%20--%3e%3cpolygon%20points='36.12%200%2036.12%20159.2%200%20137.31%200%2019.84%2036.12%200'%20fill='%23ff8f00'/%3e%3cpolygon%20points='33.04%2082.66%2059.92%2066.73%20101.89%2088.33%20122.41%2077.53%20160%2097.94%20160%20135.12%20114.87%20160%2033.64%20118.07%2033.04%2082.66'%20fill='%23ff8f00'/%3e%3cpolygon%20points='137.39%2058.49%20137.39%2022.34%20101.89%204.27%2066.39%2022.34%2066.39%2058.49%20101.89%2076.56%20137.39%2058.49'%20fill='%23ff8f00'/%3e%3c/svg%3e)
Using the Hustack API
The Hustack API allows external systems to securely access CRM data using company-scoped API keys. Each API key belongs to one workspace and can only access data from that workspace. This makes it possible to connect Hustack with automation tools, reporting tools, AI workflows and custom integrations.
It is designed to be used from systems such as Make, Zapier, n8n, Power Automate, Claude/AI workflows through automation tools, BI/reporting tools, and custom scripts. Hustack today exposes a REST API foundation — a native Claude/MCP connector is not yet available, but the API is structured so one can be added later.
Base URL
https://www.hustack.com/api/v1You can verify the API is live without authentication by calling the health endpoint:
GET https://www.hustack.com/api/v1/health
{
"status": "ok",
"service": "hustack-api",
"version": "v1"
}Authentication
All protected requests must include a Bearer token in the Authorization header.
Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx- API keys are generated in Settings → Integrations → API Keys.
- The full API key is shown only once at creation time — copy and store it securely.
- API keys can be revoked at any time from the same settings screen.
- Raw keys are never stored on our servers and are never shown again after creation.
curl -X GET "https://www.hustack.com/api/v1/accounts" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json"Scopes
Each API key has one or more scopes. Requests without the required scope return 403 Forbidden. Grant the minimum scopes needed — read-only integrations for reporting or AI analysis usually only need read scopes.
| Scope | Description |
|---|---|
read:accounts | List and view accounts. |
write:accounts | Create accounts. |
read:deals | List and view deals/opportunities. |
write:deals | Create deals/opportunities. |
read:activities | List and view activities. |
write:activities | Create activities. |
read:notes | List and view notes. |
write:notes | Create notes. |
Endpoints
All data is automatically scoped to the workspace resolved from your API key. You should never send a company_id in the request body — it is ignored by the API.
| Method | Path | Auth | Required scope | Description |
|---|---|---|---|---|
| GET | /health | No | — | Check whether the API is live. |
| GET | /accounts | Yes | read:accounts | List accounts for the authenticated workspace. |
| GET | /accounts/:id | Yes | read:accounts | Get one account by ID. |
| POST | /accounts | Yes | write:accounts | Create a new account. |
| GET | /deals | Yes | read:deals | List deals/opportunities. |
| GET | /deals/:id | Yes | read:deals | Get one deal/opportunity by ID. |
| POST | /deals | Yes | write:deals | Create a new deal/opportunity. |
| GET | /activities | Yes | read:activities | List activities. |
| POST | /activities | Yes | write:activities | Create a new activity. |
| GET | /notes | Yes | read:notes | List notes. |
| POST | /notes | Yes | write:notes | Create a new note. |
List endpoints accept limit (max 200, default 50) and offset query parameters for pagination.
