SalesLobe ships with Corty, our built-in AI. But if you’ve built your own agent, you can plug it straight into the reply loop instead:
- Fetch - SalesLobe pushes every new lead reply to your webhook endpoint.
- Decide - your agent reads the full thread and writes the response.
- Send - your agent posts the response back through the SalesLobe API.
SalesLobe stays in control of what actually goes out. Every send attempt from your agent is logged, and until your agent has earned autonomy, every draft goes through your team’s review queue first. Nothing reaches a lead without a human saying yes.
Available on Pro and Agency plans (API access). Full endpoint reference, payloads, and code samples live at docs.saleslobe.com under “External AI agents: fetch, decide, send - governed”.
Step 1 - Create an API key with exactly three scopes
Go to Settings -> Connections -> API Keys and generate a key with only these scopes:
| Scope | Why your agent needs it |
|---|---|
leads.read | Fetch the full reply and conversation thread |
replies.send | Submit your agent’s response |
webhooks.manage | Register your webhook endpoint |
Don’t use a full-access (
*) key for an agent integration. If the key ever leaks, the blast radius stays small, and your agent can’t touch anything it doesn’t need. You’ll see the key once - store it as a secret in your agent’s environment.
Step 2 - Register your webhook endpoint
Register the HTTPS endpoint where your agent listens, subscribed to the lead.replied event (add corty.suggested if you want Corty’s draft as a starting point for your agent):
POST /v1/webhooks
Header: X-SalesLobe-Key: <your API key>
Body: { name, url, events: ["lead.replied", "corty.suggested"] }
The response includes an HMAC secret (prefix whsec_) - shown once, store it safely.
Verify every delivery. Each webhook request carries an X-SalesLobe-Signature: sha256=<hex> header - an HMAC SHA-256 of the raw request body, signed with your whsec_ secret. Never process an event without verifying the signature first.
Step 3 - Handle the event and fetch the full reply
When a lead replies, your endpoint receives a lead.replied event containing the lead’s email, the reply_id, and a preview of the reply text.
The reply text in the webhook payload is truncated to 500 characters. Don’t let your agent decide based on the preview - always fetch the full reply and thread first via
GET /v1/replies/<reply_id>. This returns the complete reply body plus the full conversation thread.
Step 4 - Send your agent’s response
POST /v1/replies/<reply_id>/send
Header: X-SalesLobe-Key: <your API key>
Body: { "body": "Hey John, great question - here is how that works..." }
If your agent started from a Corty suggestion and edited it, include original_suggestion and edited: true in the request - SalesLobe measures the edit distance and learns from your agent’s adjustments.
What “queued for review” means
A new agent starts at autonomy level 0. At level 0, every send returns HTTP 202 with:
{
"status": "queued_for_review",
"reply_id": "...",
"reason": "no_active_autonomy_grant"
}
This is not an error - it’s the product working as designed. Your agent’s draft landed safely in the SalesLobe inbox, where your team reviews it and approves the send with one click.
A few things your integration should know:
- Don’t retry a
202. The draft is already queued. Retrying is harmless (the call is idempotent - there’s never more than one pending draft per reply), but it’s not needed. - Treat
202as success-with-pending, not as a failure. - Approval happens in the SalesLobe inbox - the same review queue your team already uses for Corty’s suggestions.
How autonomy grows
Autonomy is earned, not assumed. Every send attempt your agent makes is logged - what it wrote, when, and what happened next. As your agent builds a track record, the organization owner can grant it a higher autonomy level. At a sufficient autonomy level, sends go out directly: the same API call returns 200 with "status": "sent" instead of 202. Your code doesn’t change - only the response does.
Build your integration to handle both "sent" and "queued_for_review" from day one, and the transition is seamless.
Where you can see everything your agent did
Open any reply in the SalesLobe inbox and you’ll find the Decision Trail: a chronological log of every action on that reply - your agent’s submissions (labeled External agent - via API, with the API key name), Corty’s suggestions, human approvals, and sends. This is your audit trail - if a client ever asks “who sent this and why,” the answer is one click away.
Pricing
Governance-only sends (your agent supplies the reply text itself) are metered; pricing is being finalized during the partner pilot. The full pipeline - where Corty generates the suggestion via the API - costs 1 credit per suggestion.
Quick checklist
- API key created with only
leads.read,replies.send,webhooks.manage - Webhook registered for
lead.replied(and optionallycorty.suggested) - HMAC signature verified on every incoming event
- Full reply fetched via
GET /v1/replies/:idbefore deciding (webhook preview is truncated at 500 characters) 202 queued_for_reviewhandled as success-with-pending, no retries- Both
"sent"and"queued_for_review"response paths handled
Questions? Reach out to the team - we’re actively onboarding integration partners.