Supergood | GoFileRoom API

Programmatically access GoFileRoom documents, FirmFlow routes, client index fields, and audit trails with a stable REST API. Supergood builds and operates production-grade, unofficial GoFileRoom integrations so your team can automate compliance, audit, and recordkeeping workflows without heavy custom engineering.

Plain English: GoFileRoom is Thomson Reuters’ cloud document management and workflow system for accounting, audit, and tax firms. An unofficial API lets you programmatically search and retrieve documents by index fields (client, entity, tax year, document type), upload new files with metadata, manage FirmFlow tasks, and pull complete audit trails—then push updates, annotations, and retention flags back into GoFileRoom.

For a tech company integrating with GoFileRoom—especially a GRC, regtech, or audit startup—this means you can pull engagement binders and evidence documents to power automated PBC lists, synchronize client and taxonomy metadata for analytics, post newly generated workpapers or signed letters into the right drawer and year, drive task routing and approvals from your product, and continuously monitor access and change history for compliance and SOC readiness.

What is GoFileRoom?

GoFileRoom (https://tax.thomsonreuters.com/us/en/cs-professional-suite/gofileroom) is a cloud-based document management and workflow platform within the Thomson Reuters CS Professional Suite, purpose-built for accounting, tax, and audit firms. It centralizes document capture, indexing, search, retention, and process routing (via FirmFlow) with granular permissions and audit logging.

Core product areas include:

• Document Management (drawers/cabinets, index fields, OCR, full-text search, versioning, check-in/out)
• FirmFlow Workflow (routes, tasks, approvals, due dates, assignments)
• Security & Governance (role-based access, audit trail, retention schedules, legal hold)
• Client Collaboration (portal publishing, request lists, e-signature integrations)
• Capture & Organization (scan/import, barcode/cover sheets, bulk filing, annotations)

Common data entities:

• Users, Groups, Roles/Permissions (staff, managers, administrators)
• Drawers/Cabinets and Index Fields (e.g., Client ID, Entity, Engagement, Tax Year, Document Type)
• Documents and Versions (PDF, XLSX, DOCX, images, workpapers)
• FirmFlow Workflows (routes, steps, tasks, assignments, statuses)
• Clients/Entities (IDs, names, contact metadata, portal access)
• Audit Logs (access, download, update, check-in/out, delete events)
• Retention Policies and Legal Holds

The GoFileRoom Integration Challenge

Accounting and audit teams live in GoFileRoom, but turning UI-first flows into reliable APIs is non-trivial:

• Index-driven taxonomy: Drawer-specific index fields and custom vocabularies complicate consistent queries
• Check-in/out and versioning: Safe updates require lock awareness and version control
• FirmFlow complexity: Multi-step routes, role-based tasks, and conditional approvals are modeled across screens
• Authentication and SSO: Thomson Reuters ID, MFA, and firm SSO add headless automation hurdles
• Large files and OCR: Scanned workpapers and image-heavy PDFs need robust upload and processing behavior
• Governance: Retention, legal hold, and portal-publishing states must be respected for compliant access
• Entitlements: User- and group-level permissions drive which drawers, clients, and documents are visible

How Supergood Creates GoFileRoom APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your GoFileRoom tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes drawer/index schemas so you can integrate once across clients and years
• Aligns with customer entitlements and role-based permissions to ensure compliant access
• Implements upload flows with checksums, large-file handling, and post-ingestion validation

Use Cases

Evidence Collection & PBC Automation

• Generate and sync PBC lists, pulling matching documents by client, engagement, and year
• Detect missing evidence and trigger requests or tasks automatically
• Attach collected artifacts back to the correct drawer and index set

Continuous Audit & Compliance Monitoring

• Stream audit trails for access and changes into your GRC platform
• Flag high-risk events (e.g., off-hours downloads of sensitive binders)
• Produce defensible logs for SOC, ISO 27001, and internal audit

Records Retention & Legal Hold

• Report on documents nearing retention thresholds by drawer and policy
• Apply legal hold flags and prevent deletes through controlled routes
• Enforce metadata completeness and binder integrity across clients

Client & Engagement Sync

• Mirror client/entity lists and drawer index taxonomies into your data warehouse
• Normalize engagement structures for cross-firm analytics and reporting
• Keep portal-publish status aligned with your client experience tools

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_gfr_71c22a",
    "name": "Lead Auditor",
    "entitlements": ["drawers", "documents", "firmflow", "audit_logs"]
  }
}

Documents: Search & List

GET /drawers/{drawer}/documents: List documents by drawer and index filters with pagination.

