HighQ

Supergood | HighQ API

Alex Klarfeld

Alex Klarfeld

6 min read

Programmatically access HighQ workspaces, documents, iSheets, tasks, and client collaboration workflows with a stable REST API. Supergood builds and operates production-grade, unofficial HighQ integrations so your team can automate legal and professional services workflows without heavy custom engineering.

Plain English: HighQ is secure collaboration and document management software used by law firms, corporate legal departments, and professional services teams. An unofficial API lets you programmatically pull workspace lists, files and versions, iSheet schemas and rows, tasks, users, and groups—and push new records, uploads, or updates back into HighQ.

For a tech company integrating with HighQ, this means you can ingest real-time matter/workspace and user data to power dashboards, bulk-export or archive files with versions and audit trails, sync iSheet data to BI/analytics, create tasks from external systems (e.g., ticketing, CRM), trigger approvals and automated workflows, and keep stakeholder systems (DMS/ECM, analytics, CRM, e-signature, scheduling) in lockstep.

What is HighQ?

HighQ (https://www.highq.com/) is a cloud-based collaboration and content platform from Thomson Reuters built for legal and professional services. It centralizes secure client portals and deal rooms, document sharing and versioning, structured data via iSheets, workflow automation, tasks and calendars, Q&A, and granular permissions—so firms can manage matters, transactions, and client collaboration in one place.

Core product areas include:

  • Workspaces & Collaboration (Workspaces, Folders, Files, Versions, Comments, Q&A)
  • Document Management (Metadata, Check-in/Check-out, Sharing, Watermarking, Audit)
  • Structured Data via iSheets (Tables, Columns, Validation, Row-Level Security)
  • Workflow & Automation (Approvals, Triggers, Notifications, Forms)
  • Tasks & Calendars (Assignments, Due Dates, Dependencies, Reminders)
  • Users, Groups & Permissions (Roles, External Guests, Ethical Walls)

Common data entities:

  • Organizations, Users, Groups, Roles/Permissions
  • Workspaces (matters, projects, data rooms; status, owners, clients)
  • Folders and Files/Documents (versions, metadata, tags, security)
  • iSheets (schemas/columns, rows, row history)
  • Tasks (assignments, status, due dates, dependencies)
  • Q&A (threads, participants, attachments)

The HighQ Integration Challenge

HighQ is central to legal operations, but turning portal-first workflows into API-driven automation can be challenging:

  • Layered permissions: Workspace, folder, document, iSheet, and sometimes row-level security vary by user and group
  • File rigor: Versioning, check-in/out, locks, watermarks, and audit logs require careful handling
  • Structured data complexity: iSheets have diverse column types, validation rules, and workflow triggers
  • Portal-first features: Q&A, approvals, and client-facing flows often lack simple bulk operations
  • Authentication complexity: SSO/MFA (e.g., SAML, Azure AD) complicates headless automation
  • Export/automation gaps: Teams report friction with bulk document exports, iSheet data sync, limited real-time events, and APIs that may require additional licensing

How Supergood Creates HighQ APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your HighQ tenant.

  • Handles username/password, SSO/OAuth/SAML, and MFA (SMS, email, TOTP) securely
  • Maintains session continuity with automated refresh and change detection
  • Normalizes responses so you can integrate once and rely on consistent objects across modules
  • Aligns with customer entitlements and role-based permissions to ensure compliant access
  • Preserves legal-specific context like file versions, audit metadata, and row-level visibility

Use Cases

Workspace & User Data Sync

  • Mirror workspaces, users, and groups into your internal systems
  • Keep workspace metadata current for analytics, dashboards, and reporting
  • Normalize roles and permissions to respect ethical walls and client confidentiality

Documents & Versioning

  • Bulk export files with version history for archive or matter mobility
  • Upload new versions with metadata, tags, and check-in/out semantics
  • Attach documents to tasks or iSheet rows, unify audit trails, and drive follow-ups

iSheets & Workflow Automation

  • CRUD iSheet rows and schemas to power structured data pipelines
  • Trigger approvals, notifications, and downstream actions from your product
  • Sync iSheet data to BI tools and ERPs; reconcile status and SLA metrics

Tasks & Approvals

  • Create and update tasks from external systems (ticketing, CRM, intake)
  • Track progress and due dates to drive reminders and escalations
  • Tie task completion to document versions, iSheet changes, or approvals

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth/SAML when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_hq_9f12c3",
    "name": "Associate Attorney",
    "entitlements": ["workspaces", "files", "isheets", "tasks"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Workspaces

GET /workspaces: List workspaces with filters and summary details.

