Supergood | Oversight API
Programmatically access Oversight spend risk alerts, transactions, cases, and policy metadata with a stable REST API. Supergood builds and operates production-grade, unofficial Oversight integrations so your team can automate GRC, regtech, and audit workflows without heavy custom engineering.
Plain English: Oversight is AI-powered spend risk monitoring software used by enterprises to detect fraud, waste, and policy violations across Accounts Payable (AP), Travel & Expense (T&E), and Purchase Card (P-Card) programs. An unofficial API lets you pull alerts and exceptions, transaction details, employee/vendor context, risk scores, cases, and policy references—and push case updates, dispositions, notes, and remediation actions back into Oversight.
For a tech company integrating with Oversight, this means you can ingest near real-time exception data to power compliance dashboards, auto-triage alerts by severity, synchronize case states with your GRC or audit platform, trigger ERP holds or employee notifications based on policies, and enrich your product with transaction-level evidence and outcomes. You can also streamline recoveries, drive coaching campaigns, and keep stakeholder systems (ERP, T&E, analytics, case management) aligned.
What is Oversight?
Oversight (https://www.oversight.com/) is an enterprise platform for continuous spend risk monitoring and controls across AP, T&E, and P-Card programs. It centralizes data ingestion from systems like SAP, Oracle, Workday, PeopleSoft, and SAP Concur; applies analytics and rules to surface high-risk exceptions; and provides case management workflows to investigate, coach, recover funds, and improve policy adherence.
Core product areas include:
- Spend Risk Monitoring (AP Invoices, Expense Reports, Corporate Card Transactions)
- Exception Detection & Analytics (Rules, Models, Risk Scores, Severity)
- Case Management (Assignment, Notes, Dispositions, Recoveries, Coaching)
- Policy & Controls (Policy Catalog, Rule Packs, Thresholds, Redaction)
- Reporting & Insights (Dashboards, Trends, Root Cause Analysis)
- Integrations (ERP, T&E, HR, Vendor Master, Identity/SSO)
Common data entities:
- Organizations, Users, Roles/Permissions (Analyst, Auditor, Manager, Admin)
- Employees (Cardholders, Submitters, Approvers) and Vendors/Suppliers
- Transactions (AP Invoices, Expense Lines, P-Card Charges)
- Alerts/Exceptions (Type, Severity, Status, Rule/Policy References)
- Cases (Assignments, Notes, Evidence, Dispositions)
- Policies and Rules (Policy IDs, Thresholds, Categories)
- Risk Scores and Classifications (Model Outputs, Confidence)
- Attachments (Receipts, Invoices, Correspondence)
The Oversight Integration Challenge
GRC and audit teams depend on Oversight, but turning portal-based exception workflows into API-driven automation is non-trivial:
- Role-aware portals: Analysts, managers, and approvers see different data, actions, and redacted fields
- Sensitive data controls: PII/financial data requires careful scoping, masking, and audit logging
- Case lifecycle complexity: Alerts link to transactions, then to cases, recoveries, and coaching outcomes
- Policy evolution: Rules change frequently and vary by business unit, country, and spend category
- Authentication: SSO/MFA and session lifecycles complicate secure headless automation
- Data spread: Key context spans ERP/T&E sources, employee/vendor masters, and policy catalogs
How Supergood Creates Oversight APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Oversight tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements and role-based permissions to ensure compliant access
- Preserves redaction rules and audit trails while enabling automation at scale
Use Cases
GRC & Audit Data Lake Sync
- Mirror alerts, transactions, and case outcomes into your warehouse for trend analysis
- Keep policy references and severity classifications current for dashboards
- Normalize employee/vendor mappings to power cross-system analytics
Exception Triage Automation
- Auto-route alerts to teams by severity, spend type, or policy ID
- Trigger ERP holds for suspected duplicate invoices or split transactions
- Launch employee coaching workflows for repeated violations
Case Lifecycle Orchestration
- Create cases from clusters of related alerts
- Attach evidence and record dispositions (approved, rejected, recovered funds)
- Push status updates to GRC, ticketing, or HR systems for coordinated action
ERP/T&E System Sync
- Reconcile AP exceptions and push recovery amounts back to ERP
- Pull receipt images or invoices and unify with Oversight’s case history
- Keep SAP Concur, Coupa, and Workday aligned with Oversight alert resolution
Available Endpoints
Authentication
POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/sessions \
--header 'Authorization: Basic <Base64 encoded token>' \
--header 'Content-Type: application/json' \
--data '{
"username": "[email protected]",
"password": "<password>",
"mfa": { "type": "totp", "code": "123456" }
}'
Example response
{
"authToken": "eyJhbGciOi...",
"expiresIn": 3600,
"user": {
"id": "u_ovr_9af310",
"name": "Audit Analyst",
"entitlements": ["alerts", "transactions", "cases", "policies"]
}
}
Alerts
GET /alerts: List alerts/exceptions with filters and summary details.
