{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"7d99e31d-1c75-475b-a570-e73c60c236bd","name":"! API - Public Documentation","description":"`Documentation Updated on 27.3.2026 13:00`\n\n# Disclaimer\n\n**Note:** The CSI API is currently in **beta**. It is already available for building integrations, but some functionality and documentation may still evolve as we continue to improve the experience.\n\nAt this stage, the **CSI API does not support custom fields**.\n\n# Prerequisites\n\n- CSI Lawyer/Lakimies/Professional **12.1 June 2025 version**\n    \n\n# Introduction\n\nThe CSI Lawyer API provides a programmatic interface to access and interact with data within the CSI Lawyer platform. This documentation outlines the API endpoints, request methods, parameters, and response formats. The API follows the OpenAPI 3.1 standard.\n\nOur collection will help you get started with CSI Lawyer’s APIs using Postman.\n\n# Before You Begin\n\nWe frequently **update** our Postman collection with the latest APIs. To stay up-to-date, fork the CSI Lawyer REST APIs collection and choose to watch it. You will receive notifications whenever the collection is updated, allowing you to pull the changes and maintain the latest version. Note:\n\n- The API has rate and usage limits.\n    \n- The API only responds to HTTPS-secured communications. HTTP requests return an HTTP 301 redirect to the corresponding HTTPS resources.\n    \n- The API returns responses in JSON format. Errors are also returned in JSON.\n    \n\n# Versioning\n\nCSI Lawyer API supports versioning using a version suffix in the endpoint URL: vXX, where XX is the version number.\n\n```\nhttps://customer.csihelsinki.app/api/v1/health\n\n ```\n\n# Authentication & Authorization\n\nAll systems must provide vendor and user authentication information to access data using the CSI API.\n\n## 1\\. Vendor Authorization\n\nVendor authorization keys are unique identifiers issued to businesses or organizations to access specific services or resources required by 3rd party vendor applicaiton integrations. These keys ensure only authorized vendors can interact with CSI API.\n\nTo obtain vendor keys, contact CSI support at [help@csihelsinki.fi](https://mailto:help@csihelsinki.fi).\n\nAll API requests require the following headers:\n\n- `csi-vendor-key`: The unique vendor key. This key acts as a token that verifies the identity of the vendor.\n    \n- `csi-vendor-app-key`: A unique key for the vendor app. This key acts as a token that verifies the identity of the vendor application.\n    \n\n``` BASH\ncsi-vendor-key: CSI-VEN-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\ncsi-vendor-app-key: CSI-VEN-APP-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n\n ```\n\n## 2\\. User Authorization\n\nCSI users can authenticate with the system using one of the following methods:\n\n- **API Key**: A unique identifier provided to CSI users to authenticate API requests.\n    \n- **OAuth**: A popular authorization framework that allows users to grant third-party applications access to their data without revealing their credentials.\n    \n\n### API Key\n\nAPI key authentication involves providing a unique identifier, known as an API key, in the request header. This key acts as a token that verifies the identity of the requesting user.\n\n#### Generating an API Key:\n\n1. **Authenticate with OAuth**: Use the OAuth flow to obtain an access token.\n    \n2. **Generate API Key**: Send a POST request to the `/v1/api/api-keys` endpoint, including the OAuth access token in the authorization header.\n    \n3. **Receive API Key**: The API will respond with a newly generated API key.\n    \n\n#### How API Key Works:\n\n1. **Obtain API Key**: Generate a valid API key using the `/v1/api/api-keys` endpoint.\n    \n2. **Include in Request**: Include the API key in the request header (e.g., `csi-api-key: CSI-API-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`).