Evidence
/api/v1/grc/evidenceEvidence collected against a Control.
listgetcreateupdateSchema
| Field | Type | Notes |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | frontend | backend | server | system | apiWhere the write originated. Defaults to 'api'. |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| control_ids | json | IDs of Controls this evidence satisfies. One evidence item may cover multiple controls. |
| name | string | Short descriptive name of the evidence. |
| description | string | Description of what this evidence demonstrates. |
| evidence_type | string | Classification of the evidence artifact. |
| collection_method | string | How the evidence was collected. |
| document_id | string | ID of the bound source Document, if stored as a Document. |
| chunk_ids | json | IDs of text chunks extracted from the source document. |
| minio_ref | string | Direct MinIO file pointer when not backed by a Document. |
| period | json | Validity window the evidence covers. |
| collected_at | date-time | ISO 8601 timestamp when the evidence was collected. |
| collected_by | string | ID of the user or service that collected the evidence. |
| assessor | string | Name of the external auditor who assessed this evidence, if applicable. |
| assessment_result | string | Outcome of the assessment of this evidence. |
| findings | json | Key findings from the assessment. |
| recommendations | json | Recommendations arising from this evidence review. |
| expiry_date | date-time | Date after which this evidence is no longer considered fresh. |
| next_collection_date | date-time | Date when evidence should next be collected. |
| connector_id | string | ID of the Connector used to collect this evidence automatically. |
| custom_fields | json | Tenant-defined additional fields. |
| tags | json | Free-form tags for filtering. |
API
client.grc.evidence.*Loading manifest…