API Reference

The OnePageCRM REST API uses predictable, resource-oriented URLs, standard HTTP verbs, and JSON request and response bodies — 165 operations across 27 resources.

Base URL
https://app.onepagecrm.com/api/v3
Auth
HTTP Basic — user_id as username, api_key as password.
Format
JSON request and response bodies.

Authentication

Every request must be authenticated. Two methods are supported:

  • API key (HTTP Basic) — your user_id as the username and api_key as the password. Best for scripts, server-side jobs, and quick tests. See Authentication.
  • OAuth 2.1 — Bearer tokens with scopes, for apps that act on behalf of other users. Registration is currently by request. See OAuth.

Core concepts

OnePageCRM is built around a contact and its next action. Read the data model for the full picture.

Contacts The people you sell to. Each owns its actions, deals, notes, calls and meetings.
Companies Organizations that group related contacts. A company exists only alongside a contact.
Deals Potential sales on a contact — amount, stage and expected close date.
Actions The next step to take on a contact. Actions drive the Action Stream.
Notes, Calls & Meetings Interactions logged against a contact.
Action Stream Contacts ordered by when their next action is due — the default OnePageCRM view.

Making requests

  • All requests and responses are JSON (Content-Type: application/json).
  • PUT with partial=true updates only the fields you send. See Partial updates.
  • List endpoints paginate with page and per_page. See Pagination.
  • Sort and time-filter lists with sort_by/order and since/until/modified_since. See Sorting & time filters.
  • Reverse a delete by repeating it with undo=true. See Undo deletion.
  • Rate limits apply to every endpoint. See Rate limits.

Real-time & AI

  • Webhooks — receive a POST the moment a record changes.
  • MCP server — give AI agents live, permissioned access to query, create, and update CRM data.

Responses & errors

Every response is a JSON envelope. Success carries status: 0, message, timestamp, and data; errors carry error_name and error_message instead. Branch on the HTTP status and error_name, not on the message text.

200 OK
201 Created
400 Invalid or incomplete request data
401 Authentication missing or invalid
403 Forbidden — permissions, scope, or the request-rate throttle
404 Resource not found
429 Too many concurrent connections

The request-rate throttle returns 403 with a plain-text body, not 429. Full status map and error_name catalog: Errors.

OpenAPI spec & AI surfaces

  • The API is defined by an OpenAPI 3 spec on GitHub — browse it there, or point a codegen tool at the raw swagger.yaml. Prefer the spec over scraping this HTML.
  • Every reference page is also raw markdown: append .md to any path. Point an assistant at Build with AI.

Browse by resource

CRM Core

Streams

Events & Webhooks

Search & Filtering

CRM Configuration

Predefined Content

Account & Reference