How to modify the LoadConvert Apex payload?

Question

I've written a trigger under the LeadConvert update event as follows:

trigger WebhookSenderTriggerLeadConvert on Lead (after update) {
    if (Trigger.new.size() == 1) {
        if (Trigger.old[0].isConverted == false && Trigger.new[0].isConverted == true) {
            if (Trigger.new[0].ConvertedAccountId != null) {
                String url = 'https://mydomain.io';
                String content = WebhookSender.jsonContent(Trigger.new, Trigger.old);
                WebhookSender.callout(url, content);
            }
        }
    }
}

This works for me on a dev Salesforce, and in the payload I correctly receive:

{
    "new":[
        {
            "attributes":{
                "type":"Lead",
                "url":"/services/data/v56.0/sobjects/Lead/B00000000000000000"
            },
            "Id":"B00000000000000000",
            ...(+30 more fields)
        }
    ],
    "old":[
        {
            "attributes":{
                "type":"Lead",
                "url":"/services/data/v56.0/sobjects/Lead/B00000000000000000"
            },
            "Id":"B00000000000000000",
            ...(+30 more fields)
        }
    ],
    "userId":"A00000000000000000"
}

However in another third party Salesforce account I get the following:

{
    "new":[
        {
            "attributes":{
                "type":"Lead",
                "url":"/services/data/v56.0/sobjects/Lead/C00000000000000000"
            },
            ...(9 more fields)
        }
    ],
    "old":[
        {
            "attributes":{
            },
            ...(9 more fields)
        }
    ],
    "userId":"D00000000000000000"
}

I've obfuscated a lot of the fields here as a lot of it is sensitive, but what i'm unable to determine is what exactly causing a large portion of fields in the third-party Salesforce to not be there, including the Id field, where in the dev Salesforce everything is present.

Is there anything that may be doing this?

EDIT: Posting WebhookSender, as it's been brought up in comments

public class WebhookSender {
    public static String jsonContent(List<Object> triggerNew, List<Object> triggerOld) {
        String newObjects = '[]';
        if (triggerNew != null) {
            newObjects = JSON.serialize(triggerNew);
        }

        String oldObjects = '[]';
        if (triggerOld != null) {
            oldObjects = JSON.serialize(triggerOld);
        }
        String userId = JSON.serialize(UserInfo.getUserId());

        String content = '{"new": ' + newObjects + ', "old": ' + oldObjects + ', "userId": ' + userId + '}';
        return content;
    }

    @future(callout=true)
    public static void callout(String url, String content) {
        Http h = new Http();

        HttpRequest req = new HttpRequest();
        req.setEndpoint(url);
        req.setMethod('POST');
        req.setHeader('Content-Type', 'application/json');
        req.setHeader('Authorization', 'someKey');
        req.setBody(content);

        if (!Test.isRunningTest()) {h.send(req);}
    }

    public static Map<String, Object> ParseRequest(RestRequest req) {
        String body = req.requestBody.toString();
        Map<String, Object> data = (Map<String, Object>) JSON.deserializeUntyped(body);
        return data;
    }
}

Answer 1

Well, is the WebhookSender class identical in both? Does it dump all fields it received to JSON or does it contain some security-related code such as "stripInaccessible"? Maybe the fields are there but your Profile doesn't see them so strip... cuts them out?

Can it be that your dev org simply has 20+ custom fields in Lead table more than the other org?

Are the fields you're missing coming from managed package? They'd have namespace__FieldName__c format, with 4 underscores total. Maybe the package isn't installed. If you know the fields are there but your user doesn't have license for that managed package - it's possible they'll be hidden.