Before you start

Intended Audience

This guide is aimed at developers wishing to integrate with OpenCRM via a REST API.

You should have a good knowledge of the concept of REST web services and JSON / JSON Serialization and how to implement this in your language of choice. 

Data Security

You are exposing YOUR data (which could in turn mean data on YOUR customers) to another application to either pull or change information in OpenCRM and you need to plan and consider this carefully, as well as fully understand the code and methods you are working with.

Have you considered any security implications? Accessing data via the API is secured by SSL encryption, but we have no control over what or how you control access/encryption of the data once it lands on your side. Make sure you have sufficient security and access protection in place to your data once it is taken from OpenCRM.

Consider the security of the storage of the API keys or OpenCRM username and password that your application or code is using to connect to your OpenCRM system.

Data Validity / Integrity

The same level of data validation is not supported by the API at this time. Mandatory field checks are not in place and data validation (e.g. checking a number is entered into a number field, checking validity of email addresses etc is not supported). Duplication checks will not take place. You should make sure the data you are posting to the API is valid and sensible. 

Enable API

In order to start using the API, please contact your account manager or 

IP Restriction

It is possible to restrict access to the API to only certain IP addresses. Contact if you wish to apply this restriction.

Please note that API restrictions setup in the web application settings do NOT apply to API access, API access needs to be restricted separately. 


For security reasons the API will only accept connections from clients using TLS version 1.2 or higher. Please check the version of the client/programming language you intend to use can connect using TLS protocol 1.2 or above. 

Request Recording/Logging/API Limits

For your info, security and peace of mind, all incoming REST API calls are recorded in your OpenCRM database. OpenCRM support has access to this. Your API requests are limited dependent on your subscription.

It is possible to restrict access to the API to only certain IP addresses. Contact if you wish to apply this restriction.

Records modified or added by the API will show the following in their audit log:

Administrator (admin)15-04-2016 15:54Modified(API)Record modified by API call from IP:


You may need further information to achieve your goals with the API. Simple questions can be directed to, but if you have a more in depth API project, or your request is for something the API does not cover, this will be referred to your account manager to discuss with you further. Support requests on API functionality will be dealt with at a low priority and not within our usual contracted SLA times.

API Developer / Reference Documentation/Specification

The OpenCRM API specification can be found here : OpenCRM API Developer Reference Guide

Need More Help?

If you have any questions, just start a Live Chat, "Click" on the Chat Icon in the lower right corner to talk with our support team.