Supergood | Canopy API

Programmatically access Canopy practice management data—clients, engagements, tasks, documents, billing, and IRS transcript workflows—with a stable REST API. Supergood builds and operates production-grade, unofficial Canopy integrations so your team can automate compliance, audit, and back-office processes without heavy custom engineering.

Plain English: Canopy is practice management software for accounting and tax firms. An unofficial API lets you pull client lists, engagement letters, workflows/tasks, documents, invoices/payments, time entries, IRS transcript requests and notices—and push new records or updates back into Canopy.

For a tech company integrating with Canopy—especially a GRC, regtech, or audit startup—this means you can ingest real-time client and engagement data to power compliance dashboards, sync deadlines and tasks into your case management, automate e-sign and document collection from your product, reconcile billing with your ERP/accounting (e.g., QuickBooks, Xero), and pipe IRS transcript results or notices into risk workflows. You can trigger client-facing updates, enforce document retention, route exceptions to audit queues, and keep stakeholder systems (GRC, analytics, CRM, scheduling) in lockstep.

What is Canopy?

Canopy (https://www.getcanopy.com/) is a cloud platform for tax and accounting practice management that centralizes client records, engagements, workflows, document management, billing, payments, time tracking, and IRS transcript/notice handling. Firms use Canopy to onboard clients, create engagement letters, assign and track work, collect documents via a secure portal, obtain e-signatures, log time, send invoices, accept payments, and manage compliance-related IRS tasks.

Core product areas include:

• Client Management and CRM (Client Profiles, Contacts, KYC/Intake, Tags)
• Workflow and Task Management (Tasks, Templates, Assignments, Deadlines)
• Document Management and E-Signatures (Folders, File Exchange, KBA, Envelopes)
• Billing and Payments (Invoices, Time Entries, Payment Processing)
• IRS Transcripts and Notices (Bulk Transcript Requests, CAF/POA Management, Case Tracking)
• Scheduling and Communication (Calendars, Reminders, Messaging)

Common data entities:

• Companies, Users, Roles/Permissions (Staff, Admin, Client Portal Access)
• Clients and Contacts (metadata, entity type, masked tax IDs, addresses)
• Engagements (service line, scope, period, fees, signatures)
• Tasks and Workflow Templates (assignments, status, due dates, checklists)
• Documents (folders, files, versions, signed artifacts)
• E-Sign Envelopes (signers, KBA, status, timestamps)
• Invoices and Payments (line items, balances, methods)
• Time Entries (users, hours, billable status, matters/engagements)
• IRS Transcript Requests (tax years, transcript types, authorization, results)
• Notices and Cases (issue type, deadlines, correspondence, resolutions)

The Canopy Integration Challenge

Accounting practices rely on Canopy daily, but turning portal-based workflows into API-driven automation is non-trivial:

• Role-aware portals: Staff and clients see different data, permissions, and approval states
• Compliance rigor: Engagements, KBA/e-sign, transcript authorizations (POA/TIA), and retention policies need careful handling
• IRS flows: Transcript retrieval depends on time-limited IRS e-Services sessions, CAF numbers, and authorization artifacts
• Authentication complexity: SSO/MFA and session lifecycles complicate headless automation
• Data spread: Key objects span clients, engagements, tasks, documents, billing, transcripts, and notices

How Supergood Creates Canopy APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Canopy tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements and role-based permissions to ensure compliant access

Use Cases

Client & Engagement Data Sync

• Mirror clients, contacts, and engagements into your GRC/audit platform
• Keep engagement scope, service lines, and periods current for compliance reporting
• Normalize statuses, tags, and risk ratings across multi-tenant operations

Evidence & Document Automation

• Trigger document requests and e-sign envelopes for engagement letters from your product
• Ingest signed artifacts, maintain retention schedules, and apply metadata for audit trails
• Attach supporting evidence (workpapers, transcripts, notices) to compliance cases

Compliance Monitoring: IRS Transcripts & Notices

• Initiate and track transcript requests programmatically (Account, Return, W&I)
• Generate alerts when new notices or transcript results arrive; route tasks automatically
• Maintain POA/TIA references and audit logs for end-to-end traceability

Billing, Time, and Accounting Sync

• Pull invoices/payments and reconcile with ERP/accounting (e.g., QuickBooks, Xero)
• Ingest time entries for WIP tracking and SLA metrics
• Automate fee approvals and push updates back to Canopy

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_cpy_91f3a2",
    "name": "Senior Accountant",
    "entitlements": ["clients", "engagements", "tasks", "documents", "billing", "transcripts"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Clients

GET /clients: List clients with filters and summary details.

