GET/api/v1/compliance/soc2/evidence

Raw SOC 2 evidence row export (auditor-facing)

Auditor-grade row dump from soc2_control_evidence — paginated, filterable by control / evidence_type / date range. Each row includes the canonical JSON payload + payload_hash so the auditor can recompute SHA-256 and verify tamper-detection. Rate-limited tighter than dashboard summary (5/min).

Authentication

Send Authorization: Bearer YOUR_API_KEY on every request. Generate API keys at /dashboard/api-keys.

Parameters

orgId in queryrequired
string
controlId in query
string
evidenceType in query
string
from in query
string
to in query
string
limit in query
integer
offset in query
integer
format in query

Set to 'csv' to receive an RFC-4180 attachment download instead of JSON.

string

Response

200 example

{
  "success": true
}

All status codes

200Rows + total + pagination cursors (JSON), or RFC-4180 CSV attachment when format=csv.
400Invalid params.

Code samples

cURL

curl -X GET \
  https://evalguard.ai/api/v1/compliance/soc2/evidence \
  -H "Authorization: Bearer $EVALGUARD_API_KEY" \

TypeScript

import { EvalGuard } from "@evalguard/sdk";

const client = new EvalGuard({ apiKey: process.env.EVALGUARD_API_KEY });

const response = await client.request({
  method: "GET",
  path: "/api/v1/compliance/soc2/evidence",
});
console.log(response);

Python

from evalguard import EvalGuard
import os

client = EvalGuard(api_key=os.environ["EVALGUARD_API_KEY"])

response = client.request(method="GET", path="/api/v1/compliance/soc2/evidence")
print(response)

Go

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/evalguard/evalguard-go"
)

func main() {
	client := evalguard.NewClient(os.Getenv("EVALGUARD_API_KEY"))
	resp, err := client.Request(context.Background(), "GET", "/api/v1/compliance/soc2/evidence", nil)
	if err != nil { panic(err) }
	fmt.Println(resp)
}

Errors

400

Other Compliance endpoints