Skip to main content

Developer Settings

Access the Heffl API and configure webhooks to integrate with external systems. Manage API keys, set up webhook endpoints, and monitor API usage.

API keys

API keys let external applications access your Heffl data programmatically.

Creating an API key

  1. Go to Settings > Developer
  2. Click Create API Key
  3. Name your key (e.g., “Website Integration”, “Zapier”)
  4. Copy the key immediately — it won’t be shown again
API keys grant access to your organization’s data. Store them securely and never expose them in client-side code or public repositories.

Managing API keys

ActionDescription
View keysSee all active API keys with their names and creation dates
Revoke keyPermanently disable a key. Revoked keys cannot be restored.

Best practices

  • Create separate keys for each integration or environment
  • Rotate keys periodically
  • Revoke keys that are no longer in use
  • Store keys in environment variables, not in code

Webhooks

Webhooks let Heffl notify your external systems when events occur. When a trigger event happens, Heffl sends an HTTP POST request to your configured URL.

Setting up a webhook

  1. Go to Settings > Developer
  2. Click Add Webhook
  3. Configure:
SettingDescription
URLThe endpoint that receives webhook payloads
EventsWhich events trigger the webhook
Secret(Optional) Secret key for verifying webhook signatures
  1. Save the webhook

Available events

Webhooks can be triggered by the same events available in the automation system:
  • Lead created, updated, stage changed, deleted
  • Deal created, updated, stage changed, deleted
  • Client created, updated, deleted
  • Quotation created, updated, deleted
  • Form response created
  • And more

Webhook payload

Each webhook delivers a JSON payload with: 
{
  "event": "lead.created",
  "timestamp": "2025-01-15T10:30:00Z",
  "data": {
    // Event-specific data
  }
}

Verifying webhooks

If you configured a webhook secret, verify incoming requests by checking the signature header against your secret. This prevents unauthorized systems from sending fake events to your endpoint.

Monitoring

View webhook delivery history to troubleshoot issues:
  • Delivery status (success, failed)
  • Response codes
  • Payload details
  • Retry information

Using the API

The Heffl API uses REST conventions with JSON request and response bodies. All requests require authentication via the x-api-key header. 
curl https://api.heffl.com/api/v1/leads \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json"
For full API documentation, see the API Reference.

FAQ

There’s no hard limit on API keys. Create as many as you need for your integrations.
Heffl logs the failed delivery. Depending on the failure type, it may retry the request.
Yes. Use a tunneling tool like ngrok to expose your local server, then configure the ngrok URL as your webhook endpoint.