Supergood | M-Files API

Programmatically access documents, metadata, classes, workflows, views, permissions, and audit trails from M-Files with a stable REST API. Supergood builds and operates production-grade, unofficial M-Files integrations so your team can automate document-centric workflows without heavy custom engineering.

Plain English: M-Files is document and information management software used by law firms to organize matter files, contracts, pleadings, and research with metadata-driven classification, version control, granular permissions, and workflow automation. It helps firms work in a matter-centric way, keep records compliant, and find the right content fast across vaults and repositories.

For a tech company integrating with M-Files—especially a legaltech startup serving customers who primarily use iManage—an unofficial API lets you pull matter objects, document lists and versions, workflow states, and ACLs; and push new documents, metadata updates, approvals, and legal holds. You can build cross-DMS features like automated filing from your platform into a firm’s M-Files vaults, bi-directional matter metadata sync with iManage workspaces, AI-assisted document classification, unified search and compare, and retention controls that mirror legal holds across systems.

What is M-Files?

M-Files (https://www.m-files.com) is an intelligent, metadata-driven document management system (DMS) and content services platform. Rather than relying on folder paths, M-Files organizes information by what it is—matter, contract, client, or project—with properties that drive classification, permissions, workflows, search, and compliance.

Core product areas include:

• Metadata-Driven Document Management (classes, object types, properties)
• Workflow & Approvals (states, transitions, assignments, routing)
• Permissions & Compliance (ACLs, policies, audit trails)
• Integrations & Federated Search (Microsoft 365/SharePoint, network folders, Salesforce, iManage coexistence)
• Records Management & Retention (legal holds, disposition schedules)
• Versioning & Collaboration (check-out/check-in, version history)

Common data entities:

• Vaults (logical repositories with configurations and permissions)
• Object Types (Documents, Matters/Files, Clients, Projects, Contracts)
• Classes & Metadata Properties (e.g., Practice Area, Matter Number, Document Type, Author)
• Documents & Versions (content stream, version numbers, check-out state)
• Workflows & States (approval/routing, rules and transitions)
• Users/Groups & Permissions (ACLs, roles, access policies)
• Views & Search (saved filters and virtual views)
• Audit Events (who changed what, when; before/after values)
• External Repositories (network shares, SharePoint, email archives)

The M-Files Integration Challenge

Law firms depend on M-Files to keep work product organized and compliant, but turning portal-centric operations into API-driven automation can be challenging:

• Metadata-first modeling: Classes and properties differ across vaults and must be mapped to your platform’s schemas
• Multi-vault and entitlements: Each vault has unique configurations, permissions, and object types to respect
• Check-out/check-in semantics: Versioning, locks, and concurrent edits require careful orchestration
• Large file handling: PDFs and productions can be big and need resumable uploads and integrity checks
• Asynchronous indexing: OCR, property-based indexing, and view refreshes can take time and need polling or webhooks
• Authentication complexity: AD/SSO, MFA, and session lifecycles complicate headless automation
• Granular ACLs: Item-level permissions must be enforced when listing or modifying content
• iManage coexistence: Mapping iManage workspace/matter structures to M-Files object types requires consistent alignment

How Supergood Creates M-Files APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your M-Files tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes document, object, workflow, and ACL schemas so you can integrate once
• Respects vault-specific configurations and role-based permissions for compliant access
• Supports check-out/check-in and version creation with resumable uploads
• Scales high-volume operations (bulk document ingest, metadata updates) with polling or webhooks for long-running jobs

Use Cases

Matter-Centric Sync With iManage

• Map iManage workspace/matter fields to M-Files matter objects and properties
• Sync new/updated documents and versions bi-directionally, preserving authorship and timestamps
• Maintain consistent ACLs and ethical walls across both systems

Automated Filing & Metadata Enrichment

• Ingest documents from your platform and file them into the right matter/class
• Apply AI-assisted classification to populate properties like Document Type, Practice Area, and Parties
• Trigger routing and approvals via M-Files workflows

Workflow Orchestration for Legal Review & Signature

• Advance documents through review states (Draft → Partner Review → Client Approval)
• Assign reviewers, capture comments, and store e-signature artifacts as related objects
• Enforce check-in/check-out and versioning policies

Records Management & Legal Holds

• Apply legal holds to matters and related documents programmatically
• Set retention schedules and capture immutable audit events
• Synchronize hold statuses with iManage so both systems reflect current constraints

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_mf_6f21c9",
    "name": "DMS Admin",
    "entitlements": ["vaults", "documents", "objects", "workflows"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Documents

POST /documents: Upload and register a document into a vault with metadata, class, and optional matter link. Supports immediate check-in to create version 1.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/documents \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "vaultId": "vlt_eu_london",
    "class": "Contract",
    "title": "Engagement Letter - Smith Holdings",
    "metadata": {
      "MatterNumber": "M-2026-00419",
      "ClientName": "Smith Holdings PLC",
      "PracticeArea": "Corporate",
      "DocumentDate": "2026-02-18",
      "AuthorUserId": "u_mf_1a2b3c"
    },
    "fileUpload": { "uploadToken": "upl_7fa223", "contentType": "application/pdf" },
    "permissions": [
      { "principalType": "group", "principalId": "grp_corporate", "access": ["read", "write"] },
      { "principalType": "group", "principalId": "grp_litigation", "access": [] }
    ],
    "checkIn": true
  }'

Example response

{
  "documentId": "doc_91b7f3",
  "vaultId": "vlt_eu_london",
  "version": 1,
  "checkedOut": false,
  "createdAt": "2026-02-20T10:03:11Z"
}

GET /documents: List documents with filters for vault, class, matter, modified windows, and full-text search.

