Supergood | Firmex API
Programmatically access Firmex data rooms, documents, permissions, Q&A, and audit activity with a stable REST API. Supergood builds and operates production-grade, unofficial Firmex integrations so your team can automate secure file sharing and deal workflows without heavy custom engineering.
Plain English: Firmex is a virtual data room (VDR) used for M&A due diligence, fundraising, and regulated document sharing. An unofficial API lets you pull lists of data rooms and folders, index and download documents with metadata, manage users and group permissions, push Q&A questions and answers, and export audit trails—programmatically and at scale.
For a tech company integrating with Firmex, this means you can sync data rooms into your platform, mirror folder structures and documents into your DMS, auto-provision users and permission sets, automate buy-side/sell-side Q&A from your workflow tool, and stream audit logs to a SIEM or analytics store. You can also build features like deal dashboards, status alerts on Q&A, bulk archive exports, and compliance reporting across portfolios.
What is Firmex?
Firmex (https://www.firmex.com/) is a cloud-based virtual data room platform focused on secure document sharing and due diligence for M&A, private equity, corporate development, legal, and compliance teams. Organizations use Firmex to host data rooms, granularly permission users and groups, watermark and restrict files, conduct structured Q&A, and maintain comprehensive audit trails.
Core product areas include:
- Data Rooms & Projects (room creation, status/expiry, NDA gates, branding)
- Documents & Folders (versioned uploads, structured indexing, bulk actions)
- Users, Groups & Permissions (role-based access, view/download/print controls, expiry and watermark policies)
- Q&A (question queues, categories, assignments, buyer/seller visibility, attachments)
- Audit & Reporting (viewer/download logs, exports, room activity reporting)
Common data entities:
- Companies, Users, Groups, Roles (internal team, buyers, sellers, advisors)
- Data Rooms/Projects (metadata, owners, status, expiry, branding)
- Folders & Documents (versions, checksums, size, watermarking, viewer policies)
- Q&A Threads/Questions (status, categories, visibility, assigned teams)
- Audit Events (view, download, upload, permission change, Q&A actions)
The Firmex Integration Challenge
VDRs like Firmex are built for portal-first security and user-driven workflows, which makes automation tricky:
- Permission nuance: Rights vary by user/group, room, and folder (view, download, print, watermark, expiry), and inherit across nested structures
- Q&A gating: Buyer/seller visibility, categories, and approvals must be respected; data often exportable but not easily queryable
- Export friction: Full room archives and audit exports can be slow, manual, or rate-limited; bulk downloads may stall or produce inconsistent structures
- Authentication complexity: SSO/MFA, session lifecycles, and regional tenancy complicate headless integrations
- Data spread: Documents, versions, and audit trails live across multiple screens with important context embedded in UI-only views
We also hear from teams that official export tools can be clunky, APIs (when available) are limited or costly, and automation requires repetitive manual steps that don’t scale during fast-moving deals.
How Supergood Creates Firmex APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Firmex tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across rooms
- Aligns with customer entitlements and role-based permissions to ensure compliant access
Use Cases
Data Room & Document Sync
- Mirror rooms, folders, and documents into your DMS or cloud storage
- Keep metadata, versions, and checksums aligned for integrity and de-duplication
- Normalize folder paths and policies for portfolio-wide analytics
Users, Groups & Permissions Automation
- Auto-provision users and groups with preconfigured access templates
- Enforce consistent watermark/print/download rights across folders
- Apply expirations and NDAs at scale during deal phases
Q&A Workflow Orchestration
- Create questions from your workflow tool and route to seller teams
- Track statuses and due dates, notify assignees, and attach supporting files
- Export Q&A threads for post-deal archives and knowledge bases
Audit & Compliance Reporting
- Stream view/download/upload events to your SIEM or data warehouse
- Generate room-level activity reports and evidence of controls
- Schedule archive exports with folder structure and metadata preserved
Available Endpoints
Authentication
POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/sessions \
--header 'Authorization: Basic <Base64 encoded token>' \
--header 'Content-Type: application/json' \
--data '{
"username": "[email protected]",
"password": "<password>",
"mfa": { "type": "totp", "code": "123456" }
}'
Example response
{
"authToken": "eyJhbGciOi...",
"expiresIn": 3600,
"user": {
"id": "u_frmx_29ab71",
"name": "Deal Manager",
"entitlements": ["rooms", "documents", "permissions", "qna", "audit"]
}
}
Data Rooms
GET /data-rooms: List data rooms with filters and summary details.
