Controls API

27 operations from the external ASIRI OpenAPI surface.

Public endpoint

GET`/v1/control-framework`

List tenant controls with framework mappings and evidence status

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-frameworkPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "summary": {
      "catalogControls": 1,
      "tenantControls": 1,
      "implemented": 1,
      "needsEvidence": 1,
      "failing": 1,
      "frameworks": 1
    },
    "items": [
      {
        "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "code": "string",
        "title": "string",
        "description": "string",
        "domain": "string"
      }
    ]
  }
}

Public endpoint

GET`/v1/control-framework/:tenantControlId`

Get a control detail view with evidence, sources, and result history

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

Name	In	Required	Schema	Description
`tenantControlId`	path	yes	`string`	-

Request body

No request body.

Responses

GET/v1/control-framework/:tenantControlIdPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/{tenantControlId}' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "controlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "code": "string",
    "title": "string",
    "description": "string",
    "domain": "string"
  }
}

Public endpoint

GET`/v1/control-framework/:tenantControlId/audit-trace`

Get audit-readiness traceability for a tenant control

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

Name	In	Required	Schema	Description
`tenantControlId`	path	yes	`string`	-

Request body

No request body.

Responses

GET/v1/control-framework/:tenantControlId/audit-tracePublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/{tenantControlId}/audit-trace' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "controlCode": "string",
    "generatedAt": "2026-01-15T10:30:00.000Z",
    "summary": {
      "auditReady": true,
      "evidenceCurrent": true,
      "latestCheckPassing": true,
      "noOpenRemediation": true,
      "acceptedOrImplemented": true,
      "timelineEvents": 1
    },
    "whyAuditReady": [
      "string"
    ],
    "pendingActions": [
      "string"
    ]
  }
}

Public endpoint

GET`/v1/control-framework/:tenantControlId/intelligence`

Get cited regulatory intelligence guidance for a tenant control

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

Name	In	Required	Schema	Description
`tenantControlId`	path	yes	`string`	-

Request body

No request body.

Responses

GET/v1/control-framework/:tenantControlId/intelligencePublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/{tenantControlId}/intelligence' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "controlCode": "string",
    "controlTitle": "string",
    "riskLevel": "low",
    "ownerRole": "string",
    "whyItMatters": "string"
  }
}

Public endpoint

GET`/v1/control-framework/approval-layer`

List human approval gates for the current control audit pack

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/approval-layerPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/approval-layer' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "packType": "control_audit_pack",
    "tenantId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "generatedAt": "2026-01-15T10:30:00.000Z",
    "summary": {
      "totalRequired": 1,
      "approved": 1,
      "blockingOpen": 1,
      "readyForAuditorReview": true
    },
    "requirements": [
      {
        "id": "string",
        "role": "management",
        "title": "string",
        "description": "string",
        "status": "required",
        "blocking": true
      }
    ],
    "disclaimer": "string"
  }
}

Public endpoint

POST`/v1/control-framework/approval-layer/approvals`

Record a human approval for the current control audit pack

Requirescontrols:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

application/jsonobject

Responses

POST/v1/control-framework/approval-layer/approvalsPublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/approval-layer/approvals' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "role": "management",
  "note": "string"
}'

Example response200

application/json

{
  "data": {
    "packType": "control_audit_pack",
    "tenantId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "generatedAt": "2026-01-15T10:30:00.000Z",
    "summary": {
      "totalRequired": 1,
      "approved": 1,
      "blockingOpen": 1,
      "readyForAuditorReview": true
    },
    "requirements": [
      {
        "id": "string",
        "role": "management",
        "title": "string",
        "description": "string",
        "status": "required",
        "blocking": true
      }
    ],
    "disclaimer": "string"
  }
}

Public endpoint

GET`/v1/control-framework/audit-integrity`

Verify tamper-evident integrity of the control audit event chain

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/audit-integrityPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/audit-integrity' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "summary": {
      "totalEvents": 1,
      "sealedEvents": 1,
      "unsealedEvents": 1,
      "brokenEvents": 1,
      "headHash": "string",
      "verified": true
    },
    "events": [
      {
        "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "tenantId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "actorUserId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "objectType": "tenant_control",
        "objectId": "string",
        "action": "string"
      }
    ],
    "disclaimer": "string"
  }
}

