REST API · White label

Your software creates sensitive documents. Our API delivers them — with proof

Pay stubs, tax slips, statements, official notices: your users need to get them to specific people, confidentially. The doclinc API adds secure delivery to your product in a few REST calls — and the recipient never creates an account.

Each document goes out as an encrypted link. The recipient verifies their identity — one-time SMS code, voice call or secret question — every time the link is opened. Your product gains proof of delivery, a full audit trail and Canadian data residency, without building any of it.

Let's talk about your integrationTechnical documentation

doclinc REST API
# 1 · sign a one-time JWT (HS256)
Authorization: Bearer eyJhbGci…

# 2 · create the transaction
POST /transactions/cells
→ { uploadUrl, banner, commands }

# 3 · upload the document
PUT {uploadUrl}

# 4 · confirm — link goes out
POST /transactions/{id}
→ delivered · identity verified · proof logged
The status quo

The problem you no longer have to solve

Plain email exposes personal information.

A forwarded attachment is gone forever — and Law 25 holds your clients responsible.

Homegrown portals don't get adopted.

"Create an account to download your document" is the #1 cause of end-user drop-off.

Building secure delivery yourself is a project.

Encryption, multi-method 2FA, audit trails, retention rules, compliant hosting — months of work that isn't your product.

No proof of receipt.

Without authenticated delivery, your clients can't show who opened what, or when.

Capabilities

What the API gives your product

No-account delivery.

The recipient clicks, verifies, accesses. No sign-up, no password to reset — adoption stops being your problem.

Identity verified on every access.

SMS, voice call or secret question, every single time. A forwarded or leaked link is useless to anyone else.

Defensible proof of delivery.

Timestamped, authenticated, fully audit-trailed.

Batch-ready.

Distribute thousands of documents per run — payroll cycles, year-end slips, annual notices.

White label.

The recipient experience carries your brand, or your end client's — configured and maintained by doclinc.

Compliance built in.

AES-256 encryption, Canadian hosting (AWS ca-central-1), automatic expiration and purge. Built for Law 25 and PIPEDA.

Use cases

Built for the software your clients already run

Payroll & HR platforms

Deliver pay stubs, T4 and RL-1 slips to employees — including former employees and deskless workers your portal never reaches. Under CRA rules, delivery through a secure portal doesn't require the written consent that plain email does.

Property management software

Send RL-31 slips, renewal notices and leases to tenants with proof of transmission — without betting your feature on tenant-portal adoption.

Transportation & logistics systems

Pay statements and HR documents delivered straight to drivers' phones, SMS-authenticated, with nothing to install.

Integration

Build it — or ship it this quarter

The integration follows a simple flow: token, create transaction, upload, confirm.

01

Token

Sign a one-time JWT.

HS256 · tenantId
02

Create transaction

Recipient + 2FA method.

POST /transactions/cells
03

Upload

Attach the documents.

PUT {uploadUrl}
04

Confirm

The secure link goes out.

POST /transactions/{id}
 Build it yourselfIntegrate doclinc
Time to marketMonths of engineeringA 4-step REST flow — days
Recipient authenticationDesign and build 2FASMS, voice and secret question included
Proof of deliveryDesign your own audit modelFull audit trail included
Law 25 / PIPEDA safeguardsDocument and defend themEncryption, residency, purge — built in
Your roadmapOn holdIntact

Your software keeps full control of the email — or lets doclinc notify. See the technical documentation.

FAQ

Frequently asked questions

Does the recipient need an account?

No — never. The recipient verifies their identity by SMS code, voice call or secret question, on every access. No portal, no password.

Where is the data hosted?

In Canada, on AWS infrastructure (ca-central-1), encrypted with AES-256, with automatic expiration and purge.

Is it compliant with Law 25?

The API applies the safeguards Quebec's Law 25 expects when transmitting personal information: encryption, recipient authentication, audit logging and retention limits.

Which languages can we integrate from?

It's a REST API — any language that speaks HTTPS: Node, Python, Java, PHP, C#/.NET and more.

How do we get access?

API access is opened on request. Tell us about your use case and volumes, and we'll set up your environment with you — including white label if you need it.

Does doclinc send the emails?

Your choice. In self-send mode your software keeps full control of sender, subject and message, and embeds the secure banner doclinc provides. In auto-send mode, doclinc notifies the recipient for you.

Your next differentiator is a few REST calls away

Secure, authenticated document delivery — hosted in Canada, under your brand.

Let's talk about your integrationTechnical documentation