Recipients
A recipient is any party authorized to retrieve artifacts from a dock. Recipients range from individual policyholders to institutional mortgage lenders — each with tailored authentication and access patterns.
Stakeholder Personas
Docyard’s access model is built around four primary stakeholder types, each with distinct identification, authentication, and retrieval patterns:
Mortgagee (Institutional)
Mortgage lenders and servicers who need bulk access to declaration pages and certificates of insurance.
Insurance
Real Estate
Healthcare
Financial Services
| Property | Value |
|---|
| Identifiers | Lender ID + policy number |
| Authentication | Shared passphrase + mutual TLS certificate |
| Access method | Bulk API (thousands of documents per job) |
| Typical artifacts | Declaration pages, COIs, endorsements |
{
"name": "First National Bank",
"email": "[email protected]",
"stakeholderClass": "mortgagee",
"identifiers": {
"lender_id": "LND-4821",
"policy_number": "POL-2025-88401"
}
}
| Property | Value |
|---|
| Identifiers | Lender ID + file number |
| Authentication | Shared passphrase + mutual TLS certificate |
| Access method | Bulk API (thousands of documents per job) |
| Typical artifacts | Title policies, closing disclosures, deeds |
{
"name": "Pacific West Mortgage",
"email": "[email protected]",
"stakeholderClass": "mortgagee",
"identifiers": {
"lender_id": "PWM-2200",
"file_number": "FILE-2025-10042"
}
}
| Property | Value |
|---|
| Identifiers | Payer ID + member ID |
| Authentication | Shared passphrase + mutual TLS certificate |
| Access method | Bulk API (thousands of documents per job) |
| Typical artifacts | EOBs, claims summaries, provider remittances |
{
"name": "Anthem Blue Cross",
"email": "[email protected]",
"stakeholderClass": "mortgagee",
"identifiers": {
"payer_id": "ANTHEM-00112",
"member_id": "MBR-2025-44210"
}
}
| Property | Value |
|---|
| Identifiers | Investor ID + loan number |
| Authentication | Shared passphrase + mutual TLS certificate |
| Access method | Bulk API (thousands of documents per job) |
| Typical artifacts | Loan packages, appraisals, title commitments |
{
"name": "Vanguard Warehouse Lending",
"email": "[email protected]",
"stakeholderClass": "mortgagee",
"identifiers": {
"investor_id": "VWL-5500",
"loan_number": "LN-2025-78300"
}
}
Agent (Agency)
Insurance agents and agency staff who access client documents through the portal or bulk download.
Insurance
Real Estate
Healthcare
Financial Services
| Property | Value |
|---|
| Identifiers | Agency code + policy number |
| Authentication | WebAuthn challenge (FIDO2 security key or biometric) |
| Access method | Portal (single document) or bulk download |
| Typical artifacts | Dec pages, policy packets, endorsements, renewal notices |
{
"name": "Sarah Chen — Apex Insurance Group",
"email": "[email protected]",
"stakeholderClass": "agent",
"identifiers": {
"agency_code": "AGN-1192",
"policy_number": "POL-2025-88401"
}
}
| Property | Value |
|---|
| Identifiers | Agent license + file number |
| Authentication | WebAuthn challenge (FIDO2 security key or biometric) |
| Access method | Portal (single document) or bulk download |
| Typical artifacts | Title commitments, closing packages, survey documents |
{
"name": "David Park — Pinnacle Title Group",
"email": "[email protected]",
"stakeholderClass": "agent",
"identifiers": {
"agent_license": "TL-CA-88210",
"file_number": "FILE-2025-10042"
}
}
| Property | Value |
|---|
| Identifiers | NPI number + member ID |
| Authentication | WebAuthn challenge (FIDO2 security key or biometric) |
| Access method | Portal (single document) or bulk download |
| Typical artifacts | Referral letters, lab orders, imaging reports |
{
"name": "Dr. Lisa Tran — Westside Cardiology",
"email": "[email protected]",
"stakeholderClass": "agent",
"identifiers": {
"npi_number": "1234567890",
"member_id": "MBR-2025-44210"
}
}
| Property | Value |
|---|
| Identifiers | NMLS ID + loan number |
| Authentication | WebAuthn challenge (FIDO2 security key or biometric) |
| Access method | Portal (single document) or bulk download |
| Typical artifacts | Loan estimates, rate locks, underwriting conditions |
{
"name": "Marcus Johnson — Keystone Mortgage",
"email": "[email protected]",
"stakeholderClass": "agent",
"identifiers": {
"nmls_id": "NMLS-334421",
"loan_number": "LN-2025-78300"
}
}
Policyholder (Individual)
The insured individual retrieving their own policy documents through the self-service portal.
