Nutshell CRM API
JSON-RPC and REST API for managing sales CRM data in Nutshell including contacts, companies, leads, activities, and pipeline stages for small to mid-sized sales teams.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
All traffic over TLS. Basic Auth with API keys is a weaker auth pattern compared to OAuth 2.0 — keys are long-lived, have no expiry by default, and grant full account access. No scope granularity means integrations cannot be least-privileged. Webhooks lack signature verification. SOC 2 certification provides some assurance at the platform level.
⚡ Reliability
Best When
You need a simple, approachable CRM API for automating sales workflows for small to mid-sized teams already on Nutshell.
Avoid When
You need enterprise CRM features like complex role-based access control, advanced reporting, or deep ERP integration.
Use Cases
- • Create and update leads from inbound form submissions or external lead sources
- • Sync contact and company records bidirectionally with marketing automation tools
- • Query pipeline data by stage and owner to generate weekly sales reports
- • Automate activity logging for calls and emails from communication platforms
- • Move leads through pipeline stages based on external triggers such as contract signatures or payments
Not For
- • Enterprise-scale CRM with complex approval workflows, territory management, or multi-org hierarchies
- • Marketing campaign management or email automation at scale
- • Customer support ticketing — Nutshell is sales-focused only
Interface
Authentication
Uses HTTP Basic Authentication with the user's email address and an API key as the password. API keys are generated per user from the Nutshell account settings. No OAuth support — all API access is tied to a specific user account. For automated agent use, a dedicated service user account with an API key is the recommended pattern. Lack of OAuth and scopes means API keys grant full account access with no granularity.
Pricing
API access is included with all Nutshell paid plans. No credit card required for the 14-day trial. Pricing is per user per month billed annually or monthly.
Agent Metadata
Known Gotchas
- ⚠ The API is primarily JSON-RPC 2.0, not REST — requests are POST calls to a single endpoint with method names like 'findLeads' and 'newLead' rather than standard HTTP verbs and resource paths; agents expecting REST patterns must adapt to this paradigm
- ⚠ API keys are scoped to a user account with no granularity — a compromised API key gives full account access to all contacts, leads, and company data; agents should use a dedicated service user account and rotate keys regularly
- ⚠ Rate limits are undocumented and vary based on account tier and usage patterns — agents should implement conservative rate limiting (no more than 2-3 requests per second) and treat 429 responses as a signal to back off significantly
- ⚠ Webhook payloads do not include a signature or secret token for verification — agents receiving Nutshell webhooks cannot cryptographically verify that the payload came from Nutshell, requiring IP allowlisting or other validation approaches
- ⚠ Lead and contact deduplication is not enforced by the API — creating a contact or lead with an existing email address creates a duplicate rather than returning the existing record; agents must query by email before creating to prevent duplicate proliferation
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Nutshell CRM API.
Scores are editorial opinions as of 2026-03-06.