ActiveProspect FAQs

TrustedForm account holders who are receiving certified leads can use the TrustedForm API to claim the certificate provided with each lead.Doing so

Verifies the legitimacy of the certificate

Stores the certificate for future reference and

Provides programmaticaccess to the information shown on the certificate

To claim a certificate using the TrustedForm API, send an HTTP POST request to the certificate URL sent by your publisher.

Do not make a request unless the URL starts with https://cert.trustedform.com, otherwise you may expose your TrustedForm credentials to someone else

Use a POST request any other type of request will not claim the certificate

Use the Accept: application/json request header

Use the Content-Type: application/json or Content-Type: application/x-www-form-urlencoded header, and encode the request body accordingly.

Use the API key provided on the "Settings" tab in the TrustedForm Application and the username 'API', please see the example below

Reference

When you claim a certificate, you can pass the optional parameterreference We will store this value along with your claimed certificate. The use case for the reference parameter is you can pass your lead identifier, which will provide another reference point to the certified lead that you received.

This will indicate which lead a certificate belongs to just by examining the certificate data. In the case that your publisher has passed youtwo leads with the same Certificate URL, this reference parameter will allow you to determine which lead it was originally passed with.

If you are a LeadConduit customer, the LeadConduit Lead URL will be automatically sent as the reference. This allows you to refer back to the lead with which an individual certificate was collected.

Vendor

When claiming a certificate, you can pass the optional vendor parameter. We will store this value along with your claimed certificate.Later when you use TrustedForm reporting, you can easily filter or group by a vendor.

If you use our LeadConduit platform, the vendor will be automatically sent with each certificate claim request.

Fingerprints

When you claim a certificate you can calculate lead fingerprint values using the email and phone number you receivedin the lead data accompanying the certificate. Each fingerprint value is an SHA1 hash of an email or phone value. Eachfingerprint value should be provided in a fingerprint parameter.

If at least one of the fingerprints you provide does not match one of those collected on the certificate you will receivethe none of the provided fingerprints match in the claim warnings field. This indicates that the lead data collectedon the form does not match the lead data that you received.

If you use our LeadConduit platform to claim the certificate the fingerprints will be automatically calculated and sent with each certificate claim request.If you are accessing our API directly, see our instructions for generating a lead fingerprint.

Page Scanning

To assist in enforcing compliance, TrustedForm can scan the certificate's HTML snapshot to ensure specific phrases are (or are not) present. If you scan for required text (disclosure terms, for example), the TrustedForm response will include a warning if that text isn't found in the snapshot. Alternately, you can scan for forbidden text (disallowed ad copy, for instance), in which case the response will include a warning if the text is found.

Scanning for Required Text

To search for required text, pass the search text as the scan parameter when you claim the certificate. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is not found in the HTML document, then "string not found in snapshot" will be included in the warnings key of the claim response.

Scanning for Forbidden Text

To search for forbidden text, use the scan! parameter in the claim call. If TrustedForm's search (alsocase and whitespace insensitive) finds that text in the HTML document, the message "string found in snapshot" will be returned in the warnings key of the claim response.

Note that aside from ignoring whitespace and text case, TrustedForm's scans are literal, including any special characters that you pass.

You may include either or bothscan and scan! in a single claim call. If including both you must look for the corresponding messages in the warnings key of the claim response ("string not found in snapshot" or "string found in snapshot", respectively).

Masked Certificates

A masked certificate is generated for every claim. You can obtain the URL to it from the masked_cert_url field of the response JSON when you claim a certificate. You can then share it with your buyers. They can claim it using the same claiming instructions as a normal certificate.

Response Codes

If you successfully claim a certificate, an HTTP 201 Created will be returned with the JSON representation of the certificate in the response body. Beware that using an HTTP GET will also return an HTTP 200 along with the HTML representation of the certificate your cert will not be claimed with an HTTP GET.

If the certificate is older than 3 days or if the certificate URL is invalid, then an HTTP 404 Not Found or HTTP 410 Gone will be returned.

If you have not authenticated correctly using your API key, an HTTP 403 Forbidden will be returned.

If the certificate id is formatted incorrectly, a 406 Not Acceptable will be returned.

If you receive a 500, 502 or 503, please retry the claim, if it continues to fail, please contact [email protected]

If you receive any response code other than those above, please let us know.

Claims

When you claim a certificate, a claim record is created and stored in TrustedForm and the JSON response body contains claim record.

See Claim documentation for additional information on claim records.

Claim Fields

The following fields are available for every certificate record issued by TrustedForm

token Uniquely identifies this certificate

ip The consumer's public IP address

location The URL of the page hosting our JavaScript. Query strings hidden for privacy reasons

parent_location If the page was framed, the parent frame's URL

framed true or false, depending on whether the form is hosted on a framed page

browser A human-friendly version of user_agent

operating_system A human-friendly version of the user's operating system

user_agent The consumer's browser user-agent

created_at The time the consumer loaded the vendor's form in UTC, ISO8601 format

event_duration Thetime in milliseconds the user took to complete the form

expires_atThe date and time the certificate will no longer be available for further claims

share_url A shareable URL that allows customers to send TrustedForm certificates to third parties on an as-needed basis

geo A hash of geolocation data based on the IP address

lat Latitude

lon Longitude

city City name

state State or Province name

postal_code Mailing address postal code

country_code Country code

time_zone Time zone name per the Olson Database

claims An array of claim records for this certificate. (See Claim documentation for information about certificate claiming):

id The claim identifier

age Theage of the claim (The time in seconds since the user's last event on the page, minus the time the claim was made)

page_id The unique identifier for the page where the cert was generated

warnings An array of string warnings revealing any potential problems with the cert or claim

reference The reference provided when the certificate was claimed

vendor The vendor name provided when the certificate was claimed

fingerprints The lead fingerprints provided when the certificate was claimed

matching those that matched a fingerprint collected at the time of consumer signup

non_matching those that did not match any fingerprint collected at the time of consumer signup

share_url -Shareable url to view the claim. Seethe knowledge base article " How do you share a TrustedForm certificate? "

created_at The time the claim was created in UTC, ISO8601 format

expires_at The time the will expire your account in UTC, ISO8601 format

masked A boolean indicating whether the certificate is masked

masked_cert_url A URL with the masked certificate of the claim

cert The certificate record for this claim - see the Certificate documentation for additional details on the data available in this field

scans A hash of the snapshot scans performed

found those that were found on the page snapshot

not_found those that were not found on the page snapshot

warnings An array of strings indicating possible issues with the certificate. At the moment, only used for Page Scanning.

