Supergood | Karbon API

Programmatically access Karbon work items, client requests, emails, contacts, and templates with a stable REST API. Supergood builds and operates production-grade, unofficial Karbon integrations so your team can automate compliance and audit workflows without heavy custom engineering.

Plain English: Karbon is practice management and collaborative work software built for accounting firms and professional services teams. An unofficial API lets you programmatically pull clients and contacts, work items and tasks, client requests, emails, and templates—and push new engagements, tasks, approvals, and messages back into Karbon.

For a tech company integrating with Karbon—especially a GRC, regtech, or audit startup—this means you can ingest real-time engagement and client communication to power audit dashboards, automate evidence collection via client requests, sync tasks and approvals to your platform, and maintain a unified audit trail of emails, notes, and attachments. You can trigger client-facing requests, schedule recurring audit tasks, map findings to work statuses, enrich your platform with capacity and SLA signals, and keep downstream systems (ERP/accounting like QuickBooks or Xero, analytics, case management) aligned.

What is Karbon?

Karbon (https://karbonhq.com/) is a cloud platform for accounting practice management and collaborative work. It centralizes email, tasks, client communication, work templates, and planning so teams can run engagements end-to-end with transparency and accountability. Firms use Karbon to triage email, manage work items and checklists, send client requests and track responses, coordinate staff workloads, standardize processes with templates, and report on time and budgets.

Core product areas include:

• Work Management (Work Items, Tasks, Checklists, Statuses, Recurrence, Templates)
• Client Communication (Email Triage, Client Requests, Comments, Timeline/Activity Feed)
• People & Organizations (Contacts, Client Organizations, Roles/Permissions, Teams)
• Planning & Capacity (Work Planner, Assignments, Due Dates, SLA Monitoring)
• Time & Budgets (Time Entries, Budget Hours, Utilization—where enabled)
• Insights & Auditability (Notes, Approvals, Attachments, Audit Trail)

Common data entities:

• Users, Teams, Roles/Permissions
• Organizations/Clients (metadata, addresses, billing/contact info)
• Contacts (people at client organizations)
• Work Items (engagement metadata, client, owner, status, dates, tags)
• Tasks & Checklists (subtasks, assignees, due dates, completion state)
• Client Requests (request groups, items, due dates, attachments, status)
• Emails (threads, messages, participants, labels, associated work)
• Templates (work templates, task/checklist templates)
• Time Entries and Budgets (optional module, hours and allocations)

The Karbon Integration Challenge

Accounting and assurance teams rely on Karbon daily, but converting portal-first workflows into API-driven automation is nuanced:

• Email-first workflows: Messages, threads, and labels drive work context and ownership
• Role-aware access: Staff, managers, and client participants see different data and actions
• Evidence handling: Client requests bundle documents, comments, and due dates with strict audit expectations
• Template-driven processes: Recurring work and standardized checklists require careful mapping to your schemas
• Authentication complexity: SSO/MFA and session lifecycles complicate headless automation
• Data spread: Key objects span work items, tasks, client requests, emails, and templates with context in multiple views

How Supergood Creates Karbon APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Karbon tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements and role-based permissions to ensure compliant access

Use Cases

Evidence & Client Request Automation

• Create client request groups from your audit program and track responses
• Ingest attachments and comments as structured evidence with checksum validation
• Drive reminders and escalation based on due dates and SLA rules

Engagement & Task Orchestration

• Spin up work items from standardized templates for audits, reviews, or compliance checks
• Sync task assignments and due dates to your platform
• Maintain status transitions (planned, in progress, waiting on client, completed) in lockstep

Email + Audit Trail Sync

• Mirror relevant email threads and link them to engagements to preserve audit trail
• Extract approvals and decisions from email and timeline comments
• Attach artifacts and notes directly to work items

Capacity, SLA, and Risk Monitoring

• Surface workload and due-date risk for audit teams
• Trigger alerts for overdue client requests or blocked tasks
• Feed utilization/budget signals to your compliance analytics

Accounting & Back-Office Sync

• Link engagements to accounting systems (e.g., QuickBooks, Xero) via your platform
• Track time and budget consumption where enabled
• Normalize client/org records across systems and avoid duplication

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_kbn_72c901",
    "name": "Audit Manager",
    "entitlements": ["work", "tasks", "client_requests", "emails", "templates"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Work

GET /work: List work items (engagements) with filters and summary details.

