Prospektr
Try for $1
Documentation

API webhook

POST signed JSON to your own endpoint when new qualifying leads land. Agency tier only.

On this page

Requirements

  • Prospektr™ Agency plan ($499/mo)
  • An HTTPS endpoint of yours that can receive POST requests

Setup

  1. Decide on a URL like https://yourcrm.example.com/webhooks/prospektr.
  2. (Optional but strongly recommended) Generate a random secret string you'll use to verify request authenticity.
  3. In Prospektr, go to /app/settings/integrations. Enable the API webhook card. Paste your URL and (optional) secret. Save.

Payload shape

Every new qualifying prospect triggers a POST with this body:

{
  "type": "prospect.added",
  "tenant": { "id": "...", "name": "Busy Print Co." },
  "prospect": {
    "id": "uuid",
    "name": "Sunshine Promo Co.",
    "website": "https://sunshinepromo.com",
    "email": "sales@sunshinepromo.com",
    "phone": "+1 407-555-0101",
    "address": "...", "city": "Orlando",
    "state": "FL", "postal_code": "32801",
    "segment": "promo",
    "lead_potential": "high",
    "lead_reasoning": "Lists Disney, Universal, ...",
    "classification_confidence": "0.85",
    "notable_clients": ["Disney", "Universal"],
    "large_run_indicators": [],
    "status": "qualified",
    "created_at": "2026-04-26T12:34:56.000Z"
  }
}

Verifying the signature

If you set a secret, every request includes a header:

X-Prospektr-Signature: sha256=<hex_digest>

The digest is HMAC-SHA256 of the raw request body keyed by your secret. Verify like (Node example):

import { createHmac, timingSafeEqual } from 'crypto';

function verify(rawBody, header, secret) {
  const expected = 'sha256=' + createHmac('sha256', secret)
    .update(rawBody).digest('hex');
  return timingSafeEqual(
    Buffer.from(header), Buffer.from(expected)
  );
}

Retries & failures

We attempt each push exactly once at insert time. If your endpoint returns non-2xx, we record a failure signal (visible in your dashboard) with the HTTP status and response body. We don't currently retry — fix the endpoint and the next prospect will succeed.

Your endpoint should respond within 10 seconds. Long-running processing should happen async on your side; respond 200 immediately and queue the work.