Create a report
POST/api/v1/reports
Create a report and enqueue async PDF generation.
The endpoint validates the target assessment (must be completed and
org-scoped), inserts a generating report document, and enqueues
the background task queue generate_report_task. Poll GET /reports/{id} for
completion (status becomes ready).
- Scope required:
reports:generate. - Rate-limit tier: report_generate (20/hour/user).
- Accepts assessment code/public_id (e.g.
AIS-ADB-TLP). - Not idempotent — each call inserts a new report.
Request
Responses
- 201
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.