\n    \n3. **Server-Side Validation**: The API server validates the provided API key. If valid, the request is processed; otherwise, it is rejected.\n    \n\n### OAuth\n\nThe CSI Lawyer API uses the OAuth 2.0 protocol for authentication. It enables third-party applications to gain delegated access to protected resources via an API.\n\n#### Why Use OAuth 2.0?\n\n- **Secure Authentication**: Clients do not need to store or manage user passwords.\n    \n- **Delegated Access**: Access is granted only to the specific resources authorized by the user.\n    \n- **Revocable Access**: Users can revoke access at any time.\n    \n- **Time-bound Tokens**: Access tokens expire after a set time, reducing risk in case of a security breach.\n    \n\n#### Authentication Flow Overview\n\n<img src=\"https://content.pstmn.io/e95529ac-d66d-4d7c-9b10-89ee66b0369d/TW9kZXJuIFN0YWNrLUF1dGggRmxvdyAoMikucG5n\">\n\n**1\\. Vendor Access Token**\n\nThe client application initiates the authentication process by requesting a **vendor access token**.\n\n**Endpoint**: `POST /api/v1/auth/vendor-token`\n\n**Input** (JSON):\n\n``` json\n{\n    \"vendorKey\": \"CSI-VEN-70bc5d1edb6941388b3c804c707de123\",\n    \"vendorAppKey\": \"CSI-VEN-APP-b76542b2c34c416c92fe12a1da434123\",\n    \"redirectUrl\": \"https://www.csihelsinki.fi/callback\"\n}\n\n ```\n\n**Output** (JSON):\n\n``` json\n{\n    \"vendorAccessToken\": \"CSI-VEN-TOKEN-39b1a648335e48c1995af065821845e5\"\n}\n\n ```\n\n**2\\. User Authorization Request**\n\nThe client calls the **/authorize** endpoint with the vendor access token to initiate the authorization process.\n\n**Endpoint**: `GET /api/v1/auth/authorize?vendorAccessToken=`\n\n- If the client has provided a `redirectUrl`, the user is redirected to the specified URL with an authorization code as a query parameter.\n    \n- If no `redirectUrl` is defined, the response contains the authorization code in JSON format.\n    \n\n**Output (Redirect to URL)**:  \n`https://www.csihelsinki.fi/callback?authorizationCode=`\n\n**Output (No Redirect)** (JSON):\n\n``` json\n{\n    \"authorizationCode\": \"2oMlsU21Sq0BO8pPJOTljeDjspHklxq-hCPI4PVFHA8JQ\"\n}\n\n ```\n\n**3\\. Token Exchange**\n\nThe client exchanges the authorization code for access and refresh tokens by calling the **/tokens** endpoint.\n\n**Endpoint**: `POST /api/v1/token`  \n**Input** (JSON):\n\n``` json\n{\n    \"vendorKey\": \"CSI-VEN-70bc5d1edb6941388b3c804c707de0f5\",\n    \"vendorAppKey\": \"CSI-VEN-APP-b76542b2c34c416c92fe12a1da43495c\",\n    \"authorizationCode\": \"2oMlsU21Sq0BO8pPJOTljeDjspHklxq-hCPI4PVFHA8JQ\"\n}\n\n ```\n\n**Output** (JSON):\n\n``` json\n{\n    \"accessToken\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjZhejV0UGxmenNZcy1lNmlKZk8xWSJ9...\",\n    \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJhdXRoMHw2NTM1ZjhjMmVlOTh...\",\n    \"expiresIn\": 3600\n}\n\n ```\n\n**4\\. API Resource Access**\n\nThe client uses the **access token** to call other API endpoints to retrieve or modify data. Each request must include the **vendor information** and the **access token** in the headers.\n\n**Headers**:  \n`Authorization: Bearer **\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*`\n\n`CSI-VEN-KEY: CSI-VEN-70bc5d1edb6941388b3c804c707de0f5`\n\n`CSI-VEN-APP-KEY: CSI-VEN-APP-80ac5d1edb6941388b3c804c707de0f5`\n\n**5\\. Token Refresh**\n\nWhen the Access Token expires, the client uses the Refresh Token to obtain a new access token without requiring the user to log in again by calling endpoint `/api/v1/auth/refresh-access-token`.\n\nThis flow ensures secure interaction between the client application and the API while adhering to OAuth 2.0 standards.\n\n### Request and Response Formats\n\nThe CSI Lawyer API primarily uses JSON as the data format for requests and responses. Requests should include the appropriate HTTP headers, such as:\n\n- Content-Type: `application/json`\n    \n- Authorization: `Bearer {access_token}`\n    \n\nResponses will typically contain a JSON object with the requested data and any relevant metadata.