Supergood | CapLinked API

Programmatically access CapLinked virtual data rooms, documents, participants, Q&A threads, and audit activity with a stable REST API. Supergood builds and operates production-grade, unofficial CapLinked integrations so your team can automate deal workflows without heavy custom engineering.

Plain English: CapLinked is secure virtual data room (VDR) software used by M&A teams, private equity, venture capital, legal, and corporate development to share sensitive documents, manage permissions, run Q&A during diligence, and maintain audit trails. An unofficial API lets you programmatically pull workspace lists, folders and documents (with DRM/watermark metadata), participants and groups, Q&A questions/answers, and activity logs—and push new files, update permissions, create Q&A entries, and trigger announcements directly into CapLinked.

For a tech company integrating with CapLinked, this means you can ingest real-time data room structure and participant access to power dashboards, sync deal documents to storage/ECM, automate Q&A flows from your product, and keep ERP/CRM/legal matter systems aligned. You can also enforce NDA and confidentiality group rules at scale, provision access windows for invitees, watermark files consistently, and export audit trails for compliance reporting.

What is CapLinked?

CapLinked (https://www.caplinked.com/) is a cloud platform for secure document sharing and collaboration across financial transactions and corporate projects. Teams use CapLinked to set up private data rooms, upload and protect files with DRM and watermarks, manage users and groups with granular permissions, run structured Q&A for diligence, and track all activity via audit logs.

Core product areas include:

• Data Rooms & Workspaces (structure, folders, statuses)
• Document Management (uploads, versions, DRM, watermarking, expiry)
• Permissions & Participants (roles, groups, confidentiality controls, NDAs)
• Diligence Q&A (threads, assignments, visibility rules, attachments)
• Activity & Auditing (views, downloads, edits, announcements)

Common data entities:

• Workspaces/Data Rooms (metadata, owners, status, deal type)
• Folders and Documents (names, versions, checksums, DRM/watermark policies)
• Participants (users, roles, groups, NDA acceptance)
• Groups and Confidentiality Rings (access scopes, visibility constraints)
• Q&A Threads (questions, answers, categories, assignees, status)
• Activity Events (view/download timestamps, IP/device, actor)
• Announcements/Invitations (messages, delivery status)

The CapLinked Integration Challenge

Deal teams rely on CapLinked daily, but turning portal-centric workflows into API-driven automation is non-trivial:

• Layered permissions: Roles, groups, and confidentiality rings govern what users can see, ask, and download
• DRM/watermark controls: Time-limited access links, watermark personalization, and download restrictions complicate headless flows
• Q&A confidentiality: Visibility differs across askers, responders, and reviewer groups; careful mapping is required
• Authentication complexity: SSO/MFA and short-lived viewing sessions make stable automation challenging
• Large-file handling: Chunked uploads, virus scanning, and document processing introduce latency and state transitions
• Exports and automation limits: Teams often report friction with bulk exports, lack of webhooks, or API access gated behind enterprise plans, making integrations costlier than expected

How Supergood Creates CapLinked APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your CapLinked tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements, confidentiality groups, and role-based permissions to ensure compliant access

Use Cases

Data Room & Participant Sync

• Mirror workspaces, folders, and participant rosters into your internal systems
• Keep workspace metadata current for analytics, pipeline tracking, and reporting
• Normalize roles, groups, and access windows across multi-tenant operations

Document Management & DRM Controls

• Upload files with consistent watermark/DRM policies and expiration dates
• Generate time-bound viewing permissions aligned to NDA status
• Sync document versions and tags with ECM/DMS platforms

Q&A & Diligence Workflow Automation

• Create questions, assign to responder teams, and track statuses from your product
• Push answers and attachments while respecting confidentiality rings
• Trigger SLA alerts and route escalations to deal coordinators

Security & Compliance Reporting

• Export activity logs for audits and regulatory filings
• Detect anomalous download patterns and enforce stricter controls
• Reconcile NDA acceptance and access changes across stakeholders

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_cl_729c10",
    "name": "Deal Manager",
    "entitlements": ["workspaces", "documents", "participants", "qna", "activity"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Workspaces

GET /workspaces: List data rooms with filters and summary details.

