The HelloGrowthCRM Public REST API powers our Zapier and Make integrations. Read and write leads, deals, tasks, and notes from your own apps, scripts, and automations using Bearer-token authentication.

CRUD for leads, deals, tasks & notes
Bearer token (JWT) login
Zapier & Make mappings
Connect Claude, ChatGPT & Cursor
All requests go to our production backend (Supabase Edge Functions) — the same production system that powers the live application at app.hellogrowthcrm.com. It is not a sandbox.
https://jdkqkauiajxyjtvxikmy.supabase.co/functions/v1/integrations-restCustom domain (in progress): the same API will also be served from https://api.hellogrowthcrm.com/integrations-rest. Paths, request bodies, and responses are identical — only the hostname changes.
Potential customers and contacts. Required on create: company_name.
Sales opportunities with pipeline stages. Required on create: name.
To-do items and follow-ups. Required on create: title.
Comments attached to a lead. Required on create: lead_id, content.
Bearer token (JWT) via POST /auth/login, with automatic refresh.
Zapier triggers/actions and Make modules built on these endpoints.
The HelloGrowthCRM Public REST API (integrations-rest, spec 1.1.0) lets you read and write four resources — leads, deals, tasks, and notes — from any app, script, or platform. All requests and responses use JSON and require a Bearer token, except POST /auth/login. Every request is automatically scoped to the logged-in user’s organization (tenant), so you only ever see and change your own organization’s data. All record IDs are UUIDs.
List endpoints accept ?limit= (1–100, default 50) and ?offset= (default 0), and return results newest-first (created_at descending). A list response is { "data": [ ... ], "total", "limit", "offset" }; a single record is { "data": { ... } }. Creates return 201 Created; deletes return 204 No Content.
Validation failed — { error, details }
Missing / invalid / expired token
Record or resource not found
Rate limit exceeded
Server error
Created / deleted successfully
Send your email and password to POST /auth/login. You get back a short-lived access_token.
curl -X POST "https://jdkqkauiajxyjtvxikmy.supabase.co/functions/v1/integrations-rest/auth/login" \
-H "Content-Type: application/json" \
-d '{ "email": "you@yourcompany.com", "password": "..." }'Send a GET request to /leads with your Bearer token to list your leads.
curl -H "Authorization: Bearer YOUR_TOKEN" \
"https://jdkqkauiajxyjtvxikmy.supabase.co/functions/v1/integrations-rest/leads?limit=2"POST to a resource with its required field(s). For a lead, only company_name is required.
curl -X POST "https://jdkqkauiajxyjtvxikmy.supabase.co/functions/v1/integrations-rest/leads" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "company_name": "Test Co" }'Send your access token in the Authorization: Bearer YOUR_TOKEN header on every request. Tokens are short-lived (~1 hour); on a 401, log in again or use the Supabase refresh-token grant. For server-to-server or script use, keep credentials secret and never expose them in client-side code.
Leads: id, tenant_id, lead_name, company_name (required), email_address, phone_number, designation, lead_source, stage_id, deal_value, deal_currency, notes, tags[], website, linkedin_url, created_at, updated_at. Deals: id, tenant_id, name (required), lead_id, stage (enum), value, currency, probability (0–100), expected_close_date, actual_close_date, notes, owner_id, created_at, updated_at. Tasks: id, tenant_id, title (required), description, status, priority, due_date, assignee_id, board_id, completed_at, created_at. Notes: id, tenant_id, lead_id (required), content (required), entry_type, created_at.
Teams use the HelloGrowthCRM Public API to sync leads from marketing tools, push deals from quoting systems, automate task creation, and log notes against contacts — all without manual exports. Because the same API powers our official Zapier and Make integrations, you can connect thousands of apps with no code, or call the endpoints directly when you need full control. Every call is tenant-scoped and uses standard JSON over HTTPS.
Need implementation help or evaluation resources? Explore our integrations, security documentation, CRM and RevOps blog, and contact page for technical support, trust details, and rollout guidance.
This reference is meant to help technical teams understand how HelloGrowthCRM fits into a larger operating stack. Most teams do not evaluate an API in isolation. They want to know how authentication, list polling, and field mapping will behave when the CRM becomes part of lead routing, reporting, and customer communication processes.
The tabs below are organized around common implementation paths. Start with the API reference for direct CRUD access, review authentication for the Bearer-token login and refresh flow, and check the integrations tab if you are wiring up Zapier or Make.
A lead is a potential customer or contact captured in the CRM. company_name is the only required field on create.
GET /leads?limit=50&offset=0 List leads (newest first)
GET /leads/{id} Get one lead by ID
POST /leads Create a lead
PATCH /leads/{id} Update a lead
DELETE /leads/{id} Delete a lead
POST /leads
{
"company_name": "Acme Inc",
"lead_name": "Jane Doe",
"email_address": "jane@acme.com",
"phone_number": "+1 555 0100"
}
201 Created
{ "data": { "id": "90148a31-...", "company_name": "Acme Inc", ... } }A deal is a sales opportunity, optionally linked to a lead. name is required. stage must be a lowercase enum.
GET /deals?limit=50&offset=0 List deals
GET /deals/{id} Get one deal
POST /deals Create a deal
PATCH /deals/{id} Update a deal (e.g. change stage)
DELETE /deals/{id} Delete a deal
stage: qualification | proposal | negotiation | closed_won | closed_lost
POST /deals
{
"name": "Acme - Annual Plan",
"value": 50000,
"currency": "USD",
"stage": "proposal",
"lead_id": "90148a31-..."
}A task is a to-do item, optionally linked to a lead or assignee. title is required.
GET /tasks?limit=50&offset=0 List tasks
GET /tasks/{id} Get one task
POST /tasks Create a task
PATCH /tasks/{id} Update a task (e.g. mark complete)
DELETE /tasks/{id} Delete a task
priority: low | medium | high | urgent
POST /tasks
{
"title": "Call Jane",
"priority": "high",
"due_date": "2026-06-10",
"lead_id": "90148a31-..."
}A note is a comment attached to a lead, stored as lead activity history. Both lead_id and content are required.
GET /notes?limit=50&offset=0 List notes
GET /notes/{id} Get one note
POST /notes Add a note to a lead
PATCH /notes/{id} Update a note's content
DELETE /notes/{id} Delete a note
POST /notes
{
"lead_id": "90148a31-...",
"content": "Met at trade show, very interested."
}Strong integrations usually begin with a clear ownership model. Decide which system is responsible for source-of-truth fields, which records should trigger automation, and how duplicate handling or stage updates will be reconciled before you ship to production. A few field-level rules prevent most errors: deals send name (not title), the deal stage is a lowercase enum, and every note must include a lead_id.
If your team is still evaluating implementation scope, pair this page with the integrations hub, security resources, and relevant workflow guides so business and engineering teams can review the same rollout plan.
You can generate an API key and start testing on a trial account. Rate limits scale with plan tier, so production workloads with heavy sync volume belong on a paid plan sized to your request rate.
Use a separate trial workspace as a sandbox: create test leads and deals, wire up webhooks, and verify your sync logic before pointing the integration at your production workspace and live pipeline data.
Treat webhook delivery as at-least-once. Make your handlers idempotent — key on the event ID — return a 2xx quickly, and process the payload asynchronously so slow downstream systems never cause missed events.
Requests over the limit return HTTP 429. Back off exponentially and batch reads where possible; for bulk loads, the CSV import path is usually faster and cheaper than looping over the create endpoint.