Integrate TC Northwest data into your existing tools, CRMs, and workflows. Our REST API provides read-only access to all your transaction data with space-scoped security and rate limiting.
Connect your TC Northwest data to the tools your business already uses.
Pull transaction files, contacts, and agent data into Salesforce, HubSpot, Follow Up Boss, or any CRM that accepts REST data.
Get notified instantly when files are created, tasks are completed, or contingencies change. Build automations with Zapier, Make, or custom code.
Export transaction data to build custom dashboards in Google Sheets, Airtable, or business intelligence tools like Looker or Metabase.
Look up contacts by phone number from your phone system, call center, or any application that handles incoming calls.
Trigger actions in other systems when events happen in your Space. Send Slack messages, create Trello cards, or update spreadsheets automatically.
Pull your contact and file data to cross-reference with MLS feeds, keeping your transaction records in sync with listing data.
API keys are created from your Space Settings page. Each key is scoped to a single Space and provides read-only access to that Space's data. Only the Space owner can create, view, and revoke API keys.
Security Note
Your API key is shown only once when created. Store it securely. If compromised, revoke it immediately from Settings and create a new one. Never share API keys in client-side code, public repositories, or URLs.
Include your API key in the X-API-Key header with every request.
curl -H "X-API-Key: tc_live_your_api_key_here" \
https://your-space.tcnorthwest.com/api/v1/filesStart by checking the health endpoint to verify your connection, then query your data.
# Check API health (no auth required)
curl https://your-space.tcnorthwest.com/api/v1/health
# List your transaction files
curl -H "X-API-Key: tc_live_your_api_key_here" \
https://your-space.tcnorthwest.com/api/v1/files
# Get a specific file by ID
curl -H "X-API-Key: tc_live_your_api_key_here" \
https://your-space.tcnorthwest.com/api/v1/files/12345
# Search contacts by name
curl -H "X-API-Key: tc_live_your_api_key_here" \
"https://your-space.tcnorthwest.com/api/v1/contacts?search=Smith"
# Lookup a contact by phone number
curl -H "X-API-Key: tc_live_your_api_key_here" \
"https://your-space.tcnorthwest.com/api/v1/contacts/lookup?phone=2065551234"API key via X-API-Key header. Keys are scoped to a single Space with read-only access. All data is automatically filtered to the Space associated with your key.
60 requests per minute per API key. Rate limit headers are included in every response:X-RateLimit-Limit andX-RateLimit-Remaining.
Every API key is bound to a Space. All queries are automatically scoped to that Space's data. You cannot access data from other Spaces, even with a valid key. Sensitive fields (password hashes, signing secrets) are excluded from responses.
API keys provide read-only access (GET requests only). Write operations (POST, PATCH, DELETE) return a 403 Forbidden response. The only exception is the Webhooks API, which supports full CRUD for managing webhook subscriptions.
All responses follow a consistent JSON envelope format:
// Success response
{
"success": true,
"data": [ ... ],
"pagination": {
"page": 1,
"pageSize": 25,
"total": 142,
"totalPages": 6
}
}
// Error response
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or expired API key"
}
}All list endpoints support the following query parameters for pagination, sorting, filtering, and search:
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number for pagination |
pageSize | integer | 25 | Items per page (max 100) |
sort | string | id | Column name to sort by |
order | string | asc | "asc" or "desc" |
search | string | — | Full-text search across text columns |
{column} | varies | — | Filter by any column value (e.g., status=active) |
| HTTP Status | Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 403 | FORBIDDEN | Write operation attempted with read-only key |
| 404 | NOT_FOUND | Resource not found or not in your Space |
| 400 | VALIDATION_ERROR | Invalid request parameters |
| 429 | RATE_LIMIT_EXCEEDED | Too many requests (60/min limit) |
| 500 | INTERNAL_ERROR | Server error — contact support |
All endpoints are prefixed with /api/v1. Data is automatically scoped to the Space associated with your API key.
/api/v1/healthCheck API availability. No authentication required.
// Response
{ "status": "ok", "timestamp": "2026-03-10T12:00:00.000Z" }Each entity has two read-only endpoints: a list endpoint with pagination, sorting, filtering, and search, and a detail endpoint that returns a single record by ID.
Subscribe to real-time events from your Space. When something happens (a file is created, a task is completed, etc.), we send an HTTP POST to your configured URL with the event data. Webhook payloads are signed with HMAC-SHA256 so you can verify authenticity.
/api/v1/webhooksList all your webhook subscriptions
/api/v1/webhooksCreate a new webhook subscription
/api/v1/webhooks/:idGet a specific webhook
/api/v1/webhooks/:idUpdate a webhook (URL, events, active status)
/api/v1/webhooks/:idDelete a webhook subscription
/api/v1/webhooks/:id/testSend a test event to verify your endpoint
/api/v1/webhooks/:id/deliveriesView delivery history and retry status
curl -X POST \
-H "X-API-Key: tc_live_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"name": "My CRM Sync",
"url": "https://your-app.com/webhooks/tc-northwest",
"events": ["file.created", "file.updated", "contact.created"]
}' \
https://your-space.tcnorthwest.com/api/v1/webhooks
# Response (signing secret shown only once!)
{
"success": true,
"data": {
"id": "wh_42",
"name": "My CRM Sync",
"url": "https://your-app.com/webhooks/tc-northwest",
"events": ["file.created", "file.updated", "contact.created"],
"signingSecret": "whsec_abc123...",
"isActive": true,
"createdAt": "2026-03-10T12:00:00.000Z"
}
}user.createduser.updateduser.deletedcontact.createdcontact.updatedcontact.deletedfile.createdfile.updatedfile.deletedtask.createdtask.updatedtask.completedtask.deletedcalendar_item.createdcalendar_item.updatedcalendar_item.deletedcontingency.createdcontingency.updatedcontingency.deletednote.creatednote.updatednote.deletedEach webhook delivery includes a signature in the headers. Verify it using HMAC-SHA256 with your signing secret:
const crypto = require('crypto');
function verifyWebhookSignature(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}
// In your webhook handler:
app.post('/webhooks/tc-northwest', (req, res) => {
const signature = req.headers['x-webhook-signature'];
const isValid = verifyWebhookSignature(
JSON.stringify(req.body),
signature,
'whsec_your_signing_secret'
);
if (!isValid) {
return res.status(401).send('Invalid signature');
}
// Process the event
const { event, data, timestamp } = req.body;
console.log(`Received ${event}:`, data);
res.status(200).send('OK');
});import requests
API_KEY = "tc_live_your_api_key_here"
BASE_URL = "https://your-space.tcnorthwest.com/api/v1"
headers = {"X-API-Key": API_KEY}
# Fetch all active files
response = requests.get(f"{BASE_URL}/files", headers=headers)
data = response.json()
if data["success"]:
for file in data["data"]:
print(f"File #{file['id']}: {file['propertyAddress']}")
print(f" Status: {file['listingStatus']}")
print(f" Type: {file['fileType']}")
print()
print(f"Total: {data['pagination']['total']} files")
else:
print(f"Error: {data['error']['message']}")Generate your API key from your Space Settings to start building integrations today.