LeadOcto
API & webhooks

REST API and signed webhooks

Todenna API-avaimella, listaa vimpaimesi ja liidisi sekä varmenna allekirjoitetut webhookit.

5 min read Updated 1 week ago Octo

Most of what LeadOcto does in the dashboard is also reachable over a REST API. Requests are authenticated with an API key and rate-limited per workspace.

Authentication

Find your API key in Account settings, under Security. Send it as a bearer token on every request:

curl https://app.leadocto.io/api/widgets 
  -H "Authorization: Bearer YOUR_API_KEY"

Listing widgets

A simple GET returns every widget in your workspace with its status and channels. Responses are JSON.

Webhook events

Subscribe a URL in the widget settings to receive events as they happen:

  • widget.opened - a visitor opened the widget.
  • channel.clicked - a visitor picked a channel.
  • lead.created - a conversation started.

Verifying webhooks

Every webhook payload is signed. Compute an HMAC-SHA256 of the raw request body with your signing secret and compare it to the X-LeadOcto-Signature header. Reject any request where they do not match.

Rate limits

API requests are rate-limited per key. If you exceed the limit you receive a 429 response with a Retry-After header. We never bill for API calls.