For developers + agencies
The CRM that lives where your client's leads come in
Drop a 4 KB script. Hit our REST API. Subscribe to HMAC-signed webhooks. Ship the CRM your services client actually wanted — in a day.
Embed widget
Install in 30 seconds
One script tag, no SDK, no CORS config. Captures UTM + referrer automatically. Drop the no-code form builder anywhere on your client's site.
<script
src="https://app.galindo.ai/w.v1.js"
data-galindo-form="form_abc123"
async defer
></script>REST API
Or call the API directly
Versioned, JSON, API-key auth. Every endpoint the no-code form uses is exposed. Idempotent on lead create, so retries are safe.
curl -X POST https://api.galindo.ai/api/v1/leads \
-H "Authorization: Bearer gal_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"email": "lead@example.com",
"name": "Jane Doe",
"phone": "+15551234567",
"source": "landing"
}'import { Galindo } from '@galindo/node'; // coming soon
const galindo = new Galindo(process.env.GALINDO_API_KEY!);
await galindo.leads.create({
email: 'lead@example.com',
name: 'Jane Doe',
phone: '+15551234567',
source: 'landing',
});Webhooks
Subscribe to events
Lead created. Deal stage changed. Quote sent. Message received. All delivered as HMAC-signed webhooks. Verify the signature, you're done.
import { createHmac, timingSafeEqual } from 'node:crypto';
export function verifyGalindoSignature(
body: string,
signatureHeader: string, // value of X-Galindo-Signature
secret: string, // shared secret you configured in Galindo
): boolean {
const expected = createHmac('sha256', secret).update(body).digest('hex');
const a = Buffer.from(expected);
const b = Buffer.from(signatureHeader);
return a.length === b.length && timingSafeEqual(a, b);
}Multi-tenant
One install, many clients
Each client gets their own org with isolated data + per-org API keys. Run a portfolio of services businesses without juggling logins or copy-pasting code.
Ship your client's CRM in a day.
Free forever for the first 50 leads/month. No credit card to start.