Webhooks API
Webhooks are the primary way to send leads into 500 Leads. Each source gets a unique webhook endpoint that accepts JSON payloads.
Inbound webhook
Section titled “Inbound webhook”POST /api/webhooks/:tokenThis endpoint does not require authentication. The :token in the URL acts as the authentication mechanism. You can find your token in the source detail page of your dashboard.
JSON payload
Section titled “JSON payload”curl -X POST "https://leads.500rockets.io/api/webhooks/YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "email": "[email protected]", "firstName": "Jane", "lastName": "Smith", "phone": "+1234567890", "company": "Acme Corp" }'Accepted fields
Section titled “Accepted fields”| Field | Type | Description |
|---|---|---|
email | string | Lead’s email address |
firstName | string | First name |
lastName | string | Last name |
phone | string | Phone number |
company | string | Company or organization name |
All fields are optional, but providing at least an email is strongly recommended.
Any fields that do not match a known field are stored as custom metadata on the lead.
Field mappings
Section titled “Field mappings”If your form or integration sends data with different field names (e.g., contact_email instead of email), configure field mappings on the source in your dashboard. Unmapped fields are stored as custom metadata.
Response
Section titled “Response”Success (200):
{ "success": true}Errors:
| Status | Cause |
|---|---|
404 | Invalid webhook token |
400 | Malformed or empty payload |
429 | Rate limit exceeded |
500 | Server error |
What happens after submission
Section titled “What happens after submission”- The lead is created (or matched to an existing duplicate)
- The lead is enriched (email verification, geolocation, company inference)
- AI analyzes the lead (scoring 0-100, qualification as hot/warm/cold)
- If configured, team email notifications are sent
- If the lead qualifies, it is auto-enrolled in matching sequences
- The lead appears in your dashboard within seconds
Rate limits
Section titled “Rate limits”Webhook endpoints are rate-limited to 100 requests per minute per IP address.
Using the JavaScript snippet (recommended)
Section titled “Using the JavaScript snippet (recommended)”For HTML forms on your own website, we recommend using the JavaScript snippet instead of direct webhook calls. The snippet handles form interception, error feedback, UTM tracking, and more automatically.
UTM and attribution
Section titled “UTM and attribution”When using the JavaScript snippet, UTM parameters and referrer are captured automatically. When calling the webhook directly, you can include them in the payload:
{ "_utm": { "utm_source": "google", "utm_medium": "cpc", "utm_campaign": "spring-2026" }, "_referrer": "https://google.com"}