\n\n# On Behalf Of\n\nThe \"On Behalf Of\" feature allows a **service account or authorized user** to perform API actions as another user, ensuring that all requests respect the **target user's permissions and data access**. This is a server-side impersonation mechanism that eliminates the need for third-party integrations to manage individual user credentials.\n\n> **Note**: The \"On Behalf Of\" feature must be separately requested from CSI. CSI will review the specific requirements and use cases before activating this feature in a customer's environment. Once activated and enabled for a specific user, that user **must always** send the `CSI-On-Behalf-Of` header for any API calls. \n  \n\n### How It Works\n\nThis feature operates by modifying the **user context** for a specific request.\n\n1. **Authentication**: The API authenticates the caller using their **bearer token** or **api key** in the `Authorization` header.\n    \n2. **Impersonation Header**: The caller includes a `CSI-On-Behalf-Of` header with the `ID` of the target user.\n    \n3. **Permission Check**: The API verifies that the caller has the explicit \"on behalf of\" permission.\n    \n4. **Context Switching**: If the check is successful, the API temporarily switches the active user context to the **target user**.\n    \n5. **Execution**: The request is then processed with the target user's permissions and access rights.\n    \n6. **Auditing**: The original caller's identity is logged for auditing purposes, providing a clear record of who initiated the action.\n    \n\n### Security and Validation\n\nThe feature is built on the **principle of least privilege**, ensuring the caller is only granted the permissions of the target user, not any additional privileges.\n\n- **Header Validation**: The `CSI-On-Behalf-Of` header must contain a valid, active user ID. Invalid IDs will result in a **400 Bad Request** response.\n    \n- **Permission Check**: Attempts to use the feature without the required \"on behalf of\" permission will result in a **403 Forbidden** response.\n    \n- **User Existence Check**: If the target user ID does not exist or is inactive, the API will return a **404 Not Found** response.\n    \n- **Service User Rule**: A service account with \"on behalf of\" permission **must** always provide a target user ID when using this feature. If a calling user wants to make calls on their own behalf, they must explicitly send their own user ID in the `CSI-On-Behalf-Of` header.\n    \n\n#### Example API Call\n\nThis example shows how to use the `CSI-On-Behalf-Of` header to retrieve data for a specific user.\n\n**Request:**\n\nHTTP\n\n```\nGET /api/v1/matters\nAuthorization: Bearer <calling-user-token>\nCSI-On-Behalf-Of: user-1234\n\n ```\n\n**Expected Response:**\n\n- The request will be processed with the permissions of `user-1234`.\n    \n- The response will contain a list of matters accessible **only** by `user-1234`.\n    \n- Both the **calling user** and the **target user** are logged for auditing, but the calling user is recorded as the initiator.\n    \n\n# Error Handling\n\nThe API may return error responses in case of failures. These responses will typically include an HTTP status code and an error message.\n\n# Additional Considerations\n\n- **Rate Limits:** The API have rate limits in place to prevent abuse. The limit is 100 requests per minute. Also, depending on your plan, you may have usage limits. If you exceed either limit, your request will return an HTTP 429 Too Many Requests status code.\n    \n- **Pagination:** For large datasets, the API may return paginated results. Use the provided pagination parameters to fetch additional pages.\n    \n- **Security:** Always handle API credentials securely to protect sensitive data.\n    \n- **Testing:** Utilize the API's testing environment or sandbox to experiment and develop applications without affecting production data.