Webhook & REST API
Send leads into LeadOs from any system with a signed webhook. HMAC-SHA256 request signing, JSON payloads, and a simple required-field contract.
The custom webhook lets you push leads from your website, Zapier, Make, n8n, or your own backend. Every request is verified with an HMAC-SHA256 signature.
1. Get your endpoint
- 1
In LeadOs → Integrations → Custom Webhook, choose any random string as your Webhook Secret and save.
- 2
Your personal Webhook URL appears at the bottom of the panel. Point your system at it.
2. Sign each request
Compute an HMAC-SHA256 of the raw request body using your secret, and send it as the X-Signature header. Use the exact webhook URL shown in your dashboard:
BODY='{"name":"Ada","email":"ada@example.com","message":"Pricing?"}'
SIG=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | sed 's/^.* //')
curl -X POST "https://api.leados.saya-io.com/webhooks/your-workspace/webhook" \
-H "Content-Type: application/json" \
-H "X-Signature: sha256=$SIG" \
-d "$BODY"3. Payload contract
- Send JSON with at least one of: name, email, phone, or message.
- Anything else you include is stored on the lead as metadata.
- A 2xx response means the lead was created and queued for AI qualification.
Heads up: Sign the exact raw bytes you send. Re-serializing the JSON after signing will change the body and the signature check will fail.