Public endpoint

GET`/v1/control-framework/audit-pack`

Generate a JSON audit-readiness export pack for controls and evidence

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/audit-packPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/audit-pack' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "packType": "control_audit_pack",
    "generatedAt": "2026-01-15T10:30:00.000Z",
    "tenantId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "summary": {
      "readinessScore": 1,
      "totalControls": 1,
      "acceptedControls": 1,
      "openEvidenceRequests": 1,
      "overdueEvidenceRequests": 1,
      "failingControls": 1
    },
    "traceSummary": {
      "totalControls": 1,
      "tracedControls": 1,
      "traceCoverage": 1,
      "auditReadyControls": 1,
      "controlsBlockedByEvidence": 1,
      "controlsBlockedByRemediation": 1
    },
    "controlTraces": [
      {
        "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlCode": "string",
        "auditReady": true,
        "pendingActions": [
          "string"
        ],
        "sourceRunIds": [
          "string"
        ],
        "evidenceItemIds": [
          "string"
        ]
      }
    ]
  }
}

Public endpoint

POST`/v1/control-framework/audit-pack/export`

Generate a downloadable JSON or PDF audit-readiness pack

Requiresreports:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

application/jsonobject

Responses

POST/v1/control-framework/audit-pack/exportPublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/audit-pack/export' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "format": "pdf"
}'

Example response200

application/json

{
  "data": {
    "filename": "string",
    "contentType": "application/json",
    "generatedAt": "2026-01-15T10:30:00.000Z",
    "base64": "string",
    "summary": {
      "totalControls": 1,
      "auditReadyControls": 1,
      "evidenceInventoryItems": 1,
      "blockedControls": 1,
      "approvalGates": 1,
      "blockingApprovals": 1
    }
  }
}

Public endpoint

GET`/v1/control-framework/auditor-workspace`

Get read-only auditor workspace review surface

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/auditor-workspacePublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/auditor-workspace' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "mode": "read_only",
    "generatedAt": "2026-01-15T10:30:00.000Z",
    "permissions": {
      "canCreate": false,
      "canUpdate": false,
      "canDelete": false,
      "canExport": true
    },
    "summary": {
      "totalControls": 1,
      "auditReadyControls": 1,
      "blockedControls": 1,
      "evidenceInventoryItems": 1,
      "approvalBlockingOpen": 1,
      "readyForAuditorReview": true
    },
    "controls": [
      {
        "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlCode": "string",
        "controlTitle": "string",
        "domain": "string",
        "ownerUserId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "ownerRole": "string"
      }
    ],
    "blockers": [
      {
        "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlCode": "string",
        "controlTitle": "string",
        "blocker": "string"
      }
    ]
  }
}

Public endpoint

GET`/v1/control-framework/coverage`

List evidence-to-control coverage with blockers and audit-readiness status

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/coveragePublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/coverage' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "generatedAt": "2026-01-15T10:30:00.000Z",
    "summary": {
      "totalControls": 1,
      "auditReadyControls": 1,
      "blockedControls": 1,
      "evidenceCurrentControls": 1,
      "openTaskControls": 1
    },
    "items": [
      {
        "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlCode": "string",
        "controlTitle": "string",
        "domain": "string",
        "ownerUserId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "ownerRole": "string"
      }
    ]
  }
}

Public endpoint

GET`/v1/control-framework/evidence`

List tenant evidence items

Requiresevidence:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/evidencePublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/evidence' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "items": [
      {
        "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "title": "string",
        "description": "string",
        "type": "policy",
        "freshness": "current",
        "sourceName": "string"
      }
    ]
  }
}

Public endpoint

POST`/v1/control-framework/evidence`

Add an evidence item to a control

Requiresevidence:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

application/jsonobject

Responses

POST/v1/control-framework/evidencePublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/evidence' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "title": "string",
  "type": "policy",
  "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
  "sourceId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
  "description": "string",
  "externalUrl": "https://example.com"
}'

Example response201

application/json

{
  "data": {
    "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "title": "string",
    "description": "string",
    "type": "policy",
    "freshness": "current",
    "sourceName": "string"
  }
}

Public endpoint

GET`/v1/control-framework/evidence-requests`

List generated evidence requests for tenant controls

Requiresevidence:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/evidence-requestsPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/evidence-requests' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "items": [
      {
        "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "evidenceRequirementId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "evidenceItemId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlCode": "string",
        "controlTitle": "string"
      }
    ]
  }
}

Public endpoint

POST`/v1/control-framework/evidence-requests/:evidenceRequestId/review`

Review a submitted evidence request

Requiresevidence:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

Name	In	Required	Schema	Description
`evidenceRequestId`	path	yes	`string`	-

Request body

application/jsonobject

Responses

POST/v1/control-framework/evidence-requests/:evidenceRequestId/reviewPublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/evidence-requests/{evidenceRequestId}/review' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "status": "accepted",
  "reviewNote": "string"
}'

