API v1 Reference
Complete REST API reference for Trust Center Admin API v1 with interactive examples and comprehensive endpoint documentation
API v1 Reference
The Trust Center Admin API v1 provides complete programmatic access to manage customer accounts, documents, certifications, access requests, and white-label trust center configurations. Built with REST principles and designed for enterprise-scale integrations.
Quick Start
Authentication
The Admin Center API supports two authentication methods depending on your use case:
JWT Bearer Tokens (Interactive Use)
For user-facing applications and interactive sessions, obtain JWT tokens through login:
curl -X POST "https://app.orbiqhq.com/api/v1/login" \
-H "Content-Type: application/json" \
-d '{
"email": "admin@example.com",
"password": "your-password"
}'API Keys (Server-to-Server)
For production integrations, automated workflows, and long-running processes, create API keys:
curl -X POST "https://app.orbiqhq.com/api/v1/integrations/api-keys" \
-H "Authorization: Bearer $ADMIN_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Integration",
"description": "API key for automated compliance workflows",
"role": "account_manager",
"expires_in_days": 365
}'API Key Benefits:
- Long-lasting authentication (up to 365 days)
- Role-based permissions (admin, account_manager, viewer)
- Perfect for server-to-server integrations
- One-time key display for enhanced security
Both authentication methods use the same Authorization header format:
Authorization: Bearer sk_live_abcd1234567890Base URL
All API endpoints are relative to the admin center domain:
https://app.orbiqhq.com/api/v1/Your First Request
Test your authentication by listing customer accounts:
curl -H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
https://app.orbiqhq.com/api/v1/accountsCore Resources
Accounts Management
Manage customer organizations and their compliance journey:
GET /accounts- List all customer accountsPOST /accounts- Create new customer accountGET /accounts/{id}- Get account detailsPATCH /accounts/{id}- Update account informationDELETE /accounts/{id}- Delete accountGET /accounts/{id}/documents- Get account documentsPATCH /accounts/{id}/documents- Update document access
Document Management
Control compliance documents and access permissions:
GET /documents- List documentsPOST /documents- Create document metadataGET /documents/{id}- Get document detailsPATCH /documents/{id}- Update documentPUT /documents/{id}/file- Upload document fileGET /documents/templates- List document templates
User Management
Handle admin user invitations, roles, and preferences:
GET /users- List tenant usersPOST /users- Invite new userGET /users/{id}- Get user profilePATCH /users/{id}- Update user profileDELETE /users/{id}- Delete user
Certifications
Manage compliance certificates with validity tracking:
GET /certifications- List certificationsPOST /certifications- Create certificationGET /certifications/{id}- Get certification detailsPATCH /certifications/{id}- Update certificationPUT /certifications/{id}/{filetype}- Upload certificate files
Workflow Automation
Access Request Management
Handle trust center visitor requests and approval workflows:
GET /access-requests- List access requests with filteringPATCH /access-requests/{id}- Update request status (triggers emails)
Analytics Tracking
Monitor user interactions and system usage:
POST /analytics/track- Track custom events and user interactions
Knowledge Base Management
Manage Q&A content for customer self-service:
GET /knowledge-base- List Q&A itemsPOST /knowledge-base- Create Q&A item
Configuration & Branding
Brand Management
Configure white-label themes and trust center appearance:
GET /brand- Get current brand settingsPATCH /brand- Update brand configurationPUT /brand/logo- Upload custom logoDELETE /brand/logo- Remove custom logo
API Keys Management
Generate programmatic access credentials:
GET /integrations/api-keys- List API keysPOST /integrations/api-keys- Create new API key
Authentication Endpoints
POST /login- Authenticate user and get JWTPOST /logout- End session and invalidate tokenPOST /refresh- Refresh expired access tokenPOST /signup- Create new user accountGET /signup- Get signup form configuration
Response Format
All API responses follow a consistent structure:
Success Response (Single Resource)
{
"success": true,
"data": {
"account": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "Burger Queen",
"review_status": "completed"
}
}
}Collection Response
{
"accounts": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "Burger Queen",
"review_status": "completed"
}
]
}Error Response
{
"error": {
"type": "validation_error",
"message": "The email address provided is not valid",
"param": "email"
}
}HTTP Status Codes
| Code | Meaning | Description |
|---|---|---|
200 | OK | Request successful |
