CRM Integration

Verified Property Passport REST API

Use API keys from the agency dashboard. Public report links use expiring tokens and return summary-only data.

Privacy by default

Report endpoints return summary data only. Sensitive document uploads and internal storage paths are never exposed to third-party CRM systems.

Access logging

API reads, report views, and PDF exports are written to audit logs with request IDs, API key prefixes, and rate-limit state where available.

Duplicate-aware workflows

Verification requests and viewing records run through duplicate checks before creation, so CRM retries do not create noisy duplicate workflow items.

Endpoints

GET /api/v1/passports/tenant/:idGET /api/v1/passports/buyer/:idGET /api/v1/properties/:id/passportPOST /api/v1/viewingsPOST /api/v1/verification-requestPOST /api/v1/webhooks/crm

Send Authorization: Bearer vpp_live_or_demo_key. Passport reads use workspace ownership or active consent grants. Responses include request and rate-limit headers.

Reports

GET /api/reports/passports/:id/pdfGET /api/reports/properties/:id/pdfGET /api/reports/transactions/:id/pdfGET /api/reports/viewings/:id/pdfGET /api/reports/inspections/:id/pdfGET /api/reports/deposits/:id/pdfGET /api/share/:token/pdf

Share-token PDFs require a valid, unexpired, non-revoked token. They are summary-only and log export access.

Webhook intake

CRM webhooks require the crm:webhook scope, support idempotency keys, and store compact metadata without raw sensitive payloads.