Supergood | CCH ProSystem fx Document API

Programmatically access CCH ProSystem fx Document file cabinets, engagement binders, routed approvals, retention policies, and client portal distributions with a stable REST API. Supergood builds and operates production-grade, unofficial ProSystem fx Document integrations so your team can automate audit, compliance, and client delivery workflows without heavy custom engineering.

Plain English: CCH ProSystem fx Document is document management software from Wolters Kluwer built for accounting and audit firms. An unofficial API lets you programmatically pull client and engagement folders, search and download documents with metadata and versions, start routing sheets for approvals, manage check-in/check-out states and retention policies, and publish deliverables to the client portal.

For a regtech, GRC, or audit startup integrating with ProSystem fx Document, this means you can ingest real-time engagement evidence and workpapers, trigger policy attestations and sign-offs, auto-route documents to approvers, push updated manuals or SOC evidence into the binder, and publish final reports securely to clients. You can enrich your product with audit trail data (who accessed, edited, approved), automate retention and legal holds, synchronize tasks to your workflow engine, and keep stakeholder systems (GRC, analytics, ERP, CRM) in lockstep.

What is CCH ProSystem fx Document?

CCH ProSystem fx Document (https://support.cch.com/oss/ml/productsupport/product?id=88) is Wolters Kluwer’s enterprise-grade document management system for accounting and audit firms. It centralizes client documents, engagement binders, approvals, retention policies, and portal publishing, integrating with the broader ProSystem fx Suite (e.g., Engagement, Practice, Tax) and often with CCH Axcess cloud modules.

Core product areas include:

• Document Management (File Cabinets, Folders, Metadata/Indexing, OCR, Versions, Check-In/Check-Out)
• Engagement Integration (Binders, Workpapers, References to Engagement IDs, Staff Roles)
• Workflow & Approvals (Routing Sheets, E-signatures, Notifications, Escalations)
• Client Portal Distribution (Publish Final Reports, Secure Sharing, Expiration Controls)
• Security & Compliance (Role-Based Permissions, Legal Holds, Retention Policies)
• Search & Audit Trails (Full-Text/OCR Search, Event History, Access Logs)

Common data entities:

• Firms, Offices, Users, Roles/Permissions (Partners, Managers, Staff)
• Clients (profile, IDs, tax/EIN, office assignment)
• File Cabinets and Folders (hierarchy, paths, security class)
• Documents (metadata, types, versions, status, tags)
• Routing Sheets (approval workflows, steps, actions, due dates)
• Retention Policies and Legal Holds (policy IDs, destruction date)
• Engagement Binders (links to binders and workpapers)
• Portal Shares (published items, visibility, expiry)
• Audit Events (create/update/approve/download history)

The ProSystem fx Document Integration Challenge

Accounting and audit teams rely on ProSystem fx Document every day, but turning portal-first and binder-centric workflows into API-driven automation is non-trivial:

• Check-In/Check-Out Semantics: Version locking and exclusive edits require careful state management
• Role-Aware Security: Staff permissions, office boundaries, and client-level access govern visibility
• Mixed Deployments: On-premise and cloud variants, plus SSO/Active Directory and MFA complicate headless automation
• Compliance Rigor: Retention policies, legal holds, and approval artifacts must be modeled explicitly
• Context Spread: Key information spans clients, file cabinets, engagement binders, routing sheets, and portal shares

How Supergood Creates ProSystem fx Document APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your ProSystem fx Document tenant.

• Handles username/password, SSO/OAuth/AD, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements and role-based permissions to ensure compliant access

Use Cases

Evidence Collection & Binder Sync

• Mirror engagement folders and document metadata into your GRC platform
• Auto-ingest evidence from your product (screenshots, exports, logs) and file to the correct binder path
• Maintain version history, check-in/out states, and audit trails for testing documentation

Policy Management & Attestations

• Push updated policies and procedures to relevant cabinets and folders
• Create routing sheets for manager/partner approvals and staff attestations
• Track approval SLAs, escalate overdue steps, and archive signed artifacts

Client Deliverables & Portal Publishing

• Publish final reports, SOC packages, or tax deliverables to the client portal with expiry controls
• Notify stakeholders and log downloads for compliance reporting
• Synchronize deliverable statuses with CRM or ERP

Retention & Legal Hold Automation

• Apply retention policies programmatically and set legal holds during investigations
• Generate destruction dates and hold overrides while preserving audit history
• Align retention schedules with your enterprise records program

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth/AD when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_psfx_301a9c",
    "name": "Audit Manager",
    "entitlements": ["cabinets", "documents", "routing", "portal", "retention"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Documents

GET /documents: Search and list documents across file cabinets and engagement folders with rich filters.

