Resources/The Agent API Atlas/Sales/Gong

Everything an AI agent can do with the Gong API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints32

API versionv2

Last updated23 June 2026

Orientation

How the Gong API works.

The Gong API is how an app or AI agent works with a Gong account: listing recorded calls, pulling their transcripts, reading activity stats for a team, or assigning prospects to an Engage flow. Access is granted through an access key and secret or an OAuth grant, and a set of granular scopes decides which areas a call can read or write. Gong analyzes conversations rather than just storing them, and it also runs a first-party server that hands an agent already-summarized account and deal insights.

32Endpoints

10Capability groups

21Read

11Write

12Permissions

Authentication

Gong authenticates a server call in one of two ways. The first is an access key and secret, created by an administrator in Gong's API settings and sent together as HTTP Basic auth. The second is OAuth 2.0, where an app exchanges an authorization code for a Bearer token. Gong authenticates OAuth once at the account level rather than per individual user.

Permissions

An OAuth app is granted granular scopes, each naming one area and level, like api:calls:read:basic for call summaries, api:calls:read:transcript for transcripts, api:users:read for the directory, or api:flows:write to change Engage flow assignments. A request without the matching scope is refused, so a token reaches only the areas it was granted.

Rate limits

Gong caps API access at 3 requests per second and 10,000 requests per day across the account. Going over returns HTTP 429 with a Retry-After header naming how long to wait. The daily ceiling can be raised by contacting Gong support.

Data model

Gong is organized around calls, the people on them, and the analysis it runs over them. A call carries its recording, transcript, and interaction stats; users and workspaces frame who recorded what; CRM, Engage flow, and stats methods connect that activity to deals and outreach. List methods page through results with a cursor.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Gong determines what it can reach. There is a route for calling the API directly, and a hosted server that exposes Gong's analyzed insights to agents, and each is governed by the key or grant behind it and the permissions that key carries.

Ways to connect

REST API

The v2 REST API serves JSON and pages through lists with a cursor. A call authenticates with an access key and secret sent as HTTP Basic auth, or with an OAuth 2.0 Bearer token whose granular scopes decide which areas it can read or write. For OAuth apps the base host varies per customer and is returned when the token is generated.

Best forConnecting an app or AI agent to Gong's calls, transcripts, users, and stats.

Governed byThe access key or OAuth token and the scopes it carries.

Docs ↗

MCP server

Gong runs a first-party Model Context Protocol server, announced in May 2026 and rolling out as a preview from June 2026. It exposes read-only tools that return AI-synthesized insights rather than raw data, like ask_account and ask_deal for natural-language questions about an account or deal, and generate_brief for a structured summary across themes, stakeholders, risks, and next steps. It authenticates with OAuth 2.0 using the authorization-code flow with PKCE, and supports both personal and shared access.

Best forGiving an AI agent already-analyzed account and deal context from Gong.

Governed byThe OAuth grant and its access model (personal or shared).

Docs ↗

Authentication

Access key and secret (Basic auth)

An administrator generates an access key and secret in Gong's API settings. The two are combined and sent as an HTTP Basic auth header on every request. This key carries the access of the account it was created under, so it is kept server-side and never exposed in client code.

TokenAccess key + secret, sent as HTTP Basic auth

Best forServer-side integrations on a single Gong account.

Docs ↗

OAuth 2.0

An app sends the account through Gong's authorize URL, then exchanges the returned authorization code for a Bearer access token at the token endpoint. The app requests granular scopes up front, and the token can only call the areas those scopes cover. Gong authenticates OAuth once at the account level rather than per individual user, and the API base host for the customer is returned with the token.

TokenOAuth 2.0 Bearer access token

Best forApps connecting to many customers' Gong accounts with scoped access.

Docs ↗

Capability map

What an AI agent can do in Gong.

The Gong API is split into areas an agent can act on, like recorded calls, transcripts, users, customer-relationship data, activity stats, and Engage flows. Each area has its own methods, and a few write to real records, like uploading a call or erasing a person's data.

Calls

6 endpoints

Methods for listing, retrieving, uploading, and managing recorded calls.

A write here uploads or changes real call data.

View endpoints →

Transcripts

1 endpoint

Methods for retrieving the spoken transcript of calls.

These methods return the full content of conversations.

View endpoints →

Users & Workspaces

4 endpoints

Methods for reading the user directory and the company's workspaces.

These return who is in the account and how it is organized.

View endpoints →

CRM

3 endpoints

Methods for the Generic CRM integration: objects, schema, and status.

A write here registers or changes CRM integration data.

View endpoints →

Stats

5 endpoints

Methods for activity, interaction, and scorecard statistics.

These return aggregated activity across the team.

View endpoints →

Library

2 endpoints

Methods for reading library folders and their call content.

These return curated, saved calls.

