We have developed a CRM used by multiple clients, each of whom has a contact form on their website. These clients want form submissions to be automatically entered into our CRM as "Leads."

Since most of our clients are non-technical, we need a solution that minimizes backend modifications on their websites while ensuring that each submission can be accurately attributed to its originating website.

One approach we considered was adding a unique identifier (e.g., a site parameter) to the webhook URL assigned to each client. However, this introduces a security risk—a client could modify their parameter to impersonate another website, potentially leading to data tampering.

Our key requirements:

• Each lead submission should include a reliable identifier for the originating website.
• Clients should not be able to spoof or alter their identifier.
• The solution should require minimal to no changes on the client’s website backend.
• Ideally, Zapier should handle validation natively, reducing the need for external workarounds like secret keys.

Is there a way Zapier can validate the source of the data automatically or any best practices to ensure data integrity without requiring clients to modify their form backend significantly?

Any recommendations or guidance would be appreciated.