Example

//--//

Previously: Adding Steps to a Flow

Once you've cleansed and enriched your lead data, you'll want to deliver it to a recipient's email/file/system so it is actionable.

Whether you're delivering to a recipient's CRM/Marketing automation system, Email, Batch file, or some other custom HTTP endpoint, you'll need to connect the dots from LeadConduit to your destination for at least some of the data.

LeadConduit has Built-in Integrations with a variety of services that automatically map a basic set of standard fields. e.g. First Name, Last Name, Email, Phone, etc.

If you are collecting a more verbose set of data, or want to pass along information from the data enrichment services, you'll need to set up Outbound Field Mapping for that data, covered in the next section.

General

In the LeadConduit flow editor, you select the Integration to deliver to from the list of Add Recipientoptions.

LeadConduit Account Holders

LeadConduit Built-in Integrations

Custom HTTP Recipients

GET

POST

JSON

XML

SOAP

LeadConduit Account Holders

Selecting a LeadConduit account holder from the list of Recipients will allow you to deliver leads from your flow to another account holders flow. Reach out to the account holder for the relevant Submission Docs.

LeadConduit Built-in Integrations

LeadConduit has Built-in Integrations with a variety of systems. The following example uses MailChimp's Add Member action, but the principles are the same with any Built-in Integration.

Select the Add a Recipient option in your flow. Scroll down past the Account and Custom recipients to find the list of available Integrations.

Outbound Field Mapping

Once you select the MailChimp integration, youll be prompted to give this Recipient a name that you'll recognize for the specific purpose it is performing. You'll also want to note whether these leads are going to your account, or someone else's.

It is important to understand that Recipient describes the who or what is receiving this data (a client, an email list), and an Integration describes how you are sending this data - which integration you are using (HTTP POST integration, Salesforce integration, MailChimp integration, etc.).

Next, complete the integration setup. For MailChimp, this involves submitting your API Key and selecting the relevant list.

If you stopped right there, the Built-in Integration would automatically map and send the following fields from LeadConduit to MailChimp :

Email

First Name

Last Name

IP Address

EachBuilt-in Integration has a set of standard fields it will automatically map between LeadConduit and the Recipient. You can find the standard fields for the integration you are using at http://docs.leadconduit.com/

Once you've created this recipient, you'll have access to it in your drop-down menu as a custom recipient going forward. It will continue to use the MailChimp integration or whatever integration you've configured.

Outbound Field Mapping is covered in more detail in the next section.

Custom HTTP Recipients

LeadConduit won't always have a Built-In Integration for the Recipient receiving your leads. When that's the case, create a Custom HTTP Recipient.

From the Steps section of the flow editor, select Add Recipient. You can add a Custom Recipient on the initial screen.

Or at the bottom of the list of Recipients.

Select one of the custom HTTP recipient integrations from the drop-down menu. These integrations are indicated by a generic orange logo.

Once you've selected an integration, you'll need to use your Submission Docs to map the data from LeadConduit to the Destination (Outbound Field Mapping).

NOTE: Often the ActiveProspect team will get the Submission Docs from you during your onboarding project and configure the Custom Integration for you.

//--//

Next :

The TrustedForm script generates a new Certificate of Authenticity for each visit to a page hosting a lead generation form. We have carefully engineered our script to load extremely quickly. Adding the script to your web forms is simple and quick. The usage of this script is governed by our TrustedForm End User License Agreement.

After adding the script to your HTML page, a unique TrustedForm Certificate URL will be passed along with all the other lead data that is being collected on the form. The TrustedForm script does this by adding a hidden field in your web form and inserting the URL into that field. The field is captured by the server when your form is submitted and passed along to the final lead recipient as proof that the lead was collected on your site.

Add the TrustedForm script to the page hosting your form

The TrustedFormscript must be inserted into the HTML of the page that is submitting leads. We recommend it be inserted inline at the end of the document, just before the closing </body> tag.

NOTEIf your form loads inside an iframe, the TrustedForm script must also be inside the iframe. In this scenario, you don't need the TrustedForm script in the main body of the page, just in the iframe.

You can retrieve the TrustedForm script by registering here.

Customizations

By default, the TrustedForm script will automatically add the fieldxxTrustedFormCertUrlto your form.

The field variable in theTrustedForm script can be changed to customize the name of the field inserted into your form.

e.g. var field = 'TrustedFormCertUrl';

You can also use the script callback to perform additional customization after the Certificate URL has been generated.

Explicitly providing your page's referrer

If you would like TrustedForm to collect your page's referrer (sometimes called the referer URL), you may set the var provideReferrer=true in the above script snippet instead of var provideReferrer=false.

Verify that the script has been implemented properly

Load the HTML page using Firefox, Chrome, or Safari and view the form using the DOM inspector (right click and Inspect).

Search for the fieldxxTrustedFormCertUrlin your form. If you find it, you have successfully set up the client-side portion of the TrustedForm integration.

NOTEView Sourcedoesn't work in most browsers to verify the field has been added. You must inspect the source as described above. See the example below of where to find what you're looking for.

Set up the server-side integration

The xxTrustedFormCertUrl field must be passed all the way to the final recipient of the lead. So it is critical that the server that is receiving your form post captures the field along with the rest of the form data.

