Overview
The QuickOn API lets you send inbound leads from any source. Every lead is validated, normalized, de-duplicated, enriched, and qualified by AI, then optionally synced to your CRM. The base URL is https://www.quickon.in and the current version is v1.
Authentication
Authenticate every request with an API key in the X-API-Key header. Create keys under Settings → API Keys. Keys are shown once and stored only as a hash.
X-API-Key: lp_your_key_here
Create a lead
POST /api/v1/leads — accepts a JSON body. Returns 202 Acceptedwith the lead id; qualification runs asynchronously.
curl -X POST https://www.quickon.in/api/v1/leads \
-H "X-API-Key: lp_your_key_here" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: your-unique-id" \
-d '{
"name": "Jane Doe",
"email": "jane@company.com",
"phone": "+1 555 123 4567",
"company": "Company Inc",
"website": "https://company.com",
"job_title": "VP Sales",
"country": "US",
"industry": "SaaS",
"message": "Interested in a demo",
"source": "Website Form"
}'{
"id": "clx...",
"status": "accepted",
"message": "Lead accepted for processing"
}Fields
All fields are optional, but at least one of email, phone, orname is required. Unknown fields are stored as custom metadata and can be mapped to canonical fields under Field Mapping.
nameemailphonecompanywebsitejob_titlecountryindustrymessagesource
Idempotency
Send an Idempotency-Key header to safely retry requests. If a lead with the same key was already processed for your organization, the original result is returned with200 and status: "duplicate" instead of creating a new lead.
Rate limits
Requests are rate limited per API key. On breach you receive 429 with aRetry-After header. Every response includes X-RateLimit-Remaining.
Webhooks
Form providers can post directly to a signed webhook endpoint. Create one under Integrations to get a URL and signing secret:
POST https://www.quickon.in/api/webhooks/{source}/{integrationId}Supported sources: typeform, hubspot, zapier, andgeneric (HMAC-SHA256). Payloads are signature-verified before they are trusted; unsigned or mis-signed requests receive 401.
Errors
| Status | Meaning |
|---|---|
202 | Lead accepted for processing |
200 | Idempotent replay — lead already processed |
400 | Malformed JSON body |
401 | Missing/invalid API key or webhook signature |
422 | Validation failed (see details.fieldErrors) |
429 | Rate limit exceeded (Retry-After header) |
Versioning
Breaking changes ship under a new prefix (/api/v2); /api/v1 is never broken in place and is supported for at least 12 months after the next version ships. Deprecated versions return a Sunset header once deprecation is announced. All changes are recorded in the API changelog.