Discover available compliance frameworks and controls before submitting documents. When creating new compliance reviews, complianceFrameworkId and controlId are auto-resolved if the partner has exactly one whitelisted option, or must be specified if multiple are available. Endpoints:
  • GET /v1/compliance-frameworks (Partner Key or Company Key) — list published frameworks with nested controls
  • GET /v1/controls/items?controlId={controlId} (Partner Key or Company Key) — list control items for a control
Step 1: Discover frameworks and controls (single call)
  Partner ──GET /v1/compliance-frameworks──> API
         <── 200 OK { frameworks: [ { id, name, description, frameworkType,
                        controls: [ { id, name, version } ] } ] }

Step 2 (Optional): Browse control items for selective submission
  Partner ──GET /v1/controls/items?controlId={controlId}──> API
         <── 200 OK { items: [ { id, name, objective } ] }

Partner stores frameworkId + controlId for document submission.
Frameworks Response: 
{
  "frameworks": [
    {
      "id": "01FRM...",
      "name": "ISO 27001:2022",
      "description": "International standard for...",
      "frameworkType": "ISO 27001",
      "controls": [
        { "id": "01CTL...", "name": "Access Control", "version": "1.0" }
      ]
    }
  ]
}
Key behaviors:
  • Only published frameworks and controls are returned
  • Each framework includes its published controls nested inside — no separate call needed
  • controlId query parameter is required for the control items endpoint
  • Partners can pass specific control item IDs in selectedControlItemIds during document submission
  • If no selectedControlItemIds provided during submission, all control items from the specified control are used