Query parameters

• clientOrganizationId: string
• status: planned | in_progress | waiting_client | completed | on_hold
• ownerUserId: string
• updatedFrom, updatedTo: ISO 8601 timestamps
• dueFrom, dueTo: dates (YYYY-MM-DD)
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "workId": "wrk_9b41e2",
      "title": "2025 Statutory Audit - Acme Manufacturing",
      "workType": "audit",
      "status": "in_progress",
      "clientOrganizationId": "org_4a3d90",
      "clientName": "Acme Manufacturing, Inc.",
      "ownerUserId": "u_kbn_72c901",
      "teamId": "team_assurance",
      "startDate": "2025-12-01",
      "dueDate": "2026-03-31",
      "recurrence": "annual",
      "budgetHours": 420,
      "usedHours": 185,
      "tags": ["statutory", "priority"],
      "updatedAt": "2026-01-20T13:45:00Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

Client Requests

POST /work/{workId}/client-requests: Create a client request group with items, due date, and messaging.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/work/wrk_9b41e2/client-requests \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "subject": "Q1 Evidence Requests",
    "message": "Please provide the documents listed below by the due date.",
    "dueDate": "2026-02-10",
    "sendTo": ["[email protected]", "[email protected]"],
    "items": [
      {"code": "EV-AR-001", "description": "AR aging report as of Jan 31", "required": true, "attachmentRequired": true},
      {"code": "EV-BNK-002", "description": "Bank reconciliations for Jan", "required": true, "attachmentRequired": true},
      {"code": "EV-PROC-003", "description": "Updated revenue recognition policy", "required": false, "attachmentRequired": false}
    ],
    "reminders": {"enabled": true, "frequency": "weekly"},
    "referenceId": "audit-program-2025-Q1",
    "notifyClient": true
  }'

Example response

{
  "requestGroupId": "crg_21f8d0",
  "status": "sent",
  "itemCount": 3,
  "clientPortalUrl": "https://client.karbonhq.com/requests/crg_21f8d0",
  "createdAt": "2026-01-21T10:03:11Z"
}

Tasks

PATCH /work/{workId}/tasks/{taskId}: Update task assignments, dates, status, and checklist details.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/work/wrk_9b41e2/tasks/tsk_7c3d21 \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "title": "Test revenue cutoff",
    "dueDate": "2026-02-03",
    "assigneeUserId": "u_kbn_18a550",
    "status": "in_progress",
    "checklist": [
      {"itemId": "cli_001", "text": "Select sample of 30 invoices", "completed": true},
      {"itemId": "cli_002", "text": "Trace to shipping documents", "completed": false}
    ],
    "notes": "Waiting on client bank rec to complete step 2."
  }'

Example response

{
  "taskId": "tsk_7c3d21",
  "status": "in_progress",
  "dueDate": "2026-02-03",
  "assigneeUserId": "u_kbn_18a550",
  "updatedAt": "2026-01-22T08:15:12Z"
}

Emails

GET /emails: List email threads/messages with filters and linkages to work items.

Query parameters

• workId: string
• label: inbox | assigned | waiting_client | done | snoozed
• fromDate, toDate: ISO 8601 timestamps
• page, pageSize: integers

Example response

{
  "items": [
    {
      "threadId": "thr_5f10aa",
      "messageId": "msg_8bc201",
      "subject": "RE: Q1 Evidence Requests",
      "from": "[email protected]",
      "to": ["[email protected]"],
      "cc": ["[email protected]"],
      "receivedAt": "2026-01-21T11:20:44Z",
      "label": "assigned",
      "associatedWorkId": "wrk_9b41e2",
      "hasAttachments": true
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of work, tasks, client requests, emails, contacts, and templates
• Security: Encrypted transport, scoped tokens, and audit logging; respects Karbon role-based permissions
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., client request responses, work status changes)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume engagement data sync and client request processing
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened Karbon adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as Karbon evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which Karbon modules can this integration cover?

Supergood supports workflows across commonly used modules such as Work Management (Work Items, Tasks, Templates), Client Communication (Email, Client Requests), and People & Organizations (Clients, Contacts), subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you sync client requests and work statuses to our compliance platform or accounting system?

Yes. We can normalize client requests, work items, tasks, and time/budget signals to match your GRC or ERP/accounting schema (e.g., QuickBooks, Xero) and deliver updates via webhooks or polling while complying with rate and permission constraints.

Q: Are approvals and sign-offs supported for client requests and tasks?

Yes. We support downloading approval artifacts and uploading attachments via signed uploads, with checksum validation and time-limited URLs. Approval states and sign-off requirements are modeled explicitly in our normalized responses.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your Karbon workflows?

Supergood can have your Karbon integration live in days with no ongoing engineering maintenance.

Get Started →