Get legal documents
curl --request GET \
--url https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal \
--header 'Authorization: Bearer <token>'import requests
url = "https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer <token>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"success": true,
"data": {
"documents": {
"provider": "bankingcircle",
"documentSetVersion": "1.0.0",
"lastUpdated": "2026-02-05",
"docs": [
{
"id": "privacy_policy",
"name": "Privacy Policy",
"location": "/pdf/Privacy_Policy_Orenda_TPML.pdf",
"version": "1",
"hash": "sha256:e5f6a7b8c9d0",
"required": true,
"applicableTo": [
"consumer",
"business"
],
"effectiveDate": "2026-02-05"
}
]
},
"currentAcceptance": null,
"accountType": "consumer"
}
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "isCompany is required"
}{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}{
"success": false,
"code": "RESOURCE_NOT_FOUND",
"message": "Application not found"
}{
"success": false,
"code": "WEB_TOKEN_PROVIDER_MISMATCH",
"message": "Sumsub is not the active provider for this application"
}{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}Onboarding
Get legal documents
Returns the current legal-document set for the application program, filtered by account type (consumer or business), plus any current stored acceptance. If the optional documentKey query parameter is supplied, the handler returns 422 because provider-specific signed URL lookup is not supported here.
GET
/
v1
/
applications
/
{applicationId}
/
documents
/
legal
Get legal documents
curl --request GET \
--url https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal \
--header 'Authorization: Bearer <token>'import requests
url = "https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer <token>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.next.orenda.finance/v1/applications/{applicationId}/documents/legal")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"success": true,
"data": {
"documents": {
"provider": "bankingcircle",
"documentSetVersion": "1.0.0",
"lastUpdated": "2026-02-05",
"docs": [
{
"id": "privacy_policy",
"name": "Privacy Policy",
"location": "/pdf/Privacy_Policy_Orenda_TPML.pdf",
"version": "1",
"hash": "sha256:e5f6a7b8c9d0",
"required": true,
"applicableTo": [
"consumer",
"business"
],
"effectiveDate": "2026-02-05"
}
]
},
"currentAcceptance": null,
"accountType": "consumer"
}
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "isCompany is required"
}{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}{
"success": false,
"code": "RESOURCE_NOT_FOUND",
"message": "Application not found"
}{
"success": false,
"code": "WEB_TOKEN_PROVIDER_MISMATCH",
"message": "Sumsub is not the active provider for this application"
}{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}Authorizations
The user's access_token from authentication. The program and environment (sandbox/prod) are read from the token.
Path Parameters
The application id from create / get.
Query Parameters
Unsupported. Omit this parameter; if present the API returns 422.
⌘I