Getting Started
This page outlines the recommended integration flow for building an own service that communicates effectively with the Compliance Assessment Service. The objective is to deliver a consistent and user-friendly experience while leveraging the full capabilities of the backend service.
The API provides a range of endpoints designed to integrate with both existing and newly built applications. Below are the key recommendations for effective integration:
Retrieve Supported Compliance Frameworks
Use the /frameworks endpoint to fetch the list of compliance frameworks supported by the service.
Code
Use this list to present framework options to users so they can select a relevant framework to initiate assessments across multiple criteria.
Retrieve Criteria Within a Framework
Use the /framework/id/{id} endpoint to retrieve the list of criteria associated with a specific framework.
Code
This allows users to select individual criteria they wish to assess using the automated evaluation process.
Run Automated Assessments
The /assessment endpoint is the core of the service.
Code
-
Allow users to select appropriate input data (e.g., documents or URLs) before running the assessment.
-
Support the ability to reject AI-generated results and override them with human-evaluated results if necessary.
-
The effectiveness of the assessment is highly dependent on the relevance and completeness of the input data.
-
At least one input document or URL is required to initiate an assessment.
Submit Feedback on Assessment Results
For continuous improvement of the AI’s evaluation accuracy, it is essential to collect structured feedback. Use the /assessmentRating endpoint for this purpose.
Code
-
Always provide an option for users to give feedback when rejecting an assessment result.
-
Enforce a minimum character count on feedback input to ensure useful information is collected.
By following these recommendations, your application will be able to provide a robust and adaptive compliance evaluation experience powered by the Compliance Assessment Service.
For details on individual endpoints, refer to the dedicated API Reference Pages.
Quickstart: First API Call in 5 Steps
This section guides you through running your first compliance assessment using the Compliance Assessment Service.
Prerequisites
- Active contract and credentials from our team (
client_id,client_secret,username,password) - Your preferred HTTP client (e.g. curl, Postman, or code)
1. Obtaining an Access Token
To acquire an access token, clients must authenticate against the Keycloak token endpoint using the Resource Owner Password Credentials (ROPC) grant type. This is typically used in trusted applications (e.g. CLI tools, backend services) where the application itself handles user credentials.
Code
Save the access_token from the response. You'll need it for all authenticated requests.
2. List Available Compliance Frameworks
This returns a list of supported frameworks (e.g., GDPR_DPA), including their codeName and available criteria.
3. Run an Assessment
From the list of compliance frameworks and criteria, select a framework with a criterion to assess the selected material.
In this example, we will run an assessment with GDPR_DPA as framework and PLACE_OF_PROCESSING for criterion.
The received result includes the category of the provided material's GDPR compliance and an explanation (rationale) of the assessment.
Code
4. Submit Feedback (Human-in-the-Loop)
Disagree with the AI’s decision? Submit feedback to correct misclassifications and enhance model performance over time.
We can use your feedback to further improve the accuracy of future assessments.
What’s Next?
- Explore the full API Reference Page for more endpoints
- Check out Authentication for token refresh and error handling
- Need help? Contact your integration support contact