API Reference
The ARA Standard API provides programmatic access to ACR definitions, evaluation domains, regulatory framework mappings, the certification registry, and certification verification.
Base URL: https://api.arastandard.org/v1
Authentication
Authenticated requests require an API key passed via the X-ARA-API-Key header. Public endpoints (standard metadata, certification verification) are accessible without authentication at reduced rate limits.
Authenticated Request
curl -H "X-ARA-API-Key: ara_k1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
https://api.arastandard.org/v1/acrResponse Format
All endpoints return JSON with a consistent envelope containing a meta object and a data object or array.
Standard Response Envelope
{
"meta": {
"standard": "ARA",
"version": "1.1",
"publisher": "ARAF",
"generated": "2026-03-05T00:00:00Z",
"page": 1,
"per_page": 25,
"total": 410
},
"data": [ ... ]
}Endpoints
/v1/standard
Returns standard metadata including the current version, total domain count, and total ACR count. No authentication required.
Example Request
curl https://api.arastandard.org/v1/standardResponse — 200 OK
{
"meta": {
"standard": "ARA",
"version": "1.1",
"publisher": "ARAF",
"generated": "2026-03-05T00:00:00Z"
},
"data": {
"version": "1.1",
"name": "Autonomous Reliability Assurance Standard",
"domainsCount": 15,
"acrCount": 410,
"certificationLevels": ["L1", "L2", "L3"],
"assuranceClasses": ["A", "B", "C"],
"systemProfiles": ["F", "S", "A", "C"],
"effectiveDate": "2026-01-01",
"publishedAt": "2025-12-15T00:00:00Z"
}
}/v1/acr
List and filter ACRs (Assurance Control Requirements). Supports filtering by domain, evaluation level, evaluation method, classification, and system profile.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| domain | string | Filter by domain slug (e.g., decision-integrity) |
| level | string | Filter by evaluation level: L1, L2, L3 |
| method | string | Filter by evaluation method: documentation, testing, observation, interview |
| classification | string | Filter by risk classification: foundational, important, critical |
| profile | string | Filter by system profile: F, S, A, C |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 25, max: 100) |
Example Request
curl -H "X-ARA-API-Key: ara_k1_xxx" \
"https://api.arastandard.org/v1/acr?domain=decision-integrity&level=L2&per_page=10"Response — 200 OK
{
"meta": {
"standard": "ARA",
"version": "1.1",
"page": 1,
"per_page": 10,
"total": 28
},
"data": [
{
"id": "ACR-1.01",
"domain": "decision-integrity",
"title": "Decision Audit Trail",
"description": "The system shall maintain a complete audit trail...",
"classification": "critical",
"levels": ["L1", "L2", "L3"],
"profiles": ["F", "S", "A", "C"],
"evaluationMethods": ["documentation", "testing"],
"weight": 1.0,
"crosswalkRefs": [
{ "framework": "ISO-42001", "clause": "6.1.2" },
{ "framework": "NIST-AI-RMF", "ref": "MAP 1.1" }
]
}
]
}/v1/acr/:id
Retrieve a single ACR by its identifier. Returns the full ACR record including crosswalk references to external regulatory frameworks.
Example Request
curl -H "X-ARA-API-Key: ara_k1_xxx" \
https://api.arastandard.org/v1/acr/ACR-1.01Response — 200 OK
{
"meta": {
"standard": "ARA",
"version": "1.1"
},
"data": {
"id": "ACR-1.01",
"domain": "decision-integrity",
"domainNumber": 1,
"title": "Decision Audit Trail",
"description": "The system shall maintain a complete audit trail of all autonomous decisions including inputs, reasoning, confidence scores, and outputs.",
"classification": "critical",
"levels": ["L1", "L2", "L3"],
"profiles": ["F", "S", "A", "C"],
"evaluationMethods": ["documentation", "testing"],
"weight": 1.0,
"crosswalkRefs": [
{ "framework": "ISO-42001", "clause": "6.1.2" },
{ "framework": "NIST-AI-RMF", "ref": "MAP 1.1" },
{ "framework": "EU-AI-Act", "article": "Art. 12" }
]
}
}Verify an ARA certification by its Certification ID. Returns the certification record, current status, and assurance class. This endpoint is publicly accessible without authentication.
