CRM Callback (Phase 8)
Endpoint: POST /lead.capture/crm-callback
Used by Make.com (or similar) to send back the CRM lead ID after creating a lead in the external CRM. This stores the ID in our Leads table so we can match incoming CRM webhooks and show a "View in CRM" link in the dashboard.
Authentication
Requires CRM_CALLBACK_SECRET (set in wrangler vars or as a secret). Send via:
Authorization: Bearer <secret>, orX-API-Key: <secret>
Requests without a valid secret receive 401 Unauthorized. If the secret is not configured, the endpoint returns 503 Service Unavailable.
Request
- Method:
POST - Content-Type:
application/json - Body:
{
"lead_id": 123,
"crm_lead_id": "crm-abc-456"
}| Field | Type | Required | Description |
|---|---|---|---|
lead_id | number | Yes | Our lead row ID (D1 Leads.rowid). |
crm_lead_id | string | Yes | The lead ID returned by the CRM (non-empty). |
Response
200 OK — Lead updated:
{
"ok": true,
"lead_id": 123,
"crm_lead_id": "crm-abc-456"
}400 Bad Request — Invalid or missing lead_id / crm_lead_id, or invalid JSON.
401 Unauthorized — Missing or invalid secret.
404 Not Found — No lead with the given lead_id.
503 Service Unavailable — CRM_CALLBACK_SECRET not configured.
Make.com setup
- In your scenario, after the module that creates the lead in the CRM, add an HTTP – Make a request (or similar) step.
- URL:
https://<your-worker>/lead.capture/crm-callback - Method: POST
- Headers:
Authorization: Bearer <CRM_CALLBACK_SECRET>orX-API-Key: <CRM_CALLBACK_SECRET> - Body (JSON): Map the CRM module’s output lead ID to
crm_lead_id, and our lead ID (from the initial webhook payload or a previous step) tolead_id.
Our webhook payload to Make.com includes lead_id (our D1 lead row ID). In Make.com, map that value to the callback request body as lead_id, and the CRM module’s created lead ID as crm_lead_id.