Push GitHub Leads to Any Tool via Webhook — GitLeads Integration Guide

GitLeads webhooks let you receive enriched GitHub developer lead data — name, email, GitHub username, bio, follower count, top languages, and the signal that triggered the lead — as a real-time HTTP POST to any URL you control. Webhooks are the most flexible integration mode: pipe leads into a custom database, trigger a serverless function, fan out to multiple tools simultaneously, or build conditional routing logic that no off-the-shelf integration supports.

Webhook Payload Structure

Every GitLeads webhook delivers a JSON payload. Here is the schema for a stargazer signal:

{
  "event": "lead.created",
  "signal_type": "stargazer",
  "repo": "vercel/next.js",
  "starred_at": "2026-05-04T14:22:01Z",
  "lead": {
    "name": "Alex Chen",
    "email": "alex@acme.io",
    "github_username": "alexchen",
    "github_url": "https://github.com/alexchen",
    "bio": "Building developer tools at Acme",
    "company": "Acme Corp",
    "location": "San Francisco, CA",
    "followers": 842,
    "top_languages": ["TypeScript", "Go", "Python"],
    "public_repos": 34,
    "signal_context": "Starred vercel/next.js"
  }
}

For keyword signals, the payload includes additional context fields: keyword_matched, signal_source (issue, PR, discussion, commit, code), repo, issue_url, and snippet (the surrounding text where the keyword appeared). This gives your downstream handler the full context to decide routing, scoring, or suppression logic.

Setting Up a GitLeads Webhook

1. In GitLeads, go to Settings → Integrations → Webhooks.
2. Click "Add Webhook" and paste your endpoint URL.
3. Select which signal types to receive: Stargazer signals, Keyword signals, or both.
4. Optionally filter by repo or keyword group to reduce noise.
5. GitLeads will send a test payload — verify your endpoint returns a 200 status.
6. Save. Leads will now POST to your endpoint in real time.

Handling Webhooks in Node.js

import express from 'express';

const app = express();
app.use(express.json());

app.post('/gitleads-webhook', async (req, res) => {
  const { event, signal_type, lead } = req.body;

  // Acknowledge immediately to prevent retry
  res.status(200).json({ ok: true });

  if (event !== 'lead.created') return;

  // Route based on signal type
  if (signal_type === 'stargazer') {
    await createCRMContact(lead);
  } else if (signal_type === 'keyword') {
    await addToSlackChannel('#github-intent', lead);
  }
});

Webhook Use Cases

• Write leads directly to a Postgres or Supabase database for custom analytics
• Trigger a Cloudflare Worker or AWS Lambda to enrich leads with LinkedIn data before sending to CRM
• Fan out to multiple destinations simultaneously — Slack notification + HubSpot contact + Smartlead sequence
• Build lead scoring logic: only forward leads with 200+ GitHub followers to outreach sequences
• Route competitor stargazers to high-priority SDR queue, ecosystem stargazers to nurture flows
• Integrate with any CRM or outreach tool that has an API but no native GitLeads connector

Webhook Reliability and Retries

GitLeads retries webhook deliveries up to 5 times with exponential backoff if your endpoint returns a non-200 status. Each delivery attempt is logged in the GitLeads dashboard under Settings → Integrations → Webhook Logs so you can inspect payloads and debug failures. Always return a 200 immediately and process asynchronously to avoid timeouts.

Securing Your Webhook Endpoint

GitLeads signs every webhook payload with an HMAC-SHA256 signature in the X-GitLeads-Signature header. Verify this signature before processing any payload to prevent spoofed requests:

import crypto from 'crypto';

function verifyWebhookSignature(
  payload: string,
  signature: string,
  secret: string
): boolean {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}