to vendors, track remediation, and generate risk reports.
Model risks
Identify and manage risks specific to AI models. Evaluate risk severity, assign mitigation strategies, and track resolution progress.
Quantitative risks
Perform FAIR-based quantitative risk analysis. Calculate annual loss expectancy, risk exposure, and ROI of mitigation controls.
Risk benchmarks
Compare risk metrics against industry benchmarks and standards. Track risk posture relative to peer organizations.
Risk history
Track changes to risk assessments over time. View historical risk levels, mitigation progress, and audit trail of risk modifications.
AI governance
Model inventory
Catalog and manage your AI/ML model inventory. Track model versions, deployment status, ownership, and lifecycle stage.
AI detection
Scan repositories and codebases for AI/ML model usage. Detect frameworks, libraries, and model files across your organization.
AI Trust Centre
Configure and manage your public-facing AI Trust Centre portal. Publish compliance documentation and transparency reports.
AI incidents
Report, track, and resolve AI-related incidents. Document root causes, assign remediation tasks, and maintain incident history.
AI advisor
Get AI-powered compliance guidance and recommendations. Ask questions about frameworks, risks, and governance best practices.
Agent discovery
Discover and catalog AI agents operating within your organization. Track agent capabilities, permissions, and model associations.
Shadow AI
Detect and monitor unauthorized AI tool usage across your organization. Track tools, users, departments, and enforce governance rules.
Compliance
EU AI Act
Manage EU AI Act compliance with risk classification, conformity assessments, and documentation required for high-risk AI systems.
ISO 27001
Track ISO 27001 information security compliance. Manage Annex A controls, statement of applicability, and audit readiness.
ISO 42001
Manage ISO 42001 AI management system compliance. Track controls, document AI governance processes, and prepare for certification.
NIST AI RMF
Implement the NIST AI Risk Management Framework. Map controls to govern, map, measure, and manage functions.
Compliance score
Calculate and track overall compliance scores across frameworks. View weighted scores by module and monitor compliance trends.
Frameworks
Manage compliance frameworks and their requirements. Import framework definitions, map controls, and track coverage.
Assessments
Create and manage compliance assessments. Schedule reviews, collect responses from stakeholders, and track completion.
CE marking
Manage CE marking compliance and certification workflows. Track conformity declarations and technical documentation.
FRIA
Conduct Fundamental Rights Impact Assessments. Evaluate rights impacts, document risk items, link models, and manage evidence.
Entity graph
Visualize and manage relationships between compliance entities. Create annotations, views, and gap analysis rules.
Approval workflows
Define and manage multi-step approval workflows. Configure approvers, conditions, and escalation rules for compliance actions.
Utilities
Automation
Create automation rules and manage compliance workflows. Define triggers, conditions, and actions to streamline processes.
Notifications
Manage real-time notifications via SSE streaming. List, read, and delete notifications with filtering and pagination.
Reporting
Generate compliance reports and analytics. Export data in multiple formats and build custom report templates.
Dashboard
Retrieve dashboard metrics, compliance statistics, and summary data across projects, risks, models, and tasks.
Search
Search across projects, controls, risks, vendors, and other resources with full-text matching, filters, and pagination.
Post-market monitoring
Configure and run post-market monitoring cycles. Manage questions, collect responses, and generate monitoring reports.
Settings
Manage feature settings and platform configuration. Toggle features, update preferences, and customize platform behavior.
User preferences
Read and update user preferences such as date format, notification settings, and display options.
Subscriptions
Manage subscription plans and billing details. View current plan status and update payment methods.
Tiers
Retrieve subscription tiers and feature availability. Compare capabilities and usage limits across plans.
Email services
Send transactional emails for invitations, password resets, and compliance workflow notifications.
Invitations
Send and manage user invitations to join organizations. Track invitation status and resend pending invites.
Intake forms
Create and manage public intake forms for collecting compliance information from external stakeholders.
Advanced
Integrations
Connect and manage third-party integrations. Configure GitHub tokens, test connections, and manage sync settings.
Slack webhooks
Configure Slack webhook integrations to receive real-time compliance notifications. Map event types to channels.
Webhooks
Receive incoming webhook events from external services. Process GitHub push and pull request events with HMAC verification.
Plugins
Browse, install, and configure plugins from the marketplace. Extend platform capabilities with compliance frameworks and integrations.
Super admin
Administrative endpoints for platform management. Manage organizations, users, and system-wide configuration.
System
System health checks, version information, and platform diagnostics for monitoring and operations.
Logger
Access system and event logs. Query log entries by user, resource, and action type for compliance audit trails.
Audit ledger
Access the immutable audit ledger. Verify data integrity with blockchain-anchored audit records and hash verification.
Change history
Track changes across all entities. View modification history for projects, risks, vendors, policies, and models.
Internal
Internal platform endpoints for service-to-service communication. Used by AI Gateway and background workers.
Demo data
Seed and manage demonstration data for testing and showcasing platform capabilities.
Need help with the API?
Check out our user guide for step-by-step tutorials and examples.