API Reference
The RepOS External API lets the Command Center (or any authorized system) push data into RepOS and read execution data back out, and lets RepOS notify your systems the moment something happens. Data flows both ways.
Base URL & auth
All endpoints live under https://reposcrm.com/api/external/v1. Authenticate with an API key (issued in the RepOS Admin portal) in the Authorization header. Keys carry a read and/or write scope.
curl https://reposcrm.com/api/external/v1 \ -H "Authorization: Bearer rk_live_xxxxxxxxxxxx"
Every record you send carries an externalId— your Command Center's own ID for it. RepOS keys off that, so sending the same record twice updates it rather than duplicating. Safe to retry.
Push data in
Send one object or an array (up to 500). Response reports created, updated, and any per-row errors.
/dealerswrite scope ownerEmail./contactswrite scopedealerExternalId)./orderswrite scope/commissionswrite scoperepEmail).Example: upsert a dealer
curl -X POST https://reposcrm.com/api/external/v1/dealers \
-H "Authorization: Bearer rk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"externalId": "CC-DLR-4471",
"type": "dealer",
"name": "Riverside Outdoor Supply",
"stage": "active_dealer",
"city": "Savannah", "state": "GA", "zip": "31401",
"ownerEmail": "marcus@tru-scapes.com"
}'Read data out
All list endpoints accept ?limit=, ?offset=, and ?updatedSince= (ISO date) for incremental sync.
/dealersread scope?type=./activitiesread scope?dealerExternalId=./opportunitiesread scope/ordersread scope/commissionsread scopeReceive events (webhooks)
Register a URL in the RepOS Admin portal and RepOS will POST a signed JSON body when things happen. Verify each request with the signing secret using HMAC-SHA256 over the raw body, compared to the X-RepOS-Signature header.
POST https://your-command-center/repos-events
X-RepOS-Event: activity.created
X-RepOS-Signature: sha256=<hmac of the raw body>
{ "event": "activity.created",
"createdAt": "2026-07-08T15:04:00.000Z",
"data": { "id": "…", "type": "visit", "summary": "…" } }Events: account.created, account.updated, account.stage_changed, contact.created, activity.created, opportunity.created, opportunity.stage_changed, task.completed.
Errors
Errors return a JSON body with a stable code and a human-readable message. 401 = bad key, 403 = missing scope, 400 = validation.
{ "error": { "code": "insufficient_scope",
"message": "This key needs the \"write\" scope for this endpoint." } }