The purpose of the Events API is to streamline the gathering of compliance evidence by enabling you to post relevant events directly into your Aptible Comply instance. Events may then be processed into evidence if the event meets the conditions defined by an automation. This allows you to automatically create evidence to evaluate your controls and to respond to requests. The Events API is the first customer accessible portion to which enhancements and broader API scope may be exposed in the future.
With the initial release of our Events API, you (or an assigned partner) may begin posting Event data to your Comply instance. We recommend you consider both the associated Assets/Controls and the specific automations you would like to run before posting Events into Comply. A well scoped integration includes knowledge of one or both of the following:
- The Assets ID's to which your events should be automatically mapped and catalogued.
- Any event specific tags which you would like the ability to scope an automation to or apply logic against.
We would recommend that Events be posted with at least one of these attributes from which any new or pre-existing Compliance 'automations' will be processed upon receipt of each event.
payloads - Please note that the logic or rules associated with a 'automation' do not currently interrogate the JSON payload of the events posted via this associated endpoint.