Skip to main content

RBI FREE-AI API Reference

This reference documents the RBI routes that are actually registered and used in the current enterprise build.

Authentication

All RBI module routes require:

  • X-Org-ID

Route Families

FamilyRoutes
RegistryGET/POST /api/v1/rbi/ai-systems, GET /summary, GET/PUT/DELETE /{id}
ValidationsGET/POST /api/v1/rbi/validations, GET/PUT /{id}
IncidentsGET/POST /api/v1/rbi/incidents, GET/PUT /{id}, POST /{id}/resolve
Kill switchesGET/POST /api/v1/rbi/killswitches, GET /{id}, POST /{id}/deactivate
ReportsGET/POST /api/v1/rbi/reports, GET/PUT /{id}, POST /{id}/submit
Audit exportsGET/POST /api/v1/rbi/audit-exports, GET/DELETE /{id}, POST /{id}/process, GET /{id}/download
TemplatesGET /api/v1/rbi/policies/templates, GET /api/v1/rbi/policies/templates/{id}, GET /api/v1/rbi/policies/categories
DashboardGET /api/v1/rbi/dashboard

Registry API

Create system

POST /api/v1/rbi/ai-systems

Verified request fields include:

  • system_id
  • system_name
  • system_version
  • description
  • risk_category
  • model_type
  • model_provider
  • use_case
  • use_case_description
  • data_sources
  • sensitive_data_categories
  • data_residency
  • owner_id
  • owner_name
  • owner_department
  • owner_email
  • validation_frequency_days
  • tags
  • metadata

Example:

{
"system_id": "credit-scoring-v2",
"system_name": "Credit Scoring Model v2",
"risk_category": "high",
"owner_department": "Risk",
"owner_email": "[email protected]",
"validation_frequency_days": 90
}

List systems

GET /api/v1/rbi/ai-systems?risk_category=high&limit=20&offset=0

Supported filters:

  • risk_category
  • deployment_status
  • board_approval_status
  • owner_department
  • validation_overdue
  • limit
  • offset

Summary

GET /api/v1/rbi/ai-systems/summary

Get, update, delete

GET /api/v1/rbi/ai-systems/{id}
PUT /api/v1/rbi/ai-systems/{id}
DELETE /api/v1/rbi/ai-systems/{id}

Validation API

Create validation

POST /api/v1/rbi/validations

The create request supports richer fields than earlier docs implied, including:

  • validator identity and organization
  • validation date and review windows
  • dataset description and characteristics
  • methodology and test scenarios
  • findings
  • accuracy_metrics
  • bias_assessment
  • stress-test results
  • remediation deadlines
  • report file path and checksum

Minimal example:

{
"system_id": "credit-scoring-v2",
"validation_type": "independent",
"validator_type": "third_party",
"validator_name": "External Audit LLP",
"recommendation": "approve_with_conditions",
"remediation_required": true
}

List, get, update

GET /api/v1/rbi/validations
GET /api/v1/rbi/validations/{id}
PUT /api/v1/rbi/validations/{id}

Incident API

Create incident

POST /api/v1/rbi/incidents

Verified incident request fields include:

  • system_id
  • incident_type
  • severity
  • detected_at
  • detected_by
  • detection_details
  • title
  • description
  • root_cause
  • affected customer and transaction counts
  • financial_impact_inr
  • immediate_action_taken
  • remediation_actions
  • board and RBI notification booleans
  • evidence files, tags, and metadata

Resolve incident

POST /api/v1/rbi/incidents/{id}/resolve

List, get, update

GET /api/v1/rbi/incidents
GET /api/v1/rbi/incidents/{id}
PUT /api/v1/rbi/incidents/{id}

Kill Switch API

Create kill switch

POST /api/v1/rbi/killswitches

Supported request fields:

  • scope
  • system_id
  • target_identifier
  • fallback_behavior
  • fallback_config
  • trigger_condition
  • trigger_threshold

Deactivate

POST /api/v1/rbi/killswitches/{id}/deactivate

Deactivate request fields:

  • actor_id
  • actor_email
  • actor_role
  • actor_ip
  • reason

List and get

GET /api/v1/rbi/killswitches
GET /api/v1/rbi/killswitches/{id}

Board Report API

Generate report

POST /api/v1/rbi/reports

Supported request fields:

  • report_type
  • report_period_start
  • report_period_end
  • report_quarter
  • generated_by
  • generated_by_email

Submit

POST /api/v1/rbi/reports/{id}/submit

Supported request fields:

  • submitted_by
  • submitted_by_email

List, get, update

GET /api/v1/rbi/reports
GET /api/v1/rbi/reports/{id}
PUT /api/v1/rbi/reports/{id}

Audit Export API

Create export

POST /api/v1/rbi/audit-exports

Supported request fields:

  • export_type
  • format
  • start_date
  • end_date
  • system_ids
  • risk_categories
  • include_archived
  • requested_by
  • requested_by_email
  • purpose

Process and download

POST /api/v1/rbi/audit-exports/{id}/process
GET /api/v1/rbi/audit-exports/{id}/download

List, get, delete

GET /api/v1/rbi/audit-exports
GET /api/v1/rbi/audit-exports/{id}
DELETE /api/v1/rbi/audit-exports/{id}

Template And Dashboard Endpoints

GET /api/v1/rbi/policies/templates
GET /api/v1/rbi/policies/templates/{id}
GET /api/v1/rbi/policies/categories
GET /api/v1/rbi/dashboard

The dashboard currently returns module/component health rather than a rich analytics dashboard, so treat it as an operational status surface.