Query parameters

• ownerCompanyId: string
• status: open | closed | archived | draft
• dealType: mna | fundraising | real_estate | partnership | other
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "workspaceId": "ws_2a91f0",
      "name": "Project Falcon Diligence",
      "dealType": "mna",
      "status": "open",
      "ownerCompanyName": "Acme Capital Partners",
      "createdAt": "2026-01-10T09:12:00Z",
      "updatedAt": "2026-01-20T13:45:00Z",
      "participantCount": 37,
      "documentCount": 418,
      "drmPolicy": {
        "requireWatermark": true,
        "restrictDownload": true,
        "expireAfterDays": 30
      },
      "confidentialityGroups": ["Buy-Side", "Sell-Side", "Legal"],
      "qnaEnabled": true
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

Documents

POST /workspaces/{workspaceId}/documents: Upload a document with DRM and watermark settings.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_2a91f0/documents \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "folderId": "fld_08ab73",
    "fileName": "financials_q4_2025.pdf",
    "sizeBytes": 2837421,
    "sha256": "7f1d99...",
    "uploadToken": "upl_08ab73",
    "tags": ["financials", "confidential"],
    "drm": {
      "restrictDownload": true,
      "watermarkText": "Confidential - Acme Capital",
      "expiresAt": "2026-03-01T00:00:00Z"
    },
    "notifyParticipants": false
  }'

Example response

{
  "documentId": "doc_90e412",
  "versionId": "ver_1",
  "status": "processing",
  "processing": {
    "antivirus": "queued",
    "drm": "queued"
  },
  "createdAt": "2026-01-21T10:03:11Z"
}

Participants & Permissions

PATCH /workspaces/{workspaceId}/participants/{participantId}: Update participant role, group membership, and folder-level permissions.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_2a91f0/participants/pt_7c3d21 \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "role": "viewer",  
    "groupIds": ["grp_buyside"],
    "allowDownload": false,
    "accessWindow": { "start": "2026-01-22T00:00:00Z", "end": "2026-02-15T23:59:59Z" },
    "folderPermissions": [
      {"folderId": "fld_finance", "canView": true, "canDownload": false},
      {"folderId": "fld_legal", "canView": true, "canDownload": false}
    ],
    "ndaAccepted": true,
    "notes": "Adjusted access per counsel request."
  }'

Example response

{
  "participantId": "pt_7c3d21",
  "role": "viewer",
  "groupIds": ["grp_buyside"],
  "allowDownload": false,
  "accessWindow": { "start": "2026-01-22T00:00:00Z", "end": "2026-02-15T23:59:59Z" },
  "updatedAt": "2026-01-22T08:15:12Z"
}

Q&A Threads

POST /workspaces/{workspaceId}/qa/questions: Create a diligence question with confidentiality controls and assignments.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_2a91f0/qa/questions \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "title": "Clarify revenue recognition policy",
    "body": "Please provide detail on ASC 606 adoption and contract modifications.",
    "category": "Accounting",
    "confidentialToGroupIds": ["grp_buyside"],
    "assignToTeamId": "team_sellside_finance",
    "attachments": [
      {"fileName": "example_contract.pdf", "uploadToken": "upl_7fa223"}
    ],
    "referenceId": "crm-opp-2981"
  }'

Example response

{
  "questionId": "qa_51af80",
  "status": "open",
  "createdAt": "2026-01-21T11:20:44Z"
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of workspaces, documents, participants, Q&A, and activity logs
• Security: Encrypted transport, scoped tokens, and audit logging; respects CapLinked role-based permissions and confidentiality groups
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., document processing, Q&A answers)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load; uploads reflect antivirus/DRM processing states
• Throughput: Designed for high-volume document syncs and participant updates across multiple workspaces
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions; chunked upload support for large files
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened CapLinked adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as CapLinked evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which CapLinked modules can this integration cover?

Supergood supports workflows across commonly used modules such as Data Rooms (Workspaces, Folders, Documents), Permissions (Participants, Groups, Confidentiality Rings), Diligence Q&A (Questions, Answers), and Activity/Audit Logs, subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you enforce DRM and watermark settings programmatically?

Yes. We can apply document-level DRM and watermarks, generate time-limited access windows, and respect download restrictions. Policies are modeled explicitly in our normalized responses and write operations.

Q: Can you export activity logs and Q&A for compliance?

Yes. We can normalize and deliver audit trails (views/downloads, IP/device), plus Q&A threads and answers, via polling or webhooks while complying with permission constraints. Bulk exports are supported with pagination and filters.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your CapLinked workflows?

Supergood can have your CapLinked integration live in days with no ongoing engineering maintenance.

Get Started →