Frequently Asked Questions
Getting Started
A short demo video is available on YouTube:Open Foris Whisp - Demo
Yes. Whisp is free and open-source, including the Whisp App/API and the QGIS plugin.
Access and analyze various public geodata layers.
Yes. Whisp is released under the MIT license, which allows commercial use.
No, a GEE account is not required to use the Whisp App/API or QGIS plugin. However, you will need to use your own GEE credentials if you run analyses using the Python notebooks.
Yes, when working with the customizable Python notebooks.
Whisp is free and open-source. It combines multiple datasets rather than relying on a single source, using a “convergence of evidence” approach to assess the risk of non-compliance. The methodology, code (available on GitHub) and input datasets are transparent and publicly available. Users can adapt the Whisp API to their needs and contribute improvements. Whisp also supports collaboration with countries to integrate national datasets.
Generally, your organization does not need a formal agreement with the FAO to integrate Whisp. The solution is free and open-source, released under the MIT license, which expressly allows for integration and commercial use without requiring a specific contract.
Whisp is designed as a part of a Digital Public Infrastructure to be highly interoperable, allowing any user to make calls to its API from their own software.
If your organization’s internal policies require a specific formal document, you should reach out to the Whisp team through the form to discuss your requirements.
Data Input & Processing
Whisp accepts polygons and points geometries. Input data must be provided in GeoJSON or GeoID format.
Multipolygon/multipoint features are automatically split into single features (i.e. one row per polygon/point).
To avoid unexpected results, we recommend splitting multipart features into single parts before using Whisp. Tools such as GeoRoots can help prepare and clean your data: https://georoots.eu/
Whisp processes data in the coordinate Reference System EPSG:4326.
If your data uses a different projection, it may be automatically converted to this CRS standard. However, in some cases, this could lead to errors. For best results, we recommend converting your data to EPSG:4326 before uploading.
Support for preserving input attributes in the API is currently under development. In the meantime, this functionality is available through the QGIS plugin.
Note: if multipart features are present, unique IDs in your input may no longer remain unique after processing.
There is no fixed limit if you use the Python notebooks with your own credentials.
The following limits apply to the Whisp API and reflect current availability and infrastructure capacity. As Whisp is a public open API, these values may be adjusted over time to balance performance, fairness, and service stability.
Geometry limits:
- Up to 5,000 geometries per request in asynchronous mode (async=true)
- Up to 250 geometries per request in synchronous mode (async=false)
Processing timeouts:
- 600 seconds for synchronous requests
- 90 seconds for synchronous requests
Rate limits are applied per API key (default: 30 requests per 60 seconds), with a default maximum of 2 concurrent running jobs.
Note: These limits represent the current defaults and are subject to change as we continue to scale and optimize the Whisp API. We may raise or lower them in response to demand, infrastructure updates, or to ensure fair access for all users. Check the Whisp API documentation page for the most up-to-date values.
Yes.
- Up to 250 polygons or points per request in synchronous mode (async=false)
- Up to 5,000 polygons or points per request in asynchronous mode (async=true)
Larger datasets or complex workflows can be processed using Python notebooks with your own GEE credentials.
Yes, 5,000 geometries is the maximum per single API request in asynchronous mode. However, you can split larger datasets into multiple requests of up to 5,000 geometries each and submit them sequentially or with a delay between calls. Keep in mind that rate limits apply per API key (default: 30 requests per 60 seconds, with a maximum of 2 concurrent running jobs), so plan your batching strategy accordingly. These limits may be adjusted over time as the service scales.
Yes. You can split your dataset into chunks of up to 5,000 geometries and submit them as separate asynchronous requests using an API client such as Postman or via the Whisp web app.
For very large datasets processed on a regular basis, we recommend reaching out to the Whisp team to discuss options — including assisted onboarding to the Python notebooks, which have no fixed geometry limit and run with your own Google Earth Engine credentials.
Whisp samples all layers at 10m resolution, matching the finest-resolution datasets in the stack (10m × 10m pixels). This happens on the fly in the zonal statistics step in GEE, by setting the scale parameter to 10 in reduceRegions. Lower-resolution layers (e.g. 30m Hansen) are read at every 10m sample point, so their pixel values get repeated across the relevant cells.
There will of course be some small differences compared to using each layer at its native resolution, but these are typically negligible (<1%). It is a trade-off for speed and performance. We would be happy to receive feedback if this approach is not acceptable for your use case
Integration & Customization
Whisp can be used directly in QGIS through the dedicated QGIS plugin. You can also import results as GeoJSON, or points from the centroids, or plots using the geometry attributes in the output.
The Whisp code is open source. All its components can be modified, in particular:
- The Python package https://pypi.org/project/openforis-whisp,
- The notebooks https://github.com/forestdatapartnership/whisp/blob/main/notebooks/
- The API built https://github.com/forestdatapartnership/whisp-app
Yes. You can either request the inclusion of new datasets or integrate your own data using the Python notebooks. More information is available in the GitHub documentation (‘ adding data to Whisp’) here.
You can either submit a dataset request in GitHub or customize the decision tree yourself using the Python notebooks.
