API Reference

The RepOS External API lets the Command Center (or any authorized system) push data into RepOS and read execution data back out, and lets RepOS notify your systems the moment something happens. Data flows both ways.

Base URL & auth

All endpoints live under https://reposcrm.com/api/external/v1. Authenticate with an API key (issued in the RepOS Admin portal) in the Authorization header. Keys carry a read and/or write scope.

curl https://reposcrm.com/api/external/v1 \
  -H "Authorization: Bearer rk_live_xxxxxxxxxxxx"

Every record you send carries an externalId— your Command Center's own ID for it. RepOS keys off that, so sending the same record twice updates it rather than duplicating. Safe to retry.

Push data in

Send one object or an array (up to 500). Response reports created, updated, and any per-row errors.

POST/dealerswrite scope
Upsert dealers, prospects, and contractors. Assign to a rep with ownerEmail.
POST/contactswrite scope
Upsert contacts under a dealer (by dealerExternalId).
POST/orderswrite scope
Upsert orders. RepOS updates the dealer's order-recency (which drives health) and notifies the owning rep.
POST/commissionswrite scope
Upsert commission entries per rep (by repEmail).

Example: upsert a dealer

curl -X POST https://reposcrm.com/api/external/v1/dealers \
  -H "Authorization: Bearer rk_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "externalId": "CC-DLR-4471",
    "type": "dealer",
    "name": "Riverside Outdoor Supply",
    "stage": "active_dealer",
    "city": "Savannah", "state": "GA", "zip": "31401",
    "ownerEmail": "marcus@tru-scapes.com"
  }'

Read data out

All list endpoints accept ?limit=, ?offset=, and ?updatedSince= (ISO date) for incremental sync.

GET/dealersread scope
List accounts. Filter by ?type=.
GET/activitiesread scope
Visits, calls, and notes logged by reps. Filter by ?dealerExternalId=.
GET/opportunitiesread scope
Sales opportunities with stage and value.
GET/ordersread scope
Synced orders.
GET/commissionsread scope
Commission entries.

Receive events (webhooks)

Register a URL in the RepOS Admin portal and RepOS will POST a signed JSON body when things happen. Verify each request with the signing secret using HMAC-SHA256 over the raw body, compared to the X-RepOS-Signature header.

POST https://your-command-center/repos-events
X-RepOS-Event: activity.created
X-RepOS-Signature: sha256=<hmac of the raw body>

{ "event": "activity.created",
  "createdAt": "2026-07-08T15:04:00.000Z",
  "data": { "id": "…", "type": "visit", "summary": "…" } }

Events: account.created, account.updated, account.stage_changed, contact.created, activity.created, opportunity.created, opportunity.stage_changed, task.completed.

Errors

Errors return a JSON body with a stable code and a human-readable message. 401 = bad key, 403 = missing scope, 400 = validation.

{ "error": { "code": "insufficient_scope",
             "message": "This key needs the \"write\" scope for this endpoint." } }