API docs by Redocly

Q360 API (1.0.0)

Download OpenAPI specification:

Organization-scoped automation contract for the Q360 platform.

Q360 exposes a versioned, organization-scoped API for automation, integrations, and operational traceability. Authentication uses Q360 API keys passed as Authorization: Bearer <q360_...> and every authenticated request resolves tenant scope from the validated key.

Search

Full-text search across QMS modules and saved search management.

Search QMS records

Performs full-text search across controlled documents, evidence, findings, CAPAs, and NCRs.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
query
required
string [ 1 .. 500 ] characters

Search query string

modules
Array of strings
Items Enum: "documents" "evidence" "findings" "capas" "ncrs"

Modules to search in

status
string

Filter by entity status

owner
string

Filter by owner name or ID

dateFrom
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Start date for date range filter

dateTo
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

End date for date range filter

limit
integer [ 1 .. 200 ]
Default: 50

Number of results per page (default 50)

offset
integer [ 0 .. 9007199254740991 ]
Default: 0

Pagination offset (default 0)

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects

Array of search results

required
object

Response metadata (pagination, request ID)

Request samples

Content type
application/json
{
  • "query": "string",
  • "modules": [
    ],
  • "status": "string",
  • "owner": "string",
  • "dateFrom": "2019-08-24",
  • "dateTo": "2019-08-24",
  • "limit": 50,
  • "offset": 0
}

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

List savedsearches

Returns a cursor-paginated collection of savedsearches.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

isShared
boolean

Filter by shared status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create savedsearch

Creates a savedsearch within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Name of the saved search

description
string <= 1000 characters

Optional description of the saved search

query
required
string [ 1 .. 500 ] characters

The search query string

required
object
Default: {}

Filter criteria as key-value pairs

modules
required
Array of strings
Default: []
Items Enum: "documents" "evidence" "findings" "capas" "ncrs"

Modules to search in

isShared
required
boolean
Default: false

Whether to share this search with team

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "query": "string",
  • "filters": { },
  • "modules": [ ],
  • "isShared": false
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get savedsearch

Returns a single savedsearch by identifier.

Authorizations:
bearerAuth
path Parameters
savedSearchId
required
string <uuid>

Saved search UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update savedsearch

Applies a partial update to an existing savedsearch.

Authorizations:
bearerAuth
path Parameters
savedSearchId
required
string <uuid>

Saved search UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Updated name of the saved search

description
string <= 1000 characters

Updated description

query
string [ 1 .. 500 ] characters

Updated search query string

object

Updated filter criteria

modules
Array of strings
Items Enum: "documents" "evidence" "findings" "capas" "ncrs"

Updated modules to search in

isShared
boolean

Updated sharing status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "query": "string",
  • "filters": {
    },
  • "modules": [
    ],
  • "isShared": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

SLAs

SLA policy configuration, escalation tracking, and approval queue management.

List slapolicies

Returns a cursor-paginated collection of slapolicies.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

entityType
string
Enum: "approval_request" "document_review" "capa" "ncr" "change_request" "audit_finding" "training_assignment"

Filter by entity type

isActive
boolean

Filter by active status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create slapolicy

Creates a slapolicy within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Name of the SLA policy

description
string <= 1000 characters

Optional description

entityType
required
string
Enum: "approval_request" "document_review" "capa" "ncr" "change_request" "audit_finding" "training_assignment"

Type of entity this policy applies to

targetStatus
string

Specific status that triggers the SLA

warningHours
required
integer [ 1 .. 9007199254740991 ]

Hours before breach when warning is triggered

breachHours
required
integer [ 1 .. 9007199254740991 ]

Hours until SLA is breached

escalationHours
integer [ 1 .. 9007199254740991 ]

Hours until escalation occurs

escalationTo
string
Enum: "manager" "admin" "specific_user"

Who to escalate to

escalationUserId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

User ID if escalating to specific person

autoRemind
required
boolean
Default: true

Whether to automatically send reminders

reminderIntervalHours
required
integer [ 1 .. 9007199254740991 ]
Default: 24

Hours between reminder notifications

isActive
required
boolean
Default: true

Whether this policy is active

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "approval_request",
  • "targetStatus": "string",
  • "warningHours": 1,
  • "breachHours": 1,
  • "escalationHours": 1,
  • "escalationTo": "manager",
  • "escalationUserId": "54a48fb5-d3c3-422d-ae33-9f3ac3af0356",
  • "autoRemind": true,
  • "reminderIntervalHours": 24,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get slapolicy

Returns a single slapolicy by identifier.

Authorizations:
bearerAuth
path Parameters
policyId
required
string <uuid>

SLA policy UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update slapolicy

Applies a partial update to an existing slapolicy.

Authorizations:
bearerAuth
path Parameters
policyId
required
string <uuid>

SLA policy UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Updated policy name

description
string <= 1000 characters

Updated description

entityType
string
Enum: "approval_request" "document_review" "capa" "ncr" "change_request" "audit_finding" "training_assignment"

Updated entity type

targetStatus
string

Updated trigger status

warningHours
integer [ 1 .. 9007199254740991 ]

Updated warning hours

breachHours
integer [ 1 .. 9007199254740991 ]

Updated breach hours

escalationHours
integer [ 1 .. 9007199254740991 ]

Updated escalation hours

escalationTo
string
Enum: "manager" "admin" "specific_user"

Updated escalation target

escalationUserId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Updated escalation user ID

autoRemind
boolean

Updated auto-reminder status

reminderIntervalHours
integer [ 1 .. 9007199254740991 ]

Updated reminder interval

isActive
boolean

Updated active status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "approval_request",
  • "targetStatus": "string",
  • "warningHours": 1,
  • "breachHours": 1,
  • "escalationHours": 1,
  • "escalationTo": "manager",
  • "escalationUserId": "54a48fb5-d3c3-422d-ae33-9f3ac3af0356",
  • "autoRemind": true,
  • "reminderIntervalHours": 1,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List SLA escalations

Returns a paginated list of SLA escalation traces, filterable by status, severity, and entity type.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

entityType
string

Filter by entity type

status
string
Enum: "open" "acknowledged" "resolved" "expired"

Filter by escalation status

slaStatus
string
Enum: "warning" "breached" "critical"

Filter by SLA severity

assignedTo
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by assigned user

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get SLA escalation

Returns a single SLA escalation trace by identifier.

Authorizations:
bearerAuth
path Parameters
escalationId
required
string <uuid>

SLA escalation UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List escalationchains

Returns a cursor-paginated collection of escalationchains.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

entityType
string
Enum: "approval_request" "document_review" "capa" "ncr" "change_request" "audit_finding" "training_assignment"

Filter by entity type

isActive
boolean

Filter by active status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create escalationchain

Creates a escalationchain within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Name of the escalation chain

description
string <= 1000 characters

Description of chain purpose

entityType
required
string
Enum: "approval_request" "document_review" "capa" "ncr" "change_request" "audit_finding" "training_assignment"

Entity type this chain applies to

isDefault
required
boolean
Default: false

Whether this is the default chain for the entity type

isActive
required
boolean
Default: true

Whether this chain is active

Array of objects

Initial steps to create with the chain

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "approval_request",
  • "isDefault": false,
  • "isActive": true,
  • "steps": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get escalationchain

Returns a single escalationchain by identifier.

Authorizations:
bearerAuth
path Parameters
chainId
required
string <uuid>

Escalation chain UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update escalationchain

Applies a partial update to an existing escalationchain.

Authorizations:
bearerAuth
path Parameters
chainId
required
string <uuid>

Escalation chain UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Updated chain name

string or null

Updated description

entityType
string
Enum: "approval_request" "document_review" "capa" "ncr" "change_request" "audit_finding" "training_assignment"

Updated entity type

isDefault
boolean

Whether this should be the default chain

isActive
boolean

Whether the chain is active

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "approval_request",
  • "isDefault": true,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List escalation executions

Returns a paginated list of escalation execution audit records, filterable by chain, entity type, result, and date range.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

chainId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by escalation chain

escalationId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by SLA escalation

entityType
string

Filter by entity type

result
string
Enum: "success" "failure" "skipped"

Filter by execution result

dateFrom
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Filter executions after this date

dateTo
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Filter executions before this date

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

RevisionImpact

Document revision impact rules and assessment management.

List revisionimpactrules

Returns a cursor-paginated collection of revisionimpactrules.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

impactCategory
string
Enum: "training" "acknowledgement" "control_review" "capa_review" "scheduled_task" "entity_link"

Filter by impact category

isActive
boolean

Filter by active status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create revisionimpactrule

Creates a revisionimpactrule within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Rule name

description
string <= 1000 characters

Rule description

documentTypeFilter
Array of strings

Document types this rule applies to

documentDomainFilter
Array of strings

QMS domains this rule applies to

impactCategory
required
string
Enum: "training" "acknowledgement" "control_review" "capa_review" "scheduled_task" "entity_link"

Type of impact (training, acknowledgement, etc.)

actionType
required
string
Enum: "require_retraining" "require_reacknowledgement" "flag_for_review" "create_task"

Action to take (retraining, flag for review, etc.)

priority
required
string
Default: "medium"
Enum: "low" "medium" "high" "critical"

Priority level for this rule

isActive
required
boolean
Default: true

Whether this rule is active

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentTypeFilter": [
    ],
  • "documentDomainFilter": [
    ],
  • "impactCategory": "training",
  • "actionType": "require_retraining",
  • "priority": "low",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get revisionimpactrule

Returns a single revisionimpactrule by identifier.

Authorizations:
bearerAuth
path Parameters
ruleId
required
string <uuid>

Revision impact rule UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update revisionimpactrule

Applies a partial update to an existing revisionimpactrule.

Authorizations:
bearerAuth
path Parameters
ruleId
required
string <uuid>

Revision impact rule UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Rule name

description
string <= 1000 characters

Rule description

documentTypeFilter
Array of strings

Document types this rule applies to

documentDomainFilter
Array of strings

QMS domains this rule applies to

impactCategory
string
Enum: "training" "acknowledgement" "control_review" "capa_review" "scheduled_task" "entity_link"

Type of impact (training, acknowledgement, etc.)

actionType
string
Enum: "require_retraining" "require_reacknowledgement" "flag_for_review" "create_task"

Action to take (retraining, flag for review, etc.)

priority
string
Enum: "low" "medium" "high" "critical"

Priority level for this rule

isActive
boolean

Whether this rule is active

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentTypeFilter": [
    ],
  • "documentDomainFilter": [
    ],
  • "impactCategory": "training",
  • "actionType": "require_retraining",
  • "priority": "low",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List revision impact assessments

Returns a paginated list of revision impact assessments, filterable by document.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

impactCategory
string
Enum: "training" "acknowledgement" "control_review" "capa_review" "scheduled_task" "entity_link"

Filter by impact category

isActive
boolean

Filter by active status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get revision impact assessment

Returns a single revision impact assessment by identifier.

Authorizations:
bearerAuth
path Parameters
assessmentId
required
string <uuid>

Revision impact assessment UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Retention

Retention policies, legal holds, archive records, defensible deletion, and audit log.

List retentionpolicies

Returns a cursor-paginated collection of retentionpolicies.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Pagination cursor

limit
integer [ 1 .. 100 ]

Results per page

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort field and direction

artifactType
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Filter by artifact type

isActive
boolean

Filter by active status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create retentionpolicy

Creates a retentionpolicy within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Policy name

description
string <= 2000 characters

Policy description

artifactType
required
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Type of artifact this policy applies to

retentionPeriodDays
integer ( 0 .. 9007199254740991 ]

Number of days to retain (null = indefinite)

retentionBasis
required
string
Enum: "from_creation" "from_release" "from_closure" "from_supersede" "custom"

When retention period starts counting

archiveAfterDays
integer ( 0 .. 9007199254740991 ]

Days before archiving (null = no archival)

isDefault
boolean

Whether this is the default policy for its artifact type

isActive
boolean

Whether this policy is active

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "artifactType": "document",
  • "retentionPeriodDays": 9007199254740991,
  • "retentionBasis": "from_creation",
  • "archiveAfterDays": 9007199254740991,
  • "isDefault": true,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get retentionpolicy

Returns a single retentionpolicy by identifier.

Authorizations:
bearerAuth
path Parameters
policyId
required
string <uuid>

Retention policy UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update retentionpolicy

Applies a partial update to an existing retentionpolicy.

Authorizations:
bearerAuth
path Parameters
policyId
required
string <uuid>

Retention policy UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Policy name

description
string <= 2000 characters

Policy description

artifactType
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Type of artifact this policy applies to

retentionPeriodDays
integer ( 0 .. 9007199254740991 ]

Number of days to retain (null = indefinite)

retentionBasis
string
Enum: "from_creation" "from_release" "from_closure" "from_supersede" "custom"

When retention period starts counting

archiveAfterDays
integer ( 0 .. 9007199254740991 ]

Days before archiving (null = no archival)

isDefault
boolean

Whether this is the default policy for its artifact type

isActive
boolean

Whether this policy is active

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "artifactType": "document",
  • "retentionPeriodDays": 9007199254740991,
  • "retentionBasis": "from_creation",
  • "archiveAfterDays": 9007199254740991,
  • "isDefault": true,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List legalholds

Returns a cursor-paginated collection of legalholds.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Pagination cursor

limit
integer [ 1 .. 100 ]

Results per page

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort field and direction

status
string
Enum: "active" "released" "expired"

Filter by hold status

holdType
string
Enum: "legal" "investigation" "regulatory" "litigation"

Filter by hold type

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create legalhold

Creates a legalhold within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
holdName
required
string [ 1 .. 255 ] characters

Name of the hold

holdType
required
string
Enum: "legal" "investigation" "regulatory" "litigation"

Type of hold (legal, investigation, regulatory, litigation)

reason
required
string [ 1 .. 2000 ] characters

Reason for the hold

effectiveFrom
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the hold becomes effective (defaults to now)

effectiveUntil
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the hold expires

object

Filter criteria for scoped holds

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "holdName": "string",
  • "holdType": "legal",
  • "reason": "string",
  • "effectiveFrom": "2019-08-24T14:15:22Z",
  • "effectiveUntil": "2019-08-24T14:15:22Z",
  • "scopeFilter": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get legalhold

Returns a single legalhold by identifier.

Authorizations:
bearerAuth
path Parameters
holdId
required
string <uuid>

Legal hold UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update legalhold

Applies a partial update to an existing legalhold.

Authorizations:
bearerAuth
path Parameters
holdId
required
string <uuid>

Legal hold UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
effectiveUntil
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the hold expires

object

Filter criteria for scoped holds

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "effectiveUntil": "2019-08-24T14:15:22Z",
  • "scopeFilter": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List archive records

Returns a paginated list of archive records, filterable by artifact type and reason.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Pagination cursor

limit
integer [ 1 .. 100 ]

Results per page

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort field and direction

artifactType
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Filter by artifact type

archiveReason
string
Enum: "retention_expired" "superseded" "manual" "policy_driven"

Filter by archival reason

isRestored
boolean

Filter by restored status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get archive record

Returns a single archive record by identifier.

Authorizations:
bearerAuth
path Parameters
recordId
required
string <uuid>

Archive record UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List deletionrequests

Returns a cursor-paginated collection of deletionrequests.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Pagination cursor

limit
integer [ 1 .. 100 ]

Results per page

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort field and direction

status
string
Enum: "pending" "approved" "rejected" "executed" "cancelled"

Filter by request status

artifactType
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Filter by artifact type

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create deletionrequest

Creates a deletionrequest within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
artifactType
required
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Type of artifact to delete

artifactId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

ID of artifact to delete

artifactTitle
string <= 255 characters

Title of artifact to delete

reason
required
string [ 1 .. 2000 ] characters

Reason for deletion

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "artifactType": "document",
  • "artifactId": "706a3f1e-c357-4634-b1bf-20c221b5bb4e",
  • "artifactTitle": "string",
  • "reason": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get deletionrequest

Returns a single deletionrequest by identifier.

Authorizations:
bearerAuth
path Parameters
requestId
required
string <uuid>

Deletion request UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update deletionrequest

Applies a partial update to an existing deletionrequest.

Authorizations:
bearerAuth
path Parameters
requestId
required
string <uuid>

Deletion request UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
reason
string [ 1 .. 2000 ] characters

Updated reason for deletion

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "reason": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List retention audit log

Returns a paginated, filterable list of retention audit log entries.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Pagination cursor

limit
integer [ 1 .. 100 ]

Results per page

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort field and direction

action
string
Enum: "policy_created" "policy_updated" "policy_deactivated" "hold_placed" "hold_released" "hold_item_added" "hold_item_released" "archive_created" "archive_restored" "deletion_requested" "deletion_approved" "deletion_rejected" "deletion_executed" "deletion_cancelled" "deletion_blocked_by_hold"

Filter by audit action

targetType
string <= 100 characters

Filter by target entity type

targetId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by target entity ID

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Exports

Export job management, external document publishing, and destination configuration.

List exportdestinations

Returns a cursor-paginated collection of exportdestinations.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

destinationType
string
Enum: "google_drive" "sharepoint" "sftp" "email" "s3" "webhook" "custom_api"

Filter by destination type.

isActive
boolean

Filter by active status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create exportdestination

Creates a exportdestination within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Destination name.

destinationType
required
string
Enum: "google_drive" "sharepoint" "sftp" "email" "s3" "webhook" "custom_api"

Destination type.

required
object
Default: {}

Destination configuration.

isActive
required
boolean
Default: true

Active flag; defaults to true.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "destinationType": "google_drive",
  • "config": { },
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get exportdestination

Returns a single exportdestination by identifier.

Authorizations:
bearerAuth
path Parameters
destinationId
required
string <uuid>

Export destination UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update exportdestination

Applies a partial update to an existing exportdestination.

Authorizations:
bearerAuth
path Parameters
destinationId
required
string <uuid>

Export destination UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Destination name.

destinationType
string
Enum: "google_drive" "sharepoint" "sftp" "email" "s3" "webhook" "custom_api"

Destination type.

object

Destination configuration.

isActive
boolean

Active destination flag.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "destinationType": "google_drive",
  • "config": {
    },
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List exportjobs

Returns a cursor-paginated collection of exportjobs.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

jobType
string
Enum: "document_publish" "register_export" "workflow_sync"

Filter by job type.

status
string
Enum: "pending" "processing" "completed" "failed" "cancelled"

Filter by job status.

outputFormat
string
Enum: "pdf" "html" "csv" "xlsx" "zip" "json"

Filter by output format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create exportjob

Creates a exportjob within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
jobType
required
string
Enum: "document_publish" "register_export" "workflow_sync"
title
required
string [ 1 .. 255 ] characters
description
string <= 5000 characters
destinationId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

sourceEntityType
string <= 100 characters
sourceEntityIds
required
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]
Default: []
outputFormat
required
string
Enum: "pdf" "html" "csv" "xlsx" "zip" "json"
branded
required
boolean
Default: true
documentVersion
string <= 50 characters
required
object
Default: {}

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "jobType": "document_publish",
  • "title": "string",
  • "description": "string",
  • "destinationId": "d0a0ebc7-d6b4-4f3c-a5af-5761a8148e3a",
  • "sourceEntityType": "string",
  • "sourceEntityIds": [ ],
  • "outputFormat": "pdf",
  • "branded": true,
  • "documentVersion": "string",
  • "filters": { }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get exportjob

Returns a single exportjob by identifier.

Authorizations:
bearerAuth
path Parameters
jobId
required
string <uuid>

Export job UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update exportjob

Applies a partial update to an existing exportjob.

Authorizations:
bearerAuth
path Parameters
jobId
required
string <uuid>

Export job UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
status
string
Enum: "pending" "processing" "completed" "failed" "cancelled"
title
string [ 1 .. 255 ] characters
description
string <= 5000 characters
destinationId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

outputFormat
string
Enum: "pdf" "html" "csv" "xlsx" "zip" "json"
branded
boolean
object

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "pending",
  • "title": "string",
  • "description": "string",
  • "destinationId": "d0a0ebc7-d6b4-4f3c-a5af-5761a8148e3a",
  • "outputFormat": "pdf",
  • "branded": true,
  • "filters": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List publicationrecords

Returns a cursor-paginated collection of publicationrecords.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

documentId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by document.

status
string
Enum: "pending" "published" "superseded" "recalled"

Filter by publication status.

destinationId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by destination.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create publicationrecord

Creates a publicationrecord within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
documentId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

documentVersion
required
string [ 1 .. 50 ] characters

Version of the document to publish.

destinationId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Export destination where document was published.

destinationLabel
string <= 200 characters

Human-readable label for the destination.

externalUrl
string <uri>

External URL where document was published.

externalRef
string <= 500 characters

External reference identifier for publication.

publishedBy
required
string [ 1 .. 128 ] characters

User who published the document.

notes
string <= 5000 characters

Notes about the publication record.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "documentId": "4704590c-004e-410d-adf7-acb7ca0a7052",
  • "documentVersion": "string",
  • "destinationId": "d0a0ebc7-d6b4-4f3c-a5af-5761a8148e3a",
  • "destinationLabel": "string",
  • "externalUrl": "http://example.com",
  • "externalRef": "string",
  • "publishedBy": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get publicationrecord

Returns a single publicationrecord by identifier.

