Build Secure Document Workflows Without Building the Infrastructure

SideDrawer exposes 100% of its platform capabilities through 650+ REST API endpoints. Vault storage, RBAC, document workflows, audit trails, webhooks, and AI-ready document indexing — all available via API, iFrame, or white-label deployment.

Explore API Docs Request Sandbox Access
sidedrawer_api_console-1

Integration Options

Three ways to build with SideDrawer.

White-Label App

Full UI/UX under your brand.

Fully customized application deployed under your brand and domain. Used by Tier-1 banks and insurance companies. Your portal, your domain — SideDrawer runs as governed infrastructure underneath.

Most Flexible

iFrame Embed

Embed into any existing application. Drop SideDrawer into your existing portal in days, not months. Mobile-ready via webview. Accepts bearer token + refresh token authentication. No rebuild required.

API Only

Build your own UI on top.

100% API coverage means nothing is locked behind the UI. Enterprise clients are already building internal API abstraction layers on top of SideDrawer’s 650+ REST endpoints.

REST API

650+ endpoints.

100% platform coverage.

Every capability available in the SideDrawer UI is accessible via API. No locked features, no partial coverage. Enterprises use the API to automate vault creation, document workflows, compliance exports, and client onboarding — without touching the UI.

API Capabilities

Vault and drawer management Create, configure, and manage vaults programmatically
Document record operations Upload, version, retrieve, and archive
RBAC management Assign and revoke roles at vault, drawer, or record level
Document request workflows Trigger structured collection sequences via API
Audit trail export Pull full interaction logs for compliance reporting
Webhook subscriptions Subscribe at tenant, drawer, record, or file granularity
AI document indexing OCR, vectorized storage, semantic search with RBAC enforcement
Document generation Smart form submissions trigger PDF generation; returns binary for e-sign or routing

iFrame Embed

Drop into your existing portal. Ready in days.

SideDrawer’s iFrame embed lets you surface vault functionality inside any existing web application — CRM, advisor portal, client dashboard, or internal tool. Bearer token + refresh token authentication means your existing identity infrastructure handles the session. No separate login for your users.

Mobile-ready via webview — iOS and Android compatible
Bearer token + refresh token authentication
Configurable embed scope — surface full vault, specific drawer, or document request only
Skinnable to match your application’s design system
Client action items surface in-context — no context switching required
Production-tested at Tier-1 financial institutions
sidedrawer_portal_v3

Authentication

Fits your identity infrastructure.

Not the other way around.

OI

OIDC

OpenID Connect for standard web and mobile authentication flows. Supports authorization code flow with PKCE.

SS

SAML SSO

Enterprise SSO via SAML 2.0. Connects to your existing IdP — Azure AD, Okta, Ping, or any SAML-compliant provider.

M2

Machine-to-Machine

Service account authentication for automated workflows. API key or client credentials flow for backend integrations that don’t involve a user session.

Webhooks

Event-driven. Granular. Production-grade.

Subscribe to events at any level of the hierarchy — tenant-wide, per vault, per drawer, per record, or per file. SideDrawer fires webhooks for document uploads, workflow completions, access events, and audit triggers. Build downstream automations without polling.

Subscription Levels

Tenant level All events across your environment
Vault level Events for a specific client relationship
Drawer level Events within a specific document category
Record level Events on a specific document or file
File level Uploads, downloads, deletions on individual files

AI-Ready Architecture

Your LLM. SideDrawer’s document layer.

Every uploaded document can be OCR’d, vectorized, and stored in a semantic database. Plug in your chosen LLM — SideDrawer handles the document layer. RBAC is enforced at the search layer, so queries only surface documents the requesting user has permission to access. Build AI-powered document retrieval without building the infrastructure.

OCR on upload Searchable text extracted from every document type
Vector embeddings Documents stored for semantic similarity search
RBAC-enforced search Permissions applied at query time, not post-filter
Bring your own LLM OpenAI, Anthropic, Azure OpenAI, or self-hosted
No cross-tenant contamination Each client’s document index is fully isolated

Sandbox = Production

The sandbox API surface is identical to production — same endpoints, same auth patterns, same webhook payloads, different base URL. Start building before your enterprise environment is provisioned. No surprises when you go live.

Request Sandbox Access

Developer FAQ

Common questions from engineering and product teams evaluating SideDrawer as a platform component.

Yes. Full OpenAPI spec is available through the developer docs at sidedrawer.readme.io. All 650+ endpoints are documented with request/response schemas, authentication examples, and error codes.
RBAC is enforced server-side on every API call. The token you pass determines what the caller can access — there is no client-side trust. You can assign roles at the vault, drawer, or record level programmatically. Role changes take effect immediately across all access paths.
Yes. The API-only path gives you 100% of the platform’s capabilities without any dependency on the SideDrawer UI. Enterprise clients use this path to build entirely custom front-end experiences on top of SideDrawer’s data and workflow layer.
The embedded experience is scoped to whatever you configure — a full vault, a specific drawer, or a document request flow. It renders inside your application, styled to match your design system. Users see your brand, not SideDrawer’s. Session management is handled by your IdP via bearer token passthrough.
Depends on integration depth. A basic iFrame embed with bearer token auth typically takes 1–3 days. A full API integration with custom workflows, webhooks, and document generation typically takes 2–6 weeks depending on team size and scope. The sandbox being identical to production eliminates the usual environment delta.

Ready to start building?

Explore the API docs, request sandbox access, or talk to our technical team about your integration requirements.

Explore API Docs Talk to Our Team

Developers

Get the App

apple-store-button
google-play-button (1)

Copyright © 2025 SideDrawer Inc. All rights reserved.