API Reference
1,615 REST API endpoints. Full schemas, request/response examples, authentication.
Browse from the CLI
solid api list enumerates categories; solid api docs <path> shows the schema for one endpoint; solid api call ... hits a real endpoint with auth.
CLI Docs →
OpenAPI Spec (auth-gated)
The full OpenAPI 3.0 spec is gated for security — the production API does not expose the blueprint anonymously. Authenticated developers can request access from the dashboard.
app.solidnumber.com/dashboard/install-command →
Base URL
https://api.solidnumber.com/api/v1/Authentication
Pass your API key in the Authorization header:
curl -H "Authorization: Bearer sk_solid_your_api_key" \
https://api.solidnumber.com/api/v1/crm/contactsGet your API key: Quickstart guide | Full auth docs
API Categories
CRM & Contacts
200+Contacts, deals, pipeline, activities, tasks, lead scoring
/api/v1/crm/AI & Chat
80+ADA assistant, agent chat, AI content generation, GPT suite
/api/v1/chat/, /api/v1/rpc/AI/Voice & SMS
60+Voice calls, Twilio webhooks, SMS send/receive, phone management
/api/v1/voice/, /api/v1/sms/Payments & Billing
100+Orders, invoices, payment links, subscriptions, commissions
/api/v1/orders/, /gateway/Calendar & Booking
50+Appointments, availability, Google Calendar sync
/api/v1/calendar/CMS & Website
80+Pages, blog, media, SEO, site settings, design
/api/v1/cms/E-commerce
60+Products, cart, inventory, shipping, fulfillment
/api/v1/ecommerce/Knowledge Base
40+KB entries, search, sync, analytics, SKB coaching
/api/v1/kb/Analytics
30+Page views, revenue, reports, dashboards, forecasting
/api/v1/analytics/MCP Tools
608Model Context Protocol tools for AI-to-AI communication
/api/mcp/Auth & Security
30+Login, JWT, API keys, OAuth, 2FA, sessions
/api/v1/auth/Integrations
100+Google Workspace, Thumbtack, Stripe, accounting, social
/api/v1/integrations/Quick Examples
List Contacts
GET /api/v1/crm/contacts?limit=10&search=john
Create a Deal
POST /api/v1/crm/deals
{
"title": "Kitchen Remodel",
"stage": "New",
"amount": 1200000,
"contact_id": 42
}Send SMS
POST /api/v1/sms/send
{
"to_phone": "+18015551234",
"message": "Thanks for your inquiry! We'll call you within the hour."
}Chat with ADA
POST /api/v1/chat/message
{
"message": "Draft a proposal for contact 42 based on their last call",
"conversation_id": "session_abc"
}CLI magic-link auth (Phase 3)
Logged-in dashboard mints a single-use ist_* token (5-min TTL, scope-bound to company_id), and the CLI installer redeems it for a real session.
# 1. Dashboard mints (auth required — Bearer or session)
POST /api/v1/auth/install-token
Authorization: Bearer <user_jwt>
→ { "token": "ist_xxx...", "expires_at": "...", "company_id": 99999 }
# 2. CLI installer redeems (token IS the auth, no other header)
POST /api/v1/auth/install-token/exchange
Content-Type: application/json
{ "token": "ist_xxx...", "label": "CLI" }
→ { "access_token": "...", "refresh_token": "...", "user": { ... } }Single-use enforced atomically. Replays return 401 + audit event. See CLI docs for the user-facing flow.
Rate Limits
| Tier | Requests/Min | AI Tokens/Month |
|---|---|---|
| Starter | 60 | 15,000 |
| Builder | 120 | 40,000 |
| Professional | 300 | 100,000 |
| Enterprise | 1,000 | Unlimited |
Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers. On exhaustion you get 429 Too Many Requests with a Retry-After header (seconds).
Pagination
All list endpoints use offset/limit pagination. Defaults: limit=50, offset=0. Max limit is 200 per request.
