Skip to main content
ASIRI

Review API-submitted evidence

Approve, reject, or map evidence submitted by API keys before it becomes part of your audit-facing posture.

Back to help center Contact support
Help center
Integrations and evidence6 min readUpdated May 2026Evidence > API submissions
Access needed
OwnerAdminControl ownerAuditor workspace manager
ASIRI evidence library with evidence records and statuses
Review API evidence with the same discipline as uploaded or connector-collected evidence: check owner, source, freshness, mapping, and review status.
ASIRI auditor workspace
Only reviewed evidence should be handed to auditors as audit-ready. Unreviewed API evidence should remain clearly marked.

Why review is required

Automated submission proves that a system sent data. It does not automatically prove that the evidence is sufficient, accurate, current, or mapped to the right control.

The review step preserves ASIRI’s human approval layer for legal, security, privacy, and audit-sensitive decisions.

Review a submission

  1. 1Open Evidence > API submissions.
  2. 2Filter for Needs review.
  3. 3Open the submitted evidence and inspect source, collection time, classification, personal-data flag, payload hash, and redacted fields.
  4. 4Confirm the evidence maps to the correct control or remediation task.
  5. 5Approve the evidence if it is accurate and useful, reject it if it is incorrect, or leave it pending with a note when more context is needed.
  6. 6Export the audit pack only after critical evidence has owner approval where required.

What auditors see

Audit exports distinguish manual uploads, connector evidence, and API-submitted evidence. API evidence includes submission ID, API key prefix, payload hash, redaction metadata, classification, personal-data flag, review status, and any export warning.

Related

Keep going in this area.

Submit evidence through the external API

Send audit evidence from internal systems into ASIRI with source metadata, payload hashes, redaction, freshness, review state, and control mappings.

Read article

Approve evidence and record owner sign-off

Use human review to approve high-risk evidence before it counts as audit-ready.

Read article

Export an audit-ready evidence pack

Generate an evidence pack with control trace, evidence inventory, raw payload hashes, blockers, approvals, and claim boundaries.

Read article