CRM Integrations
Sync leads and events with your CRM. When a lead replies, bounces, or books a meeting, Cleanmails can automatically create or update records in your CRM.
Native Integrations
| CRM | Connection Method | Capabilities |
|---|---|---|
| HubSpot | OAuth2 | Create/update contacts, create deals, associate deals to contacts, sync lead status |
HubSpot Integration
The HubSpot integration syncs automatically on these events:
- Lead replied — Creates or updates the contact in HubSpot, sets status to "OPEN"
- Meeting booked — Creates a deal in the default pipeline + associates to contact
- Lead bounced — Updates contact status to "UNQUALIFIED"
Contact fields synced: email, first name, last name, company, job title, lead status.
OAuth2 CRMs (URL Generation)
The following CRMs have OAuth2 authorization URL generation built in. Full token exchange is being expanded:
| CRM | Status |
|---|---|
| Salesforce | OAuth URL ready — requires SALESFORCE_CLIENT_ID env var |
| Pipedrive | OAuth URL ready — requires PIPEDRIVE_CLIENT_ID env var |
Via Automation Platforms
For CRMs without native integration, connect through webhooks and automation platforms:
| CRM | Connect Via |
|---|---|
| Salesforce | Zapier, Make, n8n |
| Pipedrive | Zapier, Make, n8n |
| GoHighLevel | Webhooks, Zapier |
| Zoho CRM | Zapier, Make |
| Close | Zapier, n8n |
| Freshsales | Zapier, Make |
Use Cleanmails webhooks (9 event types with HMAC-signed payloads) as triggers in your automation platform to push data to any CRM.
Connecting HubSpot
- Go to Settings → Integrations
- Click Connect on HubSpot
- Complete the OAuth2 authorization flow
- Grant permissions:
crm.objects.contacts.write,crm.objects.deals.write - You'll be redirected back to the settings page
All OAuth tokens and API keys are encrypted with AES-256-GCM using your ENCRYPTION_KEY before storage. They are never exposed in API responses.
Connection Types
The integration system supports three connection methods:
| Type | Providers | How It Works |
|---|---|---|
| OAuth2 | HubSpot, Salesforce, Pipedrive | User authorizes via redirect → tokens stored encrypted |
| Webhook | Slack, Discord, Telegram, Notion, Google Sheets | Paste webhook URL → events POST to that URL |
| API Key | Any provider without OAuth | Enter API key → stored encrypted |
API
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/workspaces/:wid/integrations | List all integrations |
| POST | /api/v1/workspaces/:wid/integrations/:provider/connect | Connect (returns OAuth URL or saves key) |
| DELETE | /api/v1/workspaces/:wid/integrations/:provider | Disconnect |
| GET | /api/v1/workspaces/:wid/integrations/:provider/callback | OAuth callback handler |