Company logoTrust Center Documentation

Admin Center API

Complete REST API reference for building and managing powerful white-label trust centers

Trust Center Admin API

Build powerful white-label trust center with our comprehensive REST API. The Trust Center Admin API enables you to programmatically manage customer accounts, documents, certifications, access requests, and branded trust center configurations at enterprise scale.

What You Can Build

Automated Onboarding

Create customer accounts, invite contacts, and provision document access through automated workflows and integrations.

Document Workflows

Upload compliance documents, manage access levels, handle access requests, and automate approval processes.

Compliance Automation

Track certifications, manage NDA workflows, automate access approvals, and maintain compliance audit trails.

White-Label Trust Centers

Configure branded trust centers, manage deployment domains, and customize the complete customer experience.

Why Choose Our API

🚀 REST-First Design

Built following industry best practices from Stripe, GitHub, and Notion. Clean HTTP endpoints, predictable resource patterns, and comprehensive error handling designed for seamless integration.

🔒 Enterprise Security

JWT-based authentication, role-based access control, tenant isolation, and comprehensive audit logging. Designed for enterprise compliance requirements.

Production Ready

Rate limiting, automated notifications, and 99.5% uptime SLA. Scale from prototype to enterprise without architectural changes.

Getting Started

1. Authentication

The Admin Center API supports two authentication methods:

JWT Bearer Tokens (Interactive Use)

For user-facing applications and interactive sessions, authenticate with login credentials:

# Authenticate and get access token
curl -X POST "https://app.orbiqhq.com/api/v1/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "admin@yourcompany.com",
    "password": "your-secure-password"
  }'
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 3600
}

API Keys (Server-to-Server)

For production integrations and automated systems, create long-lasting API keys:

# Create a new API key (requires admin JWT token)
curl -X POST "https://app.orbiqhq.com/api/v1/integrations/api-keys" \
  -H "Authorization: Bearer $ADMIN_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Integration",
    "description": "API key for automated compliance workflows",
    "role": "account_manager",
    "expires_in_days": 365
  }'
{
  "success": true,
  "data": {
    "apiKey": {
      "id": "key-123",
      "name": "Production Integration",
      "key": "sk_live_abcd1234567890",
      "role": "account_manager"
    },
    "warning": "This is the only time the API key will be displayed. Store it securely."
  }
}

Use API keys for:

  • Production server-to-server integrations
  • Automated compliance workflows
  • Long-running background processes
  • CI/CD pipelines and deployment scripts

Both authentication methods use the same Authorization header:

Authorization: Bearer sk_live_abcd1234567890

2. Your First API Call

Test your setup by listing customer accounts in your tenant:

curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  https://app.orbiqhq.com/api/v1/accounts
const response = await fetch("https://app.orbiqhq.com/api/v1/accounts", {
  headers: {
    Authorization: "Bearer " + accessToken,
    "Content-Type": "application/json",
  },
});

const { accounts } = await response.json();
console.log(`Managing ${accounts.length} customer accounts`);

3. Explore the Documentation

API v1 Reference

Complete endpoint documentation with HTTP examples and schemas

Authentication Guide

Learn about JWT tokens, session management, and security best practices

API Capabilities Overview

Core Resource Management

  • Accounts - Manage customer organizations, contacts, and compliance workflows
  • Users - Handle user invitations, roles, and profile management
  • Documents - Upload, categorize, and control access to compliance documents
  • Certifications - Manage certificates with validity tracking and automated renewals
  • Frequently Asked Questions - Manage Q&A content for making your trust center more understandable
  • Knowledge Base - Manage Q&A content for customer self-service search

Workflow Automation

  • Access Requests - Handle trust center visitor requests and automated approvals
  • Notifications - Send/Receive template-based emails, webhooks or Slack/Teams messages for onboarding and approvals
  • Analytics Tracking - Monitor user interactions and system usage patterns
  • Brand Management - Configure white-label themes and deployment settings

