Developer Platform

Subsumio Public API for Integrations

Integrate Subsumio into legal software, client portals, and workflow automation with a token-based, versioned, production-ready API surface.

Open API endpointOpen SwaggerOpen GraphQL

Stable API foundation

api.subsum.io as canonical endpoint with versioned public routes under /api/public/v1.

Secure authentication

Bearer access tokens with workspace and document permissions based on the existing role model.

Ready-to-use endpoints

List workspaces, read workspace metadata, fetch document lists, and consume document metadata for downstream automation.

Production endpoint

https://api.subsum.io

Current Public API scope (v1)

  • GET /api/public/v1/health
  • GET /api/public/v1/meta
  • GET /api/public/v1/workspaces
  • GET /api/public/v1/workspaces/:workspaceId
  • GET /api/public/v1/workspaces/:workspaceId/stats
  • GET /api/public/v1/workspaces/:workspaceId/documents
  • GET /api/public/v1/workspaces/:workspaceId/documents/:docId
  • GET /api/public/v1/workspaces/:workspaceId/documents/:docId/content
  • POST /api/public/v1/workspaces/:workspaceId/documents
  • PATCH /api/public/v1/workspaces/:workspaceId/documents/:docId
  • DELETE /api/public/v1/workspaces/:workspaceId/documents/:docId
  • GET /api/public/v1/workspaces/:workspaceId/webhooks
  • GET /api/public/v1/workspaces/:workspaceId/webhooks/:webhookId
  • POST /api/public/v1/workspaces/:workspaceId/webhooks
  • PATCH /api/public/v1/workspaces/:workspaceId/webhooks/:webhookId
  • DELETE /api/public/v1/workspaces/:workspaceId/webhooks/:webhookId
  • GET /api/public/v1/workspaces/:workspaceId/search?query=...
  • GET /api/public/v1/workspaces/:workspaceId/blobs/:blobKey
Contact Integration Team

Integrator quickstart

Go from token to production-grade data retrieval in three steps.

  1. 1) Create a user access token in account/workspace context.
  2. 2) Fetch API discovery metadata via /meta and inspect resources.
  3. 3) Consume workspaces and document metadata with pagination.

Discovery (no token required)

curl -s https://api.subsum.io/api/public/v1/meta

List workspaces (Bearer token)

curl -s -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces?page=1&pageSize=25"

Export document content as markdown

curl -s -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/documents/<DOC_ID>/content"

Search workspace documents

curl -s -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/search?query=deadline&limit=20"

Resolve blob download URL for attachments

curl -s -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/blobs/<BLOB_KEY>"

Create document from markdown

curl -s -X POST -H "Authorization: Bearer <ACCESS_TOKEN>" -H "Content-Type: application/json" -d "{"title":"New file","content":"# New file\nDraft text"}" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/documents"

Update document title/content

curl -s -X PATCH -H "Authorization: Bearer <ACCESS_TOKEN>" -H "Content-Type: application/json" -d "{"title":"New file v2","content":"# New file v2\nUpdated text"}" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/documents/<DOC_ID>"

Delete document

curl -s -X DELETE -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/documents/<DOC_ID>"

List webhook subscriptions

curl -s -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/webhooks"

Create webhook subscription (idempotent)

curl -s -X POST -H "Authorization: Bearer <ACCESS_TOKEN>" -H "Idempotency-Key: webhook-create-001" -H "Content-Type: application/json" -d "{"url":"https://example.com/subsumio/webhook","events":["document.created","document.updated"]}" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/webhooks"

List webhook delivery logs

curl -s -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/webhook-deliveries?status=failed&page=1&pageSize=25"

Get single delivery with attempts

curl -s -H "Authorization: Bearer <ACCESS_TOKEN>" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/webhook-deliveries/<DELIVERY_ID>"

Replay failed delivery

curl -s -X POST -H "Authorization: Bearer <ACCESS_TOKEN>" -H "Idempotency-Key: replay-delivery-001" "https://api.subsum.io/api/public/v1/workspaces/<WORKSPACE_ID>/webhook-deliveries/<DELIVERY_ID>/replay"

Send Idempotency-Key on mutating endpoints (POST/PATCH/DELETE) to deduplicate safe retries.

Webhook events are signed via X-Subsumio-Signature (format: v1=<hmac_sha256>). Verify using HMAC(secret, "<timestamp>.<raw_body>") with X-Subsumio-Event-Timestamp.

Delivery behavior: up to 4 attempts with backoff (0s, 1.5s, 5s), 10s timeout per attempt. Status: pending → running → succeeded/failed. Delivery logs persisted in Postgres, accessible via /webhook-deliveries.

Errors and integration guidance

  • 401/403: token missing, invalid, or lacks workspace/document permissions.
  • 404: workspace or document was not found (or not accessible).
  • 429: throttling active – implement retries with backoff.