API Documentation — myQA.team

SnapReport

POST/api/v1/snapreport/analyze

Send auditor evidence (notes, transcripts, audio, images, PDFs) against a standard. SnapReport AI returns a structured list of grading suggestions, one per relevant clause. Stateless — no audit is persisted on our side.

Authentication

Requires snapreport:generate permission. See Authentication.

Request — JSON — text only

1curl -X POST https://api.myqateam.com/api/v1/snapreport/analyze \
2  -H "Authorization: Bearer myqa_..." \
3  -H "Content-Type: application/json" \
4  -d '{
5    "standard_id": "<uuid>",
6    "language": "en",
7    "evidence": [
8      { "type": "text", "content": "Observed cold-chain logs, no breaches." }
9    ]
10  }'

Request — multipart — files

To include audio, images, or PDFs, send as multipart/form-data. Scalar fields are plain form fields; processes is a JSON-stringified array; notes is a JSON-stringified array of strings. Any form field whose value is a file is treated as binary evidence — field names don't matter.

1curl -X POST https://api.myqateam.com/api/v1/snapreport/analyze \
2  -H "Authorization: Bearer myqa_..." \
3  -F 'standard_id=<uuid>' \
4  -F 'language=en' \
5  -F 'processes=["<chapter-id>","<chapter-id>"]' \
6  -F 'notes=["Observed cold-chain logs for Q1."]' \
7  -F 'file_1=@interview.mp3' \
8  -F 'file_2=@fridge-temp-log.jpg' \
9  -F 'file_3=@haccp-plan.pdf'

Fields

Field	Type	Required	Description
`standard_id`	uuid	Yes	Which standard to grade against. List available IDs via GET /api/v1/standards.
`processes`	uuid[]	No	Chapter IDs to scope grading to a subset of the standard. Discover IDs via GET /api/v1/standards/:id/clauses (use `chapters[].id`). Omit to scope to every chapter.
`language`	enum	No	`en`, `fr`, `de`. Defaults to `en`.
`evidence`	array	Yes (JSON)	Array of `{ type, content }`. Types: `text`, `transcript`, `structured`.
`notes`	JSON string	No (multipart)	Inline text notes for multipart requests.
File fields	File	No (multipart)	Any file field is treated as evidence. Type is inferred from MIME.
`callback_url`	string	No	HTTPS webhook. Switches the call to async mode. Must be HTTPS and must not target localhost / private (RFC1918) / link-local IPs, or cloud-metadata services.
`callback_secret`	string	No	HMAC-SHA256 secret for webhook signing.

File size limits

Images: 20 MB each. JPEG, PNG, WebP, GIF.
PDFs: 20 MB each.
Audio: 200 MB each. MP3, WAV, AAC, FLAC, WebM, M4A, MP4, OGG.

Response — synchronous

json

1{
2  "success": true,
3  "data": {
4    "standard": { "id": "...", "code": "ISO 9001", "name": "ISO 9001:2015" },
5    "language": "en",
6    "suggestions": [
7      {
8        "clause_id": "uuid",
9        "clause_code": "4.1",
10        "is_knockout": false,
11        "grade": "A",
12        "comment": "Context analysis is reviewed annually; documented record from 2026-Q1 aligns with the quality policy.",
13        "reasoning": "Note states 'context analysis reviewed annually — no deviations observed'."
14      }
15    ],
16    "validation_status": "pending_validation",
17    "requires_human_validation": true,
18    "notes_processed": 2,
19    "clauses_scanned": 46,
20    "processing_time_ms": 38211,
21    "token_usage": { "input_tokens": 14200, "output_tokens": 3800 }
22  }
23}

Response — async acknowledgement

json

1{
2  "success": true,
3  "data": {
4    "job_id": "...",
5    "status": "processing",
6    "estimated_duration_sec": 60
7  }
8}

Webhook payload

When the job completes we send an HTTP POST to your callback_url with Content-Type: application/json. The request body is the JSON object shown below — the same data object you would have received synchronously, wrapped with job_id and success. If callback_secret was supplied, the request carries an X-Webhook-Signature header containing an HMAC-SHA256 hex digest of the raw body. Deliveries are best-effort and not retried — every attempt is recorded with response status, duration, and any error.

We do not authenticate the call to your endpoint with a Bearer token. Either verify the X-Webhook-Signature header using callback_secret, or include a hard-to-guess token in the URL itself (e.g. https://example.com/webhooks/snapreport/<random-token>).

Successful job payload

json

1{
2  "job_id": "…",
3  "success": true,
4  "data": {
5    "standard": { "id": "…", "code": "ISO 9001", "name": "ISO 9001:2015" },
6    "language": "en",
7    "suggestions": [ /* same shape as the sync response */ ],
8    "validation_status": "pending_validation",
9    "requires_human_validation": true,
10    "notes_processed": 2,
11    "clauses_scanned": 46,
12    "processing_time_ms": 38211,
13    "token_usage": { "input_tokens": 14200, "output_tokens": 3800 }
14  }
15}

Failed job payload

json

1{
2  "job_id": "…",
3  "success": false,
4  "error": { "code": "PROCESSING_ERROR", "message": "…" }
5}

Your endpoint should respond with 2xx within ~10 seconds; non-2xx responses are recorded but not retried.

Errors

See the full error code reference on the authentication page.