Skip to content
Public API · No Auth Required

PCI Observatory API

Read-only public REST API for integrating PCI Compliance Observatory data into your products, dashboards, and research tools. No authentication required. All responses include provenance metadata.

Base URL:https://grctrack.com
View Observatory
No Authentication
All Observatory endpoints are publicly accessible — no API key required.
Cached Responses
Responses are CDN-cached with stale-while-revalidate for optimal performance.
Typed JSON
All responses follow a consistent { data, meta, asOf, attribution } envelope.

Response Envelope

{
  "data": { /* endpoint-specific typed data */ },
  "meta": {
    "datasetId": "GRCTRACK-BDS-2026-001",
    "methodologyVersion": "2026.1",
    "methodologyId": "GRCTRACK-METH-2026-001",
    "displayMode": "provisional",
    "verificationStatus": "provisional",
    "disclaimer": "Data is provisional — ...",
    "sampleSize": 4721,
    "lastUpdated": "2026-03-09T..."
  },
  "asOf": "2026-03-09T10:00:00.000Z",
  "attribution": "GRCTrack Intelligence"
}

Endpoints

GET/api/intelligence/observatory/overview

Global PCI overview — maturity score, audit hours, cost, automation, risk index snapshot.

Cache: s-maxage=3600Returns: { data: ObservatoryOverview, meta, asOf }
GET/api/intelligence/observatory/maturity

Maturity distribution by industry — P25, industry average, P75, YoY delta.

Cache: s-maxage=3600Returns: { data: ObservatoryMaturityData, meta, asOf }
GET/api/intelligence/observatory/audit-hours

Audit programme hours by industry and region with trend deltas.

Cache: s-maxage=3600Returns: { data: ObservatoryAuditHoursData, meta, asOf }
GET/api/intelligence/observatory/remediation

Remediation delays by industry, PCI requirement hotspots, bottleneck data.

Cache: s-maxage=3600Returns: { data: ObservatoryRemediationData, meta, asOf }
GET/api/intelligence/observatory/compliance-cost

Compliance cost by industry and maturity band — includes automation savings estimates.

Cache: s-maxage=3600Returns: { data: ObservatoryCostData, meta, asOf }
GET/api/intelligence/observatory/automation

Automation adoption rates, historical trend 2019–2026, efficiency relationship.

Cache: s-maxage=3600Returns: { data: ObservatoryAutomationData, meta, asOf }
GET/api/intelligence/observatory/regions

Regional maturity, audit hours, cost, and risk tier data for 7 regions.

Cache: s-maxage=3600Returns: { data: ObservatoryRegionalData, meta, asOf }
GET/api/intelligence/observatory/feed

Latest benchmark signals, trend changes, and methodology/changelog highlights.

Cache: s-maxage=900Returns: { data: ObservatoryFeedData, meta, asOf }
GET/api/intelligence/observatory/export?format=json|csv

Full snapshot export. Use ?format=json (default) or ?format=csv.

Cache: no-storeReturns: Full JSON/CSV download with provenance metadata

Quick Start

Fetch global overview (curl)
curl https://grctrack.com/api/intelligence/observatory/overview
Download full CSV dataset
curl -o pci-benchmarks.csv \
  "https://grctrack.com/api/intelligence/observatory/export?format=csv"
JavaScript / fetch
const { data, meta } = await fetch(
  'https://grctrack.com/api/intelligence/observatory/maturity'
).then(r => r.json());

console.log(data.globalAvg, meta.sampleSize);

Attribution & Usage

All Observatory data is released for attribution-based reuse. When publishing data from these endpoints, cite as:

"GRCTrack Benchmark Dataset 2026 (provisional), N=4,721, grctrack.com/pci-observatory"
→ Methodology Documentation→ Intelligence Changelog Download Full Dataset
← Back to Developer Hub→ PCI Observatory→ Full Intelligence API