Query parameters

• vaultId: string
• class: e.g., Contract | Pleading | Research Memo
• matterNumber: string
• modifiedFrom, modifiedTo: ISO 8601 timestamps
• fullText: string
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "documentId": "doc_91b7f3",
      "vaultId": "vlt_eu_london",
      "title": "Engagement Letter - Smith Holdings",
      "class": "Contract",
      "matterNumber": "M-2026-00419",
      "version": 1,
      "workflowState": "Client Approval",
      "modifiedAt": "2026-02-20T10:03:11Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

PATCH /documents/{documentId}: Update metadata, permissions, and optionally create a new version via file upload.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/documents/doc_91b7f3 \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "metadata": {
      "Workflow": "Review",
      "ResponsiblePartner": "Jane Partner"
    },
    "newVersion": {
      "uploadToken": "upl_09aa51",
      "comment": "Redlines applied after client feedback"
    },
    "permissions": [
      { "principalType": "user", "principalId": "u_mf_9d8e7f", "access": ["read"] }
    ],
    "legalHold": true
  }'

Example response

{
  "documentId": "doc_91b7f3",
  "version": 2,
  "workflowState": "Review",
  "legalHold": true,
  "updatedAt": "2026-02-20T12:15:12Z",
  "updatedBy": { "userId": "u_mf_9d8e7f", "name": "Knowledge Manager" }
}

Matters (Object Type)

POST /matters: Create or update a matter object with key properties used for classification and search.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/matters \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "vaultId": "vlt_eu_london",
    "matterNumber": "M-2026-00419",
    "clientName": "Smith Holdings PLC",
    "description": "General corporate advisory",
    "status": "Open",
    "practiceGroup": "Corporate",
    "responsiblePartner": "Jane Partner",
    "openDate": "2026-02-01"
  }'

Example response

{
  "matterId": "mtr_00419",
  "vaultId": "vlt_eu_london",
  "createdAt": "2026-02-01T09:00:00Z"
}

GET /matters: List matters with filters for client, practice group, status, and updated windows.

Workflows

POST /workflows/transitions: Advance an object (document or matter) to a target workflow state with optional assignment and comment.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/workflows/transitions \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "vaultId": "vlt_eu_london",
    "objectType": "document",
    "objectId": "doc_91b7f3",
    "workflowId": "wfl_contract_review",
    "toStateId": "state_partner_review",
    "assignedTo": { "userId": "u_mf_5c71aa", "name": "Partner Reviewer" },
    "comment": "Ready for partner review"
  }'

Example response

{
  "objectId": "doc_91b7f3",
  "workflowId": "wfl_contract_review",
  "stateId": "state_partner_review",
  "assignedTo": { "userId": "u_mf_5c71aa", "name": "Partner Reviewer" },
  "transitionedAt": "2026-02-20T13:09:44Z"
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of documents, objects, workflows, and ACL updates
• Security: Encrypted transport, scoped tokens, and audit logging; respects M-Files vault-level and item-level permissions
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., indexing completion, workflow transitions)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load; indexing and workflow transitions reflect underlying platform behavior
• Throughput: Designed for high-volume document ingest and matter sync operations
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicates and support at-least-once processing
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your vaults, classes, workflows, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened M-Files adapter tailored to your schemas, ACLs, and workflows—including optional iManage coexistence mapping.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as M-Files evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Can you bridge M-Files with iManage workspaces and matters?

Yes. We map iManage matter/workspace attributes to M-Files matter objects and properties, synchronize documents and versions, and align ACLs and ethical walls. We scope field mappings and conflict resolution during integration assessment.

Q: How do you handle check-out/check-in and version history?

We expose explicit operations for check-out, check-in, and version creation. Our adapter enforces locks, captures version comments, and preserves authorship and timestamps while ensuring idempotency for repeated updates.

Q: Do you support large file uploads and OCR/indexing delays?

Yes. We use signed, resumable uploads with content hashing. For post-upload OCR and indexing, we provide polling endpoints and optional webhooks to notify when items become searchable.

Q: How are permissions enforced?

We respect vault-level and item-level ACLs. Listings and actions are scoped to the caller’s entitlements and M-Files permissions, with audit logging for every operation.

Q: Can we automate legal holds and retention?

Yes. We can programmatically apply legal holds to matters and documents, update retention properties, and emit immutable audit events. Holds can be synchronized with iManage to keep both systems in lockstep.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your M-Files workflows?

Supergood can have your M-Files integration live in days with no ongoing engineering maintenance.

Get Started →