Example Request
curl https://api.arastandard.org/v1/verify/ARA-2026-00142Response — 200 OK
{
"meta": {
"standard": "ARA",
"version": "1.1"
},
"data": {
"certificationId": "ARA-2026-00142",
"systemName": "Meridian Transaction Processor",
"organization": "Meridian Financial Systems, Inc.",
"level": "L2",
"assuranceClass": "B",
"designation": "L2-B",
"status": "active",
"scope": "Automated transaction approval for amounts up to $10,000 USD.",
"standardVersion": "1.1",
"issuedAt": "2026-01-15T00:00:00Z",
"expiresAt": "2027-01-15T00:00:00Z",
"avb": {
"name": "Apex Certification Partners",
"avbId": "AVB-2025-003"
},
"monitoringStatus": "active",
"registryUrl": "https://arastandard.org/registry/verify/ARA-2026-00142"
}
}/v1/registry
Search the public certification registry. Supports filtering by evaluation level, assurance class, system type, industry, and status.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| level | string | Filter by level: L1, L2, L3 |
| class | string | Filter by assurance class: A, B, C |
| type | string | Filter by system type |
| industry | string | Filter by industry sector |
| status | string | Filter by status: active, suspended, expired, revoked |
| page | integer | Page number (default: 1) |
| per_page | integer | Results per page (default: 25, max: 100) |
Example Request
curl -H "X-ARA-API-Key: ara_k1_xxx" \
"https://api.arastandard.org/v1/registry?level=L2&class=B&status=active&per_page=10"/v1/domains
List all 15 ARA evaluation domains with their slugs, names, descriptions, and ACR counts.
Example Request
curl https://api.arastandard.org/v1/domainsResponse — 200 OK
{
"meta": {
"standard": "ARA",
"version": "1.1",
"total": 15
},
"data": [
{
"number": 1,
"slug": "decision-integrity",
"name": "Decision Integrity & Traceability",
"description": "Requirements for decision audit trails, confidence calibration, and reasoning transparency.",
"acrCount": 30,
"weight": 1.0
},
{
"number": 2,
"slug": "operational-boundaries",
"name": "Operational Boundaries & Scope Adherence",
"description": "Requirements for operational scope enforcement and boundary compliance.",
"acrCount": 28,
"weight": 1.0
}
]
}List all regulatory frameworks with crosswalk mappings to ARA ACRs. Includes ISO 42001, NIST AI RMF, EU AI Act, and others.
Example Request
curl https://api.arastandard.org/v1/frameworksResponse — 200 OK
{
"meta": {
"standard": "ARA",
"version": "1.1"
},
"data": [
{
"id": "iso-42001",
"name": "ISO/IEC 42001:2023",
"description": "AI Management Systems",
"mappedAcrs": 187
},
{
"id": "nist-ai-rmf",
"name": "NIST AI Risk Management Framework",
"description": "AI Risk Management Framework 1.0",
"mappedAcrs": 203
},
{
"id": "eu-ai-act",
"name": "EU AI Act",
"description": "Regulation (EU) on Artificial Intelligence",
"mappedAcrs": 156
}
]
}Retrieve the ACR-to-clause mappings for a specific regulatory framework. Returns each mapped ACR with the corresponding framework clause or reference.
Example Request
curl -H "X-ARA-API-Key: ara_k1_xxx" \
https://api.arastandard.org/v1/frameworks/eu-ai-act/mappingsResponse — 200 OK
{
"meta": {
"standard": "ARA",
"version": "1.1",
"framework": "eu-ai-act",
"total": 156
},
"data": [
{
"acrId": "ACR-1.01",
"acrTitle": "Decision Audit Trail",
"frameworkRef": "Art. 12",
"frameworkClause": "Record-keeping",
"mappingStrength": "direct"
},
{
"acrId": "ACR-3.01",
"acrTitle": "Human Override Capability",
"frameworkRef": "Art. 14",
"frameworkClause": "Human oversight",
"mappingStrength": "direct"
}
]
}Rate Limiting
API requests are rate-limited per API key. Unauthenticated requests are limited by IP address. Rate limit headers are included in all responses.
| Tier | Authentication | Rate Limit |
|---|---|---|
| Free (unauthenticated) | None | 100 requests / minute |
| Registered | API key | 1,000 requests / minute |
Rate Limit Response Headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 847
X-RateLimit-Reset: 1709251200
Retry-After: 32Error Codes
All error responses use a consistent JSON structure with an error code, message, and documentation link.
Error Response Format
{
"error": "not_found",
"message": "No ACR found with ID 'ACR-99.99'.",
"documentation": "https://arastandard.org/developers/api#errors"
}| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | bad_request | Invalid query parameters or request body. |
| 401 | unauthorized | Missing or invalid API key. |
| 404 | not_found | Requested resource does not exist. |
| 429 | rate_limited | Rate limit exceeded. Check Retry-After header. |
| 500 | internal_error | Unexpected server error. Retry with exponential backoff. |