Complete REST API reference for Trust Center Admin API v1 with interactive examples and comprehensive endpoint documentation

API v1 Reference

The Trust Center Admin API v1 provides complete programmatic access to manage customer accounts, documents, certifications, access requests, and white-label trust center configurations. Built with REST principles and designed for enterprise-scale integrations.

Quick Start

Authentication

The Admin Center API uses API keys for programmatic access. Browser login is available only through the Admin Center UI and does not issue API bearer tokens.

Create an API key from Admin Center → Integrations → API Keys, store it securely, and pass it as a bearer API key:

API Key Benefits:

Long-lasting authentication (up to 365 days)
Role-based permissions (admin, account_manager, content_manager, viewer)
Perfect for server-to-server integrations
One-time key display for enhanced security

Authorization header format:

Authorization: Bearer $TRUST_CENTER_API_KEY

Base URL

All API endpoints are relative to the admin center domain:

https://app.orbiqhq.com/api/v1/

Your First Request

Test your authentication by listing customer accounts:

curl -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  -H "Content-Type: application/json" \
  https://app.orbiqhq.com/api/v1/accounts

Core Resources

Accounts Management

Manage customer organizations and their compliance journey:

GET /accounts - List all customer accounts
POST /accounts - Create new customer account
GET /accounts/{id} - Get account details
PATCH /accounts/{id} - Update account information
DELETE /accounts/{id} - Delete account
GET /accounts/{id}/documents - Get account documents
PATCH /accounts/{id}/documents - Update document access

Document Management

Control compliance documents and access permissions:

GET /documents - List documents
POST /documents - Create document metadata
GET /documents/{id} - Get document details
PATCH /documents/{id} - Update document
PUT /documents/{id}/file - Upload document file
GET /documents/templates - List document templates

User Management

Handle admin user invitations, roles, and preferences:

GET /users - List tenant users
POST /users - Invite new user
GET /users/{id} - Get user profile
PATCH /users/{id} - Update user profile
DELETE /users/{id} - Delete user
POST /users/{id}/invite - Re-send invitation email for an existing user

Certifications

Manage compliance certificates with validity tracking:

GET /certifications - List certifications
POST /certifications - Create certification
GET /certifications/{id} - Get certification details
PATCH /certifications/{id} - Update certification
DELETE /certifications/{id} - Delete certification
PUT /certifications/{id}/{filetype} - Upload certificate files
GET /certifications/templates - List certification templates

Workflow Automation

Access Request Management

Handle trust center visitor requests and approval workflows:

GET /access-requests - List access requests with filtering
PATCH /access-requests/{id} - Update request status (triggers emails)

Knowledge Base Management

Manage Q&A content for customer self-service:

GET /knowledge-base - List Q&A items
POST /knowledge-base - Create Q&A item
GET /knowledge-base/{id} - Get Q&A item details
PATCH /knowledge-base/{id} - Update Q&A item
DELETE /knowledge-base/{id} - Delete Q&A item

Updates

Create Trust Center update timelines, follow-up threads, classifications, templates, and delivery workflows:

GET /updates - List updates
POST /updates - Create a draft update
GET /updates/options - Load update creation options and follow-up defaults
GET /updates/{id} - Get update detail, audience, follow-ups, and delivery results
PATCH /updates/{id} - Edit update content, audience, resources, slug, or access level
DELETE /updates/{id} - Delete an update that has no sent email delivery
POST /updates/{id}/publish - Create a draft update
POST /updates/{id}/schedule - Schedule a draft or scheduled update
POST /updates/{id}/archive - Archive a published update
POST /updates/{id}/revert-to-draft - Return an eligible update to draft
POST /updates/{id}/send-now - Queue delivery for a published update
POST /updates/{id}/test - Send a test update email
POST /updates/classifications - Create an update classification
PATCH /updates/classifications/{id} - Update an update classification
GET /updates/templates - List update templates
POST /updates/templates - Create an update template
GET /updates/templates/{id} - Get an update template
PATCH /updates/templates/{id} - Update a tenant-owned update template

Ask Assistant API

Generate AI-assisted answers for questionnaire and compliance prompts:

POST /ask - Create an ask request and return terminal or in-progress status
GET /ask/{id} - Retrieve ask response status and output by ID

NDA Template Management

Manage Non-Disclosure Agreement templates with version control:

GET /nda-templates - List NDA templates
POST /nda-templates - Create NDA template
GET /nda-templates/{id} - Get template details with versions
PATCH /nda-templates/{id} - Update template
DELETE /nda-templates/{id} - Delete template
POST /nda-templates/{id}/versions - Create new version
PATCH /nda-templates/{id}/versions/{versionId} - Update version status
POST /nda-templates/{id}/versions/{versionId}/activate - Activate version

NDA Acceptance Management

Track and manage NDA acceptances:

GET /nda-acceptances - List NDA acceptances
GET /nda-acceptances/{id} - Get acceptance details
GET /nda-acceptances/{id}/file - Download signed NDA file
GET /accounts/{id}/nda-acceptances - Get account NDA acceptances

Configuration & Branding

Brand Management

Configure white-label themes and trust center appearance:

GET /brand - Get current brand settings
PATCH /brand - Update brand configuration
PUT /brand/logo - Upload custom logo
DELETE /brand/logo - Remove custom logo

