Developers
Build on the Advottic API.
REST + webhooks for cases, contracts, and signing. SDKs for TypeScript, Capacitor, and OpenAPI. Currently invite-only; email partnerships@advottic.com to request access.
Endpoint overview
GET/api/v1/casesList cases the authenticated user has access to.POST/api/v1/casesCreate a new case from structured intake data.GET/api/v1/cases/:id/exhibitsList exhibits attached to a case.POST/api/v1/cases/:id/exhibitsUpload an exhibit (multipart) and run optional OCR.POST/api/v1/signCreate an e-signature request with one or more recipients.POST/api/v1/contracts/reviewSubmit a contract for AI review; returns a confidence rating + flagged clauses.GET/api/v1/firms/:id/usageBella token usage by attorney, by case, by day.POST/api/v1/webhooksRegister a webhook subscription for case + signing + billing events.
A complete OpenAPI 3.1 spec is shared with onboarded partners. Versioning policy: breaking changes are released as a new major (/api/v2/) with a 12-month deprecation window for the prior version.
Authentication
Every request carries a Bearer token tied to a firm and scoped to the actions you registered for. Sample request:
curl https://api.advottic.com/v1/cases \ -H "Authorization: Bearer adv_live_..." \ -H "Accept: application/json"
Tokens are revocable per-environment from the Counsel settings panel. We rate-limit at 60 requests / second per token with a 1,000-request burst.
Webhooks
Subscribe to events to get notified about state changes without polling. Payloads are signed with HMAC-SHA256 using your subscription secret; verify the Advottic-Signature header before processing.
- case.created, case.updated, case.closed
- signing.sent, signing.signed, signing.declined, signing.expired
- contract.review.completed
- billing.subscription.updated, billing.invoice.paid
- firm.tokens.threshold (when the firm pool hits a configured low-water mark)
Frequently asked
Is the Advottic API publicly available?
The API is in invite-only beta. We are onboarding partner integrations one cohort at a time so we can keep latency and reliability tight. Email partnerships@advottic.com with a one-paragraph description of your use case.How is auth handled?
API tokens are issued per-firm and scoped to specific actions (read:cases, write:exhibits, etc.). Tokens are passed via Bearer Authorization. OAuth 2.0 + PKCE is on the roadmap for partner apps that act on a per-user basis.What about webhooks?
Webhooks fire for case state changes, signing-request status, billing events, and firm-pool token thresholds. Payloads are signed with HMAC-SHA256 using a per-subscription secret; we retry with exponential backoff for up to 24 hours.Are there SDKs?
A TypeScript SDK is published on npm (@advottic/sdk), and a Capacitor SDK ships our iOS / Android shells. Python and Ruby SDKs are auto-generated from the OpenAPI spec on request.
Want API access?
Tell us what you’re building. We onboard partners weekly.
