API Documentation
Integrate EU AI Act and GDPR compliance scanning directly into your CI/CD pipeline, monitoring dashboards, or internal tools. The CompliPilot API returns structured compliance reports in JSON format.
API Access — Professional Plan and Above
API access is available on the Professional plan ($99/mo) and above. Free and Starter plans can use the web-based scanner instead.
Base URL
https://complipilot.dev/api
Authentication
All API requests require an API key passed in the Authorization header using Bearer token format. You can find your API key in the Dashboard under Settings.
Authorization: Bearer YOUR_API_KEY
Scan Endpoint
/api/scanScans a given URL for EU AI Act and GDPR compliance issues. Returns a structured report with scores across four categories: AI Act, GDPR, Data Protection, and Transparency.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| url | string | Yes | The full URL to scan (must include https:// or http://) |
Response Format
| Field | Type | Description |
|---|---|---|
| url | string | The scanned URL |
| overallScore | number | Overall compliance score (0-100) |
| categoryScores | object | Scores per category: aiAct, gdpr, dataProtection, transparency (each 0-100) |
| issues | array | List of compliance issues found, each with category, severity, title, description, and recommendation |
| scannedAt | string | ISO 8601 timestamp of the scan |
Issue Severity Levels
Code Examples
cURL
curl -X POST https://complipilot.dev/api/scan \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{"url": "https://example.com"}'JavaScript (fetch)
const response = await fetch("https://complipilot.dev/api/scan", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_KEY",
},
body: JSON.stringify({ url: "https://example.com" }),
});
const result = await response.json();
console.log("Overall score:", result.overallScore);
console.log("Issues found:", result.issues.length);
// Filter critical issues
const critical = result.issues.filter(
(issue) => issue.severity === "critical"
);
console.log("Critical issues:", critical.length);Python (requests)
import requests
response = requests.post(
"https://complipilot.dev/api/scan",
headers={
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_KEY",
},
json={"url": "https://example.com"},
)
result = response.json()
print(f"Overall score: {result['overallScore']}/100")
for issue in result["issues"]:
print(f"[{issue['severity']}] {issue['title']}")
print(f" → {issue['recommendation']}")
print()Example Response
{
"url": "https://example.com",
"overallScore": 62,
"categoryScores": {
"aiAct": 50,
"gdpr": 65,
"dataProtection": 75,
"transparency": 60
},
"issues": [
{
"category": "aiAct",
"severity": "critical",
"title": "AI usage detected but not disclosed",
"description": "The page contains indicators of AI usage but no clear disclosure to users.",
"recommendation": "Add a visible AI disclosure statement (EU AI Act Art. 50)."
},
{
"category": "gdpr",
"severity": "critical",
"title": "No cookie consent mechanism detected",
"description": "No cookie consent banner or CMP was found on the page.",
"recommendation": "Implement a cookie consent banner that blocks non-essential cookies."
}
],
"scannedAt": "2026-03-25T10:30:00.000Z"
}Rate Limits
| Plan | Scans per Month | Rate Limit |
|---|---|---|
| Free (web only) | 1 per day | 10 requests/hour |
| Starter | 10 | No API access |
| Professional | 50 | 60 requests/hour |
| Enterprise | Unlimited | 300 requests/hour |
Error Codes
| Status | Meaning | Resolution |
|---|---|---|
| 400 | Bad Request | Invalid JSON body or missing/invalid URL parameter |
| 401 | Unauthorized | Missing or invalid API key |
| 422 | Unprocessable Entity | URL could not be fetched (timeout, non-HTML, HTTP error) |
| 429 | Too Many Requests | Rate limit exceeded. Wait and retry, or upgrade your plan |
| 500 | Internal Server Error | Unexpected error. Contact support if persistent |
All error responses return a JSON object with an error field containing a human-readable message.
Ready to Integrate?
Get API access with the Professional plan. Automate compliance scanning across all your domains and integrate results into your existing workflows.