CustomerOS
CustomerOS Contacts API

GraphQL queries and mutations for contacts (people) - contact, contacts, contact_ByEmail, contact_ByLinkedIn, contact_Create, contact_CreateForOrganization, job roles, emails, phone numbers, and social profiles - over the customer-os-api /query endpoint.
Documentation GitHub OpenAPI
OpenAPI Specification

openapi: 3.0.1
info:
  title: CustomerOS GraphQL API
  description: >-
    HTTP transport definition for the CustomerOS (formerly Openline) customer-os-api
    GraphQL server. CustomerOS exposes a single GraphQL endpoint - POST /query -
    that handles all queries and mutations across organizations, contacts,
    opportunities, contracts, invoices, and interactions. This OpenAPI document
    models the HTTP envelope (request/response of the /query endpoint); the field-level
    operation surface is defined by the GraphQL schema, not by per-resource REST paths.
    See graphql/customeros-graphql.md and graphql/customeros-schema.graphql for the
    operation and type surface. The server is open source under Apache-2.0
    (https://github.com/openline-ai/openline-customer-os).
  termsOfService: https://customeros.ai
  contact:
    name: CustomerOS
    url: https://customeros.ai
  license:
    name: Apache-2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
  version: '1.0'
servers:
  - url: https://api.customeros.ai
    description: CustomerOS cloud (customer-os-api GraphQL endpoint)
  - url: http://localhost:10000
    description: Self-hosted customer-os-api (default local port)
tags:
  - name: GraphQL
    description: Single GraphQL endpoint for all CustomerOS operations.
paths:
  /query:
    post:
      operationId: graphqlQuery
      tags:
        - GraphQL
      summary: Execute a GraphQL query or mutation.
      description: >-
        Single GraphQL endpoint served by gqlgen. Accepts a standard GraphQL POST
        body (query, optional operationName, optional variables) and returns a
        GraphQL response envelope with `data` and/or `errors`. Authenticated per
        tenant with an API key header. Most fields are protected by @hasRole and
        @hasTenant directives in the schema.
      security:
        - ApiKeyAuth: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GraphQLRequest'
            examples:
              getOrganization:
                summary: Fetch an organization by id
                value:
                  query: |
                    query($id: ID!) {
                      organization(id: $id) {
                        metadata { id }
                        name
                        website
                      }
                    }
                  variables:
                    id: org-123
              saveOpportunity:
                summary: Save an opportunity
                value:
                  query: |
                    mutation($input: OpportunitySaveInput!) {
                      opportunity_Save(input: $input) {
                        metadata { id }
                        name
                        amount
                      }
                    }
                  variables:
                    input:
                      name: Acme Expansion
                      amount: 50000
                      internalType: UPSELL
      responses:
        '200':
          description: >-
            GraphQL response. Note that GraphQL returns HTTP 200 even when the
            response contains field-level `errors`.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GraphQLResponse'
        '401':
          description: Missing or invalid API key.
        '403':
          description: Authenticated but not authorized for the requested tenant or role.
  /playground:
    get:
      operationId: graphqlPlayground
      tags:
        - GraphQL
      summary: GraphQL Playground UI.
      description: >-
        Interactive GraphQL Playground served by the customer-os-api server when
        enabled in configuration. Returns an HTML page.
      responses:
        '200':
          description: Playground HTML page.
          content:
            text/html:
              schema:
                type: string
components:
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-Openline-API-KEY
      description: >-
        Per-tenant API key. The open-source customer-os-api validates an API key
        header and resolves the tenant before applying @hasRole / @hasTenant
        directives. Header name and exact auth flow depend on deployment; the
        documented customeros.ai cloud REST surface uses X-CUSTOMER-OS-API-KEY.
  schemas:
    GraphQLRequest:
      type: object
      required:
        - query
      properties:
        query:
          type: string
          description: The GraphQL query or mutation document.
        operationName:
          type: string
          description: Name of the operation to execute when the document defines several.
        variables:
          type: object
          additionalProperties: true
          description: Variable values for the operation.
    GraphQLResponse:
      type: object
      properties:
        data:
          type: object
          additionalProperties: true
          nullable: true
          description: Result data keyed by the requested root fields.
        errors:
          type: array
          description: Field- or request-level errors, if any.
          items:
            $ref: '#/components/schemas/GraphQLError'
    GraphQLError:
      type: object
      properties:
        message:
          type: string
        path:
          type: array
          items:
            type: string
        extensions:
          type: object
          additionalProperties: true
CustomerOS Contacts API

Documentation

Specifications

Other Resources

OpenAPI Specification
