Home / Developers
Developers

Integrate lead capture with a stable API surface.

We build for developers who care about page speed, event integrity, and API reliability. Integrate via lightweight JavaScript, clear REST endpoints, and signed webhook delivery.

REST endpointsSigned webhooksLightweight widget
View quickstart Webhook security
Developer tools

Three integration surfaces, one response pipeline

Use the JavaScript widget when you need speed, REST endpoints when you need control, and webhooks when external systems need to react.

REST API

JSON endpoints for inbound lead capture, workspace data, lead queries, workflow triggers, and manual campaign controls.

Signed webhooks

Cryptographically signed notifications for lead events, status changes, and downstream integrations.

Lightweight JS widget

A small, non-blocking JavaScript embed that can hook into any DOM container to capture lead events.

Add the listener script, then keep your existing form.

The fastest integration path is the listener mode. You keep your current form markup, add the LeadsBot script, and map submissions into the lead response pipeline.

  • No framework dependency and no frontend rebuild required.
  • Works with custom forms, landing pages, builders, and static HTML.
  • Routes submissions into Telegram, inbox, workflows, and exports.
  • Designed to stay lightweight and avoid blocking page rendering.
embed.html
<!-- LeadsBot listener mode -->
    <script
      id="leadsbot-listener"
      src="https://YOUR_DOMAIN/widget.js"
      data-token="YOUR_PUBLIC_TOKEN"
      data-api="https://YOUR_DOMAIN"
      data-mode="listener"
    ></script>
REST architecture

Clean endpoints for custom capture flows

Use REST when your app needs direct control over payload shape, lead source metadata, backend validation, or server-side signing.

Method
Endpoint
Use case
POST
/api/inbound/w/{webhookId}/leads
Create a lead through a webhook-scoped capture endpoint.
GET
/api/v1/leads
Query captured leads for dashboard or reporting workflows.
POST
/api/inbound/:businessId/leads
Create a lead from a server or custom form.
GET
/api/v1/webhooks
List configured outbound webhook endpoints.
GET
/api/v1/keys
Manage API keys and review redacted key metadata.

Webhook events are signed before they reach your system.

Webhook integrity is built around HMAC signatures and payload validation so receiving systems can verify authenticity before processing.

  • Verify X-LeadsBot-Signature before trusting the payload.
  • Use the raw request body for signature comparison.
  • Reject failed signatures immediately with a non-2xx response.
  • Rotate secrets when an integration is reconfigured or compromised.
verify-signature.ts
import crypto from 'crypto';

    function verify(rawBody, signature, secret) {
      const expected = crypto
        .createHmac('sha256', secret)
        .update(rawBody)
        .digest('hex');

      return crypto.timingSafeEqual(
        Buffer.from(signature),
        Buffer.from(expected)
      );
    }
Production checklist

Before you ship the integration

Use this as a lightweight review list before sending production traffic through LeadsBot.

01

Validate payloads

Reject missing emails, malformed fields, oversized requests, and unsupported input before submission.

02

Sign sensitive events

Use HMAC for webhook verification and test your verification flow before going live.

03

Track source context

Send source, campaign, landing page, and form metadata so operators know where the lead came from.

04

Test failure paths

Confirm retries, timeouts, non-2xx responses, duplicate submissions, and malformed events behave as expected.

Build the capture path. Let LeadsBot handle the response layer.

Use the widget, REST endpoints, or signed webhooks to route inbound interest into Telegram alerts, summaries, workflows, and follow-up automation.

Start free Ask for integration help