Skip to main content

Setup Guide: Open API & Webhooks

How to generate an Open API key and set up inbound webhooks to trigger mail or attribution from your own systems.

A
Written by Adam Rutkowski

The LettrLabs Open API and inbound webhooks let your development team connect your own systems directly to LettrLabs — no Zapier required. With an Open API key you can call the LettrLabs API from your own code; with an inbound webhook you get a unique URL that your systems (a CRM, a job-management platform, an e-commerce store, etc.) can POST data to, and LettrLabs turns that data into a mail send, a radius mail campaign, or attributed revenue.

Before you start

  • A developer or technical contact who can make HTTP requests or configure outbound webhooks from your source system.

  • If you're triggering mail: a LettrLabs card template and an Automation (Integration Order) already set up, or ready to create.

Step 1: Generate an Open API key

  1. From your LettrLabs dashboard, open Automations and select the Open API card.

  2. Enter a Description for the key so you can identify it later (for example, "Backend service" or "ServiceTitan integration"), then click Generate Key.

  3. Copy the key that appears. For security, it is shown only once — if you close the window without copying it, you'll need to revoke it and generate a new one.

Send this key on every API request in an X-API-KEY header.

Managing your Open API keys

From the same Open API card, choose Manage Keys to see every key you've generated (with its description and creation date) and to delete keys you no longer need. Deleting a key immediately breaks anything authenticating with it, so create a replacement first if you plan to keep an integration running. You can also reach this same key list from Active Webhooks > Manage Open API Keys (see Step 3) — it's the same set of keys either way.

Step 2: Create an inbound webhook connection

A webhook connection is just a unique URL your system can POST to; what LettrLabs does with the data is configured separately in Step 4.

  1. Go to Active Webhooks and stay on the Data Streams (Inbound) tab.

  2. Click Create. A drawer opens with a webhook URL already generated for you.

  3. Give the connection a Webhook Name (required) so you can identify it later, then copy the Webhook URL — this is the address your source system will POST JSON to (it looks like https://app.lettrlabs.com/api/webhooks/<a-unique-id>).

A newly created connection starts in Test Mode: incoming requests are logged (visible in History) but not processed. Saving the drawer with a name turns Test Mode off and activates the connection, so confirm your integration is pointed at the right URL and sending the fields you expect before you save.

Step 3: Secure your webhook

In the same drawer, two independent authentication options are available — turn on either, both, or neither depending on how much your source system supports:

  • OpenAPI Key — when enabled, every request to this webhook's URL must include a valid Open API key (from Step 1) in the X-API-KEY header, belonging to your account. Use Manage Open API Keys right in this drawer if you need to generate one without leaving the page.

  • HMAC256 Signature Verification — when enabled, click Generate Secret to create a signing secret (shown once — store it with your integration). Your system then computes an HMAC-SHA256 signature of the exact request body using that secret and sends it in a signature header. See the Field Guide article for the exact header names and formats accepted.

You can change either toggle later, and generating a new secret at any time invalidates the previous one.

Step 4: Wire the webhook to something LettrLabs should do

Creating a connection just gives you a URL to send data to — you still need to tell LettrLabs what that data means. Where you do this depends on what you're trying to trigger:

  • Mail to Recipients or Radius Mail: open the Automation (Integration Order) you want the webhook to feed. In its setup, under Select Webhook Connection, choose the connection you created in Step 2 (or create a new one on the spot), then choose the action — Mail to Recipients to add individual recipients to that mailing, or Radius Mail to trigger a neighbor mailing around an address you send in. From there you can map fields from a sample payload, name the action, and optionally add filters (see Step 5).

  • Conversion or Lead (attribution) data: open the Conversions page and use its Webhooks tab. Click to create a new action, choose Conversion or Lead as the type, and pick the webhook connection to attach it to.

Step 5: Map fields and add filters

Whichever action type you're configuring, LettrLabs shows you the most recent JSON payload received on that webhook connection (send one test request from your system first if the list is empty) and lets you:

  • Map fields: drag fields from your raw payload onto the LettrLabs fields they correspond to (name, address, revenue, custom fields, etc. — see the Field Guide article for the full list per action type).

  • Set a Unique Id (optional): pick a field from your payload (like an order ID) to identify a record uniquely, and turn on Run Once if you only want LettrLabs to act on that unique record a single time even if the same event arrives again.

  • Add Inbound Filters (optional): turn on Inbound Filters to only run this action when incoming fields match conditions you set — for example, only mail when "Job Status" equals "Completed," or only mail when "Revenue" is above a threshold.

Testing and monitoring

While a connection is in Test Mode, requests are accepted and logged but never trigger a mail send or attribution. Once you save your webhook with a name it goes live, so send a real request from your integration and check the History tab on the Active Webhooks page — it shows every event received, its status, and (drilling into an event) the status of each action that ran off of it.

Deleting a webhook or key

Deleting a webhook connection or an Open API key takes effect immediately and cannot be undone — any external system still pointed at that URL or authenticating with that key will start failing. If you're replacing an integration, set up and verify the new connection or key before deleting the old one.

Did this answer your question?