Authorizations:
bearerAuth
path Parameters
publicationId
required
string <uuid>

Publication record UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update publicationrecord

Applies a partial update to an existing publicationrecord.

Authorizations:
bearerAuth
path Parameters
publicationId
required
string <uuid>

Publication record UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
status
string
Enum: "pending" "published" "superseded" "recalled"

Updated publication status.

externalUrl
string <uri>

Updated external URL for publication.

externalRef
string <= 500 characters

Updated external reference identifier.

notes
string <= 5000 characters

Updated notes about the publication.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "pending",
  • "externalUrl": "http://example.com",
  • "externalRef": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

System

Discovery, contract negotiation, and platform-level conventions.

Get API discovery metadata

Returns the canonical contract entry points and high-level authentication model for the current API version.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Organizations

Organization-scoped branding, theming, and workspace presentation settings.

Get organization branding

Returns the approved organization branding, current draft, and accessibility guidance for theme colors.

Authorizations:
bearerAuth

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update organization branding draft

Applies a partial update to the organization branding draft without changing the approved live theme.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
logoUrl
string <uri>

URL of the organization logo

secondaryLogoUrl
string <uri>

URL of the secondary logo

primaryColor
string^#[0-9a-fA-F]{6}$

Primary brand color in hex format

accentColor
string^#[0-9a-fA-F]{6}$

Accent color in hex format

loginHeadline
string [ 1 .. 120 ] characters

Headline text on login page

loginSubheadline
string [ 1 .. 240 ] characters

Subheadline text on login page

documentHeader
string [ 1 .. 160 ] characters

Header text on published documents

documentFooter
string [ 1 .. 500 ] characters

Footer text on published documents

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "primaryColor": "#166534",
  • "documentHeader": "Acme Evidence Pack",
  • "documentFooter": "Controlled when viewed in Q360. External copies are uncontrolled."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Approve organization branding

Promotes the saved branding draft to the approved organization theme used by app and export surfaces.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Revert organization branding draft

Resets the branding draft back to the currently approved organization theme.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Documents

Controlled document lifecycle and traceability records.

List documents

Returns a cursor-paginated collection of documents.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "Not Created" "Draft" "In Review" "Approved" "Published" "Under Revision" "Archived"

Filter by document status.

type
string
Enum: "Policy" "Procedure" "Work Instruction" "Form-Template" "Record" "Report" "Register-Log" "Plan" "Manual" "Analysis"

Filter by document type.

clause
string [ 1 .. 64 ] characters

Filter by standard clause.

owner
string [ 1 .. 128 ] characters

Filter by document owner.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create document

Creates a document within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
docId
required
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
required
string [ 1 .. 200 ] characters

Document title.

description
string <= 5000 characters

Detailed description of the document.

type
required
string
Enum: "Policy" "Procedure" "Work Instruction" "Form-Template" "Record" "Report" "Register-Log" "Plan" "Manual" "Analysis"

Category: Policy, Procedure, etc.

status
required
string
Default: "Draft"
Enum: "Not Created" "Draft" "In Review" "Approved" "Published" "Under Revision" "Archived"

Initial status; defaults to Draft.

clause
required
string [ 1 .. 64 ] characters

Framework clause or control reference.

subClause
string [ 1 .. 64 ] characters

Sub-clause reference when applicable.

standardId
string [ 1 .. 64 ] characters

Associated standard ID.

domain
required
string
Enum: "Context & Strategy" "Leadership & Policy" "Risk & Objectives" "Support & Resources" "Operations" "Performance & Audits" "Improvement"

QMS domain (Context & Strategy, etc.).

phase
required
string
Enum: "Plan" "Do" "Check" "Act"

PDCA phase: Plan, Do, Check, Act.

priority
required
string
Enum: "Low" "Medium" "High"

Relative importance: Low, Medium, High.

stage
required
string
Enum: "Stage 1" "Stage 2" "Stage 3" "Stage 4" "Stage 5" "Stage 6"

Implementation stage number.

owner
required
string [ 1 .. 128 ] characters

User ID of document owner.

dueDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Completion target date.

reviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date for next review or revision.

content
string

Rich-text document content.

mandatory
required
boolean
Default: false

Whether this document is mandatory.

notes
string <= 5000 characters

Internal notes or comments.

tags
required
Array of strings[ items [ 1 .. 64 ] characters ]
Default: []

Searchable tags or keywords.

relatedDocumentIds
required
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]
Default: []

IDs of related documents.

evidenceUrls
required
Array of strings <uri> [ items <uri > ]
Default: []

URLs linking to supporting evidence.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "docId": "PROC-DOC-001",
  • "title": "Document Control Procedure",
  • "description": "Defines the approval, publication, and review lifecycle for controlled documents.",
  • "type": "Procedure",
  • "status": "Draft",
  • "clause": "7.5",
  • "subClause": "7.5.3",
  • "standardId": "iso9001",
  • "domain": "Support & Resources",
  • "phase": "Do",
  • "priority": "High",
  • "stage": "Stage 3",
  • "owner": "22222222-2222-4222-8222-222222222222",
  • "dueDate": "2026-04-30",
  • "reviewDate": "2026-10-01",
  • "content": "# Document Control Procedure",
  • "mandatory": true,
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get document

Returns a single document by identifier.

Authorizations:
bearerAuth
path Parameters
documentId
required
string <uuid>

Document UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update document

Applies a partial update to an existing document.

Authorizations:
bearerAuth
path Parameters
documentId
required
string <uuid>

Document UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
docId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
string [ 1 .. 200 ] characters

Document title.

description
string <= 5000 characters

Detailed description of the document.

type
string
Enum: "Policy" "Procedure" "Work Instruction" "Form-Template" "Record" "Report" "Register-Log" "Plan" "Manual" "Analysis"

Category: Policy, Procedure, etc.

status
string
Default: "Draft"
Enum: "Not Created" "Draft" "In Review" "Approved" "Published" "Under Revision" "Archived"

Initial status; defaults to Draft.

clause
string [ 1 .. 64 ] characters

Framework clause or control reference.

subClause
string [ 1 .. 64 ] characters

Sub-clause reference when applicable.

standardId
string [ 1 .. 64 ] characters

Associated standard ID.

domain
string
Enum: "Context & Strategy" "Leadership & Policy" "Risk & Objectives" "Support & Resources" "Operations" "Performance & Audits" "Improvement"

QMS domain (Context & Strategy, etc.).

phase
string
Enum: "Plan" "Do" "Check" "Act"

PDCA phase: Plan, Do, Check, Act.

priority
string
Enum: "Low" "Medium" "High"

Relative importance: Low, Medium, High.

stage
string
Enum: "Stage 1" "Stage 2" "Stage 3" "Stage 4" "Stage 5" "Stage 6"

Implementation stage number.

owner
string [ 1 .. 128 ] characters

User ID of document owner.

dueDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Completion target date.

reviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date for next review or revision.

content
string

Rich-text document content.

mandatory
boolean
Default: false

Whether this document is mandatory.

notes
string <= 5000 characters

Internal notes or comments.

tags
Array of strings[ items [ 1 .. 64 ] characters ]
Default: []

Searchable tags or keywords.

relatedDocumentIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]
Default: []

IDs of related documents.

evidenceUrls
Array of strings <uri> [ items <uri > ]
Default: []

URLs linking to supporting evidence.

publishedContent
string

Published version content snapshot.

currentVersionNumber
integer ( 0 .. 9007199254740991 ]

Current draft version number.

publishedVersionNumber
integer ( 0 .. 9007199254740991 ]

Latest published version number.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "Published",
  • "publishedContent": "# Document Control Procedure"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Compare two document versions

Returns an HTML redline diff and change summary between two versions of a controlled document. Available on Team, Business, Enterprise, and Australian Pharmacy plans.

Authorizations:
bearerAuth
path Parameters
documentId
required
string <uuid>

Document UUID.

query Parameters
from
required
string [ 1 .. 32 ] characters

Source version number (e.g. "1.0")

to
required
string [ 1 .. 32 ] characters

Target version number (e.g. "2.0")

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List import jobs

Returns a cursor-paginated list of document import jobs for the organization.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "pending" "processing" "classified" "review" "completed" "failed" "cancelled"

Filter by import job status

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create import job

Creates a new document import job after a file has been uploaded to storage.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
sourceFilename
required
string [ 1 .. 255 ] characters

Name of the file to import

sourceFileType
required
string [ 1 .. 128 ] characters

MIME type of the file

sourceFileSize
required
integer [ 0 .. 9007199254740991 ]

Size of the file in bytes

sourceFilePath
required
string [ 1 .. 1024 ] characters

Path or identifier of the file in storage

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "sourceFilename": "string",
  • "sourceFileType": "string",
  • "sourceFileSize": 9007199254740991,
  • "sourceFilePath": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get import job

Returns a single import job by identifier, including suggested metadata and duplicate candidates.

Authorizations:
bearerAuth
path Parameters
importJobId
required
string <uuid>

Import job UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Resolve import job

Confirms metadata for an import job and creates the controlled document.

Authorizations:
bearerAuth
path Parameters
importJobId
required
string <uuid>

Import job UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
required
string [ 1 .. 200 ] characters

Document title

description
string <= 5000 characters

Document description

docId
required
string [ 1 .. 80 ] characters

Business document ID

type
required
string
Enum: "Policy" "Procedure" "Work Instruction" "Form-Template" "Record" "Report" "Register-Log" "Plan" "Manual" "Analysis"

Document type

clause
required
string [ 1 .. 64 ] characters

Aligned standard clause

subClause
string [ 1 .. 64 ] characters

Aligned standard sub-clause

domain
required
string
Enum: "Context & Strategy" "Leadership & Policy" "Risk & Objectives" "Support & Resources" "Operations" "Performance & Audits" "Improvement"

QMS domain

phase
required
string
Enum: "Plan" "Do" "Check" "Act"

PDCA phase

priority
required
string
Enum: "Low" "Medium" "High"

Priority level

stage
required
string
Enum: "Stage 1" "Stage 2" "Stage 3" "Stage 4" "Stage 5" "Stage 6"

Implementation stage

owner
required
string [ 1 .. 128 ] characters

User ID of document owner

tags
required
Array of strings[ items [ 1 .. 64 ] characters ]
Default: []

Tags for categorization

mandatory
required
boolean
Default: false

Whether the document is mandatory

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "string",
  • "description": "string",
  • "docId": "string",
  • "type": "Policy",
  • "clause": "string",
  • "subClause": "string",
  • "domain": "Context & Strategy",
  • "phase": "Plan",
  • "priority": "Low",
  • "stage": "Stage 1",
  • "owner": "string",
  • "tags": [ ],
  • "mandatory": false
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

CAPAs

Corrective and preventive action management workflows.

List capas

Returns a cursor-paginated collection of capas.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "Open" "In Progress" "Effectiveness Check" "Closed" "Rejected"

Filter by CAPA status.

severity
string
Enum: "Minor" "Major" "Critical"

Filter by severity level.

owner
string [ 1 .. 128 ] characters

Filter by CAPA owner.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create capa

Creates a capa within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
capaId
string [ 1 .. 80 ] characters

Auto-generated if omitted.

type
required
string
Enum: "corrective" "preventive"

Addresses existing or potential issue.

title
required
string [ 1 .. 200 ] characters

CAPA title or summary.

description
required
string [ 1 .. 8000 ] characters

Detailed description of the issue.

nonConformityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked non-conformity ID if applicable.

rootCause
required
string <= 5000 characters
Default: ""

Root cause analysis findings.

status
required
string
Default: "Open"
Enum: "Open" "In Progress" "Effectiveness Check" "Closed" "Rejected"

Defaults to Open.

severity
required
string
Enum: "Minor" "Major" "Critical"

Impact severity level.

openedBy
required
string [ 1 .. 128 ] characters

User ID who opened this CAPA.

openedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Creation date; defaults to now.

dueDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Target completion date.

expectedClosureDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Projected closure date.

owner
required
string [ 1 .. 128 ] characters

User ID of primary owner.

required
Array of objects
Default: []

Corrective/preventive actions.

relatedDocumentIds
required
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]
Default: []

IDs of related documents.

notes
string <= 5000 characters

Progress or general notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "type": "corrective",
  • "title": "Resolve missing review records",
  • "description": "A corrective action for missing document review evidence.",
  • "severity": "Major",
  • "openedBy": "22222222-2222-4222-8222-222222222222",
  • "dueDate": "2026-04-20",
  • "owner": "22222222-2222-4222-8222-222222222222",
  • "relatedDocumentIds": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get capa

Returns a single capa by identifier.

Authorizations:
bearerAuth
path Parameters
capaId
required
string <uuid>

CAPA UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update capa

Applies a partial update to an existing capa.

Authorizations:
bearerAuth
path Parameters
capaId
required
string <uuid>

CAPA UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
capaId
string [ 1 .. 80 ] characters

Auto-generated if omitted.

type
string
Enum: "corrective" "preventive"

Addresses existing or potential issue.

title
string [ 1 .. 200 ] characters

CAPA title or summary.

description
string [ 1 .. 8000 ] characters

Detailed description of the issue.

nonConformityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked non-conformity ID if applicable.

rootCause
string <= 5000 characters
Default: ""

Root cause analysis findings.

status
string
Default: "Open"
Enum: "Open" "In Progress" "Effectiveness Check" "Closed" "Rejected"

Defaults to Open.

severity
string
Enum: "Minor" "Major" "Critical"

Impact severity level.

openedBy
string [ 1 .. 128 ] characters

User ID who opened this CAPA.

openedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Creation date; defaults to now.

dueDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Target completion date.

expectedClosureDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Projected closure date.

owner
string [ 1 .. 128 ] characters

User ID of primary owner.

Array of objects
Default: []

Corrective/preventive actions.

relatedDocumentIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]
Default: []

IDs of related documents.

notes
string <= 5000 characters

Progress or general notes.

actualClosureDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Actual closure date if completed.

object

Effectiveness check results.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "In Progress",
  • "notes": "Owner assignment workflow has been updated."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

NonConformities

Non-conformity intake, triage, and closure workflows.

List nonconformities

Returns a cursor-paginated collection of nonconformities.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "Open" "Under Investigation" "Corrective Action Raised" "Closed" "Rejected"

Filter by NCR status.

severity
string
Enum: "Minor" "Major" "Critical"

Filter by severity level.

discoveredBy
string [ 1 .. 128 ] characters

Filter by who discovered the non-conformity.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create nonconformity

Creates a nonconformity within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
ncId
string [ 1 .. 80 ] characters

Auto-generated if omitted.

title
required
string [ 1 .. 200 ] characters

Non-conformity title or summary.

description
required
string <= 8000 characters
Default: ""

Detailed description of the issue.

severity
required
string
Enum: "Minor" "Major" "Critical"

Impact severity level.

status
required
string
Default: "Open"
Enum: "Open" "Under Investigation" "Corrective Action Raised" "Closed" "Rejected"

Defaults to Open.

discoveredAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Discovery date; defaults to now.

discoveredBy
required
string [ 1 .. 128 ] characters

User ID who discovered it.

discoveryMethod
required
string
Enum: "internal_audit" "external_audit" "management_review" "customer_feedback" "other"

How the non-conformity was identified.

rootCauseAnalysisRequired
required
boolean
Default: true

Whether RCA is mandatory.

relatedCapaIds
required
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]
Default: []

IDs of related CAPAs.

notes
string <= 5000 characters

General notes or observations.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "Evidence missing for required document review",
  • "severity": "Major",
  • "discoveredBy": "22222222-2222-4222-8222-222222222222",
  • "discoveryMethod": "internal_audit",
  • "rootCauseAnalysisRequired": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get nonconformity

Returns a single nonconformity by identifier.

Authorizations:
bearerAuth
path Parameters
nonConformityId
required
string <uuid>

Non-conformity UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update nonconformity

Applies a partial update to an existing nonconformity.

Authorizations:
bearerAuth
path Parameters
nonConformityId
required
string <uuid>

Non-conformity UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
ncId
string [ 1 .. 80 ] characters

Auto-generated if omitted.

title
string [ 1 .. 200 ] characters

Non-conformity title or summary.

description
string <= 8000 characters
Default: ""

Detailed description of the issue.

severity
string
Enum: "Minor" "Major" "Critical"

Impact severity level.

status
string
Default: "Open"
Enum: "Open" "Under Investigation" "Corrective Action Raised" "Closed" "Rejected"

Defaults to Open.

discoveredAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Discovery date; defaults to now.

discoveredBy
string [ 1 .. 128 ] characters

User ID who discovered it.

discoveryMethod
string
Enum: "internal_audit" "external_audit" "management_review" "customer_feedback" "other"

How the non-conformity was identified.

rootCauseAnalysisRequired
boolean
Default: true

Whether RCA is mandatory.

relatedCapaIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]
Default: []

IDs of related CAPAs.

notes
string <= 5000 characters

General notes or observations.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "Under Investigation",
  • "notes": "CAPA opened for remediation."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Audits

Audit planning, execution, and finding tracking.

List audits

Returns a cursor-paginated collection of audits.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "Planned" "In Progress" "Completed" "Reported"

Filter by audit status.

type
string
Enum: "Internal" "Management Review" "Supplier" "Certification" "Second Party"

Filter by audit type.

auditTeamLead
string [ 1 .. 128 ] characters

Filter by audit team lead.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create audit

Creates a audit within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
auditId
string [ 1 .. 80 ] characters

Auto-generated if omitted.

type
required
string
Enum: "Internal" "Management Review" "Supplier" "Certification" "Second Party"

Audit type: Internal, Certification, etc.

title
required
string [ 1 .. 200 ] characters

Audit title or designation.

scope
required
string [ 1 .. 5000 ] characters

Scope of areas and processes audited.

status
required
string
Default: "Planned"
Enum: "Planned" "In Progress" "Completed" "Reported"

Defaults to Planned.

auditProgramId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Associated audit program ID.

scheduledDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Planned audit date.

auditTeamLead
required
string [ 1 .. 128 ] characters

User ID of lead auditor.

auditTeamMembers
required
Array of strings[ items [ 1 .. 128 ] characters ]
Default: []

IDs of team members.

clauses
required
Array of strings[ items [ 1 .. 64 ] characters ]
Default: []

Standards clauses to audit.

executiveSummary
string <= 5000 characters

High-level summary of results.

reportUrl
string <uri>

Link to the full audit report.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "type": "Internal",
  • "title": "Q2 Internal Audit",
  • "scope": "Document control, training, and CAPA follow-up.",
  • "scheduledDate": "2026-04-01",
  • "auditTeamLead": "22222222-2222-4222-8222-222222222222",
  • "auditTeamMembers": [
    ],
  • "clauses": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get audit

Returns a single audit by identifier.

Authorizations:
bearerAuth
path Parameters
auditId
required
string <uuid>

Audit UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update audit

Applies a partial update to an existing audit.

Authorizations:
bearerAuth
path Parameters
auditId
required
string <uuid>

Audit UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
auditId
string [ 1 .. 80 ] characters

Auto-generated if omitted.

type
string
Enum: "Internal" "Management Review" "Supplier" "Certification" "Second Party"

Audit type: Internal, Certification, etc.

title
string [ 1 .. 200 ] characters

Audit title or designation.

scope
string [ 1 .. 5000 ] characters

Scope of areas and processes audited.

status
string
Default: "Planned"
Enum: "Planned" "In Progress" "Completed" "Reported"

Defaults to Planned.

auditProgramId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Associated audit program ID.

scheduledDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Planned audit date.

auditTeamLead
string [ 1 .. 128 ] characters

User ID of lead auditor.

auditTeamMembers
Array of strings[ items [ 1 .. 128 ] characters ]
Default: []

IDs of team members.

clauses
Array of strings[ items [ 1 .. 64 ] characters ]
Default: []

Standards clauses to audit.

executiveSummary
string <= 5000 characters

High-level summary of results.

reportUrl
string <uri>

Link to the full audit report.

actualStartDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Actual audit start date.

actualEndDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Actual audit end date.

Array of objects

Audit findings and observations.

nonConformityIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

IDs of related non-conformities.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "In Progress",
  • "actualStartDate": "2026-04-01"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Risks

Operational and compliance risk register operations.