API Keys Management

Generate programmatic access credentials:

GET /integrations/api-keys - List API keys
POST /integrations/api-keys - Create new API key

Authentication Endpoints

POST /logout - End the current browser session

Response Format

All API responses follow a consistent structure:

Success Response (Single Resource)

{
  "success": true,
  "data": {
    "account": {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "title": "Burger Queen",
      "review_status": "completed"
    }
  }
}

Collection Response

{
  "accounts": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "title": "Burger Queen",
      "review_status": "completed"
    }
  ]
}

Error Response

{
  "error": {
    "type": "validation_error",
    "message": "The email address provided is not valid",
    "param": "email"
  }
}

HTTP Status Codes

Code	Meaning	Description
`200`	OK	Request successful
`201`	Created	Resource created successfully
`204`	No Content	Successful deletion or update with no response body
`400`	Bad Request	Invalid request parameters
`401`	Unauthorized	Authentication required
`403`	Forbidden	Insufficient permissions
`404`	Not Found	Resource not found
`409`	Conflict	Resource conflict (e.g., duplicate email)
`422`	Unprocessable Entity	Valid syntax but semantic errors
`429`	Too Many Requests	Rate limit exceeded
`500`	Internal Server Error	Server error

Pagination

List endpoints support cursor-based pagination:

# Get first page
curl -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  "https://app.orbiqhq.com/api/v1/accounts?limit=50"

# Get next page using cursor
curl -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  "https://app.orbiqhq.com/api/v1/accounts?limit=50&starting_after=acc_123"

Query Parameters:

limit - Number of items to return (max 100, default 20)
starting_after - Cursor for pagination
ending_before - Reverse pagination cursor

Rate Limiting

Limit: 1000 requests per minute per API key
Headers: Rate limit info included in response headers
429 Response: Includes Retry-After header with seconds to wait

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

Common Integration Patterns

Error Handling

async function createAccount(accountData) {
  try {
    const response = await fetch("https://app.orbiqhq.com/api/v1/accounts", {
      method: "POST",
      headers: {
        Authorization: "Bearer " + apiKey,
        "Content-Type": "application/json",
      },
      body: JSON.stringify(accountData),
    });

    if (!response.ok) {
      const error = await response.json();
      throw new Error(`API Error: ${error.error.message}`);
    }

    return await response.json();
  } catch (error) {
    console.error("Failed to create account:", error.message);
    throw error;
  }
}

Document Upload Workflow

# 1. Create document metadata
RESPONSE=$(curl -X POST "https://app.orbiqhq.com/api/v1/documents" \
  -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Privacy Policy",
    "access_level": "public",
    "featured": true
  }')

DOCUMENT_ID=$(echo $RESPONSE | jq -r '.data.document.id')

# 2. Upload file
curl -X PUT "https://app.orbiqhq.com/api/v1/documents/$DOCUMENT_ID/file" \
  -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  -H "Content-Type: application/pdf" \
  --data-binary @privacy-policy.pdf

Access Request Approval Automation

import requests

api_key = "YOUR_TRUST_CENTER_API_KEY"

def approve_pending_requests():
    # Get all pending requests
    response = requests.get(
        "https://app.orbiqhq.com/api/v1/access-requests",
        params={"review_status": "to_review"},
        headers={"Authorization": f"Bearer {api_key}"}
    )

    pending_requests = response.json()["contacts"]

    # Auto-approve requests from verified domains
    for request in pending_requests:
        if request["email"].endswith("@trustedcompany.com"):
            requests.patch(
                f"https://app.orbiqhq.com/api/v1/access-requests/{request['id']}",
                json={"review_status": "approved"},
                headers={"Authorization": f"Bearer {api_key}"}
            )
            print(f"Auto-approved: {request['email']}")

White-Label Configuration

# Update trust center branding
curl -X PATCH "https://app.orbiqhq.com/api/v1/brand" \
  -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Acme Trust Center",
    "primary_color": "#0066cc",
    "deployment_domains": "trust.acme.com",
    "footer_text": "© 2025 Acme. All rights reserved."
  }'

# Upload custom logo
curl -X PUT "https://app.orbiqhq.com/api/v1/brand/logo" \
  -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  -H "Content-Type: multipart/form-data" \
  -F "file=@/path/to/company-logo.png"

Development Tools

Testing Your Integration

Use these endpoints to verify your setup:

# Health check
curl -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  https://app.orbiqhq.com/api/v1/accounts

# Test document upload
curl -X POST "https://app.orbiqhq.com/api/v1/documents" \
  -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title": "Test Document", "access_level": "public"}'

Webhook Integration

Set up webhooks to receive real-time notifications:

Account status changes
Document uploads and approvals
Access request submissions
Certification expiry alerts

Bulk Operations

For large-scale operations, use filtering and pagination:

# Process all accounts needing review
curl -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  "https://app.orbiqhq.com/api/v1/accounts?status=in_review&limit=100"

# Bulk approve access requests
curl -H "Authorization: Bearer $TRUST_CENTER_API_KEY" \
  "https://app.orbiqhq.com/api/v1/access-requests?review_status=to_review&account_id=acc_123"

How is this guide?

API v1 Reference

Authentication Deep Dive

Webhook Integration

Integration Examples

Postman Collection

On this page