\n    \n\n# Fields, Filters, Relations and Pagination\n\nCSI API provides a powerful and flexible way to apply filtering, sorting, and pagination to API queries. This guide explains how to leverage filters to refine results, retrieve related entity data, and structure complex queries efficiently. With support for various operators and attachable relations, developers can easily customize data retrieval to meet application needs.\n\n## Fields\n\nThe `fields` query parameter allows clients to request only specific fields in the API response. This minimizes payload size and improves performance by avoiding the transfer of unnecessary data.\n\nTo use it, append `?fields=` followed by a comma-separated list of the desired field names.\n\n**Example:**  \n`GET /users?fields=firstNames,lastName,email`\n\nNote:** The `id` and `version` fields are always included in the response, even if not explicitly requested, for every record.\n\n## Filters\n\nThe API supports filtering through query parameters. Below are the key filter parameters:\n\n#### Basic Filtering\n\n- **`filter.{field}`**: Apply filtering to a specific field (equivalent to `$eq`).\n    \n- **`filter.{field}=$eq:value`**: Find records where the field equals a given value.\n    \n- **`filter.{field}=$not:value`**: Find records where the field does not equal a given value.\n    \n\n#### Range and Comparison\n\n- **`filter.{field}=$gt:value`**: Find records where the field is greater than a given value.\n    \n- **`filter.{field}=$gte:value`**: Find records where the field is greater than or equal to a given value.\n    \n- **`filter.{field}=$lt:value`**: Find records where the field is less than a given value.\n    \n- **`filter.{field}=$lte:value`**: Find records where the field is less than or equal to a given value.\n    \n- **`filter.{field}=$btw:value1,value2`**: Find records where the field is between two values.\n    \n\n#### List Filtering\n\n- **`filter.{field}=$in:value1,value2`**: Find records where the field matches one of the given values.\n    \n- **`filter.{field}=$not:$in:value1,value2`**: Find records where the field does not match any of the given values.\n    \n\n#### String and Null Checks\n\n- **`filter.{field}=$ilike:value`**: Find records where the field contains a given value (case-insensitive).\n    \n- **`filter.{field}=$not:$ilike:value`**: Find records where the field does not contain a given value.\n    \n- **`filter.{field}=$sw:value`**: Find records where the field starts with a given value.\n    \n- **`filter.{field}=$null`**: Find records where the field is `NULL`.\n    \n- **`filter.{field}=$not:$null`**: Find records where the field is not `NULL`.\n    \n\n#### JSONB Filtering\n\n- **`filter.{jsonField}.{key}=$eq:value`**: Filter on JSONB columns using dot notation (limited to `$eq`).\n    \n\n#### Array Filtering\n\n- **`filter.{field}=$contains:value`**: Find records where the field is an array and contains a given value.\n    \n- **`filter.{field}=$contains:value1,value2`**: Find records where the field is an array and contains multiple values.\n    \n\n#### Multi-Filters\n\nFilters can be applied to a single column with multiple comparators:\n\n- **`filter.{field}=$gt:value1&filter.{field}=$lt:value2`**: Find records where the field is between two values.\n    \n- **`filter.{field}=$contains:value1&filter.{field}=$or:$contains:value2`**: Find records where an array field contains either value1 or value2.\n    \n- **`filter.{field}=$gt:value1&filter.{field}=$and:$lt:value2&filter.{field}=$or:$eq:value3`**: Complex logical conditions.\n    \n\n## Relations (Parent and child entities)\n\nThe API allows retrieving related entity data using the `relations` parameter. This enables fetching associated records along with the main query results.\n\n#### Retrieving relation with all relation data\n\nTo retrieve all parent fields of related entities, use:\n\n```\nGET /items?relations=businessUnit&relations=userRole\n\n ```\n\nThis will include all fields from the `businessUnit` and `userRole` relations in the response.