Infrastructure Plan · Pilot API Sandbox

API Center

Integrate ReguShield AI into your compliance stack via REST API, webhooks and batch scoring. API keys, webhooks, batch scoring, audit logs and tenant-scoped access — all scoped to the Infrastructure plan.

Pilot API Sandbox

The examples below are sandbox-level demonstrations of the API design. Production integration requires Enterprise API integration after technical onboarding — including security review, data field mapping and customer approval.

Start Enterprise Onboarding →View All Integrations

Capabilities

What the API unlocks

🔑

API Keys

Infrastructure

Scoped API keys with configurable read/write permissions. Rotate keys without downtime.

🪝

Webhooks

Infrastructure

Push risk events and compliance alerts to your systems when triggered. HMAC-signed payloads.

📊

Batch Processing

Infrastructure

Submit up to 1,000 records per batch. Async processing with webhook delivery on completion.

⚡

Transaction Scoring

Sandbox / Infrastructure

Real-time compliance scoring via POST endpoint. Risk level, regulatory basis and AI reasoning.

🔒

Tenant-Scoped Auth

Infrastructure

All requests are bound to a workspace ID. OAuth 2.0 and API key authentication.

📋

Audit Logs

Infrastructure

Every API call logged with user, workspace, timestamp and outcome. Available for compliance review.

Architecture

Where the API sits in the stack

API feeds enter the same five-layer compliance pipeline as file uploads — normalised, mapped to regulatory frameworks, scored and delivered as decisions, webhooks or reports.

API calls are tenant-scoped at the ingestion layer

Every request is logged in the immutable audit trail

Webhook events are HMAC-signed for verified delivery

Batch jobs are processed async — results pushed via webhook

Customer Data Sources

CSV · Excel · PDF · API Feed · DB Export · SharePoint · Drive · SAP · Oracle · Salesforce

ReguShield Ingestion Layer

Parsing · Column Mapping · OCR · Schema Normalization · Tenant Isolation

Regulatory Mapping Engine

AMLA 2027 · MiCA · DORA · EU AI Act · AMLR · AMLD6 · Travel Rule · FATF

Decision Engine

Risk Scoring · EDD Triggers · Sector Context · Exposure Calculation · AI Reasoning

Actions / Reports / API Events

Executive Reports · Audit Trail · Webhook Events · Copilot Reasoning · Case Archive

All data passes through tenant-isolated workspace — no cross-tenant access at any layer.

API Keys

Credential management

Sandbox illustration — available on Infrastructure plan after Enterprise Onboarding.

ReguShield — API Keys · Sandbox IllustrationSandbox

Active API Keys

Production Keyactive

rgs_live_••••••••••4f2a

Scope: read:analyze write:batch · Created 2026-05-01

Webhook Signing Secretactive

whsec_••••••••••8c3d

Scope: webhooks · Created 2026-05-01

Staging Keyactive

rgs_test_••••••••••1b9e

Scope: read:analyze · Created 2026-05-15

API Documentation

Endpoints

Base URL: https://api.regushield.ai/v1

POST/api/analyzeSandbox exampleSubmit a transaction or entity for compliance risk scoring.

Request Body

{
  "amount": 7500,
  "country": "AE",
  "pep": true
}

Response

{
  "risk_score": 87,
  "risk_level": "HIGH",
  "required_action": "EDD_REQUIRED",
  "regulations": ["AMLA 2027", "FATF Rec. 10"],
  "reasoning": "PEP involvement combined with
high-risk jurisdiction triggers enhanced
due diligence under AMLA Article 18."
}

POST/api/batchSandbox exampleSubmit up to 1,000 records for async compliance processing.

Request Body

{
  "records": [
    { "id": "TX-001", "amount": 1200, "country": "DE" },
    { "id": "TX-002", "amount": 45000, "country": "RU",
      "pep": true }
  ],
  "sector": "FinTech",
  "webhook_url": "https://your-domain.com/webhook"
}

Response

{
  "batch_id": "batch_9f3c2a1e",
  "status": "processing",
  "record_count": 2,
  "estimated_completion": "2026-06-02T14:35:00Z"
}

GET/api/report/{workspace_id}Sandbox exampleRetrieve the latest executive compliance report for a workspace.

Response

{
  "workspace_id": "ws_abc123",
  "generated_at": "2026-06-02T12:00:00Z",
  "compliance_score": 74,
  "high_risk_count": 3,
  "medium_risk_count": 11,
  "regulations_covered": ["AMLA","MiCA","DORA","AI Act"],
  "report_url": "https://app.regushield.ai/..."
}

POST/api/webhooks/registerSandbox exampleRegister a webhook to receive real-time risk events.

