Skip to main content

What is a tenant?

A tenant is a customer organization in Alforse. Contracts, payments, files, roles, and audit events are scoped to the tenant you sign into. See Tenants & Data Boundaries.

How do I get access to Alforse?

Your Alforse contact will provide onboarding instructions, or you can redeem a code at deals.alforse.com/redeem. There is no open self-service sign-up in production. See Quickstart.

Which plan do I need to use the API directly?

business and above. free and team are user-interface only. See Plans & Editions.

What authentication methods are supported?

Password + TOTP authenticator (required for tenant admins), an emailed backup code as a fallback factor, WebAuthn passkeys, and SSO via Google, LinkedIn, Slack, DingTalk, or Lark when your tenant has a provider configured. Check GET /auth/sso/providers for which are enabled for you. See Authentication.

I lost access to my authenticator app. How do I log in?

Request an emailed backup code instead of your TOTP code: POST /auth/login/mfa/email, then submit it as emailCode on POST /auth/login in place of mfaCode.

Do I have to pass a Turnstile token to call auth endpoints directly?

Yes, when Turnstile is enabled for your environment (it is in production) — register, redeem, login, password reset, and invitation-accept all verify a turnstileToken. See Configuration.

Are write requests retried automatically?

No. Alforse does not automatically retry write (POST/PATCH/DELETE) requests, so retrying one yourself can create a duplicate action if the original actually succeeded server-side — check the resource’s current state before retrying a write that timed out. Idempotent GET requests are safe to retry.

Is there a rate limit?

Yes — sensitive endpoints (including auth) are rate-limited per the RateLimitGuard. Exceeding it returns 429 Too Many Requests.

Are contract originals or OCR text used to train AI models, or sent to third parties?

No. Contract originals and OCR full text are treated as highly confidential: they are not sent to external AI providers, not returned in default API responses, and not written to logs. See Contract Intake.

Can I export my data?

Yes — GET /contracts/export and POST /contracts/export produce CSV, gated by the export module permission. Advanced audit export is part of the business plan and above.

Self-hosting

Can I run Alforse on my own infrastructure?

Yes, if your organization has the self_hosted plan and an enterprise self-hosted license. See Installation for the deployment sequence. The SaaS .env.example is not a drop-in production template; self-hosted deployments need an environment review with your Alforse implementation contact.

Where can I find error codes?

See Errors & Codes. It lists HTTP status codes, stable business error.code values, and recommended handling.

Where do I report a documentation gap or product bug?

Ask your Alforse contact or your organization’s Alforse administrator.