AnnexOps Compliance

Compliance as an API. Modular. Pay-per-request.

47 REST API endpoints covering every EU AI Act compliance function. Use only what you need. Integrate classification, document generation, vault access, and monitoring into any product or workflow.

Read API Docs

✓ 47 endpoints

✓ OpenAPI 3.1 spec-first

✓ All routes /v1/

API design principles

Built for developers who care about correctness

Scoped API keys

Seven permission scopes: systems:read/write, classify:write, vault:read/write, monitoring:write, reports:read. Grant only what each integration needs.

Async long-running operations

Classification, document generation, and report creation return 202 Accepted with a job_id and poll_url. Webhook notifications when jobs complete. No blocking timeouts.

OpenAPI 3.1 spec-first

Every endpoint defined in the OpenAPI spec before implementation. Generate TypeScript, Python, or Go clients automatically. Spec and implementation stay in sync.

Correlation IDs everywhere

Every request and response includes X-Correlation-ID. Trace any API call through classification, document generation, and monitoring with a single ID.

API capabilities

47 endpoints. Everything you need to build on.

Scoped API keys

Fine-grained permission scopes so each integration receives only the access it needs. API keys are SHA-256 hashed at storage — never stored in plain text.

202 async pattern

Long-running operations return immediately with a job_id. Poll the status endpoint or receive a webhook when the job completes. No timeout errors, no blocking.

OpenAPI 3.1 spec

The full OpenAPI spec is published and downloadable. Use any code generator to create a type-safe client in TypeScript, Python, or Go in seconds.

Correlation IDs

X-Correlation-ID injected at the API gateway on every request. Use it to trace a classification through every downstream service in one query.

Cursor pagination

All list endpoints use cursor-based pagination. No offset drift on live data. Consistent results even when items are added between page requests.

org_id always isolated

org_id is derived from your API key — never a request parameter. Every database query is automatically scoped to your organisation. Isolation is architectural.

Integrations

Works With Your Existing Stack

FAQs

Some Frequently Asked Questions and Their Answers

  • 🐙 GitHub Actions
  • 🦊 GitLab CI
  • 🤗 HuggingFace
  • 🧠 Anthropic Claude
  • 🌟 Mistral AI
  • ☁️ AWS SageMaker
  • 📊 Grafana
  • 🔴 Jira
  • 💼 Linear
  • 🔔 Slack
  • 🔷 Google Vertex AI
  • 🤖 OpenAI API

Toggle title

Toggle content goes here, click edit button to change this text.

Read Our Blog

News & Articles

The EU AI Act Explained: A Practical Guide for Companies Building or Using AI
April 3, 2026 | By
The EU AI Act Explained: A Practical Guide for Companies Building or Using AI
High-Risk AI Systems Under the EU AI Act: What Companies Must Do to Stay Compliant
April 3, 2026 | By
High-Risk AI Systems Under the EU AI Act: What Companies Must Do to Stay Compliant
AI Governance Platforms: Why Companies Need Infrastructure to Comply With the EU AI Act
April 3, 2026 | By
AI Governance Platforms: Why Companies Need Infrastructure to Comply With the EU AI Act

47 endpoints. Every EU AI Act function. One API.

Read the full spec or start with the free public endpoint — no API key required.