Skip to content
BaseID Docs

Compliance API

Generate compliance report

Section titled “Generate compliance report”

Generate a compliance assessment report for any of 7 supported frameworks.

GET /v1/compliance/report?framework=pctf&level=substantial
Authorization: Bearer <token>

Permission required: compliance:report

Query parameters

Section titled “Query parameters”
ParameterTypeDefaultDescription
frameworkstringRequiredpctf, eidas, haip, nist, tdif, mosip, diatf
levelstringsubstantialTarget level: low, substantial, high

Response

Section titled “Response”
{
  "framework": "pctf",
  "level": {
    "pctf": "Level 2",
    "eidas": "Substantial",
    "nist": "IAL2",
    "tdif": "IP2",
    "target": "substantial"
  },
  "components": [
    { "component": "Identity Assurance", "status": "pass", "details": "Target level: Level 2" },
    { "component": "DID Infrastructure", "status": "pass", "details": "At least one DID is configured" },
    { "component": "Credential Issuance", "status": "pass", "details": "Credentials have been issued" },
    { "component": "Audit Trail", "status": "pass", "details": "Hash-chained audit log is active" },
    { "component": "Bilingual Support", "status": "pass", "details": "EN/FR bilingual reports supported" },
    { "component": "Consent Management", "status": "pass", "details": "Consent record/revoke lifecycle available" }
  ],
  "overall_status": "compliant",
  "summary_en": "PCTF compliance report: 6/6 components pass at substantial assurance level.",
  "summary_fr": "Rapport de conformit\u00e9 PCTF : 6/6 composants r\u00e9ussis au niveau d'assurance substantial."
}

Supported frameworks

Section titled “Supported frameworks”
FrameworkKey checks
PCTF (Canada)Bilingual EN/FR, consent management
eIDAS (EU)PID data model, HAIP compliance
HAIPSD-JWT VC + mso_mdoc formats, ES256/EdDSA algorithms
NIST (US)Assurance level mapping
TDIF (Australia)Assurance level mapping
MOSIP (Africa/Asia)Offline QR credential support
DIATF (UK)Assurance level mapping
Section titled “Record consent”

Record a data-sharing consent.

POST /v1/compliance/consent
Authorization: Bearer <token>

Permission required: compliance:consent

Request body

Section titled “Request body”
FieldTypeRequiredDescription
subjectstringYesData subject (DID or identifier)
recipientstringYesData recipient (DID or identifier)
purposestringYesPurpose of data sharing
elementsstring[]YesData elements being shared
expires_atstringNoISO 8601 expiry timestamp

Response

Section titled “Response”
{
  "id": "550e8400-...",
  "subject": "did:key:z6MkHolder",
  "recipient": "did:key:z6MkVerifier",
  "purpose": "age verification",
  "elements": ["dateOfBirth", "age_over_18"],
  "status": "active",
  "granted_at": "2026-03-26T12:00:00Z",
  "expires_at": null
}

List consents

Section titled “List consents”
GET /v1/compliance/consent?subject=did:key:z6Mk...&limit=50
Authorization: Bearer <token>

Permission required: compliance:consent

Query parameters

Section titled “Query parameters”
ParameterTypeDefaultDescription
subjectstringFilter by data subject
limitinteger50Max results (1-100)
offsetinteger0Pagination offset
Section titled “Revoke consent”
POST /v1/compliance/consent/:id/revoke
Authorization: Bearer <token>

Permission required: compliance:consent

Response

Section titled “Response”
{ "status": "revoked", "consent_id": "550e8400-..." }

Query audit trail

Section titled “Query audit trail”

Query the tamper-evident audit trail. Each entry is hash-chained to the previous one.

GET /v1/compliance/audit?limit=50&action=credential.issued
Authorization: Bearer <token>

Permission required: compliance:audit

Query parameters

Section titled “Query parameters”
ParameterTypeDefaultDescription
actionstringFilter by action type
limitinteger50Max results (1-100)
offsetinteger0Pagination offset

Audit actions

Section titled “Audit actions”
ActionTriggered when
user.registeredNew user registration
credential.issuedCredential issued
credential.verifiedCredential verified
credential.revokedCredential revoked
did.createdDID created
did.deactivatedDID deactivated
consent.grantedConsent recorded
consent.revokedConsent revoked
member.invitedTeam invitation sent
member.removedTeam member removed
member.role_changedMember’s role changed
api_key.createdAPI key created
api_key.revokedAPI key revoked

Evaluate assurance level

Section titled “Evaluate assurance level”

Evaluate the assurance level based on evidence, with cross-framework mapping.

POST /v1/compliance/assurance
Authorization: Bearer <token>

Permission required: compliance:report

Request body

Section titled “Request body”
{
  "evidence": [
    { "evidence_type": "government_photo_id", "verification_method": "database_check" },
    { "evidence_type": "biometric", "verification_method": "biometric_match" }
  ]
}

Response

Section titled “Response”
{
  "level": "Substantial",
  "pctf": "Level 2",
  "eidas": "Substantial",
  "nist": "IAL2",
  "tdif": "IP2",
  "evidence_count": 2,
  "upgrade_possible": true,
  "upgrade_hints": ["Add biometric verification", "Add in-person identity proofing"]
}

Validate HAIP profile

Section titled “Validate HAIP profile”

Check if credential parameters conform to the HAIP v1.0 profile.

POST /v1/compliance/haip/validate
Authorization: Bearer <token>

Permission required: compliance:report

Request body

Section titled “Request body”
FieldTypeDescription
credential_formatstringdc+sd-jwt or mso_mdoc
algorithmstringES256, ES384, ES512, EdDSA
client_id_schemestringx509_san_dns, verifier_attestation, etc.
response_modestringdirect_post

All fields are optional. Only provided fields are checked.

Response

Section titled “Response”
{
  "profile": "HAIP v1.0",
  "checks": [
    { "check": "credential_format", "value": "dc+sd-jwt", "allowed": true },
    { "check": "algorithm", "value": "ES256", "allowed": true }
  ],
  "overall": "conformant"
}

See also

Section titled “See also”