What is HighLevel?

You might have landed on this site after watching my youtube videos. I offer my affiliates and their teams onboarding help, templated automations/workflows, and more to help you get trained and ready to use this awesome tech. I offer way more than a snapshot and personally work with my affiliates! Click Here to Learn More and Get a FREE trial!

Is this an official tool made by HighLevel?

No! This is privately developed tool to help developers and agencies use the V2 API more easily. All of the tasks on this page can be done DIY using the instructions in the developer documentation.

Are you looking for Free Help with HighLevel?

I offer a free onboarding course to anyone even if they are affiliated with someone else. It is loaded with links, help docs, and my tips/tricks on all the configuration tasks that can cause headaches and hours of research.

Click Here for the FREE Course

Stuck in Tutorial Hell? Want Paid Help? Want a 1 on 1 Teacher/Coach?

I am the only licensed computer science teacher and HighLevel nerd. Is there another? Let me know!

Contact Me for a Quote

Thinking of Upgrading to the SAAS plan?

Did you know if you are on the $297 plan that you can elect a second affiliate to upgrade to the SAAS $497 plan with? It is great because your first affiliate still earns their commission! If you are looking for 1 on 1 help to help prep your accounts and build automations that will help you scale: then elect me! I am focused on the things to help you scale and manage a large number of clients. In fact: my affiliates get access to my CuratedConnector Make and Zapier V2 OAuth2 apps with unlimited licenses for your agency and clients! Click Here to Learn More

OAuth2 is a more secure API and is a "Three-Legged Process"

Leg 1: Configure Your Application (follow steps on this page)

Leg 2: Request an authorization "code" (click submit, it lands on redirect URL)

Leg 3: Exchange authorization "code" for an "access token" (we use HL V2 docs for this).

NOTE: An access token is only good for 24 hours. You must refresh the token using a custom app (read below about CuratedConnector) or apply complex routing / data storage if the API call to an endpoint fails.

Click Here to Navigate to the HighLevel Developer Documentation Page

Buckle Up. This is a long guide. API Requests are simply HTTP Requests. Highlevel's V1 API is a REST API. HighLevel's V2 is an OAuth2 API which is implemented for the additional security measures and authentication. Every public API has a base URL for API requests.

Highlevel's Base API V2 URL is:

https://services.*************hq.com

"The Payload" - Refers to the data sent typically sent in a JSON object which are key value pairs in curly braces. Note that most programming languages like Javascript, Python, etc have libraries to convert their data structures to JSON. This is done due to syntactic differences amongst programming languages and to send a universal data structure.

JSON Object: Note that in Make/Integromat they refer to Objects as Collections

{

key1: value,

key2: value

}

Arrays:

You will also see arrays which use bracket notation. Arrays are used when it is one value separated by commas.

"tags": [

"shaun",

"coming-at-you",

"from-high-level"

]

Nested Objects:

You will also see objects nested in objects. Each object is separated by a comma.

"dndSettings": {

"Call": {

"status": "active",

"message": "string",

"code": "string"

},

"Email": {

"status": "active",

"message": "string",

"code": "string"

}

}

An Array of Objects:

Sometimes you see an array with objects nested in it. In this customFields array, we have two custom field objects, separated by a comma. The ID represents the unique ID assigned to the customField when it was first generated by the system. A contact would show this data, so to know what the "id" is then you would need to query the "get custom fields" to know the internal system Ids name (for now).

"customFields": [

{

"id": "6dvNaf7VhkQ9snc5vnjJ",

"field_value": "the value of this custom field"

},

{

"id": "6daefsfesfsEFdasfesDSJ",

"field_value": "another custom field with this value"

}

]

On contact creation or update you can update with just the "key" which is a great new update like this:

"customFields": [
{
"key": "my_key_name",
"field_value": "the value of this custom field"
}
]

Some requests, such as the access token, are sent as URL form encoded payloads (see below).

Method: HTTP Methods refer to the type of request you are doing on a resource. GET, PUT, etc.

