Die EU-AI-Act-Engine als API.
Klassifiziere 80 Systeme in 5 Minuten statt 10 Stunden. Integriere Compliance-Checks in dein internes Tool, deine Zapier-Workflows oder dein eigenes SaaS.
Engine: AI-ACT-2024-1689-v5.12.0 · Spec-Version: 1.0.0
Quickstart
In 3 Schritten zum ersten API-Call.
API-Key erstellen
Settings → API-Keys → "Neuer Key". Der Secret wird genau einmal gezeigt — sicher speichern.
Request senden
Authentifiziere via Bearer-Header. JSON-Body mit Wizard-Antworten, sofortige Klassifikation in < 500ms.
Webhooks empfangen
Abonniere Events wie engine.version.bumped — HMAC-signiert, mit Retry-Queue.
curl -X POST https://ai-risk-check.com/api/v1/classify \
-H "Authorization: Bearer airc_live_a3f9b2c8..." \
-H "Content-Type: application/json" \
-d '{
"system_name": "Bewerber-Screening v2",
"sector": "hr",
"answers": {
"sector": "hr",
"role": "deployer",
"decision_autonomy": "high",
"affects_employment": true,
"gpai_used": true
}
}'{
"assessment_id": "asmt_x7k2m9p4q8r6",
"risk_level": "high_risk",
"annex_path": "annex_iii_4_a",
"role": "deployer",
"obligations": [ /* 20 Pflichten mit Article + Deadline */ ],
"confidence": "high",
"engine_version": "AI-ACT-2024-1689-v5.12.0",
"report_url": "https://ai-risk-check.com/app/systeme/.../ergebnis"
}Endpoints
9 Endpoints, gruppiert nach Funktion. Vollständige Spezifikation als OpenAPI 3.1 JSON.
Classification
/api/v1/classifyClassify a KI-System
Runs the EU AI Act classification engine against the provided wizard answers. Returns risk level, annex path, role, and the full obligation list.
/api/v1/assessments/{assessment_id}Fetch assessment by ID
/api/v1/assessments/{assessment_id}Update assessment status (Sprint 33)
Submit for review, approve, request changes, or reject. Mirrors the in-app review workflow but via API.
Documents
/api/v1/documents/generateGenerate a compliance document
Renders one of the five EU-AI-Act documents (FRIA, technical_doc, instructions, conformity_declaration, post_market_monitoring) in the requested format (markdown, html, docx, pdf).
/api/v1/audit-package/{assessment_id}Download the audit-package ZIP
Returns the complete signed audit package (JSON-LD manifest + reasoning trail + obligations + optionally the rendered documents).
Maturity
/api/v1/maturity/{workspace_id}Workspace maturity score
Returns the current Compliance-Maturity score (0..100), per-dimension breakdown, 30-day trend, and (if available) the anonymized peer-benchmark for the workspace sector.
Webhooks
/api/v1/webhooks/subscriptionsList webhook subscriptions
/api/v1/webhooks/subscriptionsCreate webhook subscription
Registers an HTTPS endpoint. Returns the plaintext signing secret EXACTLY ONCE. Subsequent reads only expose its prefix.
/api/v1/webhooks/subscriptions/{id}Delete webhook subscription
Webhook-Signatur verifizieren
Jede Webhook-Lieferung trägt den Header X-AIRC-Signature mit Timestamp und HMAC-SHA256. Verifiziere serverseitig vor Verarbeitung.
const crypto = require('crypto')
function verifySignature(rawBody, signatureHeader, secret) {
// Format: "t=<timestamp>,v1=<hmac-sha256-hex>"
const [tPart, vPart] = signatureHeader.split(',')
const timestamp = tPart.slice(2)
const v1 = vPart.slice(3)
const expected = crypto
.createHmac('sha256', secret)
.update(`${timestamp}.${rawBody}`)
.digest('hex')
if (expected !== v1) throw new Error('invalid signature')
}
app.post('/webhooks/airc', (req, res) => {
verifySignature(req.rawBody, req.headers['x-airc-signature'], process.env.AIRC_WEBHOOK_SECRET)
const { event, data } = JSON.parse(req.rawBody)
// handle event ...
res.status(200).end()
})Rate-Limits pro Plan
Rolling 60-Sekunden-Fenster. Bei Überschreitung HTTP 429 mit X-RateLimit-Reset-Header.
Bereit?
API-Key in 30 Sekunden erstellt, erster Call in < 5 Minuten produktiv.
API-Key erstellen