If you are posting directly to a LeadConduit account, there is no need to add the xxTrustedFormCertUrl field to the LeadConduit campaign. LeadConduit will automatically capture this field as one of the system fields.

If you are capturing the lead data in your database or lead management system before delivering it, you will need to add the xxTrustedFormCertUrl field so that you can capture the TrustedForm Certificate URL.

Verify the Certificate URL is passed properly

Once you think you have everything set up, check with the party receiving your leads. Are they receiving the Certificate URL value along with their lead data? If not, make sure the server is capturing the field. If the offer is brokered, then the broker must also pass along the Certificate URL to the recipient. If the recipient is receiving the Certificate URL, then the implementation of TrustedForm is complete.

//--//

This article discussesa TrustedForm user's ability to control when TrustedForm begins and endsdata collection for the certificate replay.

Control When TrustedFormBEGINS Recording

You can control when TrustedForm begins recording a user's interaction with a web form by delaying the injection of the TrustedForm script onto the page. For an in-depth overview with an example of how to set up this injection properly, see this article.

Control When TrustedFormENDSRecording

By default, TrustedForm stops recording once the web page unloads, which typically happens when the end-user clicks the 'submit' button after entering the required information into the form. TrustedForm userscan manually stop the TrustedForm script from recording. Check out the Manual Stop KB for technical details.

Use these docs when submitting lead feedback.

Method:

POST

URL

https://app.leadconduit.com/feedback?event_id={{The Lead's LeadConduit Delivery Event ID}}

Fields:

Name

Required/Optional

Content

type

Required

Must be one of "return" or "conversion"

reason

Optional

Reason for return or note about conversion.

Supported Request headers:

Content-Type: application/x-www-form-urlencoded

Content-Type: application/json

Content-Type: text/xml

Supported Accept headers (Determines the format of the response)

Accept: application/json (This is the default)

Accept: text/xml

Sample Request Payloads

Content-Type: application/x-www-form-urlencoded

type=conversion&reason=SMS Delivery Succeeded

-or-

type=return&reason=Wrong+number

Content-Type: application/json

{

"reason": "SMS Delivery Succeeded",

"type": "conversion"

}

-or-

{

"reason": "Wrong number",

"type": "return"

}

Content-Type: text/xml

<?xml version="1.0"?>

<feedback>

<type>conversion</type>

<reason>SMS Delivery Succeeded</reason>

</feedback>

-or-

<?xml version="1.0"?>

<feedback>

<type>return</type>

<reason>Wrong number</reason>

</feedback>

Sample Responses

Accept: application/json (default)

{

"outcome": "success",

"reason": null,

"lead": {

"id": "57913b9911c754b2cb643cf3",

"email": "[email protected]",

"first_name": "Joe",

"last_name": "Blow",

"phone_1": "5125551212"

}

}

Accept: text/xml

<?xml version="1.0"?>

<result>

<outcome>success</outcome>

<reason/>

<lead>

<id>57913b9911c754b2cb643cf3</id>

<first_name>Joe</first_name>

<last_name>Blow</last_name>

<email>[email protected]</email>

<phone_1>5125551212</phone_1>

</lead>

</result>

Previously: Add / Edit Fields

The Basics

You can add data sources to your flow using the flow editor.

From the flow's edit mode, click on the Sources tab, and then the Add Source button in the upper right corner.

In the Select a Source or Integration menu you will find the list of existing sources and integrations.

There are four types of Sources:

Default - Each flow has a default source labeled with your account name

Standard - Lead vendors familiar with the ActiveProspect platform

Account - LeadConduit account holders who opted to be listed

Custom - Lead sources defined by you and specific to your account e.g.

Your web forms

Twilio numbers routed through LeadConduit

Vendors unfamiliar with LeadConduit

Other non-standard use cases

In the Select a Source or Integration menu you can:

Search for or scroll through the list of existing sources and integrations

Create a new custom source, specific to your account

Adding a New Custom Source

We only recommend creating a custom source if your source does not exist in the standard source library. When creating a new custom source you will select the type of integration it will use by default in this flow: If you later need to change a custom source's integration type, you can edit the source in the sources library to make additional integrations available, then in your flow re-select which of those integrations will apply in that flow

Adding a New Web Form Source

If you want to use an existing web form as a source, and if you know the url of that form's web page, LeadConduit may be able to automatically configure the source from your web form by reading the web page itself.

First, check the sources list to be sure that you haven't already used that web form as a source for a different flow. There's no need to create a new web form source if one already exists.

To create a new web form source, enter the web form page's url into the "Enter Your Webform URL" box ("D") and follow the prompts. This option works best with simple HTML forms. Results are unpredictable with forms that are created and managed by form-generating applications or forms that are submitted via javascript:

//--//

Next : Acceptance Criteria

ActiveProspect's products deliver leads from the following IP addresses. If you are filtering traffic using a firewall, please create a rule that allows traffic from these addresses on the appropriate ports:

Leads delivered from LeadConduit will come from one of thefollowing IP addresses:

173.192.20.35

50.97.168.180

67.228.63.220

108.168.152.140

192.155.239.137

169.55.49.54

169.55.49.62

169.55.49.61

54.234.167.189 (comingsoon)

3.225.20.135(comingsoon)

3.225.52.7(comingsoon)

169.61.152.197 (Staging)

Leads delivered from LeadConduit via Batch File Delivery will also come from one of the same IP addresses:

173.192.20.35

50.97.168.180

67.228.63.220

108.168.152.140

192.155.239.137

169.55.49.54

169.55.49.62

169.55.49.61

54.234.167.189 (comingsoon)

3.225.20.135 (comingsoon)

3.225.52.7 (comingsoon)

Email deliveries go through Amazon SES

199.255.192.0/22

199.127.232.0/22

54.240.0.0/18

Leads delivered from LeadConduit Classic will come from one of thefollowing IP addresses:

173.192.20.36

75.126.90.114

67.228.63.219

75.126.90.118

34.235.205.79

23.22.15.197

3.232.28.255

Special Note: LeadConduit Classic may use LeadConduit as a delivery agent, and vice versa. Also, you may use LeadConduit's Batch Delivery. Therefore it's safest to allow traffic fromall of the above IP addresses.