\n\n#### Retrieving relation with only specific relation field data\n\nTo retrieve only specific fields from related entities, specify the fields using a colon (`:`):\n\n```\nGET /items?relations=businessUnit:name,homeCountry&relations=userRole:name\n\n ```\n\nThis will include only the `name` field from both `businessUnit` and `userRole` relations.\n\n## Example Usage\n\n#### Exact Match\n\n```\nGET /items?filter.name=Milo\n\n ```\n\nReturns items where `name` is `Milo`.\n\n#### Range Query\n\n```\nGET /items?filter.age=$btw:4,6\n\n ```\n\nReturns items where `age` is between 4 and 6.\n\n#### Multiple Values\n\n```\nGET /items?filter.id=$not:$in:2,5,7\n\n ```\n\nReturns items where `id` is not 2, 5, or 7.\n\n#### String Match\n\n```\nGET /items?filter.summary=$not:$ilike:term\n\n ```\n\nReturns items where `summary` does not contain `term`.\n\n#### JSONB Field\n\n```\nGET /items?filter.metadata.enabled=$eq:true\n\n ```\n\nReturns items where `metadata.enabled` is `true`.\n\n#### Combining Filters\n\nFilters can be combined to refine searches further.\n\n```\nGET /items?filter.status=$eq:active&filter.price=$lt:50\n\n ```\n\nReturns active items with a price less than 50.\n\n#### Filtering Transactions by Status\n\n```\nGET /transactions?filter.status=$in:active,reviewed\n\n ```\n\n## Pagination\n\nFilters work alongside pagination parameters:\n\n- `page`: The page number (default: 1).\n    \n- `limit`: The number of results per page.\n    \n- `sortBy`: Field to sort by (e.g., `createdAt`).\n    \n- `order`: Sorting order (`ASC` or `DESC`).\n    \n\nExample:\n\n```\nGET /items?page=2&limit=10&sortBy=createdAt&order=DESC&filter.status=$eq:active\n\n ```\n\nReturns page 2 of active items sorted by `createdAt` in descending order.\n\n# Extended Fields\n\nThe Extended Fields feature allows clients on the **Enterprise API Plan** to read, create, and update records with extended data attributes. To facilitate dynamic integrations, the API also provides dedicated metadata endpoints that allow developers to retrieve the exact schema, field types, and supported values for these extended fields. This framework provides a unified, flexible mechanism to extend the standard CSI data model without requiring schema changes on the platform side.\n\nExtended Field metadata is backed by server-side caching to ensure fast, consistent responses. When retrieving entity data, API clients can request all extended fields, a specific subset of fields, or expanded relational fields — giving precise control over payload size and response structure.\n\n> **Plan requirement:** Access to Extended Field data or metadata is exclusive to the **Enterprise API plan**. If a request is made using a lower-tier API key, the system will reject the call with a `400 Bad Request` error and the specific exception type: `APIPlanMustBeEnterpriseException`. \n  \n\n## Supported Entities\n\nExtended Fields are supported for the following entities:\n\n- Matter\n    \n- Opportunity\n    \n- Transaction\n    \n- Company\n    \n- Private Person\n    \n- Activity\n    \n- Expense\n    \n- Matter Request\n    \n- Company Identification\n    \n- Private Person Identification\n    \n- Transaction Type\n    \n- Preliminary Invoice\n    \n- Matter Party\n    \n\n## Metadata Endpoints\n\nExtended Field definitions are exposed through metadata endpoints at both the global and entity level. Because extended fields are defined by the customers, you must use these endpoints to discover the specific `fieldName` keys and types available in your environment.\n\n### Universal metadata endpoint\n\nReturns metadata for all Extended Fields across all supported entities.\n\n```\nGET /api/v1/metadata/extended-fields\n\n ```\n\n### Entity-level metadata endpoints\n\nEach supported entity exposes its own metadata endpoint. Replace `{entity}` with the entity's path segment (e.g., `companies`, `matters`).