Example response200

application/json

{
  "data": {
    "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "evidenceRequirementId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "evidenceItemId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "controlCode": "string",
    "controlTitle": "string"
  }
}

Public endpoint

POST`/v1/control-framework/evidence-requests/:evidenceRequestId/submit`

Submit an evidence item for an evidence request

Requiresevidence:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

Name	In	Required	Schema	Description
`evidenceRequestId`	path	yes	`string`	-

Request body

application/jsonobject

Responses

POST/v1/control-framework/evidence-requests/:evidenceRequestId/submitPublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/evidence-requests/{evidenceRequestId}/submit' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "evidenceItemId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee"
}'

Example response200

application/json

{
  "data": {
    "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "evidenceRequirementId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "evidenceItemId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "controlCode": "string",
    "controlTitle": "string"
  }
}

Public endpoint

POST`/v1/control-framework/evidence-requests/generate`

Generate evidence requests from active control requirements

Requiresevidence:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

POST/v1/control-framework/evidence-requests/generatePublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/evidence-requests/generate' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "created": 1,
    "existing": 1
  }
}

Public endpoint

GET`/v1/control-framework/frameworks`

List active control frameworks and public assurance boundaries

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/frameworksPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/frameworks' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "items": [
      {
        "code": "string",
        "name": "string",
        "description": "string",
        "jurisdiction": "string",
        "versionLabel": "string",
        "category": "string"
      }
    ]
  }
}

Public endpoint

GET`/v1/control-framework/monitoring`

Summarise continuous monitoring signals across controls and evidence workflows

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/monitoringPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/monitoring' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "monitoredControls": 1,
    "failingControls": 1,
    "staleEvidenceControls": 1,
    "overdueEvidenceRequests": 1,
    "dueTests": 1,
    "openWorkflowTasks": 1
  }
}

Public endpoint

GET`/v1/control-framework/readiness`

Get tenant readiness summary by framework and control domain

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/readinessPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/readiness' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "score": 1,
    "totalControls": 1,
    "acceptedControls": 1,
    "openEvidenceRequests": 1,
    "overdueEvidenceRequests": 1,
    "frameworkReadiness": {
      "key": {
        "total": 1,
        "accepted": 1,
        "submitted": 1,
        "open": 1,
        "overdue": 1,
        "score": 1
      }
    }
  }
}

Public endpoint

POST`/v1/control-framework/results`

Record a control test result

Requirescontrols:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

application/jsonobject

Responses

POST/v1/control-framework/resultsPublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/results' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
  "status": "pass",
  "testId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
  "evidenceItemId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
  "message": "string",
  "failureReason": "string"
}'

Example response201

application/json

{
  "data": {
    "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "status": "pass",
    "createdAt": "2026-01-15T10:30:00.000Z",
    "completedAt": "2026-01-15T10:30:00.000Z",
    "failureReason": "string",
    "remediationGuidance": "string"
  }
}

Public endpoint

GET`/v1/control-framework/sources`

List evidence sources

Requiresevidence:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/sourcesPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/sources' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "items": [
      {
        "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "name": "string",
        "sourceType": "manual",
        "providerKey": "string",
        "status": "string",
        "lastSyncAt": "2026-01-15T10:30:00.000Z"
      }
    ]
  }
}

Public endpoint

POST`/v1/control-framework/sources`

Create an evidence source

Requiresevidence:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

application/jsonobject

Responses

POST/v1/control-framework/sourcesPublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/sources' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "string",
  "sourceType": "manual",
  "providerKey": "string",
  "description": "string"
}'

Example response201

application/json

{
  "data": {
    "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "name": "string",
    "sourceType": "manual",
    "providerKey": "string",
    "status": "string",
    "lastSyncAt": "2026-01-15T10:30:00.000Z"
  }
}

Public endpoint

GET`/v1/control-framework/test-health`

List control test health with scheduled runs and evidence counts

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/test-healthPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/test-health' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "summary": {
      "totalControls": 1,
      "failing": 1,
      "warning": 1,
      "passing": 1,
      "unknown": 1,
      "currentEvidence": 1
    },
    "items": [
      {
        "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "code": "string",
        "title": "string",
        "description": "string",
        "domain": "string"
      }
    ]
  }
}

Public endpoint

GET`/v1/control-framework/workflow-tasks`

List workflow tasks generated from control and evidence SLAs

Requirescontrols:read

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

GET/v1/control-framework/workflow-tasksPublic schema

curl --request GET \
  --url 'https://api.asiri.ng/v1/control-framework/workflow-tasks' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "items": [
      {
        "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "evidenceRequestId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
        "controlCode": "string",
        "controlTitle": "string",
        "kind": "evidence_overdue"
      }
    ]
  }
}