You can customize the source datasets and decision tree using the Python notebooks. You can also implement your own decision tree with simple Excel files on top of the Whisp zonal statistics.
Whisp provides a REST API that accepts geometries in GeoJSON or WKT format and returns per-feature risk indicators. Full interactive API documentation is available at whisp.openforis.org/documentation/api-guide
To get started:
- Get an API key — Register at whisp.openforis.org to obtain your API key and include it as X-API-KEY in the header of every request
- Choose your input format — Submit geometries either as a GeoJSON FeatureCollection via POST /api/submit/geojson, or as a WKT string via POST /api/submit/wkt
- Choose your processing mode — Set async=true in analysisOptions for background processing (recommended for larger batches), or async=false for an immediate response
- Poll for results — For asynchronous requests, use the token and statusUrl returned in the response to check progress via GET /api/status/{token} until the status is analysis_completed
Yes. Please suggest improvements via GitHub issues.
Whisp is a public open API available under the MIT License, which permits free use and integration for commercial purposes.
To integrate, use the REST API to submit farm boundaries as GeoJSON or WKT, and retrieve results via the status endpoint. Use async=true for production workloads. Default rate limits apply per API key; contact the Whisp team if your use case requires higher limits.
For self-hosted deployments without rate limit constraints, the Whisp source code is openly available and can be run with your own Google Earth Engine credentials.
Yes, indirectly. Whisp does not connect to cadaster systems directly, but you can link your cadaster data to Whisp results through the externalIdColumn field in analysisOptions to reference the property name in your GeoJSON that contains your cadaster parcel identifier. Whisp will include that identifier in the results, allowing you to directly join the risk analysis output back to your cadaster records.
Yes. You can include custom spatial layers (drone imagery, land-tenure maps, or any other rasterised dataset) alongside the Whisp stack and modify the decision trees in the notebooks to produce a custom risk analysis. The layer needs to be uploaded to GEE as a GeoTIFF image asset and formatted as a binary layer (pixel values of 0 or 1, where 1 marks the presence of the feature). You'll also need a GEE Cloud Project (registered for commercial use if it's for trade-related compliance) and some Python and GEE experience.
We are extending this flexibility to the Web-App and API so the barriers are lower in future.
Currently the ability to run modified Whisp analyses is found only in the notebook pathway, and for which there is no way to flag if the analysis was standard or customised. However, as such capabilities are likely to be extended to the Web app and API we are looking to include a flag column or similar to highlight when a standard or custom analysis has been run. One approach would be to allow anyone checking the outputs, e.g. for regulation compliance, to compare them to a rerun of standard analysis in Whisp for comparison.
Currently the only way to run a modified Whisp analysis is via the notebook pathway, and there's no flag in the output to say whether a standard or customised run was used. As the modification capability is extended to the Web App and API, we are looking to add a flag column (or similar) so that the standard vs custom status is visible in the output. It is not possible to rule out people tampering with results, at least not in the open and widely used data formats used in Whisp. If another party were checking the results however, they could rerun a standard analysis and see if the results are the same.
Data Security & Privacy
Yes. Whisp adopts strong security measures before analysing data, including:
- Secure password hashing (bcrypt)
- Encrypted authentication (JWT tokens in HttpOnly/Secure/SameSite=Strict cookies)
- access controls/CORS restrictions and rate limiting, and a strong password policy.
No tracking or advertising cookies are used.
The geospatial analysis runs entirely server-side. The frontend does not communicate directly with Google Earth Engine (GEE), and no personal data (e.g. names, emails, IP addresses, or user IDs) is shared with GEE. For further information, please review the Data anonymisation in WHISP and its analysis using Google Earth Engine.
Geometries are stored temporarily on the server filesystem for the duration of the analysis, but are not permanently saved. Temporary files are automatically deleted (typically within 10 minutes), and each request is associated with a random identifier (UUID), with no user-identifiable information. Only geometry coordinates and technical parameters (e.g. nationalCodes, unitType) are sent to Google Earth Engine (GEE) — never user IDs, emails, IPs, or API keys. GEE acts purely as a computation engine and does not store any WHISP user personal data. The architecture enforces a clear separation between user account data and geospatial processing. For further information, please review the Data anonymisation in WHISP and its analysis using Google Earth Engine.
Yes, but only operational metadata is recorded. Each request creates a job record with:
- Request type (UIi or APIi)
- IP address
- API version and endpoint
- Analysis options
- Feature count and processing status
- Timestamps
Your geometries are not logged in the database. IP addresses are automatically anonymised (nullified) after a configurable retention period (default: 90 days). Standard application logs capture request metadata (IP, method, path, user-agent) for debugging and security, subject to log rotation.
Results, Datasets & Risk Assessment
The GitHub README file provides guidance on interpreting output field and risk classifications.
No, you do not need a license, both offer free versions, but they have different restrictions on data privacy and sharing:
- Power BI: The software is free to download and use, and you can build reports and dashboards and share the Power Bi file with anyone. You need a paid license however to share interactive reports securely or publicly online, or via Sharepoint for example.
