CRM Gateway API

Overview

This service acts as an API gateway/proxy for HighLevel CRM. It handles OAuth authentication, token management, and provides secure endpoints for making API calls to HighLevel.

Endpoints

OAuth Endpoints

/api/auth/crm/callback - Agency app OAuth callback
/api/auth/crm/subaccount/callback - Sub-account app OAuth callback

Webhook Endpoints

POST /api/webhooks/crm - Handle install/uninstall webhooks

Proxy Endpoints

Company-level (Agency) API calls:

/api/proxy/company/{companyId}?endpoint=/path/to/endpoint

Supports: GET, POST, PUT, DELETE, PATCH

Location-level (Sub-Account) API calls:

/api/proxy/location/{locationId}?endpoint=/path/to/endpoint

Supports: GET, POST, PUT, DELETE, PATCH

Example Usage

// Get all contacts for a location
const response = await fetch(
  '/api/proxy/location/LOCATION_ID?endpoint=/contacts',
  { method: 'GET' }
);

// Create a contact
const response = await fetch(
  '/api/proxy/location/LOCATION_ID?endpoint=/contacts',
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      firstName: 'John',
      lastName: 'Doe',
      email: 'john@example.com'
    })
  }
);

// Get locations for a company
const response = await fetch(
  '/api/proxy/company/COMPANY_ID?endpoint=/locations/search',
  { method: 'GET' }
);

Features

Automatic token refresh when expired
Secure credential storage in Supabase
Support for both Agency and Sub-Account apps
Webhook handling for install/uninstall events
Automatic token exchange for location-level access
Complete type safety with TypeScript