Dokumentation
Documentation

Documentation

Learn how to work with ComplyLab, from the web app to the public API, deployments, and integrations.

Welcome to the documentation of ComplyLab.
Here you will find everything you need to work with the platform as an auditor, engineer, or compliance lead.

ComplyLab is available as a multi-tenant SaaS platform and can also be deployed in private cloud or on-premise environments for enterprise customers.
The platform exposes a public API described using an OpenAPI specification, which is available via Swagger UI at:

https://platform.complylab.ai/static/openapi

Use this page as your starting point to navigate all areas of the product, from the UI to the API and deployment options.

1. Getting started

If you are new to ComplyLab, start here.

  • Understanding organizations and workspaces
  • Connecting your first compliance framework (e.g. ISO 27001, SOC 2, NIST)
  • Creating an assessment and assigning owners
  • Uploading and managing evidence
  • Generating your first report

Recommended reading:

  • Introduction to ComplyLab
  • Core concepts: organizations, workspaces, frameworks, controls, evidence
  • Quickstart: run your first assessment

2. Using the web application

Learn how to use the ComplyLab UI for day-to-day compliance operations.

2.1 Organizations, workspaces & teams

  • Creating and managing organizations (for multi-entity setups)
  • Creating and managing workspaces
  • Inviting users and managing roles
  • Setting up teams and access boundaries for larger organizations

2.2 Frameworks, controls & mappings

  • Browsing and activating built‑in frameworks
  • Creating custom frameworks and requirements
  • Mapping controls across multiple standards
  • Reusing evidence across frameworks

2.3 Assessments & tasks

  • Creating periodic and one‑off assessments
  • Assigning tasks to control owners
  • Tracking progress and deadlines
  • Collaboration, comments and mentions

2.4 Evidence & files

  • Uploading evidence and linking it to controls
  • Versioning and history
  • Evidence review workflows
  • Exporting evidence packages for auditors

2.5 Reporting

  • Generating internal status reports
  • Exporting report packages for external auditors
  • Custom report templates (where available)

3. API & integrations

The ComplyLab API allows you to automate and integrate the platform with your existing tooling (CI/CD, ticketing, HR, cloud providers, GRC, etc.).

3.1 OpenAPI & Swagger UI

The full API surface is described by an OpenAPI document and exposed via Swagger UI at:

https://platform.complylab.ai/static/openapi

Use this to:

  • Inspect all available endpoints and models
  • Try out API calls interactively
  • Generate client SDKs using your preferred tooling

3.2 Authentication

  • API authentication and tokens
  • Recommended patterns for server‑side integrations
  • Handling token rotation and secret storage

3.3 Core resources

Typical resources exposed by the API include (non‑exhaustive):

  • Organizations & workspaces
  • Users and access control
  • Frameworks, requirements and controls
  • Assessments and tasks
  • Evidence and file objects
  • Reports and exports

For the exact schema, fields, and request/response shapes, refer to the live OpenAPI specification.

3.4 Webhooks & eventing

  • Receiving notifications for changes (e.g. evidence uploaded, task updated)
  • Securing webhook endpoints
  • Recommended retry and error‑handling patterns

3.5 Rate limits & errors

  • Rate limiting behavior
  • Error response structure
  • Idempotency guidelines for integrations

4. Deployment & architecture

ComplyLab is designed for both SaaS and enterprise deployments.

4.1 SaaS (cloud) deployment

  • Multi‑tenant architecture overview
  • Data isolation and residency options
  • Availability, backups and disaster recovery
  • Monitoring and observability for your tenant

4.2 Private cloud / on‑premise deployments

  • Supported environments (Kubernetes, VM‑based)
  • High‑level installation and configuration steps
  • Connectivity to enterprise SSO, logging and monitoring stacks
  • Upgrade and maintenance strategy

4.3 Hybrid patterns

  • Using ComplyLab SaaS with sensitive data on‑premise
  • Recommended integration and networking patterns

5. Security, governance & enterprise features

5.1 Identity & access management

  • SSO/SAML/OIDC integration
  • Role‑based access control (RBAC)
  • Least privilege recommendations for large organizations

5.2 Data protection

  • Encryption in transit and at rest
  • Key management responsibilities
  • Data retention and deletion

5.3 Auditability

  • System audit logs
  • Access and activity trails for evidence and reports

6. Release notes & change log

Stay up to date on platform and API changes.

  • Latest release notes
  • API‑related breaking changes (referenced from the OpenAPI spec)
  • Deprecation notices and migration guidance

7. Where to go next

  • If you are an auditor or compliance lead → start with Getting started and Using the web application.
  • If you are a developer or platform engineer → start with API & integrations and the OpenAPI/Swagger UI.
  • If you are an enterprise architect or security owner → see Deployment & architecture and Security, governance & enterprise features.

As the platform evolves, this page will remain the central index pointing to deeper guides, API reference sections, and deployment documentation.

Overview

Next Page

On this page

1. Getting started2. Using the web application2.1 Organizations, workspaces & teams2.2 Frameworks, controls & mappings2.3 Assessments & tasks2.4 Evidence & files2.5 Reporting3. API & integrations3.1 OpenAPI & Swagger UI3.2 Authentication3.3 Core resources3.4 Webhooks & eventing3.5 Rate limits & errors4. Deployment & architecture4.1 SaaS (cloud) deployment4.2 Private cloud / on‑premise deployments4.3 Hybrid patterns5. Security, governance & enterprise features5.1 Identity & access management5.2 Data protection5.3 Auditability6. Release notes & change log7. Where to go next