Supergood | NetDocuments API

Programmatically access NetDocuments repositories, cabinets, workspaces (matters), documents, metadata profiles, permissions, and audit events with a stable REST API. Supergood builds and operates production-grade, unofficial NetDocuments integrations so your team can automate governance, risk, compliance, and audit workflows without heavy custom engineering.

Plain English: NetDocuments is cloud-based document and email management software widely used by law firms, corporate legal teams, and regulated enterprises to securely organize matter-centric workspaces, control permissions (ethical walls), manage metadata profiles, version documents, and retain audit trails. An unofficial API lets you programmatically pull lists of cabinets, workspaces, folders, and documents; read and update document profiles; upload new versions; manage sharing permissions; and stream audit events and retention data.

For a tech company integrating with NetDocuments—especially GRC, regtech, or audit platforms—this means you can ingest real-time matter/workspace and document data to drive compliance dashboards, reconcile permissions and ethical walls against policy, automate legal holds and retention schedules, collect defensible audit logs for investigations, and enrich your product with secure document search, metadata normalization, and automated filing. You can also push profile updates (e.g., classification, matter numbers), trigger access changes, publish standardized templates, and keep downstream systems (eDiscovery, DLP, analytics, archiving) in lockstep.

What is NetDocuments?

NetDocuments (https://www.netdocuments.com/) is a cloud document and email management platform built for secure, compliant collaboration. It centralizes repositories and cabinets, matter-centric workspaces, folder structures, document versioning, metadata profiling, and granular access controls across legal, compliance, and business users. Teams use NetDocuments to file emails (ndMail), work inside Office (ndOffice), collaborate with threads, apply retention policies, enforce ethical walls, and preserve detailed audit trails.

Core product areas include:

• Document & Email Management (Documents, Versions, Email Filing, Profiles, Search)
• Matter-Centric Workspaces (Workspaces/Matters, Folders, Templates)
• Security & Governance (Permissions, Ethical Walls, Retention Policies, Legal Holds)
• Collaboration (Links/Sharing, ndOffice add-ins, Threads)
• Compliance & Audit (Audit Logs, Policy Enforcement, Reporting)

Common data entities:

• Repositories and Cabinets
• Workspaces/Matters (client, matter numbers, practice area, status)
• Folders and Saved Searches
• Documents and Versions (titles, extensions, size, hash)
• Profiles/Metadata (doc type, author, classification, custom fields)
• Users and Groups (roles, entitlements)
• Permissions/Security (ethical walls, visibility, ACLs)
• Retention Policies and Legal Holds
• Audit Events (view, edit, download, share, permission change)

The NetDocuments Integration Challenge

NetDocuments is mission-critical, but turning portal-driven workflows into API-driven automation requires care:

• Complex security model: Cabinets, workspaces, ethical walls, users/groups, and link sharing each impact visibility
• Metadata depth: Profiles, custom fields, doc types, and templates vary by cabinet and matter
• Versioning rigor: Check-in/out flows, hashes, and immutable audit trails must be respected
• Front-end–first: Email filing (ndMail) and Office add-ins optimize for client UI flows
• Authentication complexity: SSO/MFA and session lifecycles complicate headless automation
• Compliance constraints: Retention policies, legal holds, and export controls demand precise handling

How Supergood Creates NetDocuments APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your NetDocuments tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes profiles/metadata so you can integrate once and rely on consistent objects across cabinets
• Aligns with ethical walls and role-based permissions to ensure compliant access
• Supports checksum validation and version-aware uploads for document integrity
• Streams audit logs with pagination and filters for investigations and reporting

Use Cases

Matter & User Data Sync

• Mirror cabinets, workspaces/matters, users, and groups into your internal systems
• Keep matter metadata current for compliance dashboards and SLA tracking
• Normalize client names, matter numbers, practice areas, and statuses across tenants

