Lead Webhook API

Base URL

CODE

https://your-domain.com/api

Authentication

No authentication is required for this API.
However, it is recommended to restrict access by IP or use a shared secret token in production environments for security reasons.

Content Type

All endpoints accept and return data in JSON format.

CODE

Content-Type: application/json

Endpoints

1. Lead Webhook

Method: POST
URL: /api/lead
Route name: api.lead.store

Request Example

CODE

{
  "client_name": "John Doe",
  "phone": "+972501234567",
  "email": "john@example.com",
  "url": "https://example.com/form",
  "form_id": "contact_form_123",
  "comment": "Patient interested in consultation",
  "created_at": "2023-08-23 06:49:51"
}

Field Description

Field	Type	Required	Description
`client_name`	string	No	Full name of the client
`phone`	string	Yes	Phone number of the client
`email`	string	No	Email address of the client
`url`	string	No	Source URL of the form submission
`form_id`	string	No	External form identifier
`comment`	string	No	Optional note or comment
`created_at`	datetime	No	Creation time (optional)

Response Example

CODE

{
  "status": true
}

2. Taplink Lead Webhook

Method: POST
URL: /api/taplink/lead
Route name: api.taplink.lead.store

Request Example

CODE

{
  "data": {
    "fullname": "Jane Smith",
    "phone": "+972507654321",
    "email": "jane@example.com",
    "block_id": "taplink_123",
    "page_link": "https://taplink.cc/myclinic",
    "page_title": "Medical Consultation",
    "records": [
      { "title": "Preferred Date", "value": "2023-08-30" },
      { "title": "Preferred Time", "value": "14:00" }
    ]
  }
}

Field Description (Taplink Payload)

Field	Type	Required	Description
`data.fullname`	string	No	Full name of the client
`data.phone`	string	Yes	Phone number of the client
`data.email`	string	No	Email address
`data.block_id`	string	No	Taplink block identifier
`data.page_link`	string	No	Taplink page link
`data.page_title`	string	No	Taplink page title
`data.records`	array	No	List of question–answer objects

Response Example

CODE

{
  "status": true
}

Error Responses

Code	Description	Example
400	Bad Request – invalid JSON format	`{ "status": false, "error": "Malformed payload" }`
422	Validation Error – missing required fields	`{ "status": false, "error": "Phone is required" }`
500	Internal Server Error	`{ "status": false, "error": "Server error" }`

Processing Logic

When a valid webhook request is received, a new Lead record is created automatically.
Taplink records[] are stored as structured data in the Lead’s notes.
All incoming leads are logged and linked to their source form and creation timestamp.
Leads can be later processed by staff and converted to patients through the administrative interface.
When the integration is disabled, the server responds with:
CODE
```
{ "status": false, "error": "No active integration" }
```

Security Recommendations

While authentication is not mandatory, it is recommended to implement the following for production use:

Restrict IP access to known sources (e.g., website, Taplink).
Use a shared secret or HMAC signature to validate authenticity.
Enable HTTPS only to protect data in transit.
Add rate limiting and replay protection (e.g., timestamp and nonce).
Validate all incoming fields server-side against expected schema.

These steps ensure that external systems cannot flood or spoof the lead intake endpoints.

Example Error Payload

CODE

{
  "status": false,
  "error": "No active integration"
}

LEAD_WEBHOOK_API.pdf
(This document serves as the full technical reference for developers.)