Concord Organizations & Users API

Read the authenticated user (/user/me), the organizations that user belongs to (/user/me/organizations), and per-organization reports, groups, and tags. Concord does not publish a user CRUD or SCIM provisioning API; user identity is surfaced read-only through the current-user and organizations endpoints.

OpenAPI Specification

concord-com-openapi.yml Raw ↑
openapi: 3.0.3
info:
  title: Concord API
  description: >-
    The Concord REST API provides programmatic, read-oriented access to a
    Concord contract lifecycle management (CLM) account. It exposes the
    authenticated user, the organizations that user belongs to, the agreements
    (contracts) within an organization, an agreement's attachments and members,
    and organization-level reports, groups, and tags. All requests are
    authenticated with an API key passed in the `X-API-KEY` header; API key
    generation is available on paid plans only.


    Confirmed endpoints below were validated against the live production host
    (https://api.concordnow.com/api/rest/1), which returns HTTP 401
    `{"statusCode":401,"restCode":"unauthorized"}` when called without a valid
    key. Concord's public developer reference is a rendered documentation portal
    (https://api.doc.concordnow.com/) and does not expose a machine-readable
    OpenAPI file; response schemas here are modeled from documented behavior and
    connector mappings, not copied from an official spec. The template
    document-generation operation is documented to exist but its exact path and
    request body are not published, so it is included and explicitly flagged as
    modeled/unconfirmed.
  version: '1.0'
  contact:
    name: Concord
    url: https://www.concord.app
servers:
  - url: https://api.concordnow.com/api/rest/1
    description: Production
  - url: https://uat.concordnow.com/api/rest/1
    description: UAT / Sandbox
security:
  - apiKeyAuth: []
tags:
  - name: Users
    description: The authenticated user and their organization memberships.
  - name: Organizations
    description: Organization-level resources - reports, groups, and tags.
  - name: Agreements
    description: Agreements (contracts), their attachments, and members.
  - name: Templates
    description: Document generation from automated templates (modeled/unconfirmed).
paths:
  /user/me:
    get:
      operationId: getCurrentUser
      tags:
        - Users
      summary: Get the authenticated user
      description: >-
        Returns the profile of the user that owns the API key. Confirmed live
        (returns 401 without a valid key).
      responses:
        '200':
          description: The authenticated user.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /user/me/organizations:
    get:
      operationId: listUserOrganizations
      tags:
        - Users
      summary: List the user's organizations
      description: >-
        Lists the organizations the authenticated user belongs to. The response
        payload nests the list under an `organizations` selector.
      responses:
        '200':
          description: A list of organizations.
          content:
            application/json:
              schema:
                type: object
                properties:
                  organizations:
                    type: array
                    items:
                      $ref: '#/components/schemas/Organization'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /user/me/organizations/{organizationId}/agreements:
    parameters:
      - $ref: '#/components/parameters/OrganizationId'
    get:
      operationId: listAgreements
      tags:
        - Agreements
      summary: List agreements in an organization
      description: >-
        Lists the agreements (contracts) in the given organization for the
        authenticated user. The response nests items under an `items` selector
        and is paginated.
      parameters:
        - $ref: '#/components/parameters/Limit'
        - $ref: '#/components/parameters/Offset'
      responses:
        '200':
          description: A paginated list of agreements.
          content:
            application/json:
              schema:
                type: object
                properties:
                  items:
                    type: array
                    items:
                      $ref: '#/components/schemas/Agreement'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /organizations/{organizationId}/agreements/{agreementUid}/attachments:
    parameters:
      - $ref: '#/components/parameters/OrganizationId'
      - $ref: '#/components/parameters/AgreementUid'
    get:
      operationId: listAgreementAttachments
      tags:
        - Agreements
      summary: List an agreement's attachments
      description: >-
        Returns the files attached to an agreement. The response nests the list
        under an `attachments` selector.
      responses:
        '200':
          description: A list of attachments.
          content:
            application/json:
              schema:
                type: object
                properties:
                  attachments:
                    type: array
                    items:
                      $ref: '#/components/schemas/Attachment'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /organizations/{organizationId}/agreements/{agreementUid}/members:
    parameters:
      - $ref: '#/components/parameters/OrganizationId'
      - $ref: '#/components/parameters/AgreementUid'
    get:
      operationId: listAgreementMembers
      tags:
        - Agreements
      summary: List an agreement's members
      description: Returns the members (people) associated with an agreement.
      responses:
        '200':
          description: A list of agreement members.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Member'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /organizations/{organizationId}/reports:
    parameters:
      - $ref: '#/components/parameters/OrganizationId'
    get:
      operationId: listOrganizationReports
      tags:
        - Organizations
      summary: List organization reports
      description: >-
        Returns the reports configured for an organization. The response nests
