Skip to content
Pulse

Developer Platform

Build anything on top of Pulse.

Every UI feature is backed by a JSON:API endpoint. JWT auth, Ransack filters, bulk operations, polymorphic relationships, and HMAC-signed outbound webhooks. Public REST under /api/v1.

Start free See it in action

JSON:API REST

Every resource follows JSON:API conventions. Predictable URLs, predictable shape. Generate clients in minutes.

Outbound webhooks

Subscribe to event types. HMAC-signed payloads. Automatic retry with exponential backoff. Secret rotation endpoint.

JWT auth + revoke

Stateless JWT with JTIMatcher revocation. Per-session row in UserSession with one-tap revoke.

Anatomy

Every region, explained.

1

Base URL

POST/GET https://api.pulsecrm.io/api/v1/* — all resources under one namespace, versioned.

2

Auth

POST /auth/sign_in returns Authorization: Bearer <jwt>. Send on every subsequent request.

3

Resources

Contacts, companies, deals, leads, activities, tasks, pipelines, tickets, workflows, integrations, users — full CRUD.

4

Filters via Ransack

Pass ?q[name_cont]=acme or ?q[stage_id_in][]=1&q[stage_id_in][]=2 — Ransack predicates supported on every list endpoint.

5

Bulk operations

POST /contacts/bulk_update, /contacts/bulk_tag, /deals/bulk_destroy — operate on arrays of IDs.

6

Webhooks

POST /webhook_subscriptions to subscribe. HMAC X-Pulse-Signature on every delivery. Retry up to 10 with backoff.

Deep dive

Everything that's in the box.

JSON:API response format

{ data: { id, type, attributes, relationships } }. Standardized errors, links, meta blocks.

Ransack-powered filtering

Every list endpoint supports ?q[<attribute>_<predicate>]=<value>. Cont, eq, gt, lt, in, blank, present — and more.

Bulk operations

Bulk update, bulk delete, bulk tag, bulk convert across most resources. Reduces N+1 round-trips.

Polymorphic relationships

Activities, tasks, tags, notes all polymorphic. API returns parent_type + parent_id; clients can resolve consistently.

Search endpoint

GET /search?q=<term> globally searches deals, contacts, leads with smart-input detection.

Rate limiting

Rack::Attack rate limits on burst operations. Limits returned in response headers.

CSRF for cookie sessions

If you use cookie auth in a browser, GET /auth/csrf issues a CSRF cookie + header pair. JWT bearer bypasses CSRF.

Webhook payload versioning

WebhookSubscription.payload_version pinned per subscription so payload changes are non-breaking.

In the wild

How teams use it.

1-day build

"Built a custom dashboard that pulls Pulse data into Looker. The JSON:API made it boring (in a good way)."

Carlos R.

Agency engineering lead

−$60/mo Zapier

"Webhook + HMAC signing replaced our Zapier stack. More reliable, cheaper, auditable."

Tomás D.

SaaS DevOps

5k contacts / 1 call

"Bulk update endpoint let us sync 5,000 contacts from our billing system in one call."

Priya K.

B2B SaaS RevOps

Pulse vs. The Old Way

A different league.

Pulse CRM
Spreadsheet / legacy CRM
API specification
JSON:API standard
Proprietary REST or GraphQL only
Webhook signing
HMAC SHA-256, rotatable secret
Plain POST or basic auth
Filter expressiveness
Ransack predicates on every list
Limited or per-endpoint custom
Bulk endpoints
Bulk update/delete/tag native
N+1 round-trips required

Keep exploring

Related features.

Webhooks

Workflows

Security

Custom Fields

FAQ

Frequently asked

Get started in 5 minutes

Ready to see the pulse of your revenue?

Start free. Bring your whole team. Cancel whenever (you won't).

Start free — no card required Book a demo