Endpoint: Refers to the resource which we want to access. Endpoints are a category of a resource: contacts, opportunities, users, etc. Most endpoints require a query parameter to target the specific location for the request.

Query Parameters: These parameters are on the end of a URL after a question mark and are also called query strings. Each parameter, after the first one, is separated by the ampersand "&" symbol. Query parameters help filter or reduce the response. This is useful for endpoints like "GET contacts" so we can narrow down the results and do less parsing of our data payload. Example which limits to 20 results:

https://services.*****connectorhq.com/contacts/?locationId=ve9EPM428h8vShlRW1KT&limit=20

contacts is endpoint

locationId is a required query field key

limit is a query parameter

Path Parameters: The path refers to the entire string of text after the base URL. The first part of the path is the endpoint. The API will also require you to have additional things in the path such as a User ID which is surrounded in curly braces.

GET User

https://services.leadconnectorhq.com/users/{userId}

users is endpoint

{userId} is the required path parameter

Example: https://services.leadconnectorhq.com/users/ve9EPM428h8vShlRW1KT

Headers: These are additional things that explain the formatting of our payload such as

{'Content-Type': 'application/json'}. - Informs the receiving end of a PUT/POST/PATCH/DELETE that they are receiving a JSON data payload. You must format the request exactly how the receiving end wants to receive it. If you format it incorrectly you will get a 400 Bad Request or 422 unprocessible entity. All endpoints use this content type.

{'Content-Type': 'application/x-www-form-urlencoded'} - Only the "Get Access Token" uses this content-type. This content type refers to data that is encoded and sent in a long URL link to a server. Encoding is the conversion of the special characters and symbols so that it doesn't break the link. A blank space is encoded to "%20" as an example and sent as one long query string on the token URL.

{'Authorization': 'Bearer token'} - Sends over our authentication in the form of an API Key (REST terminology) or an access token (OAuth2 terminology). Note the V2 docs don't show the word Bearer, at the time of this publishing, but it is a required prefix.

{'Version': '2021-04-15'} - This is a required header for every request on the V2 API, except to get the access token, to indicate the current API version.

Body:

A GET request does not have a body. Every other type of request usually requires some required fields in the body. This is where you can specify exactly what you want to change or map in with Zapier/Make. Creating a custom value (POST) would have the body:

{

"name": "Custom Value Name",

"value": "Value"

}

Scopes are the permissions you need to grant to the app. Add only the scopes that you need to use. You can add all of them if you want to. The only issue you run into with lots of scopes is if you use want to listen to webhook events on your webhook URL (see next section).

A full list of scopes is available here.
Note: Links constantly change. Navigate to v2 api scopes page for updated links.

NOTE: You must pick "Agency" in your marketplace apps profile in order to have access to agency scopes like oauth, snapshots, saas, etc.

What are the "oauth" scopes for?
-> These are specifically to use the "Get Location Access Token from Agency Token" endpoint. This allows you to generate tokens for temporary use or you can store them and refresh them.

V2 API has advanced endpoints for "webhook events" which opens up a lot of automations abilities. These are also referred to as "triggers." So when an event occurs in the location/sub-account, it sends a payload to the "webhook delivery URL" in your marketplace app at the bottom of the settings page. Note that you can only save one webhook URL in your app. Pay attention to the scopes you give your app because multiple webhook events on the same webhook URL = a huge spiderweb scenario filter to properly route the payloads. I recommend just one webhook event scope per app so that it is easier to manage over on Zapier or Make. Webhook events are listed in the developer docs scopes/endpoints/events page, but you need to scroll all the way down the left navigation bar to see what they do.

Note the data payload of webhook events do not include the full contact data payload, so refer to the docs as to the format and types of data it will send.

Go watch Quinton Newman's awesome demo video where he shows how to record inbound messages in a Google Sheet. Note: You do not need to maintain your access token to use webhook events. You can turn it on and the system will keep sending the events to the webhook URL even if the access token expires. Refer to his video for a more in-depth guide, but the tool on this page will speed up that process.

The V1 API is being deprecated March of 2024.