- Tableau Public: The software is free to download and use either online or locally on your machine, but it is designed to automatically publish your work online to the public, so anyone can see your dashboard. While you can restrict the downloading of the raw data, the visualisation is public. You must buy a license to keep your data private.
- Tableau Desktop Free Edition: The software is free to download and use, and you can create unlimited visualizations on your local machine, without the ability to share.
Summary: For private data, use free Power BI or Tableau Desktop Free Edition locally. For public data or online sharing, use Tableau Public, or a paid Power BI subscription.
Yes. Results may change as underlying datasets are updated or improved. This helps ensure assessments remain as accurate and up to date as possible.
The list of datasets included in the default configuration is continuously updated and publicly available on GitHub.
WhispMap is the interactive web map interface of Open Foris Whisp. It allows users to visualize, explore, and analyse plot-level information and risk assessment results directly on a map using multiple geospatial datasets related to forests, land use, commodities, and deforestation. Access WhispMap
https://whisp.openforis.org/
Yes. WhispMap already includes a beta AI-assisted explanation feature designed to help users better understand risk classifications in simple, user-friendly language. The solution is currently being further developed to provide clearer contextual explanations of identified risks and the datasets contributing to the assessment.
There another chatbot specifically developed for cocoa - giz
| Risk Assessment Column | Commodity | Description |
|---|---|---|
| Risk_PCrop | Coffee, cocoa, rubber, oil palm | Perennial crop deforestation risk |
| Risk_ACrop | Soy | Annual crop deforestation risk |
| Risk_Livestock | Livestock | Livestock driven deforestation risk (coming soon) |
| Risk_Timber | Timber | Timber extraction deforestation risk |
You can analyze multiple commodities together and then select the risk column for that commodity, or filter results by commodity as needed.
In short answer, the difference is evidence of tree loss after 2020. The longer version gives some context to this:
'High risk' means evidence of tree loss on the plot after end-2020, consistent with deforestation under regulations like the EUDR.
A plot reaches 'low risk' via one of three paths: no tree cover at end-2020, a commodity dataset detects crop production at end-2020, or (PCrop only) a pre-2020 disturbance suggests the plantation was established before the cutoff.
'More info needed' is what's left when none of those fire: tree cover present, no commodity detected, no disturbance either side of 2020. The plot might be legitimate agroforestry (recognised as not-forest for EUDR for example), natural forest, or undetected clearance. It's a request for evidence, not a rejection.
We're open to suggestions, including useful datasets to add or ways to improve the decision trees. The decision trees and risk indicators are pointers as to where the evidence may suggest risk, but there are many ways to interpret it. On that note, the table of zonal statistics for each dataset is itself an important resource: with the right understanding of it, a user can build their own risk analysis and evidence for compliance.
Can we audit our own sourcing areas with public, verifiable data?Yes. Whisp's analysis runs entirely on publicly available datasets (e.g. JRC TMF, Hansen Global Forest Change, RADD alerts, FDaP commodity maps), and the processing code is open source. Anyone with the input plot geometries can rerun the same analysis and reproduce the results. The list of underlying datasets is here, so a third party auditing the sourcing can verify each result against the same evidence base.
Whisp applies the FAO forest definition, as used in the EU Deforestation Regulation (EUDR):
- Minimum area: 0.5 hectares
- Tree height: at least 5 meters at maturity.
- Canopy cover: more than 10% of the land (or equivalent stocking level)
This is consistent with the definition used in the JRC EUFO global forest layer.
Whisp aims to include any global or regional datasets that cover relevant time periods, areas, and resolutions, and that are useful for assessing deforestation or commodity-related risk. Users can request datasets by logging an issue here Issues · forestdatapartnership/whisp · GitHub
National datasets can also be added through dialogue with countries and national partners, where they help complement the global layers.
In terms of which datasets are actively used, some are kept in the output tables for transparency or reanalysis, even if they are not used in the default risk decision trees. This may be because they showed high commission error (i.e., could create false positives), or were intended mainly as contextual layers. Dataset inclusion, especially in the risk decision trees is decided by the Whisp team, and we are actively working towards a more transparent approach.
Datasets used in the risk decision trees, as well as the data theme they represent can be viewed in the CSV export here https://whisp.openforis.org/reference/result-fields and searching for the Theme and use_for_risk columns. In the Whisp App, the outputs can be filtered to only show the risk fields that are used in the decision trees. Select columns > Risk fields only:
https://whisp.openforis.org/
Accuracy depends on the original data source. Users should consult the data list and associated metadata to see if data products have been systematically validated.
Deforestations-free regulations compliance, Governance & Support
You can use Whisp to support due diligence reports, but there is no certification involved. Compliance with the EUDR falls solely within the responsibility of competent authorities within the EU state members.
No, it can only be used as a support of due diligence statements.
Whisp is mentioned as one of the tools that can be used to support due diligence, specifically on the question 9.10.6. (page 92) of the 5th FAQ on EUDR implementation as an example of Geographic Information Systems can be used to intersect point or polygon data with
Please feel free to get in touch with us directly via the contact form or report issues via the GitHub issues page.