Set up CRM Lead Webhook with Zapier and Make
CRM Lead Webhook is a paid-plan feature. Use this guide to send CardIQ leads to Zapier, Make, or any CRM that accepts incoming HTTPS webhooks.
{
"event_type": "lead_created",
"company_id": 123,
"employee_id": 456,
"employee_name": "Mona Hassan",
"lead_name": "Omar Ali",
"lead_email": "omar@example.com",
"lead_phone": "+1-555-0100",
"lead_company": "Example Trading LLC",
"source": "public_profile",
"profile_url": "https://card-iq.net/card.php?id=456",
"created_at": "2026-06-13T12:30:00Z"
}What you need
- Paid plan
Lead webhook delivery is not available on the free plan. - HTTPS webhook URL
Use a catch URL from Zapier, Make, or your CRM. The URL must start with https://. - Signing secret
CardIQ generates a signing secret when settings are saved or rotated. Do not put the secret in the URL or share it in public tickets.
Connect CardIQ to Zapier Webhooks
- Create a new Zap and choose Webhooks by Zapier as the trigger.
- Choose Catch Hook and copy the webhook URL Zapier provides.
- In CardIQ, open CRM Lead Webhook, paste the URL, enable the lead_created webhook, and save.
- Send a test from CardIQ, then use the test data in Zapier to map fields to your CRM, email, or spreadsheet step.
Connect CardIQ to Make Webhooks
- Create a new Make scenario and choose Custom Webhook as the trigger.
- Add a webhook, copy the receiving URL, and paste it into CardIQ webhook settings.
- Click Run once in Make, then send a Test Webhook from CardIQ so Make can detect the data structure.
- Map fields to your CRM, Google Sheets, or email module, then turn the scenario on.
Send leads to any CRM that accepts incoming webhooks
If your CRM provides an endpoint for receiving JSON POST requests, use that endpoint in CardIQ. It must support HTTPS and accept Content-Type: application/json.
- Enter the HTTPS endpoint in Webhook URL.
- Use the signing secret to verify that the request came from CardIQ.
- Map fields such as lead_name, lead_email, and employee_name to the matching CRM fields.
Webhook secret and signature overview
CardIQ sends lead_created events as signed POST requests. Headers include X-CardIQ-Event: lead_created and X-CardIQ-Signature. The signature is an HMAC SHA-256 digest of the request body using the company signing secret.
- The secret is not sent inside the JSON payload.
- Rotate the secret if it was copied to an untrusted place or the integration team changes.
- Do not expose webhook URLs or secrets in public pages or support screenshots.
Sample lead_created JSON
This sample is illustrative only and contains no secrets.
{
"event_type": "lead_created",
"company_id": 123,
"employee_id": 456,
"employee_name": "Mona Hassan",
"lead_name": "Omar Ali",
"lead_email": "omar@example.com",
"lead_phone": "+1-555-0100",
"lead_company": "Example Trading LLC",
"source": "public_profile",
"profile_url": "https://card-iq.net/card.php?id=456",
"created_at": "2026-06-13T12:30:00Z"
}
Test webhook steps
- Save the HTTPS URL and enable the lead_created webhook in CardIQ.
- Use Send Test Webhook on the CRM Lead Webhook settings page.
- Confirm Zapier, Make, or your CRM received the request and parsed the JSON.
- Review Recent Webhook Deliveries in CardIQ to confirm the status and HTTP code.
- After the test succeeds, create a real lead from a public profile to confirm the lead_created flow.
Delivery log and retry queue
A delivery failure does not block lead creation. CardIQ records delivery metadata such as event type, destination, HTTP code, status, payload hash, and a short error summary. Secrets are not stored in the delivery log.
Eligible paid-plan failures are added to a retry queue. After the CRM endpoint or Zapier/Make setup is fixed, admins can retry delivery, and the queue uses backoff intervals to handle temporary outages.