List risks

Returns a cursor-paginated collection of risks.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "Active" "Mitigated" "Closed"

Filter by risk status.

owner
string [ 1 .. 128 ] characters

Filter by risk owner.

category
string [ 1 .. 120 ] characters

Filter by risk category.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create risk

Creates a risk within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
riskId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
required
string [ 1 .. 200 ] characters

Risk title.

description
required
string [ 1 .. 8000 ] characters

Risk description.

category
required
string [ 1 .. 120 ] characters

Risk category.

context
required
string [ 1 .. 5000 ] characters

Risk context.

clause
required
string [ 1 .. 64 ] characters

Framework clause or control reference.

subClause
string [ 1 .. 64 ] characters

Framework subclause or nested control reference.

probability
required
string
Enum: "Rare" "Unlikely" "Possible" "Likely" "Almost Certain"

Probability level.

impact
required
string
Enum: "Insignificant" "Minor" "Moderate" "Major" "Catastrophic"

Impact level.

status
required
string
Default: "Active"
Enum: "Active" "Mitigated" "Closed"

Initial status; defaults to Active.

owner
required
string [ 1 .. 128 ] characters

Risk owner user ID.

mitigationStrategy
string <= 5000 characters

Mitigation strategy.

required
Array of objects
Default: []

Associated mitigation actions.

acceptanceLevel
required
string
Enum: "accepted" "mitigation_required" "rejected"

Risk acceptance level.

reviewDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Risk review date.

nextReviewDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review date.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "Controlled document reviews may lapse",
  • "description": "Review obligations may be missed if ownership is unclear.",
  • "category": "Compliance Risk",
  • "context": "Document governance",
  • "clause": "7.5",
  • "subClause": "7.5.3",
  • "probability": "Possible",
  • "impact": "Major",
  • "owner": "22222222-2222-4222-8222-222222222222",
  • "mitigationStrategy": "Automate review reminders and enforce owner assignment.",
  • "mitigationActions": [
    ],
  • "acceptanceLevel": "mitigation_required",
  • "reviewDate": "2026-04-05",
  • "nextReviewDate": "2026-05-05"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get risk

Returns a single risk by identifier.

Authorizations:
bearerAuth
path Parameters
riskId
required
string <uuid>

Risk UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update risk

Applies a partial update to an existing risk.

Authorizations:
bearerAuth
path Parameters
riskId
required
string <uuid>

Risk UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
riskId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
string [ 1 .. 200 ] characters

Risk title.

description
string [ 1 .. 8000 ] characters

Risk description.

category
string [ 1 .. 120 ] characters

Risk category.

context
string [ 1 .. 5000 ] characters

Risk context.

clause
string [ 1 .. 64 ] characters

Framework clause or control reference.

subClause
string [ 1 .. 64 ] characters

Framework subclause or nested control reference.

probability
string
Enum: "Rare" "Unlikely" "Possible" "Likely" "Almost Certain"

Probability level.

impact
string
Enum: "Insignificant" "Minor" "Moderate" "Major" "Catastrophic"

Impact level.

status
string
Default: "Active"
Enum: "Active" "Mitigated" "Closed"

Initial status; defaults to Active.

owner
string [ 1 .. 128 ] characters

Risk owner user ID.

mitigationStrategy
string <= 5000 characters

Mitigation strategy.

Array of objects
Default: []

Associated mitigation actions.

acceptanceLevel
string
Enum: "accepted" "mitigation_required" "rejected"

Risk acceptance level.

reviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Risk review date.

nextReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review date.

residualRiskScore
number >= 0

Residual risk score post-mitigation.

approvedBy
string [ 1 .. 128 ] characters

Approver user ID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "residualRiskScore": 6,
  • "status": "Mitigated"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Training

Training program automation and record linkage.

List trainingprograms

Returns a cursor-paginated collection of trainingprograms.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "draft" "active" "archived"

Filter by program status.

category
string
Enum: "onboarding" "qms" "regulatory" "process" "security" "role_specific" "leadership" "custom"

Filter by program category.

ownerId
string [ 1 .. 128 ] characters

Filter by program owner.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create trainingprogram

Creates a trainingprogram within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
programId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
required
string [ 1 .. 200 ] characters

Training program title.

description
string <= 5000 characters

Training program description.

category
required
string
Enum: "onboarding" "qms" "regulatory" "process" "security" "role_specific" "leadership" "custom"

Training program category.

status
required
string
Default: "draft"
Enum: "draft" "active" "archived"

Initial status; defaults to Draft.

deliveryMethod
required
string
Enum: "internal_session" "external_provider" "self_study" "on_the_job" "attestation" "assessment" "other"

Training delivery method.

ownerId
string [ 1 .. 128 ] characters

Program owner user ID.

externalReferenceUrl
string <uri>

External training reference URL.

defaultDueWithinDays
integer [ 0 .. 3650 ]

Default due-within days for assignments.

defaultValidityDays
integer [ 0 .. 3650 ]

Default validity period in days.

effectivenessRequired
required
boolean
Default: false

Effectiveness review required.

passingScore
number [ 0 .. 100 ]

Passing score percentage.

required
object
Default: {}

Flexible metadata object.

createdBy
string [ 1 .. 128 ] characters

Creator user ID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "Document Control Refresher",
  • "description": "Annual refresher training for document owners and approvers.",
  • "category": "qms",
  • "status": "active",
  • "deliveryMethod": "attestation",
  • "ownerId": "22222222-2222-4222-8222-222222222222",
  • "defaultDueWithinDays": 14,
  • "defaultValidityDays": 365,
  • "effectivenessRequired": true,
  • "passingScore": 85,
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get trainingprogram

Returns a single trainingprogram by identifier.

Authorizations:
bearerAuth
path Parameters
programId
required
string <uuid>

Training program UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update trainingprogram

Applies a partial update to an existing trainingprogram.

Authorizations:
bearerAuth
path Parameters
programId
required
string <uuid>

Training program UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
programId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
string [ 1 .. 200 ] characters

Training program title.

description
string <= 5000 characters

Training program description.

category
string
Enum: "onboarding" "qms" "regulatory" "process" "security" "role_specific" "leadership" "custom"

Training program category.

status
string
Default: "draft"
Enum: "draft" "active" "archived"

Initial status; defaults to Draft.

deliveryMethod
string
Enum: "internal_session" "external_provider" "self_study" "on_the_job" "attestation" "assessment" "other"

Training delivery method.

ownerId
string [ 1 .. 128 ] characters

Program owner user ID.

externalReferenceUrl
string <uri>

External training reference URL.

defaultDueWithinDays
integer [ 0 .. 3650 ]

Default due-within days for assignments.

defaultValidityDays
integer [ 0 .. 3650 ]

Default validity period in days.

effectivenessRequired
boolean
Default: false

Effectiveness review required.

passingScore
number [ 0 .. 100 ]

Passing score percentage.

object
Default: {}

Flexible metadata object.

createdBy
string [ 1 .. 128 ] characters

Creator user ID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "archived"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Suppliers

Supplier qualification, review, and monitoring data.

List suppliers

Returns a cursor-paginated collection of suppliers.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

qualificationStatus
string
Enum: "pending_review" "approved" "conditional" "disqualified"

Filter by qualification status.

riskRating
string
Enum: "low" "medium" "high"

Filter by supplier risk rating.

isActive
boolean

Filter by active/inactive suppliers.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create supplier

Creates a supplier within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
string [ 1 .. 80 ] characters

Human-readable business identifier.

name
required
string [ 1 .. 200 ] characters

Supplier name.

contactPerson
string <= 200 characters

Contact person name.

email
required
string <email> ^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z...

Supplier email address.

phone
string <= 40 characters

Supplier phone number.

address
string <= 500 characters

Supplier address.

category
required
string [ 1 .. 120 ] characters

Supplier category.

riskRating
required
string
Enum: "low" "medium" "high"

Risk rating.

qualificationStatus
required
string
Default: "pending_review"
Enum: "pending_review" "approved" "conditional" "disqualified"

Qualification status; defaults to Pending Review.

nextReviewDue
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review due date.

nextAuditDue
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next audit due date.

qualityAgreementUrl
string <uri>

Quality agreement URL.

certifications
required
Array of strings[ items [ 1 .. 120 ] characters ]
Default: []

Supplier certifications.

required
object
Default: {}

Performance metrics.

reevaluationNotes
string <= 5000 characters

Reevaluation notes.

isActive
required
boolean
Default: true

Supplier is active.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "QualityDocs Pty Ltd",
  • "contactPerson": "Casey Wright",
  • "email": "casey@qualitydocs.example",
  • "category": "Documentation Services",
  • "riskRating": "medium",
  • "qualificationStatus": "approved",
  • "qualityAgreementUrl": "https://cdn.example.com/suppliers/qualitydocs-agreement.pdf",
  • "certifications": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get supplier

Returns a single supplier by identifier.

Authorizations:
bearerAuth
path Parameters
supplierId
required
string <uuid>

Supplier UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update supplier

Applies a partial update to an existing supplier.

Authorizations:
bearerAuth
path Parameters
supplierId
required
string <uuid>

Supplier UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
string [ 1 .. 80 ] characters

Human-readable business identifier.

name
string [ 1 .. 200 ] characters

Supplier name.

contactPerson
string <= 200 characters

Contact person name.

email
string <email> ^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z...

Supplier email address.

phone
string <= 40 characters

Supplier phone number.

address
string <= 500 characters

Supplier address.

category
string [ 1 .. 120 ] characters

Supplier category.

riskRating
string
Enum: "low" "medium" "high"

Risk rating.

qualificationStatus
string
Default: "pending_review"
Enum: "pending_review" "approved" "conditional" "disqualified"

Qualification status; defaults to Pending Review.

nextReviewDue
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review due date.

nextAuditDue
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next audit due date.

qualityAgreementUrl
string <uri>

Quality agreement URL.

certifications
Array of strings[ items [ 1 .. 120 ] characters ]
Default: []

Supplier certifications.

object
Default: {}

Performance metrics.

reevaluationNotes
string <= 5000 characters

Reevaluation notes.

isActive
boolean
Default: true

Supplier is active.

approvedBy
string [ 1 .. 128 ] characters

Approver user ID.

approvedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Approval timestamp.

lastReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Last review date.

lastAuditDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Last audit date.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "nextReviewDue": "2027-03-01",
  • "reevaluationNotes": "Maintain annual requalification cadence."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Evidence

Evidence registry and audit-ready support material.

List evidence

Returns a cursor-paginated collection of evidence.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

type
string
Enum: "document" "record" "photo" "video" "test_result" "audit_report" "other"

Filter by evidence type.

clause
string [ 1 .. 64 ] characters

Filter by standard clause.

domain
string
Enum: "Context & Strategy" "Leadership & Policy" "Risk & Objectives" "Support & Resources" "Operations" "Performance & Audits" "Improvement"

Filter by QMS domain.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create evidence

Creates a evidence within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
evidenceId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
required
string [ 1 .. 200 ] characters

Evidence title.

description
string <= 5000 characters

Evidence description.

type
required
string
Enum: "document" "record" "photo" "video" "test_result" "audit_report" "other"

Evidence type.

clause
required
string [ 1 .. 64 ] characters

Framework clause or control reference.

subClause
string [ 1 .. 64 ] characters

Framework subclause or nested control reference.

domain
required
string
Enum: "Context & Strategy" "Leadership & Policy" "Risk & Objectives" "Support & Resources" "Operations" "Performance & Audits" "Improvement"

QMS domain.

required
object

Related entity reference.

url
string <uri>

External evidence URL.

uploadedBy
required
string [ 1 .. 128 ] characters

Uploader user ID.

tags
required
Array of strings[ items [ 1 .. 64 ] characters ]
Default: []

Evidence tags.

notes
string <= 5000 characters

Evidence notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "Published procedure approval record",
  • "description": "Publication evidence for the current controlled procedure version.",
  • "type": "audit_report",
  • "clause": "7.5",
  • "subClause": "7.5.3",
  • "domain": "Support & Resources",
  • "relatedEntity": {
    },
  • "url": "https://cdn.example.com/evidence/proc-doc-001-approval.pdf",
  • "uploadedBy": "22222222-2222-4222-8222-222222222222",
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get evidence

Returns a single evidence by identifier.

Authorizations:
bearerAuth
path Parameters
evidenceId
required
string <uuid>

Evidence UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update evidence

Applies a partial update to an existing evidence.

Authorizations:
bearerAuth
path Parameters
evidenceId
required
string <uuid>

Evidence UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
evidenceId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
string [ 1 .. 200 ] characters

Evidence title.

description
string <= 5000 characters

Evidence description.

type
string
Enum: "document" "record" "photo" "video" "test_result" "audit_report" "other"

Evidence type.

clause
string [ 1 .. 64 ] characters

Framework clause or control reference.

subClause
string [ 1 .. 64 ] characters

Framework subclause or nested control reference.

domain
string
Enum: "Context & Strategy" "Leadership & Policy" "Risk & Objectives" "Support & Resources" "Operations" "Performance & Audits" "Improvement"

QMS domain.

object

Related entity reference.

url
string <uri>

External evidence URL.

uploadedBy
string [ 1 .. 128 ] characters

Uploader user ID.

tags
Array of strings[ items [ 1 .. 64 ] characters ]
Default: []

Evidence tags.

notes
string <= 5000 characters

Evidence notes.

verifiedBy
string [ 1 .. 128 ] characters

Verifier user ID.

verificationDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Verification timestamp.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "verifiedBy": "22222222-2222-4222-8222-222222222222",
  • "verificationDate": "2026-04-01T12:00:00.000Z",
  • "notes": "Verified during the internal audit."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Compliance

Regulatory requirements, requirement-to-record mappings, and internal controls.

List regulatoryrequirements

Returns a cursor-paginated collection of regulatoryrequirements.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

frameworkId
string [ 1 .. 64 ] characters

Filter by regulatory framework.

category
string [ 1 .. 120 ] characters

Filter by requirement category.

isMandatory
boolean

Filter by mandatory requirement flag.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create regulatoryrequirement

Creates a regulatoryrequirement within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
frameworkId
required
string [ 1 .. 64 ] characters

Framework ID.

requirementId
required
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
required
string [ 1 .. 200 ] characters

Requirement title.

description
string <= 5000 characters

Detailed description.

category
string <= 120 characters

Category classification.

isMandatory
required
boolean
Default: true

Mandatory flag; defaults to true.

parentRequirementId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Parent requirement UUID.

sortOrder
required
integer [ 0 .. 9007199254740991 ]
Default: 0

Sort order; defaults to zero.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "frameworkId": "iso9001",
  • "requirementId": "ISO9001-7.5.3",
  • "title": "Control of documented information",
  • "description": "Documented information required by the QMS must be controlled and retained.",
  • "category": "Documented Information",
  • "isMandatory": true,
  • "sortOrder": 53
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get regulatoryrequirement

Returns a single regulatoryrequirement by identifier.

Authorizations:
bearerAuth
path Parameters
requirementId
required
string <uuid>

Regulatory requirement UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update regulatoryrequirement

Applies a partial update to an existing regulatoryrequirement.

Authorizations:
bearerAuth
path Parameters
requirementId
required
string <uuid>

Regulatory requirement UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
frameworkId
string [ 1 .. 64 ] characters

Framework ID.

requirementId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
string [ 1 .. 200 ] characters

Requirement title.

description
string <= 5000 characters

Detailed description.

category
string <= 120 characters

Category classification.

isMandatory
boolean
Default: true

Mandatory flag; defaults to true.

parentRequirementId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Parent requirement UUID.

sortOrder
integer [ 0 .. 9007199254740991 ]
Default: 0

Sort order; defaults to zero.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "description": "Documented information must be reviewed, approved, and retained."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List compliancemappings

Returns a cursor-paginated collection of compliancemappings.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

requirementId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by regulatory requirement.

entityType
string [ 1 .. 64 ] characters

Filter by mapped entity type.

entityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by mapped entity ID.

complianceStatus
string
Enum: "not_assessed" "compliant" "partial" "non_compliant" "not_applicable"

Filter by compliance status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create compliancemapping

Creates a compliancemapping within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
requirementId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

entityType
required
string [ 1 .. 64 ] characters

Entity type.

entityId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

complianceStatus
required
string
Default: "not_assessed"
Enum: "not_assessed" "compliant" "partial" "non_compliant" "not_applicable"

Status; defaults to Not Assessed.

assessedBy
string [ 1 .. 128 ] characters

Assessor user ID.

assessedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Assessment timestamp.

evidenceNotes
string <= 5000 characters

Evidence notes.

nextReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review date.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "requirementId": "f2c616a3-b1ad-49d4-b5cd-500f4e50fce8",
  • "entityType": "document",
  • "entityId": "9f97f34c-7e83-4d8d-a3e6-c4af44f21511",
  • "complianceStatus": "compliant",
  • "assessedBy": "22222222-2222-4222-8222-222222222222",
  • "evidenceNotes": "Covered by the published procedure.",
  • "nextReviewDate": "2026-10-01"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get compliancemapping

Returns a single compliancemapping by identifier.

Authorizations:
bearerAuth
path Parameters
mappingId
required
string <uuid>

Compliance mapping UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update compliancemapping

Applies a partial update to an existing compliancemapping.

Authorizations:
bearerAuth
path Parameters
mappingId
required
string <uuid>

Compliance mapping UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
requirementId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

entityType
string [ 1 .. 64 ] characters

Entity type.

entityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

complianceStatus
string
Default: "not_assessed"
Enum: "not_assessed" "compliant" "partial" "non_compliant" "not_applicable"

Status; defaults to Not Assessed.

assessedBy
string [ 1 .. 128 ] characters

Assessor user ID.

assessedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Assessment timestamp.

evidenceNotes
string <= 5000 characters

Evidence notes.

nextReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review date.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "complianceStatus": "partial",
  • "evidenceNotes": "Requires updated training completion evidence."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List controls

Returns a cursor-paginated collection of controls.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

category
string [ 1 .. 120 ] characters

Filter by control category.

status
string
Enum: "draft" "active" "deprecated"

Filter by control status.

ownerId
string [ 1 .. 128 ] characters

Filter by control owner.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create control

Creates a control within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
controlId
required
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
required
string [ 1 .. 255 ] characters

Control title.

description
string <= 5000 characters

Control description.

category
string <= 120 characters

Control category.

status
required
string
Default: "draft"
Enum: "draft" "active" "deprecated"

Status; defaults to Draft.

ownerId
string [ 1 .. 128 ] characters

Control owner user ID.

implementationNotes
string <= 5000 characters

Implementation details.

monitoringFrequency
string <= 50 characters

Monitoring cadence.

nextReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review date.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "controlId": "CTRL-DOC-001",
  • "title": "Document Review and Approval Control",
  • "description": "Ensures all controlled documents are reviewed and approved before publication.",
  • "category": "Document Control",
  • "status": "active",
  • "ownerId": "22222222-2222-4222-8222-222222222222",
  • "monitoringFrequency": "quarterly",
  • "nextReviewDate": "2026-06-01"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get control

Returns a single control by identifier.

Authorizations:
bearerAuth
path Parameters
controlId
required
string <uuid>

Control UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update control

Applies a partial update to an existing control.

Authorizations:
bearerAuth
path Parameters
controlId
required
string <uuid>

Control UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
controlId
string [ 1 .. 80 ] characters

Human-readable business identifier.

title
string [ 1 .. 255 ] characters

Control title.

description
string <= 5000 characters

Control description.

category
string <= 120 characters

Control category.

status
string
Default: "draft"
Enum: "draft" "active" "deprecated"

Status; defaults to Draft.

ownerId
string [ 1 .. 128 ] characters

Control owner user ID.

implementationNotes
string <= 5000 characters

Implementation details.

monitoringFrequency
string <= 50 characters

Monitoring cadence.

nextReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next review date.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "deprecated",
  • "implementationNotes": "Superseded by CTRL-DOC-002."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List controlrequirementmappings

Returns a cursor-paginated collection of controlrequirementmappings.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

controlId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by internal control.

requirementId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by regulatory requirement.

coverageStatus
string
Enum: "full" "partial" "planned"

Filter by coverage status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create controlrequirementmapping

Creates a controlrequirementmapping within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
controlId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

requirementId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

coverageStatus
required
string
Default: "partial"
Enum: "full" "partial" "planned"

Status; defaults to Partial.

notes
string <= 5000 characters

Mapping notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "controlId": "c1a2b3c4-d5e6-4f78-9a0b-1c2d3e4f5678",
  • "requirementId": "f2c616a3-b1ad-49d4-b5cd-500f4e50fce8",
  • "coverageStatus": "full",
  • "notes": "Document review workflow fully satisfies this requirement."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get controlrequirementmapping

Returns a single controlrequirementmapping by identifier.

Authorizations:
bearerAuth
path Parameters
mappingId
required
string <uuid>

Control-requirement mapping UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update controlrequirementmapping

Applies a partial update to an existing controlrequirementmapping.

