User guideDeveloper guideCompliance, reports and exports
Developer guide

Compliance, reports and exports

Fetch compliance progress, generate reports and use the document export endpoints.

Compliance, reports and exports

If you run a separate GRC or reporting tool, you can pull governance data out of VerifyWise over the API: live compliance progress, generated reports and a handful of document exports. This article covers what is available and what is not.

Compliance and assessment progress

Progress endpoints return how far a project has come on its controls and assessment questions, as plain JSON. Use these to mirror compliance state in another system.

Method & pathReturns
GET /api/projects/compliance/progress/:idControl progress for a project.
GET /api/projects/assessment/progress/:idAssessment question progress for a project.
GET /api/projects/all/compliance/progressControl progress across all projects.
GET /api/projects/all/assessment/progressAssessment progress across all projects.
bash
curl "http://localhost:3000/api/projects/compliance/progress/1" \
  -H "Authorization: Bearer <your-token>"

The compliance response counts subcontrols; the assessment response counts questions:

json
{ "message": "OK", "data": { "allsubControls": 45, "allDonesubControls": 23 } }

{ "message": "OK", "data": { "totalQuestions": 120, "answeredQuestions": 87 } }

Framework-specific progress is available under each framework, for example /api/eu-ai-act/compliances/progress/:id and /api/iso-27001/clauses/progress/:id, with matching all/... variants. The frameworks also expose their control structure (control categories, controls, ISO clauses and annexes) as JSON, so you can map VerifyWise controls onto your own framework model.

Generating reports

You can generate a report document on demand and stream it back. This is the same report the Reporting page produces.

Method & pathDescription
POST /api/reporting/v2/generate-reportGenerate and download a report. Admin only.
GET /api/reporting/generate-reportList previously generated reports.
DELETE /api/reporting/:idDelete a generated report.

The generate call takes the project, a report type and a format (pdf or docx), and responds with the document as a file attachment.

bash
curl -X POST "http://localhost:3000/api/reporting/v2/generate-report" \
  -H "Authorization: Bearer <admin-token>" \
  -H "Content-Type: application/json" \
  -d '{ "projectId": 1, "reportType": "compliance", "format": "pdf" }' \
  --output report.pdf
Report types
reportType selects the sections, for example compliance, assessment, projectRisks, vendorRisks, modelRisks, trainingRegistry, policyManager or all. Some report types also expect a framework id; check the Reporting page or /api/docs for the exact combination you want.

Document exports

A few resources can be exported as a file. These are targeted exports, not a general dump of your data.

Method & pathFormat
GET /api/policies/:id/export/pdfPolicy as PDF.
GET /api/policies/:id/export/docxPolicy as DOCX.
GET /api/ai-detection/scans/:scanId/export/ai-bomAI bill of materials as JSON.
GET /api/ai-audit/export?format=csvAgent Control audit log as CSV (or JSON without the param).
No general CSV export
There is no single endpoint that dumps all risks, models or evidence as CSV or JSON. To pull those, list each resource through its own endpoint (see Working with resources) and shape the data yourself. The exports above are the only file exports available today.

Related articles

Working with resources

List and read resources over the API.

Platform REST API

Auth, base URL, response shape and limits.

PreviousAutomations API
NextInbound integrations
Compliance, reports and exports - Developer guide - VerifyWise User Guide