Query parameters
- ownerId: string
- status: active | archived | pending
- tag: string (e.g., "sell-side", "buy-side")
- updatedFrom, updatedTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"roomId": "rm_7f21a0",
"name": "Project Falcon Sell-Side",
"status": "active",
"ownerId": "u_frmx_29ab71",
"ownerName": "Deal Manager",
"participantsCount": 42,
"documentsCount": 1287,
"totalSizeBytes": 987654321,
"ndaRequired": true,
"watermarking": { "enabled": true, "text": "Confidential – Falcon" },
"expiryDate": null,
"tags": ["sell-side", "industrial"],
"createdAt": "2026-01-10T14:02:19Z",
"updatedAt": "2026-01-21T09:33:05Z"
}
],
"page": 1,
"pageSize": 50,
"total": 1
}
Documents
GET /data-rooms/{roomId}/documents: List documents within a room, optionally scoped to a folder.
Query parameters
- folderId: string (optional)
- recursive: true | false (default false)
- updatedFrom, updatedTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
curl --request GET \
--url "https://api.supergood.ai/integrations/<integration_id>/data-rooms/rm_7f21a0/documents?folderId=fo_biz_fin&recursive=true&page=1&pageSize=100" \
--header 'Authorization: Bearer <authToken>'
Example response
{
"items": [
{
"documentId": "doc_91ee33",
"name": "2025_Audited_FS.pdf",
"folderPath": "/01 Financials/Annual Reports",
"version": 3,
"sizeBytes": 5231041,
"sha256": "b5d4045c...",
"mimeType": "application/pdf",
"watermarkApplied": true,
"permissions": { "view": true, "download": false, "print": false },
"uploadedBy": { "id": "u_frmx_8830d1", "name": "Controller" },
"uploadedAt": "2026-01-18T08:14:22Z",
"lastViewedAt": "2026-01-20T16:45:10Z"
}
],
"page": 1,
"pageSize": 100,
"total": 1
}
Permissions
PATCH /data-rooms/{roomId}/permissions: Update folder-level permission assignments for users or groups.
curl --request PATCH \
--url https://api.supergood.ai/integrations/<integration_id>/data-rooms/rm_7f21a0/permissions \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"mode": "upsert",
"assignments": [
{
"principalType": "group",
"principalId": "grp_buyers_team_a",
"folderId": "fo_biz_fin",
"rights": { "view": true, "download": false, "print": false, "watermark": true },
"inherit": true,
"expireAt": "2026-02-28T23:59:59Z"
},
{
"principalType": "user",
"principalId": "u_frmx_9922aa",
"folderId": "fo_hr",
"rights": { "view": true, "download": true, "print": false, "watermark": true },
"inherit": false
}
]
}'
Example response
{
"changedCount": 2,
"warnings": []
}
Q&A
POST /data-rooms/{roomId}/qna/questions: Create a buyer-side question with category and optional attachments.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/data-rooms/rm_7f21a0/qna/questions \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"subject": "Clarify revenue recognition policy",
"body": "Please confirm whether percentage-of-completion is applied to multi-year contracts and provide supporting schedule.",
"categoryId": "cat_fin_policies",
"directedToTeamId": "team_seller_finance",
"visibility": "buyer",
"priority": "high",
"dueDate": "2026-01-28",
"attachments": [
{ "fileName": "example_contract.pdf", "uploadToken": "upl_0f31c2" }
]
}'
Example response
{
"questionId": "q_5b1190",
"number": 182,
"status": "submitted",
"createdAt": "2026-01-21T12:11:43Z"
}
Technical Specifications
- Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
- Response format: JSON with consistent resource schemas and pagination across modules
- Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
- Session management: Automatic reauth and cookie/session rotation with health checks
- Data freshness: Near real-time retrieval of rooms, documents, Q&A, and audit objects
- Security: Encrypted transport, scoped tokens, and audit logging; respects Firmex role-based permissions and watermark controls
- Webhooks: Optional asynchronous delivery for long-running workflows (e.g., archive exports, Q&A status changes)
Performance Characteristics
- Latency: Sub-second responses for list/detail queries under normal load
- Throughput: Designed for high-volume document indexing and permission updates
- Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
- Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your rooms, modules, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened Firmex adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as Firmex evolves.
Frequently Asked Questions
Q: Which Firmex modules can this integration cover?
Supergood supports workflows across commonly used modules such as Data Rooms/Projects, Documents & Folders (with versions and checksums), Users/Groups & Permissions, Q&A, and Audit/Activity exports, subject to your licensing and entitlements. We scope coverage during integration assessment.
Q: How are MFA and SSO handled for automation?
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Q: Can you perform full room archive and audit exports?
Yes. We orchestrate structured exports with folder hierarchy, metadata, file hashes, and watermarked PDFs where required. Long-running jobs include resumable downloads, integrity checks, and optional delivery to your cloud storage or data warehouse.
Q: Do you support buyer/seller Q&A workflows?
Yes. We can create questions, track statuses and assignments, pull answer threads, and export Q&A logs. Visibility and category permissions are enforced according to your room configuration.
Related Integrations
Intralinks API - Programmatically access the Intralinks VDR with Supergood
Ready to automate your Firmex workflows?
Supergood can have your Firmex integration live in days with no ongoing engineering maintenance.
