Evidence Export
TrustGate provides evidence export capabilities to support regulatory audits, examinations, and compliance reporting. Evidence endpoints live under the /api/v1/applicants router -- there is no standalone /evidence route.
Endpoints Overview
| Endpoint | Method | Description |
|---|---|---|
/api/v1/applicants/{id}/evidence | GET | Download evidence pack PDF |
/api/v1/applicants/{id}/evidence/preview | GET | Preview what the pack will contain |
/api/v1/applicants/{id}/export | GET | GDPR data export (JSON or PDF) |
/api/v1/applicants/{id}/gdpr-delete | DELETE | GDPR right to erasure |
Evidence Pack (PDF)
What's Included
An evidence pack PDF contains all documentation supporting a verification decision:
| Section | Description |
|---|---|
| Cover Page | Applicant name, status, risk score, generation metadata |
| Applicant Information | Personal details and risk assessment |
| Document Verification | Uploaded ID documents and verification results |
| Screening Results | AML/sanctions screening outcomes with hit details |
| AI Risk Assessment | AI-generated risk analysis and flags |
| Event Timeline | Chronological list of all verification events |
| Chain of Custody | Audit trail of all actions taken |
Download Evidence Pack
curl -X GET "https://api.bytrustgate.com/api/v1/applicants/{applicant_id}/evidence" \
-H "Authorization: Bearer YOUR_API_KEY" \
--output evidence_pack.pdf
Response: Binary PDF file download.
Response headers include:
| Header | Description |
|---|---|
Content-Disposition | Filename with applicant name and timestamp |
X-Evidence-Pack-Version | Pack format version (currently 1.0) |
X-Page-Count | Number of pages in the PDF |
Required permission: read:applicants
Preview Evidence Pack
Before generating the full PDF, you can preview what will be included:
curl -X GET "https://api.bytrustgate.com/api/v1/applicants/{applicant_id}/evidence/preview" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"applicant_id": "550e8400-e29b-41d4-a716-446655440000",
"applicant_name": "Jane Smith",
"status": "approved",
"sections": {
"applicant_info": true,
"documents": {
"count": 2,
"verified": 2
},
"screening": {
"checks": 1,
"total_hits": 0,
"unresolved_hits": 0
},
"ai_assessment": {
"risk_score": 15,
"flags": []
},
"timeline": {
"event_count": 12
},
"chain_of_custody": true
},
"estimated_pages": 8
}
GDPR Data Export
Export Applicant Data (Subject Access Request)
Fulfills GDPR Article 15 (right of access) and Article 20 (right to data portability). Returns all personal data held about an applicant.
# JSON format (default)
curl -X GET "https://api.bytrustgate.com/api/v1/applicants/{applicant_id}/export" \
-H "Authorization: Bearer YOUR_API_KEY"
# PDF format
curl -X GET "https://api.bytrustgate.com/api/v1/applicants/{applicant_id}/export?format=pdf" \
-H "Authorization: Bearer YOUR_API_KEY" \
--output sar_export.pdf
JSON Response:
{
"personal_information": {
"first_name": "Jane",
"last_name": "Smith",
"email": "jane@example.com",
"phone": "+1-555-0100",
"date_of_birth": "1990-01-15",
"nationality": "US",
"country_of_residence": "US",
"address": "123 Main St, New York, NY"
},
"verification_status": {
"status": "approved",
"risk_level": "low",
"risk_score": 15,
"flags": [],
"created_at": "2026-01-10T09:00:00",
"updated_at": "2026-01-10T09:15:00",
"reviewed_at": "2026-01-10T09:20:00"
},
"documents": [
{
"id": "doc-uuid",
"type": "passport",
"file_name": "passport.jpg",
"status": "verified",
"uploaded_at": "2026-01-10T09:05:00",
"verification_status": "verified"
}
],
"screening_results": [
{
"id": "check-uuid",
"screened_name": "Jane Smith",
"check_types": ["sanctions", "pep", "adverse_media"],
"status": "clear",
"hit_count": 0,
"started_at": "2026-01-10T09:10:00",
"completed_at": "2026-01-10T09:10:05",
"hits": []
}
],
"cases": [],
"audit_trail": [
{
"id": 1,
"action": "applicant.created",
"timestamp": "2026-01-10T09:00:00",
"user_email": "admin@company.com"
}
],
"ai_assessments": [],
"export_metadata": {
"exported_at": "2026-01-20T14:30:00",
"exported_by": "admin@company.com",
"export_format": "json",
"gdpr_articles": ["15", "20"],
"applicant_id": "550e8400-e29b-41d4-a716-446655440000"
}
}
When format=pdf is requested, the response is a binary PDF file download (uses the same evidence pack generator internally).
Required permission: read:applicants
Supported Formats
| Format | Query Parameter | Description |
|---|---|---|
| JSON | ?format=json (default) | Machine-readable export with all data categories |
?format=pdf | Human-readable PDF evidence pack |
GDPR Right to Erasure
Delete Applicant Data
Permanently deletes an applicant and all associated data per GDPR Article 17. This action is irreversible.
curl -X DELETE "https://api.bytrustgate.com/api/v1/applicants/{applicant_id}/gdpr-delete?confirmation=CONFIRM_DELETE&reason=subject_request" \
-H "Authorization: Bearer YOUR_API_KEY"
Required parameters:
| Parameter | Type | Description |
|---|---|---|
confirmation | query | Must be exactly CONFIRM_DELETE |
reason | query | Reason for the deletion request |
Response:
{
"status": "deleted",
"applicant_id": "550e8400-e29b-41d4-a716-446655440000",
"deleted_at": "2026-01-20T14:35:00",
"deleted_data": [
"personal_information",
"documents",
"screening_results",
"cases",
"biometric_data"
]
}
Required permission: delete:applicants
Note: Deletion may be blocked if the applicant is under a legal hold or active regulatory investigation (GDPR Article 17 exceptions).
Audit Trail
Every evidence export and GDPR data export is automatically logged in the audit trail with:
- Who requested the export
- When it was requested
- What format was used
- Which data sections were included
Evidence pack downloads are also recorded in the applicant's event timeline as an evidence_exported event.
Next Steps
- Audit Logging - Track all data access
- Data Retention - Retention policies
- GDPR Compliance - Privacy requirements