Supergood | RIA API
Programmatically access RIA compliance calendars, attestations, marketing reviews, and audit evidence with a stable REST API. Supergood builds and operates production-grade, unofficial RIA integrations so your team can automate regulatory workflows without heavy custom engineering.
Plain English: RIA is compliance software for registered investment adviser firms that centralizes regulatory calendars, Code of Ethics attestations, personal trading oversight, marketing material reviews, vendor diligence, and audit documentation. An unofficial API lets you pull firm, user, and employee rosters; open and completed compliance tasks; attestation templates and responses; marketing review submissions and decisions; and supporting evidence—and push new tasks, attestations, or submissions back into RIA.
For a GRC, regtech, or audit startup integrating with RIA, this means you can ingest real-time compliance task and status data to power dashboards, kick off attestations and reminders from your product, synchronize marketing reviews for the SEC Marketing Rule, and automatically collect and archive evidence for audits or exams. You can also enrich your platform with policy metadata, link findings and corrective actions to tasks, and keep stakeholder systems (GRC, analytics, HRIS, document management) aligned.
What is RIA?
RIA (https://checkpoint.riag.com/) is a cloud platform used by investment advisers to manage ongoing regulatory obligations under SEC and state rules. It provides a single pane of glass for compliance officers and advisory personnel to track tasks, complete periodic certifications, preclear personal trades, route marketing content for review and approval, maintain vendor due diligence, and prepare for internal audits and regulator exams—all with secure portals and role-based access.
Core product areas include:
- Compliance Management (Regulatory Calendar, Tasks, Assignments, Reminders)
- Code of Ethics & Attestations (Annual/Quarterly Certifications, Personal Trading Preclearance, Gifts/Entertainment)
- Marketing Review (Submissions, Risk Ratings, Approvals, Evidence for the Marketing Rule)
- Vendor & Third-Party Risk (Questionnaires, Due Diligence Artifacts, Renewals)
- Audits & Exams (Internal Audits, Findings, Corrective Actions, Evidence Repository)
- Documents & Policies (Versioned Policies, Acknowledgments, Read Receipts)
Common data entities:
- Firms, Offices, Supervisory Structures
- Users and Employees (Advisory Personnel, Supervisors, Compliance Officers)
- Roles/Permissions (Scopes by module and jurisdiction)
- Compliance Tasks (Category, Rule References, Due Dates, Assignments)
- Attestations (Templates, Questions, Responses, Signatures, Exceptions)
- Personal Trading Requests (Preclearance, Holdings/Transactions)
- Marketing Reviews (Submissions, Approvals, Conditions, Evidence)
- Vendors & Questionnaires (DDQ, Risk Scores, Renewal Dates)
- Audits/Exams (Findings, Recommendations, Corrective Actions)
- Documents & Evidence (Files, Checklists, Versioning, Hashes)
The RIA Integration Challenge
Compliance teams rely on RIA day-to-day, but turning portal-driven features into automation is non-trivial:
- Role-aware portals: Employees, supervisors, and compliance staff each see different tasks, statuses, and sensitive data
- Regulatory context: Tasks and reviews reference specific rules and require immutable evidence and audit trails
- Portal-first features: Attestations, preclearance, and marketing review flows are optimized for humans in the UI
- Authentication complexity: SSO/MFA and session lifecycles complicate headless, reliable access
- Distributed data: Task context, policy versions, and approval artifacts span multiple modules and views
How Supergood Creates RIA APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your RIA tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements and role-based permissions to ensure compliant access
Use Cases
Firm & Employee Data Sync
- Mirror firms, employees, and supervisory roles into your GRC or HRIS
- Keep rosters and entitlements current for analytics and audit readiness
- Normalize departments, locations, and manager relationships across tenants
Compliance Calendar & Task Automation
- Pull open tasks with rule references and due dates to support SLA tracking
- Create and assign tasks from your workflows, with reminders and escalations
- Drive analytics on categories (e.g., books/records, cybersecurity, marketing) and completion rates
Attestations & Policy Management
- Issue annual/quarterly Code of Ethics attestations from your product
- Capture e-signature, responses, and exceptions; route follow-ups as tasks
- Track policy acknowledgments and link evidence to audits
Marketing Review & Approvals
- Submit marketing materials (factsheets, social posts, web pages) for compliance review
- Attach artifacts, tag rule references, and receive approval/conditions back via webhooks
- Archive decisions and reviewer notes for Marketing Rule documentation
Available Endpoints
Authentication
POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/sessions \
--header 'Authorization: Basic <Base64 encoded token>' \
--header 'Content-Type: application/json' \
--data '{
"username": "[email protected]",
"password": "<password>",
"mfa": { "type": "totp", "code": "123456" }
}'
Example response
{
"authToken": "eyJhbGciOi...",
"expiresIn": 3600,
"user": {
"id": "u_ria_72f310",
"name": "Chief Compliance Officer",
"entitlements": ["tasks", "attestations", "marketing_reviews", "documents"]
}
}
POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.
