Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.continum.co/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Evidence API provides endpoints for managing compliance evidence, including cryptographic verification, regulatory attestations, incident management, and evidence package generation.

Base URL

https://api.continum.co/evidence

Authentication

All Evidence API endpoints require authentication via the x-continum-key header: 
curl "https://api.continum.co/evidence/hash-chain/verify" \
  -H "x-continum-key: co_your_api_key_here"

Core Capabilities

Hash Chain Verification

Verify the cryptographic integrity of your compliance records: 
GET /evidence/hash-chain/verify
Ensures that no compliance signals have been tampered with.

Regulatory Attestations

View how your signals map to regulatory requirements: 
GET /evidence/attestations?framework=GDPR
Supports GDPR, SOC 2, ISO 27001, HIPAA, and more.

Incident Management

Track high-risk incidents through investigation and resolution: 
POST /evidence/incidents
PATCH /evidence/incidents/:id/status
GET /evidence/incidents/:id
Includes segregation of duties enforcement.

Evidence Packages

Generate audit-ready compliance reports: 
POST /evidence/packages
GET /evidence/packages/:id/download
Comprehensive packages for regulatory audits.

Compliance Policies

Define automated compliance policies: 
POST /evidence/policies
GET /evidence/policies/:id/report
Track policy enforcement and violations.

Data Retention

Manage data retention while preserving compliance evidence: 
POST /evidence/retention/policies
GET /evidence/retention/status
DELETE /evidence/retention/signals/:id
Respects regulatory retention requirements.

Pattern Correlation

Detect patterns across multiple signals: 
POST /evidence/correlations/detect
GET /evidence/correlations/:id
Identifies systemic compliance issues.

External Auditor API

Grant read-only access to external auditors: 
https://api.continum.co/auditor
Auditors use Bearer token authentication: 
curl "https://api.continum.co/auditor/signals?customerId=cust_123" \
  -H "Authorization: Bearer aud_token_abc123"

Auditor Permissions

  • READ_SIGNALS: View compliance signals
  • READ_ATTESTATIONS: View regulatory mappings
  • READ_INCIDENTS: View incident trails
  • VERIFY_HASH_CHAIN: Verify cryptographic integrity
  • DOWNLOAD_PACKAGES: Download evidence packages

Response Format

Success Response

{
  "success": true,
  "data": {
    // Response data
  }
}

Error Response

{
  "statusCode": 400,
  "message": "Bad Request",
  "error": "Invalid request parameters"
}

Common Parameters

Date Range

Many endpoints support date range filtering: 
?startDate=2024-01-01T00:00:00Z&endDate=2024-12-31T23:59:59Z

Framework

Filter by regulatory framework: 
?framework=GDPR
Options: GDPR, SOC2, ISO27001, HIPAA, CCPA, EU_AI_ACT, PCI_DSS

Pagination

List endpoints support pagination: 
?page=1&limit=50

Rate Limiting

Evidence API endpoints have the same rate limits as other Continum APIs:
PlanRate LimitBurst
DEV10 req/s50
PRO100 req/s500
PRO_MAX500 req/s2500
ENTERPRISECustomCustom

Endpoint Categories

Hash Chain

Verify cryptographic integrity

Attestations

Regulatory requirement mappings

Incidents

Track high-risk incidents

Evidence Concepts

Learn about compliance evidence

Dashboard

View evidence in dashboard

Retention

Data retention management

Correlations

Pattern detection

Auditor API

External auditor access

Use Cases

SOC 2 Type II Audit

Generate a comprehensive evidence package for your SOC 2 audit: 
curl -X POST "https://api.continum.co/evidence/packages" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "framework": "SOC2",
    "startDate": "2024-01-01T00:00:00Z",
    "endDate": "2024-12-31T23:59:59Z",
    "includeIncidents": true,
    "includeHashChain": true
  }'

GDPR Compliance Verification

Verify GDPR compliance coverage: 
curl "https://api.continum.co/evidence/attestations/coverage?framework=GDPR" \
  -H "x-continum-key: co_your_api_key_here"

Incident Response

Track a high-risk incident through resolution: 
# Create incident
curl -X POST "https://api.continum.co/evidence/incidents" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"signalId": "sig_abc123"}'

# Update status
curl -X PATCH "https://api.continum.co/evidence/incidents/inc_123/status" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "INVESTIGATING",
    "userId": "compliance_officer_123",
    "userRole": "COMPLIANCE_OFFICER"
  }'

Tamper Detection

Verify that compliance records haven’t been tampered with: 
curl "https://api.continum.co/evidence/hash-chain/verify" \
  -H "x-continum-key: co_your_api_key_here"

Best Practices

Regular Verification

Verify hash chain integrity regularly:
  • Daily automated checks
  • Before generating evidence packages
  • During security audits

Evidence Package Generation

Generate evidence packages:
  • Quarterly for internal reviews
  • Annually for compliance audits
  • On-demand for security assessments

Incident Management

Establish clear incident workflows:
  • Immediate response for CRITICAL
  • 24-hour response for HIGH
  • Segregation of duties for verification

Auditor Access

Grant auditor access securely:
  • Time-limited tokens
  • Minimum required permissions
  • Log all auditor activity

Next Steps

Evidence Concepts

Learn about evidence and compliance

Incident Management

Understand incident workflows

Dashboard

View evidence in dashboard

Evidence Concepts

Learn about compliance evidence