Attio

REST API at api.attio.com/v2/. Objects: GET /objects lists all object types (standard and custom) with their attributes. Records: POST /objects/{object_slug}/records/query for searching, POST /objects/{object_slug}/records for creation, PATCH for updates. The query endpoint supports complex filtering with attribute conditions and sorting. Lists: represent saved filtered views of records — GET /lists/{list_id}/entries. Notes: linked to records with rich text content. Tasks: linked to records with assignee and due date. Webhooks deliver events for record creation, update, and deletion across all object types. The API design is clean and modern — JSON payloads with consistent patterns across all object types. The flexible data model means the API works the same way for standard (People, Companies) and custom objects. Pagination uses cursor-based tokens.

API errors return JSON with status_code, code (machine-readable), and message (human-readable). Field-level validation errors include the specific attribute and constraint violation. Standard HTTP status codes. Rate limits are documented per-endpoint type. 429 responses include Retry-After. Record query operations have separate, tighter rate limits for complex filters. Webhook delivery retries with exponential backoff. The main maturity consideration: Attio is newer than Salesforce, HubSpot, or Pipedrive — the API is well-designed but some features are still being added. The flexible data model means validation rules are dynamic — agents must check object attribute definitions to understand valid values. For agents, the API is production-ready for standard CRM operations with growing capabilities.

Attio represents the next generation of CRM design: instead of forcing data into contacts/companies/deals, Attio provides a flexible data model where agents can define custom objects, attributes, and relationships. The standard objects (People, Companies) are pre-configured but agents can create additional objects (Projects, Products, Partnerships — anything). For agents, this flexibility means the CRM can model domain-specific data structures. The API covers objects, records, lists (filtered views), notes, tasks, and webhooks. Real-time collaboration features mean multiple agents and users can work on records simultaneously. Automation features trigger actions on record changes. For agents building CRM integrations for non-standard use cases — VC deal tracking, partnership management, recruiting — Attio's flexible model is more powerful than rigid CRM schemas.

API token authentication via Authorization: Bearer header. Tokens are created in workspace settings with configurable scopes: read-only, read-write, or full access. OAuth 2.0 for third-party integrations with authorization code flow. The token scoping is more granular than most CRM APIs: agents can create read-only tokens for data extraction or read-write tokens for management. Workspace-level access means tokens see all data in the workspace (no object-level restriction). For agents, the scoped tokens provide appropriate least-privilege access. OAuth enables building integrations that other Attio workspaces can install. Token rotation is supported. The auth model is modern and well-designed for both direct and third-party integration patterns.

Developer documentation at developers.attio.com is modern and well-organized. The API reference covers all endpoints with request/response examples. Conceptual documentation explains the data model (objects, attributes, relationships, lists) clearly — essential for understanding Attio's flexibility. Authentication guide covers token creation, scoping, and OAuth. Webhook documentation includes event types and payload schemas. The documentation reflects API-first design thinking: it's written for developers, not as an afterthought to the product. No official SDKs yet — the API is designed for direct HTTP usage. TypeScript types are available for response schemas. For agents, the data model documentation is the essential starting point — understanding objects and attributes is prerequisite to effective API use.