Query parameters

• status: active | archived | prospect
• entityType: individual | business | trust
• tag: string
• search: string (name, email, masked tax ID)
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "clientId": "cl_7b92e1",
      "displayName": "Jordan Smith",
      "legalName": "Jordan A. Smith",
      "entityType": "individual",
      "taxIdMasked": "XXX-XX-1234",
      "primaryContact": {
        "name": "Jordan Smith",
        "email": "[email protected]",
        "phone": "+1-402-555-0134"
      },
      "address": {
        "line1": "125 Lakeview Ct",
        "city": "Omaha",
        "region": "NE",
        "postalCode": "68130",
        "country": "US"
      },
      "clientTags": ["1040", "KYC-Complete"],
      "riskRating": 2,
      "kycStatus": "complete",
      "portalEnabled": true,
      "createdAt": "2026-01-10T14:22:11Z",
      "updatedAt": "2026-01-20T13:45:00Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

Engagements

POST /clients/{clientId}/engagements: Create an engagement record with scope, fees, and optional e-sign workflow.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/clients/cl_7b92e1/engagements \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "title": "2025 Individual Tax Preparation",
    "serviceLine": "tax",
    "periodStart": "2025-01-01",
    "periodEnd": "2025-12-31",
    "scopeOfWork": "Prepare and file Form 1040 and related schedules",
    "deliverables": ["Form 1040", "State Return", "E-file Confirmations"],
    "billingMethod": "fixed_fee",
    "fixedFee": 850.00,
    "responsibleStaffIds": ["u_cpy_91f3a2"],
    "requiresESign": true,
    "signers": [
      {"name": "Jordan Smith", "email": "[email protected]", "role": "client"}
    ],
    "documents": [
      {"fileName": "engagement_letter.pdf", "uploadToken": "upl_08ab73"}
    ],
    "notifyClient": true,
    "referenceId": "grc-case-2981"
  }'

Example response

{
  "engagementId": "eng_31af80",
  "status": "pending_signature",
  "envelopeId": "env_61b2d0",
  "createdAt": "2026-01-21T11:20:44Z"
}

Tasks

PATCH /tasks/{taskId}: Update task status, due date, assignments, and progress.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/tasks/tsk_7c3d21 \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "status": "in_progress",
    "dueDate": "2026-02-10",
    "assigneeId": "u_cpy_9ab441",
    "labels": ["1040", "KYC"],
    "percentComplete": 50,
    "linkedEngagementId": "eng_31af80",
    "notes": "Awaiting W-2 upload; client notified via portal."
  }'

Example response

{
  "taskId": "tsk_7c3d21",
  "status": "in_progress",
  "dueDate": "2026-02-10",
  "percentComplete": 50,
  "assigneeId": "u_cpy_9ab441",
  "updatedAt": "2026-01-22T08:15:12Z"
}

IRS Transcripts

POST /clients/{clientId}/irs-transcripts/requests: Initiate an IRS transcript request for selected years and types.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/clients/cl_7b92e1/irs-transcripts/requests \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "authorizationType": "POA",
    "cafNumber": "12-34567R",
    "taxYears": [2023, 2024],
    "transcriptTypes": ["account", "wage_and_income"],
    "consentRecordId": "cons_1f9b3c",
    "notifyOnCompletion": true,
    "metadata": {"caseId": "grc-case-2981"}
  }'

Example response

{
  "requestId": "trs_91de40",
  "status": "submitted",
  "estimatedReadyAt": "2026-01-21T15:20:00Z",
  "createdAt": "2026-01-21T11:21:01Z"
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of clients, engagements, tasks, documents, billing, transcripts, and notices
• Security: Encrypted transport, scoped tokens, and audit logging; respects Canopy role-based permissions and KBA requirements
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., transcript completion, e-sign status changes)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume client and engagement sync plus document/e-sign processing
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened Canopy adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as Canopy evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which Canopy modules can this integration cover?

Supergood supports workflows across commonly used modules such as Client Management (CRM, Portal), Workflow (Tasks, Templates), Documents & E-Sign, Billing & Payments, and IRS Transcripts/Notices, subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you sync invoices and payments to our accounting system?

Yes. We can normalize invoices, payment records, and time entries to match your ERP/accounting schema and deliver updates via webhooks or polling while complying with rate and permission constraints. We commonly integrate with QuickBooks and Xero.

Q: Are e-signatures and KBA supported for engagement letters?

Yes. We support creating e-sign envelopes with KBA, downloading signed artifacts, and uploading attachments via signed uploads with checksum validation and time-limited URLs. Signature states are modeled explicitly in our normalized responses.

Q: Can you automate IRS transcript requests and notice intake?

Yes. We can initiate transcript requests, track status, ingest results, and normalize notice data to drive compliance workflows, with audit logs that capture authorization details (POA/TIA) and CAF references.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your Canopy workflows?

Supergood can have your Canopy integration live in days with no ongoing engineering maintenance.

Get Started →