Knowledge Base

FormaOS Documentation

Comprehensive guides, tutorials, and API references to help you master the compliance operating system.

⌘K

Quick StartGet running in 15 minutes

API ReferenceComplete API documentation

Security DocsEnterprise security details

TroubleshootingSolve common issues

Open Guides

Quick Start Guide

Get up and running in 15 minutes

Platform Overview

Understanding FormaOS architecture

Your First Workflow

Create and deploy a compliance workflow

User & Role Setup

Configure team access and permissions

REST API v1

API Reference

Programmatic access to audit logs, compliance metrics, evidence, and tasks. All endpoints return JSON and require Bearer token authentication.

Authentication

All API requests require a valid Bearer token in the Authorization header. Tokens are issued as Supabase JWTs when a user authenticates. Include the token with every request.

auth-example.shbash

# Include your Bearer token in every request
curl -X GET "https://api.formaos.com/v1/compliance" \
 -H "Authorization: Bearer <YOUR_API_TOKEN>" \
 -H "Content-Type: application/json"

Rate Limiting

Requests are rate-limited per endpoint. Exceeding the limit returns a 429 status with a retryAfter timestamp.

/audit-logs, /compliance60 req/min

/evidence, /tasks100 req/min

Base URL & Security

All endpoints are served over HTTPS at the base URL below. Requests over plain HTTP are rejected.

https://api.formaos.com/v1

Retrieve audit log entries for your organization. Returns a time-ordered list of actions, actors, and metadata for compliance tracking and investigation.

VIEW_CONTROLS60 requests / minute

Query Parameters

Parameter	Type	Required	Description
`action`	string	Optional	Filter by action type (e.g. "policy.updated", "user.login")
`startDate`	ISO 8601	Optional	Return logs created on or after this timestamp
`endDate`	ISO 8601	Optional	Return logs created on or before this timestamp
`limit`	integer	Optional	Maximum number of results (1-200)(default: 50)

Request Example

request.shbash

curl -X GET \
 "https://api.formaos.com/v1/audit-logs?limit=10&action=policy.updated" \
 -H "Authorization: Bearer $API_KEY" \
 -H "Content-Type: application/json"

Response 200 OK

response.jsonjson

{
  "logs": [
    {
      "id": "log_9f8e7d6c",
      "action": "policy.updated",
      "target": "policy_abc123",
      "actor_email": "admin@example.com",
      "domain": "compliance",
      "severity": "info",
      "metadata": {
        "field": "status",
        "from": "draft",
        "to": "active"
      },
      "created_at": "2026-02-10T14:32:00Z"
    }
  ],
  "total": 1,
  "limit": 10,
  "filters": {
    "action": "policy.updated",
    "startDate": null,
    "endDate": null
  }
}

Error Responses

All errors return a JSON object with an error field describing the issue. Use the HTTP status code to determine the category.

401Unauthorized

{
  "error": "Unauthorized - Bearer token required"
}

403Forbidden

{
  "error": "Forbidden - Insufficient permissions"
}

429Rate Limited

{
  "error": "Rate limit exceeded",
  "retryAfter": "2026-02-12T09:16:00Z"
}

500Server Error

{
  "error": "Internal server error"
}

Can't find what you're looking for?

Our support team is here to help. Reach out for personalized guidance or schedule a technical consultation.

Contact Support Browse FAQ

FormaOS Documentation

Getting Started

Quick Start Guide

Platform Overview

Your First Workflow

User & Role Setup

Core Platform

Security & Governance

Integrations

Administration

Support Resources

API Reference

Authentication

Rate Limiting

Base URL & Security

List Audit Logs

Query Parameters

Request Example

Response 200 OK

Get Compliance Metrics

List Evidence

List Tasks

Error Responses

Can't find what you're looking for?

See how FormaOS works for your team