201 | Created | Resource created successfully |
204 | No Content | Successful deletion or update with no response body |
400 | Bad Request | Invalid request parameters |
401 | Unauthorized | Authentication required |
403 | Forbidden | Insufficient permissions |
404 | Not Found | Resource not found |
409 | Conflict | Resource conflict (e.g., duplicate email) |
422 | Unprocessable Entity | Valid syntax but semantic errors |
429 | Too Many Requests | Rate limit exceeded |
500 | Internal Server Error | Server error |
Pagination
List endpoints support cursor-based pagination:
# Get first page
curl -H "Authorization: Bearer $TOKEN" \
"https://app.orbiqhq.com/api/v1/accounts?limit=50"
# Get next page using cursor
curl -H "Authorization: Bearer $TOKEN" \
"https://app.orbiqhq.com/api/v1/accounts?limit=50&starting_after=acc_123"Query Parameters:
limit- Number of items to return (max 100, default 20)starting_after- Cursor for paginationending_before- Reverse pagination cursor
Rate Limiting
- Limit: 1000 requests per minute per authentication token
- Headers: Rate limit info included in response headers
- 429 Response: Includes
Retry-Afterheader with seconds to wait
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200Common Integration Patterns
Error Handling
async function createAccount(accountData) {
try {
const response = await fetch("https://app.orbiqhq.com/api/v1/accounts", {
method: "POST",
headers: {
Authorization: "Bearer " + accessToken,
"Content-Type": "application/json",
},
body: JSON.stringify(accountData),
});
if (!response.ok) {
const error = await response.json();
throw new Error(`API Error: ${error.error.message}`);
}
return await response.json();
} catch (error) {
console.error("Failed to create account:", error.message);
throw error;
}
}Document Upload Workflow
# 1. Create document metadata
RESPONSE=$(curl -X POST "https://app.orbiqhq.com/api/v1/documents" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "Privacy Policy",
"access_level": "public",
"featured": true
}')
DOCUMENT_ID=$(echo $RESPONSE | jq -r '.data.document.id')
# 2. Upload file
curl -X PUT "https://app.orbiqhq.com/api/v1/documents/$DOCUMENT_ID/file" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/pdf" \
--data-binary @privacy-policy.pdfAccess Request Approval Automation
import requests
def approve_pending_requests():
# Get all pending requests
response = requests.get(
"https://app.orbiqhq.com/api/v1/access-requests",
params={"review_status": "to_review"},
headers={"Authorization": f"Bearer {token}"}
)
pending_requests = response.json()["contacts"]
# Auto-approve requests from verified domains
for request in pending_requests:
if request["email"].endswith("@trustedcompany.com"):
requests.patch(
f"https://app.orbiqhq.com/api/v1/access-requests/{request['id']}",
json={"review_status": "approved"},
headers={"Authorization": f"Bearer {token}"}
)
print(f"Auto-approved: {request['email']}")White-Label Configuration
# Update trust center branding
curl -X PATCH "https://app.orbiqhq.com/api/v1/brand" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "Acme Trust Center",
"primary_color": "#0066cc",
"deployment_domains": "trust.acme.com",
"footer_text": "© 2025 Acme. All rights reserved."
}'
# Upload custom logo
curl -X PUT "https://app.orbiqhq.com/api/v1/brand/logo" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: multipart/form-data" \
-F "file=@/path/to/company-logo.png"Development Tools
Testing Your Integration
Use these endpoints to verify your setup:
# Health check
curl -H "Authorization: Bearer $TOKEN" \
https://app.orbiqhq.com/api/v1/accounts
# Test document upload
curl -X POST "https://app.orbiqhq.com/api/v1/documents" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"title": "Test Document", "access_level": "public"}'Webhook Integration
Set up webhooks to receive real-time notifications:
- Account status changes
- Document uploads and approvals
- Access request submissions
- Certification expiry alerts
Bulk Operations
For large-scale operations, use filtering and pagination:
# Process all accounts needing review
curl -H "Authorization: Bearer $TOKEN" \
"https://app.orbiqhq.com/api/v1/accounts?status=in_progress&limit=100"
# Bulk approve access requests
curl -H "Authorization: Bearer $TOKEN" \
"https://app.orbiqhq.com/api/v1/access-requests?review_status=to_review&account_id=acc_123"Next Steps
Authentication Deep Dive
Learn about JWT tokens, session management, and security best practices
Webhook Integration
Set up real-time notifications for account and document events
Integration Examples
Explore sample implementations and integration patterns
Postman Collection
Download our Postman collection for easy API testing
Ready to dive deeper? Browse the complete endpoint documentation above or start with account management to get familiar with the API patterns.
How is this guide?