How to Connect Contact Form 7 to GoHighLevel (LeadConnector API) — No Confusion, No Code
If you've ever stared at an API configuration panel wondering "wait — do these credentials come from my server or from the app I'm connecting to?" you're not alone.
That exact question was posted on the WordPress support forums. Someone was trying to send Contact Form 7 submissions to api.leadconnectorhq.com (GoHighLevel's backend API, used by LeadConnector and white-labeled CRM platforms built on GHL). They had the right instinct — use a CF7-to-API plugin, set up a POST request, configure headers — but were stuck on the fundamentals of how API authentication actually works.
This post explains it clearly, then walks through the full setup.
First: Understand Where Each Parameter Comes From
This is the most common confusion point. Let's settle it once:
| Parameter | Source |
|---|---|
| API URL | The app you're connecting to (GoHighLevel) |
| Authorization token / API key | The app you're connecting to (GoHighLevel) |
| Content-Type | Always application/json for JSON APIs you set this |
| HTTP Method (POST/GET) | Determined by the API docs of the destination app |
| Field mapping (name, email, etc.) | You define this matching your CF7 fields to GHL's expected keys |
Your WordPress server provides none of these. It's the sender. The credentials and endpoint always come from the receiving service.
GoHighLevel / LeadConnector API - What You Actually Need
GoHighLevel exposes its API at https://api.leadconnectorhq.com. If you're using a white-labeled version (StrongClients, HighLevel reseller, etc.), the endpoint may differ but the auth pattern is identical.
Step 1: Get Your API Key or Private Integration Token
In your GHL account:
- Go to Settings → Integrations → API Keys (or Private Integrations if on the newer API v2)
- Generate a new API key scoped to the sub-account you want leads sent to
- Copy the token - you'll use this as your Bearer token
For GHL API v2 (recommended), your token will be a long string used like:
Authorization: Bearer eyJhbGciOi...
For the older widget-style endpoints (/widget/...), you may use a Location API Key instead. Check your GHL sub-account settings under Settings → Business Info → API Key.
Step 2: Identify the Correct Endpoint
For submitting a contact (lead) to GoHighLevel, the endpoint is:
POST https://services.leadconnectorhq.com/contacts/
Or for the older widget submission URL format:
POST https://api.leadconnectorhq.com/widget/form/submit
The forum user had the widget URL already. If you're using that, you don't need an API key the widget URL itself is authenticated via the embedded form ID in the path. No Authorization header needed for widget submissions.
This is a key distinction:
-
/widget/...URLs → no Authorization header, just POST the fields -
/contacts/API endpoint → requiresAuthorization: Bearer YOUR_TOKEN+ API version header
The Full Setup with Contact Form to API Plugin
Contact Form to API handles CF7-to-external-API connections without custom PHP. Here's the exact configuration:
For the Widget Endpoint (simpler, no auth needed):
API URL: https://api.leadconnectorhq.com/widget/form/YOUR_FORM_ID
Method: POST
Content-Type: application/json
Field Mapping:
full_name → [your-name]
email → [your-email]
phone → [your-phone]
No Authorization header needed the form ID in the URL is the auth.
For the Contacts API (v2, recommended for CRM use):
API URL: https://services.leadconnectorhq.com/contacts/
Method: POST
Headers:
Authorization: Bearer YOUR_PRIVATE_INTEGRATION_TOKEN
Version: 2021-07-28
Content-Type: application/json
Field Mapping:
firstName → [first-name]
lastName → [last-name]
email → [your-email]
phone → [your-phone]
locationId → YOUR_LOCATION_ID (static value find in GHL sub-account settings)
The locationId is a static value from your GHL sub-account it's not a form field. In Contact Form to API, you can set static/hardcoded values alongside dynamic CF7 field mappings.
The Authorization Header: Which Type to Use
The forum post showed three options and the user wasn't sure which applied. Here's the breakdown:
Authorization: MY_API_KEY ← Not standard some APIs use this as a custom header
Authorization: Bearer xxxxxxx ← GHL API v2 uses this (most common for modern APIs)
Authorization: Basic xxxxxx ← Base64 encoded username:password NOT used by GHL
For GoHighLevel: always use Bearer. The Basic and raw key formats are for other services.
One Authorization header at a time. Do not stack multiple Authorization headers only the last one will be read, and some servers will reject the request entirely with multiple auth headers.
Testing Before You Go Live
Before wiring up a live form, test the API call directly:
curl -X POST https://services.leadconnectorhq.com/contacts/ \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Version: 2021-07-28" \
-H "Content-Type: application/json" \
-d '{
"firstName": "Test",
"lastName": "User",
"email": "test@example.com",
"phone": "+11234567890",
"locationId": "YOUR_LOCATION_ID"
}'
If this returns a contact object with an id, your credentials and payload are correct. Then configure the same values in your CF7 plugin you're just replacing the hardcoded values with dynamic field mappings.
Common Errors and What They Mean
| HTTP Status | Meaning | Fix |
|---|---|---|
| 401 Unauthorized | Token missing or wrong | Check Bearer token, confirm it's for the right sub-account |
| 422 Unprocessable Entity | Payload structure wrong | Check required fields locationId and email are mandatory |
| 404 Not Found | Wrong endpoint URL | Confirm you're using v1 widget URL vs v2 contacts endpoint |
| 200 but no contact created | Widget URL used but form ID wrong | Regenerate the widget embed URL from GHL |
Top comments (0)