API Reference

Evidence Packages API

Generate, retrieve, and verify auditor-ready evidence packages. Each package is a signed PDF or JSON bundle containing audit events, chain proof, and framework-aligned documentation.

Last updated: 2 March 2026

Supported Frameworks

FCA_SS1_23

FCA SS1/23

Model risk management framework for FCA-regulated firms

EU_AI_ACT_ANNEX_IV

EU AI Act Annex IV

Technical documentation requirements for high-risk AI systems

ISO_42001

ISO 42001

AI management system standard — governance records

Endpoints

Method	Path	Description
POST	/evidence/generate	Generate a new evidence package (async)
GET	/evidence/:id	Retrieve status and download URL for a package
GET	/evidence	List all evidence packages for the organisation
POST	/evidence/:id/verify	Verify a package's authenticity signature

POST/evidence/generate

Initiates an async evidence package generation. Most packages complete within 5–30 seconds depending on the date range and event count. Poll GET /evidence/:id until status is READY.

bash

curl -X POST https://api.audital.ai/v1/evidence/generate \
  -H "Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "modelId": "mdl_abc123",
    "framework": "FCA_SS1_23",
    "dateRange": {
      "from": "2026-01-01T00:00:00Z",
      "to": "2026-03-01T23:59:59Z"
    },
    "includeChainProof": true,
    "includeHumanOversight": true,
    "format": "PDF",
    "recipientName": "FCA Supervisory Team",
    "notes": "Q1 2026 AI governance submission"
  }'

json

{
  "id": "epkg_01HZABCDEF1234567890ABCD",
  "status": "GENERATING",
  "modelId": "mdl_abc123",
  "framework": "FCA_SS1_23",
  "dateRange": {
    "from": "2026-01-01T00:00:00Z",
    "to": "2026-03-01T23:59:59Z"
  },
  "estimatedCompletionSeconds": 12,
  "createdAt": "2026-03-02T15:00:00.000Z"
}

Request body

Field	Type	Description
`modelId`req	string	Model to generate evidence for
`framework`req	string	FCA_SS1_23, EU_AI_ACT_ANNEX_IV, or ISO_42001
`dateRange.from`req	ISO 8601	Start of evidence period
`dateRange.to`req	ISO 8601	End of evidence period
`format`	string	PDF (default) or JSON
`includeChainProof`	boolean	Include the full chain proof (default: true)
`includeHumanOversight`	boolean	Include human review records (default: true)
`sections`	string[]	Specific framework sections to include (default: all)
`recipientName`	string	Recipient name printed on the cover page
`notes`	string	Internal notes (not included in the PDF)

GET/evidence/:id

Poll this endpoint after calling generate. When status is READY, the downloadUrl is available for 24 hours.

bash

curl https://api.audital.ai/v1/evidence/epkg_01HZABCDEF1234567890ABCD \
  -H "Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxx"

json

{
  "id": "epkg_01HZABCDEF1234567890ABCD",
  "status": "READY",
  "modelId": "mdl_abc123",
  "modelName": "Credit Risk Scorer v2",
  "framework": "FCA_SS1_23",
  "dateRange": {
    "from": "2026-01-01T00:00:00Z",
    "to": "2026-03-01T23:59:59Z"
  },
  "summary": {
    "totalEvents": 847291,
    "inferences": 846800,
    "configChanges": 12,
    "deployments": 3,
    "humanReviews": 41,
    "alerts": 435,
    "chainIntact": true
  },
  "downloadUrl": "https://storage.audital.ai/evidence/epkg_01HZABCDEF1234567890ABCD.pdf?token=eyJ...",
  "downloadUrlExpiresAt": "2026-03-03T15:00:00.000Z",
  "packageHash": "sha256:b14a7b8059d9c055954c92674ce60032",
  "packageSignature": "sig_audital_RSA4096_SHA256_xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "pages": 47,
  "format": "PDF",
  "generatedAt": "2026-03-02T15:00:12.000Z",
  "expiresAt": "2026-04-02T15:00:12.000Z"
}

GET/evidence

bash

curl "https://api.audital.ai/v1/evidence?modelId=mdl_abc123&limit=10" \
  -H "Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxx"

json

{
  "data": [
    {
      "id": "epkg_01HZABCDEF1234567890ABCD",
      "status": "READY",
      "framework": "FCA_SS1_23",
      "modelId": "mdl_abc123",
      "generatedAt": "2026-03-02T15:00:12.000Z",
      "expiresAt": "2026-04-02T15:00:12.000Z",
      "pages": 47,
      "format": "PDF"
    }
  ],
  "pagination": {
    "total": 1,
    "limit": 10,
    "offset": 0,
    "hasMore": false
  }
}

POST/evidence/:id/verify

Auditors and third parties can independently verify a package has not been altered since generation by checking the packageSignature.

bash

curl -X POST https://api.audital.ai/v1/evidence/epkg_01HZABCDEF1234567890ABCD/verify \
  -H "Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "packageHash": "sha256:b14a7b8059d9c055954c92674ce60032"
  }'

json

{
  "packageId": "epkg_01HZABCDEF1234567890ABCD",
  "authentic": true,
  "message": "Package hash matches. Document has not been modified since generation.",
  "generatedAt": "2026-03-02T15:00:12.000Z",
  "signedBy": "Audital Platform (RSA-4096)",
  "verifiedAt": "2026-03-02T16:30:00.000Z"
}

EU AI Act Annex IV example

Generate a package targeting specific Annex IV sections:

bash

curl -X POST https://api.audital.ai/v1/evidence/generate \
  -H "Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "modelId": "mdl_abc123",
    "framework": "EU_AI_ACT_ANNEX_IV",
    "dateRange": {
      "from": "2026-01-01T00:00:00Z",
      "to": "2026-03-01T23:59:59Z"
    },
    "sections": [
      "TECHNICAL_DOCUMENTATION",
      "RISK_MANAGEMENT",
      "DATA_GOVERNANCE",
      "HUMAN_OVERSIGHT",
      "POST_MARKET_MONITORING"
    ],
    "includeChainProof": true,
    "format": "PDF"
  }'

Core Concepts →Audit Events API →