AugIx System LLP
AugIx System Augmenting Enterprise Intelligence in GRC
Home
Quick Connect Book Demo
Back
Technical Reference April 18, 2026 · 20 min read

API Integration Guide

Complete reference for integrating AUDITDEX with enterprise applications via REST API, including authentication, endpoints, webhooks, and rate limits.

Share LinkedIn X (Twitter)

Overview

The AUDITDEX REST API allows enterprise applications to push evidence, trigger workflows, and pull reporting data programmatically. All API communication occurs over HTTPS. The base URL for all endpoints is:

https://api.augixsys.com/v1

Authentication

AUDITDEX uses OAuth 2.0 client credentials flow for API authentication.

Obtaining a Token

POST https://api.augixsys.com/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&scope=evidence:write controls:read reports:read

Response:

{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "evidence:write controls:read reports:read"
}

Tokens expire after 60 minutes. Implement token refresh logic in your integration — do not store long-lived tokens.

Core Endpoints

List Engagements

GET /engagements
Authorization: Bearer {token}

Returns paginated list of engagements accessible to the authenticated client.

Submit Evidence

POST /engagements/{engagement_id}/evidence
Authorization: Bearer {token}
Content-Type: multipart/form-data

control_id: ctrl_abc123
description: Q1 access review results
file: [binary]

Evidence files are automatically hashed (SHA-256) and stored immutably. The response includes the hash for your records.

Get Control Status

GET /engagements/{engagement_id}/controls/{control_id}
Authorization: Bearer {token}

Returns current testing status, findings, and linked evidence for a control.

Webhooks

Configure webhooks in Settings → Integrations → Webhooks to receive real-time notifications for:

  • evidence.submitted — new evidence uploaded to an engagement
  • control.concluded — a control testing conclusion recorded
  • finding.raised — a new audit finding created
  • engagement.completed — an engagement closed

Webhook payload example:

{
  "event": "finding.raised",
  "timestamp": "2026-04-20T09:14:32Z",
  "data": {
    "engagement_id": "eng_xyz789",
    "finding_id": "fnd_def456",
    "severity": "significant",
    "control_id": "ctrl_abc123",
    "title": "Privileged access review not completed within SLA"
  }
}

Webhook deliveries are signed with HMAC-SHA256 using your webhook secret. Always verify the signature before processing.

Rate Limits

Plan Requests/minute Burst
Standard 60 100
Enterprise 600 1000
Unlimited No limit

Rate limit headers are included in every response:

X-RateLimit-Limit: 600
X-RateLimit-Remaining: 597
X-RateLimit-Reset: 1745140800

Error Handling

All errors follow RFC 7807 (Problem Details):

{
  "type": "https://api.augixsys.com/errors/not-found",
  "title": "Resource Not Found",
  "status": 404,
  "detail": "Engagement eng_xyz789 not found or access denied",
  "instance": "/engagements/eng_xyz789"
}

Common status codes: 400 (validation error), 401 (invalid token), 403 (insufficient scope), 404 (not found), 429 (rate limited), 500 (server error).

SDK Support

Official SDKs are available for:

  • Python: pip install augixsys
  • Node.js: npm install @augixsys/client
  • Java: Maven Central com.augixsys:client

Contact support@augixsys.com to request an SDK for another language.

Share this article LinkedIn X (Twitter)

Ready to see AUDITDEX in action?

Book a personalised demo with our team.

← Knowledge Hub Book Demo