Authorizations:
bearerAuth
path Parameters
mappingId
required
string <uuid>

Control-requirement mapping UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
controlId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

requirementId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

coverageStatus
string
Default: "partial"
Enum: "full" "partial" "planned"

Status; defaults to Partial.

notes
string <= 5000 characters

Mapping notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "coverageStatus": "partial",
  • "notes": "Additional training evidence needed for full coverage."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Webhooks

Webhook subscription management and delivery audit logs.

List webhooksubscriptions

Returns a cursor-paginated collection of webhooksubscriptions.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

isActive
boolean

Filter by active status.

eventType
string

Filter by event type.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create webhooksubscription

Creates a webhooksubscription within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
url
required
string <uri> <= 2048 characters

Webhook endpoint URL.

description
string <= 500 characters

Subscription description.

eventTypes
required
Array of strings non-empty
Items Enum: "document.published" "document.externally_published" "capa.created" "training.program_activated" "export.completed" "export.failed" "signature.recorded" "signature.chain_broken"

Subscribed event types.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get webhooksubscription

Returns a single webhooksubscription by identifier.

Authorizations:
bearerAuth
path Parameters
subscriptionId
required
string <uuid>

Webhook subscription UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update webhooksubscription

Applies a partial update to an existing webhooksubscription.

Authorizations:
bearerAuth
path Parameters
subscriptionId
required
string <uuid>

Webhook subscription UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
url
string <uri> <= 2048 characters

Webhook endpoint URL.

description
string <= 500 characters

Subscription description.

eventTypes
Array of strings non-empty
Items Enum: "document.published" "document.externally_published" "capa.created" "training.program_activated" "export.completed" "export.failed" "signature.recorded" "signature.chain_broken"

Subscribed event types.

isActive
boolean

Active subscription flag.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "eventTypes": [
    ],
  • "isActive": false
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List webhook deliveries

Returns a cursor-paginated audit log of webhook delivery attempts.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

subscriptionId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by webhook subscription.

eventType
string

Filter by event type.

status
string

Filter by delivery status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Competencies

Competency definitions, role requirements, member assessments, and matrix readouts.

List competencydefinitions

Returns a cursor-paginated collection of competencydefinitions.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

category
string
Enum: "technical" "regulatory" "leadership" "safety" "quality" "general"

Filter by competency category.

status
string
Enum: "active" "retired"

Filter by competency status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create competencydefinition

Creates a competencydefinition within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
code
required
string [ 1 .. 50 ] characters

Unique code identifier for the competency.

name
required
string [ 1 .. 200 ] characters

Human-readable name of the competency.

description
string <= 5000 characters

Detailed description of the competency.

category
required
string
Enum: "technical" "regulatory" "leadership" "safety" "quality" "general"

Category of the competency.

assessmentMethod
required
string
Enum: "training_completion" "observation" "exam" "self_assessment" "manager_review"

How competency is assessed.

proficiencyLevels
required
Array of strings [ 1 .. 8 ] items [ items [ 1 .. 50 ] characters ]

Array of proficiency level names.

integer or null

Months until competency expires.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "code": "string",
  • "name": "string",
  • "description": "string",
  • "category": "technical",
  • "assessmentMethod": "training_completion",
  • "proficiencyLevels": [
    ],
  • "expiryMonths": 1
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get competencydefinition

Returns a single competencydefinition by identifier.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Competency definition UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update competencydefinition

Applies a partial update to an existing competencydefinition.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Competency definition UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
code
string [ 1 .. 50 ] characters

Unique code identifier for the competency.

name
string [ 1 .. 200 ] characters

Human-readable name of the competency.

description
string <= 5000 characters

Detailed description of the competency.

category
string
Enum: "technical" "regulatory" "leadership" "safety" "quality" "general"

Category of the competency.

assessmentMethod
string
Enum: "training_completion" "observation" "exam" "self_assessment" "manager_review"

How competency is assessed.

proficiencyLevels
Array of strings [ 1 .. 8 ] items [ items [ 1 .. 50 ] characters ]

Array of proficiency level names.

integer or null

Months until competency expires.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "code": "string",
  • "name": "string",
  • "description": "string",
  • "category": "technical",
  • "assessmentMethod": "training_completion",
  • "proficiencyLevels": [
    ],
  • "expiryMonths": 1
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List rolecompetencyrequirements

Returns a cursor-paginated collection of rolecompetencyrequirements.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

roleName
string [ 1 .. 120 ] characters

Filter by role name.

competencyId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by competency.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create rolecompetencyrequirement

Creates a rolecompetencyrequirement within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
roleName
required
string [ 1 .. 120 ] characters

Name of the role requiring this competency.

competencyId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

ID of the required competency.

requiredLevel
required
string [ 1 .. 50 ] characters

Minimum proficiency level required.

mandatory
required
boolean
Default: true

Whether this competency is mandatory for the role.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "roleName": "string",
  • "competencyId": "714bc50d-aee6-4a74-a077-3bf4ed561f7c",
  • "requiredLevel": "string",
  • "mandatory": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get rolecompetencyrequirement

Returns a single rolecompetencyrequirement by identifier.

Authorizations:
bearerAuth
path Parameters
requirementId
required
string <uuid>

Role competency requirement UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update rolecompetencyrequirement

Applies a partial update to an existing rolecompetencyrequirement.

Authorizations:
bearerAuth
path Parameters
requirementId
required
string <uuid>

Role competency requirement UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
roleName
string [ 1 .. 120 ] characters

Name of the role requiring this competency.

competencyId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

ID of the required competency.

requiredLevel
string [ 1 .. 50 ] characters

Minimum proficiency level required.

mandatory
boolean
Default: true

Whether this competency is mandatory for the role.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "roleName": "string",
  • "competencyId": "714bc50d-aee6-4a74-a077-3bf4ed561f7c",
  • "requiredLevel": "string",
  • "mandatory": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List competencyassessments

Returns a cursor-paginated collection of competencyassessments.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

memberId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by organization member.

competencyId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by competency.

status
string
Enum: "valid" "expired" "superseded"

Filter by assessment status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create competencyassessment

Creates a competencyassessment within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
memberId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Member being assessed for competency.

competencyId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

ID of the competency being assessed.

assessedLevel
required
string [ 1 .. 50 ] characters

Proficiency level achieved by the member.

evidence
string <= 5000 characters

Supporting evidence for the assessment.

linkedTrainingRecords
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

IDs of training records demonstrating competency.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "memberId": "92983ab9-49c8-444b-85ae-6e40402cf72e",
  • "competencyId": "714bc50d-aee6-4a74-a077-3bf4ed561f7c",
  • "assessedLevel": "string",
  • "evidence": "string",
  • "linkedTrainingRecords": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get competencyassessment

Returns a single competencyassessment by identifier.

Authorizations:
bearerAuth
path Parameters
assessmentId
required
string <uuid>

Competency assessment UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update competencyassessment

Applies a partial update to an existing competencyassessment.

Authorizations:
bearerAuth
path Parameters
assessmentId
required
string <uuid>

Competency assessment UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
memberId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Member being assessed for competency.

competencyId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

ID of the competency being assessed.

assessedLevel
string [ 1 .. 50 ] characters

Proficiency level achieved by the member.

evidence
string <= 5000 characters

Supporting evidence for the assessment.

linkedTrainingRecords
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

IDs of training records demonstrating competency.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "memberId": "92983ab9-49c8-444b-85ae-6e40402cf72e",
  • "competencyId": "714bc50d-aee6-4a74-a077-3bf4ed561f7c",
  • "assessedLevel": "string",
  • "evidence": "string",
  • "linkedTrainingRecords": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Knowledge

Lessons learned knowledge base — capture, categorize, and retrieve organizational knowledge.

List lessonslearned

Returns a cursor-paginated collection of lessonslearned.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

category
string
Enum: "process_improvement" "failure_prevention" "best_practice" "regulatory_insight" "supplier_insight" "customer_insight" "safety"
source
string
Enum: "capa" "ncr" "audit" "quality_event" "management_review" "training" "supplier_evaluation" "customer_feedback" "other"
status
string
Enum: "draft" "published" "archived"
effectiveness
string
Enum: "not_assessed" "effective" "partially_effective" "ineffective"
tag
string <= 100 characters

Filter by a single tag value.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create lessonlearned

Creates a lessonlearned within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
required
string [ 1 .. 300 ] characters
description
string <= 10000 characters
category
required
string
Default: "process_improvement"
Enum: "process_improvement" "failure_prevention" "best_practice" "regulatory_insight" "supplier_insight" "customer_insight" "safety"
source
required
string
Default: "other"
Enum: "capa" "ncr" "audit" "quality_event" "management_review" "training" "supplier_evaluation" "customer_feedback" "other"
required
Array of objects
Default: []
rootCause
string <= 5000 characters
actionTaken
string <= 5000 characters
recommendation
required
string [ 1 .. 5000 ] characters
applicability
required
Array of strings[ items <= 200 characters ]
Default: []
tags
required
Array of strings[ items <= 100 characters ]
Default: []
effectiveness
required
string
Default: "not_assessed"
Enum: "not_assessed" "effective" "partially_effective" "ineffective"
status
required
string
Default: "draft"
Enum: "draft" "published" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "string",
  • "description": "string",
  • "category": "process_improvement",
  • "source": "capa",
  • "sourceRecords": [ ],
  • "rootCause": "string",
  • "actionTaken": "string",
  • "recommendation": "string",
  • "applicability": [ ],
  • "tags": [ ],
  • "effectiveness": "not_assessed",
  • "status": "draft"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get lessonlearned

Returns a single lessonlearned by identifier.

Authorizations:
bearerAuth
path Parameters
lessonId
required
string <uuid>

Lesson learned UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update lessonlearned

Applies a partial update to an existing lessonlearned.

Authorizations:
bearerAuth
path Parameters
lessonId
required
string <uuid>

Lesson learned UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
string [ 1 .. 300 ] characters
description
string <= 10000 characters
category
string
Default: "process_improvement"
Enum: "process_improvement" "failure_prevention" "best_practice" "regulatory_insight" "supplier_insight" "customer_insight" "safety"
source
string
Default: "other"
Enum: "capa" "ncr" "audit" "quality_event" "management_review" "training" "supplier_evaluation" "customer_feedback" "other"
Array of objects
Default: []
rootCause
string <= 5000 characters
actionTaken
string <= 5000 characters
recommendation
string [ 1 .. 5000 ] characters
applicability
Array of strings[ items <= 200 characters ]
Default: []
tags
Array of strings[ items <= 100 characters ]
Default: []
effectiveness
string
Default: "not_assessed"
Enum: "not_assessed" "effective" "partially_effective" "ineffective"
status
string
Default: "draft"
Enum: "draft" "published" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "string",
  • "description": "string",
  • "category": "process_improvement",
  • "source": "capa",
  • "sourceRecords": [ ],
  • "rootCause": "string",
  • "actionTaken": "string",
  • "recommendation": "string",
  • "applicability": [ ],
  • "tags": [ ],
  • "effectiveness": "not_assessed",
  • "status": "draft"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get lessons related to an entity

Returns lessons whose source records include the specified entity type and ID.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

category
string
Enum: "process_improvement" "failure_prevention" "best_practice" "regulatory_insight" "supplier_insight" "customer_insight" "safety"
source
string
Enum: "capa" "ncr" "audit" "quality_event" "management_review" "training" "supplier_evaluation" "customer_feedback" "other"
status
string
Enum: "draft" "published" "archived"
effectiveness
string
Enum: "not_assessed" "effective" "partially_effective" "ineffective"
tag
string <= 100 characters

Filter by a single tag value.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Signatures

Electronic signatures, tamper-evident hash chain verification, and signature policy configuration (21 CFR Part 11 / EU Annex 11).

Apply electronic signature

Verifies the signer identity, computes a tamper-evident content hash of the target record, and appends an immutable signature to the entity hash chain. Server-only — clients cannot construct signature hashes directly.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
entityType
required
string
Enum: "document" "capa" "ncr" "change_request" "training_record" "form_response"
entityId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

string or null
meaning
required
string
Enum: "authored" "reviewed" "approved" "verified" "released" "acknowledged" "witnessed"
statement
required
string [ 1 .. 2000 ] characters
method
required
string
Enum: "password_confirmation" "drawn_signature" "mfa_verified"
password
string <= 512 characters
mfaCode
string^\d{6}$
drawnSignatureDataUrl
string <= 2000000 characters ^data:image\/png;base64,

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "entityType": "document",
  • "entityId": "156e622c-6cdf-4c27-9bc9-2f2db69919f5",
  • "versionRef": "string",
  • "meaning": "authored",
  • "statement": "string",
  • "method": "password_confirmation",
  • "password": "string",
  • "mfaCode": "string",
  • "drawnSignatureDataUrl": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List electronic signatures

Returns a filterable, paginated list of electronic signatures across the organization. Use for audit packet preparation and compliance review.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]
sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

entityType
string
Enum: "document" "capa" "ncr" "change_request" "training_record" "form_response"
entityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

signerId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

meaning
string
Enum: "authored" "reviewed" "approved" "verified" "released" "acknowledged" "witnessed"
fromDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

toDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Verify signature chain integrity

Recomputes the hash chain for an entity and confirms no signature has been tampered with. Returns the index of the first broken record if verification fails.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]
sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

entityType
string
Enum: "document" "capa" "ncr" "change_request" "training_record" "form_response"
entityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

signerId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

meaning
string
Enum: "authored" "reviewed" "approved" "verified" "released" "acknowledged" "witnessed"
fromDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

toDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List signaturepolicies

Returns a cursor-paginated collection of signaturepolicies.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]
sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

entityType
string
Enum: "document" "capa" "ncr" "change_request" "training_record" "form_response"
status
string
Enum: "active" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create signaturepolicy

Creates a signaturepolicy within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 120 ] characters
entityType
required
string
Enum: "document" "capa" "ncr" "change_request" "training_record" "form_response"
string or null
requiredMeanings
required
Array of strings non-empty
Items Enum: "authored" "reviewed" "approved" "verified" "released" "acknowledged" "witnessed"
signatureMethod
required
string
Enum: "password_confirmation" "drawn_signature" "mfa_verified"
requireSequential
boolean
requireAllBeforePublish
boolean
status
string
Enum: "active" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "entityType": "document",
  • "documentType": "string",
  • "requiredMeanings": [
    ],
  • "signatureMethod": "password_confirmation",
  • "requireSequential": true,
  • "requireAllBeforePublish": true,
  • "status": "active"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get signaturepolicy

Returns a single signaturepolicy by identifier.

Authorizations:
bearerAuth
path Parameters
policyId
required
string <uuid>

Signature policy UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update signaturepolicy

Applies a partial update to an existing signaturepolicy.

Authorizations:
bearerAuth
path Parameters
policyId
required
string <uuid>

Signature policy UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 120 ] characters
entityType
string
Enum: "document" "capa" "ncr" "change_request" "training_record" "form_response"
string or null
requiredMeanings
Array of strings non-empty
Items Enum: "authored" "reviewed" "approved" "verified" "released" "acknowledged" "witnessed"
signatureMethod
string
Enum: "password_confirmation" "drawn_signature" "mfa_verified"
requireSequential
boolean
requireAllBeforePublish
boolean
status
string
Enum: "active" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "entityType": "document",
  • "documentType": "string",
  • "requiredMeanings": [
    ],
  • "signatureMethod": "password_confirmation",
  • "requireSequential": true,
  • "requireAllBeforePublish": true,
  • "status": "active"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

WorkItems

Unified read-only view of actionable work items across all QMS modules.

List work items

Returns a unified, cursor-paginated list of actionable work items across all QMS modules.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

sourceType
string <= 64 characters
status
string <= 64 characters
assignedTo
string [ 1 .. 128 ] characters

Application user identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get work item

Returns a single work item by its composite identifier.

Authorizations:
bearerAuth
path Parameters
workItemId
required
string <uuid>

Work item composite UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

ContextIssues

Internal and external context issues that affect the QMS and require periodic review.

List contextissues

Returns a cursor-paginated collection of contextissues.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "active" "inactive" "archived"
category
string
Enum: "internal" "external"
relevance
string
Enum: "high" "medium" "low"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create contextissue

Creates a contextissue within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
required
string [ 1 .. 300 ] characters
description
string <= 5000 characters
category
required
string
Enum: "internal" "external"
impact
required
string
Enum: "positive" "negative" "both"
relevance
required
string
Enum: "high" "medium" "low"
linkedRiskIds
required
Array of strings[ items <= 120 characters ]
Default: []
linkedObjectiveIds
required
Array of strings[ items <= 120 characters ]
Default: []
reviewFrequency
required
string
Default: "annual"
Enum: "quarterly" "semi_annual" "annual" "as_needed"
lastReviewedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

status
required
string
Default: "active"
Enum: "active" "inactive" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "Internal knowledge concentration around core QMS workflows",
  • "description": "Key workflow ownership is concentrated in too few people, creating continuity risk.",
  • "category": "internal",
  • "impact": "negative",
  • "relevance": "high",
  • "linkedRiskIds": [
    ],
  • "linkedObjectiveIds": [
    ],
  • "reviewFrequency": "semi_annual",
  • "lastReviewedAt": "2026-04-05T00:00:00.000Z",
  • "status": "active"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get contextissue

Returns a single contextissue by identifier.

Authorizations:
bearerAuth
path Parameters
contextIssueId
required
string <uuid>

Context issue UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update contextissue

Applies a partial update to an existing contextissue.

Authorizations:
bearerAuth
path Parameters
contextIssueId
required
string <uuid>

Context issue UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
string [ 1 .. 300 ] characters
description
string <= 5000 characters
category
string
Enum: "internal" "external"
impact
string
Enum: "positive" "negative" "both"
relevance
string
Enum: "high" "medium" "low"
linkedRiskIds
Array of strings[ items <= 120 characters ]
Default: []
linkedObjectiveIds
Array of strings[ items <= 120 characters ]
Default: []
reviewFrequency
string
Default: "annual"
Enum: "quarterly" "semi_annual" "annual" "as_needed"
lastReviewedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

status
string
Default: "active"
Enum: "active" "inactive" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "relevance": "medium",
  • "status": "inactive"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

InterestedParties

Stakeholder requirements, monitoring methods, and review cadence for the QMS.

List interestedparties

Returns a cursor-paginated collection of interestedparties.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "active" "inactive" "archived"
category
string
Enum: "customer" "regulatory" "supplier" "employee" "shareholder" "community" "partner" "other"
partyType
string
Enum: "internal" "external"
relevance
string
Enum: "high" "medium" "low"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create interestedparty

Creates a interestedparty within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 255 ] characters
category
required
string
Enum: "customer" "regulatory" "supplier" "employee" "shareholder" "community" "partner" "other"
partyType
required
string
Enum: "internal" "external"
required
Array of objects
Default: []
relevance
required
string
Default: "medium"
Enum: "high" "medium" "low"
monitoringMethod
string <= 500 characters
reviewFrequency
required
string
Default: "annual"
Enum: "quarterly" "semi_annual" "annual" "as_needed"
lastReviewedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

linkedControlIds
required
Array of strings[ items <= 120 characters ]
Default: []
linkedRiskIds
required
Array of strings[ items <= 120 characters ]
Default: []
linkedObjectiveIds
required
Array of strings[ items <= 120 characters ]
Default: []
notes
string <= 5000 characters
status
required
string
Default: "active"
Enum: "active" "inactive" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "Employees",
  • "category": "employee",
  • "partyType": "internal",
  • "requirements": [
    ],
  • "relevance": "high",
  • "monitoringMethod": "Training completion, surveys, and management review",
  • "reviewFrequency": "annual",
  • "lastReviewedAt": "2026-04-05T00:00:00.000Z",
  • "linkedControlIds": [
    ],
  • "linkedRiskIds": [
    ],
  • "linkedObjectiveIds": [
    ],
  • "notes": "Include full-time and contracted personnel performing QMS work.",
  • "status": "active"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get interestedparty

Returns a single interestedparty by identifier.

Authorizations:
bearerAuth
path Parameters
partyId
required
string <uuid>

Interested party UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update interestedparty

Applies a partial update to an existing interestedparty.

Authorizations:
bearerAuth
path Parameters
partyId
required
string <uuid>

Interested party UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 255 ] characters
category
string
Enum: "customer" "regulatory" "supplier" "employee" "shareholder" "community" "partner" "other"
partyType
string
Enum: "internal" "external"
Array of objects
Default: []
relevance
string
Default: "medium"
Enum: "high" "medium" "low"
monitoringMethod
string <= 500 characters
reviewFrequency
string
Default: "annual"
Enum: "quarterly" "semi_annual" "annual" "as_needed"
lastReviewedAt
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

linkedControlIds
Array of strings[ items <= 120 characters ]
Default: []
linkedRiskIds
Array of strings[ items <= 120 characters ]
Default: []
linkedObjectiveIds
Array of strings[ items <= 120 characters ]
Default: []
notes
string <= 5000 characters
status
string
Default: "active"
Enum: "active" "inactive" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "monitoringMethod": "Annual survey and quarterly management review trend check",
  • "status": "inactive"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

QmsScope

Immutable QMS scope statement versions with auditable revision history.

