Integrate our stateless evidence mapping engine directly into your own GRC platforms or internal workflows. All data is processed entirely in memory.
All API requests must be authenticated via a Bearer Token provided during your pilot onboarding. Include the token in the Authorization header of your HTTP request.
Authorization: Bearer isf_live_xxxxxxxxxxxxxxxxx
/v1/engine/map
Uploads a raw policy document, orchestrates the control extraction in volatile RAM, and returns a strict JSON array of mapped controls and verbatim citations.
Content-Type: multipart/form-data| Field | Type | Description |
|---|---|---|
| file | File (Binary) | Required. The raw policy document (PDF, DOCX, TXT). Max size: 200MB. |
| framework | String | Required. Enum: iso27001_2022, soc2_type2, custom_matrix |
| custom_matrix | File (CSV) | Optional. Required only if framework is set to custom_matrix. |
The engine returns a 200 OK with a strict JSON array representing the audit trail. Because the system is stateless, the connection is kept alive until processing completes (typically 15-30 seconds depending on document length).
{
"status": "success",
"processing_time_ms": 14205,
"stateless_purge": true,
"results": [
{
"control_id": "A.5.1",
"control_name": "Policies for information security",
"status": "Mapped",
"verbatim_evidence": "The organization shall review the information security policy at planned intervals or if significant changes occur to ensure its continuing suitability.",
"page_number": 4,
"confidence_score": 0.98
},
{
"control_id": "A.5.2",
"control_name": "Information security roles and responsibilities",
"status": "Not Found",
"verbatim_evidence": null,
"page_number": null,
"confidence_score": 0.0
}
]
}To ensure high availability of our ephemeral compute clusters, API access is currently rate-limited to 50 concurrent document mappings per minute per organization. For higher throughput, please contact engineering for dedicated cluster provisioning.