The CRM API version 4.0 is a RESTful API that allows users to create, read, update, and delete CRM records. It supports various record types depending on the pricing plan and add-ons.
On this page you have the following options:
- Overview API Integration
- Set up API Integration
- Making API Requests
- Error responses
- API Examples
- Set up API Alerts
Overview API Integration
The CRM API v4.0 accepts JSON format and requires an OAuth 2.0 Access Token for authentication.
The following record types can be Created, Read, Updated and Deleted via the SpotlerCRM API v4.0:
| Record Type | Price Plan | Object name |
|---|---|---|
| Accounts | Professional, and Enterprise Plans | accounts |
| Activities | Professional, and Enterprise Plans | activities |
| Contacts | Professional, and Enterprise Plans | contacts |
| Campaigns | Professional, and Enterprise Plans (with Marketing tool) | campaigns |
| Campaign Details | Professional, and Enterprise Plans (with Marketing tool) | campaigndetails |
| Campaign Stages | Professional, and Enterprise Plans (with Marketing tool) | campaignstages |
| Cases | Professional and Enterprise Plans (with Service & Support tool) | cases |
| Documents | Professional, and Enterprise Plans | documents |
| Opportunities | Professional, and Enterprise Plans | opportunities |
| Opportunity Histories | Professional, and Enterprise Plans | opportunityhistories |
| Opportunity Lines | Professional, and Enterprise Plans | opportunity_lines |
The CRM API v4.0 accepts requests in JSON format. You will need to understand how to make HTTP requests in order to use the API although we have provided some introductory information and useful links (in addition to a comprehensive guide to the methods available to you) to assist you or your developers.
Set up API Integration
To enable API access:
- Navigate to Settings > Integrations > API V4 in your CRM.
- Enable API access for your users.
- Generate an OAuth 2.0 Access Token.
- Use the token in the Authorization header when making requests:
Authorization: Bearer {access_token}.
Data Dictionary
Retrieve all fields for a record type using:
GET /datadictionary/{object_name}
Lookup Lists
Retrieve values from lookup lists/dropdowns:
GET /lookup/{object_name}/{field_name}
To append values to lookup lists:
PATCH /lookup/{list_name}
Request body (JSON):
{
"items": [
"Item 1", "Item 2"
]
}
Response (JSON):
{
"message": "Lookup values added",
"items": [
{
"value": "new one",
"id": "new one"
},
{
"value": "another new one",
"id": "another new one"
}
]
}
Making API Requests
Making a request is simple, choose the record type you want and take a note of the object name, then simply send a GET, POST, PATCH, DELETE request to the servers. The URL structure is the same for all type of requests, just the method changes.
API requests use standard HTTP methods:
GET /accounts POST /accounts PATCH /accounts/123456 DELETE /accounts/123456
All GET requests are limited to 100 records at a time and defaulted to 10. You can change this limit by passing limit in the URL.
GET /accounts?limit=50
Due to the limits above, you can also pass a page number.
GET /accounts?page=2
This will return your accounts starting from the 20th record by default. You can combine limits and pages together to get more results for a particular page.
GET /accounts?limit=100&page=4
This will return your accounts starting at the 400th record.
If the page cannot be found, no records will be returned.
You can return the line items for an opportunity inline under the key of ‘lines’ by passing the request parameter of lines=true
GET /opportunities?lines=true
GET /opportunities/{id}?lines=true
The returned JSON will include the ‘lines’ key similar to below.
"lines": [
{
"id": 1,
"opportunityid": 1,
"product": "User Subscription",
"quantity": 30,
"unitprice": 420
}
]
Filtering is as simple as sending a request with the query parameter set in the URL. The parameter consists of fields and operators in JSON format that make up a complete query. The field or fields you provide must match a field in the object’s data dictionary.
Quick example:
GET /accounts?q={"name": "Test"}
Which is the same as asking for all accounts with the name “Test”.
You can match on a single field:
?q={"name": "Test"}
Or you can match on multiple fields:
?q={"name": "Test", "sector": "Design"}
In addition to simple fields, you can use special operators to provide more complex queries.
