Partner API · Version 2026-07-16
Connect your system to Helm
Keep your existing website, quote engine, or sales workflow. Submit leads or complete bookings through a tenant-scoped server API, then manage dispatch and fulfillment in Helm.
Create a key
Workspace admins create credentials in Data & API.
Send JSON
Use a unique external ID with every request.
Receive status
A signed webhook returns trip lifecycle changes.
Booking intake
POST /api/v1/partner/bookings creates a trip when the route, date, time, booking contact, and phone are known. Send the key from your server, never from public browser code.
curl -X POST https://helm.limo/api/v1/partner/bookings \
+ -H "Authorization: Bearer <YOUR_API_KEY>" \
+ -H "Idempotency-Key: booking-1048" \
+ -H "Content-Type: application/json" \
+ -d '{ "externalId": "booking-1048", "customerName": "Nancy Worth", "customerPhone": "+12409945986", "passengerName": "Robert Worth", "passengerPhone": "+12405550142", "pickup": "Sarasota Bradenton International Airport", "dropoff": "2605 Gulf of Mexico Drive, Longboat Key, FL", "pickupDate": "2026-08-14", "pickupTime": "2:40 PM", "vehicle": "Premium SUV", "passengerCount": 2, "flightNumber": "WN1654", "quoteTotal": "245.00" }'{
"externalId": "booking-1048",
"customerName": "Nancy Worth",
"customerPhone": "+12409945986",
"passengerName": "Robert Worth",
"passengerPhone": "+12405550142",
"pickup": "Sarasota Bradenton International Airport",
"dropoff": "2605 Gulf of Mexico Drive, Longboat Key, FL",
"pickupDate": "2026-08-14",
"pickupTime": "2:40 PM",
"vehicle": "Premium SUV",
"passengerCount": 2,
"flightNumber": "WN1654",
"quoteTotal": "245.00"
}Successful requests return HTTP 201. Repeating the same external ID returns the existing booking without creating a duplicate.
Incomplete lead intake
POST /api/v1/partner/leads stores an inquiry before every trip field is known. It requires an external ID and at least a customer name, phone, or email. The lead appears in the workspace Lead Inbox and can be qualified before becoming a booking.
{
"externalId": "website-lead-8921",
"customerName": "Nancy Worth",
"customerPhone": "+12409945986",
"pickup": "MIA",
"dropoff": "TPA",
"notes": "Customer requested pricing options."
}Status webhooks
Connect an HTTPS endpoint in the Integrations Center. Helm sends trip.status.changed for live trips and retries temporary failures with the same event ID and payload.
{
"id": "event-uuid",
"type": "trip.status.changed",
"version": "1",
"createdAt": "2026-07-16T18:30:00.000Z",
"livemode": true,
"data": {
"bookingId": "booking-uuid",
"externalId": "booking-1048",
"tripNumber": "TRIP-20260814-1048",
"previousStatus": "confirmed",
"status": "otw",
"changedBy": "driver"
}
}Headers include X-Helm-Event-Id, X-Helm-Timestamp, and X-Helm-Signature. Verify the signature against eventId.timestamp.rawBody with HMAC-SHA256 and reject timestamps older than five minutes.
Security contract
- API keys are workspace-scoped, hashed at rest, revocable, and shown once.
- Use a unique
externalIdorIdempotency-Keyfor every source record. - Webhook signing secrets are encrypted at rest and shown only during creation or rotation.
- Webhook destinations must be public HTTPS addresses; redirects and private network targets are blocked.
- Test bookings and test webhooks are explicitly labeled and do not contact passengers or drivers.