Notes API
All endpoints require authentication. Permission checks are based on the resource type the note is attached to (e.g. notes on a deal require deals view permission). Person-specific notes have additional access scoping based on org hierarchy.
Supported Resource Types
Section titled “Supported Resource Types”Notes can be attached to: person, candidate, deal, company, contact, scorecard, review, announcement, task, project, budget, invoice, proposal.
List Notes
Section titled “List Notes”GET /api/notes/:resourceType/:resourceIdPermission: View permission on the corresponding tool
Returns all notes for a specific resource, ordered by creation date descending.
Path parameters:
| Param | Type | Description |
|---|---|---|
resourceType | string | One of the supported resource types |
resourceId | string | Resource ID |
Response: { notes }
Each note includes id, resource_type, resource_id, author_id, content, visibility, mentions, parent_id, created_at, updated_at, author_name, and author_picture.
Person notes: Filtered by the requesting user’s access_level against the note’s visibility field. Access also requires org hierarchy checks (executives see all; heads see their subtree; managers see direct reports).
Create Note
Section titled “Create Note”POST /api/notes/:resourceType/:resourceIdPermission: View permission on the corresponding tool
Path parameters:
| Param | Type | Description |
|---|---|---|
resourceType | string | One of the supported resource types |
resourceId | string | Resource ID |
Request body:
| Field | Type | Description |
|---|---|---|
content | string | Note content (required) |
visibility | string[] | Access levels that can see this note (e.g. ["executive", "head", "manager"]). executive is always included automatically |
mentions | string[] | User IDs to mention (triggers notifications) |
parent_id | string | Parent note ID for threaded replies |
Response: { id } (201)
Mentioned users receive a notification with a deep-link to the resource.
Update Note
Section titled “Update Note”PUT /api/notes/:idPermission: View permission on the corresponding tool. Only the author or executives can update.
Path parameters:
| Param | Type | Description |
|---|---|---|
id | string | Note ID |
Request body:
| Field | Type | Description |
|---|---|---|
content | string | Updated content (required) |
visibility | string[] | Updated visibility levels |
Response: { ok: true }
Delete Note
Section titled “Delete Note”DELETE /api/notes/:idPermission: View permission on the corresponding tool. Only the author or users with manage permission can delete.
Path parameters:
| Param | Type | Description |
|---|---|---|
id | string | Note ID |
Response: { ok: true }