APIs
PHX Terminal exposes a secure, well-designed API surface so developers can rapidly build interoperable legal applications. The platform’s APIs follow established RESTful design principles to ensure they are easy to use, consistent, and scalable.
Design principles
Section titled “Design principles”Resource naming
Section titled “Resource naming”Collection URIs use plural nouns (e.g. /lawyers, /cases); individual resources use a singular path with an identifier (e.g. /lawyers/5). Verbs are avoided in URIs because the HTTP method (GET, POST, PUT, DELETE) already implies the action.
Simple relationships
Section titled “Simple relationships”URI relationships are kept simple (e.g. collection/item/collection), avoiding overly deep nested paths to preserve flexibility and ease of maintenance. Related resources are linked within the response body using HATEOAS principles.
Data formats
Section titled “Data formats”JSON is the primary exchange format — lightweight, flexible, human-readable, and widely supported across channels.
Pagination and filtering
Section titled “Pagination and filtering”Endpoints provide pagination, filtering, sorting, and search so clients are never overwhelmed by large datasets and bandwidth is used efficiently.
Versioning
Section titled “Versioning”API versioning manages new features, changes, and bug fixes without breaking existing integrations. Breaking changes are clearly documented.
Security
Section titled “Security”All endpoints and resources are secured with SSL/TLS encryption to protect data in transit, and rate limits are enforced to prevent abuse and attacks.
The platform service surface
Section titled “The platform service surface”The platform exposes secure APIs across the core domains a legal application needs:
| API domain | What it enables |
|---|---|
| Document management | Store, retrieve, and process legal documents |
| Workflow orchestration | Define and trigger multi-step automated workflows |
| Billing systems | Synchronize billing and time/matter data |
| Identity management | Manage users, roles, and tenants |
| Authentication | Secure, scoped access to platform resources |
| AI services | Computer vision, NLP, extraction, and intent capabilities |
| Data synchronization | Keep desktop, cloud, and third-party data consistent |
This surface lets developers compose interoperable applications quickly — building on shared platform capabilities rather than reimplementing document handling, identity, billing, or AI from scratch.
flowchart TB
CLIENT["Developer application"]
CLIENT -->|"scoped credentials"| TLS["TLS / SSL + authentication"]
TLS --> RL["Rate limiting"]
RL --> ROUTE{"API domain"}
ROUTE --> D1["Document management"]
ROUTE --> D2["Workflow orchestration"]
ROUTE --> D3["Billing systems"]
ROUTE --> D4["Identity management"]
ROUTE --> D5["AI services<br/>CV · NLP · extraction · intent"]
ROUTE --> D6["Data synchronization"]
D1 --> RESP["JSON response<br/>pagination · filtering · HATEOAS links"]
D2 --> RESP
D3 --> RESP
D4 --> RESP
D5 --> RESP
D6 --> RESP
RESP --> CLIENT
Every request passes through TLS authentication and rate limiting before routing to one of the platform’s service domains, and returns a consistent, paginated JSON response.
Secured access
Section titled “Secured access”API access is granted through scoped credentials managed in the Developer Sandbox and the Developer Portal. Combined with TLS, rate limiting, and the platform’s security architecture, the API layer enforces least-privilege access for every integration.