GET /api/v1/crm/contacts?limit=50&offset=0
{
"items": [ ... 50 contacts ... ],
"total": 1247,
"limit": 50,
"offset": 0,
"has_more": true
}For exports over 10K rows, use solid CLI with --all --format csv — it auto-paginates and streams.
Errors
Every error response shares the same envelope: HTTP status + JSON body with code, message, and an optional details array for validation failures.
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
{
"code": "validation_error",
"message": "Field 'amount' must be a positive integer (cents)",
"details": [
{ "field": "amount", "error": "must_be_positive", "received": -500 }
],
"request_id": "req_01JABCDEFGH123456789"
}| Status | Code | When |
|---|---|---|
| 400 | bad_request | Malformed JSON or missing required field |
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key lacks the required scope |
| 404 | not_found | Resource doesn't exist or belongs to another company |
| 409 | conflict | Duplicate idempotency key with different payload |
| 422 | validation_error | Field-level validation failed (see details) |
| 429 | rate_limit_exceeded | See Retry-After header |
| 500 | internal_error | Report with the request_id |
Idempotency
Every POST that creates a resource (orders, payments, invoices, messages) accepts an Idempotency-Key header. Retry-safe: the same key replays the first response for 24 hours. Different key + same payload creates a new resource.
curl -X POST https://api.solidnumber.com/api/v1/orders/ \
-H "Authorization: Bearer sk_solid_..." \
-H "Idempotency-Key: $(uuidgen)" \
-H "Content-Type: application/json" \
-d '{"contact_id": 42, "amount": 120000}'Sandbox & Test Mode
Test keys start with sk_solid_test_. Charges are simulated. Voice/SMS messages are logged, not dispatched.
sk_solid_test_abc123...Live keys start with sk_solid_live_. Real money moves. Use environment-separated keys in CI.
sk_solid_live_xyz789...Webhooks
Subscribe to events via POST /api/v1/webhooks. Every outbound payload is HMAC-SHA256 signed — verify the X-Solid-Signature header against your webhook secret before trusting the body.
# Node.js verification
const crypto = require('crypto')
const sig = req.headers['x-solid-signature']
const expected = crypto
.createHmac('sha256', process.env.SOLID_WEBHOOK_SECRET)
.update(req.rawBody)
.digest('hex')
if (sig !== expected) return res.status(401).send('bad signature')Retries: exponential backoff, 5 attempts over ~24h. Full webhook docs →
Versioning
The API is versioned via URL path (/api/v1/). Breaking changes get a new major version. Deprecated endpoints return a Sunset header with the removal date (minimum 6 months notice).
- Non-breaking additions (new endpoints, new optional fields, new enum values) ship to v1 without notice.
- Breaking changes (removed endpoints, required-field changes, enum removals) ship as v2 with parallel v1 support for 12 months.
- Multi-tenancy is foundational — every endpoint auto-scopes to the company_id of your API key. You cannot cross-read tenants.
OpenAPI Specification
We publish OpenAPI 3.0 specs in machine-readable form so you can generate typed SDKs, render interactive docs (Swagger UI, Redoc, Stoplight), validate requests, and run contract tests against the API. There are two specs — one public, one auth-gated — covering different surface areas.
Read-only platform information for AI crawlers and discovery agents. Covers the public MCP endpoint and well-known manifests.
https://solidnumber.com/api/mcp/openapi.jsonAll 1,615 REST endpoints (CRM, payments, voice, AI, CMS, etc.). The blueprint isn't exposed anonymously — authenticated developers request access from the dashboard.
Request access in dashboard →Generate a client
# TypeScript client from the public spec npx @hey-api/openapi-ts \ -i https://solidnumber.com/api/mcp/openapi.json \ -o ./src/solid-client # Python client (openapi-python-client) openapi-python-client generate \ --url https://solidnumber.com/api/mcp/openapi.json
For the full REST spec, download the JSON from the dashboard and pass the local path to the same generators. First-party SDKs (JS/Python/Go/Ruby) are on the SDK roadmap — if you only need a typed client today, codegen from the spec is the path.