Developers

Audit documents from the systems you already run.

A stable, documented API lets a LOS, POS, document platform or internal loan-file system upload documents, start audits, retrieve evidence-backed findings, resolve exceptions and download durable reports — without touching UI internals.

Evidence in every response

Findings come back with the page, region, producer version and confidence behind them — enough to render an overlay or store a defensible record, not just a verdict.

Safe to retry, no duplicates

Retryable uploads and audit starts accept an Idempotency-Key, with explicit conflict detection on replay.

Scoped API keys

Service-to-service keys carry scoped permissions. A service can start audits and fetch results without the right to override findings.

Audit workflow

Five calls, upload to durable report.

The same pipeline the console drives, available end-to-end over HTTP. Endpoint paths shown below are illustrative of the documented contract.

workflow.sh
# 1 — Upload a document (bytes stay on your hardware)
curl -X POST https://your-host/documents \
  -H "Authorization: Bearer $API_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -F "file=@closing_disclosure.pdf"
→ { "document_id": "doc_9f2a" }

# 2 — Start the audit
curl -X POST https://your-host/documents/doc_9f2a/audit \
  -H "Authorization: Bearer $API_KEY"
→ { "audit_id": "aud_71c", "status": "running" }

# 3 — Read the evidence-backed scorecard
GET /audits/aud_71c/scorecard
 { "decision": "needs_review",
    "overall_score": 72 }

# 4 — Pull findings with evidence coordinates
GET /audits/aud_71c/findings
GET /findings/fnd_04/evidence

# 5 — Export a durable audit package
curl -X POST https://your-host/exports \
  -d '{"audit_id":"aud_71c","format":"pdf"}'
GET /exports/exp_88/download
POST/documents
Upload
POST/documents/{id}/audit
Start
GET/audits/{id}/scorecard
Decision
GET/audits/{id}/findings
Exceptions
POST/findings/{id}/review
Triage
POST/documents/{id}/finalize-review
Admin
POST/exports
Package
scopes.json
{
  "key": "svc_los_integration",
  "scopes": [
    "documents:write",
    "audits:write",
    "findings:read",
    "exports:read"
  ],
  // override & raw model output
  // require admin-equivalent scope
  "can_override": false
}
Auth & scopes

Least privilege, by default.

Every credential is scoped. Automation gets exactly the reach it needs — and nothing that belongs to a human admin.

  • Service keys with scoped permissionsGrant documents:write and findings:read without granting override.
  • Field-level redaction by scopeOCR text, barcode values and raw bytes are separate controls; raw model outputs need an admin/debug scope.
  • Signed download linksRequest short-lived HMAC links for originals, artifacts and exports via the /…/download-link endpoints.

Webhooks

Register endpoints with POST /webhooks/endpoints to be notified as audits progress and exceptions resolve — so your systems react without polling.

A trail behind every document

Who opened a file, when it was viewed, every download and the final decision — captured as an immutable audit trail you can pull over the API (GET /audit-log). When an examiner asks what happened to a document, the record answers.

Build once, trust it. Docutise exposes one stable, documented API contract — no surprise response shapes — that you can generate typed clients from. Every change is checked against that contract before it ships, so the integration you build keeps working.

Wire up your first audit today.

Request an API key for early access and integrate a local pilot with your stack.