Public REST API for the typed graph of cybersecurity compliance. Six endpoints, full provenance, free tier of 600 requests per minute. Build the integration in under an hour.
# List frameworks in the graph
curl -H "Authorization: Bearer $RG_KEY" \
"https://api.rulesgraph.com/v1/frameworks"
# Walk cross-mappings from a SOC 2 control
curl -H "Authorization: Bearer $RG_KEY" \
"https://api.rulesgraph.com/v1/controls/soc2-cc6.1/maps_to"
# Get every revision of ISO/IEC 27001
curl -H "Authorization: Bearer $RG_KEY" \
"https://api.rulesgraph.com/v1/revisions?framework=iso-27001"{
"id": "iso-27001-2022",
"name": "ISO/IEC 27001:2022",
"publisher": "ISO/IEC",
"layer": 1,
"control_count": 93,
"supersedes": "iso-27001-2013",
"provenance": {
"source_url": "https://iso.org/...",
"fetched_at": "2026-04-12T03:14:22Z",
"content_hash": "sha256:8f1b2..."
}
}Plug RulesGraph into Claude Desktop, Cursor, Windsurf, or any MCP-compatible agent. The agent gets typed access to every control, framework, and cross-mapping in the graph.
{
"mcpServers": {
"rulesgraph": {
"url": "https://mcp.rulesgraph.com",
"auth": { "bearer": "$RG_MCP_KEY" }
}
}
}Free tier is 600 requests per minute on a sliding window. Every response carries the current quota in headers, so you can self-regulate without a probe call.
X-RateLimit-Limit: 600
X-RateLimit-Remaining: 593
X-RateLimit-Reset: 2026-05-23T11:48:00ZHigher tiers for GRC platforms and enterprise integrations. Email contact@rulesgraph.com.