API Documentation

RESTful API reference for CSOAI Platform integration

Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer <your-jwt-token>

Base URLs

Production: https://api.csoai.org/api Sandbox: https://api-sandbox.csoai.org/api

Endpoints

GET /certificates

List user's certificates

Headers: Authorization: Bearer <token> // Response { "success": true, "data": [ { "certificateNumber": "CERT-ABC123...", "courseId": { "title": "CSOAI Professional" }, "issuedAt": "2026-02-01T00:00:00Z", "expiresAt": "2027-02-01T00:00:00Z" } ] }

GET /certificates/verify/:certificateNumber

Public endpoint - verify certificate (no auth required)

// Example: GET /api/certificates/verify/CERT-ABC123DEF456 // Response { "success": true, "data": { "isValid": true, "certificate": { "certificateNumber": "CERT-ABC123DEF456", "recipientName": "John Doe", "courseName": "CSOAI Professional", "issuedAt": "2026-02-01", "expiresAt": "2027-02-01" } } }

GET /profile

Get current user profile

Headers: Authorization: Bearer <token> // Response { "success": true, "data": { "firstName": "Nick", "lastName": "Templeman", "email": "nick@csoai.org", "role": "admin" } }

POST /auth/login

Authenticate user

// Request { "email": "user@example.com", "password": "********" } // Response { "success": true, "data": { "token": "eyJhbGciOiJIUzI1NiIs...", "user": { "id": "...", "email": "..." } } }

GET /compliance

Get compliance status across frameworks

// Response { "success": true, "data": { "complianceScore": 87, "frameworks": [ { "name": "ISO 42001", "score": 92 }, { "name": "NIST AI RMF", "score": 88 }, { "name": "EU AI Act", "score": 74 } ] } }

GET /courses

List available courses

// Response { "success": true, "data": [ { "_id": "...", "title": "CSOAI Professional", "description": "Chief AI Security Officer certification", "duration": "40 hours", "price": 1999 } ] }

Error Codes

400	Bad Request - Invalid parameters
401	Unauthorized - Invalid or missing token
403	Forbidden - Insufficient permissions
404	Not Found - Resource doesn't exist
429	Too Many Requests - Rate limit exceeded
500	Internal Server Error