Introduction

The Popl Open API lets your team programmatically work with the same data your reps capture in the field: leads, contacts, members, and analytics. Use it to export data to systems without a native connector, keep external databases in sync, or poll for new event leads in near real time. For endpoint docs and schemas, see the official Popl Open API documentation.

What you can do

• Leads: read newly captured event leads, enrichments, tags, qualifiers, and notes; write back updates where appropriate. Source data includes scans from badges, paper cards, QR codes, and digital cards. See the Event Lead Capture section for capture methods.

• Contacts: manage contact records associated with leads/cards.

• Members: automate provisioning, updates, or deactivation of users (e.g., during onboarding/offboarding). See the Popl Teams and SSO/SCIM references below.

• Analytics: pull team, campaign, and event metrics to feed BI dashboards.

• Complement native integrations: when a direct connector exists, prefer it (e.g., HubSpot guide, Salesforce guide). Use the Open API for custom destinations and workflows. See the integrations overview and CRM Integrations section.

Object coverage at a glance

Authentication

• Scheme: API key via Authorization header (Bearer). Keys are account‑specific.

• Who can create keys: Popl Teams users with Full Team Admin permissions only. Keys created by a Full Team Admin are required for team‑wide lead access.

• Header: Authorization: Bearer <YOUR_API_KEY>

• Key visibility: each key is shown only once on creation—copy and store it securely. The dashboard displays a label you choose and a “Date Last Used” column for hygiene/rotation.

• Delete behavior: deleting a key removes it from the list view; it does not break an already-configured integration that has stored the key. You can safely rotate by issuing a new key, updating your secret store, then deleting the old key.

Generate and manage API keys (step‑by‑step)

1) In the Popl Teams dashboard, navigate to Admin → API Keys. (Full Team Admin required.) 2) Click Create API Key, add a clear label (e.g., “RevOps‑Segment‑Prod”), and generate. 3) Copy the key immediately (one‑time visibility) and place it in your secrets manager. 4) Confirm that “Date Last Used” appears after your first successful call. 5) For rotation: create a new key, deploy it to all consumers, verify traffic has migrated (old key’s last‑used timestamp stops advancing), then delete the old key.

Sample requests (header usage only)

Note: Endpoint paths and request/response schemas are documented in the Popl Open API docs. The snippets below illustrate header usage and payload structure only, and use placeholder endpoints as examples.

# List recent leads (illustrative)

curl -s \
 -H "Authorization: Bearer $POPL_API_KEY" \
 -H "Content-Type: application/json" \
 <API_BASE_URL>/v1/leads?captured_after=2025-10-01T00:00:00Z

# Create or update a contact (illustrative)

curl -s -X POST \
 -H "Authorization: Bearer $POPL_API_KEY" \
 -H "Content-Type: application/json" \
 -d '{
 "email": "[email protected]",
 "first_name": "Alex",
 "last_name": "Rivera",
 "company": "Example Co"
 }' \
 <API_BASE_URL>/v1/contacts

Quickstart: pull leads into your CRM/data warehouse

1) Create a Full Team Admin key (Admin → API Keys). Copy once and store securely. 2) Validate auth with a simple GET (expect 200/401 depending on header). 3) Poll for new leads on an interval (e.g., every 2–5 minutes) using a cursor or captured_after filter; upsert by stable IDs. 4) Map fields to your destination schema. For HubSpot/Salesforce, prefer the native connectors. 5) Monitor for errors and use the dashboard’s “Date Last Used” to confirm healthy traffic.

SSO, SCIM, and directory sync

• SSO (SAML): Azure AD (Entra ID) and Okta are supported for secure login at scale. See enterprise overview at Popl's enterprise page.

• SCIM/Provisioning: Automate member lifecycle via SSO/SCIM; combine with the Open API for advanced workflows.

• Azure AD member sync: guide and field mappings are available for syncing members from Microsoft Active Directory (Entra ID).

Security, compliance, and support

• Security & compliance: Popl is SOC 2 Type 2 and GDPR‑aligned. See the Data Protection Addendum (DPA) and SOC 2 announcement for more details.

• Support: [email protected] (typical first response 6–8 hours) and 24/7 in‑app chat. See support options and staffed hours in the support documentation.

Key rotation and storage best practices

• Use a secrets manager (e.g., AWS Secrets Manager, GCP Secret Manager, Azure Key Vault); never hard‑code keys or commit them to VCS.

• Create separate keys per integration/service to simplify blast radius and auditing.

• Rotate on a fixed cadence (e.g., 60–90 days) or on compromise; use “Date Last Used” to verify cut‑over before deletion.

• Restrict read/write to the minimum necessary in your consuming systems; avoid logging request headers/body fields that may include secrets or PII.

• Monitor for unusual call patterns and alert on auth failures.

FAQ

• Who can generate API keys? Full Team Admins in Popl Teams. Keys made by a Full Team Admin are required for team‑wide lead access.

• Are keys visible after creation? No—copy on creation and store securely. The dashboard shows labels and “Date Last Used.”

• Does deleting a key break my app? Deleting removes it from the list and does not affect the integration that already stored the key. Issue a new key, update your secret, then delete the old one.

• Where do I find endpoints and schemas? The full reference is available in the Popl documentation.

Helpful references

• Popl Open API reference: See Popl documentation.

• HubSpot integration: Refer to the integration guides in Popl documentation.

• Salesforce integration: Refer to the integration guides in Popl documentation.

• Popl Teams (enterprise/SSO/SCIM): See Popl's enterprise and Teams product pages.

• Data Protection Addendum (DPA): See Popl's DPA information.

• Contact support: [email protected]