Developers

Build on the governance API

Programmatic access to your AI inventory, evidence, controls and usage — REST endpoints, JSON over HTTPS, and webhooks for runtime events. Wire governance into the systems you already run.

● API reference (preview)
Overview

A clean, predictable API

Standard conventions your engineers already know — designed to drop into existing pipelines without surprises.

🌐

REST API

  • Resource-oriented routes
  • Predictable HTTP verbs
  • Standard status codes
📦

JSON over HTTPS

  • JSON request and response
  • TLS on every call
  • Consistent error shapes
🔔

Webhooks

  • Push runtime events to you
  • Signed payloads
  • Retries on failure
Authentication

Authenticate with a bearer token

Every request carries an API key in the Authorization header. Keys are issued per tenant and scoped to least privilege.

🔑

API keys

  • Issued per tenant
  • Scoped, revocable, rotatable
  • Never share keys in client code
💻

Example request

curl https://api.trustedaigov.io/v1/assets \
  -H "Authorization: Bearer " \
  -H "Content-Type: application/json"
Core endpoints

The endpoints you'll reach for first

A preview of the core resources — read your inventory, push evidence and usage, and check controls.

📇

AI Inventory

GET /v1/assets

List the AI assets in your estate.

🧾

Evidence

POST /v1/evidence

Submit an evidence artifact for a control.

🛡️

Controls

GET /v1/controls

Read control definitions and test status.

📊

Usage ingestion

POST /v1/usage

Stream usage records for cost tracking.

Webhooks

Subscribe to events as they happen

Get notified the moment governance state changes — wire it into your SIEM, ticketing or alerting.

Runtime events

  • ALLOW decisions
  • BLOCK decisions
  • KILL-SWITCH activations

Control test results

  • Pass / fail outcomes
  • New control failures
  • Recovery to passing

Evidence expiry

  • Upcoming expiry warnings
  • Expired artifacts flagged
  • Renewal reminders
Limits & tooling

Rate limits & SDKs

Built for production traffic with safe retries and language tooling on the way.

🚦

Rate limits

  • Per-key request budgets
  • Limits in response headers
  • Clear 429 on throttle
🔁

Idempotency

  • Idempotency keys on writes
  • Safe to retry on timeout
  • No duplicate side effects
🧰

SDKs

  • HTTP-first, language agnostic
  • Typed responses
  • Python & TypeScript SDKs on the roadmap

Want early access to the API?

The API reference is in preview. Talk to TAI to scope your integration, or reach the team to get on the early-access list.

Talk to TAI → Contact Sales