← automatedojo.com

API + Webhooks

Programmatic access to lead capture, dojo metadata, and event streams.

1. Embed our lead capture widget

The simplest integration is the lead-capture widget — paste a script tag on any page where you want to collect leads. It POSTs to /api/dojo-lead behind the scenes and renders a styled form.

<!-- Paste this where you want the form to appear -->
<script
  src="https://automatedojo.com/widget.js"
  data-dojo-slug="your-dojo-slug"
  data-source="hero-form"
  async
></script>

Get your dojo-slug from your dashboard. The data-source attribute helps you tell which page form the lead came from in your reporting.

2. POST a lead programmatically

If you'd rather use your own form UI, POST directly to our endpoint:

POST https://automatedojo.com/api/dojo-lead
Content-Type: application/json

{
  "dojoSlug": "your-dojo-slug",
  "name": "Jane Smith",
  "email": "jane@example.com",
  "phone": "+15551234567",
  "programInterest": "kids-bjj",
  "childAge": "8",
  "source": "facebook-ad-q4-2026",
  "utmSource": "facebook",
  "utmMedium": "cpc",
  "utmCampaign": "kids-jiu-jitsu-fall"
}

Response: { "ok": true } on success. 200ms typical.

Rate limit: 60 leads per IP per hour. Far above any legitimate use; the cap is anti-abuse only.

3. Subscribe to outbound webhooks (CRM fan-out)

Every captured lead is automatically pushed to your enabled integrations (Spark Membership, GoHighLevel, ActiveCampaign, HubSpot, Zapier). For custom workflows, add a webhook integration in your dashboard. We'll POST every lead to your URL:

POST https://your-server.com/webhook
Content-Type: application/json
X-AutomateDojo-Signature: sha256=<HMAC of body using your shared secret>
X-AutomateDojo-Event: lead.captured

{
  "id": "<lead-id-uuid>",
  "dojo_id": "<dojo-id-uuid>",
  "dojo_slug": "your-dojo-slug",
  "name": "Jane Smith",
  "email": "jane@example.com",
  "phone": "+15551234567",
  "source": "facebook-ad-q4-2026",
  "utm_source": "facebook",
  "utm_medium": "cpc",
  "utm_campaign": "kids-jiu-jitsu-fall",
  "gclid": null,
  "fbclid": "abc123...",
  "created_at": "2026-05-29T03:14:15Z",
  "enrichment": { /* lead-scoring data, when available */ }
}

Verifying the signature: Compute HMAC-SHA256 of the raw body using the secret we provided, compare against the X-AutomateDojo-Signature header. Reject mismatches.

Retry behavior: We retry failed deliveries with exponential backoff (1m, 5m, 30m, 2h, 12h). After 5 failed attempts we mark the webhook as broken and email you.

4. Inbound webhook from your CRM

If your CRM marks a lead as "converted" (signed up as a member), POST the update so our reporting reflects it:

POST https://automatedojo.com/api/webhooks/crm-status
Content-Type: application/json
Authorization: Bearer <your-API-token>

{
  "dojo_slug": "your-dojo-slug",
  "lead_email": "jane@example.com",
  "status": "converted",
  "converted_at": "2026-05-29T19:00:00Z",
  "deal_value_usd": 1800
}

Valid status values: qualified, converted, lost.

Get your API token from your dashboard. Tokens scope to one dojo.

5. Read API — GET /api/v1/leads

Pull leads programmatically. Mint a read-only token at /client/<slug>/api-tokens with scope read:leads. Tokens are sha256-hashed at rest; we never see the raw value again after creation.

GET https://automatedojo.com/api/v1/leads?since=2026-05-01T00:00:00Z&limit=200
Authorization: Bearer ad_live_…

{
  "ok": true,
  "leads": [ { "id": "…", "name": "Jordan Aceves", "email": "…", "phone": "…", "source": "google_ads", "status": "new", "created_at": "…" }, … ],
  "count": 12,
  "next_since": "2026-05-29T03:14:15Z"
}

Pagination: pass next_since back as ?since= on the next call. Rate limit: 60 req/min/token. Revoke at any time from the same admin page.

6. Status JSON endpoint

Public platform health for status pages, monitoring tools, etc:

GET https://automatedojo.com/api/status

{
  "status": "operational" | "degraded",
  "checked_at": "2026-05-29T03:50:00Z",
  "response_ms": 124,
  "probes": [
    { "name": "database", "ok": true },
    { "name": "edge", "ok": true },
    ...
  ]
}

No auth. Public.

6. Rate limits + abuse policy

  • /api/dojo-lead — 60 / IP / hour
  • /api/public/generate — 5 / IP / 24h (preview generation is heavy)
  • /api/stripe/checkout — 20 / IP / hour
  • /api/client/[slug]/ads/assistant — 30 / dojo / hour
  • /api/client/[slug]/site/edit — 15 / dojo / hour

Hit 429? Slow down. We don't hard-ban; the limits sliding-window per minute.

7. Versioning

Endpoints follow /api/<namespace>/<noun> and are stable. Breaking changes require a v2 path. The schema in webhook payloads is forward-compatible — we add fields but never remove or rename without bumping the version header.

What we don't yet support

  • Read endpoints (e.g., GET /api/leads) — your data is exported via /api/client/[slug]/export as a JSON dump
  • OAuth for third-party API consumers
  • GraphQL (we're intentionally REST-only)
  • Public OpenAPI schema (planned Q4)