API Reference

Complete reference for all ComplianceLayer API endpoints. All requests require authentication via API key. Base URL: https://api.compliancelayer.net/v1

Scanning

POST/scan

Queue a new scan job for a domain. Returns a job ID for polling. Scans typically complete within 30-60 seconds.

Request Body

Parameter	Type	Required	Description
`domain`	string	Yes	The domain to scan (e.g., "example.com")

curl -X POST "https://api.compliancelayer.net/v1/scan" \
  -H "Authorization: Bearer cl_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"domain": "example.com"}'

GET/scan/jobs/:job_id

Get the status of a scan job. Poll this endpoint until status is "completed", then fetch the full report.

Path Parameters

Parameter	Type	Description
`job_id`	string	The job ID returned from POST /scan

Response Fields

Field	Type	Description
`status`	enum	queued, running, completed, failed
`result`	object	Summary results (only when status=completed)

curl "https://api.compliancelayer.net/v1/scan/jobs/job_abc123def456" \
  -H "Authorization: Bearer cl_YOUR_API_KEY"

GET/scan/jobs/:job_id/report

Get the complete scan report including all findings, module results, and compliance mappings. Only available after scan completes.

curl "https://api.compliancelayer.net/v1/scan/jobs/job_abc123def456/report" \
  -H "Authorization: Bearer cl_YOUR_API_KEY"

GET/scan/recent

List your recent scans with summary results. Limited to 20 most recent scans.

curl "https://api.compliancelayer.net/v1/scan/recent" \
  -H "Authorization: Bearer cl_YOUR_API_KEY"

GET/scan/history

List your scan history with summary results. Returns up to 100 most recent scans.

curl "https://api.compliancelayer.net/v1/scan/history" \
  -H "Authorization: Bearer cl_YOUR_API_KEY"

Reports & PDF

GET/compliance/reports/:job_id/pdf

Generate a PDF report for a completed scan. Returns a PDF file with executive summary, module scores, findings, and compliance framework mappings. Available on Professional and above plans.

Path Parameters

Parameter	Type	Description
`job_id`	string	The completed scan job ID

# Download PDF report
curl "https://api.compliancelayer.net/v1/compliance/reports/job_abc123def456/pdf" \
  -H "Authorization: Bearer cl_YOUR_API_KEY" \
  --output report.pdf

The PDF includes:

Cover page with domain, grade, scan date, and QR verification code
Executive summary with issue distribution and priority recommendations
Module-by-module score breakdown (SSL, DNS, headers, ports, etc.)
Detailed findings per module
Compliance framework mapping (SOC 2, PCI DSS, HIPAA, NIST CSF, ISO 27001, CIS Controls v8)

Report Verification

GET/verify/:report_id

Verify the authenticity of a ComplianceLayer PDF report. Public endpoint — no authentication required. Used by the QR code embedded in every PDF to let recipients confirm the report is genuine and unmodified.

Path Parameters

Parameter	Type	Description
`report_id`	string	The report ID from the PDF QR code (format: `cl_rpt_...`)

# Public endpoint - no API key required
curl "https://api.compliancelayer.net/v1/verify/cl_rpt_abc123def456"

Domain Monitoring

GET/domains

List all monitored domains for your account.

curl "https://api.compliancelayer.net/v1/domains" \
  -H "Authorization: Bearer cl_YOUR_API_KEY"

POST/domains

Add a domain to continuous monitoring with scheduled scans.

Request Body

Parameter	Type	Required	Description
`domain`	string	Yes	The domain to monitor
`scan_frequency`	enum	No	hourly, daily, or weekly (default: daily)
`alert_threshold`	number	No	Score drop threshold for alerts (default: 10)

curl -X POST "https://api.compliancelayer.net/v1/domains" \
  -H "Authorization: Bearer cl_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "domain": "example.com",
    "scan_frequency": "daily",
    "alert_threshold": 10
  }'

DELETE/domains/:id

Remove a domain from monitoring. Stops all scheduled scans.

POST/domains/:id/scan

Trigger an immediate scan for a monitored domain (outside of regular schedule).

GET/domains/alerts

List alerts for monitored domains (score drops, critical findings, etc.).

Authentication

POST/auth/signup

Create a new account. Returns a JWT token for immediate access.

Request Body

Parameter	Type	Required
`email`	string	Yes
`password`	string	Yes (min 8 chars)

POST/auth/login

Authenticate with email and password. Returns a JWT token.

GET/auth/me

Get current user profile and subscription information.

Billing

POST/billing/checkout

Create a Stripe checkout session to start a subscription.

Request Body

Parameter	Type	Required
`plan`	enum	Yes (starter, professional, business, agency)

POST/billing/portal

Create a Stripe customer portal session to manage subscription.

Response Codes

Code	Status	Description
`200`	OK	Request succeeded
`400`	Bad Request	Invalid parameters or request body
`401`	Unauthorized	Missing or invalid API key
`403`	Forbidden	Account disabled or quota exceeded
`404`	Not Found	Resource not found
`429`	Too Many Requests	Rate limit exceeded
`500`	Internal Server Error	Server error (contact support)

API Documentation

API Reference

Scanning

Request Body

Path Parameters

Response Fields

Reports & PDF

Path Parameters

Report Verification

Path Parameters

Domain Monitoring

Request Body

Authentication

Request Body

Billing

Request Body

Response Codes