Auth

Private apps (access tokens) for first-party integrations. OAuth for third-party apps. API keys are deprecated — don’t build on them.

Core Endpoints

CRM API: contacts, companies, deals, tickets, custom objects. Each supports GET, POST, PATCH, DELETE. Search endpoint for filtered queries.

Rate Limits

Burst and daily quotas per portal. Public apps have per-app limits. Exceed them, get 429. Implement exponential backoff and retry.

Batch APIs

Create/update/archive up to 100 objects per call. Dramatically reduces API count. Use for any bulk operation.

Webhooks

Subscribe to events (contact.propertyChange, deal.creation, etc.). Public apps only. Verify webhook signatures.

Share