Compliance Reports API¶
Generate structured compliance reports in JSON or PDF format. Available frameworks: SOX (Sarbanes-Oxley), HIPAA, SOC 2 Type II, and EU AI Act.
Authentication¶
All endpoints require:
- Authorization: Bearer <token> with admin, owner, or compliance_officer role
- The blockchain_audit feature must be enabled for the organization
Endpoints¶
SOX Section 404¶
GET /api/v1/audit/reports/sox
# Optional parameters
?from=2025-04-01T00:00:00Z # Start date (default: 1 year ago)
&to=2026-04-01T00:00:00Z # End date (default: now)
&format=json # json (default) or pdf
Covers: approval controls, change management, segregation of duties, access controls.
HIPAA Security Rule¶
GET /api/v1/audit/reports/hipaa
?from=2025-10-01T00:00:00Z # Default: 6 months ago
&to=2026-04-01T00:00:00Z
&format=json
Covers: access controls, audit trails, user activity, data integrity, incident response.
SOC 2 Type II¶
GET /api/v1/audit/reports/soc2
?from=2025-04-01T00:00:00Z # Default: 1 year ago
&to=2026-04-01T00:00:00Z
&format=json
Covers: security controls, availability, processing integrity, change management, monitoring.
EU AI Act (Article 13)¶
GET /api/v1/audit/reports/eu_ai_act
?from=2025-10-01T00:00:00Z # Default: 6 months ago
&to=2026-04-01T00:00:00Z
&format=json
Covers: AI system inventory, operation statistics, human oversight, data processing, blockchain verification.
Response Format (JSON)¶
All reports follow a consistent structure:
{
"report_type": "sox_compliance",
"generated_at": "2026-04-01T12:00:00Z",
"report_version": "1.0",
"regulatory_reference": "Sarbanes-Oxley Act Section 404",
"organization": {
"id": 1,
"name": "Acme s.r.o.",
"slug": "acme"
},
"period": {
"start": "2025-04-01T00:00:00Z",
"end": "2026-04-01T00:00:00Z",
"duration_days": 365
},
// Framework-specific sections (varies by report type)
"approval_controls": { ... },
"change_management": { ... },
// Common sections
"document_compliance": {
"total_documents": 45,
"versions": 128,
"blockchain_verified": 42,
"by_category": { ... },
"missing_at_transition": 0
},
"blockchain_verification": {
"total_anchors": 12,
"confirmed": 10,
"pending": 2,
"sample_proofs": [ ... ]
},
"attestation": {
"statement": "This report was generated automatically...",
"generated_at": "2026-04-01T12:00:00Z",
"valid_as_of": "2026-04-01T12:00:00Z"
}
}
PDF Download¶
Pass ?format=pdf to any endpoint to download a branded PDF report with QR codes for blockchain verification.
curl -o sox_report.pdf \
"https://kiket.dev/api/v1/audit/reports/sox?format=pdf&from=2025-04-01" \
-H "Authorization: Bearer eyJ..."
Record Proofs¶
Verify individual audit records:
# Single record proof
GET /api/v1/audit/reports/record_proof/{record_type}/{record_id}
# record_type: audit_log, ai_audit_log, notification_audit_log
# Batch proofs (up to 100 records)
POST /api/v1/audit/reports/batch_proofs
{
"records": [
{ "type": "audit_log", "id": 123 },
{ "type": "audit_log", "id": 456 }
]
}
# All proofs for a specific blockchain anchor
GET /api/v1/audit/reports/anchor/{anchor_id}/proofs
Error Responses¶
| Status | Error | Meaning |
|---|---|---|
| 403 | feature_not_enabled |
blockchain_audit feature not enabled for this organization |
| 403 | insufficient_permissions |
User lacks admin/owner/compliance_officer role |
| 404 | record_not_found |
Record doesn't exist or doesn't belong to your organization |
| 404 | anchor_not_found |
Blockchain anchor not found |