Bookmark this article. These addresses have changed occasionally over time. If you experience delivery problems, check here for the most recent IP lists.

If your firewall expects traffic from IP addresses other than these, those rules can be removed.

The default behavior of the TrustedForm script is to load up, scan the page, and begin recording end-user interactions until the page is unloaded, typically because the form is submitted and the end-user is redirected to a Thank You Page.

However, with the proliferation of Single Page Applications (SPA) a web form submission does not necessarily unload the page. The TrustedForm script supports this use case with a built-in global function

Manual Stop

Once the TrustedForm script is loaded and is recording, the global functiontrustedFormStopRecording()can be invoked to stop TrustedForm.

FYI: Once the stop recording function is called, the recording cannot be restarted.

LeadConduit Classic provides a REST API implemented as JSON over HTTPS. The API is available at https://api.leadconduit.com.

An Important Note

This API is not designed to be polled frequently, so please exhibit responsible behavior when calling the API in a loop. A good rule of thumb: if you're polling for changes, limit your calls to once or twice per day. Evening and overnight hours are better than mid-day. If you make multiple simultaneous API requests (e.g., with multiple threads), the number of concurrent calls should not exceed three.

Abuse of API resources may result in revocation of access, in order to guarantee availability for other users.

Authentication with an API Key

The preferred way to authenticate is to use an API key. You can manage your API key on your Account page in LeadConduit Classic. There are two levels of API key access: limited and full.

Limited access - provides access only to campaign configuration data, such as: campaigns, their fields, and your lead sources.

Neither key exists in your account until an administrator creates it. This assures that there is only API access to your data if it's been granted by one of your administrators.

Example using sample API key with curl:

curl -X GET https://api.leadconduit.com/campaigns?api_key=limitedapikey

Authentication with User ID and Password

The API can also be accessed using a LeadConduit Classic user login (email and password). This authentication method isn't recommended, because it ties usage to a particular user, either a real person or a fictitious login created solely for this purpose. Coordinating password changes and campaign access with this method can become troublesome over time.

When you're using the API with your user login, it's always from that perspective. You are only able to access the statistics you can normally see while logged in to LeadConduit Classic. Authentication is done using HTTP Basic with the same credentials you use to log in toLeadConduit Classic.

Example using sample credentials through curl:

curl -X GET -u [email protected]:password https://api.leadconduit.com/campaigns

Remember that anyone who has an email address and password in your LeadConduit Classic account can read stats via the API, just as they can when logged into LeadConduit Classic. Protect your password closely. If you fear that your password has been compromised, reset it in LeadConduit Classic and update your calls to the API.

User ID Implementation Note

Some HTTP Client libraries (Jakarta HttpClient, for example), do not send Basic credentials with every request by default. Instead, they send a request without credentials, and if a HTTP 401 is received, they reissue the request with the credentials. Please make the necessary configuration adjustments to ensure that Basic credentials are sent with every HTTP request.

Resources

The central concept in RESTful architectures is a "resource." Generally speaking, a resource is known by a unique identifier. In LeadConduit Classic, a Lead and a Campaign are both examples of a resource. Each has a unique identifier and information about each resource can be retrieved from the API by the corresponding identifier.

The API documentation also refers to some resources that do not have unique identifiers. For example, there is a special resource for retrieving financial statistics for the last 30 days. There is no unique ID that references this resource. Resources without IDs are read-only (that is, you must use HTTP GET to fetch these resources).

LeadConduit API Resources

See the following pages for details of how to access these resources via the LeadConduit API:

Campaigns

Campaign Fields

Leads requires "full access" API key

Statistics requires "full access" API key

Sources & Recipients

Legacy Node IDs

HTTP Verbs

You must use the appropriate HTTP verb (GET, PUT, DELETE, POST) for the operation you are performing. The API documentation specifies which verb to use for each operation. Here are the general guidelines for how the API implements REST:

GET Retrieve a resource (i.e. a list of leads, a single lead, or statistics for today's lead flow).

PUT Update a resource that already exists (i.e. return a lead, or mark a lead as converted).

POST This HTTP verb is only used to overload PUT. You cannot create new resources through the LeadConduit API

DELETE Delete a resource. The only resource that can be deleted via this API is a lead.

A note about parameters

Note that all parameters are lower case. Providing Campaign_ID or campaign_Id instead of campaign_id will result in that parameter being disregarded. See more about common API parameters.

If you have a TrustedForm account and use our API to claim a certificate, you will receive simple and automatic email notification when you start receiving certified leads from a page TrustedFormhasn't seen before.The idea is that if a site starts displaying a different version of youroffer, you'll know when they first submit a TrustedForm-enabled lead so that you can, if you wish, personally examine the site.This can also be a protection for you against publishers placing your form on additional, unapproved pages.

TrustedForm takes a live snapshot of the page HTMLwhen a consumer visits the page. We analyze the snapshot for every certificate you claim and categorize them by similarity. If you don't have another cert in your account from a similar page, then we let you know with an email notification.

We base our notifications on the certificate snapshot HTML we collect, rather than on the URL of the page that is hosting our script. One URL can be responsible for generating hundreds of different offer forms and TrustedForm is smart enough to know when that is happening and notify you appropriately.

What if I want to stop receiving these notifications?

If you wish to stop receiving these requests, please email the support team to request that you be removed from the contact list. We provide the subscription to the service as a courtesy and can easily remove your email address from the notification list. Please email: [email protected].

For full a full overview of certificate claiming in TrustedForm, please click here.

The data that is collected is only made available to the Advertiser whose form is being displayed. As such, this data is governed by the Advertisers privacy policy that is displayed on the form.

For a full overview of Publisher FAQs, please click here.

The default behavior of the TrustedForm script is to inject a hidden field containing the value of the TrustedForm Certificate URL into every form on the page.