View endpoints →

Engage flows

4 endpoints

Methods for Gong Engage: listing flows and assigning prospects.

A write here changes who is enrolled in an outreach flow.

View endpoints →

Customer engagement

2 endpoints

Methods for reporting content views, shares, and custom actions into Gong.

A write here records engagement events against real contacts.

View endpoints →

Meetings

3 endpoints

Methods for creating, updating, and deleting Gong meetings.

A write here creates or changes a real scheduled meeting.

View endpoints →

Data privacy

2 endpoints

Methods for finding and erasing a person's data by email or phone.

An erase here permanently deletes a person's data.

View endpoints →

Endpoint reference

Every Gong API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Calls Methods for listing, retrieving, uploading, and managing recorded calls.6
GET	`/v2/calls`	List basic data for calls that took place in a given date range.	read	`api:calls:read:basic`	Current
Returns lightweight call records; richer detail comes from the extensive method. Acts oncall Permission (capability)`api:calls:read:basic` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/calls/{id}`	Retrieve basic data for a specific call by its ID.	read	`api:calls:read:basic`	Current
Read-only. Acts oncall Permission (capability)`api:calls:read:basic` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/calls/extensive`	List detailed call data filtered by date range, call IDs, or hosting users.	read	`api:calls:read:extensive`	Current
Returns richer detail than the basic list, like parties, context, and content. Read-only despite the POST verb, which carries the filter body. Acts oncall Permission (capability)`api:calls:read:extensive` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/calls`	Add a new call to Gong, registering its metadata.	write	`api:calls:create`	Current
Creates a real call record; media is added separately. Acts oncall Permission (capability)`api:calls:create` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/v2/calls/{id}/media`	Attach the recording media to a previously added call.	write	`api:calls:create`	Current
Uploads the audio or video for a call created via the add-call method. Acts oncall Permission (capability)`api:calls:create` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/calls/users-access`	List the users who have been granted access to specific calls.	read	—	Current
Read-only. The exact scope is not stated on the public overview; verify in Gong's gated API reference. Acts oncall-access Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Transcripts Methods for retrieving the spoken transcript of calls.1
POST	`/v2/calls/transcript`	Retrieve transcripts of calls in a date range, optionally filtered to specific call IDs.	read	`api:calls:read:transcript`	Current
Separate scope from basic call data, so a token can read summaries without the full conversation. Read-only despite the POST verb. Acts ontranscript Permission (capability)`api:calls:read:transcript` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Users & Workspaces Methods for reading the user directory and the company's workspaces.4
GET	`/v2/users`	List all users in the company.	read	`api:users:read`	Current
Read-only directory access. Acts onuser Permission (capability)`api:users:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/users/{id}`	Retrieve a specific user by ID.	read	`api:users:read`	Current
Read-only. Acts onuser Permission (capability)`api:users:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/users/extensive`	List users filtered by criteria such as a set of user IDs.	read	`api:users:read`	Current
Read-only despite the POST verb, which carries the filter body. Acts onuser Permission (capability)`api:users:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/workspaces`	List all of the company's workspaces.	read	`api:users:read`	Current
Read-only. Returns the workspaces that organize calls and users. Acts onworkspace Permission (capability)`api:users:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
CRM Methods for the Generic CRM integration: objects, schema, and status.3
GET	`/v2/crm/object/list`	List CRM objects held in the Generic CRM integration.	read	—	Current
Read-only. The exact CRM scope string is not stated on the public overview; verify in Gong's gated API reference. Acts oncrm-object Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/crm/object/entities`	Upload CRM object records into the Generic CRM integration.	write	—	Current
Writes CRM records. The exact CRM scope string is not stated on the public overview; verify in Gong's gated API reference. Acts oncrm-object Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/crm/object/schema/list`	List the schema fields for a CRM object type in the Generic CRM integration.	read	—	Current
Read-only. The exact CRM scope string is not stated on the public overview; verify in Gong's gated API reference. Acts oncrm-schema Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Stats Methods for activity, interaction, and scorecard statistics.5
POST	`/v2/stats/interaction`	Retrieve interaction statistics for users over a date range.	read	`api:stats:interaction`	Current
Read-only despite the POST verb, which carries the filter body. Acts onstat Permission (capability)`api:stats:interaction` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/stats/activity/aggregate`	Retrieve aggregated activity stats for users over a date range.	read	—	Current
