The DmTracker API lets you programmatically create contacts, update tags, change lead statuses, and integrate DmTracker with external tools like ManyChat, Zapier, and custom applications.
Who is this for?
Developers building custom integrations with DmTracker
Automation builders connecting DmTracker to tools like ManyChat, Zapier, n8n, or Make
Teams that want to sync DmTracker data with their CRM, analytics, or internal systems
No special SDK is required. The API uses standard HTTPS requests with JSON payloads, so you can call it from any language or platform.
Base URL
All API requests are made to:
https://app.dmtracker.ai/api/v1
Every endpoint path in this documentation is relative to this base URL. For example, the create contact endpoint is:
POST https://app.dmtracker.ai/api/v1/organization/create-contact
Authentication
DmTracker supports two authentication methods depending on your use case.
Organization Auth Token (recommended for integrations)
This is the method you should use for all external integrations, webhooks from ManyChat, automation platforms, and server-to-server communication.
Pass your token in the x-org-auth-token header with every request:
curl -X POST https://app.dmtracker.ai/api/v1/organization/create-contact \
-H "Content-Type: application/json" \
-H "x-org-auth-token: your-org-auth-token-here" \
-d '{ "username": "johndoe" }'
When to use: ManyChat webhooks, Zapier/n8n integrations, custom backend scripts, any external system pushing data into DmTracker.
JWT Bearer Token (internal/dashboard use)
This method is used by the DmTracker web dashboard and internal services. It uses a standard Authorization: Bearer <token> header.
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
When to use: This is primarily for internal use by the DmTracker frontend. If you are building an external integration, use the Organization Auth Token instead.
Note: JWT tokens are short-lived and tied to a user session. They are not suitable for long-running automations or server-to-server communication.
Finding Your Organization Auth Token
Log in to DmTracker at app.dmtracker.ai
Navigate to Settings β Connections from the left sidebar
Your Organization Auth Token and Organization ID are displayed here. Click Copy to copy them to your clipboard.
Keep your token secure. Treat it like a password:
Never commit it to a public repository
Never expose it in client-side JavaScript
Store it in environment variables or a secrets manager
If you believe your token has been compromised, regenerate it from the same Settings page
Rate Limits
To ensure fair usage and platform stability, the API enforces the following rate limits:
Endpoint | Limit |
| 60 requests per minute per organization |
All other endpoints | No hard limit (fair use policy applies) |
When you exceed the rate limit, the API returns a 429 Too Many Requests response:
{
"error": "Rate limit exceeded",
"message": "You have exceeded the maximum of 60 requests per minute. Please wait before retrying.",
"retry_after": 30
}
Best practices for staying within limits:
Batch your operations where possible instead of sending one request per contact in rapid succession
Implement exponential backoff when you receive a 429 response
Space out bulk imports over time (e.g., 1 request per second for large lists)
Error Response Format
All API errors follow a consistent JSON structure:
{
"error": "Error type",
"message": "A human-readable description of what went wrong."
}
Common HTTP Status Codes
Status Code | Meaning | Typical Cause |
| Success | Request processed successfully |
| Bad Request | Missing required fields, invalid field values, or malformed JSON |
| Unauthorized | Missing or invalid auth token |
| Forbidden | Token does not have permission for this operation |
| Not Found | Endpoint does not exist or resource not found |
| Unprocessable Entity | Request is well-formed but contains semantic errors (e.g., invalid username format) |
| Too Many Requests | Rate limit exceeded |
| Internal Server Error | Something went wrong on our end. Contact support if this persists. |
Example Error Responses
Missing auth token (401):
{
"error": "Unauthorized",
"message": "Missing or invalid x-org-auth-token header."
}
Missing required field (400):
{
"error": "Bad Request",
"message": "The 'username' field is required."
}
Contact not found (404):
{
"error": "Not Found",
"message": "No contact found with the specified username."
}
Next Steps
API Endpoints Reference -- Full details on every endpoint, request/response examples, and field descriptions.