Skip to main content

Overview

The Evidence API provides endpoints for managing compliance evidence, including cryptographic verification, regulatory attestations, incident management, and evidence package generation.

Base URL

https://api.continum.co/evidence

Authentication

All Evidence API endpoints require authentication via the x-continum-key header: 
curl "https://api.continum.co/evidence/hash-chain/verify" \
  -H "x-continum-key: co_your_api_key_here"

Core Capabilities

Hash Chain Verification

Verify the cryptographic integrity of your compliance records: 
GET /evidence/hash-chain/verify
Ensures that no compliance signals have been tampered with.

Regulatory Attestations

View how your signals map to regulatory requirements: 
GET /evidence/attestations?framework=GDPR
Supports GDPR, SOC 2, ISO 27001, HIPAA, and more.

Incident Management

Track high-risk incidents through investigation and resolution: 
POST /evidence/incidents
PATCH /evidence/incidents/:id/status
GET /evidence/incidents/:id
Includes segregation of duties enforcement.

Evidence Packages

Generate audit-ready compliance reports: 
POST /evidence/packages
GET /evidence/packages/:id/download
Comprehensive packages for regulatory audits.

Compliance Policies

Define automated compliance policies: 
POST /evidence/policies
GET /evidence/policies/:id/report
Track policy enforcement and violations.

Data Retention

Manage data retention while preserving compliance evidence: 
POST /evidence/retention/policies
GET /evidence/retention/status
DELETE /evidence/retention/signals/:id
Respects regulatory retention requirements.

Pattern Correlation

Detect patterns across multiple signals: 
POST /evidence/correlations/detect
GET /evidence/correlations/:id
Identifies systemic compliance issues.

External Auditor API

Grant read-only access to external auditors: 
https://api.continum.co/auditor
Auditors use Bearer token authentication: 
curl "https://api.continum.co/auditor/signals?customerId=cust_123" \
  -H "Authorization: Bearer aud_token_abc123"

Auditor Permissions

  • READ_SIGNALS: View compliance signals
  • READ_ATTESTATIONS: View regulatory mappings
  • READ_INCIDENTS: View incident trails
  • VERIFY_HASH_CHAIN: Verify cryptographic integrity
  • DOWNLOAD_PACKAGES: Download evidence packages

Response Format

Success Response

{
  "success": true,
  "data": {
    // Response data
  }
}

Error Response

{
  "statusCode": 400,
  "message": "Bad Request",
  "error": "Invalid request parameters"
}

Common Parameters

Date Range

Many endpoints support date range filtering: 
?startDate=2024-01-01T00:00:00Z&endDate=2024-12-31T23:59:59Z

Framework

Filter by regulatory framework: 
?framework=GDPR
Options: GDPR, SOC2, ISO27001, HIPAA, CCPA, EU_AI_ACT, PCI_DSS

Pagination

List endpoints support pagination: 
?page=1&limit=50

Rate Limiting

Evidence API endpoints have the same rate limits as other Continum APIs:
PlanRate LimitBurst
DEV10 req/s50
PRO100 req/s500
PRO_MAX500 req/s2500
ENTERPRISECustomCustom

Endpoint Categories

Hash Chain

Verify cryptographic integrity

Attestations

Regulatory requirement mappings

Incidents

Track high-risk incidents

Policies

Automated compliance policies

Packages

Generate audit reports

Retention

Data retention management

Correlations

Pattern detection

Auditor API

External auditor access

Use Cases

SOC 2 Type II Audit

Generate a comprehensive evidence package for your SOC 2 audit: 
curl -X POST "https://api.continum.co/evidence/packages" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "framework": "SOC2",
    "startDate": "2024-01-01T00:00:00Z",
    "endDate": "2024-12-31T23:59:59Z",
    "includeIncidents": true,
    "includeHashChain": true
  }'

GDPR Compliance Verification

Verify GDPR compliance coverage: 
curl "https://api.continum.co/evidence/attestations/coverage?framework=GDPR" \
  -H "x-continum-key: co_your_api_key_here"

Incident Response

Track a high-risk incident through resolution: 
# Create incident
curl -X POST "https://api.continum.co/evidence/incidents" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"signalId": "sig_abc123"}'

# Update status
curl -X PATCH "https://api.continum.co/evidence/incidents/inc_123/status" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "INVESTIGATING",
    "userId": "compliance_officer_123",
    "userRole": "COMPLIANCE_OFFICER"
  }'

Tamper Detection

Verify that compliance records haven’t been tampered with: 
curl "https://api.continum.co/evidence/hash-chain/verify" \
  -H "x-continum-key: co_your_api_key_here"

Best Practices

Regular Verification

Verify hash chain integrity regularly:
  • Daily automated checks
  • Before generating evidence packages
  • During security audits

Evidence Package Generation

Generate evidence packages:
  • Quarterly for internal reviews
  • Annually for compliance audits
  • On-demand for security assessments

Incident Management

Establish clear incident workflows:
  • Immediate response for CRITICAL
  • 24-hour response for HIGH
  • Segregation of duties for verification

Auditor Access

Grant auditor access securely:
  • Time-limited tokens
  • Minimum required permissions
  • Log all auditor activity

Next Steps

Evidence Concepts

Learn about evidence and compliance

Incident Management

Understand incident workflows

Dashboard

View evidence in dashboard

Compliance

Regulatory frameworks