Integrate Docompli with your product in one implementation pass.

Quickstart

Follow this sequence to go from empty workspace to a live integration endpoint.

1. 1

   Create a workspace

   Start with Free (or Starter/Growth/Scale checkout) and sign in to the admin dashboard for your company.

2. 2

   Create an API key in Admin

   Open Admin > API Keys, create a labeled key, then store the one-time secret in your application secret manager.

3. 3

   Create a T&C document container

   Inside admin, create your first document slug (for example `marketplace`) that will own immutable versions.

4. 4

   Upload and publish a DOCX

   Upload creates a new draft version. Publish now or schedule an effective timestamp.

5. 5

   Read latest content from your application

   Call the latest endpoint with your company ref and document slug to render up-to-date Terms.

6. 6

   Subscribe to publish webhooks

   Add a webhook endpoint so downstream systems can react immediately to published or rollback changes.

curl -X GET \
  "https://your-platform-domain.com/api/v1/companies/acme/tnc/latest?documentSlug=marketplace" \
  -H "Authorization: Bearer <api-key>" \
  -H "Accept: application/json"

Authentication and tenant scope

All customer API requests require a company API key. The platform enforces company boundaries so one tenant cannot access another. Generate keys in Admin > API Keys and store the one-time secret immediately.

Authorization: Bearer <api-key>

Use {companyRef} as company slug or company ID. If your tenant has multiple T&C documents, pass documentSlug on latest and versions list routes.

API reference

Keep your rendering and audit paths explicit by pairing latest reads with immutable version lookup.

const response = await fetch(
  "https://your-platform-domain.com/api/v1/companies/acme/tnc/latest?documentSlug=marketplace",
  {
    headers: {
      authorization: "Bearer " + process.env.DOCOMPLI_API_KEY,
      accept: "application/json",
    },
  },
);

if (!response.ok) {
  throw new Error("Latest terms request failed: " + response.status);
}

const latestTerms = await response.json();
// latestTerms.html can be rendered in your legal page shell
// latestTerms.versionId can be logged for traceability

Webhooks

Subscribe to publish events (`tnc.version.published`) and verify signatures before triggering downstream changes.

x-tnc-event: tnc.version.published
x-tnc-timestamp: <unix-seconds>
x-tnc-signature: v1=<hmac-sha256-hex>

import { createHmac, timingSafeEqual } from "node:crypto";

function verifyWebhookSignature({
  rawBody,
  timestampHeader,
  signatureHeader,
  secret,
}: {
  rawBody: string;
  timestampHeader: string;
  signatureHeader: string;
  secret: string;
}) {
  const signedPayload = `${timestampHeader}.${rawBody}`;
  const expectedSignature =
    "v1=" + createHmac("sha256", secret).update(signedPayload).digest("hex");

  return timingSafeEqual(
    Buffer.from(expectedSignature),
    Buffer.from(signatureHeader),
  );
}

Build the signed payload as `timestamp.rawBody` and compare the expected signature with the `x-tnc-signature` header using constant-time comparison.

Operations and go-live checklist

Use this checklist before routing customer-facing Terms reads through Docompli in production.

• •Store your API key and webhook secret in your app secret manager.
• •Always pass a document slug when multiple T&C documents exist.
• •Verify webhook signatures before processing publish events.
• •Handle 429 retry behavior and honor retry headers in client integrations.
• •Log version IDs from API and webhook payloads for audit traceability.