API ReferenceDocuments

Post Api Documents Presigned Url

Authentication

AuthorizationBearer
Bearer token in the `Authorization` header. Integrators send an API key; the SpreadSpace dashboard sends a WorkOS JWT. The key prefix selects the mode against the same base URL: `ss_live_…` operates on live workspace data, while `ss_test_…` routes to the isolated developer sandbox tenant (test mode) where uploads return canned $0 sample extractions. See the "Testing (test mode)" section of the API description for details. Example: `Authorization: Bearer ss_live_…`.

Headers

SpreadSpace-VersionstringOptionalformat: "^\d{4}-\d{2}-\d{2}$"

Date-stamped API surface version. Optional; sending no header (and having no per-key pin) resolves to the latest supported version 2026-05-03. Supported versions: 2026-05-03. Future breaking changes ship under new date stamps; existing callers keep the version they pinned.

Request

This endpoint expects an object.
file_namestringRequired<=255 characters
content_typestringRequired<=100 characters
file_sizelong or nullOptional1-104857600
borrower_idstring or nullOptional<=24 characters
loan_idstring or nullOptional<=24 characters
content_hashstring or nullOptionalformat: "^[a-fA-F0-9]{64}$"<=64 characters

Response headers

X-Request-IDstring

Stripe-style per-request correlation ID. Echoed from the inbound X-Request-ID header when the client provides one, otherwise minted server-side as req_<24 hex chars>. Quote in support tickets so we can find the request’s logs.

SpreadSpace-Versionstring

The API surface version the server resolved for this request. Always present, regardless of whether the client supplied the request-side SpreadSpace-Version header. Default: 2026-05-03.

Response

OK

Errors

400
Bad Request Error
401
Unauthorized Error
402
Payment Required Error
403
Forbidden Error
404
Not Found Error
429
Too Many Requests Error
500
Internal Server Error