Query parameters

• clientId: string
• entity: string
• taxYear: integer
• documentType: string
• engagementId: string
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination
• q: full-text search string (optional)

Example response

{
  "items": [
    {
      "documentId": "doc_9f21b0",
      "title": "2024 Trial Balance",
      "drawer": "Audit",
      "index": {
        "clientId": "CL-20418",
        "entity": "ACME Holdings LLC",
        "engagementId": "ENG-2024-014",
        "taxYear": 2024,
        "documentType": "Workpaper"
      },
      "version": 3,
      "status": "checked_in",
      "hasPortalAccess": false,
      "fileSize": 589212,
      "checksum": "sha256:1f9a...",
      "retentionPolicy": "7_years",
      "securityGroup": "Assurance-East",
      "updatedAt": "2026-01-20T13:45:00Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

Documents: Upload & Index

POST /drawers/{drawer}/documents: Upload a document to a specific drawer with index metadata and optional portal publishing.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/drawers/Audit/documents \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "fileName": "ACME_2024_TB.pdf",
    "uploadToken": "upl_6c9f2b", 
    "index": {
      "clientId": "CL-20418",
      "entity": "ACME Holdings LLC",
      "engagementId": "ENG-2024-014",
      "taxYear": 2024,
      "documentType": "Workpaper"
    },
    "notes": "Auto-filed from audit platform; TB signed-off by senior.",
    "portal": { "publish": false },
    "sourceSystemRef": "audit-sys:tb-95730"
  }'

Example response

{
  "documentId": "doc_b87dd2",
  "version": 1,
  "status": "processing_ocr",
  "createdAt": "2026-01-21T10:03:11Z"
}

Audit Trail

GET /documents/{documentId}/audit-log: Retrieve the complete audit trail for a document, including access and change events.

curl --request GET \
  --url https://api.supergood.ai/integrations/<integration_id>/documents/doc_b87dd2/audit-log \
  --header 'Authorization: Bearer <authToken>'

Example response

{
  "documentId": "doc_b87dd2",
  "events": [
    {"timestamp": "2026-01-21T10:03:11Z", "actor": {"id": "u_gfr_71c22a", "name": "Lead Auditor"}, "action": "create", "version": 1, "ip": "203.0.113.18"},
    {"timestamp": "2026-01-21T10:08:27Z", "actor": {"id": "u_gfr_888201", "name": "Review Manager"}, "action": "view", "version": 1, "ip": "198.51.100.44"},
    {"timestamp": "2026-01-22T09:14:03Z", "actor": {"id": "u_gfr_888201", "name": "Review Manager"}, "action": "check_out", "version": 1, "ip": "198.51.100.44"},
    {"timestamp": "2026-01-22T10:02:15Z", "actor": {"id": "u_gfr_888201", "name": "Review Manager"}, "action": "check_in", "version": 2, "ip": "198.51.100.44", "notes": "Added sign-off"}
  ]
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across drawers and workflows
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of documents, index metadata, FirmFlow tasks, and audit logs
• Security: Encrypted transport, scoped tokens, and audit logging; respects GoFileRoom role-based permissions
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., OCR completion, route approvals)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume document sync and FirmFlow task processing
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened GoFileRoom adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as GoFileRoom evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which GoFileRoom modules can this integration cover?

Supergood supports workflows across Document Management (drawers, index fields, versions), FirmFlow (routes, tasks, approvals), Client/Entity metadata, and Audit Trails, subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind firm SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you upload large scanned documents and preserve OCR/searchability?

Yes. We support chunked uploads with checksum validation and confirm post-ingestion processing states (e.g., OCR complete). We also surface full-text search where available alongside index filters.

Q: Do you support portal publishing and e-signature artifacts?

Where portal-publish flags are exposed, we can reflect and set those states. We can also ingest e-signature artifacts and attachments from integrated tools (e.g., DocuSign), associating them with the correct document and index metadata when permitted.

Q: How do you enforce retention and legal hold requirements?

We respect GoFileRoom retention policies and legal hold flags by design—blocking destructive actions and surfacing policy metadata in responses. Administrative changes can be routed via FirmFlow where appropriate.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your GoFileRoom workflows?

Supergood can have your GoFileRoom integration live in days with no ongoing engineering maintenance.

Get Started →