However, it's possible to create a whitelist of one or more forms to inject the hidden field into, with onlya couple of minor modifications to the script.

Add a new variable named formId

Add a new parameter and value (see below) to the line beginning with '://api.trustedform.com.

<script type="text/javascript"> (function() {... var formId = 'hello';... '://api.trustedform.com/trustedform.js?form_selector='+escape(formId);...</script>

The value provided to the variableformIdcan be a form name, class, or ID applied to a form using the following patterns:

<form name="hello">var formId = 'hello';<form class="howdy">var formId = '.howdy';<form id="bonjour">var formId = '#bonjour';

Multiple forms can also be targeted by providing a comma delimited list of targets.

<form name="hello"><form class="howdy"><form id="bonjour">

var formId = 'hello,.howdy,#bonjour';

FYI: If no targeted forms can be located, the hidden field will not be injected into any form. It is the responsibility of the form owner to maintain the accuracy of the form target.

For a full list of all of our integrations, please visit our searchable integrations catalog.

The following article covers technical guidance to trigger the TrustedForm script (thus collecting environment data and taking the DOM snapshot) by a specific event on your web page or flow. We suggest you use this method only if the video replay layer of the TrustedForm Snapshot is not capturing keystroke input or if for some other reason you need to delay execution of the TrustedForm script.

This article assumes you're familiar with HTML, Javascript, and jQuery.

By wrapping the TrustedForm script in a function, you make the script available to becalled by a specific action later - simply trigger the function:

function loadTrustedForm() {

// Get the TrustedForm script at

// https://activeprospect.com/products/trustedform-script/

}

As stated before, triggering the script triggers the snapshot, so you may want to coordinate this function to coincide with the user completing all required fields, or with the loading of a pop-up window that shows the disclosure language.

It is important to note that you need to give the TrustedFormscript time to load and populate the TrustedForm Cert field. Usually, this happens in under a second. The main caveat here is that you should not try to call the TrustedFormscript AND submit your form at the same time - you'll end with up missing certificates. For best results you'll want to trigger the TrustedFormscript with one action (an onblur of the last element, clicking a button, etc) and then trigger the submission of the form with a separate action.

TrustedForm can perform a real-time scan of the form to verify required verbiage is found and/or disallowed verbiage is not found on the page. The page scan happens on page load/when TrustedForm is instantiated and provides a simple and automatic test that disclosure language is present on the page. As a best practice, when implementing Page Scanning we highly recommend using a single document containing the required language. When configuring webpages and TrustedForm Page Scan, all configuration should come from this document and should be copied and pasted.

NOTETrustedForm for Facebook Lead Ads only supports page scanning for custom disclaimer text and checkbox questions.

Page Scan using the TrustedForm API

The required and/or forbidden text is passed to the TrustedForm API during the claim step as field parameters.

Required Text: scan[]=puppies&scan[]=kittensForbidden Text: scan!=free

See the TrustedForm Claim API documentation for more details.

Page Scan usingLeadConduit

You can set required and/or forbidden text in the TrustedForm claim step in LeadConduit.

Open up your flow in edit mode, scroll down to the TrustedForm step, and click the Edit Field Mappings button

From there you can add new field mapping settings and define what you want to require or forbid.

In the example screenshot below, the required text ispuppiesor kittens and the forbidden text isfree.

Did You Know? You can pass multiple values to either the required or forbidden text!

This is useful when a lead vendor has multiple variants of Opt-In language and you want to make sure at least one of those exist on the page. In the following example, one might require either puppies or kittens to be present on the page.

Creating a Filter for the Page Scan outcome is a bit tricky. Assuming you want to fail a lead when none of the Required Text is found, the filter must check for both:

A null value for TrustedForm Scans Found

At least one value for TrustedForm Scans Not Found

That filter looks like this:

NOTERequired and Forbidden text ignores casing and multiple whitespaces, but the text must otherwise be an EXACT MATCH.

Scenario:You configure the required text "Brontosaurus FOREVER" and the page has "Brontosaurus forever"

Outcome:PASSES the required text audit.

//--//

Scenario:You configure the required text "Brontosaurus FOREVER" and the page has "Brontosaurusforever"

Outcome: FAILSthe required text audit because:

There is a required white space between Brontosaurusand FOREVER

//--//

Scenario: You require the text "I love puppies!" and the page instead has "I, love PUPPIES."

Outcome:FAILS the required text audit because:

the comma in the text and

the period instead of the exclamation point at the end of the text

//--//

Accessing Reports

Statistical reporting (the counts of lead events and their outcomes over time) is accessed via the Reports tab:

your LeadConduit subscriptions settings

What Reports Are Available?

The column on the left presents the list of both custom and legacy reports. Click on a reports name to view it.

Creating a New Report

Navigate to the Reports page, then click the Create New Report button

Select the columns, filters, and any groupings that you wish to report on

Click Run Report to review the report

Rename the report by clicking the existing name or the edit icon

Click Save Changes to save the report

Edit an Existing Report

Navigate to the Reports page, then click the dropdown menu next to the report you wish to edit and click Edit

You may edit the columns, filters, and groupings, as well as rename the report

Delete an Existing Report

Navigate to the Reports page, then click the dropdown menu next to the report you wish to delete and click Delete

Click the Delete button to confirm that the report will be deleted

Copy an Existing Report

Navigate to the Reports page, then click the dropdown menu next to the report you wish to copy and click Copy

You may edit the report name, columns, filters, and groupings

Click Save Changes to save the report

Share a Report

Navigate to the Reports page, then click the dropdown menu next to the report you wish to share. Select the Generate a Share URL option. This will immediately take you to the shared reports URL which you can copy, paste, and share.

Shared reports are identified by the shared icon on the report:

Change a Shared Reports URL

Navigate to the Reports page, then click the dropdown menu next to the report which has the URL you would like to change. Select the Change Shared URL option. If you successfully changed the URL, you will see a green banner with a link to view the new report URL.