Example requests
Health check
curl -X GET "https://www.hustack.com/api/v1/health"List accounts
curl -X GET "https://www.hustack.com/api/v1/accounts" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json"Get one account
curl -X GET "https://www.hustack.com/api/v1/accounts/account_id_here" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json"Create an account
curl -X POST "https://www.hustack.com/api/v1/accounts" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Corp",
"industry": "Software",
"website": "https://acme.example",
"email": "hello@acme.example",
"country": "United States"
}'List deals
curl -X GET "https://www.hustack.com/api/v1/deals" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json"Get one deal
curl -X GET "https://www.hustack.com/api/v1/deals/deal_id_here" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json"Create a deal
curl -X POST "https://www.hustack.com/api/v1/deals" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"name": "New opportunity",
"value": 25000,
"currency": "USD",
"stage": "Qualified",
"account_id": "optional_account_uuid"
}'Create an activity
type must be one of Call, Email, Meeting or Task. Use related_account_id, related_contact_id, related_opportunity_id or related_lead_id to attach the activity to a record.
curl -X POST "https://www.hustack.com/api/v1/activities" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"type": "Call",
"title": "Follow-up call",
"description": "Discuss next steps with the customer.",
"due_date": "2026-05-20",
"related_account_id": "account_uuid_here"
}'Create a note
curl -X POST "https://www.hustack.com/api/v1/notes" \
-H "Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"title": "Meeting note",
"content": "The customer is interested in a follow-up meeting next week.",
"related_account_id": "account_uuid_here"
}'Using the API with Make, Zapier or n8n
You can connect Hustack to any automation tool that can make authenticated HTTP requests. Configure an HTTP module with the following settings:
| Setting | Value |
|---|---|
| URL | https://www.hustack.com/api/v1/accounts |
| Method | GET (or POST for create endpoints) |
| Authentication | None — set headers manually |
| Header | Authorization: Bearer hs_live_xxxxxxxxxxxxxxxxx |
| Header | Content-Type: application/json |
- For read-only reporting or AI analysis, start with
GET /accountsandGET /deals. - For creating CRM data, use
POST /notesorPOST /activities. - Use a separate API key for each external system.
- Never expose API keys in frontend or browser code.
Using the API with Claude / AI workflows
Hustack does not currently provide a native Claude or MCP connector. You cannot paste a Hustack API key directly into Claude as a built-in integration. For now, you can still use Hustack data in AI workflows by going through an automation layer:
- Retrieve CRM data from Hustack using the REST API.
- Send that data to your own Claude, OpenAI or other AI workflow (via Make, Zapier, n8n or a custom script).
- Generate summaries, pipeline analysis, account strategies, presentation outlines or reports.
AI usage and billing in external tools such as Claude, Make, Zapier or n8n is handled by your own account with that provider. Hustack may still apply API rate limits and usage limits. A native MCP / AI agent connector may be added in the future, but is not available today.
Error responses
| Status | Error code | Meaning |
|---|---|---|
| 401 | unauthorized | Missing or invalid API key. |
| 403 | forbidden | API key does not have the required scope. |
| 410 | revoked_key | This API key has been revoked. |
| 410 | expired_key | This API key has expired. |
| 429 | rate_limit_exceeded | Too many requests. Please try again later. |
| 400 | bad_request | Invalid request body or query. |
| 500 | internal_server_error | An unexpected error occurred. |
{ "error": "unauthorized", "message": "Missing API key." }
{ "error": "forbidden", "message": "API key does not have the required scope." }
{ "error": "revoked_key", "message": "This API key has been revoked." }
{ "error": "expired_key", "message": "This API key has expired." }
{ "error": "rate_limit_exceeded", "message": "Too many requests. Please try again later." }
{ "error": "bad_request", "message": "Invalid request body." }
{ "error": "internal_server_error", "message": "An unexpected error occurred." }Best practices
- Create a separate API key for each integration.
- Use the minimum required scopes.
- Use read-only keys for reporting and AI analysis.
- Do not expose API keys in frontend or browser code.
- Store API keys securely (a password manager or your automation tool's secret store).
- Rotate keys periodically.
- Revoke unused or leaked keys immediately.
- Monitor last-used timestamps and API usage logs in the settings screen.
- Use expiration dates for temporary integrations.
- Records created via the API are tagged so you can identify them in the UI.