To authenticate SaaS API, authorize your app using OAuth and request an access token with the oauth.readonly scope to read installed locations.
Actionstep uses OAuth 2.0 to securely authorize access to endpoints such as oauth/installedLocations and subscription updates for a given location.
Primary endpoints include GET /oauth/installedLocations to discover locations; POST /oauth/locationToken to exchange a location token; PUT /update-saas-subscription/:locationId to update a subscription; POST /enable-saas/:locationId to enable SaaS for a location; plus saas/location.write and oauth.write. There are additional endpoints (7–17) available for advanced workflows; not every page will use all of them.
Trigger: A new location is added in SaaS API; Actionstep pulls the installedLocations list and stores a locationToken to begin syncing.
Actions: retrieve installed locations, exchange a locationToken, write subscription data, and enable SaaS for the location.
Methods/Paths: GET /oauth/installedLocations; POST /oauth/locationToken; PUT /update-saas-subscription/:locationId; POST /enable-saas/:locationId.
Key fields: locationId, locationToken, subscriptionId, status
Trigger: Subscription changes in SaaS API trigger updates to Actionstep.
Actions: call update subscription endpoint, sync status, and adjust location tokens as needed.
Methods/Paths: PUT /update-saas-subscription/:locationId
Key fields: locationId, subscriptionId, planId
Trigger: A new SaaS location is created and triggers a locationToken exchange.
Actions: enable SaaS for the location, set up initial subscription, and verify installation.
Methods/Paths: POST /enable-saas/:locationId; POST /oauth/locationToken; GET /oauth/installedLocations
Key fields: locationId, locationToken, status
Build powerful automations without writing code—use secure OAuth connections, webhooks, and ready-made endpoints.
Faster go-to-market by reusing existing GHL endpoints and actions within Actionstep workflows.
Reliable, auditable data flows between SaaS API and Actionstep with clear versioned endpoints.
This glossary covers common terms used in the SaaS API and Actionstep integration, including locations, tokens, endpoints, subscriptions, and installs.
A linked SaaS API location representing a workspace or account that Actionstep connects to.
A time-limited token used to authorize actions for a specific location.
An instance of a SaaS API location that Actionstep has installed and is syncing with.
The plan or level of service for a location, tied to SaaS API usage.
Automatically provision a new location in Actionstep when a SaaS API location is created, pulling initial data via installedLocations.
Prebuilt templates to streamline lead to customer handoffs using location tokens and subscription updates.
Webhooks and dashboards for real-time updates on location status and subscription changes.
Collect your client ID, client secret, and the endpoints for installing locations and tokens.
Authorize the app to request a token with oauth.readonly scope.
Test in a safe environment, verify data syncing, then go live.
The oauth.readonly scope provides read access to installed locations and related data within the SaaS API. For initial setup you can start with read access and add permissions later if you need to write data or manage subscriptions. Always follow best practices for token security and rotate credentials regularly. If you need additional permissions, request them through your admin or partner portal.
To begin syncing, you primarily need endpoints for discovering locations and exchanging a token: GET /oauth/installedLocations to find locations, POST /oauth/locationToken to obtain a usable token, and PUT /update-saas-subscription/:locationId along with POST /enable-saas/:locationId to activate syncing. Other endpoints can be added later as your workflow requires, but these form the essential starting point.
Yes. You can map fields between SaaS API and Actionstep to suit your workflows. Use the locationId, subscriptionId, and other identifiers to align data fields. If a field doesn’t exist yet, you can create a corresponding field in Actionstep and push it via a supported endpoint. Test mappings in a staging environment to ensure data integrity before going live.
Data transfer uses OAuth tokens and HTTPS to secure endpoints. Store tokens securely, rotate credentials regularly, and implement least privilege access. Use webhook authentication where available and monitor access logs for unusual activity. For audits, keep a change log of token rotations, endpoint usage, and subscription updates.
No coding is required for the core integration. You can connect via the provided endpoints, build automations in Actionstep, and use prebuilt templates. If you need custom logic beyond the built-in actions, you can augment with minimal scripting or use the platform’s automation features. If advanced needs arise, consider a developer-assisted blueprint to extend capabilities while maintaining security.
LocationId and locationToken are exposed when you register a location and authenticate the SaaS API. LocationId identifies the specific workspace, while locationToken authorizes actions for that workspace. Keep both secure and reuse them in your endpoint calls for consistent syncing. If you lose a token, re-authenticate to obtain a new one and update your connections promptly.
You can add more endpoints later as your integration needs grow. The system supports additional endpoints for advanced workflows, such as deeper subscription management or custom data fields. When you expand, test new endpoints in a sandbox, update your mappings, and monitor for any potential data drift.
Due to high volume, we will be upgrading our server soon!
Complete Operations Catalog - 126 Actions & Triggers