Query parameters

  • status: active | archived | closed | draft
  • type: collaborate | dataroom | project
  • ownerId: string
  • clientName: string (full-text search)
  • updatedFrom, updatedTo: ISO 8601 timestamps
  • page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "workspaceId": "ws_71b9a2",
      "name": "Acme Corp – Series C Financing",
      "type": "dataroom",
      "status": "active",
      "client": { "name": "Acme Corp", "reference": "ACM-2026" },
      "ownerId": "u_hq_55aa01",
      "createdAt": "2026-01-05T14:22:11Z",
      "updatedAt": "2026-01-21T09:40:12Z",
      "fileCount": 482,
      "isheetCount": 3
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

iSheets

POST /workspaces/{workspaceId}/isheets/{sheetId}/rows: Create an iSheet row with typed values and optional attachments.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_71b9a2/isheets/sh_3fd910/rows \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "values": {
      "matter_number": "2026-001",
      "counterparty": "Globex LLC",
      "close_date": "2026-02-10",
      "deal_value": 12500000.00,
      "status": "in_review"
    },
    "attachments": [
      {"fileName": "term_sheet.pdf", "uploadToken": "upl_0a9b72"}
    ],
    "visibility": {
      "groups": ["grp_partners"],
      "external": false
    },
    "triggerWorkflow": true,
    "referenceId": "crm-deal-2981"
  }'

Example response

{
  "rowId": "row_90e4aa",
  "version": 1,
  "status": "created",
  "createdAt": "2026-01-21T10:03:11Z"
}

Files

POST /workspaces/{workspaceId}/files: Upload a document to a workspace folder using a presigned upload token.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_71b9a2/files \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "fileName": "nda_globex_v3.docx",
    "folderId": "fld_12c7ef",
    "uploadToken": "upl_8db2c1",
    "contentType": "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
    "versionNote": "Minor edits to clause 7",
    "tags": ["NDA", "Counterparty:Globex"],
    "permissions": {
      "inherit": true
    }
  }'

Example response

{
  "fileId": "fil_5fa8d0",
  "version": 3,
  "checksum": "sha256:1f2c...8b9",
  "createdAt": "2026-01-21T11:20:44Z"
}

Tasks

PATCH /workspaces/{workspaceId}/tasks/{taskId}: Update task details, assignments, and dates.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_71b9a2/tasks/tsk_7c3d21 \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "title": "Finalize disclosure schedule",
    "dueDate": "2026-02-03",
    "percentComplete": 60,
    "assignees": ["u_hq_9f12c3", "u_hq_4a2281"],
    "predecessors": [
      {"taskId": "tsk_3a10f0", "type": "FS", "lagDays": 0}
    ],
    "watchers": ["grp_partners"],
    "notes": "Awaiting counterparty feedback on Section 12."
  }'

Example response

{
  "taskId": "tsk_7c3d21",
  "status": "in_progress",
  "dueDate": "2026-02-03",
  "percentComplete": 60,
  "updatedAt": "2026-01-22T08:15:12Z"
}

Get full API Specs →

Technical Specifications

  • Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth/SAML where enabled; supports service accounts or customer-managed credentials
  • Response format: JSON with consistent resource schemas and pagination across modules
  • Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
  • Session management: Automatic reauth and cookie/session rotation with health checks
  • Data freshness: Near real-time retrieval of workspaces, files/versions, iSheets, tasks, and Q&A
  • Security: Encrypted transport, scoped tokens, and audit logging; respects HighQ role-based and row-level permissions
  • Webhooks: Optional asynchronous delivery for long-running workflows (e.g., approvals, large exports)

Performance Characteristics

  • Latency: Sub-second responses for list/detail queries under normal load
  • Throughput: Designed for high-volume document sync and iSheet row processing
  • Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
  • Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

  1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

  1. Supergood Builds and Validates Your API

We deliver a hardened HighQ adapter tailored to your workflows and entitlements.

  1. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as HighQ evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which HighQ modules can this integration cover?

Supergood supports workflows across commonly used modules such as Workspaces & Documents (Files, Versions, Folders), iSheets (Schemas, Rows), Tasks & Calendars, and Client Collaboration (Q&A, Approvals), subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth/SAML when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you bulk export documents and iSheet data?

Yes. We provide high-throughput exporters for files (with versions and audit metadata) and iSheet rows (with column typing and validation). Delivery can be via polling or webhooks, with checkpointing for resilience.

Q: Do you support task updates and approvals from external systems?

Yes. We can create/update tasks, drive status transitions, attach documents, and trigger approval workflows while respecting role-based permissions and audit requirements.

Ready to automate your HighQ workflows?

Supergood can have your HighQ integration live in days with no ongoing engineering maintenance.

Get Started →

Read more