← Back to scanner

Enterprise API

Integrate EU AI Act compliance scanning into your CI/CD pipeline, monitoring stack, or internal tools. The API provides programmatic access to all scanning capabilities.

All endpoints require a Bearer token in the Authorization header. Contact us for an API key.

Base URL

https://YOUR_DEPLOYMENT.convex.site

Authentication

All API requests must include your API key as a Bearer token:

Authorization: Bearer YOUR_API_KEY

Endpoints

POST/api/scan

Start a scan

Submit a URL for EU AI Act compliance scanning. Returns a scan ID for tracking progress.

Example request

curl -X POST https://YOUR_DEPLOYMENT.convex.site/api/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Request body

{
  "url": "https://example.com",
  "email": "team@example.com"
}

Response

201 Created
{
  "scanId": "k17abc...",
  "status": "queued",
  "message": "Scan queued successfully. Poll GET /api/scan/:id for status.",
  "links": {
    "status": "/api/scan/k17abc...",
    "report": "/api/report/k17abc..."
  }
}
GET/api/scan/:id

Get scan status

Check the current status and progress of a scan. Poll this endpoint until status is 'completed' or 'failed'.

Example request

curl https://YOUR_DEPLOYMENT.convex.site/api/scan/SCAN_ID \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

200 OK
{
  "scanId": "k17abc...",
  "targetUrl": "https://example.com",
  "targetName": "example.com",
  "status": "analyzing",
  "progressPct": 55,
  "riskLevel": "unclassified",
  "complianceScore": null,
  "errorMessage": null,
  "startedAt": 1710000000000,
  "completedAt": null,
  "links": {
    "report": null
  }
}
GET/api/report/:id

Get full report

Retrieve the complete compliance report including detected AI systems, risk classifications, and compliance gaps with remediation steps.

Example request

curl https://YOUR_DEPLOYMENT.convex.site/api/report/SCAN_ID \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

200 OK
{
  "scan": {
    "id": "k17abc...",
    "targetUrl": "https://example.com",
    "targetName": "example.com",
    "status": "completed",
    "riskLevel": "high",
    "complianceScore": 42,
    "scannedAt": 1710000000000
  },
  "aiSystems": [
    {
      "id": "j57def...",
      "name": "Resume Screening AI",
      "description": "Automated resume filtering system",
      "systemType": "employment_decision",
      "riskClassification": "high",
      "classificationReasoning": "Falls under Annex III...",
      "annexIiiCategory": "Employment, workers management",
      "articleFiveFlags": [],
      "confidenceScore": 0.92
    }
  ],
  "complianceGaps": [
    {
      "id": "m83ghi...",
      "articleRef": "Article 9",
      "requirementTitle": "Risk Management System",
      "gapSeverity": "critical",
      "gapDescription": "No documented risk management...",
      "remediationAction": "Implement a risk management system...",
      "remediationEffort": "significant",
      "status": "open"
    }
  ],
  "summary": {
    "totalAISystems": 1,
    "totalGaps": 5,
    "criticalGaps": 2,
    "riskBreakdown": {
      "prohibited": 0,
      "high": 1,
      "limited": 0,
      "minimal": 0
    }
  }
}

Error codes

400Bad request -- invalid JSON, missing fields, or malformed URL
401Unauthorized -- missing or invalid API key
202Accepted -- report not ready yet, scan still in progress
404Not found -- scan ID does not exist
500Server error -- internal failure during scan creation

Rate limits

During beta, the API is rate-limited to 10 scans per minute and 100 scans per hour per API key. Status and report endpoints have no rate limit. Contact us for higher limits.

Typical workflow

1.POST /api/scan with your target URL to start a scan
2.Poll GET /api/scan/:id until status is "completed"
3.Fetch GET /api/report/:id for the full compliance report
4.Parse the response to integrate with your internal systems
Check your product now — free

No sign-up required. Results in 60 seconds.