Everlaw's API (application programming interface) lets your custom programs interface directly with Everlaw to automate processes like custom reporting to provide detailed analytics, billing tracking, and uploading native data. Everlaw's API allows the flexibility to support your automation of complex and unique workflows at scale.
Everlaw’s API empowers engineers or technical experts to build programs or scripts that interface with Everlaw.
Requirements
- You must be an Organization Admin to generate an API key for that organization.
- A valid organization API key is valid for all API endpoints. To learn more about authentication to Everlaw’s API, visit your region’s documentation
API documentation by region
Copies of the technical documentation describing specifics are hosted directly on each deployment of Everlaw:
API Keys / Security
The API keys tab of the Organization Admin pagelets you generate secure keys for your organization to connect your programs with Everlaw. An API key is a long string of letters and numbers equivalent to a password. It allows programs equivalent access to an Organization Admin, but is not tied to the creator's user account.
Important
For security reasons, you can only download each key once at initial creation. API keys should be treated with great care.
Parent organization vs sub-organization API key permissions
API keys can be generated for a parent organization and sub-organizations, and are managed in an identical manner. The only difference is that parent organization API keys can access sub-organization information via select endpoints:
- GetOrganizationEvents
- GetOrganizationEventsAfter
- GetRecentOrganizationEvents
- GetProjectEvents
- GetProjectEventsAfter
- GetRecentProjectEvents
- GetOrganizationBilling
- GetDatabaseBilling
- GetProjectBilling
- GetProjectSize
- GetOrganizations
- GetDatabases
- GetProjects
All other endpoints only return parent organization information when accessed with a parent organization API key.
For information on individual endpoint permission requirements, visit our API documentation for your Everlaw region and see the Required permissions section under the given endpoint.
Access your organization's API Keys
Required permission: Organization Admin
To access your organization's keys:
- Go to your Organization home
page.
- [If you have multiple organizations or sub-organizations] Select the organization you would like to access from the organization list in the Everlaw page header.
- From the side navigation panel, select API keys.
This opens the API keys page.
Create an API key
Required permission: Organization Admin
To create an API key:
- Go to your Organization home
page.
- [If you have multiple organizations or sub-organizations] Select the organization you would like to access from the organization list in the Everlaw page header.
- From the side navigation panel, select API Keys to open the API Keys page.
- Select + Create API key.
This opens the Create API key dialog. - In the Name field, enter a name for the API key.
- Select the endpoints you want to grant access to for that specific key.
You can select by category, by individual endpoint, or both. - Select Continue.
This takes you to the next step of the dialog, which displays the new key. - Here you can copy or download the key. Select the copy to clipboard
button, or select Download key as CSV.
- Store your key in a secure location. You will not be able to access it through Everlaw again.
- Once you have your API key secured, select Done to close the dialog
Manage existing API keys
To manage your organization's keys, go to your organization's API keys page, and select the toggle to temporarily enable or disable a particular key. You can also choose which endpoints a key has access to. Click the X to permanently revoke a key. You’ll see the dates each key was created or last used by an application or script. The prefix for each key is the first several digits of the API key, and can be used to help identify your keys offline.
For security reasons, Everlaw automatically disables API keys after 90 days of inactivity. All Organization Admins receive an email notification prior to and upon key expiration.
Enable OAuth2
OAuth2 is an industry-standard way for individual users to share data across services via delegated authorization. When enabled, OAuth2 provides a secure way for individual users to use third party tools/plugins that Everlaw has built connections with to access the Everlaw data and tools they have access to.
To learn more about OAuth2, see their website: OAuth2 website.
Everlaw has OAuth2 connections to the following:
- Claude via MCP server
Note
OAuth2 is not available in GovCloud.
By default, OAuth2 is disabled for all organizations. To enable it, switch on the Enable API access via OAuth2 toggle on the bottom of the API access page.
When it's on, any plugin or tool that connects to Everlaw can be accessed via OAuth2.
Any time a user forms a connection to Everlaw from a third party tool via OAuth2, they will form the connection by logging in to their Everlaw account. Before they complete the connection, they will be notified of the access requested by the tool.
The permission level and access is always enforced by the user's permission and access in Everlaw: a user cannot gain access to tools or data they don't have access to within Everlaw by using a third party tool, even if the tool asks the user for it and the user grants access.
The scope groups that a tool might request are in the table below:
| Scope Group | Description |
| Platform_Read | List and view organizations, projects, and databases |
| User_Management_Read | View users, groups, permissions, and invitations |
| User_Management_Write | Add, modify, and remove users and invitations |
| Data_Read | View datasets, source files, documents, and field definitions |
| Data_Write | Upload data, create datasets, and modify documents and metadata |
| Review_Read | Search documents and review work product |
| DeepDive_Read | Submit Deep Dive queries and results |
| Billing_Read | View billing and sizing information |
| Security_Read | View audit events and analytics |
| Legal_Hold_Read | View legal holds |
| Legal_Hold_Write | Create, modify, and delete legal holds |
For developer details on Everlaw's OAuth2 implementation, see our technical API documentation.
API endpoint categories
General
Category |
Description |
| Global | Access the list of organizations, databases, and projects you have access to, as well as information about the account associated with the API key and the API status. |
| Organization |
Take organization-level actions, such as:
Note You cannot use the API to remove a Project Admin if they are only Project Admin on a project, or Org Admin if they are the only Org Admin for an Organization. |
Database Operations
Category |
Description |
| Database |
Identify and update database-level permissions for users on a database.
|
| Database Org Admin | For Organization Admins: get information about database sizes and billing, and the projects within a database |
| Native Uploads | Everlaw’s Upload API lets you build programs to automatically upload native data to Everlaw, letting you automate your data pipeline and integrate your upload process with Everlaw. |
Project Operations
Category |
Description |
| Project |
Identify and update the users on projects, create new metadata fields, and access project-level information related to:
|
| Project Org Admin |
Access information about projects, project size and billing information, and project-level event logs Note Events from projects with Organization Admin access disabled are not available through the API |
| Search | Everlaw’s Search API allows you to build out custom analytics reporting with the same flexibility as Everlaw’s visual instant search. With the API, you can use many of the search terms available on-platform to return matching documents |
| Document | Replace document text and/or PDF files, and update document metadata. |