Industry Guide: Financial Services & Lending
This guide walks through a complete Docyard setup for a lending company distributing loan documents. Docyard’s four stakeholder classes map to financial services workflows:
| Docyard Role | Financial Services Persona | Access Pattern |
|---|
| Mortgagee | Warehouse Lender / Investor | Bulk API for loan docs |
| Agent | Loan Officer / Broker | Portal + bulk download |
| Policyholder | Borrower | Self-service portal |
| Auditor | Regulatory Examiner (OCC/CFPB) | Time-boxed read-only |
Step 1: Create a Dock
Create a dock for the lending company:
curl -X POST https://api.docyard.io/v1/docks \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Summit Capital Partners",
"domain": "summitcapital.com",
"legalName": "Summit Capital Partners LLC",
"businessType": "llc",
"businessEmail": "[email protected]"
}'
Step 2: Upload Documents
Upload loan documents. Docyard computes a SHA-256 hash and deduplicates automatically.
# Upload a loan estimate
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../artifacts/upload \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "[email protected]"
# Upload a promissory note
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../artifacts/upload \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "[email protected]"
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../artifacts \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"filename": "loan-estimate-LN-2025-78300.pdf",
"metadata": {
"loan_number": "LN-2025-78300",
"document_type": "loan-estimate",
"loan_program": "conventional-30yr",
"origination_date": "2025-02-01"
}
}'
Step 3: Add Recipients (All Four Personas)
Warehouse Lender / Investor — Bulk API access
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../recipients \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Vanguard Warehouse Lending",
"email": "[email protected]",
"stakeholderClass": "mortgagee",
"identifiers": {
"investor_id": "VWL-5500",
"loan_number": "LN-2025-78300"
}
}'
Loan Officer / Broker — Portal + bulk download
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../recipients \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Marcus Johnson — Keystone Mortgage",
"email": "[email protected]",
"stakeholderClass": "agent",
"identifiers": {
"nmls_id": "NMLS-334421",
"loan_number": "LN-2025-78300"
}
}'
Borrower — Single retrieval via portal
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../recipients \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Jennifer & Thomas Wright",
"email": "[email protected]",
"stakeholderClass": "policyholder",
"identifiers": {
"phone": "+1-704-555-0312",
"date_of_birth": "1988-03-27",
"loan_number": "LN-2025-78300"
}
}'
Regulatory Examiner — Time-boxed read-only
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../recipients \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "OCC — Sandra Liu",
"email": "[email protected]",
"stakeholderClass": "auditor",
"identifiers": {
"badge_id": "OCC-2025-EX-0204",
"nda_hash": "sha256:a1b2c3d4e5f6..."
}
}'
Step 4: Create Access Policies
Investor bulk access policy
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Investor Bulk Loan Doc Access",
"recipe": "{\"stakeholderClass\":\"mortgagee\",\"artifactTypes\":[\"promissory-note\",\"closing-disclosure\",\"appraisal\",\"underwriting-decision\"],\"auth\":{\"factors\":[\"shared_passphrase\",\"tls_certificate\"],\"tls\":{\"require_mutual\":true}},\"access\":{\"method\":\"bulk_api\",\"max_batch_size\":10000},\"match\":{\"identifiers\":[\"investor_id\",\"loan_number\"]}}"
}'
Loan officer portal access policy
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Loan Officer Portal & Download",
"recipe": "{\"stakeholderClass\":\"agent\",\"artifactTypes\":[\"loan-estimate\",\"closing-disclosure\",\"application-packet\",\"rate-lock\",\"underwriting-decision\",\"appraisal\"],\"auth\":{\"factors\":[\"webauthn\"],\"webauthn\":{\"challenge_type\":\"platform_or_cross_platform\"}},\"access\":{\"method\":[\"portal\",\"bulk_download\"]},\"match\":{\"identifiers\":[\"nmls_id\",\"loan_number\"]}}"
