Step 1: Get Your API Key

Contact Eve to obtain your Partner API key. Keep this key secure - it provides access to your Partner account.

Step 2: Onboard Your Partner Account

Onboarding creates your company and default business entity using your Partner’s configured framework. 
POST /v1/onboard
Content-Type: application/json
X-API-Key: your-api-key

{
  "name": "Acme Corporation",
  "legalName": "Acme Corporation Inc."
}
Response: 
{
  "companyId": "01ABC...",
  "businessEntityId": "01XYZ...",
  "message": "Company onboarded successfully.",
  "companyApiKey": "eve_ck_..."
}
Save these IDs - you’ll need companyId and businessEntityId for future operations. After onboarding, update your company with accurate business information: 
PATCH /v1/companies/{companyId}
Content-Type: application/json
X-API-Key: your-api-key

{
  "name": "Acme Corporation",
  "legalName": "Acme Corporation Inc.",
  "country": "US",
  "city": "San Francisco",
  "address": "123 Main Street",
  "postalCode": "94102",
  "phone": "+1-555-123-4567",
  "taxId": "12-3456789"
}

Step 4: (Optional) Create Additional Business Entities

Create separate business entities for different organizational units: 
POST /v1/business-entities
Content-Type: application/json
X-API-Key: your-api-key

{
  "name": "EMEA Operations"
}
Response: 
{
  "id": "01BE...",
  "name": "EMEA Operations"
}

Step 5: Discover Compliance Frameworks and Controls

Before submitting documents, discover which frameworks and controls are available: 
# List all frameworks with their controls
GET /v1/compliance-frameworks
X-API-Key: your-api-key
Response: 
{
  "frameworks": [
    {
      "id": "01FRM...",
      "name": "ISO 27001:2022",
      "frameworkType": "ISO 27001",
      "controls": [
        { "id": "01CTL...", "name": "Access Control", "version": "1.0" }
      ]
    }
  ]
}
Save the frameworkId and controlId — you may need them when submitting documents (optional if your partner has only one whitelisted framework/control).

Step 6: Submit Documents

Option A: Create new compliance review 
POST /v1/documents/submit
Content-Type: multipart/form-data
X-API-Key: your-api-key

files[]: policy.pdf
businessEntityId: 01BE...              // Required (Mode A). Business entity to create review for
controlId: 01CTL...                    // Optional. Uses partner's default control if omitted
selectedControlClusterIds: ["01CLU...","01CLU..."]   // Optional. JSON array of cluster ULIDs — includes all items in those clusters
selectedControlItemIds: ["01CTI..."]   // Optional. JSON array of specific control item ULIDs
auditLanguageId: 01LNG...              // Optional. Language for audit output
Option B: Add to existing review 
POST /v1/documents/submit
Content-Type: multipart/form-data
X-API-Key: your-api-key

files[]: additional-doc.pdf
complianceReviewId: 01REV...           // Required (Mode B). Appends to existing review
selectedControlClusterIds: ["01CLU..."]  // Optional. Narrows scope to items in these clusters
selectedControlItemIds: ["01CTI...","01CTI..."]  // Optional. Narrows scope to specific items
auditLanguageId: 01LNG...              // Optional
Note: Provide either businessEntityId OR complianceReviewId, not both. Control Item Selection (both modes):
  • Both selectedControlClusterIds + selectedControlItemIds → union of cluster items and individual items
  • Clusters only → all non-obsolete items within those clusters
  • Items only → only those specific items
  • Neither → all non-obsolete items across the entire control (default)
Large files (> 50 MB)? Use the chunked upload flow instead — see Chunked Upload for Large Files below.
Response: 
{
  "documentId": "01DOC...",
  "complianceReviewId": "01REV...",
  "status": "Pending",
  "files": [
    { "fileName": "policy.pdf", "type": "parent" }
  ],
  "controlItemCount": 42,
  "message": "Documents submitted for processing."
}

Step 7: Poll for Results

# Check status (poll every 3-5 minutes)
GET /v1/documents/{documentId}/status

# Get full results when status is "Processed"
GET /v1/documents/{documentId}/result

# Optional query parameters for /result:
# ?complianceLevel=Not Compliant     // Filter by score band: "Not Compliant", "Partially Compliant", "Mostly Compliant", "Fully Compliant"
# ?fields=documentId,complianceItems.controlItemName,complianceItems.result.score  // Return only specific fields (comma-separated dot-notation)
Example filtered result call: 
GET /v1/documents/01DOC.../result?complianceLevel=Not%20Compliant&fields=documentId,complianceItems.controlItemName,complianceItems.result.score
X-API-Key: your-api-key