FreshNDA
← All documentation

API Reference

The FreshNDA REST API lets your own code work with your organization’s NDAs: list them, check whether a specific person has signed, download executed PDFs, read aggregate stats, and manage reusable links.

Authentication

Create a key under Settings → API Keys (an organization admin can do this). The full key is shown once at creation; store it somewhere safe. Send it as a bearer token on every request:

curl https://freshnda.com/api/v1/ndas \
  -H "Authorization: Bearer fnda_your_key_here"

Each key belongs to one organization and only ever sees that organization’s data. Keys stop working the moment they are revoked.

Quickstart

The base URL is https://freshnda.com/api/v1. Here is a complete first call that answers “has this person signed?”:

curl "https://freshnda.com/api/v1/ndas?recipient=jane@acme.com" \
  -H "Authorization: Bearer fnda_your_key_here"

A successful response:

{
  "data": [
    {
      "id": "cuid…",
      "status": "signed",
      "recipientName": "Jane Doe",
      "recipientEmail": "jane@acme.com",
      "signedAt": "2026-06-12T15:04:00.000Z",
      "hasExecutedPdf": true
    }
  ],
  "nextCursor": null,
  "total": 1
}

Endpoints

List NDAs

GET /ndas — newest first, cursor-paginated. Filters: status, recipient (an exact email match, the “has X signed?” query), from and to (ISO timestamps on the sent date), and cursor.

Get one NDA

GET /ndas/{id} — returns the NDA, or 404 if the id is not in your organization.

Download the executed PDF

GET /ndas/{id}/pdf — streams the stored, executed PDF for a signed NDA. Returns 409 if the NDA is not signed or the document is not available.

Aggregate stats

GET /stats— totals, a per-status breakdown, this month’s count against your plan limit, and the sign-through rate.

List templates and links

GET /templates — your templates and their reusable-link state. Add ?link=active to list only the ones whose link is live. Each item includes the live url.

Turn a link on or off

POST /templates/{id}/link activates the template’s reusable link and returns its URL. DELETE /templates/{id}/link deactivates it.

Build a prefilled link

POST /templates/{id}/link/prefill takes a recipient’s details and returns the link URL with their info filled in, ready for you to send. No NDA is created and no email is sent.

curl -X POST "https://freshnda.com/api/v1/templates/TEMPLATE_ID/link/prefill" \
  -H "Authorization: Bearer fnda_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"Jane Doe","email":"jane@acme.com","title":"Counsel","org":"Acme"}'

{ "data": { "url": "https://freshnda.com/sign/acme-mutual-nda?name=Jane+Doe&email=jane%40acme.com&title=Counsel&org=Acme", "linkActive": true } }

Pagination

List endpoints return up to 20 items plus a nextCursor. When it is non-null, pass it as the cursor query param to fetch the next page; a null cursor means you have reached the end. total is the full count for the filter.

Rate limits

Each key is limited to 60 requests per minute. Over the limit, the API returns 429 with a Retry-After header (in seconds); wait that long and retry.

Errors

Every error returns the same shape, with a stable code your code can branch on and a doc_url pointing back here:

{ "error": { "code": "not_found", "message": "…", "doc_url": "…" } }

invalid_api_key · HTTP 401

The key is missing, malformed, unknown, revoked, or expired. Check the Authorization header.

forbidden · HTTP 403

Authenticated, but not allowed to perform this action.

not_found · HTTP 404

No such resource in your organization. (An id from another organization returns this too.)

pdf_not_ready · HTTP 409

The NDA is not fully signed, or its executed PDF is not yet available.

validation_error · HTTP 422

A request parameter was missing or invalid. The message says which.

rate_limited · HTTP 429

Too many requests for this key. Wait for the Retry-After header, then retry.

server_error · HTTP 500

Something went wrong on the server. Retry; if it persists, get in touch.

Versioning

This is v1. Backward-incompatible changes ship under a new version path (/api/v2); additive, backward-compatible changes can arrive in v1 without notice, so write clients that ignore unknown fields. A machine-readable OpenAPI 3.1 spec is available at /api/v1/openapi (import it into Postman or generate a typed client).

Support

Questions or a problem with the API? Get in touch.