Advottic
Sign in

Developers

Build on the Advottic API.

REST + webhooks for cases, contracts, and signing. SDKs for TypeScript, Capacitor, and OpenAPI. Currently invite-only; email partnerships@advottic.com to request access.

Endpoint overview

  • GET/api/v1/casesList cases the authenticated user has access to.
  • POST/api/v1/casesCreate a new case from structured intake data.
  • GET/api/v1/cases/:id/exhibitsList exhibits attached to a case.
  • POST/api/v1/cases/:id/exhibitsUpload an exhibit (multipart) and run optional OCR.
  • POST/api/v1/signCreate an e-signature request with one or more recipients.
  • POST/api/v1/contracts/reviewSubmit a contract for AI review; returns a confidence rating + flagged clauses.
  • GET/api/v1/firms/:id/usageBella token usage by attorney, by case, by day.
  • POST/api/v1/webhooksRegister a webhook subscription for case + signing + billing events.

A complete OpenAPI 3.1 spec is shared with onboarded partners. Versioning policy: breaking changes are released as a new major (/api/v2/) with a 12-month deprecation window for the prior version.

Authentication

Every request carries a Bearer token tied to a firm and scoped to the actions you registered for. Sample request:

curl https://api.advottic.com/v1/cases \
  -H "Authorization: Bearer adv_live_..." \
  -H "Accept: application/json"

Tokens are revocable per-environment from the Counsel settings panel. We rate-limit at 60 requests / second per token with a 1,000-request burst.

Webhooks

Subscribe to events to get notified about state changes without polling. Payloads are signed with HMAC-SHA256 using your subscription secret; verify the Advottic-Signature header before processing.

  • case.created, case.updated, case.closed
  • signing.sent, signing.signed, signing.declined, signing.expired
  • contract.review.completed
  • billing.subscription.updated, billing.invoice.paid
  • firm.tokens.threshold (when the firm pool hits a configured low-water mark)

Frequently asked

  • Is the Advottic API publicly available?
    The API is in invite-only beta. We are onboarding partner integrations one cohort at a time so we can keep latency and reliability tight. Email partnerships@advottic.com with a one-paragraph description of your use case.
  • How is auth handled?
    API tokens are issued per-firm and scoped to specific actions (read:cases, write:exhibits, etc.). Tokens are passed via Bearer Authorization. OAuth 2.0 + PKCE is on the roadmap for partner apps that act on a per-user basis.
  • What about webhooks?
    Webhooks fire for case state changes, signing-request status, billing events, and firm-pool token thresholds. Payloads are signed with HMAC-SHA256 using a per-subscription secret; we retry with exponential backoff for up to 24 hours.
  • Are there SDKs?
    A TypeScript SDK is published on npm (@advottic/sdk), and a Capacitor SDK ships our iOS / Android shells. Python and Ruby SDKs are auto-generated from the OpenAPI spec on request.

Want API access?

Tell us what you’re building. We onboard partners weekly.