Copy, paste, and share the new URL with anyone you want to give permission to access the report.

The next time anyone tries to access the old URL, they will receive a message that states no report exists at this URL.

Stop Sharing a Report

Navigate to the Reports page, then click the dropdown menu next to the report you would like to stop sharing. Select the Stop Sharing Report option. If you successfully stopped sharing the URL, you will see a green banner with a message indicating this fact.

Choosing a Date Range

In the upper right corner, select the date range for the report from among the provided presets, or customize using the configurable options.

Time Zones

All dates and times use your computers time zone. If your computers clock is configured for one time zone but you want to generate a report based on a different time zone, temporarily set your computer clock to the desired time zone, refresh the Reports page, then reselect the reports time limits.

Exporting a CSV File of a Reports Table.

You can download a CSV text file of a reports stats as-displayed by clicking the Export CSV button.

Note that Legacy reports are not exportable as CSVs, but are shareable. Display the legacy report in your browser, then copy its URL from your address bar and provide it to the sharee. Anyone with the URL can view a legacy report. You must be logged into LeadConduit to view standard reports.

Nested Report and Group By

For reports that are grouped by multiple indexes, i.e. Source and Flow, Expand or contract the subgroups by clicking on the right-carets.

You can change the order the group hierarchy is displayed by using the Group By button.

Sorting

You can sort the report by any column and toggle between ascending or descending order by clicking on the column header. For grouped reports, column sort operates on the primary index. Sub-group items are not sorted.

Flow Links

Clicking on a flow name will take you to the flows main page.

Note that deleted flows are represented by the Flow ID strings (a lowercase alphanumeric string) rather than a friendly name. Clicking on the link for a deleted flow will result in an error.

Events Tab Links

Clicking on numeric table item will take you to the Events tab, preconfigured with a query matching the report parameters for the clicked item.

Data persistence

Data older than your accounts data retention period are not included in any reports. See for data retention information.

The answer to that is - No. You can just implement the script once per page (no matter how many offers are on the page). If the consumer signs up for multiple offers you can pass the same certificate for every offer.

For a full overview of Publisher FAQs, please click here.

There are 2 standard ways of connecting with other accounts within LeadConduit Classic. These connections are based on whether you are selling leads to or purchasing leads from another vendor.

Sources / Seller Accounts

Listed under Sources > Seller Accounts, these are LeadConduit Classic accounts with which you can share campaigns so they can sell leads to you.

To connect a new seller account, send them the link labeled "Invite sellers to connect with you, send them this sign-up link:" in the yellow banner.

Buyer Accounts

Listed under Recipients > Buyer Accounts, these LeadConduit Classic accounts can buy leads from you. You cannot connect directly to a Buyer account. Instead, simply ask them to send you their seller signup link.

You can also set up a non-account Recipient, but these buyers will not be able to log into LeadConduit to look at posting instructions, statistics, returns, or creative materials.

The LeadConduit Facebook Router integration gives Facebook page owners control over which LeadConduit flows receive leads in real-time.

Topics

Connect a Facebook Page to LeadConduit (or Connect more Pages)

Disconnect a Facebook Page from LeadConduit

Standard Facebook Form Fields

Custom Facebook Form Fields

Routing leads at a Form or Ad level

Disconnected Pages

A note on using Facebook Business Manager

Commonly Asked Questions

Setup Requirements

To connect a Facebook page to LeadConduit, your Facebook accounts needs to have "manage your ads," "manage your pages," and "access leads for your pages" permissions.

Connect a Facebook Page to LeadConduit (or Connect more Pages)

Open your flow editor to the Sources tab and click the Add Source button.

From the Select a Source or Integration section search for Facebook and choose the Facebook Lead Ads Inbound Routed integration.

Follow the prompts to connect LeadConduit to Facebook.

A list of possible pages to connect will be provided.

Pages connected to a different flow will include a yellow dot adjacent to the connect button.

If you choose to connect a page to a flow that was previously connected to a different flow, the previous connection will be broken in favor of this new connection.

Please Note: While one Facebook page can only be connected to a single LeadConduit flow, a single LeadConduit flow can have connections to many Facebook pages.

Make your connection choices and select Next.

You'll be prompted to confirm your changes.

Remember to save changes to your flow!

Disconnect a Facebook Page from LeadConduit

Follow the same steps as connecting a Page, except unselect the Connected page

Acknowledge you are about to disconnect the page

Please Note: The Facebook Source will not be removed from the flow

Save the changes to the flow

Standard Facebook Form Fields

LeadConduit handles most Standard Facebook form fields automatically, meaning you can connect your Facebook pages to LeadConduit and start receiving leads immediately. The two exceptions are: work_email and relationship_status. If you collect either of these fields, use the Custom Field instructions below. If you collect any of the following fields, you only need to add them to your LeadConduit flow:

Phone 2 (Work Phone)

Company Name

Country

DOB

Gender

Marital Status

Military

Custom Facebook Form Fields

When one of your Facebook forms includes a Custom Field, there is one extra step you must take to connect the dots between Facebook Field ID and a corresponding LeadConduit Field.

The easiest way to get the Custom Field ID is to submit a test lead after connecting your Facebook page to LeadConduit.

Once you've submitted the test lead, find it in LeadConduit, open the Technical Details section, and search for facebook_field_data_apros. For the following example, the Custom Field label is "How many ads do you run in a month?"

"facebook_field_data_apros": "[{\"name\":\"how_many_ads_do_you_run_in_a_month\",\"values\":[\"three\"]},{\"name\":\"email\",\"values\":[\"[email protected]\"]},{\"name\":\"full_name\",\"values\":[\"HULK SMASH\"]}]"

Next, you'll open the flow editor to the Sources tab, find the Facebook Lead Ads source, and click the corresponding button under the Field Mappings header.

The left-hand value will be the LeadConduit Field receiving the lead data and the right-hand value will be the custom Facebook Field ID.

