Skip to main content
The Wede compliance report provides a daily breakdown of operational, security, and continuity data for audit and regulatory purposes. It is aligned with ISO 27001:2022, DORA, GDPR, and NIS2.

Endpoint

GET /v1/compliance/report
Requires authentication. Accessible to company_admin, company_tech, country_admin, wede_tech_ops, and wede_global_admin.

Parameters

ParameterTypeDefaultDescription
fromstring (YYYY-MM-DD)30 days agoStart of reporting period
tostring (YYYY-MM-DD)TodayEnd of reporting period
granularitystringdayAlways day in current version

Example

curl https://api.wede.pt/v1/compliance/report?from=2026-06-01&to=2026-06-30 \
  -H "x-wede-api-key: wede_live_YOUR_KEY"

Response Structure

{
  "meta": {
    "from": "2026-06-01",
    "to": "2026-06-30",
    "granularity": "day",
    "tenant_id": "9c145f7e-...",
    "generated_at": "2026-06-12T08:30:37Z",
    "standards": ["ISO 27001:2022", "DORA", "GDPR", "NIS2"]
  },
  "data": {
    "events": [...],
    "missions": [...],
    "dispatch": [...],
    "security": [...],
    "offline_sync": [...],
    "webhooks": [...],
    "active_users": [...],
    "audit_volume": [...]
  }
}

Data Sections

events

Operational events per day, grouped by vertical.
FieldDescription
dayDate (YYYY-MM-DD)
verticalOperational vertical (e.g. healthcare)
totalTotal events created
completedEvents with missions closed as COMPLETED
failedEvents with missions closed as FAILED
pendingEvents awaiting dispatch or mission close

missions

Mission lifecycle per day.
FieldDescription
dayDate
totalTotal missions created
completedMissions completed successfully
failedMissions closed as failed
avg_resolution_minAverage time from creation to close (minutes)

dispatch

Dispatch operations per day.
FieldDescription
dayDate
total_dispatchesTotal team dispatches
auto_dispatchesAuto-dispatched by score engine
manual_dispatchesManually dispatched by operator
tier1Dispatches to Tier 1 teams (action-allocated, full capability)
tier2Dispatches to Tier 2 teams (action-allocated, partial)
tier3Dispatches to Tier 3 teams (vertical fallback)

security

Security events per day. Required for ISO 27001 and DORA audit trails.
FieldDescription
dayDate
auth_failuresFailed authentication attempts
successful_loginsSuccessful logins
parser_violationsAttempts to modify protected parser fields (rejected)
api_key_revocationsAPI keys revoked
user_suspensionsUsers suspended

offline_sync

Offline device sync activity per day. Required for DORA operational continuity evidence.
FieldDescription
dayDate
devices_syncedDistinct devices that synced
sync_operationsTotal sync operations received
processedSuccessfully processed offline dispatches
duplicatesDuplicate operations rejected (idempotency)

webhooks

Webhook delivery per day.
FieldDescription
dayDate
deliveredSuccessfully delivered webhooks
failedFailed webhook deliveries

active_users

User activity per day.
FieldDescription
dayDate
active_usersDistinct users who performed at least one action
total_actionsTotal actions performed by users

audit_volume

Audit log statistics per day. The audit log is immutable — enforced by database trigger.
FieldDescription
dayDate
total_entriesTotal immutable audit log entries
distinct_usersUsers who generated audit events
distinct_actionsDistinct action types recorded

Export

To download the report as a JSON file: 
curl "https://api.wede.pt/v1/compliance/report/export?from=2026-06-01&to=2026-06-30" \
  -H "x-wede-api-key: wede_live_YOUR_KEY" \
  -o wede-compliance-report.json

Dashboard

The compliance report is also available in the Wede dashboard at app.wede.pt/dashboard/compliance, with four tabs:
  • Operations — events, missions, dispatch by day
  • Security — auth failures, parser violations, webhook delivery
  • Continuity — offline sync activity (DORA evidence)
  • Audit Volume — immutable audit log statistics
The dashboard supports date range selection and JSON export.

Standards Alignment

StandardRelevant sections
ISO 27001:2022security (auth failures, violations), audit_volume, active_users
DORAoffline_sync (continuity evidence), dispatch (operational resilience)
GDPRaudit_volume (access log), active_users (data subject activity)
NIS2security, missions (incident response time), offline_sync
The audit log underlying this report is immutable by construction. Entries are written by a PostgreSQL BEFORE UPDATE/DELETE trigger that cannot be bypassed by application code, not even by wede_global_admin. This provides tamper-evident evidence for regulatory audits.