REST API and signed webhooks
Todenna API-avaimella, listaa vimpaimesi ja liidisi sekä varmenna allekirjoitetut webhookit.
Most of what LeadOcto does in the dashboard is also reachable over a REST API. Requests are authenticated with an API key and rate-limited per workspace.
Authentication
Find your API key in Account settings, under Security. Send it as a bearer token on every request:
curl https://app.leadocto.io/api/widgets
-H "Authorization: Bearer YOUR_API_KEY"Listing widgets
A simple GET returns every widget in your workspace with its status and channels. Responses are JSON.
Webhook events
Subscribe a URL in the widget settings to receive events as they happen:
widget.opened- a visitor opened the widget.channel.clicked- a visitor picked a channel.lead.created- a conversation started.
Verifying webhooks
Every webhook payload is signed. Compute an HMAC-SHA256 of the raw request body with your signing secret and compare it to the X-LeadOcto-Signature header. Reject any request where they do not match.
Rate limits
API requests are rate-limited per key. If you exceed the limit you receive a 429 response with a Retry-After header. We never bill for API calls.
