API keys + webhooks

FlowMaticX exposes a versioned REST API at /api/v1/. Authenticate with an API key (generated at /workspace/api-keys).

1. /workspace/api-keys → New key
2. Name + scopes (jobs:read, jobs:write, leads:read, leads:export, audits:read)
3. Copy the key once — we never show it again

bash curl -X POST https://app.flowmaticx.com/api/v1/jobs \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "workflow_type": "GOOGLE_MAPS", "keyword": "dentist", "location": "Stockholm, Sweden", "leads_requested": 20 }'

Returns:
json { "success": true, "data": { "job_id": 123, "status": "queued" } }

bash curl -H "Authorization: Bearer YOUR_API_KEY" \ https://app.flowmaticx.com/api/v1/leads?limit=100

Subscribe to events and receive HMAC-signed POSTs to your endpoint.

• job.created — when a new lead job is created
• job.completed — when a lead job finishes (success or partial)
• job.failed — when a lead job errors out
• lead.found — per-lead, fires every time a new lead is inserted
• credits.low — when your workspace credit balance drops below 20%
• audit.completed — when an SEO audit finishes
• monitor.down — when an uptime monitor goes down
• monitor.recovered — when it comes back up

1. /workspace/webhooks → New webhook
2. URL + pick events
3. Copy the signing secret — we send X-Webhook-Signature with every POST (HMAC-SHA256 of the body + secret)
4. Verify the signature on your server before trusting the payload

json { "event": "lead.found", "timestamp": "2026-04-15T10:23:00Z", "workspace_id": 42, "data": { "job_id": 123, "lead_id": 9876, "business_name": "Acme Dental Clinic", "email": "hello@acmedental.com", "domain": "acmedental.com" } }

Full payload reference: docs/webhook-payloads.md.