If you are reading this, it might already be too late. You should get some coffee and read this page a few more times....

What is Make?

Never heard of Make (formerly Integromat)? Signup here and get two free active scenarios with no credit card required! It is an awesome product and I rarely use my Zapier account since switching to Make since they offer routing/flow controls on their entry level plans.

We offer the ONLY Fully Whitelabeled Make API V2 App:

This app is truly whitelabeled. It can be installed in your account, a customers acount, or with other agencies. It is an awesome freelancing tool and can help YOU earn money by affiliate selling our app at 40% commissions! You can start solving quick under $100 jobs and bake our app into the deal which earns you affiliate clicks if you sign them up! Nobody else does this! Learn more.

YES!

Our whitelabeled apps are also on Zapier and Pabbly! Our apps are easy to use but also allow custom develoepr custom payloads with any method. It is full featured and does WAY more than the "LC" App. We offer single connections and unlimited connection options: Click Here to Signup!

Interested in an affiliate selling the apps? Contact us to learn more.

Considering upgrading to the SAAS plan? Upgrade with us and get access to our entire network of automation templates, apps, and tools to grow your SAAS business. To sweeten the deal even more: We offer unlimited installations of our whitelabeled apps for you and your clients! Supercharge your SAAS journey with all of the tools that the pros use to scale to 100+ clients. Learn More.

Is HighLevel Making a Zapier V2 App?

The HighLevel team confirmed their whitelabeled V2 Zapier app is on on the to-do list.

Before anything: Go back to your marketplace app and click the save button again. Then retry it. Note that some providers that you give auth links to will dynamically build your auth link. They separate out the scopes. This leads to formatting issues. One stray "space" and it fails. Study the URL and then continue down this error path to figure out what is wrong:

Right Click on the location selector screen. Click "Inspect". Go to the network tab. Click on a location again. Check the response for the error code.

ClientID Not Found in the Marketplace: Means the clientID is wrong. Try again.

CastError: Cast to ObjectId failed for value "clientidstring" at path "_id" for model "OAuthClient"

Scopes Incorrect: Recheck the scopes you have in the marketplace app and the scopes you chose in the checkboxes on this page.

Redirect URI Doesn't Match: Copy and paste the entire link on the failing auth screen. Compare it to your marketplace app. Try deleting the redirect and resaving.

Please make sure to only elect a "private" app while you are testing things. If you pick "public" then your app will require scope reviews and you will hate your life waiting. Only go public if this is to be sold or listed in app marketplace.

Make sure you are signed in to your account with "app.gohighlevel.com". Test that URL to make sure because you can be logged in your whitelabel and logged out of the GHL link.

This is a copy/paste from a GHL release:

Enhanced App Installation Capabilities: Agencies under the $297 plan can now install apps (with distribution types: agency and agency & sub-account) to their sub-accounts.

New Company API: A new company API has been introduced, providing agencies access to all sub-account details.

Marketplace Scope Enhancement: We've added a new marketplace scope (companies.readonly) to ensure smoother integration processes.

Limitations:To encourage our customers to consider upgrading to the $497 plan, we have implemented certain limitations in the $297 plan:

Restrictions on Sub-Account Management: Limitations on creating or updating sub-accounts.Agency-Level User Management Constraints: 

Restrictions on creating and updating users at the agency level. These limitations are designed to offer basic functionalities to $297 plan customers while providing incentives to upgrade to the $497 plan for more comprehensive features, particularly in sub-account creation, updating, and user management at the agency level.

Need to make locations? Upgrade with us to the $497 plan and get access to all of our Low-Code Applications!

The SSO option on the settings page is specifically for "Custom Pages" aka "Custom Menu Links" for public marketplace apps. This is not for external usage (yet). It returns back an object of data including companyId, locationId, name, email, userId, userType. You are provided a decryption key in your marketplace app and you will need to decrypt it on a server with appropriate libraries.

The whitelabel payment providers currently serve as an overlay. It is simply a custom logo and name and then you can pick authorize.net and NMI as the backend for credentials. This will be rapidly changing with future releases for custom providers.