\n\n```\nGET /api/v1/{entity}/metadata/extended-fields\n\n ```\n\n### Understanding Metadata Structure and Types\n\nMetadata responses include the field type and, where applicable, the set of allowed values for each Extended Field. When writing data, values must match the `extendedFieldType` defined in the metadata.\n\n| Field Type | Data Format Example | Description |\n| --- | --- | --- |\n| `string` | `\"Sample Text\"` | Standard text string. |\n| `decimal` | `150.50` | Numeric value. |\n| `date` | `\"2026-03-25T00:00:00Z\"` | ISO 8601 formatted date/time. |\n| `lookup` | `\"UUID-STRING\"` | A single ID chosen from the metadata's `propertyValues`. |\n| `multiselect` | `[\"ID-1\", \"ID-2\"]` | An array of IDs chosen from the metadata's `propertyValues`. |\n| `parentrelation` | `\"UUID-STRING\"` | The ID of a related system entity (e.g., a User). |\n| `richtext` | `\"...\"` | HTML formatted string. |\n| `texttemplate` | `{\"id\": \"UUID\", \"text\": \"...\"}` | A specific template object defined in metadata. |\n\n## Retrieving Extended Fields\n\nUse the `extendedFields` query parameter to control which Extended Fields are included in a response. By default, Extended Fields are not returned unless explicitly requested.\n\n| Syntax | Description |\n| --- | --- |\n| `?extendedFields=all` | Returns all Extended Fields defined for the entity |\n| `?extendedFields=field1,field2` | Returns only the specified fields |\n| `?extendedFields=field1:expand` | Expands a relation-type field into its full object representation |\n| `?extendedFields=field1:firstName,lastName` | Returns specific sub-fields of a relation-type field |\n\n### Examples\n\nRequest all extended fields for a company:\n\n```\nGET /api/v1/companies/{id}?extendedFields=all\n\n ```\n\nRequest two specific fields:\n\n```\nGET /api/v1/companies/{id}?extendedFields=address,region\n\n ```\n\nExpand a relation-type field:\n\n```\nGET /api/v1/companies/{id}?extendedFields=primaryContact:expand\n\n ```\n\n## Writing Extended Fields\n\nExtended Field values are submitted as a flat `extendedFields` object in the request body, alongside standard entity fields.\n\n### Creating an entity with Extended Fields\n\nInclude `extendedFields` in the `POST` request body. Any Extended Field key not provided will be left empty.\n\n**Request body**\n\n``` json\n{\n  \"name\": \"CSI Helsinki Oy\",\n  \"homeCountry\": \"FI\",\n  \"responsibleUserId\": \"3DE35320-9E95-429C-AC0E-E1EFD81D3A8C\",\n  \"extendedFields\": {\n    \"address\": \"Mega Road 23\"\n  }\n}\n\n ```\n\n**cURL example**\n\n``` bash\ncurl --location --request POST 'https://{tenant}.csihelsinki.app/api/v1/companies' \\\n  --header 'Content-Type: application/json' \\\n  --data '{\n    \"name\": \"CSI Helsinki Oy\",\n    \"homeCountry\": \"FI\",\n    \"responsibleUserId\": \"3DE35320-9E95-429C-AC0E-E1EFD81D3A8C\",\n    \"extendedFields\": {\n      \"address\": \"Mega Road 23\"\n    }\n  }'\n\n ```\n\n### Updating Extended Fields\n\nTo update one or more Extended Field values on an existing entity, include `extendedFields` in the `PATCH` request body. Only the fields provided will be updated; all other Extended Fields remain unchanged.\n\nThe `version` field is required for all PATCH requests to ensure safe concurrent updates.\n\n**Request body**\n\n``` json\n{\n  \"version\": \"3DE35320-9E95-429C-AC0E-E1EFD81D3A8C\",\n  \"extendedFields\": {\n    \"address\": \"Moonwalk 345\"\n  }\n}\n\n ```\n\n**cURL example**\n\n``` bash\ncurl --location --request PATCH 'https://{tenant}.csihelsinki.app/api/v1/companies/{id}' \\\n  --header 'Content-Type: application/json' \\\n  --data '{\n    \"version\": \"3DE35320-9E95-429C-AC0E-E1EFD81D3A8C\",\n    \"extendedFields\": {\n      \"address\": \"Moonwalk 345\"\n    }\n  }'\n\n ```\n\n## Validation\n\nAll Extended Field values submitted in POST and PATCH requests are validated individually before the operation is committed. The API enforces the following rules:\n\n- **Supported field types only** — values must match the field's defined type (e.g., string, decimal, date, relation).