API Reference
ContractRabbit REST API documentation.
Overview
The ContractRabbit API provides programmatic access to contract analysis features. You can upload documents, query extracted data, and search across your corpus using simple REST endpoints.
Authentication
ContractRabbit supports two authentication methods:
API Keys (Recommended for integrations)
Create an API key from Settings > API Keys in the ContractRabbit dashboard. Include it in the Authorization header:
curl -H "Authorization: Bearer cr_live_abc123..." \
https://app.contractrabbit.com/api/filesContractRabbit supports two types of API keys:
| Key type | Scope | How to create |
|---|---|---|
| User API Key | Access documents in your personal workspace | Settings > API Keys (in your user profile) |
| Organization API Key | Access documents across the entire organization | Organization Settings > API Keys (requires admin) |
User keys authenticate as you and resolve to your personal team. Organization keys authenticate in the context of the organization, giving access to all documents shared with the org. Organization keys are ideal for CI/CD pipelines, internal tools, and team-wide integrations where access shouldn't be tied to a single person's account.
Session Tokens
Browser-based sessions use Clerk session cookies automatically. This is used by the ContractRabbit web application and does not require manual configuration.
API Key Eligible Endpoints
The following endpoints accept API key authentication:
| Endpoint | Methods | Description |
|---|---|---|
/api/files | GET, POST | List and upload files |
/api/files/:fileId | GET, PUT, DELETE | File CRUD operations |
/api/files/:fileId/status | GET | Check file processing status |
/api/files/:fileId/documents | GET | Get document segments |
/api/files/:fileId/download | GET | Download original file |
/api/search | GET | Unified search across documents |
/api/files/search-index | GET | Full-text search |
Rate Limiting
API key requests are rate-limited to 100 requests per 60 seconds. User keys are rate-limited per user; organization keys are rate-limited per organization. Rate limit information is included in response headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Remaining requests in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
When the rate limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait.
Error Responses
All error responses return JSON:
{
"error": "Description of the error"
}| Status Code | Description |
|---|---|
401 | Invalid or missing API key |
403 | Endpoint not available via API key auth |
429 | Rate limit exceeded |
Quick Start
# List your files
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://app.contractrabbit.com/api/files
# Search across documents
curl -H "Authorization: Bearer YOUR_API_KEY" \
"https://app.contractrabbit.com/api/search?q=termination+clause"
# Get file processing status
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://app.contractrabbit.com/api/files/FILE_ID/statusEndpoints
Browse endpoint documentation by category using the sidebar navigation.