Skip to main content
POST
/
api
/
agents
/
crm
/
lead-webhooks
Register a webhook
curl --request POST \
  --url https://app.gomega.ai/api/agents/crm/lead-webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-customer-id: <x-customer-id>' \
  --data '
{
  "url": "<string>",
  "event_types": [
    "lead.created"
  ],
  "timeout_seconds": 10,
  "retry_attempts": 5,
  "description": "<string>",
  "is_active": true
}
'
{
  "webhook": {
    "id": "<string>",
    "url": "<string>",
    "event_types": [
      "<string>"
    ],
    "is_active": true,
    "timeout_seconds": 123,
    "retry_attempts": 123,
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "description": "<string>"
  },
  "secret": "<string>"
}

Authorizations

Authorization
string
header
required

Admin-issued Personal Access Token, e.g. Authorization: Bearer mega_<64 hex>. The key carries scopes (public_api:leads:read, public_api:leads:write, public_api:webhooks:manage) and is locked to one customer.

Headers

x-customer-id
string<uuid>
required

The customer this request acts on. Must match the customer your key is locked to.

Body

application/json
url
string<uri>
required

Public HTTPS URL. Validated against SSRF before it is stored.

event_types
enum<string>[]
Available options:
lead.created
timeout_seconds
integer
default:10
Required range: 1 <= x <= 60
retry_attempts
integer
default:5
Required range: 0 <= x <= 10
description
string | null
is_active
boolean
default:true

Response

The created webhook + its signing secret (shown once).

webhook
object
required
secret
string
required

HMAC signing secret (mega_whsec_...). Shown only on creation.