Suralink API
Suralink is audit and engagement management software used by accounting firms to run Prepared By Client (PBC) request lists, securely exchange documents, track status and due dates, and guide clients through evidence collection. An unofficial API lets you pull engagements, request ite
What is Suralink?
Suralink is a cloud platform for accounting and advisory firms that centralizes engagement delivery, PBC request lists, secure file exchange, and workflow tracking between firm staff and client stakeholders. Audit, review, tax, and advisory teams use Suralink to organize requests, assign owners, manage due dates, version and review documents, and maintain an audit trail of activity and approvals—all within a secure client portal.
Core product areas include:
- Engagement Management (Engagements, Clients, Teams, Phases/Status, Due Dates)
- PBC Request Lists (Categories, Required vs Optional, Assignments, Dependencies)
- Secure File Exchange (Uploads, Version Control, Document Types, Retention)
- Collaboration (Comments, @Mentions, Notifications, Client Portal)
- Compliance & Audit Trail (Activity Logs, Approvals, Sign-Offs, Permissions)
- Templates & Automation (Reusable Request Sets, Standardized Categories)
Common data entities:
- Firms, Users, Roles/Permissions (Partner, Manager, Staff, Client Contact)
- Clients (organizations, contacts, addresses)
- Engagements (service type, fiscal year, status, deadlines, team, client)
- Requests (title, description, category, required flag, status, assignees, due date)
- Documents (files, versions, metadata, document type, checksum)
- Comments & Activity (messages, events, timestamps, actors)
- Templates (request sets, categories, default due dates)
The Suralink Integration Challenge
Audit teams rely on Suralink every day, but turning portal-first workflows into API-driven automation is non-trivial:
- Role-aware portals: Firm staff and client contacts see different request states, permissions, and visibility
- Compliance rigor: Evidence handling, approvals, versioning, and audit trails require careful modeling
- Sensitive data: Secure upload/download flows and retention policies complicate automation
- Authentication complexity: SSO/MFA and session lifecycles make headless processes brittle
- Dynamic lists: Request dependencies, category templates, and status transitions span multiple views
How Supergood Creates Suralink APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Suralink tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements and role-based permissions to ensure compliant access
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened Suralink adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as Suralink evolves.
API Endpoints
Authentication
/sessionsEstablish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
Engagements
/engagementsList engagements with filters and summary details.
Requests
/engagements/{engagementId}/requestsList PBC request items for an engagement with filters.
Requests
/requests/{requestId}Update request status, due date, assignments, and notes.
Documents
/requests/{requestId}/documentsUpload evidence to a request with versioning and metadata.
Use Cases
Audit Engagement & Client Data Sync
- Mirror engagements, clients, and contacts into your internal systems - Keep engagement metadata current for analytics and capacity planning - Normalize service types, fiscal years, and statuses across multi-office operations
PBC Request Automation
- Generate request lists from your templates or AI suggestions - Assign owners and due dates, trigger reminders, and track completion - Drive SLA alerts and push updates back to Suralink for real-time status
Document AI & Evidence Validation
- Ingest uploaded files and classify with AI (e.g., bank statements, AR aging, leases) - Extract key fields, validate against rules, and flag exceptions - Attach annotated workpapers and route items for manager sign-off
Compliance: Approvals and Audit Trail
- Synchronize approvals and sign-offs into your QA/QC processes - Stream activity logs to analytics and retention systems - Export final binders or indexed evidence to DMS/workpaper tools
Technical Specifications
Authentication
Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
Response format
JSON with consistent resource schemas and pagination across modules
Rate limits
Tuned for enterprise throughput while honoring customer entitlements and usage controls
Session management
Automatic reauth and cookie/session rotation with health checks
Data freshness
Near real-time retrieval of engagements, requests, documents, and activity logs
Security
Encrypted transport, scoped tokens, and audit logging; respects Suralink role-based permissions and client visibility
Webhooks
Optional asynchronous delivery for long-running workflows (e.g., client uploads, request status changes, approvals)
Latency
Sub-second responses for list/detail queries under normal load
Throughput
Designed for high-volume PBC request processing and document ingestion
Reliability
Retry logic, backoff, and idempotency keys minimize duplicate actions
Adaptation
Continuous monitoring for UI/API changes with rapid adapter updates
Frequently asked questions
Supergood supports workflows across commonly used modules such as Engagement Management (Teams, Status, Due Dates), PBC Requests (Categories, Assignments), Secure Documents (Uploads, Versions), and Collaboration (Comments, Approvals), subject to your licensing and entitlements. We scope coverage during integration assessment.
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Yes. We can normalize request items and document metadata to match your workpaper or ERP/GL schema and deliver updates via webhooks or polling while complying with rate and permission constraints. We commonly integrate with systems like QuickBooks, NetSuite, and Caseware.
Yes. We can apply AI to classify documents (e.g., AR aging, bank statements), extract key fields, run validation rules, and attach results back to the corresponding request with audit trail updates.