Read-only. The exact activity-stats scope is not stated on the public overview; verify in Gong's gated API reference. Acts onstat Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/stats/activity/day-by-day`	Retrieve day-by-day activity stats for users over a date range.	read	—	Current
Read-only. The exact activity-stats scope is not stated on the public overview; verify in Gong's gated API reference. Acts onstat Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/stats/activity/scorecards`	Retrieve answered scorecard reviews over a date range.	read	`api:stats:scorecards`	Current
Read-only despite the POST verb, which carries the filter body. Acts onscorecard Permission (capability)`api:stats:scorecards` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/settings/scorecards`	Retrieve the configured scorecards and their questions.	read	`api:settings:scorecards:read`	Current
Read-only. Acts onscorecard Permission (capability)`api:settings:scorecards:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Library Methods for reading library folders and their call content.2
GET	`/v2/library/folders`	Retrieve the list of public library folders.	read	—	Current
Read-only. The exact library scope is not stated on the public overview; verify in Gong's gated API reference. Acts onlibrary-folder Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/library/folder-content`	List the calls saved inside a specific library folder.	read	—	Current
Read-only. The exact library scope is not stated on the public overview; verify in Gong's gated API reference. Acts onlibrary-folder Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Engage flows Methods for Gong Engage: listing flows and assigning prospects.4
GET	`/v2/flows`	List Gong Engage flows.	read	`api:flows:read`	Current
Read-only. Acts onflow Permission (capability)`api:flows:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/flows/folders`	List Engage flow folders and their visibility types.	read	`api:flows:read`	Current
Read-only. Acts onflow-folder Permission (capability)`api:flows:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/flows/prospects/assign`	Assign prospects to an Engage flow, optionally configuring its steps.	write	`api:flows:write`	New
Enrolls prospects in outreach. Step configuration on assignment was added in September 2025. Acts onflow-assignment Permission (capability)`api:flows:write` VersionIntroduced 2025-09-01 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/flows/prospects/unassign-flows-by-crm-id`	Remove prospects from Engage flows, identified by CRM ID.	write	`api:flows:write`	Current
Removes prospects from outreach flows. Acts onflow-assignment Permission (capability)`api:flows:write` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Customer engagement Methods for reporting content views, shares, and custom actions into Gong.2
PUT	`/v2/customer-engagement/content/viewed`	Report that a piece of shared content was viewed.	write	—	Current
Records an engagement event into Gong. The exact engagement scope is not stated on the public overview; verify in Gong's gated API reference. Acts onengagement-event Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/v2/customer-engagement/action`	Report a custom engagement action against a contact.	write	—	Current
Records an engagement event into Gong. The exact engagement scope is not stated on the public overview; verify in Gong's gated API reference. Acts onengagement-event Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Meetings Methods for creating, updating, and deleting Gong meetings.3
POST	`/v2/meetings`	Create a new Gong meeting.	write	`api:meetings:user:create`	Current
Creates a real scheduled meeting. Acts onmeeting Permission (capability)`api:meetings:user:create` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/v2/meetings/{meetingId}`	Update an existing Gong meeting.	write	`api:meetings:user:update`	Current
Changes a real scheduled meeting. Acts onmeeting Permission (capability)`api:meetings:user:update` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/meetings/{meetingId}`	Delete a Gong meeting.	write	`api:meetings:user:update`	Current
Permanently removes a scheduled meeting. Acts onmeeting Permission (capability)`api:meetings:user:update` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Data privacy Methods for finding and erasing a person's data by email or phone.2
GET	`/v2/data-privacy/data-for-email-address`	Find references to a given email address across Gong data.	read	—	Current
Read-only. The exact data-privacy scope is not stated on the public overview; verify in Gong's gated API reference. Acts onprivacy-record Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/data-privacy/erase-data-for-email-address`	Permanently delete a given email address and its associated data.	write	—	Current
Irreversible deletion of a person's data. The exact data-privacy scope is not stated on the public overview; verify in Gong's gated API reference. Acts onprivacy-record Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Gong does not publish a general webhook system for the public API. An integration reads activity by calling the API on a schedule rather than receiving pushed events, and reports engagement events back into Gong through the customer-engagement methods.

