How to Use the TrustPager REST API
Authenticate, manage API keys, choose scopes, and start reading and writing CRM data programmatically. Includes available resources and endpoint patterns.
TrustPager REST API lets you connect your own tools, scripts, and third-party systems directly to your CRM data. You can read contacts, create opportunities, trigger automations, send emails, query reports, and more — all from outside the app.
API access requires a Pro plan or above. If your current plan does not include API access, you will see a prompt to upgrade when you visit https://app.trustpager.com/settings/api.
Managing Your API Keys
Go to https://app.trustpager.com/settings/api to create, view, and revoke your API keys. Each key is tied to your workspace — one key gives access to one company data.
When creating a key, give it a name (so you can identify it later) and choose its scopes. Scopes control exactly what the key can do:
- Read — fetch records, run queries
- Write — create and update records
- Delete — remove records
- Admin — manage workspace settings and users
Give each key the minimum scopes it needs. A key used only for syncing contacts does not need admin or delete access.
Authenticating Requests
Pass your API key as a bearer token in the Authorization header on every request:
Authorization: Bearer tp_live_xxxxxxxxxxxx
The base URL for all API calls is https://api.trustpager.com/v1.
What You Can Do From Day One
With a valid API key, you can immediately:
- Read and create contacts, companies, and opportunities
- Move opportunities through pipeline stages
- Log calls, meetings, and notes
- Send emails and SMS messages
- Trigger and manage automations
- Create and send documents and forms
- Query reports and dashboards
- Manage tasks and bookings
- Configure pipelines, products, and team settings
- Read and write Standalone Spreadsheets and their rows
Available Resources and Scopes
Contacts, Companies, Opportunities
Standard CRUD across /api/v1/contacts, /api/v1/companies, /api/v1/opportunities. Scopes: contacts:read|write|delete, customers:read|write|delete, deals:read|write|delete.
The paths /api/v1/customers and /api/v1/deals continue to work indefinitely as aliases — existing integrations do not need to migrate.
Opportunity Attachments
Each opportunity supports attached files, documents, images, spreadsheets, and invoices via sub-resource endpoints:
GET/POST /api/v1/opportunities/:id/files/:file_idGET/POST /api/v1/opportunities/:id/documents/:id(or the legacy/deals/:id/...alias)GET/POST /api/v1/opportunities/:id/images/:idGET/POST /api/v1/opportunities/:id/spreadsheets/:idGET /api/v1/opportunities/:id/invoices
Forms
Build, send, and read form submissions via /api/v1/forms. Scopes: forms:read|write|delete.
Exports (Workspace Spreadsheets)
Create, run, and manage export templates via /api/v1/exports/templates. Scopes: exports:read|write|delete. See https://trustpager.com/help-center/export-crm-data for the full endpoint list.
Standalone Spreadsheets
Create spreadsheets from templates, read and write rows, and manage templates. Scopes: spreadsheets:read, spreadsheets:write, spreadsheets:delete.
Key endpoints:
GET /api/v1/spreadsheets/templates— list templatesPOST /api/v1/spreadsheets/templates— create a templatePOST /api/v1/spreadsheets— create a spreadsheet from a templateGET /api/v1/spreadsheets/:id— get a spreadsheetGET /api/v1/spreadsheets/:id/rows— list rowsPOST /api/v1/spreadsheets/:id/rows— add rowsPATCH /api/v1/spreadsheets/:id/rows/:row_id— update a rowDELETE /api/v1/spreadsheets/:id/rows/:row_id— delete a row
See https://trustpager.com/help-center/standalone-spreadsheets for full documentation on Standalone Spreadsheets.
Automations, Pipelines, Tasks, and More
Most platform objects have a corresponding REST resource and scope pair. The pattern is consistent: GET /api/v1/{resource} to list, POST to create, PATCH /:id to update, DELETE /:id to delete.
Keeping Keys Secure
Treat your API key like a password. Never include it in client-side code, public repositories, or shared documents. If a key is compromised, revoke it immediately from https://app.trustpager.com/settings/api and generate a replacement.
Tip: Create a separate key for each integration rather than reusing one key everywhere. That way, if you need to revoke access for one system, your other integrations keep working uninterrupted.
TrustPager also ships an MCP server for AI agents — covered in a separate article.