Governance API
| Field | Value |
|---|---|
| Document ID | ASCEND-API-004 |
| Version | 2.0.0 |
| Last Updated | December 19, 2025 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 8 minutes | Skill Level: Intermediate
Overview
The Governance API allows you to configure policies, smart rules, and approval workflows that control how AI agent actions are evaluated and processed.
Base URL
https://pilot.owkai.app/api/governance
Smart Rules
Create Smart Rule
POST /api/smart-rules
Authorization: Bearer <admin_jwt>
Content-Type: application/json
{
"name": "High-Value Trade Approval",
"description": "Require manager approval for trades over $50,000",
"is_active": true,
"priority": 100,
"conditions": {
"action_type": "trade_execution",
"parameters.amount": {"$gte": 50000}
},
"action": "REQUIRE_APPROVAL",
"approval_level": 3,
"notifications": {
"channels": ["slack-trading-alerts"],
"priority": "high"
}
}
Condition Operators
| Operator | Description | Example |
|---|---|---|
$eq | Equal to | {"risk_score": {"$eq": 50}} |
$ne | Not equal | {"status": {"$ne": "blocked"}} |
$gt | Greater than | {"amount": {"$gt": 1000}} |
$gte | Greater than or equal | {"risk_score": {"$gte": 80}} |
$lt | Less than | {"quantity": {"$lt": 100}} |
$lte | Less than or equal | {"score": {"$lte": 30}} |
$in | In array | {"action_type": {"$in": ["read", "write"]}} |
$nin | Not in array | {"agent_type": {"$nin": ["sandbox"]}} |
$contains | String contains | {"description": {"$contains": "PII"}} |
$regex | Regex match | {"email": {"$regex": "@company.com$"}} |
Rule Actions
| Action | Description | HTTP Response |
|---|---|---|
AUTO_APPROVE | Automatically approve | 200 |
REQUIRE_APPROVAL | Queue for human approval | 202 |
DENY | Automatically deny | 403 |
ESCALATE | Escalate to higher level | 202 |
NOTIFY | Approve but notify | 200 |
Response
{
"status": "success",
"data": {
"rule_id": "rule_123",
"name": "High-Value Trade Approval",
"is_active": true,
"created_at": "2025-12-15T10:00:00Z"
}
}
List Smart Rules
GET /api/smart-rules?is_active=true
Authorization: Bearer <jwt_token>
{
"status": "success",
"data": {
"rules": [
{
"rule_id": "rule_123",
"name": "High-Value Trade Approval",
"priority": 100,
"is_active": true,
"action": "REQUIRE_APPROVAL",
"match_count_30d": 45
}
],
"total": 12
}
}
Delete Smart Rule
DELETE /api/smart-rules/{rule_id}
Authorization: Bearer <admin_jwt>
Risk Configuration
Get Risk Configuration
GET /api/risk-scoring/config
Authorization: Bearer <admin_jwt>
{
"status": "success",
"data": {
"weights": {
"data_sensitivity": 0.30,
"operation_type": 0.25,
"financial_impact": 0.20,
"compliance": 0.15,
"historical": 0.10
},
"thresholds": {
"auto_approve_max": 30,
"require_approval_min": 31,
"auto_deny_min": 95
},
"modifiers": {
"pii_data": 40,
"financial_data": 35,
"health_data": 45,
"delete_operation": 30,
"external_api": 20
}
}
}
Create Risk Configuration
POST /api/risk-scoring/config
Authorization: Bearer <admin_jwt>
Content-Type: application/json
{
"weights": {
"data_sensitivity": 0.35,
"financial_impact": 0.25
},
"thresholds": {
"auto_approve_max": 25,
"auto_deny_min": 90
}
}
Activate Risk Configuration
PUT /api/risk-scoring/config/{config_id}/activate
Authorization: Bearer <admin_jwt>
Policy Templates
List Templates
GET /api/governance/policies/templates
Authorization: Bearer <jwt_token>
{
"status": "success",
"data": {
"templates": [
{
"template_id": "tpl_financial",
"name": "Financial Services",
"description": "Pre-configured rules for financial operations",
"rules_count": 15,
"categories": ["trading", "payments", "compliance"]
},
{
"template_id": "tpl_healthcare",
"name": "Healthcare",
"description": "HIPAA-compliant governance rules",
"rules_count": 20,
"categories": ["phi", "consent", "audit"]
}
]
}
}
Create Policy from Template
POST /api/governance/policies/from-template
Authorization: Bearer <admin_jwt>
Content-Type: application/json
{
"template_id": "tpl_financial",
"name": "Custom Financial Policy",
"description": "Customized financial services policy"
}
Pending Approvals
List Pending Approvals
GET /api/governance/dashboard/pending-approvals
Authorization: Bearer <jwt_token>
{
"status": "success",
"data": {
"pending": [
{
"action_id": "act_xyz789",
"agent_id": "trading-bot-001",
"action_type": "trade_execution",
"risk_score": 75,
"submitted_at": "2025-12-15T10:30:00Z",
"summary": "Execute $75,000 AAPL trade"
}
],
"total": 5
}
}
Approve Workflow Action
POST /api/governance/workflows/{workflow_execution_id}/approve
Authorization: Bearer <admin_jwt>
X-CSRF-Token: <csrf_token>
Content-Type: application/json
{
"decision": "approved",
"comment": "Approved after review"
}
Smart Rules Analytics
For rule performance analytics, use the Smart Rules analytics endpoint:
GET /api/smart-rules/analytics
Authorization: Bearer <jwt_token>
See the Smart Rules documentation for details on analytics responses.
SDK Examples
Python
from ascend import AscendClient
client = AscendClient(api_key="owkai_...")
# Create smart rule
rule = client.create_smart_rule(
name="Block After Hours Trading",
conditions={
"action_type": "trade_execution",
"time_of_day": {"$gte": "18:00", "$lte": "06:00"}
},
action="DENY"
)
# Update risk config
client.update_risk_config(
thresholds={"auto_approve_max": 25}
)
Node.js
const { AscendClient } = require('@owkai/ascend-sdk');
const client = new AscendClient({ apiKey: 'owkai_...' });
// Create smart rule
const rule = await client.createSmartRule({
name: 'Block After Hours Trading',
conditions: {
action_type: 'trade_execution',
time_of_day: { $gte: '18:00', $lte: '06:00' }
},
action: 'DENY'
});
Next Steps
- Smart Rules - Rule configuration
- Risk Assessment - Risk scoring
- Approval Workflows - Workflow setup
Document Version: 1.0.0 | Last Updated: December 2025