Event	What it signals	Triggered by

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Gong limits how fast and how much an app can call, by a per-second request rate and a separate daily ceiling that apply across the account.

Request rate

Gong meters requests by a fixed rate, not by a per-method cost. An account is allowed 3 requests per second and 10,000 requests per day, shared across every key on the account. Going over either limit returns HTTP 429 with a Retry-After header that names how many seconds to wait before retrying. The daily ceiling can be raised on request through Gong support.

Pagination

A list method returns results in pages and includes a records object with a cursor when more results remain. The next request passes that cursor to fetch the following page. A cursor is short-lived, so the next page should be fetched promptly rather than held.

Request size

Page sizes are fixed by the endpoint rather than set by the caller, and large pulls are walked through with the cursor. Bulk reads like extensive call data and transcripts are filtered by a date range and optional call-id list to keep each request bounded.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`Bad Request`	The request was malformed, like a missing required filter or an invalid date range on a list or extensive call.	Read the error body, fix the parameters, and resend. The request is not retryable as-is.
401	`Unauthorized`	No valid credentials were supplied, like a wrong access key and secret or an expired or missing Bearer token.	Confirm the access key and secret, or refresh the OAuth token, and resend.
403	`Forbidden`	The credentials are valid but lack the scope or permission the request needs, like calling a transcript method without api:calls:read:transcript.	Grant the matching scope on the OAuth app, or use a key with the needed permission.
404	`Not Found`	The requested object does not exist or is not visible to this account, like an unknown call or user ID.	Verify the ID and that it belongs to the same account.
429	`Too Many Requests`	The per-second or daily rate limit was exceeded.	Wait the number of seconds named in the Retry-After header, then retry, and smooth the request rate.
500	`Internal Server Error`	An error on Gong's side. It is rare.	Retry with backoff, and contact Gong support if it persists.

Versioning & freshness

Version history.

Gong serves a single dated API under one path version, and announces notable changes through its release notes, giving at least 30 days notice before a breaking change.

Version history

What changed, and when

Latest versionv2

v2Current version

Current API (v2)

Gong serves a single dated API under the v2 path. Notable changes ship through the release notes rather than a new path version, and Gong commits to announcing a breaking change at least 30 days in advance.

What changed

Calls, transcripts, users, workspaces, CRM, stats, library, Engage flows, meetings, and data-privacy methods are served under one v2 namespace.
Access is authenticated by an access key and secret (Basic) or OAuth 2.0 with granular scopes.

2026-05-12Feature update

Model Context Protocol (MCP) support announced

Gong announced first-party MCP support, letting external AI agents reach Gong's analyzed account and deal insights, and letting Gong's own agents call out to external MCP servers.

What changed

Read-only MCP server exposing ask_account, ask_deal, and generate_brief.
OAuth 2.0 with the authorization-code flow and PKCE.
Rolling out as a preview from June 2026.

2025-09

Engage flow step configuration on assignment

The flow-assignment method was extended so an integration can configure flow steps at the moment it assigns prospects to a flow.

What changed

POST /v2/flows/prospects/assign can configure flow steps when assigning prospects.

Track the release notes, since breaking changes are announced ahead of time.

Gong release notes ↗

Questions

Gong API, answered.

How does an app authenticate to the Gong API?+

Two ways. An administrator can generate an access key and secret in Gong's API settings, which an app sends together as HTTP Basic auth. Or an app can use OAuth 2.0, sending the user through Gong's authorize URL and exchanging the returned code for a Bearer token. OAuth in Gong is granted once at the account level, not per individual user.

What are the Gong API rate limits?+

By default an account is allowed 3 requests per second and 10,000 requests per day, counted across every key on the account. Exceeding either returns HTTP 429 with a Retry-After header indicating how long to wait. The daily limit can be increased by contacting Gong support.

How do I get a call's transcript?+

Transcripts come from a single method, POST /v2/calls/transcript, which returns the transcripts of calls in a given date range, optionally narrowed to specific call IDs. It requires the api:calls:read:transcript scope, separate from the scope that returns basic call data, so an integration can read summaries without reading the full conversation.

Does the Gong API send webhooks?+

Gong does not expose a general webhook system on the public API for pushing call or activity events. An integration reads new activity by calling the list methods on a schedule. The customer-engagement methods run the other direction, letting an app report content views, shares, and custom actions back into Gong.

What is the difference between basic and extensive call data?+

GET /v2/calls returns lightweight call records for a date range under api:calls:read:basic. POST /v2/calls/extensive returns richer, filtered detail, like parties, context, and content, under api:calls:read:extensive. Splitting them lets a token read the call list without being granted the deeper content.

Does Gong offer an MCP server for AI agents?+

Yes. Gong runs a first-party Model Context Protocol server, announced in May 2026 and rolling out as a preview from June 2026. It is read-only and returns AI-synthesized insights rather than raw records, with tools like ask_account, ask_deal, and generate_brief. It authenticates with OAuth 2.0 using the authorization-code flow with PKCE.

What is Bollard AI?

Control what every AI agent can do in Gong.

Bollard AI sits between a team's AI agents and Gong. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Gong key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Gong access in Bollard Browse all APIs →

Gong

Deal Review Agent

Read call transcripts ResourceOffReadFull use

Upload a call recording ActionOffReadFull use

Erase a person's data ActionOffReadFull use

Activity stats ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Gong

How the Gong API works.

Connection & authentication methods.

REST API

MCP server

Access key and secret (Basic auth)

OAuth 2.0

What an AI agent can do in Gong.

Calls

Transcripts

Users & Workspaces

CRM

Stats

Library

Engage flows

Customer engagement

Meetings

Data privacy

Every Gong API method.

Calls

Transcripts

Users & Workspaces

CRM

Stats

Library

Engage flows

Customer engagement

Meetings

Data privacy

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Gong API, answered.

More sales API guides for agents

Salesloft

Outreach

Apollo

1Password

Control what every AI agent can do in Gong.