CRM Solid logo
Developer API

Send a Telegram DM
with one POST.

A production-grade REST API for Telegram and X automation. Bearer auth, scoped keys, idempotency, rate-limit headers, outbound webhooks. No SDK required.

Get API keyView OpenAPI docs
  • JSON over HTTPS
  • Low-latency responses
  • Reliable by design
~/api-solid: bash
curl -X POST \
https://api.crmsolid.com/v1/messages/send \
-H "Authorization: Bearer cs_live_***" \
-H "Idempotency-Key: 9d2c-44e1" \
-H "Content-Type: application/json" \
-d '{
"account_id": 7421,
"to": "@sarah_miller",
"text": "Hey {first_name}, your invite is ready"
}'
Response200 OK · 187 ms
{
"id": "msg_01HKQ9R2X3",
"status": "queued",
"eta": "2026-05-06T14:32:18Z"
}
Pick your stack

Same endpoint. Four languages.

One JSON contract. Copy, paste, ship. The full OpenAPI spec covers every endpoint, every error, every webhook payload.

curl -X POST https://api.crmsolid.com/v1/messages/send \
-H "Authorization: Bearer cs_live_***" \
-H "Idempotency-Key: $(uuidgen)" \
-H "Content-Type: application/json" \
-d '{"account_id":7421,"to":"@sarah_miller","text":"Welcome aboard"}'

Full reference + error catalog at api.crmsolid.com/swagger

Authentication

Scoped keys. Least privilege by default.

Generate scoped API keys: read-only for analytics dashboards, write-scoped for production senders, manage-scoped for ops automation. Rotate without downtime; keys overlap during cutover so nothing breaks.

  • Bearer authentication

    Pass Authorization: Bearer cs_live_… on every request. Live and test keys are visually distinct so production flows stay safe.

  • Scoped permissions

    Pick the smallest set of scopes a key needs. A leaked dashboard key can never send a message.

  • Zero-downtime rotation

    Issue a replacement, deploy, then revoke the old key. Both are valid during the overlap window; no thundering-herd 401s.

Production sender
LIVE
cs_live_a4f9_•••••••••••••••
Scopes
read:contacts
read:messages
read:analytics
write:messages
write:contacts
manage:sequences
manage:webhooks
Reliability

Backpressure that tells you everything.

Idempotency keys mean retries are safe: never send the same message twice. Rate-limit headers tell your client when to slow down before a 429 ever lands.

Response · 200 OK187 ms
X-RateLimit-Limit:600
X-RateLimit-Remaining:588
X-RateLimit-Reset:42
Retry-After:12

Idempotency keys

Pass Idempotency-Key on every write. Retries return the original response. No duplicate messages, ever.

Adaptive rate limits

Defaults: 600 req/min and 50 sends/day per Telegram account, with auto flood-wait handling. Headers expose remaining budget so you never have to guess.

Stable error catalog

Every error returns a stable code you can branch on, plus a human message you can surface. RFC 7807 problem-detail format.

Webhooks

Outbound webhooks for every event.

Receive every CRM event in real time. HMAC-SHA256 signatures, automatic retries with exponential backoff, and a delivery log you can replay.

More events

message.sent · message.failed · contact.created · contact.tagged · sequence.started · sequence.paused · job.completed · subscription.upgraded

POST · your-handler
delivered
{
"event": "message.received",
"id": "evt_01HKQ9R2X7",
"created_at": "2026-05-06T14:32:18Z",
"account_id": 7421,
"contact": "@sarah_miller",
"text": "Hey, can you send the demo?",
"thread_id": "th_5829"
}
Verify on receipt
const sig = crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
if (sig !== headers['x-signature']) return 401;

Build with CRM Solid. Ship in minutes.

Generate a sandbox key, paste a curl, watch the message land. The full production contract is the same shape. No rewrites between dev and prod.

Get API keyRead the docs
  • Free sandbox tier
  • Live keys in < 60 seconds
  • HMAC-signed webhooks

Already have an account? Find your keys in Settings → API

We value your privacy

We use cookies to improve our site, analyze traffic, and personalize ads. You can accept all, reject non-essential, or customize your choices. Read our Cookie Policy.