Governance API
| Field | Value |
|---|---|
| Document ID | ASCEND-API-004 |
| Version | 2026.04 |
| Last Updated | April 2026 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 8 minutes | Skill Level: Intermediate
Overview
The Governance API allows you to configure policies, smart rules, and approval workflows that control how AI agent actions are evaluated and processed.
note
Governance API endpoints that create or modify policies require admin-level API keys. Policy changes take effect immediately for all subsequent action evaluations.
Base URL
https://pilot.owkai.app/api/governance
Smart Rules
Create Smart Rule
POST /api/smart-rules
Authorization: Bearer <admin_jwt>
Content-Type: application/json
{
"name": "High-Value Trade Approval",
"description": "Require manager approval for trades over $50,000",
"is_active": true,
"priority": 100,
"conditions": {
"action_type": "trade_execution",
"parameters.amount": {"$gte": 50000}
},
"action": "REQUIRE_APPROVAL",
"approval_level": 3,
"notifications": {
"channels": ["slack-trading-alerts"],
"priority": "high"
}
}
Condition Operators
| Operator | Description | Example |
|---|---|---|
$eq | Equal to | {"risk_score": {"$eq": 50}} |
$ne | Not equal | {"status": {"$ne": "blocked"}} |
$gt | Greater than | {"amount": {"$gt": 1000}} |
$gte | Greater than or equal | {"risk_score": {"$gte": 80}} |
$lt | Less than | {"quantity": {"$lt": 100}} |
$lte | Less than or equal | {"score": {"$lte": 30}} |
$in | In array | {"action_type": {"$in": ["read", "write"]}} |
$nin | Not in array | {"agent_type": {"$nin": ["sandbox"]}} |
$contains | String contains | {"description": {"$contains": "PII"}} |
$regex | Regex match | {"email": {"$regex": "@company.com$"}} |
Rule Actions
| Action | Description | HTTP Response |
|---|---|---|
AUTO_APPROVE | Automatically approve | 200 |
REQUIRE_APPROVAL | Queue for human approval | 202 |
DENY | Automatically deny | 403 |
ESCALATE | Escalate to higher level | 202 |
NOTIFY | Approve but notify | 200 |
Response
{
"status": "success",
"data": {
"rule_id": "rule_123",
"name": "High-Value Trade Approval",
"is_active": true,
"created_at": "2025-12-15T10:00:00Z"
}
}
List Smart Rules
GET /api/smart-rules?is_active=true
Authorization: Bearer <jwt_token>
{
"status": "success",
"data": {
"rules": [
{
"rule_id": "rule_123",
"name": "High-Value Trade Approval",
"priority": 100,
"is_active": true,
"action": "REQUIRE_APPROVAL",
"match_count_30d": 45
}
],
"total": 12
}
}
Delete Smart Rule
DELETE /api/smart-rules/{rule_id}
Authorization: Bearer <admin_jwt>
Risk Configuration
Get Risk Configuration
GET /api/risk-scoring/config
Authorization: Bearer <admin_jwt>
{
"status": "success",
"data": {
"weights": {
"data_sensitivity": 0.30,
"operation_type": 0.25,
"financial_impact": 0.20,
"compliance": 0.15,
"historical": 0.10
},
"thresholds": {
"auto_approve_max": 30,
"require_approval_min": 31,
"auto_deny_min": 95
},
"modifiers": {
"pii_data": 40,
"financial_data": 35,
"health_data": 45,
"delete_operation": 30,
"external_api": 20
}
}
}
Create Risk Configuration
POST /api/risk-scoring/config
Authorization: Bearer <admin_jwt>
Content-Type: application/json
{
"weights": {
"data_sensitivity": 0.35,
"financial_impact": 0.25
},
"thresholds": {
"auto_approve_max": 25,
"auto_deny_min": 90
}
}
Activate Risk Configuration
PUT /api/risk-scoring/config/{config_id}/activate
Authorization: Bearer <admin_jwt>
Policy Templates
List Templates
GET /api/governance/policies/templates
Authorization: Bearer <jwt_token>
{
"status": "success",
"data": {
"templates": [
{
"template_id": "tpl_financial",
"name": "Financial Services",
"description": "Pre-configured rules for financial operations",
"rules_count": 15,
"categories": ["trading", "payments", "compliance"]
},
{
"template_id": "tpl_healthcare",
"name": "Healthcare",
"description": "HIPAA-compliant governance rules",
"rules_count": 20,
"categories": ["phi", "consent", "audit"]
}
]
}
}
Create Policy from Template
POST /api/governance/policies/from-template
Authorization: Bearer <admin_jwt>
Content-Type: application/json
{
"template_id": "tpl_financial",
"name": "Custom Financial Policy",
"description": "Customized financial services policy"
}
Pending Approvals
List Pending Approvals
GET /api/governance/dashboard/pending-approvals
Authorization: Bearer <jwt_token>
{
"status": "success",
"data": {
"pending": [
{
"action_id": "act_xyz789",
"agent_id": "trading-bot-001",
"action_type": "trade_execution",
"risk_score": 75,
"submitted_at": "2025-12-15T10:30:00Z",
"summary": "Execute $75,000 AAPL trade"
}
],
"total": 5
}
}
Approve Workflow Action
POST /api/governance/workflows/{workflow_execution_id}/approve
Authorization: Bearer <admin_jwt>
X-CSRF-Token: <csrf_token>
Content-Type: application/json
{
"decision": "approved",
"comment": "Approved after review"
}
Smart Rules Analytics
For rule performance analytics, use the Smart Rules analytics endpoint:
GET /api/smart-rules/analytics
Authorization: Bearer <jwt_token>
See the Smart Rules documentation for details on analytics responses.
SDK Examples
Python
from ascend import AscendClient
client = AscendClient(api_key="owkai_...")
# Create smart rule
rule = client.create_smart_rule(
name="Block After Hours Trading",
conditions={
"action_type": "trade_execution",
"time_of_day": {"$gte": "18:00", "$lte": "06:00"}
},
action="DENY"
)
# Update risk config
client.update_risk_config(
thresholds={"auto_approve_max": 25}
)
Node.js
const { AscendClient } = require('@ascend-ai/sdk');
const client = new AscendClient({ apiKey: 'owkai_...' });
// Create smart rule
const rule = await client.createSmartRule({
name: 'Block After Hours Trading',
conditions: {
action_type: 'trade_execution',
time_of_day: { $gte: '18:00', $lte: '06:00' }
},
action: 'DENY'
});
Next Steps
- Smart Rules - Rule configuration
- Risk Assessment - Risk scoring
- Approval Workflows - Workflow setup
Document Version: 2026.04 | Last Updated: April 2026