Base URL
All API requests are made to:Authentication
The API uses OAuth 2.0 client credentials for authentication. You’ll exchange yourclient_id and client_secret for a Bearer token, then include it in every request.
See the Authentication guide for the full walkthrough.
Versioning
The API is versioned via the URL path (/v1). Breaking changes will be introduced under a new version number. Non-breaking additions (new fields, new endpoints) may be added to the current version without notice.
Response format
All resource responses use the JSON:API serialization format:pagination object alongside data:
Errors
Errors follow the RFC 9457 Problem Details format:request_id field is useful when contacting support.
Rate limits
The API enforces a limit of 600 requests per minute per IP address. If you exceed this limit you will receive a429 Too Many Requests response.
Scopes
Access tokens can have the following scopes:| Scope | Description |
|---|---|
read | List and retrieve resources. |
write | Create resources (documents, requests, webhooks). |
read write | Both read and write access. |
scope if you only need read access and your OAuth application is scoped to read or write — it defaults to read. If your application has the read write scope, you must specify scope explicitly. See Authentication for details.
Resources
| Resource | Description |
|---|---|
| Repository Documents | Upload and manage documents in your repository. |
| Workflows | List your company’s workflows and inspect their schemas. |
| Requests | Create legal requests and monitor their lifecycle. |
| Webhooks | Subscribe to events like execution_complete. |