BBreadbox|Docs
Sign inStart free trial

Forms & Lead Capture

Capture leads from your website into Breadbox — three ways, depending on what your team can build.

Most common

Webhook URL

Paste a URL into Typeform, Jotform, WPForms, Squarespace, Wix, or any tool that supports webhooks.

No tool needed

Native form builder

Drag-and-drop builder. Get a hosted page or an embeddable script tag for your website.

For developers

REST API

POST directly to /api/v1/leads from any backend. Fully scoped, audit-logged, idempotent.

Webhook URL — paste into your form tool

In Breadbox, go to Settings → Forms & Lead Capture and create a new form. Copy the inbound URL it gives you. Format:

https://app.breadboxmsp.com/api/inbound/<orgId>/<slug>?token=<token>

Paste that URL into your form tool. Breadbox auto-detects common field names (email, first name, etc.) so most submissions work out of the box. If your form tool uses non-standard field names, configure explicit field mappings on the Mapping tab.

Tool-specific setup

Typeform
  1. Open your form → Connect tab → Webhooks
  2. Click Add a webhook and paste the URL from Breadbox
  3. Save
  4. Test by submitting your form. The submission appears in Breadbox under Settings → Forms → [your form] → Submissions within a few seconds.

Typeform sends a structured payload with field IDs like q1_email. Auto-detect handles this — no field mapping configuration needed.

Jotform
  1. Open your form → SettingsIntegrations
  2. Search for Webhooks and click it
  3. Paste the URL from Breadbox → Complete Integration
  4. Test by submitting the form

Jotform sends fields as q1, q2, etc. — you may need to configure explicit field mappings on the Mapping tab. Use the Test tab in Breadbox to paste a sample Jotform payload and verify mappings.

WordPress (WPForms)
  1. Requires WPForms Pro (Webhooks add-on is built in to Pro tier)
  2. In your form's settings → MarketingWebhooks
  3. Add New Webhook → paste the URL from Breadbox
  4. Set Request Method = POST, Format = JSON
  5. Add Request Body: select Form Fields
  6. Save the form. Test by submitting.
WordPress (Gravity Forms)
  1. Install the official Webhooks add-on (paid) from Gravity Forms
  2. Edit your form → SettingsWebhooks
  3. Add New → paste the URL from Breadbox
  4. Set Request Method = POST, Request Format = JSON
  5. Save. Test the form.
Squarespace
  1. Edit your form on the Squarespace page
  2. Click Storage tab → Connect a Service
  3. Choose Webhook and paste the URL from Breadbox
  4. Save. Submit the form to test.

Squarespace sends standard field names like fname, lname, email. Auto-detect handles them out of the box.

Wix
  1. In the Wix Editor, click your form → Form Settings
  2. Open the Submissions tab
  3. Choose Send to webhook and paste the URL from Breadbox
  4. Save the site. Submit the form to test.
Custom HTML form

Submit JSON or form-encoded data via fetch / curl / your backend:

<form id="contactForm">
  <input name="firstName" required />
  <input name="lastName" required />
  <input name="email" type="email" required />
  <input name="company" />
  <textarea name="message"></textarea>

  <!-- Honeypot — leave hidden + empty. Bots fill it; we reject. -->
  <input name="website_url" type="text" style="display:none" tabindex="-1" autocomplete="off" />

  <button type="submit">Submit</button>
</form>

<script>
document.getElementById('contactForm').addEventListener('submit', async (e) => {
  e.preventDefault();
  const formData = new FormData(e.target);
  const body = Object.fromEntries(formData.entries());

  const res = await fetch('https://app.breadboxmsp.com/api/inbound/<orgId>/<slug>?token=<token>', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify(body)
  });

  if (res.ok) {
    e.target.innerHTML = '<p>Thanks — we&apos;ll be in touch.</p>';
  } else {
    alert('Something went wrong. Please try again.');
  }
});
</script>

Field mapping

When Breadbox receives a submission, it needs to know which incoming field is the email, which is the first name, etc. There are two paths:

  1. Auto-detect (default) — we recognize common field names like email, first_name, contact_first_name, q1_email, etc. across dozens of synonyms. Works for ~90% of form tools out of the box.
  2. Explicit mapping — if your form tool sends odd field names (e.g. field_2493), open the form's Mapping tab and configure each one. Use the Test tab to paste a sample payload and see what would happen.

Mappable target fields:

firstName
lastName
email
phone
jobTitle
company
industry
website
city
state
country
message

Spam protection

Public form URLs attract bot traffic. Breadbox layers four protections:

  1. Token validation — every URL has a per-form 32-char token. Without it, submissions return 404. Rotate the token from the Setup tab if it leaks.
  2. IP rate limit — 10 submissions per minute per source IP. Beyond that, 429.
  3. Form-level rate limit — 100 submissions per hour per form. Catches abuse even when traffic is distributed across IPs.
  4. Honeypot field (recommended) — add a hidden field named e.g. website_url in your form HTML. Real users won't fill it; bots will. We silently reject those submissions and bump the spam-blocked counter.
  5. reCAPTCHA v3 (optional) — for high-traffic forms, enable Google reCAPTCHA v3. Sign up at google.com/recaptcha/admin, create a v3 key, paste both site key and secret into the form's Spam tab. Embed the site key in your form to generate tokens; we verify server-side with score threshold 0.5.

REST API — for developers

If you have a developer-built backend, use the public API. Authenticated, scoped, audit- logged. Different from the inbound URL — uses a Bearer token, supports idempotency keys, and returns full Lead data.

curl -X POST https://app.breadboxmsp.com/api/v1/leads \
  -H "Authorization: Bearer msp_live_xxxxx" \
  -H "Idempotency-Key: form-submission-$REQUEST_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "companyName": "Acme Healthcare",
    "contactFirstName": "Sarah",
    "contactLastName": "Chen",
    "contactEmail": "sarah@acme.example",
    "contactPhone": "(617) 555-0142",
    "industry": "Healthcare",
    "employeeCount": 65,
    "source": "INBOUND_WEB",
    "notes": "Submitted contact form on /pricing"
  }'

Full reference: /docs/api. Idempotency keys mean you can safely retry on network failure — same key returns the cached response.

Troubleshooting

My submission isn't showing up.

Check Settings → Forms → [your form] → Submissions. Every POST is logged, including spam-rejected and validation-failed ones. The status column tells you why.

  • SPAM_REJECTED — honeypot tripped or reCAPTCHA failed. Inspect the IP and payload.
  • VALIDATION_FAILED — couldn't parse email. Use the Test tab with the failing payload to debug field mapping.
  • ERROR — server error. Email api@breadboxmsp.com with the submission ID.
Form tool says 'invalid response' from the webhook.

Some form tools require a 200 status with a specific body shape. Breadbox returns 200 with { "success": true, "leadId": "...", "icpScore": 75 } on success. If your form tool doesn't accept that, check its webhook docs — most accept any 200.

I rotated the token. Did I break something?

Yes — the old URL stops working immediately. Update the URL in your form tool with the new one shown in Breadbox after rotation. Future versions will support a 24-hour overlap window for safer rotation.

Email is being detected wrong / mapped to the wrong field.

Open the Test tab. Paste a real submission payload (you can copy it from a recent entry in the Submissions tab). Click Test — you'll see exactly what Breadbox detected and which fields got which values. Configure explicit mappings in the Mapping tab to override auto-detect.

← ProspectingREST API →