Quickstart Guide
Realpad offers a REST-like API that allows third-party integrators to interact with real estate project data. You can fetch pricelist information, submit and verify leads, export data as Excel files, and sync incoming payments from accounting software.
This guide walks you through the basics: how the API is structured, how to authenticate, and how to make your first API call.
API Overview
The API is organized into three areas, each serving a different integration use case:
Landing Page
Fetch pricelist data for project websites; submit and verify leads
get-projects-info, get-project, create-lead, list-leads
Data Takeout
Export data as Excel files (projects, units, customers, deals, etc.)
list-excel-projects, list-excel-products, list-excel-customers, list-excel-deals, and more
Payments
Sync incoming payments from accounting software
add-incoming-payment
What the API can do
Read project data: units, pricelists, floor plans, availability
Submit new leads (inquiries) from your website or landing page
Verify that submitted leads arrived using
list-leadsExport wide data sets as Excel files for BI tools or backups
Push incoming payment records from accounting software
What the API cannot do
Modify prices, unit statuses, or availability β project data is read-only
Create or update deals, customers, or other CRM entities directly
Manage user accounts or permissions
If your use case is not yet covered, reach out to [email protected]. We are actively expanding API capabilities β see our roadmap for what's coming next.
Authentication
Credentials
Every API request requires two form parameters for authentication:
loginβ your integration account usernamepasswordβ your integration account password
These are sent as part of the request body (form-encoded), not as HTTP headers.
How to get credentials
Your Realpad project administrator (or Realpad support acting on their behalf) sends an invitation email with your credentials. If you're unsure who to contact, reach out to [email protected].
Credential scoping
Credentials are scoped to specific projects and specific API areas
The convention is two credential pairs per project: one for pricelist endpoints, one for lead submission
A single set of credentials cannot access endpoints outside its assigned area
For details on banning, rate limiting, and error responses, see the Authentication & Error Handling reference.
Making Your First API Call
Base URL
All API endpoints are available at:
Request format
HTTP method: POST
Content-Type:
application/x-www-form-urlencodedCredentials and all parameters are sent as form-encoded body parameters
The Content-Type must be application/x-www-form-urlencoded (or multipart/form-data where applicable). Sending application/json will result in a 415 error.
Example 1: Get project information
The simplest endpoint to start with is get-projects-info. It returns a list of projects your credentials have access to.
Expected response (HTTP 200, JSON):
What to look for:
developer-idβ your tenant identifier, present in all subsequent callsprojectsβ the list of projects your credentials can accessproject-idβ you'll need this for calls likeget-project
Example 2: Submit a lead
Once you know your project-id, you can submit a lead using create-lead:
Response:
201 Created β a new lead was created
200 OK β a lead with matching contact details already existed (no duplicate created)
Both responses return lead details. If you include the Accept: application/json header, the response will be JSON; otherwise it defaults to XML.
Common Gotchas
Content-Type must be form-encoded
The most common integration mistake is sending application/json as the Content-Type. The API expects application/x-www-form-urlencoded. Sending the wrong Content-Type results in a 415 Unsupported Media Type error.
Banning on failed logins
The API enforces two independent ban mechanisms β either one being triggered results in a ban:
Per-user banning (by login username): after 2 failed attempts, exponential backoff starts:
2
2 minutes
3
4 minutes
4
8 minutes
5+
1 day (maximum)
Per-IP banning (by source IP address): after 10 failed attempts, exponential backoff starts:
10
10 minutes
11
20 minutes
12
40 minutes
15+
1 day (maximum)
The request that triggers the ban returns 429 Too Many Requests with a
Retry-Afterheader (value in seconds)All subsequent requests while banned return 401 Unauthorized β the ban is invisible until it expires
If you're testing and accidentally trigger a ban, wait for the
Retry-Afterduration to expire. There is no manual reset available via the API.
Rate limiting on Data Takeout endpoints
Excel export endpoints (list-excel-*) enforce a 5-minute cooldown between calls per user and endpoint. Calling more frequently returns 429 with a Retry-After header.
Response format varies by endpoint
Not all endpoints return the same format:
get-projects-info, list-leads
Always JSON
create-lead, get-customer-details
JSON if Accept: application/json header is sent; XML otherwise
get-project
XML only
list-excel-*
Excel files (.xls by default; send the xlsx parameter to get .xlsx)
add-incoming-payment
Plain text (payment ID)
Next Steps
Fetching Pricelist Data β
get-projects-infoandget-projectendpointsSending Leads β
create-lead,get-customer-details, andlist-leadsendpointsData Takeout β Excel export endpoints
Payments β
add-incoming-paymentendpointAuthentication & Error Handling β status codes, banning, rate limiting
FAQ / Troubleshooting β common issues and how to resolve them
Need help? Contact [email protected].
Last updated