Document Lifecycle & Metadata Governance

• Upload documents and versions with profile templates and mandatory fields
• Standardize classifications and doc types to enforce retention and DLP policies
• Reconcile metadata across cabinets and push corrections at scale

Permissions & Ethical Walls Automation

• Audit and enforce group/user access changes across sensitive workspaces
• Implement automated ethical walls based on HR or case events
• Generate permission change alerts and evidence for auditors

Audit & Compliance Reporting

• Ingest granular audit events (view, download, edit, share, permission change)
• Correlate events to users, IPs, and matters for incident response
• Export defensible logs and retention state to your GRC platform

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_nd_17a5f1",
    "name": "Compliance Lead",
    "entitlements": ["cabinets", "workspaces", "documents", "audit_events"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Workspaces (Matters)

GET /workspaces: List workspaces/matters with filters and summary details.

Query parameters

• cabinetId: string
• matterNumber: string
• status: active | closed | archived
• practiceArea: string
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "workspaceId": "ws_8f21c0",
      "name": "Acme v. Northwind",
      "matterNumber": "MAT-2026-019",
      "client": { "name": "Acme Corp", "clientId": "cli_45d93a" },
      "cabinetId": "cab_legal_01",
      "status": "active",
      "practiceArea": "Litigation",
      "primaryAttorneyId": "u_nd_3a8b77",
      "retentionPolicyId": "ret_90d2a1",
      "openDate": "2026-01-08",
      "closeDate": null,
      "updatedAt": "2026-01-20T14:32:10Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

POST /workspaces: Create a new workspace/matter in a cabinet using an optional template.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "cabinetId": "cab_legal_01",
    "name": "Beta Bank Regulatory Review",
    "matterNumber": "REG-2026-004",
    "client": { "name": "Beta Bank", "clientId": "cli_709a11" },
    "practiceArea": "Regulatory",
    "primaryAttorneyId": "u_nd_3a8b77",
    "templateId": "tmpl_matter_reg_v2",
    "retentionPolicyId": "ret_2b71c9",
    "security": {
      "groupIds": ["grp_compliance", "grp_regulatory"],
      "userIds": ["u_nd_17a5f1"]
    }
  }'

Example response

{
  "workspaceId": "ws_2f9d10",
  "status": "active",
  "folderCount": 6,
  "createdAt": "2026-01-21T09:55:41Z"
}

Documents

GET /documents: Search/list documents with filters, metadata, and version information.

Query parameters

• workspaceId: string
• folderId: string
• authorId: string
• docType: string
• classification: public | internal | confidential | restricted
• updatedFrom, updatedTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "docId": "doc_71c2de",
      "title": "Regulatory Risk Assessment",
      "extension": "docx",
      "versionNumber": 3,
      "workspaceId": "ws_2f9d10",
      "cabinetId": "cab_legal_01",
      "folderPath": "/01 Planning/Assessments",
      "profile": {
        "docType": "Assessment",
        "authorId": "u_nd_17a5f1",
        "clientName": "Beta Bank",
        "matterNumber": "REG-2026-004",
        "practiceArea": "Regulatory",
        "tags": ["risk", "compliance"]
      },
      "securityLevel": "confidential",
      "retentionHold": false,
      "sizeBytes": 256003,
      "checksumSha256": "f3e8a56e...",
      "createdBy": "u_nd_17a5f1",
      "createdAt": "2026-01-12T11:24:00Z",
      "updatedAt": "2026-01-20T10:12:44Z"
    }
  ],
  "page": 1,
  "pageSize": 50,
  "total": 1
}

