For GRC platforms, vCISO firms, and customer compliance tooling. List frameworks. Pull control status. Fetch signed Evidence Packs. Register webhooks for control-status changes. JSON in, JSON out, PDF on download.
01 / Conventions
All endpoints under https://monitor.northbeams.com/api/v1. Bearer token in Authorization. JSON responses. PDF on the pack download. UTF-8 throughout.
Bearer tokens issued from the workspace dashboard. Scopes: read:evidence, write:webhooks. One token per integration. Rotate from the dashboard at any time.
120 req/min per token by default. 10 req/min on pack-generation endpoints. 429 with Retry-After header on overage. Higher limits available on Enterprise.
02 / Endpoints
List frameworks available for this organization. Returns version, control count, and whether the framework is enabled.
// 200 OK { "frameworks": [ { "id": "iso-42001", "version": "2023", "controls": 38, "enabled": true }, { "id": "eu-ai-act", "version": "2024/1689", "controls": 12, "enabled": true }, { "id": "nist-ai-rmf", "version": "1.0", "controls": 72, "enabled": false }, { "id": "soc2-ai", "version": "2017+csa", "controls": 16, "enabled": true } ] }
List controls for a framework with current status. status is auto, attest, scoped_out, or gap.
// 200 OK { "framework": "iso-42001", "controls": [ { "id": "A.6.2.6", "title": "AI system monitoring", "status": "auto", "events_30d": 142318, "last_check": "2026-05-21T03:00:00Z" }, { "id": "A.10.2", "title": "Allocation of responsibilities", "status": "attest", "attestor": "ciso@acme.com", "attested_at": "2026-04-30" } ] }
Generate or retrieve an Evidence Pack for the period. Returns a presigned PDF URL plus JSON summary. Caches for 24 hours; regenerate by appending ?force=true.
// 200 OK { "pack_id": "pk_01HZ9F3A1B2C3D4E", "framework": "iso-42001", "period": "2026-Q2", "sha256": "7b32fc4e91d83a9e02c6...", "signing_identity": "CN=Northbeams Evidence v1", "download_url": "https://monitor.northbeams.com/d/pk_01HZ9F3A1B2C3D4E.pdf", "expires_at": "2026-05-22T14:02:33Z" }
Sampled events backing an AUTO control. For GRC drilldown. Argument values are hashed only; raw values are never returned.
// 200 OK { "control": "A.6.2.6", "events": [ { "ts": "2026-05-19T14:21:08Z", "user": "a.kahn", "surface": "mcp", "tool": "github.create_issue", "action": "allow", "args_sha256": "a3f1..." } ], "sampled_of": 142318 }
Register a webhook for control-status changes. Northbeams POSTs JSON to your URL whenever a control flips (AUTO → gap, ATTEST expired, sampled exception found).
// Request { "url": "https://grc.example.com/hooks/northbeams", "events": ["control_status_changed", "pack_generated"], "frameworks": ["iso-42001", "eu-ai-act"] } // 201 Created { "webhook_id": "wh_01HZ...", "secret": "whsec_..." }
Public verification endpoint for auditors. No token required. Returns whether a SHA-256 corresponds to a Northbeams-signed pack and, if so, the cover metadata (org redacted unless the requestor is authenticated).
// 200 OK { "valid": true, "framework": "iso-42001", "signed_at": "2026-05-21T14:02:33Z" }
03 / Integration recipes
Real-world integrations boil down to one of three flows. Each comes with a Postman collection and a sample integration repo.
01 · GRC pull
The GRC platform pulls the pack on its evidence-refresh cadence (daily or weekly). Stores Northbeams signature alongside the pack. Auditor sees both in one place.
02 · Webhook push
Register a webhook; receive POSTs the moment a control flips. Route to PagerDuty, Slack, Linear, Jira, or your GRC platform's API. HMAC-signed body so you can verify origin.
Generate a webhook secret →03 · Customer compliance tooling
vCISO firms and enterprise compliance teams use the API to pull packs into client-facing portals, audit-prep tools, and quarterly board reports. Same endpoints, same auth.
See the vCISO model →Generate an API token in the workspace dashboard, or talk to us if you're building a GRC integration we should ship a connector for.