API reference
Webhook payloads, error codes, and integration contracts.
On this page
Overview
Prospektr™ does not currently expose a public REST API for inbound operations (querying prospects, managing your account, etc.) — that functionality is on the roadmap. Today the only programmatic surface is the outbound webhook on the Agency tier, which fires when new qualifying leads land in your dashboard.
If you need read-access to prospect data programmatically right now, the CSV export endpoint works with an authenticated session cookie and returns the same data your dashboard shows.
Outbound webhook
Full reference is in the webhook integration docs. Quick summary:
- POST to your configured URL
- Body is JSON with
{ type, tenant, prospect } - If a secret is configured, the body is HMAC-SHA256 signed and the signature is in the
X-Prospektr-Signatureheader - 10-second timeout; respond 2xx for success
Error codes
For internal API routes (Stripe portal, cron, etc.), expected status codes:
| Code | Meaning |
|---|---|
| 200 / 201 | Success |
| 303 | Redirect (used by Stripe portal) |
| 400 | Validation failed — check the issues field in the response |
| 401 | Not authenticated, or invalid CRON_SECRET |
| 403 | Tenant suspended or insufficient role |
| 500 | Server error — check your app logs |