List QMS scope versions

Returns immutable QMS scope statement versions in reverse chronological order.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create QMS scope version

Appends a new immutable QMS scope statement version for the organization.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
content
required
string [ 1 .. 50000 ] characters
changeSummary
string <= 5000 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "content": "The QMS covers the design, delivery, support, and continual improvement of the Q360 platform and associated quality operations for subscribed organizations.",
  • "changeSummary": "Clarified included service lines and lifecycle activities."
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get QMS scope version

Returns a single immutable QMS scope statement version by identifier.

Authorizations:
bearerAuth
path Parameters
versionId
required
string <uuid>

QMS scope version UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Complaints

Customer complaint intake, investigation, containment, and resolution workflows.

List complaints

Returns a cursor-paginated collection of complaints.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "received" "triaged" "containment_in_progress" "under_investigation" "response_pending" "response_sent" "verification_pending" "closed" "cancelled"
severity
string
Enum: "critical" "major" "minor" "negligible"
category
string <= 100 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create complaint

Creates a complaint within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
required
string [ 1 .. 300 ] characters
description
required
string <= 10000 characters
customerName
string <= 255 characters
complaintCategory
string <= 100 characters
affectedProduct
string <= 255 characters
affectedService
string <= 255 characters
lotOrBatch
string <= 100 characters
incidentDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

reportedDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

severity
required
string
Enum: "critical" "major" "minor" "negligible"
containmentRequired
required
boolean
Default: false
rootCauseSummary
string <= 5000 characters
relatedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

relatedCapaId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "string",
  • "description": "string",
  • "customerName": "string",
  • "complaintCategory": "string",
  • "affectedProduct": "string",
  • "affectedService": "string",
  • "lotOrBatch": "string",
  • "incidentDate": "2019-08-24",
  • "reportedDate": "2019-08-24",
  • "severity": "critical",
  • "containmentRequired": false,
  • "rootCauseSummary": "string",
  • "relatedNcrId": "e320dba5-4e90-4e0c-986b-3e11021d7fdc",
  • "relatedCapaId": "303f9d19-b179-4959-b066-904582d88315"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get complaint

Returns a single complaint by identifier.

Authorizations:
bearerAuth
path Parameters
complaintId
required
string <uuid>

Complaint UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update complaint

Applies a partial update to an existing complaint.

Authorizations:
bearerAuth
path Parameters
complaintId
required
string <uuid>

Complaint UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
string [ 1 .. 300 ] characters
description
string <= 10000 characters
customerName
string <= 255 characters
complaintCategory
string <= 100 characters
affectedProduct
string <= 255 characters
affectedService
string <= 255 characters
lotOrBatch
string <= 100 characters
incidentDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

reportedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

severity
string
Enum: "critical" "major" "minor" "negligible"
containmentRequired
boolean
Default: false
rootCauseSummary
string <= 5000 characters
relatedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

relatedCapaId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "string",
  • "description": "string",
  • "customerName": "string",
  • "complaintCategory": "string",
  • "affectedProduct": "string",
  • "affectedService": "string",
  • "lotOrBatch": "string",
  • "incidentDate": "2019-08-24",
  • "reportedDate": "2019-08-24",
  • "severity": "critical",
  • "containmentRequired": false,
  • "rootCauseSummary": "string",
  • "relatedNcrId": "e320dba5-4e90-4e0c-986b-3e11021d7fdc",
  • "relatedCapaId": "303f9d19-b179-4959-b066-904582d88315"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

SupplierCertifications

Supplier certification tracking, expiry monitoring, and document management.

List suppliercertifications

Returns a cursor-paginated collection of suppliercertifications.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

status
string
Enum: "active" "expiring_soon" "expired" "revoked"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create suppliercertification

Creates a suppliercertification within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

certificationName
required
string [ 1 .. 255 ] characters
certificationBody
string <= 255 characters
certificateNumber
string <= 128 characters
issuedDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

expiryDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

documentUrl
string <= 2048 characters
notes
string <= 5000 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "certificationName": "string",
  • "certificationBody": "string",
  • "certificateNumber": "string",
  • "issuedDate": "2019-08-24",
  • "expiryDate": "2019-08-24",
  • "documentUrl": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get suppliercertification

Returns a single suppliercertification by identifier.

Authorizations:
bearerAuth
path Parameters
certificationId
required
string <uuid>

Supplier certification UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update suppliercertification

Applies a partial update to an existing suppliercertification.

Authorizations:
bearerAuth
path Parameters
certificationId
required
string <uuid>

Supplier certification UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

certificationName
string [ 1 .. 255 ] characters
certificationBody
string <= 255 characters
certificateNumber
string <= 128 characters
issuedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

expiryDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

documentUrl
string <= 2048 characters
notes
string <= 5000 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "certificationName": "string",
  • "certificationBody": "string",
  • "certificateNumber": "string",
  • "issuedDate": "2019-08-24",
  • "expiryDate": "2019-08-24",
  • "documentUrl": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

SupplierReviews

Periodic supplier performance reviews and qualification decisions.

List supplierreviews

Returns a cursor-paginated collection of supplierreviews.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

outcome
string
Enum: "approved" "conditionally_approved" "requires_improvement" "disqualified"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create supplierreview

Creates a supplierreview within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

reviewDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

reviewerId
required
string [ 1 .. 128 ] characters

Application user identifier.

overallScore
number [ 0 .. 100 ]
outcome
required
string
Enum: "approved" "conditionally_approved" "requires_improvement" "disqualified"
summary
string <= 5000 characters
nextReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "reviewDate": "2019-08-24",
  • "reviewerId": "string",
  • "overallScore": 100,
  • "outcome": "approved",
  • "summary": "string",
  • "nextReviewDate": "2019-08-24"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get supplierreview

Returns a single supplierreview by identifier.

Authorizations:
bearerAuth
path Parameters
reviewId
required
string <uuid>

Supplier review UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update supplierreview

Applies a partial update to an existing supplierreview.

Authorizations:
bearerAuth
path Parameters
reviewId
required
string <uuid>

Supplier review UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

reviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

reviewerId
string [ 1 .. 128 ] characters

Application user identifier.

overallScore
number [ 0 .. 100 ]
outcome
string
Enum: "approved" "conditionally_approved" "requires_improvement" "disqualified"
summary
string <= 5000 characters
nextReviewDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "reviewDate": "2019-08-24",
  • "reviewerId": "string",
  • "overallScore": 100,
  • "outcome": "approved",
  • "summary": "string",
  • "nextReviewDate": "2019-08-24"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

SupplierScorecards

Supplier performance scorecards with multi-dimensional scoring.

List supplierscorecards

Returns a cursor-paginated collection of supplierscorecards.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

tier
string <= 32 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create supplierscorecard

Creates a supplierscorecard within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

periodStart
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

periodEnd
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

qualityScore
number [ 0 .. 100 ]
deliveryScore
number [ 0 .. 100 ]
responsiveScore
number [ 0 .. 100 ]
overallScore
number [ 0 .. 100 ]
tier
string <= 32 characters
notes
string <= 5000 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "periodStart": "2019-08-24",
  • "periodEnd": "2019-08-24",
  • "qualityScore": 100,
  • "deliveryScore": 100,
  • "responsiveScore": 100,
  • "overallScore": 100,
  • "tier": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get supplierscorecard

Returns a single supplierscorecard by identifier.

Authorizations:
bearerAuth
path Parameters
scorecardId
required
string <uuid>

Supplier scorecard UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update supplierscorecard

Applies a partial update to an existing supplierscorecard.

Authorizations:
bearerAuth
path Parameters
scorecardId
required
string <uuid>

Supplier scorecard UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

periodStart
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

periodEnd
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

qualityScore
number [ 0 .. 100 ]
deliveryScore
number [ 0 .. 100 ]
responsiveScore
number [ 0 .. 100 ]
overallScore
number [ 0 .. 100 ]
tier
string <= 32 characters
notes
string <= 5000 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "periodStart": "2019-08-24",
  • "periodEnd": "2019-08-24",
  • "qualityScore": 100,
  • "deliveryScore": 100,
  • "responsiveScore": 100,
  • "overallScore": 100,
  • "tier": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

SupplierCorrectiveActions

Supplier Corrective Action Requests (SCARs) for non-conformance resolution.

List suppliercorrectiveactions

Returns a cursor-paginated collection of suppliercorrectiveactions.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

status
string
Enum: "open" "response_pending" "response_received" "verified" "closed" "escalated"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create suppliercorrectiveaction

Creates a suppliercorrectiveaction within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

title
required
string [ 1 .. 300 ] characters
description
string <= 10000 characters
issuedDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

responseDueDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

relatedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "title": "string",
  • "description": "string",
  • "issuedDate": "2019-08-24",
  • "responseDueDate": "2019-08-24",
  • "relatedNcrId": "e320dba5-4e90-4e0c-986b-3e11021d7fdc"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get suppliercorrectiveaction

Returns a single suppliercorrectiveaction by identifier.

Authorizations:
bearerAuth
path Parameters
scarId
required
string <uuid>

Supplier corrective action UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update suppliercorrectiveaction

Applies a partial update to an existing suppliercorrectiveaction.

Authorizations:
bearerAuth
path Parameters
scarId
required
string <uuid>

Supplier corrective action UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

title
string [ 1 .. 300 ] characters
description
string <= 10000 characters
issuedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

responseDueDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

relatedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "title": "string",
  • "description": "string",
  • "issuedDate": "2019-08-24",
  • "responseDueDate": "2019-08-24",
  • "relatedNcrId": "e320dba5-4e90-4e0c-986b-3e11021d7fdc"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Reports

Report definitions, scheduled generation, and run history.

List reportdefinitions

Returns a cursor-paginated collection of reportdefinitions.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

title
string

Filter by report title.

reportType
string
Enum: "system" "custom"

Filter by definition origin type.

isSystem
boolean

Filter by platform-managed definitions.

isActive
boolean

Filter by active definitions.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create reportdefinition

Creates a reportdefinition within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
reportKey
required
string [ 1 .. 100 ] characters

Stable machine key for the report definition.

title
required
string [ 1 .. 255 ] characters

Human-readable report title.

description
string <= 5000 characters

Optional summary of the report purpose.

reportType
required
string
Default: "custom"
Enum: "system" "custom"

Whether the report is system-provided or custom.

category
string <= 255 characters

Functional grouping used in the report library.

required
object
Default: {}

Parameter schema used to configure the report.

required
object
Default: {}

Default runtime parameters applied to new runs.

isSystem
required
boolean
Default: false

Whether the definition is maintained by the platform.

isActive
required
boolean
Default: true

Whether the definition can be scheduled or run.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "reportKey": "custom-quarterly-quality-pack",
  • "title": "Quarterly Quality Pack",
  • "description": "Custom consolidated quality report for department leads.",
  • "reportType": "custom",
  • "category": "Governance",
  • "inputSchema": {
    },
  • "defaultParameters": {
    },
  • "isSystem": false,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get reportdefinition

Returns a single reportdefinition by identifier.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Report definition UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update reportdefinition

Applies a partial update to an existing reportdefinition.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Report definition UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
title
string [ 1 .. 255 ] characters

Human-readable report title.

description
string <= 5000 characters

Optional summary of the report purpose.

category
string <= 255 characters

Functional grouping used in the report library.

object

Parameter schema used to configure the report.

object

Default runtime parameters applied to new runs.

isActive
boolean

Whether the definition can be scheduled or run.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "title": "Quarterly Quality Pack v2",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List reportschedules

Returns a cursor-paginated collection of reportschedules.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

reportDefinitionId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by report definition identifier.

isActive
boolean

Filter by enabled schedules.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create reportschedule

Creates a reportschedule within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
reportDefinitionId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

cronExpression
required
string [ 1 .. 100 ] characters

Five-field cron expression controlling execution cadence.

required
object
Default: {}

Runtime parameters merged into each scheduled run.

outputFormat
required
string
Default: "pdf"
Enum: "pdf" "xlsx" "csv" "zip"

Requested artifact format for completed runs.

isActive
required
boolean
Default: true

Whether the schedule should start enabled.

createdBy
string [ 1 .. 128 ] characters

Application user identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "reportDefinitionId": "bc12759a-cb1a-45db-988c-a48c84ad0b72",
  • "cronExpression": "0 8 * * 1",
  • "parameters": {
    },
  • "outputFormat": "pdf",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get reportschedule

Returns a single reportschedule by identifier.

Authorizations:
bearerAuth
path Parameters
scheduleId
required
string <uuid>

Report schedule UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update reportschedule

Applies a partial update to an existing reportschedule.

Authorizations:
bearerAuth
path Parameters
scheduleId
required
string <uuid>

Report schedule UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
cronExpression
string [ 1 .. 100 ] characters

Five-field cron expression controlling execution cadence.

object

Runtime parameters merged into each scheduled run.

outputFormat
string
Enum: "pdf" "xlsx" "csv" "zip"

Requested artifact format for completed runs.

isActive
boolean

Whether the schedule is currently enabled.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "cronExpression": "0 8 * * 2",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List report runs

Returns a cursor-paginated collection of report runs.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

reportDefinitionId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by report definition identifier.

scheduleId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by originating schedule identifier.

status
string
Enum: "pending" "running" "completed" "failed" "cancelled"

Filter by run execution state.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Trigger a report run

Queues a new report generation run for the specified report definition.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
reportDefinitionId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

scheduleId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

required
object
Default: {}

Runtime parameters supplied for this run only.

outputFormat
required
string
Default: "pdf"
Enum: "pdf" "xlsx" "csv" "zip"

Requested artifact format for the run.

triggeredBy
string [ 1 .. 128 ] characters

Application user identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "reportDefinitionId": "bc12759a-cb1a-45db-988c-a48c84ad0b72",
  • "scheduleId": "cc12759a-cb1a-45db-988c-a48c84ad0b73",
  • "parameters": {
    },
  • "outputFormat": "pdf",
  • "triggeredBy": "22222222-2222-4222-8222-222222222222"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get report run

Returns a single report run by identifier.

Authorizations:
bearerAuth
path Parameters
runId
required
string <uuid>

Report run UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List report snapshots

Returns a cursor-paginated collection of immutable report snapshots.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

runId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by originating report run identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get report snapshot

Returns a single immutable report snapshot by identifier.

Authorizations:
bearerAuth
path Parameters
snapshotId
required
string <uuid>

Report snapshot UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

ManagementReviews

Management review meeting snapshots, decisions, and action outputs.

List management review snapshots

Returns a cursor-paginated list of metric snapshots for a management review.

Authorizations:
bearerAuth
path Parameters
reviewId
required
string <uuid>

Management review UUID.

query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

reviewId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get management review snapshot

Returns a single management review snapshot by identifier.

Authorizations:
bearerAuth
path Parameters
reviewId
required
string <uuid>

Management review UUID.

snapshotId
required
string <uuid>

Snapshot UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List managementreviewoutputs

Returns a cursor-paginated collection of managementreviewoutputs.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

reviewId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

outputType
string
Enum: "action_item" "decision" "resource_allocation" "policy_change" "improvement_opportunity"
status
string
Enum: "draft" "approved" "implemented" "closed"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create managementreviewoutput

Creates a managementreviewoutput within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
reviewId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

outputType
required
string
Enum: "action_item" "decision" "resource_allocation" "policy_change" "improvement_opportunity"
title
required
string [ 1 .. 300 ] characters
description
string <= 10000 characters
assignedToId
string [ 1 .. 128 ] characters

Application user identifier.

dueDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "reviewId": "341516c7-7748-4edf-830d-9d7fcae997b7",
  • "outputType": "action_item",
  • "title": "string",
  • "description": "string",
  • "assignedToId": "string",
  • "dueDate": "2019-08-24"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get managementreviewoutput

Returns a single managementreviewoutput by identifier.

Authorizations:
bearerAuth
path Parameters
outputId
required
string <uuid>

Management review output UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update managementreviewoutput

Applies a partial update to an existing managementreviewoutput.

Authorizations:
bearerAuth
path Parameters
outputId
required
string <uuid>

Management review output UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
reviewId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

outputType
string
Enum: "action_item" "decision" "resource_allocation" "policy_change" "improvement_opportunity"
title
string [ 1 .. 300 ] characters
description
string <= 10000 characters
assignedToId
string [ 1 .. 128 ] characters

Application user identifier.

dueDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Calendar date in ISO 8601 format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "reviewId": "341516c7-7748-4edf-830d-9d7fcae997b7",
  • "outputType": "action_item",
  • "title": "string",
  • "description": "string",
  • "assignedToId": "string",
  • "dueDate": "2019-08-24"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Obligations

Recurring obligation definitions, generated instances, and compliance health metrics.

List obligationdefinitions

Returns a cursor-paginated collection of obligationdefinitions.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

obligationType
string
Enum: "management_review" "supplier_review" "control_test" "calibration" "training_refresher" "audit" "document_review" "custom"

Filter by obligation type.

isActive
boolean

Filter by active definitions only.

name
string <= 200 characters

Filter by obligation name.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create obligationdefinition

Creates a obligationdefinition within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Display name for the recurring obligation.

description
string <= 5000 characters

Detailed description of the obligation scope.

obligationType
required
string
Enum: "management_review" "supplier_review" "control_test" "calibration" "training_refresher" "audit" "document_review" "custom"

Category of recurring obligation.

required
object or object or object or object or object or object

Recurrence rule describing how instances are generated.

leadTimeDays
required
integer [ 0 .. 365 ]

Days before due date to activate the instance.

required
object

Template used when auto-creating the target entity.

assigneeUserId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Default assignee for generated instances.

assigneeRole
string <= 80 characters

Fallback role label for assignment routing.

escalationChainId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Escalation chain linked to overdue instances.

slaWarningHours
number

Optional warning threshold in hours.

slaBreachHours
number

Optional missed threshold in hours.

linkedEntityType
string <= 80 characters

Linked entity type for contextual recurrence.

linkedEntityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked entity identifier for contextual recurrence.

isActive
required
boolean

Whether the definition continues generating instances.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "obligationType": "management_review",
  • "recurrence": {
    },
  • "leadTimeDays": 365,
  • "entityTemplate": {
    },
  • "assigneeUserId": "11d6662f-b88d-444d-8712-eda11b5a0eed",
  • "assigneeRole": "string",
  • "escalationChainId": "4caee9f9-c176-4da8-9c0e-5b5b57613525",
  • "slaWarningHours": 0,
  • "slaBreachHours": 0,
  • "linkedEntityType": "string",
  • "linkedEntityId": "797256a3-a048-40b0-acab-2fa77393a895",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get obligationdefinition

Returns a single obligationdefinition by identifier.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Obligation definition UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update obligationdefinition

Applies a partial update to an existing obligationdefinition.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Obligation definition UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Display name for the recurring obligation.

description
string <= 5000 characters

Detailed description of the obligation scope.

obligationType
string
Enum: "management_review" "supplier_review" "control_test" "calibration" "training_refresher" "audit" "document_review" "custom"

Category of recurring obligation.

object or object or object or object or object or object

Recurrence rule describing how instances are generated.

leadTimeDays
integer [ 0 .. 365 ]

Days before due date to activate the instance.

object

Template used when auto-creating the target entity.

assigneeUserId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Default assignee for generated instances.

assigneeRole
string <= 80 characters

Fallback role label for assignment routing.

escalationChainId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Escalation chain linked to overdue instances.

slaWarningHours
number

Optional warning threshold in hours.

slaBreachHours
number

Optional missed threshold in hours.

linkedEntityType
string <= 80 characters

Linked entity type for contextual recurrence.

linkedEntityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked entity identifier for contextual recurrence.

isActive
boolean

Whether the definition continues generating instances.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "obligationType": "management_review",
  • "recurrence": {
    },
  • "leadTimeDays": 365,
  • "entityTemplate": {
    },
  • "assigneeUserId": "11d6662f-b88d-444d-8712-eda11b5a0eed",
  • "assigneeRole": "string",
  • "escalationChainId": "4caee9f9-c176-4da8-9c0e-5b5b57613525",
  • "slaWarningHours": 0,
  • "slaBreachHours": 0,
  • "linkedEntityType": "string",
  • "linkedEntityId": "797256a3-a048-40b0-acab-2fa77393a895",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List obligation instances

Returns generated obligation instances with optional status, assignee, and date filters.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

definitionId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by obligation definition.

status
string
Enum: "scheduled" "upcoming" "active" "in_progress" "completed" "overdue" "missed" "cancelled"

Filter by instance status.

assignedTo
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by assigned user.

dateFrom
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Filter to instances due on or after this date.

dateTo
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Filter to instances due on or before this date.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get obligation instance

Returns a single generated obligation instance by identifier.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Obligation instance UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update obligation instance

Updates the status, assignment, or notes for a generated obligation instance.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Obligation instance UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
status
string
Enum: "scheduled" "upcoming" "active" "in_progress" "completed" "overdue" "missed" "cancelled"

Updated instance status.

assignedTo
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Updated assignee user ID.

notes
string <= 5000 characters

Updated instance notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "status": "scheduled",
  • "assignedTo": "7869c1a9-a680-4086-b6f5-9e78a651f6f2",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get obligation health metrics

Returns aggregate counts and on-time completion rate for recurring obligations.