Insurance
Real Estate
Healthcare
Financial Services
| Property | Value |
|---|
| Identifiers | Email or phone + date of birth |
| Authentication | SMS OTP verification |
| Access method | Single document retrieval via portal |
| Typical artifacts | Their own declaration page, ID cards, renewal notices |
{
"name": "James Whitfield",
"email": "[email protected]",
"stakeholderClass": "policyholder",
"identifiers": {
"phone": "+1-860-555-0147",
"date_of_birth": "1983-06-15",
"policy_number": "POL-2025-88401"
}
}
| Property | Value |
|---|
| Identifiers | Email or phone + date of birth |
| Authentication | SMS OTP verification |
| Access method | Single document retrieval via portal |
| Typical artifacts | Their own closing disclosure, deed, title policy |
{
"name": "Maria Espinoza",
"email": "[email protected]",
"stakeholderClass": "policyholder",
"identifiers": {
"phone": "+1-213-555-0198",
"date_of_birth": "1990-08-22",
"file_number": "FILE-2025-10042"
}
}
| Property | Value |
|---|
| Identifiers | Email or phone + date of birth |
| Authentication | SMS OTP verification |
| Access method | Single document retrieval via portal |
| Typical artifacts | Their own EOBs, lab results, discharge summaries |
{
"name": "Robert Kim",
"email": "[email protected]",
"stakeholderClass": "policyholder",
"identifiers": {
"phone": "+1-312-555-0234",
"date_of_birth": "1975-11-03",
"member_id": "MBR-2025-44210"
}
}
| Property | Value |
|---|
| Identifiers | Email or phone + date of birth |
| Authentication | SMS OTP verification |
| Access method | Single document retrieval via portal |
| Typical artifacts | Their own loan estimate, closing disclosure, statements |
{
"name": "Jennifer & Thomas Wright",
"email": "[email protected]",
"stakeholderClass": "policyholder",
"identifiers": {
"phone": "+1-704-555-0312",
"date_of_birth": "1988-03-27",
"loan_number": "LN-2025-78300"
}
}
Auditor (Time-Boxed)
External or internal auditors with temporary, read-only access that automatically expires.
Insurance
Real Estate
Healthcare
Financial Services
| Property | Value |
|---|
| Identifiers | Badge ID + NDA document hash |
| Authentication | Badge ID verification + NDA hash validation |
| Access method | Read-only access within a time-boxed window |
| Typical artifacts | All artifacts in scope, audit logs |
{
"name": "Deloitte — Maria Gonzalez",
"email": "[email protected]",
"stakeholderClass": "auditor",
"identifiers": {
"badge_id": "AUD-DT-2025-0042",
"nda_hash": "sha256:e3b0c44298fc1c14..."
}
}
| Property | Value |
|---|
| Identifiers | Badge ID + NDA document hash |
| Authentication | Badge ID verification + NDA hash validation |
| Access method | Read-only access within a time-boxed window |
| Typical artifacts | All artifacts in scope, audit logs |
{
"name": "KPMG — Nathan Brooks",
"email": "[email protected]",
"stakeholderClass": "auditor",
"identifiers": {
"badge_id": "AUD-KPMG-2025-0119",
"nda_hash": "sha256:b4f9a2c8d1e7f3a0..."
}
}
| Property | Value |
|---|
| Identifiers | Badge ID + NDA document hash |
| Authentication | Badge ID verification + NDA hash validation |
| Access method | Read-only access within a time-boxed window |
| Typical artifacts | All artifacts in scope, audit logs |
{
"name": "HHS OIG — Angela Foster",
"email": "[email protected]",
"stakeholderClass": "auditor",
"identifiers": {
"badge_id": "HHS-OIG-2025-0087",
"nda_hash": "sha256:c7d2e9f1a3b5..."
}
}
| Property | Value |
|---|
| Identifiers | Badge ID + NDA document hash |
| Authentication | Badge ID verification + NDA hash validation |
| Access method | Read-only access within a time-boxed window |
| Typical artifacts | All artifacts in scope, audit logs |
{
"name": "OCC — Sandra Liu",
"email": "[email protected]",
"stakeholderClass": "auditor",
"identifiers": {
"badge_id": "OCC-2025-EX-0204",
"nda_hash": "sha256:a1b2c3d4e5f6..."
}
}
Auditor access is time-boxed by policy. When the access window expires, retrieval is automatically denied — no manual revocation needed. The NDA hash ensures the correct non-disclosure agreement is on file before access is granted.
