> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anthid.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Evaluate controls

> Evaluates the effective control state for an organization. Pass `null` to evaluate organization-level controls only, or provide an account id, symbol, and quantity to include account-level and symbol-level checks. Service-account callers must provide `x-organization-id` and have the `control:evaluate` scope; user and API-key callers evaluate their principal organization and must have Controls Premium plus control read access.



## OpenAPI

````yaml /api-reference/controls.openapi.json post /v1/controls/evaluate
openapi: 3.1.0
info:
  title: controls
  description: ''
  license:
    name: ''
  version: 0.1.0
servers:
  - url: https://api.anthid.com
    description: Production
security: []
tags:
  - name: Organization Controls
    description: Organization-level control configuration
  - name: Controls - Account - Manual
    description: Account-level manual control configuration
  - name: Controls - Account - Risk
    description: Account-level risk-limit control configuration
  - name: Controls - Account - Time
    description: Account-level time-window control configuration
  - name: Controls - Symbol - Manual
    description: Symbol-level manual control configuration
  - name: Controls - Symbol - Risk
    description: Symbol-level risk-limit control configuration
  - name: Controls - Symbol - Time
    description: Symbol-level time-window control configuration
  - name: Control Evaluation
    description: Effective control-state evaluation
paths:
  /v1/controls/evaluate:
    post:
      tags:
        - Control Evaluation
      summary: Evaluate controls
      description: >-
        Evaluates the effective control state for an organization. Pass `null`
        to evaluate organization-level controls only, or provide an account id,
        symbol, and quantity to include account-level and symbol-level checks.
        Service-account callers must provide `x-organization-id` and have the
        `control:evaluate` scope; user and API-key callers evaluate their
        principal organization and must have Controls Premium plus control read
        access.
      operationId: evaluateControls
      parameters:
        - name: x-organization-id
          in: header
          description: >-
            Organization id required when evaluating with service-account
            credentials
          required: false
          schema:
            type:
              - string
              - 'null'
            format: uuid
      requestBody:
        description: >-
          Optional account, symbol, and quantity context for account-level and
          symbol-level checks
        content:
          application/json:
            schema:
              oneOf:
                - type: 'null'
                - $ref: '#/components/schemas/EvaluateRequest'
      responses:
        '200':
          description: Control evaluation result
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EvaluateResult'
        '400':
          description: Request or organization scope is invalid
          content:
            text/plain:
              schema:
                type: string
        '401':
          description: Missing or invalid authentication credentials
          content:
            text/plain:
              schema:
                type: string
        '403':
          description: >-
            Caller lacks the controls entitlement, `control:evaluate` scope, or
            organization access required to evaluate controls
          content:
            text/plain:
              schema:
                type: string
        '429':
          description: Caller exceeded the request rate limit
          content:
            text/plain:
              schema:
                type: string
        '500':
          description: Unexpected server error while evaluating controls
          content:
            text/plain:
              schema:
                type: string
      security:
        - bearerAuth: []
        - clientCredentials: []
        - apiKeyAuth: []
components:
  schemas:
    EvaluateRequest:
      type: object
      required:
        - account_id
        - symbol
        - quantity
      properties:
        account_id:
          type: string
          format: uuid
        quantity:
          $ref: '#/components/schemas/Quantity'
        symbol:
          type: string
    EvaluateResult:
      type: object
      required:
        - allowed
        - triggered
      properties:
        allowed:
          type: boolean
        triggered:
          type: array
          items:
            $ref: '#/components/schemas/TriggeredControl'
    Quantity:
      type: string
    TriggeredControl:
      type: object
      required:
        - scope
        - control_type
        - reason
      properties:
        control_type:
          $ref: '#/components/schemas/ControlType'
        reason:
          type: string
        scope:
          $ref: '#/components/schemas/ControlScope'
    ControlType:
      type: string
      enum:
        - Manual
        - Time
        - Risk
    ControlScope:
      oneOf:
        - type: object
          required:
            - Organization
          properties:
            Organization:
              type: string
              format: uuid
        - type: object
          required:
            - Account
          properties:
            Account:
              type: string
              format: uuid
        - type: object
          required:
            - Symbol
          properties:
            Symbol:
              type: object
              required:
                - account_id
                - symbol
              properties:
                account_id:
                  type: string
                  format: uuid
                symbol:
                  type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    clientCredentials:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Machine bearer token minted via the client_credentials grant.
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key

````