iManage API
iManage is a cloud document and knowledge work platform used by law firms and professional services organizations to securely organize and govern documents, emails, and matter workspaces. An unofficial API lets you pull workspace lists, document metadata and versions, email filings, s
What is iManage?
iManage is a cloud platform for knowledge workers that centralizes document and email management, governance, and security across law firms, corporate legal departments, and other professional services teams. Organizations use iManage to create and organize matter workspaces, store and version documents, file emails, enforce ethical walls and retention policies, apply legal holds, and audit access and changes—backed by robust security and Microsoft 365 integrations.
Core product areas include:
- Document & Email Management (Workspaces, Folders, Documents, Versions, Email Filing)
- Governance & Compliance (Retention Policies, Legal Holds, Disposition, Records Management)
- Security & Access Control (Ethical Walls, ACLs, Policy Automation, Threat Detection)
- Knowledge & Search (Search, Metadata, Classification, Knowledge Reuse)
- External Collaboration (Secure Sharing, Link Governance, Expirations)
Common data entities:
- Tenants, Users, Groups, Roles/Permissions
- Clients/Engagements and Matter Workspaces (metadata, status, owners)
- Folders and Documents (versions, size, file type, check-in/out state)
- Emails filed to matters (headers, attachments, classification)
- Governance Policies (retention schedules, holds, disposition rules)
- Security Controls (ethical walls, ACLs, access entitlements)
- Audit Events (view/download, edit, check-in/out, policy changes, share activity)
The iManage Integration Challenge
Compliance-focused teams rely on iManage as the system of record for sensitive work product, but turning portal-based operations into API-driven automation is non-trivial:
- Role-aware security: Ethical walls and fine-grained ACLs change per matter and user
- Governance rigor: Retention, legal holds, and disposition require careful policy mapping and auditability
- Complex artifacts: Documents, versions, and email filings carry layered metadata and security contexts
- Authentication complexity: SSO/MFA (often Azure AD) and session lifecycles complicate unattended flows
- Distributed context: Key compliance signals span workspaces, policies, audit logs, and external shares
How Supergood Creates iManage APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your iManage tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements, ethical walls, and role-based permissions to ensure compliant access
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened iManage adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as iManage evolves.
API Endpoints
Authentication
/sessionsEstablish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
Authentication
/sessions/refreshRefresh an existing token to keep sessions uninterrupted.
Workspaces
/workspacesList matter/engagement workspaces with filters and summary details.
Documents
/workspaces/{workspaceId}/documentsList documents and filed emails with versions, metadata, and security summaries.
Legal Holds
/legal-holdsApply a legal hold to one or more documents or an entire workspace with justification and scope.
Audit Events
/audit-eventsRetrieve audit logs for document access, policy changes, shares, and administrative actions.
Use Cases
Compliance & Audit Data Sync
- Mirror workspaces, documents, and versions into your compliance data store - Ingest audit logs to feed SIEM and risk analytics - Normalize metadata (matter numbers, owners, classifications) for multi-tenant reporting
Legal Holds & Retention Automation
- Apply, update, and release legal holds programmatically - Map retention schedules to matters and push disposition events into workflow tools - Track hold scope, custodians, and timelines for regulator-ready evidence
Access Governance & Ethical Walls
- Detect and reconcile entitlement drift across users/groups - Alert on policy changes (ACL updates, wall exceptions) and remediate - Produce traceable reports of who accessed what, when, and under which policy
Secure Sharing & Evidence Preparation
- Generate expiring secure shares for regulators or auditors - Attach supporting documents, enforce link governance, and log activity - Automate evidence collection from documents, emails, and attachments
Technical Specifications
Authentication
Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
Response format
JSON with consistent resource schemas and pagination across modules
Rate limits
Tuned for enterprise throughput while honoring customer entitlements and usage controls
Session management
Automatic reauth and cookie/session rotation with health checks
Data freshness
Near real-time retrieval of workspaces, documents, governance policies, and audit logs
Security
Encrypted transport, scoped tokens, and audit logging; respects iManage role-based permissions and ethical walls
Webhooks
Optional asynchronous delivery for long-running workflows (e.g., legal hold propagation, external share activity)
Latency
Sub-second responses for list/detail queries under normal load
Throughput
Designed for high-volume document metadata sync and audit-event ingestion
Reliability
Retry logic, backoff, and idempotency keys minimize duplicate actions
Adaptation
Continuous monitoring for UI/API changes with rapid adapter updates
Frequently asked questions
Supergood supports workflows across commonly used modules such as Document & Email Management (Workspaces, Documents, Versions), Governance (Retention Policies, Legal Holds, Disposition), Security (Ethical Walls, ACLs), and External Sharing, subject to your licensing and entitlements. We scope coverage during integration assessment.
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled (e.g., Azure AD). Sessions are refreshed automatically with secure challenge handling.
Yes. We normalize audit events (access, downloads, edits, policy updates, hold actions) and deliver updates via webhooks or polling, with filtering by user, workspace, event type, and time windows to align with SIEM and GRC schemas.
Yes. We can apply, modify, and release holds, and map retention schedules to matters or classifications. Hold scope, timelines, and disposition events are modeled explicitly in our normalized responses.