Supergood | Suralink API
Programmatically access Suralink engagement data, PBC request lists, secure documents, and approvals with a stable REST API. Supergood builds and operates production-grade, unofficial Suralink integrations so your team can automate audit workflows, add AI to document handling, and synchronize firm and client systems without heavy custom engineering.
Plain English: Suralink is audit and engagement management software used by accounting firms to run Prepared By Client (PBC) request lists, securely exchange documents, track status and due dates, and guide clients through evidence collection. An unofficial API lets you pull engagements, request items, client contacts, and document metadata—and push updates such as request assignments, statuses, due dates, and file uploads back into Suralink.
For a tech company integrating with Suralink, this means you can ingest real-time engagement and request data to power dashboards, automate reminders, and stream documents to your audit workpaper systems. You can use AI to classify and validate uploaded files, auto-create requests from templates, route approvals, and synchronize status across ERP/GL (e.g., QuickBooks, NetSuite) and compliance tools. You can also trigger client-facing updates, invite contacts, attach workpapers, and keep other systems (DMS, analytics, CRM, scheduling) aligned.
What is Suralink?
Suralink (https://www.suralink.com/) is a cloud platform for accounting and advisory firms that centralizes engagement delivery, PBC request lists, secure file exchange, and workflow tracking between firm staff and client stakeholders. Audit, review, tax, and advisory teams use Suralink to organize requests, assign owners, manage due dates, version and review documents, and maintain an audit trail of activity and approvals—all within a secure client portal.
Core product areas include:
- Engagement Management (Engagements, Clients, Teams, Phases/Status, Due Dates)
- PBC Request Lists (Categories, Required vs Optional, Assignments, Dependencies)
- Secure File Exchange (Uploads, Version Control, Document Types, Retention)
- Collaboration (Comments, @Mentions, Notifications, Client Portal)
- Compliance & Audit Trail (Activity Logs, Approvals, Sign-Offs, Permissions)
- Templates & Automation (Reusable Request Sets, Standardized Categories)
Common data entities:
- Firms, Users, Roles/Permissions (Partner, Manager, Staff, Client Contact)
- Clients (organizations, contacts, addresses)
- Engagements (service type, fiscal year, status, deadlines, team, client)
- Requests (title, description, category, required flag, status, assignees, due date)
- Documents (files, versions, metadata, document type, checksum)
- Comments & Activity (messages, events, timestamps, actors)
- Templates (request sets, categories, default due dates)
The Suralink Integration Challenge
Audit teams rely on Suralink every day, but turning portal-first workflows into API-driven automation is non-trivial:
- Role-aware portals: Firm staff and client contacts see different request states, permissions, and visibility
- Compliance rigor: Evidence handling, approvals, versioning, and audit trails require careful modeling
- Sensitive data: Secure upload/download flows and retention policies complicate automation
- Authentication complexity: SSO/MFA and session lifecycles make headless processes brittle
- Dynamic lists: Request dependencies, category templates, and status transitions span multiple views
How Supergood Creates Suralink APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Suralink tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements and role-based permissions to ensure compliant access
Use Cases
Audit Engagement & Client Data Sync
- Mirror engagements, clients, and contacts into your internal systems
- Keep engagement metadata current for analytics and capacity planning
- Normalize service types, fiscal years, and statuses across multi-office operations
PBC Request Automation
- Generate request lists from your templates or AI suggestions
- Assign owners and due dates, trigger reminders, and track completion
- Drive SLA alerts and push updates back to Suralink for real-time status
Document AI & Evidence Validation
- Ingest uploaded files and classify with AI (e.g., bank statements, AR aging, leases)
- Extract key fields, validate against rules, and flag exceptions
- Attach annotated workpapers and route items for manager sign-off
Compliance: Approvals and Audit Trail
- Synchronize approvals and sign-offs into your QA/QC processes
- Stream activity logs to analytics and retention systems
- Export final binders or indexed evidence to DMS/workpaper tools
Available Endpoints
Authentication
POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/sessions \
--header 'Authorization: Basic <Base64 encoded token>' \
--header 'Content-Type: application/json' \
--data '{
"username": "[email protected]",
"password": "<password>",
"mfa": { "type": "totp", "code": "123456" }
}'
Example response
{
"authToken": "eyJhbGciOi...",
"expiresIn": 3600,
"user": {
"id": "u_slnk_84c210",
"name": "Audit Manager",
"entitlements": ["engagements", "requests", "documents", "activity"]
}
}
Engagements
GET /engagements: List engagements with filters and summary details.