Paste the custom Facebook Field ID into the right-hand value field and click the Insert {Field ID} button.

Finally, save your flow and resubmit the lead in LeadConduit. You will now see the custom field with the rest of the lead data.

If LeadConduit is still not properly processing the custom field(s), you can chat with support within LeadConduit during business hours to resolve any field mapping issues.

Routing leads at a Form or Ad level

The Facebook Router RUI only supports Page Level routing. Once a lead is received by a flow, Form and/or Ad level routing can be accomplished using flow rules.

Disconnected Pages

LeadConduit will be automatically deauthorized from receiving leads when the individual who connected the Facebook page:

Changes their password

Has their access to the page revoked

To reauthenticate, you'll have to disconnect and then reconnect any affected pages, according to the instructions provided above.

A note on using Facebook Business Manager

If your Business Manager has a customized Leads Access configuration, you will need to grant LeadConduit access in the CRM settings.

Go to Business Manager Settings

Scroll to the bottom of the page and in the left-hand field list, click Integrations, then click Lead Access

Locate your page in the list of pages and click it

Click People and confirm that you have Access

Click on the CRMs option and select LeadConduit Lead Ads Integration

Click Assign Access

More detailed instructions can be found at the Facebook Advertiser Help Center.

Commonly Asked Questions

Q: If I connect a page to LeadConduit while I have an ad campaign running, is it possible to disable leads from being sent to LeadConduit? A: Once a page is connected to LeadConduit, the only way to stop LeadConduit from receiving leads from Facebook is to disconnect page. Short of that, you can configure source level acceptance criteria that will reject all Facebook leads e.g. Only accept leads wherein email equals [email protected], but this or any similar solutions will still incur a billable transaction.

Q: Can a Facebook page be connected to more than one LeadConduit flow? A: No, although the configuration screen will always offer you the option to move already connected pages to any flow you wish.

//--//

The TrustedForm REST API is available to all TrustedFormaccount holders. Publishers using our JavaScript to generate certified leads do notneed an account, and will not use this API.

The API is implemented as JSON over HTTPS. The API, which is available athttps://app.trustedform.com,requires a TrustedForm account in order to authenticate. All functionality that exists via the TrustedForm UIusing a browser is achievable via the API.

Who Should Read This?

This is technical documentation. The target audience is those who intend to integrate another platform with TrustedForm. This documentation containseverything a developer needs to integrate with TrustedForm. Please email [email protected] if you find inconsistencies or need clarification. We want this documentation to be clear and easy to use and we'rehappy to get your feedback.

The Examples

This documentation contains an example for every API call. The examples use the ubiquitous curl command, which is widelyavailable on *NIX systems and Mac OS X. If you only work on Microsoft platforms, then curl may not be familiar to youand you may therefore find the examples confusing. But don't despair, curl is also available for Windows, and is easy to learn. You can download curl here: http://curl.haxx.se/download.html.

We recommend that you know how the curl command works before attempting to understand the examples. But even if youdon't, it's still possible to decipher the examples. Here are the curl arguments you need to know:

-X The HTTP method to use, i.e. -X POST to perform an HTTP POST

-H Add a header, i.e. -H 'Content-Type: application/json' to set the request content type to "application/json"

-d Set the HTTP request body, i.e. -d '{"name": "My List", "type": "phone"}' to put a JSON document in the request body

-u Set the HTTP Basic Authentication credentials, i.e. -uAPI:12345 to use the "API" user with API key "12345"

Authentication

Authentication is performed using Basic Authentication. This type of authentication is ubiquitous and secure when usedover SSL. All requests to our API must be performed over SSL. The username portion of the Basic Authentication is ignored.The password must be your API key. Requests made without Basic Authentication will receive an HTTP 403 Forbidden response.

Protect your API key the same way that you would protect your password do not give it to anyone else or embedit in a web page that could be viewed by a third party.

Important implementation note

Some HTTP Client libraries (Jakarta HttpClient, for example), do not send Basic credentials with every request by default. Instead, they send a request without credentials, and if a HTTP 401 is received, they reissue the request with the credentials. Please make the necessary configuration adjustments to ensure that Basic credentials are sent with every HTTP request.

Account in good standing

If your account has been cancelled for non-payment, then every call to the API will return an HTTP 402 Payment Required response.If this happens, you must log into the TrustedForm application and update your payment information.

Implementation Note

Some HTTP Client libraries (Jakarta HttpClient, for example), do not send Basic credentials with every request by default.Instead, they send a request without credentials, and if a HTTP 401 is received, they reissue the request with the credentials.Please make the necessary configuration adjustments to ensure that Basic credentials are sent with every HTTP request.

Capture how the user interacted with the form, including data entries, mouse movements, and mouse clicks, for the most authoritative proof of consent.

Table of Contents

What is video replay

Controlling when video replay begins

How do I view the video replay

Snapshots

Why is my TrustedForm video replay/snapshot missing?

What is video replay

TrustedForm video replay is a copy of the elements loaded into the consumers browser during their interaction with a web page hosting the TrustedForm script. The video associated with a TrustedForm certificate is not merely a shallow recording or simulation of what the page looked like when the end user interacted with it, but is an actual copy of the elements present on the page when the TrustedForm script was loaded and how the consumer interacted with the page.

As the consumer interacts with the web page, they may enter text into fields, change dropdowns, click on buttons, move the mouse and scroll through the page -- TrustedForm captures these events and uses video replay to recreate these events in an interactive way.

Controlling when TrustedForm video replay begins

You can control when TrustedForm begins recording a consumers interaction with a web page by delaying the injection of the TrustedForm script onto the page. For an in-depth overview with an example of how to set up this injection properly, see Manually Triggering TrustedForm.

NOTE: TrustedForm stops recording once the web form submits executes and the page is redirected/refreshed. This typically occurs when a user clicks the 'submit' button after entering the required information into the form. TrustedForm users cannot adjust this behavior and therefore cannot change when the TrustedForm video stops recording prior to the form submission.