Compliance Tasks
GET /firms/{firmId}/compliance-tasks: List compliance tasks with filters and summary details.
Query parameters
- status: open | in_progress | completed | past_due
- category: books_records | code_of_ethics | cybersecurity | marketing | vendors | audits
- assignedToUserId: string
- dueFrom, dueTo: ISO 8601 dates
- updatedFrom, updatedTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"taskId": "tsk_ria_9b21d0",
"title": "Quarterly email retention review",
"category": "books_records",
"ruleRefs": ["SEC 204-2"],
"assignedTo": {"userId": "u_ria_1082", "name": "Alex Morgan"},
"dueDate": "2026-02-15",
"priority": "high",
"status": "open",
"createdAt": "2026-01-10T14:05:00Z",
"updatedAt": "2026-01-20T09:31:12Z"
}
],
"page": 1,
"pageSize": 50,
"total": 1
}
Attestations
POST /firms/{firmId}/attestations: Create a Code of Ethics attestation for an employee with responses and signature.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/firms/fm_4c20/attestations \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"templateId": "tpl_coe_2026",
"employeeId": "emp_8342",
"period": { "start": "2026-01-01", "end": "2026-03-31" },
"responses": [
{"questionId": "q1", "response": true},
{"questionId": "q2", "response": false, "comment": "One outside account disclosed."}
],
"signature": {"name": "Alex Morgan", "signedAt": "2026-01-22T10:02:33Z", "ipAddress": "203.0.113.5"},
"attachments": [
{"fileName": "outside_accounts.pdf", "uploadToken": "upl_08ab73"}
],
"notifyEmployee": false
}'
Example response
{
"attestationId": "att_coe_91d412",
"status": "submitted",
"exceptions": [
{"questionId": "q2", "type": "outside_account", "severity": "medium"}
],
"dueDate": null,
"createdAt": "2026-01-22T10:02:34Z"
}
Marketing Reviews
POST /firms/{firmId}/marketing/reviews: Submit a marketing item for compliance review under the SEC Marketing Rule.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/firms/fm_4c20/marketing/reviews \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"title": "Q1 Factsheet - Growth Strategy",
"contentType": "factsheet",
"channels": ["website", "email"],
"riskRating": "moderate",
"references": ["Marketing Rule 206(4)-1"],
"attachments": [
{"fileName": "factsheet_q1.pdf", "uploadToken": "upl_7fa223"}
],
"links": [
{"url": "https://yourfirm.com/strategies/growth", "description": "Landing page"}
],
"reviewerGroupId": "grp_mkt_rev_01",
"notes": "Updated performance disclosures and risk language.",
"referenceId": "mkt-asset-4821"
}'
Example response
{
"reviewId": "rev_mkt_51af80",
"status": "submitted",
"slaDueDate": "2026-01-24T23:59:59Z",
"assignedReviewer": {"userId": "u_ria_2201", "name": "Jamie Patel"},
"createdAt": "2026-01-22T11:20:44Z"
}
Technical Specifications
- Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
- Response format: JSON with consistent resource schemas and pagination across modules
- Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
- Session management: Automatic reauth and cookie/session rotation with health checks
- Data freshness: Near real-time retrieval of tasks, attestations, marketing reviews, and documents
- Security: Encrypted transport, scoped tokens, and audit logging; respects RIA role-based permissions
- Webhooks: Optional asynchronous delivery for long-running workflows (e.g., attestations, review decisions)
Performance Characteristics
- Latency: Sub-second responses for list/detail queries under normal load
- Throughput: Designed for high-volume task sync and attestation/review processing
- Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
- Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened RIA adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as RIA evolves.
Frequently Asked Questions
Q: Which RIA modules can this integration cover?
Supergood supports workflows across commonly used modules such as Compliance Management (Regulatory Calendar, Tasks), Attestations & Code of Ethics (Annual/Quarterly Certifications, Personal Trading Preclearance), and Marketing Review (Submissions, Approvals, Evidence), subject to your licensing and entitlements. We scope coverage during integration assessment.
Q: How are MFA and SSO handled for automation?
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Q: Can you sync attestations and tasks to our GRC platform?
Yes. We can normalize attestations, exceptions, and task objects to match your GRC schema and deliver updates via webhooks or polling while complying with rate and permission constraints. We commonly integrate with systems like ServiceNow, Workiva, and AuditBoard.
Q: Do you support evidence and approval artifacts for audits?
Yes. We support downloading approval artifacts and uploading attachments via signed uploads, with checksum validation and time-limited URLs. Approval states and signatures are modeled explicitly in our normalized responses.
Related Integrations
Intralinks API - Programmatically access the Intralinks VDR with Supergood
Ready to automate your RIA workflows?
Supergood can have your RIA integration live in days with no ongoing engineering maintenance.
