AXDRAFT

1360 Post Oak Blvd., Suite 2200

Houston, TX 77056, USA

Generation API Integration - AXDRAFT

July 29, 2022

Disclaimer
The information contained in this document is confidential, privileged and only for the
information of the intended recipient and may not be used, published or redistributed without
the prior written consent of AXDRAFT.

Summary
The goal of this document is to describe the process of integrating AXDRAFT with the an
existing CRM/ERP customer system (CS).

The idea is to start preparing the document in the system and later transfer the data to
AXDRAFT via an API call. The user can then finish drafting the document inside AXDRAFT.

Integration scenario
Integration is split into two parts:

●​ Start of interview the process in CS;

●​ Finalization, download and, possibly, signing the document in AXDRAFT.

The preparation of the document begins in the CS where the user follows the questions
presented by the software and the software records the response.

When all responses are collected, a button “Finish in AXDRAFT” is pressed.

With this button an API request to AXDRAFT is performed and the user is redirected to the
resulting URL (inside AXDRAFT).

Inside AXDRAFT, user is presented with the possibility to review, finalize and download the
finished document as well as a possibility to electronically sign the document.

The API request specification can be viewed in the table below:

 AXDRAFT
1360 Post Oak Blvd., Suite 2200
Houston, TX 77056, USA

Method POST

URL https://api.axdraft.com/api/customers/process-draft

Parameters token Authentication token

documendId ID of the document being prepared

documentName Name of the document being prepared

answers An array of answers from CS in the

format of key-value pairs.

[
{
question:“Q1”,
answer: “A1”
},
{
question:“Q2”,
answer: “A2”
}
]

email(optional) Email of the user preparing the

document

Response redirectUrl CS has to redirect user to this URL in

order to finish preparing the document
in AXDRAFT

Example: “Supply Agreement”

Inside every AXDRAFT document there are two stages: selects (variations of clauses inside the
contract) and variables (unique data about the contract).

In this integration we expect CS to pass variables and selects which are mostly free text format
with validation.

For this stage we suggest passing the data from CS to AXDRAFT, API will process the data and
after will redirect the user to continue the document in AXDRAFT (with sign-in, if needed).

Such integration would allow to keep the sensitive data inside CS and simultaneously allow for
extended features of AXDRAFT to be engaged: e-sign, sending data to the counterparty and
sending the finished document via email.
 AXDRAFT
1360 Post Oak Blvd., Suite 2200
Houston, TX 77056, USA

In such a scenario, AXDRAFT’s API will receive a range of variables from CS:

[
{
Question: "Eneter_company_code",
answer: “4712869821”
},
{
question:"Enter_supplier_name",
answer: “ACME, Inc.”
},
...,
{
question:"Enter_street_name",
answer: “1 Green street”
}
]
Figure 1: Example of POST data

Having those variables in place would allow AXDRAFT to pre-fill the document with necessary
data without saving the sensitive data.

API Authentication
We suggest to use a long-term token in order to authenticate to our API. The “life” of the token
used can be custom but we suggest to use a token, which is valid for 4 months.

This token will be stored on the customer’s side and used with every request to our API.

Additionally, IP-filtration can be implemented for an added layer of security.

Secure Protocols
AXDRAFT uses two separate HTTPS certificates for API and frontend (no wildcards) both using
256 bit encryption.

The connection to our site is encrypted and authenticated using a strong protocol (TLS 1.2), a
strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

If these certificates are not compliant with the requirements - an EV certificate can be
implemented.

The certificates are short-term and are renewed every some time automatically. Upon every
renewal the challenges to prove ownership of the domain have to be passed again and if one
 AXDRAFT
1360 Post Oak Blvd., Suite 2200
Houston, TX 77056, USA

of them fails - the certificate is not renewed, which invalidates the domain name. In such a case
the user would be notified via a warning upon visiting AXDRAFT.

Our HTTPS certificates support TLS 1.2

AXDRAFT cannot be accessed via HTTP and the API server only accepts HTTPS connections.

We also use Cross Origin Access Request Control, so server communication is only possible
from the trusted domains.