Lead API

What it is

POST https://app.remixcrm.com/api/v1/leads — a public REST endpoint to create leads from any external source: your website's contact form, Facebook Lead Ads, Wix/Squarespace forms, Zapier, n8n, Make.com, custom backends, etc.

Authentication

API keys are scoped to a single organization. Generate one in Settings → Integrations → Lead API Keys:

1. Click + New API key
2. Give it a descriptive name (e.g. "Website contact form")
3. Click Create
4. Copy the key immediately — it's only shown once

Keys start with rmx_ followed by ~32 random characters. They're stored as salted SHA-256 hashes in the database, so we can verify them but can't recover the plaintext — that's why you must copy at creation time.

Sending the key

Either of these works:

Authorization: Bearer rmx_yourkeyhere

or

X-API-Key: rmx_yourkeyhere

The Authorization: Bearer form is preferred — it works with most HTTP clients out of the box.

Request

POST /api/v1/leads
Authorization: Bearer rmx_xxxx
Content-Type: application/json

{
  "first_name": "Jane",
  "last_name": "Doe",
  "email": "jane@example.com",
  "phone": "+15551234567",
  "event_date": "2026-08-15",
  "event_type": "Wedding",
  "source": "Website contact form",
  "notes": "Saw the IG ad — wants 4 hours, indoor",
  "status": "new"
}

Required fields

Optional fields

Responses

201 Created

{
  "id": "uuid",
  "status": "created",
  "lead_url": "https://app.remixcrm.com/leads/uuid"
}

The lead is now in your org. Open lead_url in a browser (when logged in as a member of that org) to view/edit.

400 Bad Request

Validation failed.

{ "error": "Missing required fields", "fields": ["phone", "event_date"] }

401 Unauthorized

Missing, malformed, or revoked API key.

429 Too Many Requests

You've hit the rate limit: 100 leads/hour per org. Slow down or batch.

500 Internal Server Error

Something broke server-side. The error message is included; if it keeps happening, file a bug report or contact support.

Example: HTML form on your website

<form id="contact" onsubmit="return submitLead(event)">
  <input name="name" placeholder="Your name" required />
  <input name="email" type="email" placeholder="Email" required />
  <input name="phone" placeholder="Phone" required />
  <input name="event_date" type="date" required />
  <textarea name="notes" placeholder="Tell us about your event"></textarea>
  <button type="submit">Send</button>
</form>

<script>
async function submitLead(e) {
  e.preventDefault()
  const fd = new FormData(e.target)
  const res = await fetch('/api/contact-proxy', {
    method: 'POST',
    headers: { 'content-type': 'application/json' },
    body: JSON.stringify(Object.fromEntries(fd)),
  })
  // Show thank-you message
}
</script>

The /api/contact-proxy on your own site should attach the RemixCRM API key server-side and forward to https://app.remixcrm.com/api/v1/leads — never embed the API key in client-side JavaScript.

Example: curl

curl -X POST https://app.remixcrm.com/api/v1/leads \
  -H "Authorization: Bearer rmx_yourkey" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Doe",
    "email": "jane@example.com",
    "phone": "+15551234567",
    "event_date": "2026-08-15",
    "event_type": "Wedding"
  }'

Example: Zapier

1. Create a Zap with whatever trigger (Facebook Lead Ads, Typeform, etc.)
2. Add a Webhooks by Zapier → Custom Request action
3. Method: POST
4. URL: https://app.remixcrm.com/api/v1/leads
5. Headers:

   Authorization | Bearer rmx_yourkey
   Content-Type  | application/json
   

6. Data: JSON body with mapped fields from the trigger
7. Turn it on

Side effects

Every successful lead creation:

1. Inserts a row in leads
2. Fires the lead.created outbound webhook (see outbound webhooks)
3. Counts against the hourly rate limit

Revoking keys

In Settings → Integrations → Lead API Keys, click Revoke on the key you want to disable. Revocation is immediate. The key prefix (first 12 chars) remains visible so you can identify which one was just revoked.