Overview
Settlio's API is built on tRPC v11 with Superjson serialization. This means you get end-to-end type safety — Date objects, BigInt, and other JavaScript types are preserved across the wire.
Base URL
/api/trpcProtocol
tRPC over HTTP (batch)Serialization
Superjson# Example: Query documents (GET request with batch encoding)
curl -X GET "https://your-domain.com/api/trpc/documents.list" \
-H "Cookie: session=<your-session-cookie>"
# Example: Create a document (POST request)
curl -X POST "https://your-domain.com/api/trpc/documents.upload" \
-H "Content-Type: application/json" \
-H "Cookie: session=<your-session-cookie>" \
-d '{"json":{"fileName":"agreement.pdf","title":"Settlement Agreement","fileBase64":"...","fileSize":12345}}'Authentication
Settlio uses cookie-based session authentication via Manus OAuth. After a successful OAuth flow, a signed JWT session cookie is set. All subsequent API requests include this cookie automatically.
Authentication Flow
- Redirect user to the Manus OAuth login portal
- User authenticates and is redirected to
/api/oauth/callback - Server validates the OAuth response and sets a
sessioncookie - All subsequent tRPC calls include the cookie — no manual token management needed
Procedure Types
No authentication required. Used for signing flows, blog content, and client portal auth.
Requires a valid session cookie. Returns UNAUTHORIZED if missing.
// Frontend: tRPC client automatically includes credentials
const trpcClient = trpc.createClient({
links: [
httpBatchLink({
url: "/api/trpc",
transformer: superjson,
fetch(input, init) {
return globalThis.fetch(input, {
...(init ?? {}),
credentials: "include", // Sends session cookie
});
},
}),
],
});
// Check current user
const { data: user } = trpc.auth.me.useQuery();
// Logout
const logoutMutation = trpc.auth.logout.useMutation();
await logoutMutation.mutateAsync();Documents
Upload, manage, send, and track documents for electronic signature.
Signing
Public endpoints for the signing experience — no authentication required.
Signing Fields
Manage form fields placed on documents (signature, text, date, checkbox, etc.).
Recipients & Sending
Manage document recipients and the sending workflow.
Templates
Save documents as reusable templates with categories.
Template Fields
Define fillable fields on templates and set values when creating documents.
Email Templates
Create custom email templates with merge fields for signing requests.
Branding
Configure company branding that appears on signing pages and emails.
Folders
Organize documents into folders by client, case, or project.
Team Management
Invite team members and manage roles (admin, sender, viewer).
Analytics
Track document and signing performance metrics.
Billing & Payments
Manage subscriptions and checkout via Stripe integration.
White-Label Settings
Customize email sender name, reply-to address, and footer for enterprise branding.
Retention Policies
Configure automatic document archival and deletion for compliance.
Template Sharing
Share templates with team members or the entire organization.
Notifications
In-app notification system for document events.
Client Portal Authentication
Email/password authentication for document recipients (client portal).
Error Handling
tRPC returns structured error responses with a code field. Common error codes:
| Code | HTTP | Description |
|---|---|---|
| UNAUTHORIZED | 401 | Missing or invalid session cookie |
| FORBIDDEN | 403 | Insufficient permissions (e.g., non-admin accessing admin routes) |
| NOT_FOUND | 404 | Resource does not exist or is not accessible |
| BAD_REQUEST | 400 | Invalid input (Zod validation failed) |
| INTERNAL_SERVER_ERROR | 500 | Unexpected server error |
// Handling errors in the frontend
const mutation = trpc.documents.send.useMutation({
onError: (error) => {
if (error.data?.code === "UNAUTHORIZED") {
// Redirect to login
window.location.href = getLoginUrl();
} else if (error.data?.code === "FORBIDDEN") {
toast.error("You don't have permission to perform this action");
} else {
toast.error(error.message);
}
},
});