WordPress Integration API

The endpoints behind the KaiCalls AI Intake WordPress plugin. Use them directly to mint keys, verify a connection, send leads from any form, and read a recent-leads summary — whether you use the plugin, an existing form plugin, or a fully custom integration.

Overview

The WordPress integration uses a dedicated pair of keys — distinct from the standard kc_live_ API keys used by the rest of the KaiCalls REST API. Each connection has a Public Key that identifies the business and a Secret Key that authenticates the request.

Base URL
https://www.kaicalls.com
Public Key
wp_pk_… (identifier, safe to store)
Secret Key
wp_sk_… (treat like a password)
Lead source
wordpress_form

Where API keys come from

The simplest path is the dashboard: sign in, open WordPress in the left navigation (/dashboard/wordpress), optionally enter your site URL, and click Generate New API Keys. Copy the Public Key and Secret Key — the secret is shown only once.

To provision keys programmatically (for example, an agency onboarding many sites), call the keys/create endpoint below with a standard KaiCalls API key.

Authentication

The intake and dashboard-widget endpoints authenticate with a Bearer token that joins the two keys with a colon:

http
Authorization: Bearer wp_pk_xxxxxxxx:wp_sk_xxxxxxxx

The Public Key comes first, the Secret Key second. The verify endpoint is the exception — it takes the two keys as a JSON body instead of a header (it is what the plugin's "Save & Test Connection" button calls).

Keep the Secret Key server-side. The plugin only ever sends it in a server-to-server request from the WordPress host to KaiCalls; never expose it in client-side JavaScript or page source.

Mint a connection (keys)

POST/api/v1/wordpress/keys/create

Creates a WordPress connection and returns a fresh Public/Secret key pair. Authenticate with a standard KaiCalls API key (Authorization: Bearer kc_live_…) or call it from an authenticated dashboard session. A key that spans multiple businesses must pass businessId in the body.

Request body

json
{
  "businessId": "biz_123",          // required for multi-business keys
  "siteUrl": "https://example.com"  // optional, for your own reference
}

Example

bash
curl -X POST https://www.kaicalls.com/api/v1/wordpress/keys/create \
  -H "Authorization: Bearer kc_live_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{ "siteUrl": "https://example.com" }'

Response 200

json
{
  "success": true,
  "publicKey": "wp_pk_xxxxxxxx",
  "secretKey": "wp_sk_xxxxxxxx",
  "businessId": "biz_123",
  "connectionId": "conn_456",
  "message": "WordPress API keys created successfully"
}

The secretKey is returned once and not retrievable later — store it immediately.

Verify a connection

POST/api/v1/wordpress/auth/verify

Confirms a key pair is valid. This is what the plugin's Save & Test Connection button calls. Keys are passed in the JSON body, not the header.

Request body

json
{
  "publicKey": "wp_pk_xxxxxxxx",
  "apiKey": "wp_sk_xxxxxxxx"   // the secret key
}

Example

bash
curl -X POST https://www.kaicalls.com/api/v1/wordpress/auth/verify \
  -H "Content-Type: application/json" \
  -d '{ "publicKey": "wp_pk_xxxxxxxx", "apiKey": "wp_sk_xxxxxxxx" }'

Responses

json
200  { "success": true, "business_id": "biz_123" }
401  { "success": false, "error": "Invalid Public Key." }
401  { "success": false, "error": "Invalid API Key." }
400  { "success": false, "error": "API Key and Public Key are required." }

Post a lead (intake)

POST/api/v1/wordpress/intake

Creates a lead in the authenticated business. This is the endpoint the shortcode form posts to, and the one to point an existing form (Contact Form 7, WPForms, Gravity Forms, Elementor) at. The lead is recorded with source wordpress_form and triggers KaiCalls' lead follow-up side effects (scoring, notifications, workflows).

Request body

json
{
  "name": "Jane Doe",
  "email": "jane@example.com",
  "phone": "+15551234567",   // optional
  "message": "I'd like a quote for next week."
}

Example

bash
curl -X POST https://www.kaicalls.com/api/v1/wordpress/intake \
  -H "Authorization: Bearer wp_pk_xxxxxxxx:wp_sk_xxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Doe",
    "email": "jane@example.com",
    "phone": "+15551234567",
    "message": "I would like a quote for next week."
  }'

Responses

json
200  { "success": true, "leadId": "lead_789", "message": "Lead created successfully" }
401  { "success": false, "error": "Unauthorized" }
500  { "success": false, "error": "Failed to create lead" }

Recent-leads summary (widget)

GET/api/v1/wordpress/dashboard-widget

Returns a summary of recent leads for the authenticated business — the data behind the plugin's "Recent AI Intake Leads" dashboard widget. The plugin caches the result for up to an hour.

Example

bash
curl https://www.kaicalls.com/api/v1/wordpress/dashboard-widget \
  -H "Authorization: Bearer wp_pk_xxxxxxxx:wp_sk_xxxxxxxx"

Response 200

json
{
  "success": true,
  "recentLeads": [
    { "name": "Jane Doe", "created_at": "2026-06-27T14:03:00Z" }
  ],
  "leadsThisWeek": 12
}

Notes & best practices

  • All requests must be made over HTTPS. Plain HTTP is rejected.
  • Generate a separate key pair per site (passing each site's URL) so you can revoke one site without affecting the others.
  • The intake endpoint only requires name, email, and message; phone is optional. A missing or invalid email is rejected.
  • Leads created here behave like any other KaiCalls lead — they appear under Leads and follow your configured agent and workflow behaviour.

Related:

Questions? Email support@kaicalls.com.

    WordPress Integration API — KaiCalls Developer Docs