Skip to main content
GET
/
api
/
violations
/
{id}
curl -X GET "https://api.example.com/api/violations/viol_789xyz" \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "id": "viol_789xyz",
  "scan_id": "abc123",
  "rule_id": "GDPR_BREACH_NOTIFICATION",
  "rule_name": "Data Breach Notification Required",
  "severity": "CRITICAL",
  "account": "CUSTOMER-001",
  "amount": 0,
  "transaction_type": null,
  "evidence": {
    "breach_date": "2024-01-15",
    "affected_records": 5000,
    "notification_deadline": "2024-01-18",
    "days_overdue": 3,
    "data_types": ["email", "phone", "address"]
  },
  "threshold": 72,
  "actual_value": 144,
  "policy_excerpt": "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.",
  "policy_section": "GDPR Article 33(1)",
  "explanation": "Data breach affecting 5,000 records was not reported to the supervisory authority within 72 hours. Notification is 3 days overdue.",
  "status": "pending",
  "review_note": null,
  "reviewed_at": null,
  "rule_accuracy": null,
  "historical_context": {
    "article_reference": "Art. 33",
    "avg_fine": "€125.5k (Live Kaggle Data)",
    "max_fine": "€450.0k",
    "total_cases": 127,
    "breach_example": "Healthcare provider failed to notify breach of 3,200 patient records within required timeframe. Fined €180,000 by Irish DPC."
  },
  "full_article_text": [
    {
      "section": "1",
      "text": "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority..."
    },
    {
      "section": "2",
      "text": "The notification referred to in paragraph 1 shall at least..."
    }
  ]
}
Fetch comprehensive details for a single violation, including historical context from live Kaggle GDPR breach data.

Path Parameters

id
string
required
Unique violation identifier

Response

id
string
Unique violation identifier
scan_id
string
ID of the scan that detected this violation
rule_id
string
Identifier of the violated rule
rule_name
string
Human-readable rule name
severity
string
Severity level: CRITICAL, HIGH, or MEDIUM
account
string
Account or entity associated with the violation
amount
number
Transaction amount that triggered the violation
transaction_type
string
Type of transaction
evidence
object
Detailed evidence data supporting the violation. Contains transaction-specific fields, metrics, and contextual information.
threshold
number
Policy threshold that was exceeded
actual_value
number
Actual value that exceeded the threshold
policy_excerpt
string
Relevant excerpt from the policy document
policy_section
string
Section reference in the policy (e.g., Article 33, Section 12.4)
explanation
string
Detailed explanation of why this is a violation
status
string
Review status: pending, approved, or false_positive
review_note
string
Notes added during review
reviewed_at
string
ISO 8601 timestamp when the violation was reviewed
rule_accuracy
number
Accuracy score for this rule (populated by /api/validate)
historical_context
object
Historical breach data from live Kaggle GDPR dataset
article_reference
string
GDPR article number (e.g., “Art. 33”)
avg_fine
string
Average fine for this violation type (e.g., “€125.5k (Live Kaggle Data)”)
max_fine
string
Maximum fine recorded for this violation type
total_cases
integer
Total number of cases in the dataset for this article
breach_example
string
Example case summary from real breach data
full_article_text
array
Full text of the referenced GDPR article, fetched from the knowledge base
section
string
Section identifier
text
string
Article text content
curl -X GET "https://api.example.com/api/violations/viol_789xyz" \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "id": "viol_789xyz",
  "scan_id": "abc123",
  "rule_id": "GDPR_BREACH_NOTIFICATION",
  "rule_name": "Data Breach Notification Required",
  "severity": "CRITICAL",
  "account": "CUSTOMER-001",
  "amount": 0,
  "transaction_type": null,
  "evidence": {
    "breach_date": "2024-01-15",
    "affected_records": 5000,
    "notification_deadline": "2024-01-18",
    "days_overdue": 3,
    "data_types": ["email", "phone", "address"]
  },
  "threshold": 72,
  "actual_value": 144,
  "policy_excerpt": "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.",
  "policy_section": "GDPR Article 33(1)",
  "explanation": "Data breach affecting 5,000 records was not reported to the supervisory authority within 72 hours. Notification is 3 days overdue.",
  "status": "pending",
  "review_note": null,
  "reviewed_at": null,
  "rule_accuracy": null,
  "historical_context": {
    "article_reference": "Art. 33",
    "avg_fine": "€125.5k (Live Kaggle Data)",
    "max_fine": "€450.0k",
    "total_cases": 127,
    "breach_example": "Healthcare provider failed to notify breach of 3,200 patient records within required timeframe. Fined €180,000 by Irish DPC."
  },
  "full_article_text": [
    {
      "section": "1",
      "text": "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority..."
    },
    {
      "section": "2",
      "text": "The notification referred to in paragraph 1 shall at least..."
    }
  ]
}

Notes

  • Historical context is automatically enriched with live data from the Kaggle GDPR breach dataset when available
  • The full_article_text provides complete regulatory text for deeper analysis
  • Evidence structure varies by rule type (AML violations have different fields than GDPR violations)

Build docs developers (and LLMs) love

Get started for freeTalk to us