Authentication uses OAuth 2.0 to obtain an access token that authorizes Cone to call the Contacts API. Request the scope ‘contacts.readonly’ to limit permissions to read operations.
In Cone, configure your GHL app credentials in Settings > API Access. Store tokens securely and rotate them regularly. Use refresh tokens to maintain ongoing access.
Endpoints available in this Cone integration with the Contacts API include: 1) GET /contacts/:contactId 2) GET /contacts/:contactId/tasks 3) GET /contacts/:contactId/tasks/:taskId 4) GET /contacts/:contactId/notes 5) GET /contacts/:contactId/notes/:id 6) GET /contacts/:contactId/appointments 7) GET /contacts/ 8) GET /contacts/business/:businessId 9) contacts.write 10) POST /contacts/ 11) PUT /contacts/:contactId 12) DELETE /contacts/:contactId 13) POST /contacts/:contactId/tasks 14) PUT /contacts/:contactId/tasks/:taskId 15) PUT /contacts/:contactId/tasks/:taskId/completed 16) DELETE /contacts/:contactId/tasks/:taskId 17) POST /contacts/:contactId/tags
Trigger: Retrieve the latest contact data on demand when a contact is opened or viewed in Cone.
Actions: Sync core profile fields (name, email, phone) and link to related tasks, notes, and appointments for quick context.
GET /contacts/:contactId
Key fields: contactId, name, email, phone
Trigger: New or updated tasks attached to a contact in Cone.
Actions: Pull task data into Cone, update status, due dates, and completion state.
GET /contacts/:contactId/tasks
Key fields: taskId, status, dueDate, title
Trigger: New or updated notes for a contact.
Actions: Retrieve notes and attach to the contact timeline in Cone for complete history.
GET /contacts/:contactId/notes
Key fields: id, text, createdAt
Faster onboarding: connect data between Cone and the Contacts API without writing code, using visual builders and prebuilt actions.
Automate cross‑app workflows from contact updates, reducing manual data entry and errors.
Secure, token‑driven access with scoped permissions to protect sensitive contact data.
This glossary defines authentication, endpoints, scope, tokens, and data mapping as they relate to Cone’s integration with the Contacts API.
The OAuth 2.0 process used to obtain an access token that authorizes Cone to call the Contacts API securely.
A specific URL path that performs a defined operation, such as retrieving a contact or updating a task.
Permissions granted to your app (for example, contacts.readonly) that determine which data can be accessed.
A short‑lived credential used to authorize API requests for a limited period.
Automatically generate tasks in Cone when notes are added in the Contacts API, turning discussions into action items.
Build a chronological activity feed in Cone showing changes to contacts, tasks, and notes for faster context.
Receive proactive alerts when essential fields like email or phone are missing from a contact record.
In Cone, create a new OAuth client and note the client ID and secret; configure the redirect URI for your app.
Request an access token with the necessary scope (contacts.readonly) and securely store the refresh token for continued access.
Test API calls in a sandbox, validate data mappings, then deploy the integration with proper error handling and monitoring.
The required scope for read access is typically contacts.readonly. This scope permits Cone to fetch contact data, tasks, notes, and related items without modifying the source data. If you anticipate needing write access later, you would need elevated permissions from your GHL administrator. For most read-only dashboards, this scope is sufficient. If you require additional capabilities, plan for a separate app registration with expanded scopes. To get started, request an access token using the OAuth flow and ensure you refresh tokens regularly to maintain uninterrupted access.
Start with OAuth 2.0: in Cone, register your GHL app and obtain a client ID and secret. Initiate the authorization flow to obtain an authorization code, then exchange it for an access token with the appropriate scope (contacts.readonly). Store the access token securely and refresh it using the refresh token when it nears expiration. Repeat the process as needed to maintain a valid session. Documentation and sandbox testing environments help validate token scopes and the exact endpoints you plan to call.
Key read endpoints include GET /contacts/:contactId, GET /contacts/:contactId/tasks, GET /contacts/:contactId/notes, and GET /contacts/. These endpoints let you pull core contact data, associated tasks, and notes. The endpoint list also covers related resources like appointments and business information related to a contact. All are read-only when using the default scope of contacts.readonly.
With the default read-only scope, Cone cannot create or update contacts or tasks. To perform writes, you would need elevated permissions and a separate app registration. If you anticipate needing write operations, coordinate with your GHL admin to request the necessary scope and update your integration accordingly. Always follow least-privilege practices.
Data mapping involves aligning Cone fields (name, email, phone) with the corresponding API response fields. Keep a mapping document, and use transformation rules to handle date formats, IDs, and missing values. Validate mappings during sandbox testing before going production.
Due to high volume, we will be upgrading our server soon!
Complete Operations Catalog - 126 Actions & Triggers