}'
Borrower self-service policy
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Borrower Self-Service Portal",
"recipe": "{\"stakeholderClass\":\"policyholder\",\"artifactTypes\":[\"loan-estimate\",\"closing-disclosure\",\"promissory-note\",\"payment-schedule\"],\"auth\":{\"factors\":[\"sms_otp\"],\"otp\":{\"delivery\":\"sms\",\"code_length\":6,\"ttl_seconds\":300}},\"access\":{\"method\":\"portal\",\"max_concurrent_downloads\":1},\"match\":{\"identifiers\":[\"email\",\"date_of_birth\",\"loan_number\"]}}"
}'
Regulatory examination audit policy
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "OCC Regulatory Examination — Q1 2025",
"recipe": "{\"stakeholderClass\":\"auditor\",\"artifactTypes\":[\"*\"],\"auth\":{\"factors\":[\"badge_id\",\"nda_hash\"],\"nda\":{\"hash_algorithm\":\"sha256\",\"require_match\":true}},\"access\":{\"method\":\"portal\",\"read_only\":true,\"download_enabled\":false},\"match\":{\"identifiers\":[\"badge_id\",\"nda_hash\"]},\"constraints\":{\"time_window\":{\"start\":\"2025-01-15T00:00:00Z\",\"end\":\"2025-03-15T00:00:00Z\"},\"auto_expire\":true}}"
}'
curl -X POST https://api.docyard.io/v1/docks/dock_01HQ3K.../policies/pol_01HQ3P.../publish \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "stage": "production" }'
Step 5: Generate Investor Passphrase
The investor’s policy requires a shared passphrase. Generate one:
curl -X POST https://api.docyard.io/v1/recipients/rcp_01HQ3N.../secrets \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Vanguard Warehouse Lending — API Passphrase",
"expiresInDays": 90
}'
The secret value is returned only once. Securely transmit it to the investor. Docyard stores only the SHA-256 hash and cannot recover the plaintext.
Step 6: Investor Retrieves via Bulk API
The investor creates a bulk retrieval job for loan documents:
curl -X POST https://api.docyard.io/v1/retrieval/jobs \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"dockId": "dock_01HQ3K...",
"recipientId": "rcp_01HQ3N...",
"metadata": { "document_type": "promissory-note" },
"sinceTimestamp": "2025-01-01T00:00:00.000Z"
}'
curl https://api.docyard.io/v1/retrieval/jobs/job_01HQ3Q.../results \
-H "Authorization: Bearer YOUR_API_KEY"
Compliance Notes: TRID/Reg Z & SOX
Financial services document distribution must comply with multiple regulatory frameworks:
- TRID (TILA-RESPA Integrated Disclosure): Borrowers must receive the Loan Estimate within 3 business days of application and the Closing Disclosure at least 3 business days before closing. Docyard’s audit log provides timestamped proof of delivery for both.
- Regulation Z: Requires clear disclosure of loan terms, APR, and payment schedules. The borrower self-service portal ensures borrowers can access these documents at any time.
- SOX (Sarbanes-Oxley): Publicly traded lenders must maintain auditable records of financial transactions. Docyard’s immutable audit log and policy versioning provide the documentation trail required for SOX compliance.
- Warehouse lending: Investors and warehouse lenders need real-time access to loan documents for funding decisions. The bulk API with mTLS ensures secure, high-volume document retrieval.
- Examiner access: OCC and CFPB examiners require time-limited access to loan files during regulatory examinations. The auditor policy’s auto-expiring time window ensures access is automatically revoked when the examination period ends.
Persona Summary
| Persona | Financial Services Role | Auth Factors | Access Method | Key Identifiers |
|---|
| Mortgagee | Warehouse Lender / Investor | Passphrase + mTLS | Bulk API | investor_id, loan_number |
| Agent | Loan Officer / Broker | WebAuthn | Portal + bulk download | nmls_id, loan_number |
| Policyholder | Borrower | DOB + SMS OTP | Portal (single retrieval) | email, date_of_birth, loan_number |
| Auditor | Regulatory Examiner | Badge ID + NDA hash | Portal (read-only, no download) | badge_id, nda_hash |
Next Steps
