Quickstart

This walks from nothing to reading real (synthetic) appeal data. Two paths — the SDK (JS/TS) and raw REST — using the same credentials.

1. Get credentials

The sandbox is invite-only. You’ll be provisioned a username + password and your API base URL. That’s all you need — the base URL isn’t a secret; the password is.

2a. With the SDK

import {signIn, AdjudicateClient} from '@coa/adjudicate'

// Exchange your credentials for a short-lived token.
const {idToken} = await signIn({
  baseUrl: '<api-base-url>',
  username: '<you>',
  password: '<your-password>',
})

const adj = new AdjudicateClient({baseUrl: '<api-base-url>', token: idToken})

const appeals = await adj.appeals.list()
console.log(appeals.length, 'appeals')          // → 13 appeals
console.log(appeals[0].veteran, appeals[0].docketNumber)

// Read one appeal's documents, then search it.
const docs = await adj.documents.list(appeals[0].id)
const hits = await adj.search(appeals[0].id, 'tinnitus')
console.log(docs.length, 'documents;', hits.hits.length, 'search hits')

2b. With raw REST

# Exchange credentials for a token.
TOKEN=$(curl -s -X POST "<api-base-url>/auth/token" \
  -H "Content-Type: application/json" \
  -d '{"username": "<you>", "password": "<your-password>"}' | jq -r .token)

# List appeals.
curl -s -H "Authorization: Bearer $TOKEN" "<api-base-url>/appeals" | jq
{
  "appeals": [
    { "id": "demo-…", "docketNumber": "202449-53053",
      "veteran": { "firstName": "Hector", "lastName": "Crowley" },
      "uploadedAt": "2026-05-13T01:00:20Z" }
  ]
}

3. What you just did

  • Authenticated — exchanged your credentials at POST /auth/token for a short-lived bearer token.
  • Listed appeals, read documents, and searched — the three read surfaces of the API.

Authentication details

The token is short-lived (minutes-to-an-hour); every request carries it as Authorization: Bearer <token>, and a missing or expired token returns 401. The token response includes a refresh token — use it to get a new token without re-prompting for the password. For the underlying model — how the same identity also powers the Reader’s web sign-in and its scoped data access — see Users & teams.

Next