Authorizations:
bearerAuth

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

EquipmentQualifications

Equipment qualification records (IQ/OQ/PQ/DQ) for validation and regulatory compliance.

List equipmentqualifications

Returns a cursor-paginated collection of equipmentqualifications.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

equipmentId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by equipment.

status
string
Enum: "planned" "in_progress" "passed" "failed" "deferred" "cancelled"

Filter by status.

qualificationType
string
Enum: "IQ" "OQ" "PQ" "DQ" "FAT" "SAT" "requalification" "other"

Filter by qualification type.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create equipmentqualification

Creates a equipmentqualification within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
equipmentId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Equipment this qualification belongs to.

qualificationId
required
string [ 1 .. 80 ] characters

Human-readable qualification ID.

qualificationType
required
string
Enum: "IQ" "OQ" "PQ" "DQ" "FAT" "SAT" "requalification" "other"

Type of qualification activity.

title
required
string [ 1 .. 255 ] characters

Qualification title.

description
string <= 5000 characters

Detailed qualification description.

status
required
string
Enum: "planned" "in_progress" "passed" "failed" "deferred" "cancelled"

Current qualification status.

protocolReference
string <= 255 characters

Reference to the qualification protocol document.

performedBy
string [ 1 .. 128 ] characters

User who performed the qualification.

approvedBy
string [ 1 .. 128 ] characters

User who approved the qualification.

plannedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Planned qualification date.

performedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Actual qualification date.

approvedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Approval date.

nextRequalificationDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next requalification due date.

requalificationFrequencyMonths
integer ( 0 .. 9007199254740991 ]

Requalification interval in months.

acceptanceCriteria
string <= 5000 characters

Acceptance criteria for pass/fail determination.

results
string <= 5000 characters

Qualification results and observations.

deviations
string <= 5000 characters

Deviations found during qualification.

linkedCapaId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked CAPA for deviations.

linkedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked NCR for failures.

notes
string <= 5000 characters

Additional notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Equipment qualification record (IQ/OQ/PQ/DQ).

required
object

Request samples

Content type
application/json
{
  • "equipmentId": "d2a795e1-f645-4e24-bc0a-ab1965048fcc",
  • "qualificationId": "string",
  • "qualificationType": "IQ",
  • "title": "string",
  • "description": "string",
  • "status": "planned",
  • "protocolReference": "string",
  • "performedBy": "string",
  • "approvedBy": "string",
  • "plannedDate": "2019-08-24",
  • "performedDate": "2019-08-24",
  • "approvedDate": "2019-08-24",
  • "nextRequalificationDate": "2019-08-24",
  • "requalificationFrequencyMonths": 9007199254740991,
  • "acceptanceCriteria": "string",
  • "results": "string",
  • "deviations": "string",
  • "linkedCapaId": "dd361286-3806-4a46-b6e8-fa27be86e690",
  • "linkedNcrId": "a25b8858-84bc-4462-ae21-a03ed506f278",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get equipmentqualification

Returns a single equipmentqualification by identifier.

Authorizations:
bearerAuth
path Parameters
qualificationId
required
string <uuid>

Equipment qualification UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Equipment qualification record (IQ/OQ/PQ/DQ).

required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update equipmentqualification

Applies a partial update to an existing equipmentqualification.

Authorizations:
bearerAuth
path Parameters
qualificationId
required
string <uuid>

Equipment qualification UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
equipmentId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Equipment this qualification belongs to.

qualificationId
string [ 1 .. 80 ] characters

Human-readable qualification ID.

qualificationType
string
Enum: "IQ" "OQ" "PQ" "DQ" "FAT" "SAT" "requalification" "other"

Type of qualification activity.

title
string [ 1 .. 255 ] characters

Qualification title.

description
string <= 5000 characters

Detailed qualification description.

status
string
Enum: "planned" "in_progress" "passed" "failed" "deferred" "cancelled"

Current qualification status.

protocolReference
string <= 255 characters

Reference to the qualification protocol document.

performedBy
string [ 1 .. 128 ] characters

User who performed the qualification.

approvedBy
string [ 1 .. 128 ] characters

User who approved the qualification.

plannedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Planned qualification date.

performedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Actual qualification date.

approvedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Approval date.

nextRequalificationDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Next requalification due date.

requalificationFrequencyMonths
integer ( 0 .. 9007199254740991 ]

Requalification interval in months.

acceptanceCriteria
string <= 5000 characters

Acceptance criteria for pass/fail determination.

results
string <= 5000 characters

Qualification results and observations.

deviations
string <= 5000 characters

Deviations found during qualification.

linkedCapaId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked CAPA for deviations.

linkedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked NCR for failures.

notes
string <= 5000 characters

Additional notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Equipment qualification record (IQ/OQ/PQ/DQ).

required
object

Request samples

Content type
application/json
{
  • "equipmentId": "d2a795e1-f645-4e24-bc0a-ab1965048fcc",
  • "qualificationId": "string",
  • "qualificationType": "IQ",
  • "title": "string",
  • "description": "string",
  • "status": "planned",
  • "protocolReference": "string",
  • "performedBy": "string",
  • "approvedBy": "string",
  • "plannedDate": "2019-08-24",
  • "performedDate": "2019-08-24",
  • "approvedDate": "2019-08-24",
  • "nextRequalificationDate": "2019-08-24",
  • "requalificationFrequencyMonths": 9007199254740991,
  • "acceptanceCriteria": "string",
  • "results": "string",
  • "deviations": "string",
  • "linkedCapaId": "dd361286-3806-4a46-b6e8-fa27be86e690",
  • "linkedNcrId": "a25b8858-84bc-4462-ae21-a03ed506f278",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

SupplierLots

Supplier lot tracking for incoming material qualification and traceability.

List supplierlots

Returns a cursor-paginated collection of supplierlots.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by supplier.

status
string
Enum: "received" "quarantined" "released" "rejected" "returned" "consumed" "expired" "recalled"

Filter by status.

isQuarantined
boolean

Filter by quarantine status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create supplierlot

Creates a supplierlot within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
lotId
required
string [ 1 .. 80 ] characters

Human-readable lot ID.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked supplier.

lotNumber
required
string [ 1 .. 100 ] characters

Supplier lot number.

batchNumber
string <= 100 characters

Supplier batch number.

productName
required
string [ 1 .. 255 ] characters

Product or material name.

productCode
string <= 100 characters

Product or material code.

description
string <= 5000 characters

Lot description.

status
required
string
Enum: "received" "quarantined" "released" "rejected" "returned" "consumed" "expired" "recalled"

Current lot status.

quantityReceived
number

Quantity received.

quantityUnit
string <= 50 characters

Unit of measure for quantity.

receivedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date the lot was received.

expiryDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Lot expiry date.

certificateOfAnalysis
string <= 500 characters

Certificate of analysis reference.

certificateOfConformance
string <= 500 characters

Certificate of conformance reference.

inspectionStatus
string
Enum: "pending" "passed" "failed" "waived"

Incoming inspection status.

linkedInspectionId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked inspection record.

linkedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked NCR for rejected lots.

storageLocation
string <= 255 characters

Storage location.

isQuarantined
required
boolean

Whether the lot is currently quarantined.

quarantineReason
string <= 2000 characters

Reason for quarantine.

disposition
string
Enum: "accept" "reject" "return_to_supplier" "rework" "scrap" "use_as_is"

Disposition decision.

dispositionDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date of disposition decision.

dispositionBy
string [ 1 .. 128 ] characters

User who made the disposition decision.

notes
string <= 5000 characters

Additional notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Supplier lot record for incoming material tracking.

required
object

Request samples

Content type
application/json
{
  • "lotId": "string",
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "lotNumber": "string",
  • "batchNumber": "string",
  • "productName": "string",
  • "productCode": "string",
  • "description": "string",
  • "status": "received",
  • "quantityReceived": 0,
  • "quantityUnit": "string",
  • "receivedDate": "2019-08-24",
  • "expiryDate": "2019-08-24",
  • "certificateOfAnalysis": "string",
  • "certificateOfConformance": "string",
  • "inspectionStatus": "pending",
  • "linkedInspectionId": "0edf4a40-25e8-47fb-a973-378e5f727620",
  • "linkedNcrId": "a25b8858-84bc-4462-ae21-a03ed506f278",
  • "storageLocation": "string",
  • "isQuarantined": true,
  • "quarantineReason": "string",
  • "disposition": "accept",
  • "dispositionDate": "2019-08-24",
  • "dispositionBy": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get supplierlot

Returns a single supplierlot by identifier.

Authorizations:
bearerAuth
path Parameters
lotId
required
string <uuid>

Supplier lot UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Supplier lot record for incoming material tracking.

required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update supplierlot

Applies a partial update to an existing supplierlot.

Authorizations:
bearerAuth
path Parameters
lotId
required
string <uuid>

Supplier lot UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
lotId
string [ 1 .. 80 ] characters

Human-readable lot ID.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked supplier.

lotNumber
string [ 1 .. 100 ] characters

Supplier lot number.

batchNumber
string <= 100 characters

Supplier batch number.

productName
string [ 1 .. 255 ] characters

Product or material name.

productCode
string <= 100 characters

Product or material code.

description
string <= 5000 characters

Lot description.

status
string
Enum: "received" "quarantined" "released" "rejected" "returned" "consumed" "expired" "recalled"

Current lot status.

quantityReceived
number

Quantity received.

quantityUnit
string <= 50 characters

Unit of measure for quantity.

receivedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date the lot was received.

expiryDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Lot expiry date.

certificateOfAnalysis
string <= 500 characters

Certificate of analysis reference.

certificateOfConformance
string <= 500 characters

Certificate of conformance reference.

inspectionStatus
string
Enum: "pending" "passed" "failed" "waived"

Incoming inspection status.

linkedInspectionId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked inspection record.

linkedNcrId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked NCR for rejected lots.

storageLocation
string <= 255 characters

Storage location.

isQuarantined
boolean

Whether the lot is currently quarantined.

quarantineReason
string <= 2000 characters

Reason for quarantine.

disposition
string
Enum: "accept" "reject" "return_to_supplier" "rework" "scrap" "use_as_is"

Disposition decision.

dispositionDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date of disposition decision.

dispositionBy
string [ 1 .. 128 ] characters

User who made the disposition decision.

notes
string <= 5000 characters

Additional notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Supplier lot record for incoming material tracking.

required
object

Request samples

Content type
application/json
{
  • "lotId": "string",
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "lotNumber": "string",
  • "batchNumber": "string",
  • "productName": "string",
  • "productCode": "string",
  • "description": "string",
  • "status": "received",
  • "quantityReceived": 0,
  • "quantityUnit": "string",
  • "receivedDate": "2019-08-24",
  • "expiryDate": "2019-08-24",
  • "certificateOfAnalysis": "string",
  • "certificateOfConformance": "string",
  • "inspectionStatus": "pending",
  • "linkedInspectionId": "0edf4a40-25e8-47fb-a973-378e5f727620",
  • "linkedNcrId": "a25b8858-84bc-4462-ae21-a03ed506f278",
  • "storageLocation": "string",
  • "isQuarantined": true,
  • "quarantineReason": "string",
  • "disposition": "accept",
  • "dispositionDate": "2019-08-24",
  • "dispositionBy": "string",
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

RecallEvents

Product recall event management and tracking with severity and status workflows.

List recallevents

Returns a cursor-paginated collection of recallevents.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "initiated" "investigating" "containment" "notification" "remediation" "monitoring" "closed"

Filter by status.

severity
string
Enum: "low" "medium" "high" "critical"

Filter by severity.

recallType
string
Enum: "supplier" "internal" "customer" "regulatory"

Filter by recall type.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by supplier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create recallevent

Creates a recallevent within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
recallId
required
string [ 1 .. 80 ] characters

Human-readable recall event ID.

title
required
string [ 1 .. 255 ] characters

Recall event title.

description
string <= 5000 characters

Detailed recall description.

recallType
required
string
Enum: "supplier" "internal" "customer" "regulatory"

Type of recall.

status
required
string
Enum: "initiated" "investigating" "containment" "notification" "remediation" "monitoring" "closed"

Current recall status.

severity
required
string
Enum: "low" "medium" "high" "critical"

Recall severity level.

initiatedDate
required
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date the recall was initiated.

closedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date the recall was closed.

recallReference
string <= 255 characters

External recall reference number.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked supplier if supplier-initiated.

affectedLotIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

UUIDs of affected supplier lots.

affectedProductNames
Array of strings

Names of affected products.

affectedQuantity
number

Total affected quantity.

affectedQuantityUnit
string <= 50 characters

Unit of measure for affected quantity.

rootCause
string <= 5000 characters

Root cause analysis.

containmentActions
string <= 5000 characters

Containment actions taken.

correctiveActions
string <= 5000 characters

Corrective actions planned or taken.

customerNotificationRequired
required
boolean

Whether customer notification is required.

customerNotificationDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date customer was notified.

regulatoryNotificationRequired
required
boolean

Whether regulatory notification is required.

regulatoryNotificationDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date regulator was notified.

regulatoryReference
string <= 255 characters

Regulatory notification reference.

linkedComplaintIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

UUIDs of linked complaints.

linkedNcrIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

UUIDs of linked NCRs.

notes
string <= 5000 characters

Additional notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Product/material recall event record.

required
object

Request samples

Content type
application/json
{
  • "recallId": "string",
  • "title": "string",
  • "description": "string",
  • "recallType": "supplier",
  • "status": "initiated",
  • "severity": "low",
  • "initiatedDate": "2019-08-24",
  • "closedDate": "2019-08-24",
  • "recallReference": "string",
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "affectedLotIds": [
    ],
  • "affectedProductNames": [
    ],
  • "affectedQuantity": 0,
  • "affectedQuantityUnit": "string",
  • "rootCause": "string",
  • "containmentActions": "string",
  • "correctiveActions": "string",
  • "customerNotificationRequired": true,
  • "customerNotificationDate": "2019-08-24",
  • "regulatoryNotificationRequired": true,
  • "regulatoryNotificationDate": "2019-08-24",
  • "regulatoryReference": "string",
  • "linkedComplaintIds": [
    ],
  • "linkedNcrIds": [
    ],
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get recallevent

Returns a single recallevent by identifier.

Authorizations:
bearerAuth
path Parameters
recallId
required
string <uuid>

Recall event UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Product/material recall event record.

required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update recallevent

Applies a partial update to an existing recallevent.

Authorizations:
bearerAuth
path Parameters
recallId
required
string <uuid>

Recall event UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
recallId
string [ 1 .. 80 ] characters

Human-readable recall event ID.

title
string [ 1 .. 255 ] characters

Recall event title.

description
string <= 5000 characters

Detailed recall description.

recallType
string
Enum: "supplier" "internal" "customer" "regulatory"

Type of recall.

status
string
Enum: "initiated" "investigating" "containment" "notification" "remediation" "monitoring" "closed"

Current recall status.

severity
string
Enum: "low" "medium" "high" "critical"

Recall severity level.

initiatedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date the recall was initiated.

closedDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date the recall was closed.

recallReference
string <= 255 characters

External recall reference number.

supplierId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Linked supplier if supplier-initiated.

affectedLotIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

UUIDs of affected supplier lots.

affectedProductNames
Array of strings

Names of affected products.

affectedQuantity
number

Total affected quantity.

affectedQuantityUnit
string <= 50 characters

Unit of measure for affected quantity.

rootCause
string <= 5000 characters

Root cause analysis.

containmentActions
string <= 5000 characters

Containment actions taken.

correctiveActions
string <= 5000 characters

Corrective actions planned or taken.

customerNotificationRequired
boolean

Whether customer notification is required.

customerNotificationDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date customer was notified.

regulatoryNotificationRequired
boolean

Whether regulatory notification is required.

regulatoryNotificationDate
string <date> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Date regulator was notified.

regulatoryReference
string <= 255 characters

Regulatory notification reference.

linkedComplaintIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

UUIDs of linked complaints.

linkedNcrIds
Array of strings <uuid> [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

UUIDs of linked NCRs.

notes
string <= 5000 characters

Additional notes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Product/material recall event record.

required
object

Request samples

Content type
application/json
{
  • "recallId": "string",
  • "title": "string",
  • "description": "string",
  • "recallType": "supplier",
  • "status": "initiated",
  • "severity": "low",
  • "initiatedDate": "2019-08-24",
  • "closedDate": "2019-08-24",
  • "recallReference": "string",
  • "supplierId": "e01eb4c4-8eb9-4fb7-b625-61f58c6148db",
  • "affectedLotIds": [
    ],
  • "affectedProductNames": [
    ],
  • "affectedQuantity": 0,
  • "affectedQuantityUnit": "string",
  • "rootCause": "string",
  • "containmentActions": "string",
  • "correctiveActions": "string",
  • "customerNotificationRequired": true,
  • "customerNotificationDate": "2019-08-24",
  • "regulatoryNotificationRequired": true,
  • "regulatoryNotificationDate": "2019-08-24",
  • "regulatoryReference": "string",
  • "linkedComplaintIds": [
    ],
  • "linkedNcrIds": [
    ],
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

BulkOperations

Bulk action execution and audit trail for batch processing across registers.

Execute bulk operation

Execute a bulk action on multiple items. Maximum 100 items per request. Each item is processed independently — partial failures are reported per item.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
operationType
required
string
Enum: "approve" "reject" "reassign" "change_status" "change_priority" "extend_due_date" "delegate" "delete" "acknowledge"

The bulk action to perform.

entityType
required
string [ 1 .. 64 ] characters

Entity type being operated on.

itemIds
required
Array of strings <uuid> [ 1 .. 100 ] items [ items <uuid >^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA... ]

IDs of items to process. Maximum 100 per request.

object

Action-specific parameters.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Bulk operation record.

object

Response metadata.

Request samples

Content type
application/json
{
  • "operationType": "approve",
  • "entityType": "string",
  • "itemIds": [
    ],
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List bulk operations

Returns a paginated list of bulk operation audit records for the organization.

Authorizations:
bearerAuth
query Parameters
operationType
string

Filter by operation type.

entityType
string

Filter by entity type.

limit
integer [ 1 .. 100 ]

Maximum results to return.

cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects

List of bulk operation records.

object

Response metadata.

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get bulk operation details

Returns a single bulk operation audit record with per-item results.

Authorizations:
bearerAuth
path Parameters
operationId
required
string <uuid>

Bulk operation identifier

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object

Bulk operation record.

object

Response metadata.

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

AutomationRules

User-configurable automation rules that react to workflow events.

List automation rules

Returns the organization's automation rules, optionally filtered by trigger event or active state.

Authorizations:
bearerAuth
query Parameters
triggerEvent
string

Filter by trigger event.

isActive
boolean

Filter by active state.

limit
integer [ 1 .. 100 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create automation rule

Creates a new automation rule. The rule will fire on matching workflow events once activated.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Rule display name.

description
string <= 1000 characters

Optional rule description.

triggerEvent
required
string [ 1 .. 128 ] characters

Workflow event type that fires this rule.

required
object or any

Condition tree evaluated against the triggering event payload.

required
Array of objects [ 1 .. 20 ] items

At least one action (max 20).

priority
integer [ 0 .. 9999 ]

Execution order.

isActive
boolean

Whether to activate the rule immediately.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "triggerEvent": "string",
  • "conditions": {
    },
  • "actions": [
    ],
  • "priority": 9999,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get automation rule

Returns a single automation rule by identifier.

Authorizations:
bearerAuth
path Parameters
ruleId
required
string <uuid>

Automation rule identifier

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update automation rule

Updates an existing automation rule. Each update creates a new version snapshot.

Authorizations:
bearerAuth
path Parameters
ruleId
required
string <uuid>

Automation rule identifier

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Rule display name.

description
string <= 1000 characters

Optional rule description.

triggerEvent
string [ 1 .. 128 ] characters

Workflow event type that fires this rule.

object or any

Condition tree evaluated against the triggering event payload.