Enterprise Administration

  • API Key Management - Generate and manage programmatic access credentials

Enterprise Features

White-Label Capabilities

  • Custom domain deployment (trust.yourcompany.com) - Available in non-free plans
  • Complete brand customization (logos, colors, fonts)
  • No trace of Orbiq in customer-facing interfaces
  • Multi-language support (EN/DE/FR)

Compliance & Security

  • SOC 2 Type II certified infrastructure
  • GDPR and data residency compliance
  • Comprehensive audit logs for all operations
  • Role-based access control with tenant isolation

Scale & Performance

  • European CDN for global file delivery
  • Auto-scaling infrastructure
  • Sub-200ms API response times (p95)
  • 99.9% uptime SLA with real-time status monitoring

Real-World Integration Examples

Automated Customer Onboarding

# 1. Create customer account with contacts
curl -X POST "https://app.orbiqhq.com/api/v1/accounts" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Burger King Europe",
    "description": "Fast food chain compliance management",
    "contacts": [
      {
        "email": "compliance@burgerking.eu",
        "first_name": "Jane",
        "last_name": "Smith",
        "title": "Compliance Manager"
      }
    ]
  }'

# 2. Share relevant compliance documents
curl -X PATCH "https://app.orbiqhq.com/api/v1/accounts/acc_123/documents" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "document_ids": ["doc_privacy_policy", "doc_security_audit"],
    "access_level": "restricted"
  }'

Access Request Approval Workflow

# 1. List pending access requests
curl -H "Authorization: Bearer $TOKEN" \
  "https://app.orbiqhq.com/api/v1/access-requests?review_status=to_review"

# 2. Approve access request (triggers automatic email)
curl -X PATCH "https://app.orbiqhq.com/api/v1/access-requests/req_123" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"review_status": "approved"}'

Brand Configuration for White-Label Trust Centers

# Configure trust center appearance
curl -X PATCH "https://app.orbiqhq.com/api/v1/brand" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Acme Trust Center",
    "primary_color": "#0066cc",
    "deployment_domains": "trust.acme.com,trust.acme.de",
    "footer_text": "© 2025 Acme. All rights reserved."
  }'

# Upload custom logo
curl -X PUT "https://app.orbiqhq.com/api/v1/brand/logo" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: multipart/form-data" \
  -F "file=@/path/to/company-logo.png"

Document Management Integration

# 1. Create document metadata
curl -X POST "https://app.orbiqhq.com/api/v1/documents" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "SOC 2 Type II Report",
    "description": "Annual security audit report",
    "access_level": "requires_nda",
    "category": "security-audits",
    "featured": true
  }'

# 2. Upload document file
curl -X PUT "https://app.orbiqhq.com/api/v1/documents/doc_123/file" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/pdf" \
  --data-binary @soc2-report.pdf

HTTP Status Codes & Error Handling

Standard Response Codes

CodeMeaningUsage
200OKSuccessful GET/PATCH operations
201CreatedSuccessful POST operations
204No ContentSuccessful DELETE operations
400Bad RequestInvalid request parameters or validation errors
401UnauthorizedMissing or invalid authentication token
403ForbiddenInsufficient permissions for the operation
404Not FoundRequested resource does not exist
409ConflictResource conflict (e.g., duplicate email)
429Too Many RequestsRate limit exceeded
500Internal Server ErrorUnexpected server error

Error Response Format

{
  "error": {
    "type": "validation_error",
    "message": "Invalid email address format",
    "param": "email"
  }
}

Rate Limits & Best Practices

  • Rate Limit: 1000 requests per minute per authentication token
  • Bulk Operations: Use bulk endpoints for managing multiple resources
  • Error Handling: Implement exponential backoff for rate limit and server errors

Integration Patterns

Webhook Notifications

Set up real-time notifications for account events, document uploads, and access request status changes.

Batch Processing

Use bulk endpoints for processing large datasets efficiently.

Multi-Tenant Architecture

Each API token is automatically scoped to your tenant - no need to specify tenant IDs in requests.

Ready to get started? Head to the API v1 Reference for detailed endpoint documentation and HTTP examples.

How is this guide?

API v1 Reference

Complete REST API reference for Trust Center Admin API v1 with interactive examples and comprehensive endpoint documentation