Query parameters
- type: expense_violation | duplicate_invoice | split_transaction | merchant_mismatch | policy_breach
- source: ap | expense | pcard
- status: open | acknowledged | in_review | resolved
- severity: low | medium | high | critical
- employeeId: string
- vendorId: string
- createdFrom, createdTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"alertId": "alrt_2f91a0",
"type": "duplicate_invoice",
"source": "ap",
"severity": "high",
"status": "open",
"transactionId": "txn_ap_781201",
"employee": {"id": "emp_4472", "name": "K. Patel"},
"vendor": {"id": "ven_1208", "name": "Acme Supplies"},
"amount": 14875.32,
"currency": "USD",
"transactionDate": "2026-01-10",
"riskScore": 0.92,
"ruleId": "rule_dup_ap_01",
"ruleName": "Duplicate AP Invoice Check",
"policyId": "pol_ap_controls_v3",
"createdAt": "2026-01-20T13:45:00Z",
"updatedAt": "2026-01-20T13:45:00Z"
}
],
"page": 1,
"pageSize": 50,
"total": 1
}
Transactions
GET /transactions: Retrieve normalized transactions with exception context.
Query parameters
- source: ap | expense | pcard
- updatedFrom, updatedTo: ISO 8601 timestamps
- employeeId, vendorId: string
- includeExceptions: boolean (default true)
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"transactionId": "txn_exp_9c21e4",
"type": "expense",
"sourceSystem": "SAP Concur",
"documentNumber": "ER-2026-000184",
"employeeId": "emp_5521",
"vendorId": "ven_9021",
"amount": 248.75,
"currency": "USD",
"postDate": "2026-01-18",
"receiptStatus": "attached",
"exceptions": [
{
"alertId": "alrt_7b1120",
"type": "merchant_mismatch",
"severity": "medium",
"status": "in_review",
"riskScore": 0.67,
"ruleId": "rule_tne_mrch_02"
}
]
}
],
"page": 1,
"pageSize": 100,
"total": 1
}
Cases
POST /cases: Create a case from one or more alerts, assign ownership, and set initial actions.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/cases \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"title": "Potential Duplicate AP Payment - Acme",
"description": "Two invoices detected with same amount/vendor within lookback window.",
"alertIds": ["alrt_2f91a0", "alrt_2f91a1"],
"category": "ap",
"assignedToUserId": "u_ovr_mgr_318",
"priority": "high",
"dueDate": "2026-01-28",
"actions": { "holdPayment": true, "requestReceipt": false, "notifyEmployee": false },
"referenceId": "erp-hold-89312"
}'
Example response
{
"caseId": "case_81ff20",
"status": "open",
"alertCount": 2,
"createdAt": "2026-01-21T10:03:11Z"
}
PATCH /cases/{caseId}/disposition: Update case status, record an outcome, and attach evidence.
curl --request PATCH \
--url https://api.supergood.ai/integrations/<integration_id>/cases/case_81ff20/disposition \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"status": "resolved",
"outcome": "recovered_funds",
"recoveredAmount": 14875.32,
"resolutionNotes": "Duplicate identified; credit memo issued by vendor.",
"attachments": [
{"fileName": "credit_memo.pdf", "uploadToken": "upl_7fa223"}
]
}'
Example response
{
"caseId": "case_81ff20",
"status": "resolved",
"outcome": "recovered_funds",
"recoveredAmount": 14875.32,
"updatedAt": "2026-01-21T11:20:44Z"
}
Technical Specifications
- Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
- Response format: JSON with consistent resource schemas and pagination across modules
- Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
- Session management: Automatic reauth and cookie/session rotation with health checks
- Data freshness: Near real-time retrieval of alerts, transactions, cases, and policy references
- Security: Encrypted transport, scoped tokens, and audit logging; respects Oversight role-based permissions and redaction rules
- Webhooks: Optional asynchronous delivery for long-running workflows (e.g., case updates, policy changes)
Performance Characteristics
- Latency: Sub-second responses for list/detail queries under normal load
- Throughput: Designed for high-volume alert ingestion and case update processing
- Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
- Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened Oversight adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as Oversight evolves.
Frequently Asked Questions
Q: Which Oversight modules can this integration cover?
Supergood supports workflows across commonly used modules such as Spend Risk Monitoring (AP, T&E, P-Card), Case Management, and Policy/Rule references, subject to your licensing and entitlements. We scope coverage during integration assessment.
Q: How are MFA and SSO handled for automation?
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Q: Can you reconcile AP exceptions and push holds/recoveries to our ERP?
Yes. We can normalize exceptions and case outcomes to match your ERP schema (e.g., vendor, invoice, credit memo) and deliver updates via webhooks or polling while complying with rate and permission constraints. We commonly integrate with SAP, Oracle, Workday, and PeopleSoft.
Q: Do you support downloading receipts and attaching evidence to cases?
Yes. We support downloading approval artifacts and uploading attachments via signed uploads, with checksum validation and time-limited URLs. Evidence and disposition metadata are modeled explicitly in our normalized responses.
Related Integrations
Intralinks API - Programmatically access the Intralinks VDR with Supergood
Ready to automate your Oversight workflows?
Supergood can have your Oversight integration live in days with no ongoing engineering maintenance.