Array of objects [ 1 .. 20 ] items

At least one action (max 20).

priority
integer [ 0 .. 9999 ]

Execution order.

isActive
boolean

Whether to activate the rule immediately.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "triggerEvent": "string",
  • "conditions": {
    },
  • "actions": [
    ],
  • "priority": 9999,
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List rule executions

Returns the automation rule execution audit log for the organization.

Authorizations:
bearerAuth
query Parameters
ruleId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by rule.

triggerEvent
string

Filter by event type.

conditionsMet
boolean

Filter by match outcome.

limit
integer [ 1 .. 200 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Workflows

Visual workflow definitions and executing instances.

List workflow definitions

Returns all workflow definitions for the organization, optionally filtered by entity type or active state.

Authorizations:
bearerAuth
query Parameters
entityType
string

Filter by entity type.

isActive
boolean

Filter by active state.

isDraft
boolean

Filter by draft state.

limit
integer [ 1 .. 100 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create workflow definition

Creates a new workflow definition in draft status. Only draft workflows can be edited.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters
description
string <= 1000 characters
entityType
required
string [ 1 .. 64 ] characters
triggerStatusFrom
string <= 64 characters
triggerStatusTo
string <= 64 characters
required
object

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "string",
  • "triggerStatusFrom": "string",
  • "triggerStatusTo": "string",
  • "graph": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get workflow definition

Returns a single workflow definition by identifier.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Workflow definition identifier

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update workflow definition

Updates a draft workflow definition. Active workflows are immutable; create a new draft version to make changes.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Workflow definition identifier

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters
description
string <= 1000 characters
entityType
string [ 1 .. 64 ] characters
triggerStatusFrom
string <= 64 characters
triggerStatusTo
string <= 64 characters
object

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "string",
  • "triggerStatusFrom": "string",
  • "triggerStatusTo": "string",
  • "graph": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Activate workflow definition

Validates the workflow graph and activates the definition. Any previously active version for the same entity/trigger pair is deactivated.

Authorizations:
bearerAuth
path Parameters
definitionId
required
string <uuid>

Workflow definition identifier

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List workflow instances

Returns executing and historical workflow instances for the organization.

Authorizations:
bearerAuth
query Parameters
status
string
Enum: "active" "completed" "rejected" "cancelled" "error"
entityType
string
entityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

definitionId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

limit
integer [ 1 .. 200 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

WorkflowChains

Reusable multi-entity workflow chain templates and their executing instances.

List chain templates

Returns chain templates owned by the organization, plus system templates by default.

Authorizations:
bearerAuth
query Parameters
category
string
Enum: "complaint" "nonconformance" "audit_finding" "change_control" "deviation" "supplier_corrective_action" "general"
triggerEntityType
string
isActive
boolean
includeSystem
boolean
limit
integer [ 1 .. 100 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create chain template

Creates a new chain template. Only user-owned templates can be created; system templates are immutable.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters
description
string <= 1000 characters
category
required
string
Enum: "complaint" "nonconformance" "audit_finding" "change_control" "deviation" "supplier_corrective_action" "general"
triggerEntityType
required
string [ 1 .. 64 ] characters
triggerConditions
any
required
Array of objects [ 1 .. 20 ] items

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "category": "complaint",
  • "triggerEntityType": "string",
  • "triggerConditions": null,
  • "steps": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get chain template

Returns a single chain template by identifier.

Authorizations:
bearerAuth
path Parameters
templateId
required
string <uuid>

Chain template identifier

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update chain template

Updates a user-owned chain template. System templates cannot be modified.

Authorizations:
bearerAuth
path Parameters
templateId
required
string <uuid>

Chain template identifier

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters
description
string <= 1000 characters
category
string
Enum: "complaint" "nonconformance" "audit_finding" "change_control" "deviation" "supplier_corrective_action" "general"
triggerEntityType
string [ 1 .. 64 ] characters
triggerConditions
any
Array of objects [ 1 .. 20 ] items

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "category": "complaint",
  • "triggerEntityType": "string",
  • "triggerConditions": null,
  • "steps": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Duplicate chain template

Clones a template (including system templates) into a new org-owned draft.

Authorizations:
bearerAuth
path Parameters
templateId
required
string <uuid>

Chain template identifier

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List chain instances

Returns executing and historical chain instances for the organization.

Authorizations:
bearerAuth
query Parameters
status
string
Enum: "active" "completed" "cancelled" "error"
rootEntityType
string
rootEntityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

templateId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

limit
integer [ 1 .. 200 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Start a chain instance

Starts a new chain instance against a root entity using the specified template.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
templateId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Chain template to instantiate.

rootEntityType
required
string [ 1 .. 64 ] characters

Entity type that starts the chain.

rootEntityId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Entity instance that the chain will run against.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "templateId": "196100ac-4eec-4fb6-a7f7-86c8b584771d",
  • "rootEntityType": "string",
  • "rootEntityId": "ffcdb974-7dd1-4727-b1cd-39415010f491"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

InboundEvents

Inbound event gateway — accept events from external systems and route them through automation rules.

Receive an inbound event

Accept an event pushed by an external system. The gateway authenticates the source, optionally verifies an HMAC signature or IP allowlist, validates the payload against the registered schema, applies field mappings, records an audit row, and dispatches to the automation rule engine.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
event_type
string [ 1 .. 128 ] characters

Event type identifier. May also be supplied via the X-Event-Type header.

event_id
string [ 8 .. 255 ] characters

Unique event identifier used for idempotency.

timestamp
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Event timestamp emitted by the source system.

object

Event-specific payload fields.

property name*
additional property
any

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
status
required
string
Enum: "accepted" "duplicate"

Pipeline outcome for this delivery.

deliveryId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Identifier of the audit row created for this delivery.

eventType
required
string

Event type identifier echoed back.

internalEventType
string

Internal workflow event type emitted.

object

Entity auto-created as a result of this delivery.

object

Request samples

Content type
application/json
{
  • "event_type": "string",
  • "event_id": "stringst",
  • "timestamp": "2019-08-24T14:15:22Z",
  • "data": {
    },
  • "property1": null,
  • "property2": null
}

Response samples

Content type
application/json
{
  • "status": "accepted",
  • "deliveryId": "73dc828d-801d-4d29-b7e4-e046662a5901",
  • "eventType": "string",
  • "internalEventType": "string",
  • "autoCreatedEntity": {
    },
  • "meta": {
    }
}

List inboundeventsources

Returns a cursor-paginated collection of inboundeventsources.

Authorizations:
bearerAuth
query Parameters
isActive
boolean

Filter by active state.

limit
integer [ 1 .. 100 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create inboundeventsource

Creates a inboundeventsource within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Human-readable source name.

description
string <= 1000 characters

Operator-facing description.

verificationMode
required
string
Enum: "api_key_only" "hmac_signature" "ip_allowlist"

How inbound requests from this source are authenticated.

signingSecret
string [ 16 .. 256 ] characters

HMAC signing secret; auto-generated if omitted in hmac mode.

allowedIps
Array of strings <= 20 items [ items [ 1 .. 64 ] characters ]

CIDR allowlist applied when verification mode is ip_allowlist.

apiKeyId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

API key bound to this source.

isActive
boolean

Whether to activate the source immediately.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "verificationMode": "api_key_only",
  • "signingSecret": "stringstringstri",
  • "allowedIps": [
    ],
  • "apiKeyId": "37ba0474-c0bb-4910-bfb5-d6cebb614366",
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get inboundeventsource

Returns a single inboundeventsource by identifier.

Authorizations:
bearerAuth
path Parameters
sourceId
required
string <uuid>

Inbound event source identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update inboundeventsource

Applies a partial update to an existing inboundeventsource.

Authorizations:
bearerAuth
path Parameters
sourceId
required
string <uuid>

Inbound event source identifier.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Human-readable source name.

description
string <= 1000 characters

Operator-facing description.

verificationMode
string
Enum: "api_key_only" "hmac_signature" "ip_allowlist"

How inbound requests from this source are authenticated.

signingSecret
string [ 16 .. 256 ] characters

HMAC signing secret; auto-generated if omitted in hmac mode.

allowedIps
Array of strings <= 20 items [ items [ 1 .. 64 ] characters ]

CIDR allowlist applied when verification mode is ip_allowlist.

apiKeyId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

API key bound to this source.

isActive
boolean

Whether to activate the source immediately.

rotateSigningSecret
boolean

Regenerate the signing secret on save.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "verificationMode": "api_key_only",
  • "signingSecret": "stringstringstri",
  • "allowedIps": [
    ],
  • "apiKeyId": "37ba0474-c0bb-4910-bfb5-d6cebb614366",
  • "isActive": true,
  • "rotateSigningSecret": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List inboundeventtypes

Returns a cursor-paginated collection of inboundeventtypes.

Authorizations:
bearerAuth
query Parameters
sourceId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by source.

isActive
boolean

Filter by active state.

limit
integer [ 1 .. 100 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create inboundeventtype

Creates a inboundeventtype within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
sourceId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Source that will emit events of this type.

eventTypeKey
required
string [ 1 .. 128 ] characters

External event type identifier.

description
string <= 1000 characters

Operator-facing description.

object

Optional JSON Schema used to validate inbound payloads.

object

Field mapping configuration.

internalEventType
string <= 128 characters

Workflow event type emitted after dispatch. Defaults to custom:webhook_received.

autoCreateEntity
boolean

Whether to auto-create a QMS entity on dispatch.

object

Auto-create configuration.

isActive
boolean

Whether to activate the event type immediately.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "sourceId": "797f5a94-3689-4ac8-82fd-d749511ea2b2",
  • "eventTypeKey": "string",
  • "description": "string",
  • "payloadSchema": {
    },
  • "transformation": {
    },
  • "internalEventType": "string",
  • "autoCreateEntity": true,
  • "autoCreateConfig": {
    },
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get inboundeventtype

Returns a single inboundeventtype by identifier.

Authorizations:
bearerAuth
path Parameters
typeId
required
string <uuid>

Inbound event type identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update inboundeventtype

Applies a partial update to an existing inboundeventtype.

Authorizations:
bearerAuth
path Parameters
typeId
required
string <uuid>

Inbound event type identifier.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
sourceId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Source that will emit events of this type.

eventTypeKey
string [ 1 .. 128 ] characters

External event type identifier.

description
string <= 1000 characters

Operator-facing description.

object

Optional JSON Schema used to validate inbound payloads.

object

Field mapping configuration.

internalEventType
string <= 128 characters

Workflow event type emitted after dispatch. Defaults to custom:webhook_received.

autoCreateEntity
boolean

Whether to auto-create a QMS entity on dispatch.

object

Auto-create configuration.

isActive
boolean

Whether to activate the event type immediately.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "sourceId": "797f5a94-3689-4ac8-82fd-d749511ea2b2",
  • "eventTypeKey": "string",
  • "description": "string",
  • "payloadSchema": {
    },
  • "transformation": {
    },
  • "internalEventType": "string",
  • "autoCreateEntity": true,
  • "autoCreateConfig": {
    },
  • "isActive": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List inbound deliveries

Returns an audit log of inbound events received by the gateway with raw and transformed payloads, dispatch status, and processing metrics.

Authorizations:
bearerAuth
query Parameters
sourceId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by source.

eventTypeKey
string

Filter by event type key.

status
string
Enum: "received" "validated" "transformed" "dispatched" "failed" "rejected" "duplicate"

Filter by delivery status.

fromDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Return deliveries received at or after this timestamp.

toDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Return deliveries received at or before this timestamp.

limit
integer [ 1 .. 200 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get inbound delivery

Returns a single inbound delivery including raw payload, transformed payload, and any auto-created entity reference.

Authorizations:
bearerAuth
path Parameters
deliveryId
required
string <uuid>

Inbound delivery identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

ProcessMapLinking

Process map live data linking — bind diagram nodes to QMS entities and surface per-node health.

Get process map health

Returns cached per-node health plus an aggregate summary for the whole process map. Call the refresh endpoint to recompute.

Authorizations:
bearerAuth
path Parameters
processMapId
required
string <uuid>

Process map identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Refresh process map health

Recomputes health for every node with at least one link, writes the result to the health cache, and returns the updated records. Stale cache rows for nodes not present in nodeIds are pruned.

Authorizations:
bearerAuth
path Parameters
processMapId
required
string <uuid>

Process map identifier.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
nodeIds
required
Array of strings [ 0 .. 500 ] items [ items [ 1 .. 255 ] characters ]

Current node IDs in the process map graph. Stale cache rows for other node IDs are pruned.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "nodeIds": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

RemediationFlows

Guided remediation flows — step-by-step templates and per-entity flow progress.

List remediationflowtemplates

Returns a cursor-paginated collection of remediationflowtemplates.

Authorizations:
bearerAuth
query Parameters
entityType
string
Enum: "non_conformity" "capa" "complaint" "quality_event" "audit_finding" "change_request" "supplier_corrective_action"

Filter by entity type.

isSystem
boolean

Filter system vs org templates.

isActive
boolean

Filter by active state.

limit
integer [ 1 .. 100 ]
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create remediationflowtemplate

Creates a remediationflowtemplate within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters

Template name.

description
string <= 2000 characters

Operator description.

entityType
required
string
Enum: "non_conformity" "capa" "complaint" "quality_event" "audit_finding" "change_request" "supplier_corrective_action"

Entity type a remediation flow applies to.

object

Reuses the Epic 04 condition expression shape.

required
Array of objects [ 1 .. 25 ] items

Step definitions.

isActive
boolean

Defaults to true.

sortOrder
integer [ 0 .. 10000 ]

Defaults to 100.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "non_conformity",
  • "matchConditions": {
    },
  • "steps": [
    ],
  • "isActive": true,
  • "sortOrder": 10000
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get remediationflowtemplate

Returns a single remediationflowtemplate by identifier.

Authorizations:
bearerAuth
path Parameters
templateId
required
string <uuid>

Remediation flow template identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update remediationflowtemplate

Applies a partial update to an existing remediationflowtemplate.

Authorizations:
bearerAuth
path Parameters
templateId
required
string <uuid>

Remediation flow template identifier.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters

Template name.

description
string <= 2000 characters

Operator description.

entityType
string
Enum: "non_conformity" "capa" "complaint" "quality_event" "audit_finding" "change_request" "supplier_corrective_action"

Entity type a remediation flow applies to.

object

Reuses the Epic 04 condition expression shape.

Array of objects [ 1 .. 25 ] items

Step definitions.

isActive
boolean

Defaults to true.

sortOrder
integer [ 0 .. 10000 ]

Defaults to 100.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "entityType": "non_conformity",
  • "matchConditions": {
    },
  • "steps": [
    ],
  • "isActive": true,
  • "sortOrder": 10000
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get active remediation flow for an entity

Returns the currently active remediation flow for a given entity or null if no flow is active.

Authorizations:
bearerAuth
path Parameters
entityType
required
string <uuid>

QMS entity type (non_conformity, capa, complaint, etc.).

entityId
required
string <uuid>

Target entity identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object or null

Flow instance or null when no template matched.

object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Start a remediation flow

Starts a remediation flow for an entity. Supply a template id to pick one explicitly, or omit to let the server auto-select the highest-priority matching template. Returns null when no template applies.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
templateId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Force a specific template; omit to auto-select via match conditions.

entityType
required
string
Enum: "non_conformity" "capa" "complaint" "quality_event" "audit_finding" "change_request" "supplier_corrective_action"

Entity type a remediation flow applies to.

entityId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object or null

Flow instance or null when no template matched.

object

Request samples

Content type
application/json
{
  • "templateId": "196100ac-4eec-4fb6-a7f7-86c8b584771d",
  • "entityType": "non_conformity",
  • "entityId": "156e622c-6cdf-4c27-9bc9-2f2db69919f5"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update progress for a step

Updates checklist state and/or notes for a step inside an active remediation flow. Does not advance the flow.

Authorizations:
bearerAuth
path Parameters
flowId
required
string <uuid>

Remediation flow instance identifier.

stepId
required
string <uuid>

Step identifier inside the template steps array.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
object

Updated checklist state for the step.

notes
string <= 4000 characters

Updated notes for the step.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object or null

Flow instance or null when no template matched.

object

Request samples

Content type
application/json
{
  • "checklistState": {
    },
  • "notes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Mark a step complete

Completes the step after validating its completion criteria (checklist, entity status, field population, or manual). Advances the flow to the next applicable step, skipping steps whose requiredWhen condition evaluates false against current entity data.

Authorizations:
bearerAuth
path Parameters
flowId
required
string <uuid>

Remediation flow instance identifier.

stepId
required
string <uuid>

Step identifier inside the template steps array.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
force
boolean

Reserved for future use; currently ignored.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object or null

Flow instance or null when no template matched.

object

Request samples

Content type
application/json
{
  • "force": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

EmailSenders

Connected email-sending identities — list, read, and update non-secret metadata. Credential-bearing operations (create, rotate, delete) stay in-app only.

List email senders

Returns a cursor-paginated collection of email senders for the caller's organization.

Authorizations:
bearerAuth
query Parameters
scope
string
Enum: "user" "org" "platform"

Filter by sender scope (user / org / platform).

kind
string
Enum: "smtp" "microsoft_oauth" "gmail_oauth" "platform_ses"

Filter by provider kind.

isDefaultOrg
boolean

Filter to the org-default sender only.

limit
integer [ 1 .. 100 ]

Maximum rows to return.

cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get email sender

Returns a single email sender. Credentials are never included — they are kept in Supabase Vault.

Authorizations:
bearerAuth
path Parameters
senderId
required
string <uuid>

Email sender UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update email sender metadata

Updates non-secret metadata on an email sender — display name, reply-to, and default-sender flag. Passwords, OAuth tokens, and tenant consents are managed from inside the Q360 app.

Authorizations:
bearerAuth
path Parameters
senderId
required
string <uuid>

Email sender UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
string or null

Display name shown to recipients. Pass null to clear.

string or null

Reply-To override for outbound notifications. Pass null to clear.

isDefaultOrg
boolean

Mark this sender as the organization default. Only one org-scoped sender may be default at a time.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
object

Request samples

Content type
application/json
{
  • "fromName": "string",
  • "replyTo": "string",
  • "isDefaultOrg": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Email

Per-organization email templates. Each template is classified by domain (capa, document, audit, …) and kind (notification, reminder, overdue, …) so consumers can group or filter the catalog.

List emailtemplates

Returns a cursor-paginated collection of emailtemplates.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

notificationType
string

Filter by notification type.

enabled
boolean

Filter by enabled status.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create emailtemplate

Creates a emailtemplate within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
notificationType
required
string [ 1 .. 64 ] characters

Notification type key.

variantKey
string [ 1 .. 64 ] characters ^[a-z0-9_]+$

Variant slug. Defaults to "default" when omitted.

enabled
boolean

Delivery enabled flag.

required
Array of objects non-empty

Structured React Email subject parts.

required
object

React Email Editor JSON document.

compiledHtml
required
string non-empty

Compiled React Email HTML with Q360 variable markers.

compiledText
required
string non-empty

Compiled plain text with Q360 variable markers.

previewText
string

Inbox preview text.

templateVersion
number

React Email template schema version.

Value: 6
description
string <= 500 characters

Template description.

personalSenderAllowed
boolean

Whether user-scoped actor senders may be used.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "notificationType": "string",
  • "variantKey": "string",
  • "enabled": true,
  • "subjectJson": [
    ],
  • "templateJson": {
    },
  • "compiledHtml": "string",
  • "compiledText": "string",
  • "previewText": "string",
  • "templateVersion": 6,
  • "description": "string",
  • "personalSenderAllowed": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get emailtemplate

Returns a single emailtemplate by identifier.

Authorizations:
bearerAuth
path Parameters
templateId
required
string <uuid>

Email template UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update emailtemplate

Applies a partial update to an existing emailtemplate.

Authorizations:
bearerAuth
path Parameters
templateId
required
string <uuid>

Email template UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
enabled
boolean

Delivery enabled flag.

Array of objects non-empty

Structured React Email subject parts.

object

React Email Editor JSON document.

compiledHtml
string non-empty

Compiled React Email HTML with Q360 variable markers.

compiledText
string non-empty

Compiled plain text with Q360 variable markers.

previewText
string

Inbox preview text.

templateVersion
number

React Email template schema version.

Value: 6
description
string <= 500 characters

Template description.

personalSenderAllowed
boolean

Whether user-scoped actor senders may be used.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "enabled": true,
  • "subjectJson": [
    ],
  • "templateJson": {
    },
  • "compiledHtml": "string",
  • "compiledText": "string",
  • "previewText": "string",
  • "templateVersion": 6,
  • "description": "string",
  • "personalSenderAllowed": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Playbooks

Playbook instances — start, advance, pause, resume, abandon. Instances carry a pinned template version so runtime behaviour is reproducible.

