Fast path
For a new integration you control:- Create a separate Leadping source for the real website, partner, form, campaign, or system.
- Get the source’s source key.
- Send
POST /leadswithmetadata,contact, andcustomerobjects. - Include
metadata.trustedFormUrlunless Leadping approved a different evidence path for that source. - Send at least one reachable contact method: phone number or email address.
- Test with the real posting system and verify the record, source, tags, TrustedForm URL, conversation, and downstream workflow in Leadping.
Before sending production traffic
Confirm these items first:- The source exists in Leadping.
- The source is enabled and approved for production intake.
- You have the correct source key for that source.
- You know whether the source requires TrustedForm.
- The source’s allowed states, products, and tags are configured correctly.
- Your payload includes at least one contact method: phone number or email address.
- Your team has tested what happens after the lead is accepted.
Choose an endpoint
Leadping has two external lead creation paths:
Use
POST /leads for new integrations when you control the payload shape. Use /leads/intake when you need direct-post compatibility. Use query-string intake only when a legacy system cannot send JSON.
Authentication
External lead intake uses a source key instead of a user token or business API key. Send the source key in theAuthorization header with the Bearer scheme:
lp_src_ source keys are only valid for lead ingestion through POST /leads, POST /leads/intake, and GET /leads/intake. They are rejected for account, business, user, analytics, setup, and other non-ingestion API operations.
Treat the source key as a secret. Use HTTPS, store it outside source code, and rotate it if it is exposed.
Source-key intake is for approved lead submissions. For authenticated account API calls, use the API Reference or SDKs with Authorization: Bearer <leadping_user_access_token> or Authorization: Bearer lp_....
Structured payload
POST /leads expects a structured payload with metadata, contact, and customer objects.
metadata.trustedFormUrl is required for external lead submissions unless Leadping has approved a different intake path for that source.
Flat intake payload
POST /leads/intake accepts common top-level fields and maps them into the structured lead model.
Query-string intake
GET /leads/intake accepts the same flat fields as query string parameters for posting systems that cannot send a JSON body.
POST when your system supports it. Query-string intake can expose more data in logs, browser history, proxy logs, or analytics systems.
Required lead shape
Every accepted external lead must be tied to a valid source and include enough contact, source, and consent context to support follow-up:- Valid source credentials
- An enabled source attached to an account
- A compliance-approved source
- A TrustedForm certificate URL when required
- At least one contact method: email address or phone number
- A valid email address when email is present
- A possible U.S. phone number when phone is present
TrustedForm validation
External lead intake usually requires a TrustedForm certificate URL. Leadping validates that:- A TrustedForm URL is present when required.
- The URL is a valid HTTP or HTTPS URL.
- The URL is hosted by
trustedform.com. - The certificate can be reached and accepted by the TrustedForm validation path.
- The source, contact, and campaign context are consistent enough for intake.
Source validation
Leadping checks source-level controls before creating the lead:What happens after a lead is accepted
When Leadping accepts a lead, it:- Creates the lead record.
- Assigns source, account, and business context.
- Normalizes the phone number to E.164 where possible.
- Attempts phone lookup enrichment where available.
- Creates a conversation for the lead.
- Records a lead-created event.
- Applies source defaults and submitted tags where allowed.
- Makes the lead available for inbox, lead detail pages, reporting, calling, SMS, and eligible automations.
201 Created response means the submitted payload passed Leadping’s technical and configured source validation. It does not mean the lead is lawful, the recipient consented, a campaign is approved, a message or call may be sent, or a carrier will deliver future traffic.
For operations teams, the most important check after a successful post is whether the accepted lead is usable: the source, product, state, tags, TrustedForm URL, phone or email, assignment, and conversation should match what the posting system intended.
Error handling
Use HTTP status codes as the first signal:
Do not retry
400, 401, or 403 responses without changing the request or source configuration. Repeating the same invalid request can cause source review or throttling.
If a network timeout happens after submission, check whether the lead was created before retrying aggressively. Use stable externalId or sellerLeadId values so your team can trace duplicates and reconcile with the posting system.
Field guidance
- Send phone numbers in E.164 format when possible, such as
+15555550123. - Send dates as ISO values such as
YYYY-MM-DD. - Use stable
externalIdorsellerLeadIdvalues so records can be traced back to your system. - Use
product,vertical,state, and tags consistently with the source configuration. - Put only safe, non-secret values in
sourceMetadata; values may be visible in API responses or support workflows. - Keep source-specific classification fields in metadata instead of overloading contact fields.
- Never send source keys, API keys, tokens, passwords, or private credentials inside lead metadata.
- Keep field names consistent across campaigns. Changing names or formats can break routing, reporting, and source review.
Go-live checklist
Before increasing traffic:- Submit one valid test lead from the real posting system.
- Confirm the lead appears under the expected source.
- Confirm contact fields, address fields, product, state, tags, and metadata map correctly.
- Confirm the TrustedForm URL is present and valid.
- Confirm automations, alerts, inbox views, calls, or SMS behave as expected.
- Confirm your team has a path for failed posts, disputes, opt-outs, and source changes.