Request Body

{
  "url": "https://your-domain.com/compliance-events",
  "events": [
    "HIGH_RISK_DETECTED",
    "EDD_REQUIRED",
    "REPORT_READY"
  ],
  "secret": "whsec_your_signing_secret"
}

Response

{
  "webhook_id": "wh_7d4e2f1a",
  "status": "active",
  "events": ["HIGH_RISK_DETECTED","EDD_REQUIRED",
             "REPORT_READY"],
  "created_at": "2026-06-02T12:00:00Z"
}

Test Endpoint

Try the API — Sandbox

Sandbox example of the compliance scoring endpoint. Not connected to a live production system.

POST /api/analyzeSandbox

POST/api/analyze

amount

7500

country

pep

true

200 OK142ms

{
  "risk_score": 87,
  "risk_level": "HIGH",
  "required_action":
    "EDD_REQUIRED",
  "regulations": [
    "AMLA 2027",
    "FATF Rec. 10"
  ],
  "reasoning": "PEP + high-risk
  jurisdiction triggers EDD
  under AMLA Article 18."
}

Infrastructure Plan required. API keys, webhooks, batch scoring, audit logs and tenant-scoped access are available on the Infrastructure plan (3,000€+/month). Production integration requires security review, data field mapping and customer approval. Enterprise Onboarding →

Ingestion Methods by Plan

What is available at each tier?

LegendLiveBeta (Copilot+)Sandbox (Infra)Enterprise Onboarding

Ingestion Method	Visibility	Compliance Copilot	Infrastructure
CSV upload	Live	Live	Live
Excel upload	Live	Live	Live
PDF (beta)	—	Beta	Beta
API Feed	—	—	Sandbox
Webhooks	—	—	Sandbox
Database Export	—	—	Enterprise Onboarding
SharePoint / Google Drive	—	—	Enterprise Onboarding
SAP / Oracle	—	—	Enterprise Onboarding
Salesforce / Dynamics	—	—	Enterprise Onboarding

If your data format is not listed — we map it during enterprise onboarding. hello@regushield.ai

Enterprise Readiness

API deployment controls

🧪Available Now

Pilot Sandbox Available

CSV, Excel and API sandbox endpoints are available immediately for technical evaluation without production commitment.

🔧Onboarding Required

Production Integration via Enterprise Onboarding

API, webhooks, database connectors and enterprise system integrations are deployed through a structured onboarding engagement with security review.

🗂All Enterprise Plans

Data Mapping Included

Your internal field names do not need to match ReguShield's schema. Field mapping is performed during onboarding — no manual data model rebuild required.

🔐Built-In

Tenant Isolation

All data, API calls and workspace sessions are scoped to a unique tenant workspace ID. No cross-tenant data access at any layer.

📋Built-In

Audit Logging

Every upload, case event, API call and copilot interaction is logged with user identity, timestamp and outcome. Available for compliance and security review.

✅Built-In

Admin Approval Workflow

All pilot access requests and API credential issuance go through a manual admin review. No self-serve production access without approval.

Trust Center

Security by design — API layer.

Every API call passes through the same tenant-isolated, auth-protected, audit-logged infrastructure as the pilot workspace.

Tenant-Scoped

Data Isolation

Every tenant workspace is isolated by a unique workspace ID enforced at the database, API and authentication layers. No data is shared across customers.

Supabase Auth

Authentication

Supabase email/password authentication with admin approval gate. Every pilot access request is manually reviewed before workspace credentials are issued.

Immutable Trail

Audit Logs

Every upload, case status change, AI copilot interaction and API call is logged with user identity, workspace ID, timestamp and outcome. Immutable audit trail.

Server-Side Only

Environment Secrets

All service credentials — Supabase, OpenAI, API keys — are protected as server-side environment variables. No sensitive keys are ever exposed to the client.

Not Legal Advice

Compliance Decision Support

ReguShield AI is decision-support infrastructure — not legal advice and not a substitute for qualified legal counsel. Output should be reviewed by your compliance team.

Manual Review

Enterprise Onboarding

Production API access, custom connectors and dedicated environments require an onboarding engagement — security review, data field mapping and customer approval before deployment.

ReguShield AI provides compliance decision-support infrastructure. Outputs do not constitute legal advice, regulatory approval, or a substitute for qualified legal counsel. All production deployments require enterprise security review and customer approval.

Enterprise Onboarding Process →hello@regushield.ai