Skip to main content

ProspectConnect Public API

A REST API for building on top of the CRM — read and write contacts, companies, deals, tasks, notes, and the activity timeline from your own apps, integrations, and automations.

The API is an additive facade: it sits in front of the same platform your CRM already runs on, with a curated, stable, documented surface designed for external use. Nothing about your existing data or workflows changes.

Design at a glance

Base URLhttps://papi.trendev.in/v1
AuthOAuth 2.0 Bearer token (per-tenant). See Authentication.
FormatJSON, snake_case, UTF-8. ISO-8601 / RFC 3339 UTC timestamps.
IDsOpaque, type-prefixed: con_…, cmp_…, deal_…, task_…, note_…, act_….
ReadsGET /{resource}/{id} for one record; POST /{resource}/search for filtered lists.
WritesPOST to create, PATCH for partial updates, DELETE to remove. State changes are dedicated action paths (e.g. POST /deals/{id}/stage).
PaginationUniform cursor envelope { data, meta: { cursor, total? } }. See Pagination.
ErrorsRFC 9457 application/problem+json with a trace_id. See Errors.
Versioning/v1 in the path + a required dated Version header. See Versioning.

What you can do today

Wave 1 covers the core CRM record objects:

  • Contacts — people; the anchor object most other records attach to.
  • Companies — organizations / accounts.
  • Deals + Pipelines — revenue opportunities and the stages they move through.
  • Tasks — actionable to-dos, optionally attached to a record.
  • Notes — free-text notes on a contact, company, or deal.
  • Activities — the unified record timeline (emails, calls, meetings, system events).

Engagement & scheduling, commerce, content/automation, and reporting follow in later waves on the same conventions — once you've integrated Wave 1, the rest of the surface looks identical.

Two enforcement layers

Every request is checked against both:

  1. OAuth scopes — what the token/app is allowed to do (contact.read, deal.write, …).
  2. The user's role & permissions — what the person behind the token is allowed to do in the CRM.

The effective permission is their intersection. A broadly-scoped token still can't do anything the underlying user's role forbids — "can't delete" stays "can't delete," whether through the UI or the API.

Next steps

  • Get started — make your first authenticated call in a few minutes.
  • API Reference — every endpoint, parameter, and schema, with a live "Try It" panel.
  • Guides — auth, pagination, errors, idempotency, rate limits, versioning.