Documentation

RESO.tax Developer API

For firm admins — authenticate with a private API key to drop leads, read cases, post activity, and export reports.

Who this is for

The RESO.tax API is a firm-facing integration surface. Your firm's admin creates private keys under Settings → Integrations → API access. Each key has an internal name and reason (e.g. “WordPress form”, “Zapier leads”) and scoped permissions.

Scopes

  • cases:create — POST /api/v1/cases (lead intake)
  • cases:read — GET /api/v1/cases and GET /api/v1/cases/{id}
  • cases:update — PATCH /api/v1/cases/{id} (enrich phone, email, intake)
  • activity:append — POST /api/v1/cases/{id}/activity
  • reports:export — GET /api/v1/reports/{intake|revenue|sales}

Idempotency

Send Idempotency-Key: your-unique-key on POST /api/v1/cases. Retries with the same key return the original response (safe for Zapier and form double-submits). Keys are scoped per API key.

Authentication

Send your private key on every request:

  • Authorization: Bearer reso_live_…
  • x-api-key: reso_live_…

Keys are shown once at creation. Revoked keys stop immediately. Rate limit: 60 requests per minute per key.

Create a case

POST https://reso.tax/api/v1/cases — scope cases:create

Required: client_first_name, client_last_name

Optional: client_email, client_phone, external_case_id, lead_id, landing_url, intake source/campaign (UUID or slug), lead_metadata (ip, referrer, utm_*), case_type

Read cases

GET https://reso.tax/api/v1/cases — scope cases:read. Query: limit (max 100), offset, status, external_case_id

GET https://reso.tax/api/v1/cases/{case_id} — single case summary

Update a case

PATCH https://reso.tax/api/v1/cases/{case_id} — scope cases:update. Update phone, email, intake source/campaign, lead_metadata, or external_case_id on an existing lead.

Post activity

POST https://reso.tax/api/v1/cases/{case_id}/activity — scope activity:append

  • api.note — requires message (general integration note)
  • api.lead_event — requires event (funnel milestone from your CRM)

Export reports

GET https://reso.tax/api/v1/reports/intake?format=csv&from=YYYY-MM-DD&to=YYYY-MM-DD

Same pattern for revenue and sales. Scope reports:export. Omit format=csv for JSON.

Example — create case

curl -X POST https://reso.tax/api/v1/cases \
  -H "Authorization: Bearer reso_live_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "client_first_name": "Jane",
    "client_last_name": "Doe",
    "client_email": "jane@example.com",
    "client_phone": "5552014433",
    "intake_source_slug": "digital",
    "lead_id": "wp-form-88421",
    "lead_metadata": {
      "ip": "203.0.113.42",
      "landing_url": "https://yourfirm.com/free-consult",
      "utm_source": "google"
    }
  }'

IRS Logics vs RESO API

IRS Logics integration pulls matters into RESO. The RESO API pushes leads into your firm — web forms, ads, middleware. Link Logics later with external_case_id.

Security

  • HTTPS required in production — keys are rejected over plain HTTP.
  • Keys are hashed at rest with a server pepper (FIRM_API_KEY_PEPPER).
  • Per-key scopes, optional expiry, and optional IP allowlists.
  • 60 requests/minute per key (distributed rate limit).
  • Failed auth attempts are rate-limited per client IP.
  • Revoked keys stop working within seconds (short lookup cache).
  • Audit log records endpoint, outcome, and client IP per request.
  • Never embed keys in public JavaScript — server-side integrations only.

Getting started

  • Firm admin → Settings → API access → Create API key (choose scopes).
  • Copy the key once and store it in your integration.
  • Point requests at the endpoints above with the key in the Authorization header.
Was this page helpful?

Related on RESO.tax

API access (Settings)Firm admins create and revoke API keys here.IRS Logics integrationImport matters from Logics into RESO.Getting startedSet up your firm before connecting integrations.