Every screen in the dealer app is a public API call away. Pull inventory, push leads, listen for deal events, drop Herald into your own product. REST with a uniform { ok, data } envelope, idempotency keys, OpenAPI 3.1 spec.
A read-only sandbox returns the same Unit records as the production /api/v1/units (demo responses skip the { ok, data } envelope). Permissive rate limit (100/min). No bearer token needed.
/api/v1/unitsstable/api/v1/unitsstable/api/v1/units/{id}stable/api/v1/leadsstable/api/v1/leadsstable/api/v1/dealsstable/api/v1/deals/{id}/deskPlanned — Q3 2026/api/v1/callsPlanned — Q3 2026/api/v1/calls/{id}/transcriptPlanned — Q3 2026/api/v1/herald/dispatchPlanned — Q3 2026/api/v1/reports/funnelPlanned — Q3 2026Everything marked Planned — Q3 2026 is on the roadmap, not behind a flag: it returns 404 today and we'd rather tell you than let you find out. Live endpoints are documented in the full API reference.
import { ADP } from '@autodealerpro/sdk';
const client = new ADP({
apiKey: process.env.ADP_API_KEY!,
tenant: 'acme-motors',
});
// Pull inventory
const { items } = await client.units.list({
status: 'available',
limit: 50,
});
// Push a lead
await client.leads.create({
name: 'Marcus Webb',
phone: '+14155550118',
vehicleId: 'a4830',
source: 'partner',
});
// Listen for deal funded events
client.events.on('deal.funded', (deal) => {
console.log('Funded', deal.id, deal.totalGross);
});# List inventory
curl https://api.autodealerpro.io/v1/units?status=available \
-H "Authorization: Bearer $ADP_API_KEY" \
-H "X-Tenant: acme-motors"
# Create a lead
curl -X POST https://api.autodealerpro.io/v1/leads \
-H "Authorization: Bearer $ADP_API_KEY" \
-H "X-Tenant: acme-motors" \
-H "Idempotency-Key: \$(uuidgen)" \
-H "Content-Type: application/json" \
-d '{
"name": "Marcus Webb",
"phone": "+14155550118",
"vehicleId": "a4830"
}'
# Verify a webhook signature
echo -n "$body" | openssl dgst -sha256 -hmac "$ADP_WEBHOOK_SECRET"
# Compare to header X-ADP-Signature in constant timelead.createdlead.qualifiedlead.converteddeal.createddeal.signeddeal.fundedunit.createdunit.soldunit.agedcall.completedcall.escalatedservice.openedservice.completedread:inventory — list / get units, no PIIwrite:inventory — create / update / delete unitsread:leads — leads + scores + activitywrite:leads — create + update leads, log activityread:deals — deals + deskingread:calls — Herald transcripts + summariesadmin:* — full tenant access (requires owner role)| Plan | Burst | Sustained |
|---|---|---|
| Independent | 600 / min | 100 req/sec |
| Franchise | 3,000 / min | 500 req/sec |
| Enterprise | Custom | Custom |
Headers: RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset — the RateLimit header fields (IETF httpapi draft); 429 responses per RFC 6585.
The no-auth demo API is open right now — no signup. Production API keys are provisioned by us while self-serve key management is built; email us and you'll have one the same day — no developer-relations cosplay, no "tell us about your use case" survey.