Query parameters
- clientId: string
- serviceType: audit | review | compilation | tax | advisory
- fiscalYear: string (e.g., "2025")
- status: planning | fieldwork | in_review | completed | archived
- updatedFrom, updatedTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"engagementId": "eng_9d31a2",
"name": "ACME Corp FY2025 Audit",
"client": {
"clientId": "cl_58bf20",
"clientName": "ACME Corp"
},
"serviceType": "audit",
"fiscalYear": "2025",
"status": "fieldwork",
"team": [
{"userId": "u_102", "role": "manager"},
{"userId": "u_218", "role": "senior"}
],
"dueDate": "2026-02-28",
"requestCounts": {
"total": 162,
"open": 47,
"received": 98,
"in_review": 12,
"verified": 5
},
"updatedAt": "2026-01-20T13:45:00Z"
}
],
"page": 1,
"pageSize": 50,
"total": 1
}
Requests
GET /engagements/{engagementId}/requests: List PBC request items for an engagement with filters.
Query parameters
- status: open | waiting_client | received | in_review | verified | returned
- category: string
- required: true | false
- assignedToUserId: string
- dueFrom, dueTo: ISO 8601 dates
- updatedFrom, updatedTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"requestId": "req_71e4c9",
"title": "AR Aging as of 12/31/2025",
"description": "Provide detailed aging by customer with totals and reconciliation.",
"category": "Accounts Receivable",
"required": true,
"status": "waiting_client",
"dueDate": "2026-01-31",
"assignedToUserId": "u_218",
"assignedToClientContactId": "c_901",
"tags": ["financials", "year_end"],
"documentCount": 1,
"lastActivity": {
"type": "comment_added",
"at": "2026-01-19T17:03:11Z"
},
"createdAt": "2026-01-10T10:03:11Z",
"updatedAt": "2026-01-19T17:03:11Z"
}
],
"page": 1,
"pageSize": 50,
"total": 47
}
PATCH /requests/{requestId}: Update request status, due date, assignments, and notes.
curl --request PATCH \
--url https://api.supergood.ai/integrations/<integration_id>/requests/req_71e4c9 \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"status": "in_review",
"dueDate": "2026-02-02",
"assignedToUserId": "u_102",
"notes": "AI validated AR aging totals vs TB; flagged 2 discrepancies for review.",
"notifyClient": false
}'
Example response
{
"requestId": "req_71e4c9",
"status": "in_review",
"dueDate": "2026-02-02",
"assignedToUserId": "u_102",
"updatedAt": "2026-01-22T08:15:12Z"
}
Documents
POST /requests/{requestId}/documents: Upload evidence to a request with versioning and metadata.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/requests/req_71e4c9/documents \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"fileName": "AR_Aging_2025-12-31.xlsx",
"uploadToken": "upl_2ff0b8",
"documentType": "working_paper",
"sourceSystem": "client_portal",
"checksum": "f3b1d7...",
"notes": "Generated from ERP; includes reconciliation tab.",
"classifyWithAI": true
}'
Example response
{
"documentId": "doc_4ac2e1",
"version": 2,
"receivedAt": "2026-01-21T11:20:44Z",
"classification": {
"label": "AR Aging",
"confidence": 0.97,
"extracted": {
"reportDate": "2025-12-31",
"totalAR": 1289400.55
}
}
}
Technical Specifications
- Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
- Response format: JSON with consistent resource schemas and pagination across modules
- Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
- Session management: Automatic reauth and cookie/session rotation with health checks
- Data freshness: Near real-time retrieval of engagements, requests, documents, and activity logs
- Security: Encrypted transport, scoped tokens, and audit logging; respects Suralink role-based permissions and client visibility
- Webhooks: Optional asynchronous delivery for long-running workflows (e.g., client uploads, request status changes, approvals)
Performance Characteristics
- Latency: Sub-second responses for list/detail queries under normal load
- Throughput: Designed for high-volume PBC request processing and document ingestion
- Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
- Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened Suralink adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as Suralink evolves.
Frequently Asked Questions
Q: Which Suralink modules can this integration cover?
Supergood supports workflows across commonly used modules such as Engagement Management (Teams, Status, Due Dates), PBC Requests (Categories, Assignments), Secure Documents (Uploads, Versions), and Collaboration (Comments, Approvals), subject to your licensing and entitlements. We scope coverage during integration assessment.
Q: How are MFA and SSO handled for automation?
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Q: Can you sync evidence and requests to our accounting or workpaper system?
Yes. We can normalize request items and document metadata to match your workpaper or ERP/GL schema and deliver updates via webhooks or polling while complying with rate and permission constraints. We commonly integrate with systems like QuickBooks, NetSuite, and Caseware.
Q: Do you support AI classification and validation of uploaded documents?
Yes. We can apply AI to classify documents (e.g., AR aging, bank statements), extract key fields, run validation rules, and attach results back to the corresponding request with audit trail updates.
Related Integrations
Intralinks API - Programmatically access the Intralinks VDR with Supergood
Ready to automate your Suralink workflows?
Supergood can have your Suralink integration live in days with no ongoing engineering maintenance.
