Product · API

The same scoring engine enterprises use — now via API

Use ComplianceLayer as an infrastructure-grade assessment service inside underwriting queues, compliance workflows, and platform integrations.

Read the docsStart trial
cURLPythonNode.js
POST /v1/scan

curl https://api.compliancelayer.net/v1/scan \
  -H "Authorization: Bearer cl_..." \
  -H "Content-Type: application/json" \
  -d '{
    "domain": "acme-payments.com"
  }'
Response · 202 Accepted
{
  "job_id": 12847,
  "domain": "acme-payments.com",
  "status": "queued",
  "source": "api",
  "queued_at": "2026-03-17T10:30:00Z"
}

# Poll for completion:
GET /v1/scan/jobs/12847/report
Async processing
4-8 second scans with polling
Response model
Scores, findings, compliance mappings
Delivery
API, dashboard, webhooks
Primary users
Underwriting & product teams
Capabilities

What the platform is built to do

Commercial-grade posture data without rebuilding scoring logic yourself.

Async job processing

Submit scans via POST, receive a job_id, then poll for completion. Scans typically complete in 4-8 seconds with results stored for retrieval.

Authoritative stored assessments

Every API response is aligned to the same persisted assessment model used by the dashboard and report layer.

Webhook integrations

Push scan results, alerts, and compliance updates to your systems in real-time via webhooks. Professional plan and above.

Workflow-safe integrations

Use the API to feed intake queues, recurring reviews, or customer-facing evidence flows without rebuilding scoring logic yourself.

Commercial-grade output

Return underwriting-ready posture data instead of a raw scanner transcript that still needs manual interpretation.

Plan-based rate limiting

Professional plan: 60 requests/min, 1,500/hour, 10,000/day. Enterprise: 150/min, 5,000/hour, 30,000/day. Clearly communicated via response headers.

Workflow

How teams use it

  1. Submit a public domain via POST /v1/scan/ and receive a job_id (202 Accepted).
  2. Poll GET /v1/scan/jobs/{id} until status transitions from 'queued' to 'completed' (typically 4-8 seconds).
  3. Retrieve full report via GET /v1/scan/jobs/{id}/report with scores, findings, and compliance mappings.
  4. Optionally configure webhooks to receive results automatically without polling.
  5. Push the result into analyst review, portfolio monitoring, or downstream systems.
API Reference

Core endpoints

All API calls use the /v1/ prefix with Bearer token authentication. Scans are async — submit, poll, retrieve.

POST/v1/scan/Submit a domain for scanning (returns job_id)
GET/v1/scan/jobs/{id}Poll scan job status
GET/v1/scan/jobs/{id}/reportGet full scan report when complete
GET/v1/scan/historyList recent scans
GET/v1/domains/List monitored domains
POST/v1/domains/Add domain for monitoring
POST/v1/domains/{id}/scanTrigger scan for monitored domain
GET/v1/auth/meGet current user info

Start building today

Submit a scan, poll for results. Scores, findings, compliance mappings, and webhooks included.

Read the docs

API access included on Professional ($249/mo) and above. View pricing →