List playbook instances

Cursor-paginated collection of playbook instances for the caller's organization.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "active" "paused" "completed" "abandoned"

Filter by status.

initiatedBy
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by instance initiator.

anchorEntityType
string

Filter by anchor entity type.

anchorEntityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by anchor entity ID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Start a playbook instance

Instantiates the given template, pins its version, and returns the running instance.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
templateId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Template ID to instantiate.

anchorEntityType
string [ 1 .. 64 ] characters

Entity type this instance is anchored to.

anchorEntityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Record ID this instance is anchored to.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "templateId": "196100ac-4eec-4fb6-a7f7-86c8b584771d",
  • "anchorEntityType": "string",
  • "anchorEntityId": "a773e1b8-4d96-4014-92a7-a62b991c67ee"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get playbook instance

Returns a single playbook instance by ID.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Playbook instance UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Complete a playbook step

Marks the named step complete and advances the instance per the template.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Playbook instance UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
stepId
required
string non-empty

Step identifier to mark complete.

note
string <= 2000 characters

Short note recorded with the completion.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "stepId": "string",
  • "note": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Skip a playbook step

Skips the named step with a required reason.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Playbook instance UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
stepId
required
string non-empty

Step identifier to skip.

reason
required
string [ 1 .. 500 ] characters

Required justification for skipping the step.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "stepId": "string",
  • "reason": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Pause a playbook instance

Flips status from active to paused.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Playbook instance UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Resume a paused playbook instance

Flips status from paused to active.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Playbook instance UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Abandon a playbook instance

Terminates an instance with a required reason.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Playbook instance UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
reason
required
string [ 1 .. 500 ] characters

Required justification for abandoning the instance.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "reason": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

ClauseReadiness

Standard readiness roll-up — per-standard clause coverage summary computed from QMS records and clause-requirement catalogues.

Get clause readiness for a standard

Returns the clause-by-clause readiness summary for the caller's organization and the named standard. Percentages count partial clauses as half-credit.

Authorizations:
bearerAuth
path Parameters
standardId
required
string <uuid>

Standard ID, e.g. "iso9001:2015".

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

PlaybookSuggestions

Smart-trigger playbook suggestions — list, accept (start the instance), dismiss. Gated on Business+ plans.

List playbook suggestions

Cursor-paginated collection of playbook suggestions for the caller's organization.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

status
string
Enum: "pending" "accepted" "dismissed" "expired"

Filter by status.

anchorEntityType
string

Filter by anchor entity type.

anchorEntityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by anchor entity ID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Accept a suggestion

Starts the bound playbook and marks the suggestion accepted. Returns the resulting playbook instance.

Authorizations:
bearerAuth
path Parameters
suggestionId
required
string <uuid>

Playbook suggestion UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Dismiss a suggestion

Marks the suggestion dismissed.

Authorizations:
bearerAuth
path Parameters
suggestionId
required
string <uuid>

Playbook suggestion UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

PlaybookBundleExports

Playbook evidence bundle exports — audit trail for every export created.

List playbook bundle export audit rows

Cursor-paginated collection of bundle export records for the caller's organization.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]

Maximum number of records to return.

sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

search
string [ 1 .. 200 ] characters

Case-insensitive free-text search.

instanceId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Filter by playbook instance ID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Export a playbook evidence bundle

Builds the playbook evidence bundle, records an audit row, and returns the audit row metadata. The rendered HTML is delivered separately by the in-app export flow — this endpoint records the export and is the hook that ties API consumers into the usage cap.

Authorizations:
bearerAuth
path Parameters
instanceId
required
string <uuid>

Playbook instance UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
redactPersonalData
boolean

Whether to apply the redaction banner to the bundle.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "redactPersonalData": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Document published webhook Webhook

Delivered after a controlled document transitions to Published and a publication event is recorded. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
object
required
object

Responses

Request samples

Content type
application/json
{
  • "delivery": {
    },
  • "event": {
    }
}

CAPA created webhook Webhook

Delivered after a CAPA is created or auto-generated by workflow automation. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
object
required
object

Responses

Request samples

Content type
application/json
{
  • "delivery": {
    },
  • "event": {
    }
}

Training program activated webhook Webhook

Delivered after a training program enters the active state and downstream automation can consume it. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
object
required
object

Responses

Request samples

Content type
application/json
{
  • "delivery": {
    },
  • "event": {
    }
}

Export job completed webhook Webhook

Delivered when an export job finishes successfully. Includes the full job metadata and output URL. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
object
required
object

Responses

Request samples

Content type
application/json
{
  • "delivery": {
    },
  • "event": {
    }
}

Document externally published webhook Webhook

Delivered when a controlled document is published to an external destination such as Google Drive, SharePoint, or a customer handoff package. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
object
required
object

Responses

Request samples

Content type
application/json
{
  • "delivery": {
    },
  • "event": {
    }
}

SLA breached webhook Webhook

Delivered when an approval or review SLA crosses the breach threshold. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
escalationId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Escalation record ID

entityType
required
string

Type of entity (e.g. capa, ncr)

entityId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Entity record ID

severity
required
string
Enum: "warning" "breached" "critical"

SLA severity level

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp when breach occurred

Responses

Request samples

Content type
application/json
{
  • "escalationId": "36d4450c-e33e-466e-912a-3ff655dc6900",
  • "entityType": "string",
  • "entityId": "156e622c-6cdf-4c27-9bc9-2f2db69919f5",
  • "severity": "warning",
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Approval escalated webhook Webhook

Delivered when a stuck approval is escalated to a backup approver or manager. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
escalationId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Escalation record ID

entityType
required
string

Type of entity requiring approval

entityId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Entity record ID

escalatedTo
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

User ID to whom escalation was sent

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp when escalation occurred

Responses

Request samples

Content type
application/json
{
  • "escalationId": "36d4450c-e33e-466e-912a-3ff655dc6900",
  • "entityType": "string",
  • "entityId": "156e622c-6cdf-4c27-9bc9-2f2db69919f5",
  • "escalatedTo": "c8032e88-ac0e-4b32-9faa-854aaf82ca0a",
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Revision impact assessed webhook Webhook

Delivered when a document revision impact assessment is computed and confirmed. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
documentId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Document ID

assessmentId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Assessment ID

versionNumber
required
integer [ -9007199254740991 .. 9007199254740991 ]

Revision version number

required
object

Summary of impacts by category

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp when assessment was completed

Responses

Request samples

Content type
application/json
{
  • "documentId": "4704590c-004e-410d-adf7-acb7ca0a7052",
  • "assessmentId": "673a0734-83cc-415f-a672-f8ef54b2727c",
  • "versionNumber": -9007199254740991,
  • "impactSummary": {
    },
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Revision impact executed webhook Webhook

Delivered after revision impact follow-up actions are executed post-publish. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
documentId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Document ID

assessmentId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Assessment ID

versionNumber
required
integer [ -9007199254740991 .. 9007199254740991 ]

Revision version number

required
object

Count of actions performed by type

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp when impacts were executed

Responses

Request samples

Content type
application/json
{
  • "documentId": "4704590c-004e-410d-adf7-acb7ca0a7052",
  • "assessmentId": "673a0734-83cc-415f-a672-f8ef54b2727c",
  • "versionNumber": -9007199254740991,
  • "resultCounts": {
    },
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Legal hold placed webhook Webhook

Delivered when a legal or investigation hold is placed on one or more QMS artifacts. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
holdId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Hold ID

holdName
required
string

Hold name

holdType
required
string
Enum: "legal" "investigation" "regulatory" "litigation"

Type of hold

itemCount
required
integer [ -9007199254740991 .. 9007199254740991 ]

Number of artifacts affected

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the hold was placed

Responses

Request samples

Content type
application/json
{
  • "holdId": "05363803-5510-4d71-8d1f-307021f9ad73",
  • "holdName": "string",
  • "holdType": "legal",
  • "itemCount": -9007199254740991,
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Legal hold released webhook Webhook

Delivered when a legal hold is released and held artifacts are unfrozen. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
holdId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Hold ID

holdName
required
string

Hold name

releasedBy
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

User ID who released the hold

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the hold was released

Responses

Request samples

Content type
application/json
{
  • "holdId": "05363803-5510-4d71-8d1f-307021f9ad73",
  • "holdName": "string",
  • "releasedBy": "a2085a74-d82f-4659-8839-785d40e6c409",
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Archive record created webhook Webhook

Delivered when a QMS artifact is archived for retention or lifecycle management. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
archiveRecordId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Archive record ID

artifactType
required
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Type of artifact archived

artifactId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

ID of the archived artifact

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the archive was created

Responses

Request samples

Content type
application/json
{
  • "archiveRecordId": "7903b6ed-562a-4d29-a903-77db4f9b86b6",
  • "artifactType": "document",
  • "artifactId": "706a3f1e-c357-4634-b1bf-20c221b5bb4e",
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Deletion executed webhook Webhook

Delivered when a defensible deletion request is executed and the artifact is removed. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
deletionRequestId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Deletion request ID

artifactType
required
string
Enum: "document" "evidence" "export" "capa" "ncr" "audit" "training_record"

Type of artifact deleted

artifactId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

ID of the deleted artifact

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the deletion was executed

Responses

Request samples

Content type
application/json
{
  • "deletionRequestId": "8b89ef41-d1db-42e9-b0b4-92660989dab7",
  • "artifactType": "document",
  • "artifactId": "706a3f1e-c357-4634-b1bf-20c221b5bb4e",
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Competency defined webhook Webhook

Delivered when a new competency definition is created in the org library. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
eventType
required
string
Value: "competency.defined"
occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

organizationId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

required
object

Responses

Request samples

Content type
application/json
{
  • "eventType": "competency.defined",
  • "occurredAt": "2019-08-24T14:15:22Z",
  • "organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
  • "data": {
    }
}

Competency assessed webhook Webhook

Delivered when a member is assessed against a competency. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
eventType
required
string
Value: "competency.assessed"
occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

organizationId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

required
object

Responses

Request samples

Content type
application/json
{
  • "eventType": "competency.assessed",
  • "occurredAt": "2019-08-24T14:15:22Z",
  • "organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
  • "data": {
    }
}

Competency expired webhook Webhook

Delivered when a previously valid competency assessment crosses its expiry date. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
eventType
required
string
Value: "competency.expired"
occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

organizationId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

required
object

Responses

Request samples

Content type
application/json
{
  • "eventType": "competency.expired",
  • "occurredAt": "2019-08-24T14:15:22Z",
  • "organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
  • "data": {
    }
}

Competency gap detected webhook Webhook

Delivered when a mandatory role-competency requirement is unmet for a member. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
eventType
required
string
Value: "competency.gap_detected"
occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

organizationId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

required
object

Responses

Request samples

Content type
application/json
{
  • "eventType": "competency.gap_detected",
  • "occurredAt": "2019-08-24T14:15:22Z",
  • "organizationId": "7bc05553-4b68-44e8-b7bc-37be63c6d9e9",
  • "data": {
    }
}

Inbound event received webhook Webhook

Delivered when the inbound event gateway successfully processes and dispatches an external event. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
deliveryId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Inbound delivery audit row identifier.

sourceId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Registered source that posted the event.

sourceName
required
string

Operator-configured source name.

eventTypeKey
required
string

External event type identifier.

internalEventType
required
string

Workflow event type emitted for this delivery.

object

Entity auto-created from the delivery, if configured.

required
object

Transformed payload dispatched to the workflow bus.

Responses

Request samples

Content type
application/json
{
  • "deliveryId": "73dc828d-801d-4d29-b7e4-e046662a5901",
  • "sourceId": "797f5a94-3689-4ac8-82fd-d749511ea2b2",
  • "sourceName": "string",
  • "eventTypeKey": "string",
  • "internalEventType": "string",
  • "autoCreatedEntity": {
    },
  • "payload": {
    }
}

Inbound event failed webhook Webhook

Delivered when the inbound event gateway rejects or fails to process an external event (schema validation failure, HMAC mismatch, etc.). Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
deliveryId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Audit row identifier (may be absent if recording failed).

sourceId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Source that the failed event was attributed to.

eventTypeKey
required
string

External event type identifier.

reason
required
string

Reason for failure (e.g. schema_validation_failed).

Array of objects

Per-field error detail when validation fails.

Responses

Request samples

Content type
application/json
{
  • "deliveryId": "73dc828d-801d-4d29-b7e4-e046662a5901",
  • "sourceId": "797f5a94-3689-4ac8-82fd-d749511ea2b2",
  • "eventTypeKey": "string",
  • "reason": "string",
  • "errors": [
    ]
}

Process map node health degraded webhook Webhook

Delivered when a process map node transitions from healthy or warning into a worse status (warning or critical) after a refresh. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
processMapId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Process map whose health changed.

nodeId
required
string

Node whose status transitioned.

previousStatus
required
string
Enum: "healthy" "warning" "critical" "unknown"

Status before the transition.

currentStatus
required
string
Enum: "healthy" "warning" "critical" "unknown"

Status after the transition.

issueCount
required
integer [ 0 .. 9007199254740991 ]

Number of issues on the node after transition.

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the transition was detected.

Responses

Request samples

Content type
application/json
{
  • "processMapId": "e422f0c9-86de-41ed-b5aa-ed7e68a5f42e",
  • "nodeId": "string",
  • "previousStatus": "healthy",
  • "currentStatus": "healthy",
  • "issueCount": 9007199254740991,
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Process map node health restored webhook Webhook

Delivered when a process map node transitions from a degraded status back to healthy after a refresh. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
processMapId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Process map whose health recovered.

nodeId
required
string

Node whose status transitioned back to healthy.

previousStatus
required
string
Enum: "healthy" "warning" "critical" "unknown"

Status before the transition.

currentStatus
required
string
Enum: "healthy" "warning" "critical" "unknown"

Status after the transition.

occurredAt
required
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

When the recovery was detected.

Responses

Request samples

Content type
application/json
{
  • "processMapId": "e422f0c9-86de-41ed-b5aa-ed7e68a5f42e",
  • "nodeId": "string",
  • "previousStatus": "healthy",
  • "currentStatus": "healthy",
  • "occurredAt": "2019-08-24T14:15:22Z"
}

Standard migrated webhook Webhook

Delivered once per organisation when a standard's published version is migrated forward (e.g. qspp:2026qspp:2027). Triggered by the version-bump migration script. Lets customer-side automation re-pull cross-reference tables or re-emit notifications. Webhook deliveries are signed using the X-Q360-Signature and X-Q360-Timestamp headers.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
object
required
object

Responses

Request samples

Content type
application/json
{
  • "delivery": {
    },
  • "event": {
    }
}

Collaboration

List externalportals

Returns a cursor-paginated collection of externalportals.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]
sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

portalType
string
Enum: "supplier" "customer" "auditor" "partner" "general"
status
string
Enum: "active" "inactive" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create externalportal

Creates a externalportal within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
required
string [ 1 .. 200 ] characters
description
string <= 2000 characters
portalType
required
string
Enum: "supplier" "customer" "auditor" "partner" "general"
allowedActions
Array of strings
requireNda
boolean
welcomeMessage
string <= 5000 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "portalType": "supplier",
  • "allowedActions": [
    ],
  • "requireNda": true,
  • "welcomeMessage": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get externalportal

Returns a single externalportal by identifier.

Authorizations:
bearerAuth
path Parameters
portalId
required
string <uuid>

External portal UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update externalportal

Applies a partial update to an existing externalportal.

Authorizations:
bearerAuth
path Parameters
portalId
required
string <uuid>

External portal UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
name
string [ 1 .. 200 ] characters
description
string <= 2000 characters
portalType
string
Enum: "supplier" "customer" "auditor" "partner" "general"
allowedActions
Array of strings
requireNda
boolean
welcomeMessage
string <= 5000 characters
status
string
Enum: "active" "inactive" "archived"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "portalType": "supplier",
  • "allowedActions": [
    ],
  • "requireNda": true,
  • "welcomeMessage": "string",
  • "status": "active"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List externalparticipants

Returns a cursor-paginated collection of externalparticipants.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]
sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

portalId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

status
string
Enum: "invited" "active" "suspended" "revoked"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create externalparticipant

Creates a externalparticipant within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
portalId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

name
required
string [ 1 .. 200 ] characters
email
required
string <email> ^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z...
company
string <= 200 characters
role
string <= 200 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "portalId": "5cadf6e5-3395-44e3-8b95-54104ab6f8b8",
  • "name": "string",
  • "email": "user@example.com",
  • "company": "string",
  • "role": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get externalparticipant

Returns a single externalparticipant by identifier.

Authorizations:
bearerAuth
path Parameters
participantId
required
string <uuid>

External participant UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update externalparticipant

Applies a partial update to an existing externalparticipant.

Authorizations:
bearerAuth
path Parameters
participantId
required
string <uuid>

External participant UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
portalId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

name
string [ 1 .. 200 ] characters
email
string <email> ^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z...
company
string <= 200 characters
role
string <= 200 characters
status
string
Enum: "invited" "active" "suspended" "revoked"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "portalId": "5cadf6e5-3395-44e3-8b95-54104ab6f8b8",
  • "name": "string",
  • "email": "user@example.com",
  • "company": "string",
  • "role": "string",
  • "status": "invited"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List portaltasks

Returns a cursor-paginated collection of portaltasks.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]
sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

portalId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

participantId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

taskType
string
Enum: "evidence_submission" "document_review" "form_response" "capa_response" "acknowledgement" "general"
status
string
Enum: "pending" "in_progress" "submitted" "accepted" "rejected" "expired"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create portaltask

Creates a portaltask within the organization resolved from the caller's API key.

Authorizations:
bearerAuth
header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
portalId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

participantId
required
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

taskType
required
string
Enum: "evidence_submission" "document_review" "form_response" "capa_response" "acknowledgement" "general"
title
required
string [ 1 .. 300 ] characters
description
string <= 5000 characters
entityType
string <= 100 characters
entityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

dueDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "portalId": "5cadf6e5-3395-44e3-8b95-54104ab6f8b8",
  • "participantId": "9f6624b5-5f99-42b6-899f-30f2b369cbd7",
  • "taskType": "evidence_submission",
  • "title": "string",
  • "description": "string",
  • "entityType": "string",
  • "entityId": "156e622c-6cdf-4c27-9bc9-2f2db69919f5",
  • "dueDate": "2019-08-24T14:15:22Z"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Get portaltask

Returns a single portaltask by identifier.

Authorizations:
bearerAuth
path Parameters
taskId
required
string <uuid>

Portal task UUID.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update portaltask

Applies a partial update to an existing portaltask.

Authorizations:
bearerAuth
path Parameters
taskId
required
string <uuid>

Portal task UUID.

header Parameters
Idempotency-Key
string [ 8 .. 255 ] characters

Optional but strongly recommended for create and update requests. Reusing the same key for the same semantic operation prevents duplicate writes.

Request Body schema: application/json
required
portalId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

participantId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

taskType
string
Enum: "evidence_submission" "document_review" "form_response" "capa_response" "acknowledgement" "general"
title
string [ 1 .. 300 ] characters
description
string <= 5000 characters
entityType
string <= 100 characters
entityId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

dueDate
string <date-time> ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[...

Timestamp in ISO 8601 UTC format.

status
string
Enum: "pending" "in_progress" "submitted" "accepted" "rejected" "expired"
reviewNotes
string <= 5000 characters

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Request samples

Content type
application/json
{
  • "portalId": "5cadf6e5-3395-44e3-8b95-54104ab6f8b8",
  • "participantId": "9f6624b5-5f99-42b6-899f-30f2b369cbd7",
  • "taskType": "evidence_submission",
  • "title": "string",
  • "description": "string",
  • "entityType": "string",
  • "entityId": "156e622c-6cdf-4c27-9bc9-2f2db69919f5",
  • "dueDate": "2019-08-24T14:15:22Z",
  • "status": "pending",
  • "reviewNotes": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List portal activity log

Returns a paginated, filterable list of external collaboration activity log entries.

Authorizations:
bearerAuth
query Parameters
cursor
string [ 1 .. 512 ] characters

Opaque pagination cursor returned by a previous list response.

limit
integer [ 1 .. 100 ]
sort
string^[A-Za-z][A-Za-z0-9_.]*:(asc|desc)$

Sort expression in the form field:asc or field:desc.

portalId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

participantId
string <uuid> ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA...

Stable UUID identifier.

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
Array of objects
required
object

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Analytics

Get QMS health snapshot

Returns an aggregated analytics snapshot across all QMS modules including CAPAs, NCRs, audits, risks, training, and compliance coverage.

Authorizations:
bearerAuth
query Parameters
dateRange
string
Enum: "last_30d" "last_90d" "last_365d" "all_time"

Responses

Response Headers
X-RateLimit-Limit
integer >= 1

Maximum number of requests permitted in the current rate limit window.

X-RateLimit-Remaining
integer >= 0

Remaining requests available in the current rate limit window.

Response Schema: application/json
required
object
required
object

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}