Orbiq API Overview
A complete REST API for compliance automation. Manage trust centers, documents, certifications, NDAs, and AI-powered questionnaire responses programmatically.
Core Resources
Eight resource families covering every aspect of compliance automation.
| Resource | Methods | Base Path |
|---|---|---|
| Accounts | GETPOSTPATCHDELETE | /accounts |
| Documents | GETPOSTPUTPATCHDELETE | /documents |
| Certifications | GETPOSTPATCHDELETE | /certifications |
| NDA Templates | GETPOSTPATCH | /nda-templates |
| Access Requests | GETPATCH | /access-requests |
| Ask (AI) | POST | /ask |
| Knowledge Base | GETPOSTPATCHDELETE | /knowledge-base |
| Brand | GETPATCHPUT | /brand |
Authentication
Two authentication methods to fit every integration pattern. All traffic is encrypted with TLS 1.3.
API Key Authentication
Include your API key in the x-api-key header for server-to-server integrations. Keys are scoped per environment with granular permissions.
curl -X GET https://api.orbiqhq.com/v1/documents \
-H "x-api-key: orbiq_live_sk_..."JWT Bearer Token
Use OAuth 2.0 client credentials flow for short-lived JWT tokens. Ideal for user-facing applications and fine-grained access control.
curl -X POST https://api.orbiqhq.com/v1/auth/token \
-H "Content-Type: application/json" \
-d '{"client_id":"...","client_secret":"..."}'What You Can Build
Real-world integration patterns powering compliance automation at scale.
AI Security Questionnaires
Feed questions to the /ask endpoint and get AI-generated answers grounded in your knowledge base. Build agentic compliance workflows that complete questionnaires in minutes.
const response = await fetch(
"https://api.orbiqhq.com/v1/ask",
{
method: "POST",
headers: {
"x-api-key": "orbiq_live_sk_...",
"Content-Type": "application/json",
},
body: JSON.stringify({
question: "Describe your data encryption at rest.",
context: "SOC 2 Type II questionnaire",
}),
}
);Document Access Automation
Auto-approve access requests by domain, enforce NDA-gated sharing, and track every document view with audit logs. Build custom approval workflows with webhooks.
// Auto-approve requests from @acme.com
const rule = await fetch(
"https://api.orbiqhq.com/v1/access-requests/rules",
{
method: "POST",
headers: { "x-api-key": "orbiq_live_sk_..." },
body: JSON.stringify({
domain: "acme.com",
action: "auto_approve",
require_nda: true,
}),
}
);White-Label Trust Center
Embed a fully branded trust center in your product. Configure colors, fonts, logos, and custom domains via the Brand API.
await fetch(
"https://api.orbiqhq.com/v1/brand",
{
method: "PATCH",
headers: { "x-api-key": "orbiq_live_sk_..." },
body: JSON.stringify({
primary_color: "#0F172A",
logo_url: "https://cdn.acme.com/logo.svg",
custom_domain: "trust.acme.com",
}),
}
);Continuous Compliance Monitoring
Sync certifications, track expiry dates, and surface compliance gaps automatically. Get webhook alerts when a certification approaches renewal.
await fetch(
"https://api.orbiqhq.com/v1/certifications",
{
method: "POST",
headers: { "x-api-key": "orbiq_live_sk_..." },
body: JSON.stringify({
name: "SOC 2 Type II",
status: "active",
issued_at: "2025-11-01",
expires_at: "2026-11-01",
notify_before_days: 60,
}),
}
);Explore the Full API Reference
Interactive API reference with request/response examples, schema definitions, and authentication guides.