GET /api/agent/contacts/{id}
Drill into a single contact by Xero external id. Returns LTV, payment-days median, cadence, ABC tier, last invoice + bill, and a recent-paid-invoices list with line-item account context. Sensitive root: returns 404 indistinguishable from a genuine miss when the contact is flagged sensitive and the key lacks READ_SENSITIVE. Sensitive sub-field: paid-invoice entries on sensitive account codes have their accountName masked to Sensitive account.
Auth
- Required scope:
READ_CONTACTS - Header:
Authorization: Bearer cr_live_<prefix>_<secret>
Query parameters
| Name | Type | Required | Notes |
|---|---|---|---|
id | string | yes | Xero contact external id. |
Responses
200 — Single-contact drill payload
Body: ContactDrillResponse
| Field | Type | Required | Notes |
|---|---|---|---|
contact | ContactDrill | yes | |
redactedItemCount | integer | yes | Number of recentPaidInvoices[] entries masked due to sensitive-account gating. |
billingAlert | BillingAlert | no | |
xeroAlert | XeroAlert | no |
401 — Unauthorized
Body: ErrorResponse
| Field | Type | Required | Notes |
|---|---|---|---|
error | string | yes |
403 — Key lacks the required scope
Body: ErrorResponse
| Field | Type | Required | Notes |
|---|---|---|---|
error | string | yes |
404 — Contact does not exist for the org — or exists but is flagged sensitive and the key lacks READ_SENSITIVE.
Body: ErrorResponse
| Field | Type | Required | Notes |
|---|---|---|---|
error | string | yes |
429 — Rate-limited or quota-exhausted
Body: ErrorResponse
| Field | Type | Required | Notes |
|---|---|---|---|
error | string | yes |
Response headers
Every successful response carries X-CashRunway-Subscription, X-CashRunway-Plan, X-CashRunway-Quota-Remaining, and X-CashRunway-Quota-Reset. Trialing subscriptions also include X-CashRunway-Trial-Days-Remaining. See the overview for details.