T Topolo Docs

Application API

TopoloCRM

Clear API and contract surface for TopoloCRM, grouped under the application instead of split across generic reference sections.

openapi srv_iCwM4jGXcwlj

Documentation Map

Authority

Service IDs:

srv_iCwM4jGXcwlj

Repos:

Hosts:

https://crm.topolo.app https://crm-api.stg.topolo.us https://crm.stg.topolo.us

Dependencies: topolo-auth, topolo-one, applications-packages

Depends on Topolo Auth: yes

Contract Source

Type: openapi

Source: PlatformApplications/TopoloCRM/packages/backend/openapi.yaml

Source exists: no

CRM owns its worker API contract and delegates browser login, cookie refresh, logout propagation, one-time `sso_code` callback exchange, and shared-launcher Auth data reads to the shared Auth client plus same-origin `/api/auth/*` worker gateway. CRM resolves its concrete Auth service id dynamically from the Auth catalog slug `topolo-crm`; the source-owned identity lives in the CRM repo `app-identity.ts`, and browser, backend, API-key, widget, notification, and seed-caller paths must not hardcode concrete `srv_*` or `svc_*` ids. The explicit `/login` route renders the branded shared LoginPage without an initial refresh probe, embedded password-login success returns to the CRM route tree after shared Auth token persistence, shared Auth token update events are treated as already-persisted state, and the browser app does not expose a legacy `/sso?token=` token handoff route or app-local `/sso/exchange` parser. CRM keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal reloads do not appear logged out before cookie refresh completes. The callback route guards one-time code exchange with a fixed `/dashboard` completion target so Auth home-path re-resolution cannot retry an already consumed `sso_code`. CRM exposes `GET /api/widget` with the shared `@topolo/sdk` widget response contract for TopoloOne live workspace.

API key scopes in Auth catalog: 44

Auth Requirements

No global OpenAPI security scheme is declared.

  • activities.read
  • activities.write
  • api_keys.write
  • attachments.read
  • attachments.write
  • commissions.read
  • commissions.write
  • companies.read
  • companies.write
  • contacts.read
  • contacts.write
  • deals.read
  • deals.write
  • documents.read
  • documents.write
  • listings.read
  • listings.write
  • notes.read
  • notes.write
  • offers.read

Runtime and Deployment

Wrangler surfaces: none detected

Environment variables: none derived

Routes: workers.dev or Pages-only delivery

Observability enabled: no explicit signal found

Runtime Surface

Wrangler surfaces: No wrangler file detected in scanned surface

This application does not yet have a source-controlled OpenAPI spec in the docs platform. The current API page is derived from the registered contract source and repository surface.

Failure modes

  • No wrangler.toml surface was discovered under the registered repo paths.
  • The registered contract source is missing: PlatformApplications/TopoloCRM/packages/backend/openapi.yaml
  • Neither OpenAPI nor README-derived interface detail was found.