> ## Documentation Index
> Fetch the complete documentation index at: https://www.trycomp.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Confirm a policy PDF upload completed | Comp AI API

> Links an uploaded PDF to a compliance policy after the file has been PUT to a presigned S3 URL. Call this after request-policy-pdf-upload-url returned an.



## OpenAPI

````yaml /openapi.json post /v1/policies/{id}/pdf/confirm
openapi: 3.0.0
info:
  title: Comp AI API
  description: >-
    Compliance automation API for SOC 2, ISO 27001, HIPAA, GDPR, evidence
    collection, policy workflows, Trust Access, security questionnaires,
    integrations, cloud checks, and device compliance.
  version: '1.0'
  contact: {}
servers:
  - url: https://api.trycomp.ai
    description: Production API Server
security: []
tags:
  - name: Attachments
    description: >-
      Generate signed download links for files attached to compliance tasks,
      comments, evidence records, and workflow reviews.
  - name: Audit Logs
    description: >-
      Retrieve audit trails for compliance activity, evidence changes, access
      decisions, and customer-facing security review workflows.
  - name: CloudSecurity
    description: >-
      Run AWS, Azure, and GCP cloud security scans, detect enabled services,
      review findings, and connect cloud posture results to compliance work.
    x-group: Cloud Security
  - name: Comments
    description: >-
      Create and manage collaboration comments on compliance entities such as
      tasks, policies, risks, vendors, and findings.
  - name: Context
    description: >-
      Manage organization context that helps Comp AI tailor policies,
      assessments, and compliance automation to the business.
  - name: Controls
    description: >-
      Manage controls, map them to policies, tasks, framework requirements, and
      evidence document types, and track implementation progress.
  - name: Device Agent
    description: >-
      Register employee devices, submit device compliance check-ins, download
      agent builds, and manage endpoint security status.
  - name: Devices
    description: >-
      Read and manage employee device inventory and Fleet compliance data used
      for endpoint security controls.
  - name: Evidence Export
    description: >-
      Export task evidence, automation evidence, and reviewer-ready evidence
      bundles as PDF or ZIP files.
  - name: Evidence Export (Auditor)
    description: Export all organization evidence for an auditor review package.
  - name: Evidence Forms
    description: >-
      Collect, review, upload, and export structured evidence submissions for
      compliance tasks and document requirements.
  - name: Findings
    description: >-
      Create, review, update, and track audit findings, remediation activity,
      and finding history for an organization.
  - name: Frameworks
    description: >-
      Manage SOC 2, ISO 27001, HIPAA, GDPR, and custom framework instances,
      requirements, scores, and sync history.
  - name: ISMS
  - name: Integrations
    description: >-
      Connect vendor systems, configure OAuth apps, run compliance checks, sync
      employees, manage variables, and collect automated evidence.
  - name: Knowledge Base
    description: >-
      Upload source documents, process them for retrieval, and manage reusable
      manual answers that power questionnaires and AI policy workflows.
  - name: Offboarding Checklist
  - name: Org Chart
    description: >-
      Manage organization chart metadata and evidence used for governance,
      accountability, and audit readiness.
  - name: Organization
    description: >-
      Manage organization profile data, API keys, logos, ownership, role
      notifications, and access approval settings.
  - name: People
    description: >-
      Invite and manage workforce members, training status, device compliance,
      email preferences, and employee evidence records.
  - name: Policies
    description: >-
      Create, version, publish, export, map, and improve compliance policies
      with AI-assisted drafting and approval workflows.
  - name: Questionnaire
    description: >-
      Parse security questionnaires, generate answers from approved evidence,
      save reviewer edits, stream progress, and export completed files.
  - name: Risks
    description: >-
      Create, update, and report on organizational risks with ownership,
      departments, and compliance remediation status.
  - name: Roles
    description: >-
      Create custom roles and resolve permission sets for organization-level
      access control.
  - name: SOA
    description: >-
      Create, auto-fill, review, approve, and export ISO 27001 Statement of
      Applicability documents.
    x-group: Statement of Applicability
  - name: Security Penetration Tests
    description: >-
      Create AI-powered penetration test runs, track progress, inspect findings
      and events, and download markdown or PDF reports.
  - name: Task Automations
    description: >-
      Create, version, run, and inspect automated evidence collection workflows
      attached to compliance tasks.
  - name: Task Management
    description: >-
      Manage task items and attachments linked to operational entities such as
      risks and vendors.
  - name: Tasks
    description: >-
      Manage compliance task lifecycle, assignments, review approvals, evidence
      uploads, policy links, and activity history.
  - name: Timelines
    description: >-
      Track audit and compliance readiness timelines, phases, and review
      milestones for an organization.
  - name: Training
    description: >-
      Record security awareness and HIPAA training completion status and
      generate completion certificates.
  - name: Trust Access
    description: >-
      Manage external Trust Center access requests, NDA signing, grants,
      tokenized document downloads, public FAQs, and reviewer access.
  - name: Trust Portal
    description: >-
      Configure the live Trust Center, custom domain, public overview, FAQs,
      compliance resources, documents, links, and vendor disclosures.
  - name: Uploads
  - name: Vendors
    description: >-
      Manage third-party vendors, global vendor search, risk assessment
      triggers, and Trust Center vendor visibility.
paths:
  /v1/policies/{id}/pdf/confirm:
    post:
      tags:
        - Policies
      summary: Confirm a policy PDF upload completed
      description: >-
        Links an uploaded PDF to a compliance policy after the file has been PUT
        to a presigned S3 URL. Call this after request-policy-pdf-upload-url
        returned an s3Key and you successfully uploaded the file bytes to that
        URL. The endpoint verifies the file exists in S3 before linking it to
        the policy or version.
      operationId: PoliciesController_confirmPolicyPdfUploaded_v1
      parameters:
        - name: X-Organization-Id
          in: header
          description: >-
            Organization ID (required for session auth, optional for API key
            auth)
          required: false
          schema:
            type: string
        - name: id
          required: true
          in: path
          description: Policy ID
          schema:
            example: pol_abc123def456
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ConfirmPolicyPdfUploadedDto'
      responses:
        '201':
          description: ''
      security:
        - apikey: []
components:
  schemas:
    ConfirmPolicyPdfUploadedDto:
      type: object
      properties:
        s3Key:
          type: string
          description: The exact s3Key returned by the upload-url endpoint.
          example: org_abc/policies/pol_xyz/1735000000-acceptable-use-v1.pdf
        versionId:
          type: string
          description: >-
            Optional version ID — must match the versionId passed to the
            upload-url endpoint. Omit if attaching at the policy level.
          example: pv_abc123def456
      required:
        - s3Key
  securitySchemes:
    apikey:
      type: apiKey
      in: header
      name: X-API-Key
      description: API key for authentication

````