Identifiers
Recipients carry custom key-value identifiers that link them to external systems. These identifiers are indexed and searchable, enabling policy routing based on external business keys.
Common identifier patterns:
Insurance
Real Estate
Healthcare
Financial Services
| Identifier | Used By | Purpose |
|---|
lender_id | Mortgagee | Links to lender’s internal system |
policy_number | All | Associates recipient with specific policy |
agency_code | Agent | Links to agency management system |
phone | Policyholder | SMS OTP delivery target |
date_of_birth | Policyholder | Identity verification factor |
badge_id | Auditor | Audit firm credential reference |
nda_hash | Auditor | SHA-256 hash of signed NDA document |
| Identifier | Used By | Purpose |
|---|
lender_id | Mortgagee | Links to lender’s internal system |
file_number | All | Associates recipient with specific file |
agent_license | Agent | Links to title agent license |
phone | Policyholder / Buyer | SMS OTP delivery target |
date_of_birth | Policyholder / Buyer | Identity verification factor |
badge_id | Auditor | Audit firm credential reference |
nda_hash | Auditor | SHA-256 hash of signed NDA document |
| Identifier | Used By | Purpose |
|---|
payer_id | Mortgagee / Payer | Links to payer’s internal system |
member_id | All | Associates recipient with specific member |
npi_number | Agent / Provider | Links to provider NPI registry |
phone | Policyholder / Patient | SMS OTP delivery target |
date_of_birth | Policyholder / Patient | Identity verification factor |
badge_id | Auditor | Audit firm credential reference |
nda_hash | Auditor | SHA-256 hash of signed NDA document |
| Identifier | Used By | Purpose |
|---|
investor_id | Mortgagee / Investor | Links to investor’s internal system |
loan_number | All | Associates recipient with specific loan |
nmls_id | Agent / Loan Officer | Links to NMLS registry |
phone | Policyholder / Borrower | SMS OTP delivery target |
date_of_birth | Policyholder / Borrower | Identity verification factor |
badge_id | Auditor | Audit firm credential reference |
nda_hash | Auditor | SHA-256 hash of signed NDA document |
Identifier Resolution
There are two ways identifiers reach the policy engine — both are valid, and which you use depends on the persona and your integration pattern.
Flow A: Pre-populated at registration. Store identifiers when creating the recipient. At access time, the policy engine matches the stored values against the recipe’s match.identifiers. This is the typical pattern for institutional recipients whose identifiers are known upfront:
1. Create recipient with identifiers (lender_id, policy_number)
2. Create policy with match.identifiers: ["lender_id", "policy_number"]
3. Recipient authenticates → policy matches stored identifiers → access granted
name and email (and optionally stakeholderClass). The recipient submits identifiers when accessing documents through the portal or API. The policy engine validates the submitted values against the recipe:
1. Create recipient with name + email only
2. Create policy with match.identifiers: ["email", "date_of_birth", "policy_number"]
3. Recipient accesses portal → submits DOB + policy number → policy validates → access granted
phone (needed for OTP delivery) but let them submit date_of_birth and policy_number when they access the portal. The policy engine merges stored and submitted identifiers before evaluating the recipe.
The identifiers field on a recipient is always optional. The policy’s match.identifiers defines what’s required — not the recipient record. If an identifier is missing from both the stored record and the runtime submission, the policy evaluation fails and access is denied.
Recipient Groups
Organize recipients into groups for bulk policy assignment. When a policy is assigned to a group, every member inherits the access rules:
- Add or remove members without modifying individual policies
- Assign a single policy to hundreds of recipients at once
- Groups can overlap — a recipient can belong to multiple groups
Example groups: mortgagee-partners, agency-network, q1-audit-team.
Docyard Identity
Docyard Identity is a cross-dock credential system. Recipients who verify their identity for one dock can use the same verified identity for other docks — no re-verification needed.
This creates network effects: the more docks a recipient interacts with, the faster subsequent onboarding becomes. A mortgagee verified on one carrier’s dock can access another carrier’s dock without re-submitting TLS certificates.
Secrets
Recipients can have shared secrets for authentication — particularly useful for the mortgagee passphrase flow:
- Generated as 32-byte random values
- Stored as SHA-256 hashes (the plaintext is returned only once)
- Rotatable and revocable
- Optionally time-limited (e.g., auditor access windows)
Batch Operations
| Method | Description |
|---|
| Batch create | Create multiple recipients in a single API call |
| CSV import | Upload a CSV file with recipient data |
