SuperCRM ServiceStack API

A customer relationship management (CRM) software is primarily used to manage contacts (customers) and the interactions with them. This demo demonstrates a multi-tenant API service that allows two types of users – individual and business (team) – to setup account and perform CRUD operations related to contacts and interactions in isolation (each account is only limited to seeing and modifying data that belongs to it).

This demo is based on the following walkthrough: Build a multi-tenant CRM RESTful API service on ServiceStack.

Try Out

Here we expose the API for testing purposes using Swagger UI. You can perform all actions including sign-in, sign-up, and store the session which can then be used to call authenticated APIs from the Swagger-UI page.

Test API with Swagger UI »

Tips to try out the demo:
(Clicking on the links for actions below ensures that the Swagger-UI page opens up the action with a pre-filled request body)

Authentication And Verification Checks

Activity Data Authorization Checks

Now, you can perform CRUD operations for contacts and interactions. Some scenarios you can try to test data isolation with ADA in action are given below.
Before proceeding, we also need another user named Gary. So first sign-out (if you're already signed in as Jay). Now call sign-up to setup Gary (don't forget to verify Gary's email the same way you've verified Jay's email earlier). Now sign-out Gary to proceed with ADA scenarios below.

You can try similar tests with interactions. For instance, create an interaction (you can use the contactId of John you've noted down earlier) and then get interactions to list it

Cross-Site Scripting (XSS) Injection Detection

ASK's zero-trust Security Pipeline detects input data in the request for XSS and fails if an XSS character is detected. Let's try it out:


This demo of SuperCRM is built on ServiceStack using ASPSecurityKit.ServiceStack package. The source code is based on the ServiceStack's project template.

The sample demonstrates some of the key features of the security pipeline including HMAC based authentication, Activity Data Authorization (ADA), user verification and Cross-Site Scripting (XSS) detection.