Public endpoint

POST`/v1/control-framework/workflow-tasks/:taskId/complete`

Complete a control workflow task

Requirescontrols:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

Name	In	Required	Schema	Description
`taskId`	path	yes	`string`	-

Request body

application/jsonobject

Responses

POST/v1/control-framework/workflow-tasks/:taskId/completePublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/workflow-tasks/{taskId}/complete' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
  "completionNote": "string"
}'

Example response200

application/json

{
  "data": {
    "id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "tenantControlId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "evidenceRequestId": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
    "controlCode": "string",
    "controlTitle": "string",
    "kind": "evidence_overdue"
  }
}

Public endpoint

POST`/v1/control-framework/workflow-tasks/enforce`

Enforce control workflow SLAs and generate overdue/escalation tasks

Requirescontrols:write

Security

bearerAuthorization: Bearer <ASIRI_API_KEY>

Parameters

No path or query parameters.

Request body

No request body.

Responses

POST/v1/control-framework/workflow-tasks/enforcePublic schema

curl --request POST \
  --url 'https://api.asiri.ng/v1/control-framework/workflow-tasks/enforce' \
  --header 'Authorization: Bearer <ASIRI_API_KEY>'

Example response200

application/json

{
  "data": {
    "overdueRequests": 1,
    "ownerAssignmentGaps": 1,
    "tasksCreated": 1,
    "tasksUpdated": 1,
    "evidenceItemsScanned": 1,
    "evidenceItemsUpdated": 1
  }
}

Controls API

GET/v1/control-framework

Security

Parameters

Request body

Responses

GET/v1/control-framework/:tenantControlId

Security

Parameters

Request body

Responses

GET/v1/control-framework/:tenantControlId/audit-trace

Security

Parameters

Request body

Responses

GET/v1/control-framework/:tenantControlId/intelligence

Security

Parameters

Request body

Responses

GET/v1/control-framework/approval-layer

Security

Parameters

Request body

Responses

POST/v1/control-framework/approval-layer/approvals

Security

Parameters

Request body

Responses

GET/v1/control-framework/audit-integrity

Security

Parameters

Request body

Responses

GET/v1/control-framework/audit-pack

Security

Parameters

Request body

Responses

POST/v1/control-framework/audit-pack/export

Security

Parameters

Request body

Responses

GET/v1/control-framework/auditor-workspace

Security

Parameters

Request body

Responses

GET/v1/control-framework/coverage

Security

Parameters

Request body

Responses

GET/v1/control-framework/evidence

Security

Parameters

Request body

Responses

POST/v1/control-framework/evidence

Security

Parameters

Request body

Responses

GET/v1/control-framework/evidence-requests

Security

Parameters

Request body

Responses

POST/v1/control-framework/evidence-requests/:evidenceRequestId/review

Security

Parameters

Request body

Responses

POST/v1/control-framework/evidence-requests/:evidenceRequestId/submit

Security

Parameters

Request body

GET`/v1/control-framework`

GET`/v1/control-framework/:tenantControlId`

GET`/v1/control-framework/:tenantControlId/audit-trace`

GET`/v1/control-framework/:tenantControlId/intelligence`

GET`/v1/control-framework/approval-layer`

POST`/v1/control-framework/approval-layer/approvals`

GET`/v1/control-framework/audit-integrity`

GET`/v1/control-framework/audit-pack`

POST`/v1/control-framework/audit-pack/export`

GET`/v1/control-framework/auditor-workspace`

GET`/v1/control-framework/coverage`

GET`/v1/control-framework/evidence`

POST`/v1/control-framework/evidence`

GET`/v1/control-framework/evidence-requests`

POST`/v1/control-framework/evidence-requests/:evidenceRequestId/review`

POST`/v1/control-framework/evidence-requests/:evidenceRequestId/submit`

POST`/v1/control-framework/evidence-requests/generate`

GET`/v1/control-framework/frameworks`

GET`/v1/control-framework/monitoring`

GET`/v1/control-framework/readiness`

POST`/v1/control-framework/results`

GET`/v1/control-framework/sources`

POST`/v1/control-framework/sources`

GET`/v1/control-framework/test-health`

GET`/v1/control-framework/workflow-tasks`

POST`/v1/control-framework/workflow-tasks/:taskId/complete`

POST`/v1/control-framework/workflow-tasks/enforce`