- Create an integration key in the YoLead UI.
- Store the API secret on your backend.
- Sign each
/v1/* request with HMAC-SHA256.
- Call
GET https://api.yo-lead.com/v1/employees.
- Use the REST API reference for endpoint-specific request and response shapes.
Run signing code on your backend. The API secret must never be sent to browser code.
GET /v1/employees HTTP/1.1
Host: api.yo-lead.com
X-YoLead-Key: <publicKey>
X-YoLead-Timestamp: <unix_ms_timestamp>
X-YoLead-Signature: <hex_hmac_sha256>
import { createHmac } from "node:crypto";
const publicKey = process.env.YOLEAD_PUBLIC_KEY!;
const apiSecret = process.env.YOLEAD_SECRET!;
const timestamp = Date.now().toString();
const rawBody = "";
const signature = createHmac("sha256", apiSecret)
.update(`${timestamp}.`)
.update(rawBody)
.digest("hex");
const response = await fetch("https://api.yo-lead.com/v1/employees", {
method: "GET",
headers: {
"X-YoLead-Key": publicKey,
"X-YoLead-Timestamp": timestamp,
"X-YoLead-Signature": signature,
},
});
console.log(await response.json());