The following logic operators can be used in queries:
| Operator | Description | Example |
|---|---|---|
| $not | Negation logical operator | {"field": {"$not": val}} |
| $in | Match any value in array | {"field": {"$in": [value1, value2, ...]}} |
| $nin | Not match any value in array | {"field": {"$nin": [value1, value2, ...]}} |
| $or | Logic operator | {"$or": [{"field": value}, {"field": value}]} |
The following conditional operators can be used in queries:
| Operator | Description | Example |
|---|---|---|
| $gt | Greater than | {"field": {"$gt": 1000}} |
| $gte | Greater than or equal | {"field": {"$gte": 1000}} |
| $lt | Less than | {"field": {"$lt": 1000}} |
| $lte | Less than or equal | {"field": {"$lte": 1000}} |
| $bt | Between value1 and value2 inclusive | {"field": {"$bt": [1000, 2000]}} |
| $sw | Starts with | {"field": {"$sw": "tes"}} |
| $ew | Ends with | {"field": {"$ew": "tes"}} |
| $con | Contains | {"field": {"$con": "tes"}} |
You can pass in the query parameter of ?order to order the results. This needs to be in JSON format and consist of a field and direction. The direction can be either asc (ascending) or desc (descending).
Quick example:
GET /accounts?order={"field": "asc"}
You can order by many fields by passing multiple into the query.
GET /accounts?order={"field": "asc", "field2": "asc", ...}
This will only ever return information to you.
To get a list of all your records for a certain type, send a GET request for the record using the object name.
GET /{object_name}
Above will return a list of all your accounts based on your permission level.
GET /{object_name}/12345
Above will return the record which has the ID of 12345 or nothing. Refer to the example tab above to see what this would look like.
You can use POST requests when you wish to create records. You POST a JSON encoded string to the servers and it will return a single instance of the record.
POST /{object_name}
If all the validation and subscription limit checks pass, the newly created record will be returned. Refer to the example tab above to see what this would look like.
N.B. It is required to include all mandatory fields in an API call which creates a new CRM record, via POST.
These are used to update records that already exist within your CRM system. It still requires a JSON encoded string to be submitted to the servers, but the URL must include the ID of the record to be updated.
PATCH /{object_name}/123456
Without the ID, the request will fail.
If the request is successful, a single instance of the record will be returned.
Similar to a PATCH request, but this doesn’t need any content. It just needs the ID of the record you wish to delete.
DELETE /{object_name}/12345
The request will fail without the ID.
If successful, it will also not return any content, just a status code of 200.
Error responses
If an error occurs, responses will be structured as:
{
"type": "Invalid Request error",
"code": 500,
"message": "Invalid record type (accountss)"
}
The code may be different and the message itself, but it will return a JSON object and always have a message index letting you know what has gone wrong.
If an error had been encountered you will received a status code higher then or equal to 3xx. A status code of 200 or 201 means your request was successful.
Status codes:
| Code | Meaning |
|---|---|
| 500 | Internal server error, something has gone wrong at our end. |
| 422 | Validation Error, please check the information you have provided |
| 405 | Not Allowed, please check the request type (GET, POST, PATCH, DELETE) |
| 404 | Record or page not found |
| 402 | Forbidden, please check your access token |
| 400 | Bad request, please check the url and data submitted |
| 301 | Redirect, may happen when trying to login |
| 201 | Created successfully |
| 200 | Successful request |
On a 422 error response, the JSON response will also contain validation information letting you know what went wrong.
{
"type": "Validation error",
"code": 422,
"message": "The given data was invalid.",
"validation": {
"accountid": [
{
"Required": []
}
]
}
}
API Examples
GET /accounts
POST /accounts
{
"name": "testing API",
"ownerid": 1
}
PATCH /accounts/95950731
{
"name": "testing API Updated"
}
DELETE /accounts/95950731
Set up API Alerts
Usage and failed API call alerts can be configured under Settings > Integrations > API V4. Users can set alerts for API call limits or failed requests.
- Usage Alerts: Notifies users when API call limits are reached.
- Failed API Call Alerts: Notifies users when API calls fail.