\n    \n- **Allowed values** — fields with a restricted set of values (e.g., lookup or multiselect lists) only accept valid ID values from that defined set.\n    \n- **Correct format** — values must conform to the expected format for their type (e.g., ISO 8601 for date fields).\n    \n\nIf any Extended Field value fails validation, the entire request is rejected and a descriptive validation error is returned. No partial writes are performed.\n\n## Limitations\n\nThe following features are not available in the current release:\n\n- `SQLFunctionField` field type\n    \n- Classification inheritance for relation-type fields\n    \n\nThese may be introduced in a future release.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"17364379","team":2449234,"collectionId":"7d99e31d-1c75-475b-a570-e73c60c236bd","publishedId":"2sB3HeviwT","public":true,"publicUrl":"https://apidocs.csihelsinki.app","privateUrl":"https://go.postman.co/documentation/17364379-7d99e31d-1c75-475b-a570-e73c60c236bd","customColor":{"top-bar":"FFFFFF","right-sidebar":"3b3b3b","highlight":"0090a6"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":"CSI API"}],"appearance":{"default":"light","themes":[{"name":"dark","logo":"https://content.pstmn.io/325852d0-64a4-433b-9c01-49985a21210e/Y3NpLWxvZ28td2hpdGUucG5n","colors":{"top-bar":"212121","right-sidebar":"3b3b3b","highlight":"0090a6"}},{"name":"light","logo":"https://content.pstmn.io/dd2eb125-a632-47db-82a8-1e926eb3f355/Y3NpLWxvZ28tYmxhY2sucG5n","colors":{"top-bar":"FFFFFF","right-sidebar":"3b3b3b","highlight":"0090a6"}}]}},"version":"8.10.1","publishDate":"2025-08-26T12:32:34.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"CSI API","description":""},"logos":{"logoLight":"https://content.pstmn.io/dd2eb125-a632-47db-82a8-1e926eb3f355/Y3NpLWxvZ28tYmxhY2sucG5n","logoDark":"https://content.pstmn.io/325852d0-64a4-433b-9c01-49985a21210e/Y3NpLWxvZ28td2hpdGUucG5n"}},"statusCode":200},"environments":[{"name":"Local","id":"ff6b713a-06c0-4e72-bd7b-4615860c9cf2","owner":"14932438","values":[{"key":"BearerToken","value":"","enabled":true,"type":"default"},{"key":"UserEmail","value":"admintester@csihelsinki.fi","enabled":true,"type":"default"},{"key":"APIBaseUrl","value":"https://customer.csihelsinki.app","enabled":true,"type":"default"},{"key":"APIVersionV1","value":"/api/v1","enabled":true,"type":"any"},{"key":"VendorKey","value":"CSI-VEN-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","enabled":true,"type":"default"},{"key":"VendorAppKey","value":"CSI-VEN-APP-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","enabled":true,"type":"default"},{"key":"randomActivitySubject","value":"","enabled":true,"type":"any"},{"key":"randomCompanies","value":"","enabled":true,"type":"any"},{"key":"randomMatter","value":"","enabled":true,"type":"any"},{"key":"randomBusinessUnit","value":"","enabled":true,"type":"any"},{"key":"randomFirstName","value":"","enabled":true,"type":"any"},{"key":"randomLastName","value":"","enabled":true,"type":"any"},{"key":"randomBlacklistReason","value":"","enabled":true,"type":"any"},{"key":"randomRemovalCondition","value":"","enabled":true,"type":"any"},{"key":"randomMatterType","value":"","enabled":true,"type":"any"},{"key":"randomConflictCheckDescription","value":"","enabled":true,"type":"any"},{"key":"randomLegalTransactionType","value":"","enabled":true,"type":"any"},{"key":"randomLegalTransactionSubject","value":"","enabled":true,"type":"any"},{"key":"randomExpenseType","value":"","enabled":true,"type":"any"},{"key":"randomWorkTimeSubject","value":"","enabled":true,"type":"any"},{"key":"randomNoteText","value":"","enabled":true,"type":"any"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/1d1045e8a41e8aa617cc51a7b312f22813da16bd2c5f3d61932648112160382a","favicon":"https://csihelsinki.app/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Local","value":"14932438-ff6b713a-06c0-4e72-bd7b-4615860c9cf2"}],"canonicalUrl":"https://apidocs.csihelsinki.app/view/metadata/2sB3HeviwT"}