Readyloop

Connect your APIs

Push Evidence Contract events into Readyloop with a workspace API key.

Readyloop does not natively speak every customer API. You (or we) send structured events that match our Evidence Contract. If your stack can POST JSON, you can connect.

Ingest is live. Create a key in /app/settings and POST to https://getreadyloop.com/api/v1/ingest.

Paths

  • Push (live) — cron/CI/backend POSTs events to Readyloop ingest
  • Pull mapper (soon) — paste an OpenAPI/endpoint and map fields in the UI
  • We build it — see Connector Build

Evidence Contract (v1)

Each request is a JSON object (or batch) with a type and payload:

{
  "type": "system.upsert",
  "payload": {
    "externalId": "support-copilot",
    "name": "Support Copilot",
    "ownerEmail": "maya@acme.com",
    "purpose": "Drafts customer replies with human approval",
    "riskTier": "medium",
    "vendors": ["OpenAI", "Zendesk"]
  }
}

Event types

  • system.upsert — keep AI inventory current
  • evidence.attach — prove a control (controlKey, title, url, collectedAt)
  • control.status — set open / in_progress / evidenced / na
  • usage.heartbeat — logged (monitoring signal)
  • incident.report — logged (incident / near-miss)

Evidence attach example

{
  "type": "evidence.attach",
  "payload": {
    "controlKey": "monitor",
    "title": "Nightly eval dashboard",
    "url": "https://evals.acme.com/ai/support-copilot",
    "systemExternalId": "support-copilot",
    "collectedAt": "2026-07-14T18:00:00.000Z"
  }
}

Setup

  1. Sign in and open Settings
  2. Create an API key and copy it once
  3. POST events from CI or a nightly job
  4. Confirm systems/evidence in /app and recent ingest logs in Settings

curl

curl -X POST "https://getreadyloop.com/api/v1/ingest" \
  -H "Authorization: Bearer $READYLOOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d @event.json
Batch with { "events": [ ... ] } (max 50). Need help wiring production APIs? Ask for Connector Build.

Security notes

  • Use least-privilege: push from your side
  • Never send secrets or raw PII in event payloads
  • Rotate API keys if leaked; revoke from Settings
  • Prefer HTTPS URLs for evidence that auditors can open