Supergood | iManage API

Programmatically access iManage document repositories, matter workspaces, emails, governance policies, and audit logs with a stable REST API. Supergood builds and operates production-grade, unofficial iManage integrations so your team can automate compliance, risk, and audit workflows without heavy custom engineering.

Plain English: iManage is a cloud document and knowledge work platform used by law firms and professional services organizations to securely organize and govern documents, emails, and matter workspaces. An unofficial API lets you pull workspace lists, document metadata and versions, email filings, security and governance settings (retention, legal holds, ethical walls), and detailed audit events—and push updates such as new documents, classification labels, legal holds, or policy changes back into iManage.

For a tech company integrating with iManage—especially a GRC, regtech, or audit startup—this means you can ingest authoritative matter/document data to power compliance dashboards, automatically apply or lift legal holds, enforce retention and ethical walls from your policy engine, feed audit trails into a SIEM, or build workflows like evidence collection and regulator-ready data rooms. You can also synchronize users and entitlements, generate reports on access and disposition, trigger external secure shares, and maintain system-of-record alignment across your ERP, analytics, and case management tools.

What is iManage?

iManage (https://imanage.com/) is a cloud platform for knowledge workers that centralizes document and email management, governance, and security across law firms, corporate legal departments, and other professional services teams. Organizations use iManage to create and organize matter workspaces, store and version documents, file emails, enforce ethical walls and retention policies, apply legal holds, and audit access and changes—backed by robust security and Microsoft 365 integrations.

Core product areas include:

• Document & Email Management (Workspaces, Folders, Documents, Versions, Email Filing)
• Governance & Compliance (Retention Policies, Legal Holds, Disposition, Records Management)
• Security & Access Control (Ethical Walls, ACLs, Policy Automation, Threat Detection)
• Knowledge & Search (Search, Metadata, Classification, Knowledge Reuse)
• External Collaboration (Secure Sharing, Link Governance, Expirations)

Common data entities:

• Tenants, Users, Groups, Roles/Permissions
• Clients/Engagements and Matter Workspaces (metadata, status, owners)
• Folders and Documents (versions, size, file type, check-in/out state)
• Emails filed to matters (headers, attachments, classification)
• Governance Policies (retention schedules, holds, disposition rules)
• Security Controls (ethical walls, ACLs, access entitlements)
• Audit Events (view/download, edit, check-in/out, policy changes, share activity)

The iManage Integration Challenge

Compliance-focused teams rely on iManage as the system of record for sensitive work product, but turning portal-based operations into API-driven automation is non-trivial:

• Role-aware security: Ethical walls and fine-grained ACLs change per matter and user
• Governance rigor: Retention, legal holds, and disposition require careful policy mapping and auditability
• Complex artifacts: Documents, versions, and email filings carry layered metadata and security contexts
• Authentication complexity: SSO/MFA (often Azure AD) and session lifecycles complicate unattended flows
• Distributed context: Key compliance signals span workspaces, policies, audit logs, and external shares

How Supergood Creates iManage APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your iManage tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements, ethical walls, and role-based permissions to ensure compliant access

Use Cases

Compliance & Audit Data Sync

• Mirror workspaces, documents, and versions into your compliance data store
• Ingest audit logs to feed SIEM and risk analytics
• Normalize metadata (matter numbers, owners, classifications) for multi-tenant reporting

Legal Holds & Retention Automation

• Apply, update, and release legal holds programmatically
• Map retention schedules to matters and push disposition events into workflow tools
• Track hold scope, custodians, and timelines for regulator-ready evidence

Access Governance & Ethical Walls

• Detect and reconcile entitlement drift across users/groups
• Alert on policy changes (ACL updates, wall exceptions) and remediate
• Produce traceable reports of who accessed what, when, and under which policy

Secure Sharing & Evidence Preparation

• Generate expiring secure shares for regulators or auditors
• Attach supporting documents, enforce link governance, and log activity
• Automate evidence collection from documents, emails, and attachments

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_im_7b29c1",
    "name": "Compliance Officer",
    "entitlements": ["workspaces", "documents", "governance", "audit_logs"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Workspaces

GET /workspaces: List matter/engagement workspaces with filters and summary details.

Query parameters

• clientId: string
• matterNumber: string
• practiceGroup: string
• status: active | archived | closed
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "workspaceId": "ws_3f91a0",
      "name": "Client A – M&A 2026",
      "matterNumber": "CA-MA-2026-014",
      "client": { "id": "cl_00124", "name": "Client A Holdings" },
      "status": "active",
      "ownerUserId": "u_im_29d3fa",
      "practiceGroup": "Corporate/M&A",
      "ethicalWall": { "enabled": true, "policyId": "ew_8472" },
      "retentionPolicyId": "ret_12ab40",
      "createdAt": "2026-01-10T09:15:00Z",
      "updatedAt": "2026-01-21T13:45:00Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

Documents

GET /workspaces/{workspaceId}/documents: List documents and filed emails with versions, metadata, and security summaries.

