Integrate Vondaro on your website or server. Public endpoints, authentication, and copy-paste examples in one place.
Production base URL: https://vondaro.io. All examples use this host.
JSON endpoints enable CORS for browser calls where relevant. Never expose a private API key in frontend code – it is only valid from server-side requests.
Create keys in the Vondaro dashboard under Embed (Beágyazás).
Origin header, it will be rejected.Add the snippet before the closing body tag. The script loads the bubble UI and calls our API using data-base-url.
<script src="https://vondaro.io/embed.js" data-api-key="lgp_..." data-base-url="https://vondaro.io" async ></script>
/api/v1/leadsHeader: x-api-key or Authorization: Bearer <key>, or JSON field api_key.
| Name | Type | Required | Description |
|---|---|---|---|
| first_name | string | yes | First name or full name. |
| string | yes | Valid email address. | |
| last_name | string | no | Last name. |
| phone | string | no | Phone number. |
| service | string | no | Short service or product label. |
| details | string | no | Free text; stored under details.note. |
| source | string | no | One of form | api | chat | manual. Default: api. |
| referral_data | object | no | UTM / referrer fields (allowed keys only). |
| Name | Type | Description |
|---|---|---|
| success | boolean | Whether the lead was stored. |
| lead_id | uuid | New lead id. |
| over_limit | boolean | If the plan’s lead limit is exceeded, lead may still be stored with status over_limit. |
400Missing required field or invalid email.401Missing or invalid API key.403Private key from browser, or disallowed origin (public key).500Server error.curl -sS -X POST "https://vondaro.io/api/v1/leads" \
-H "Content-Type: application/json" \
-H "x-api-key: lgp_PRIVATE_..." \
-d '{
"first_name": "Peter",
"email": "peter@example.com",
"phone": "+36301234567",
"service": "Paving",
"details": "40 m2, Budapest",
"source": "api"
}'/api/embed/config| Name | Type | Required | Description |
|---|---|---|---|
| api_key | string | yes | Public API key. |
| Name | Type | Description |
|---|---|---|
| welcome_message | string | Welcome message. |
| quick_buttons | string[] | Quick reply labels. |
| contact_prompt_text | string | null | Custom contact prompt. |
| require_phone | boolean | Whether phone is required. |
| gate_quote | boolean | Quote gate setting. |
| chat_theme | object | null | Pro: { primary_hex }. Business/Enterprise: optional accent_hex, header_title, border_radius_px (8–28), hide_powered_by. Fields match plan; otherwise null. |
400Missing api_key.401Invalid key.403Private key not allowed here.curl -sS "https://vondaro.io/api/embed/config?api_key=lgp_..."
/api/embed/chat| Name | Type | Required | Description |
|---|---|---|---|
| api_key | string | yes | Public API key. |
| message | string | yes | User message. |
| session_id | string | no | Session id (client-generated, stable). |
| first_name | string | no | If contact already known. |
| string | no | Email if known. | |
| phone | string | no | Phone if known. |
| referral_data | object | no | Same allowed keys as the lead API. |
| Name | Type | Description |
|---|---|---|
| reply | string | Assistant reply text. |
| lead_id | uuid | Current lead id. |
| session_id | string | Session id. |
| request_contact | boolean | Hints that contact details should be requested. |
400Missing api_key or message.401Invalid key.403Private key not allowed from browser.500Server error.curl -sS -X POST "https://vondaro.io/api/embed/chat" \
-H "Content-Type: application/json" \
-d '{
"api_key": "lgp_...",
"message": "Hi, I need a quote for paving.",
"session_id": "lgp_session_abc123"
}'Documented endpoints respond with Access-Control-Allow-Origin: * for preflight where applicable.
Errors are usually JSON: { "error": "…" } (Hungarian message text).
Successful POST /api/v1/leads responses may include X-Lead-Limit and X-Lead-Count when the plan has a configured limit.