POST /workspaces/{workspaceId}/documents: Upload a document with profile metadata and security.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/workspaces/ws_2f9d10/documents \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "fileName": "Controls_Testing_Plan.pdf",
    "contentType": "application/pdf",
    "sizeBytes": 984213,
    "uploadToken": "upl_9b3a57",
    "folderPath": "/02 Fieldwork/Plans",
    "profile": {
      "docType": "Plan",
      "authorId": "u_nd_17a5f1",
      "clientName": "Beta Bank",
      "matterNumber": "REG-2026-004",
      "practiceArea": "Regulatory",
      "tags": ["controls", "audit"]
    },
    "classification": "confidential",
    "security": {
      "groupIds": ["grp_compliance"],
      "userIds": []
    }
  }'

Example response

{
  "docId": "doc_9af21e",
  "versionNumber": 1,
  "status": "uploaded",
  "createdAt": "2026-01-21T12:08:03Z"
}

Document Profile

PATCH /documents/{documentId}/profile: Update document profile fields, classification, and retention policy.

curl --request PATCH \
  --url https://api.supergood.ai/integrations/<integration_id>/documents/doc_71c2de/profile \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "profile": {
      "docType": "Assessment",
      "authorId": "u_nd_17a5f1",
      "practiceArea": "Regulatory",
      "tags": ["risk", "compliance", "updated"]
    },
    "classification": "restricted",
    "retentionPolicyId": "ret_2b71c9"
  }'

Example response

{
  "docId": "doc_71c2de",
  "versionNumber": 3,
  "classification": "restricted",
  "retentionPolicyId": "ret_2b71c9",
  "updatedAt": "2026-01-22T08:41:19Z"
}

Audit Events

GET /audit-events: Retrieve audit events (view, download, edit, share, permission_change) for compliance and investigations.

Query parameters

• eventTypes: array of strings
• objectType: document | workspace
• workspaceId: string
• documentId: string
• userId: string
• occurredFrom, occurredTo: ISO 8601 timestamps
• page, pageSize: integers for pagination

Example response

{
  "items": [
    {
      "eventId": "ae_1a7c3d",
      "eventType": "permission_change",
      "objectType": "workspace",
      "objectId": "ws_2f9d10",
      "user": { "userId": "u_nd_3a8b77", "email": "[email protected]" },
      "timestamp": "2026-01-21T15:02:31Z",
      "ipAddress": "203.0.113.51",
      "succeeded": true,
      "details": {
        "addedGroups": ["grp_regulatory"],
        "removedGroups": [],
        "reason": "matter team update"
      }
    },
    {
      "eventId": "ae_1a7c3e",
      "eventType": "download",
      "objectType": "document",
      "objectId": "doc_71c2de",
      "user": { "userId": "u_nd_17a5f1", "email": "[email protected]" },
      "timestamp": "2026-01-21T16:10:12Z",
      "ipAddress": "198.51.100.22",
      "succeeded": true,
      "details": {
        "versionNumber": 3,
        "checksumSha256": "f3e8a56e..."
      }
    }
  ],
  "page": 1,
  "pageSize": 100,
  "total": 2
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of cabinets, workspaces, documents, profiles, permissions, and audit events
• Security: Encrypted transport, scoped tokens, and audit logging; respects NetDocuments ethical walls and role-based permissions
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., large document searches, audit stream backfills)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume document sync and audit event ingestion
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened NetDocuments adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as NetDocuments evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which NetDocuments modules can this integration cover?

Supergood supports workflows across commonly used modules such as Workspaces/Matters, Documents & Versions, Profiles/Metadata, Permissions/Ethical Walls, Retention Policies/Legal Holds, and Audit Events, subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: Can you stream audit logs and retention data to our GRC/audit system?

Yes. We normalize audit events (view, download, edit, share, permission changes) and retention/hold states, deliver updates via webhooks or polling, and comply with rate and permission constraints.

Q: Do you support document uploads and profile/permission updates?

Yes. We support uploading documents and versions with checksum validation, updating profiles and classifications, and adjusting permissions consistent with ethical walls and cabinet policies.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your NetDocuments workflows?

Supergood can have your NetDocuments integration live in days with no ongoing engineering maintenance.

Get Started →