Query parameters

• type: document | email
• class: string (e.g., "contract", "brief")
• authorUserId: string
• createdFrom, createdTo: ISO 8601 timestamps
• includeVersions: boolean
• page, pageSize: integers for pagination

curl --request GET \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_3f91a0/documents?type=document&includeVersions=true&page=1&pageSize=25 \
  --header 'Authorization: Bearer <authToken>'

Example response

{
  "items": [
    {
      "documentId": "doc_90e412",
      "title": "Share Purchase Agreement",
      "fileName": "SPA_v3.docx",
      "extension": "docx",
      "sizeBytes": 482193,
      "version": 3,
      "versions": [
        { "version": 1, "createdAt": "2026-01-12T10:03:11Z", "createdBy": "u_im_29d3fa" },
        { "version": 2, "createdAt": "2026-01-15T18:22:44Z", "createdBy": "u_im_11aa10" },
        { "version": 3, "createdAt": "2026-01-20T07:40:02Z", "createdBy": "u_im_29d3fa" }
      ],
      "classificationLabels": ["Confidential", "M&A"]
    ,  "folderPath": "/Transaction Documents/Agreements",
      "security": { "aclSummary": [ { "principal": "grp_Corp_MA", "role": "editor" } ], "ethicalWall": true },
      "retentionPolicyId": "ret_12ab40",
      "checkedOut": false,
      "downloadUrl": "https://signed.supergood.ai/dl/doc_90e412?v=3&exp=1705939200"
    }
  ],
  "page": 1,
  "pageSize": 25,
  "total": 1
}

Legal Holds

POST /legal-holds: Apply a legal hold to one or more documents or an entire workspace with justification and scope.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/legal-holds \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "holdName": "Regulator Inquiry – CA-2026",
    "reasonCode": "regulatory_investigation",
    "caseReferenceId": "REG-CA-2026-014",
    "scope": {
      "workspaceId": "ws_3f91a0",
      "documentIds": ["doc_90e412", "doc_77ab91"]
    },
    "startDate": "2026-01-21",
    "notes": "Hold applies to transaction documents and related email filings.",
    "notifyOwners": true
  }'

Example response

{
  "legalHoldId": "lh_51af80",
  "status": "active",
  "appliedCount": 2,
  "workspaceId": "ws_3f91a0",
  "createdAt": "2026-01-21T11:20:44Z"
}

Audit Events

GET /audit-events: Retrieve audit logs for document access, policy changes, shares, and administrative actions.

Query parameters

• userId: string
• workspaceId: string
• documentId: string
• eventType: view | download | edit | checkin | checkout | permission_change | retention_change | hold_applied | share_created
• from, to: ISO 8601 timestamps
• page, pageSize: integers for pagination

curl --request GET \
  --url "https://api.supergood.ai/integrations/<integration_id>/audit-events?workspaceId=ws_3f91a0&from=2026-01-20T00:00:00Z&to=2026-01-22T00:00:00Z&page=1&pageSize=100" \
  --header 'Authorization: Bearer <authToken>'

Example response

{
  "items": [
    {
      "eventId": "ae_771c2",
      "timestamp": "2026-01-21T11:22:01Z",
      "eventType": "hold_applied",
      "actorUserId": "u_im_29d3fa",
      "workspaceId": "ws_3f91a0",
      "documentId": "doc_90e412",
      "sourceIp": "203.0.113.12",
      "metadata": { "legalHoldId": "lh_51af80" }
    },
    {
      "eventId": "ae_771c3",
      "timestamp": "2026-01-21T12:02:18Z",
      "eventType": "download",
      "actorUserId": "u_im_11aa10",
      "workspaceId": "ws_3f91a0",
      "documentId": "doc_90e412",
      "sourceIp": "198.51.100.7",
      "metadata": { "version": 3 }
    }
  ],
  "page": 1,
  "pageSize": 100,
  "total": 2
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of workspaces, documents, governance policies, and audit logs
• Security: Encrypted transport, scoped tokens, and audit logging; respects iManage role-based permissions and ethical walls
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., legal hold propagation, external share activity)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume document metadata sync and audit-event ingestion
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened iManage adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as iManage evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which iManage modules can this integration cover?

Supergood supports workflows across commonly used modules such as Document & Email Management (Workspaces, Documents, Versions), Governance (Retention Policies, Legal Holds, Disposition), Security (Ethical Walls, ACLs), and External Sharing, subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled (e.g., Azure AD). Sessions are refreshed automatically with secure challenge handling.

Q: Can you export audit logs and policy changes to our SIEM or GRC platform?

Yes. We normalize audit events (access, downloads, edits, policy updates, hold actions) and deliver updates via webhooks or polling, with filtering by user, workspace, event type, and time windows to align with SIEM and GRC schemas.

Q: Are legal holds and retention schedules supported?

Yes. We can apply, modify, and release holds, and map retention schedules to matters or classifications. Hold scope, timelines, and disposition events are modeled explicitly in our normalized responses.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your iManage workflows?

Supergood can have your iManage integration live in days with no ongoing engineering maintenance.

Get Started →