        the list under a `reports` selector.
      responses:
        '200':
          description: A list of reports.
          content:
            application/json:
              schema:
                type: object
                properties:
                  reports:
                    type: array
                    items:
                      type: object
                      additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /organizations/{organizationId}/groups:
    parameters:
      - $ref: '#/components/parameters/OrganizationId'
    get:
      operationId: listOrganizationGroups
      tags:
        - Organizations
      summary: List organization groups
      description: >-
        Returns the groups within an organization. The response nests the list
        under a `groups` selector.
      responses:
        '200':
          description: A list of groups.
          content:
            application/json:
              schema:
                type: object
                properties:
                  groups:
                    type: array
                    items:
                      type: object
                      additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /organizations/{organizationId}/tags:
    parameters:
      - $ref: '#/components/parameters/OrganizationId'
    get:
      operationId: listOrganizationTags
      tags:
        - Organizations
      summary: List organization tags
      description: >-
        Returns the tags defined within an organization. The response nests the
        list under a `tags` selector.
      responses:
        '200':
          description: A list of tags.
          content:
            application/json:
              schema:
                type: object
                properties:
                  tags:
                    type: array
                    items:
                      type: object
                      additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /organizations/{organizationId}/templates/{templateUid}/documents:
    parameters:
      - $ref: '#/components/parameters/OrganizationId'
      - name: templateUid
        in: path
        required: true
        description: The UID of the automated template.
        schema:
          type: string
    post:
      operationId: createDocumentFromTemplate
      tags:
        - Templates
      summary: Create a document from an automated template (MODELED - UNCONFIRMED)
      description: >-
        MODELED / UNCONFIRMED. Concord documents that a document can be generated
        from an automated (Excel-driven) template using an API key and the
        template UID, but the exact request path, method, and body are not
        published in the crawlable public reference. This path and request schema
        are modeled to represent the capability and MUST be verified against the
        live account before use.
      x-concord-modeled: true
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              description: >-
                Modeled request body. The real payload (template field values,
                title, etc.) is not published; shape MUST be confirmed.
              additionalProperties: true
      responses:
        '200':
          description: The created document/agreement (modeled).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Agreement'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-KEY
      description: >-
        API key generated in the Concord account (paid plans only) and sent in
        the `X-API-KEY` request header. Confirmed against the live production
        host, which returns 401 unauthorized without a valid key.
  parameters:
    OrganizationId:
      name: organizationId
      in: path
      required: true
      description: The ID of the organization.
      schema:
        type: string
    AgreementUid:
      name: agreementUid
      in: path
      required: true
      description: The UID of the agreement.
      schema:
        type: string
    Limit:
      name: limit
      in: query
      required: false
      description: Maximum number of items to return (pagination).
      schema:
        type: integer
    Offset:
      name: offset
      in: query
      required: false
      description: Number of items to skip (pagination).
      schema:
        type: integer
  responses:
    Unauthorized:
      description: >-
        Missing or invalid API key. The live API returns
        `{"statusCode":401,"restCode":"unauthorized"}`.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Error:
      type: object
      description: Modeled from the live 401 response body.
      properties:
        statusCode:
          type: integer
        restCode:
          type: string
    User:
      type: object
      description: Modeled representation of the authenticated user.
      properties:
        id:
          type: string
        email:
          type: string
          format: email
        firstName:
          type: string
        lastName:
          type: string
    Organization:
      type: object
      description: Modeled representation of a Concord organization.
      properties:
        id:
          type: string
        name:
          type: string
    Agreement:
      type: object
      description: >-
        Modeled representation of an agreement (contract). Concord agreements
        carry a UID, title, lifecycle status, and timestamps; exact field names
        are not published and MUST be confirmed against the live account.
      properties:
        uid:
          type: string
        title:
          type: string
        status:
          type: string
        createdAt:
          type: string
          format: date-time
        updatedAt:
          type: string
          format: date-time
    Attachment:
      type: object
      description: Modeled representation of an agreement attachment (file).
      properties:
        id:
          type: string
        name:
          type: string
        contentType:
          type: string
    Member:
      type: object
      description: Modeled representation of an agreement member.
      properties:
        id:
          type: string
        email:
          type: string
          format: email
        role:
          type: string