Query parameters

• clientId: string
• cabinetId: string
• folderPath: string (e.g., "/Engagements/2025/Audit/Planning")
• documentType: string (e.g., "workpaper", "report", "policy")
• status: checked_in | checked_out | archived
• tags: comma-separated string (e.g., "SOC1,control-testing")
• updatedFrom, updatedTo: ISO 8601 timestamps
• includeMetadata: boolean
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "documentId": "doc_58af21",
      "title": "Revenue Testing Sample",
      "fileName": "rev_testing_sample.xlsx",
      "version": 3,
      "status": "checked_in",
      "clientId": "cl_8273",
      "cabinetId": "cab_fin_audit",
      "folderPath": "/Engagements/2025/Audit/Testing",
      "documentType": "workpaper",
      "tags": ["control-testing", "revenue"],
      "retention": { "policyId": "ret_std_7y", "destroyDate": "2032-12-31", "onHold": false },
      "securityClass": "firm_staff",
      "checkedOutBy": null,
      "createdAt": "2026-01-14T09:25:11Z",
      "modifiedAt": "2026-01-20T16:02:43Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

POST /documents: Upload a document with metadata and retention settings.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/documents \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "clientId": "cl_8273",
    "cabinetId": "cab_fin_audit",
    "folderPath": "/Engagements/2025/Audit/Testing",
    "title": "Control Matrix - Q4",
    "documentType": "workpaper",
    "tags": ["control-matrix", "q4"],
    "retentionPolicyId": "ret_std_7y",
    "engagementBinderId": "eng_2025_fin",
    "uploadToken": "upl_0a9f7c", 
    "sourceSystemId": "grc-ctrl-9821",
    "notes": "Imported from GRC system after test execution."
  }'

Example response

{
  "documentId": "doc_6b9420",
  "version": 1,
  "status": "checked_in",
  "createdAt": "2026-01-21T12:41:07Z"
}

Routing Sheets

POST /routing-sheets: Create an approval workflow (routing sheet) for a document with steps and due dates.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/routing-sheets \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "documentId": "doc_6b9420",
    "name": "Q4 Control Matrix Approval",
    "dueDate": "2026-02-05",
    "requiresSignature": true,
    "finalizeOnComplete": true,
    "steps": [
      {"userId": "u_psfx_mgr_1001", "role": "manager", "action": "approve", "dueDate": "2026-01-28", "required": true},
      {"userId": "u_psfx_ptn_0023", "role": "partner", "action": "sign", "dueDate": "2026-02-05", "required": true}
    ],
    "notify": {"email": true, "reminders": {"daysBefore": 2}}
  }'

Example response

{
  "routingSheetId": "rs_931b7f",
  "status": "in_progress",
  "currentStepIndex": 0,
  "createdAt": "2026-01-21T12:42:55Z"
}

Portal Publishing

POST /documents/{documentId}/shares: Publish a document to the client portal with visibility and expiry controls.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/documents/doc_6b9420/shares \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "clientId": "cl_8273",
    "title": "Final Audit Report - 2025",
    "message": "Your final report is now available.",
    "visibleTo": ["client_admin", "client_manager"],
    "expiresAt": "2026-03-01T00:00:00Z",
    "requireAcknowledgment": true
  }'

Example response

{
  "shareId": "shr_44ce90",
  "status": "published",
  "portalUrl": "https://portal.cch.com/clients/cl_8273/documents/shr_44ce90",
  "createdAt": "2026-01-21T12:45:10Z"
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth/Active Directory where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of clients, cabinets, documents, routing sheets, and portal shares
• Security: Encrypted transport, scoped tokens, and audit logging; respects ProSystem fx Document role-based permissions
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., approvals, portal downloads)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume document search, upload, and approval routing
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened ProSystem fx Document adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as ProSystem fx Document evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which ProSystem fx Document modules can this integration cover?

Supergood supports workflows across commonly used modules such as Document Management (File Cabinets, Folders, Documents), Workflow & Approvals (Routing Sheets, E-signatures), and Client Portal Publishing, subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA, SSO, and Active Directory handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth or Windows-integrated authentication (AD) when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you maintain check-in/check-out and version integrity?

Yes. We model document states explicitly and enforce idempotent updates to preserve version history. Check-out locks and check-in actions are synchronized to prevent conflicts.

Q: Do you support retention policies and legal holds?

Yes. We can apply policy IDs, set/deset legal holds, compute destruction dates, and track retention changes with audit logging while respecting firm permissions.

Q: Can we publish deliverables to the client portal and track acknowledgments?

Yes. We support portal sharing with visibility scopes, expiry dates, and optional acknowledgments, and can stream download events back to your systems via webhooks.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your ProSystem fx Document workflows?

Supergood can have your ProSystem fx Document integration live in days with no ongoing engineering maintenance.

Get Started →