Base URL
/api/v1) is included in every request URL. The current and only version is v1.
Authentication
All endpoints require a valid API bearer token. Pass the token in theAuthorization header:
Your organization must have an active subscription or be within its trial period. If your trial has expired or your subscription is inactive, all API requests return a
402 Payment Required response.Access by role
API access follows your ClearPolicy role. Organization owners and administrators can create API tokens and use the people, documents, and attestation request endpoints. Tokens tied to Group Managers can useGET /me to confirm the token and organization, but other REST API endpoints return 403 Forbidden.
Response format
All responses are JSON. Successful responses return the requested resource or collection directly in the response body.IDs
All resource IDs are ULIDs — lexicographically sortable string identifiers. They are represented as lowercase strings, for example:Pagination
List endpoints return paginated results. The response includes adata array alongside links and meta objects:
page and per_page query parameters to navigate results. per_page accepts values between 1 and 100, and defaults to 25.
Errors
Errors return JSON with anerror field describing the problem:
| Status | Meaning |
|---|---|
200 OK | Request succeeded. |
201 Created | Resource created successfully. |
400 Bad Request | The request was invalid (e.g. document not published). |
401 Unauthorized | Missing or invalid access token. |
402 Payment Required | Your organization’s trial has expired or subscription is inactive. Visit your billing page to subscribe. |
403 Forbidden | Token lacks required permissions. |
404 Not Found | The requested resource does not exist in your organization. |
422 Unprocessable Entity | Validation failed — check request parameters. |
429 Too Many Requests | Rate limit exceeded — wait and retry. |
Rate limiting
Each API token is limited to 60 requests per minute. Limits apply per token, not per organization, so multiple tokens each have their own allowance. If you exceed the limit, the API returns429 Too Many Requests. Responses include Retry-After and X-RateLimit-* headers so you can tell when to retry. Use exponential backoff when retrying.