Closing Rooms API: create, attach orders, and rotate links
Create Verified Closing Rooms, attach orders by public code, rotate bearer links, and read the live room view with progress, evidence badges, and activity.
A Verified Closing Room is one shareable page per transaction that bundles the deal’s orders — documents, signers, notarization, shipping — with live status and verifiable evidence links. You create the room with your partner key, attach the orders whose public codes you hold, and hand every party the same link. Statuses are read live from the order records on every view, never replayed from events.
The room link is a bearer credential. One link grants deal-wide
visibility: every attached document’s status, masked signer progress,
evidence badges, tracking, and drill-down into each order page. Share it
with the parties to the deal and no one else; never post or embed it
anywhere public. If a link leaks, rotate it — the
old link stops working immediately.
All partner routes below require your key (Authorization: Bearer sss_pk_...) and share the partner-write limit of 60 requests per minute per key. The public room view is rate limited at 30 requests per minute per IP. See authentication.
{ "roomCode": "3f1c9a7e5b2d8c4a6e0f9b1d3a5c7e9f2b4d6a8c", "roomUrl": "/rooms/3f1c9a7e5b2d8c4a6e0f9b1d3a5c7e9f2b4d6a8c", "name": "1428 Maple St — Refinance", "reference": "TC-88412", "status": "open", "createdAt": "2026-07-12T18:04:11+00:00"}
Errors: 400 with {"error": "A room name (1–200 chars) is required."} for a missing or oversized name, or a quota message such as "Active-room quota reached (5 open rooms on the None tier). Close a room or upgrade your plan to create more."
POST /api/rooms/{roomCode}/ordersAttach authorization is possession of the order’s public code: a partner who holds the code may bind that order to their room. Attaching is idempotent — re-attaching an already attached order succeeds with alreadyAttached: true. A room holds at most 50 orders.
true when the order was already in the room (the call is a no-op).
Errors: 400{"error": "A valid orderCode is required."} (bad length), 400{"error": "A room holds at most 50 orders."}, 404{"error": "Room not found."} or {"error": "Order not found."} — unknown codes read as a generic not-found.
POST /api/rooms/{roomCode}/rotateReissues the room’s bearer code. Every previously shared room link dies instantly — this is the mitigation for a leaked or over-shared link. The public view is served with Cache-Control: no-store, so a rotated code dies at every cache layer too.
GET /api/rooms/{roomCode}Public read by possession of the room code — no API key, no account. This is the same live JSON the room page at /rooms/{roomCode} renders, for your own systems. Codes outside the 24–64 character gate and unknown codes both return an empty 404. Responses are Cache-Control: no-store.Statuses are database truth read at request time. Evidence badges never claim more than the record holds.
The partner’s public branding, or null when none is set. Rendered as
attribution (“Presented by …”) beside the permanent SignSealShip mark —
never replacing it.
The order’s raw platform status (for example "EsignPending",
"NotarizationComplete", "Delivered"). This vocabulary can grow —
build logic on statusGroup instead.
Stable coarse grouping: signing, signed, notarizing, notarized,
shipping, shipped, delivered, complete, attention, or open.
Statuses the room does not understand map to open, never to a complete
state.
Locked vocabulary. sealed — a cryptographically verifiable artifact
hash is on record. recorded — platform attestation only; a milestone
happened but no independent artifact exists. none — no evidence yet,
stated explicitly.
Present only when the badge is sealed and the envelope’s verify code
exists — it links to public seal verification at /v/{verifyCode}. A
sealed envelope whose verify code has not been generated yet returns
sealed with verifyCode: null; verification is then available through
the drop portal at /verify.
Merged timeline across all attached orders — up to 100 items, newest first,
derived from an explicit allowlist of audit actions: order.created,
order.transition, order.claimed, order.cancelled,
signing_link.issued, room.order_attached. No recipient identifiers or
actor details are ever included.
The room’s latest Closing Passport, or null until one is sealed. This is
only a pointer — verification always goes through the
public verify surface, which recomputes the
chain.