How do I access the video replay

If a certificate is still within the standard claim period (72 hours), you may use the TrustedForm Certificate URL to access the certificate via your browser. If the certificate claim period has passed, and you are a TrustedForm subscriber who claimed the certificate, you will log into your ActiveProspect account and click Launch TrustedForm. Once you have launched TrustedForm, you can use the TrustedForm Certificate URL to access the Video Replay. Please note, claimed TrustedForm Certificates are placed into storage after 30 days and may take several hours to be retrieved.

Snapshots

Prior to September 2015, TrustedForm generated a static "snapshot" of the HTML present when the TrustedForm script was loaded but did not track any of the changes made while the user interacted with the website. TrustedForm Certificates generated prior to September 2015 will only include a snapshot, not a video replay.

Why is my TrustedForm video replay or snapshot missing?

From time to time one might encounter a missing snapshot on a TrustedForm certificate, indicated by a snapshot not foundwhen accessing the certificate. Typically this means the data needed for a video replay or snapshot was not uploaded into TrustedForm's storage. The most common culprit is the spotty network connection on mobile devices, however, it's not always possible to say why this happens. Since TrustedForm only gets one attempt to capture the video replay, if anything happens, it's not something that can be obtained retroactively.

Please feel free to contact us at [email protected] if you have any questions about video replay.

TrustedForm issues a unique Certificate of Authenticity for every lead generated on a form hosting the TrustedForm JavaScript. The certificate exposes the following information about a consumer's visit to the hosting page:

the URL of the page that hosts the offer form

the URL of the framing page, if the form was framed

the time and date the consumer visited the form

the consumer's public IP address

the consumer's browser version

the consumer's operating system

a full snapshot of the HTML, images, CSS and other page assets of the offer form as seen by the consumer

an alphanumeric ID that uniquely identifies the certificate

How do I receive a certificate for a lead?

Certificates are only generated for leads that were collected on forms that host the TrustedForm JavaScript. So getting the JavaScript on the form page is the first step.

The script inserts a special hidden field into the form when a consumer visits the page. The field contains the URL to the certificate generated for that specific page visit. Then when the form is submitted by the consumer, the URL to the certificate is included alongside the consumer's contact information.

When you receive a lead with a certificate URL field, you can open the certificate URL in your browser to see the information that we collected about the consumer's page visit.

It's important that you store the certificate URL in your database or CRM with the consumer's other data because the certificate URL is the sole key to retrieving any TrustedForm certificate. We are unable to retroactively marry lead data with the certificate ID. The best way to ensure you can easily pull up a certificate for an individual lead is to store all the lead data together with the certificate id.

Who has access to a Certificate of Authenticity for a lead?

Because our script is universal, the certificate doesn't belong to a specific TrustedForm account. Anyone that has access to the lead data can see and access the certificate during the claim period. If you have the lead data, then you have the certificate URL, and therefore can see the information exposed by TrustedForm. Transparency is paramount.

Are certificates available indefinitely?

TrustedForm Certificates have a standard claim period of 72 hours. TrustedForm clients can claim the certificate which retains a copy of the certificate in the client account. The default retention period for TrustedForm accounts is 5 years.

For TrustedForm clients who sell leads to other TrustedForm clients and need more than 72 hours to claim a certificate, the vendor's account can be set to extend the claim period from 3 days to 90 days, as long as the vendor claims the certificate within the standard claim period (72 hours).

For clients who don't have the capability to make an authenticated API call when receiving a lead, ActiveProspect offers LeadConduit, which can be easily configured to automatically claim certificates.

We charge a small fee to claim each certificate and to store claimed certificates beyond 30 days.

What is the benefit of claiming a certificate?

Claiming a certificate will allow you to verify its legitimacy and confirm it's a real certificate, view it online, access its data via our API, programmatically scan the webpage that generated the certificate for required or forbidden language, and share a masked certificate with another party.

Certificates are great insurance against consumer complaints. They give you third-party verification of exactly where and when the consumer signed up, their IP address, the kind of browser they used, and even what the form looked like when the consumer landed on the offer page.

Who can claim a certificate?

Anyone with a TrustedForm account and who has the TrustedForm Certificate URL can claim any certificate.

This means that a certificate may be claimed more than once by one or more accounts. Each claimant will have access to the certificate for the duration of their account's storage agreement.

The same account can claim a certificate more than once.

Each claim specifies its own optional parameters such as required or excluded text.

Why would more than one account want to claim the same certificate?

For example, a lead's buyer and vendor may each want to ensure their own TrustedForm protection. If only the buyer claims the certificate, the vendor will have to depend on the buyer for access to the full certificate.

What information is not available on the certificate?

In-memory information submitted by the consumer will not appear in the certificate. Other information about the consumer's visit to the page such as the referrer that is not listed above is not available on the certificate.

As an impartial, publisher-neutral and advertiser-neutral third-party our goal is to operate with 100% transparency with regard to the information we expose in our certificates. We recognize the value of, and therefore are committed to protecting, proprietary information accessed during the course of our duties.

The TrustedForm script accesses some information that many publishers would consider sensitive, however, that information is never exposed to anyone. For example, our script reads the referrer property in the HTML DOM, but that value is not exposed in the certificate or anywhere else. It is used as part of our fraud detection algorithm but never sees the light of day. You'll also notice that we hide the query string of all page URLs just in case they contain personally identifiable information or search keywords. Your proprietary information belongs to you, and our TrustedForm EULA back up our claim.

If your questions or concerns have not been addressed here, or if have any further questions about the data we retain, please send an email to support. We'll get down to the bottom of it and keep this page updated.

When a TrustedForm certificate is received with a lead, you should make a claim on the certificate. Making a claim impartsthe following benefits:

Certificate authenticity is verified

Certificate details can be extracted for storage in your system

Certificate details including the snapshot and page image are stored in your account for later reference

Certificate lead fingerprints can be checked using the lead data you received

Tracking information such as the vendor and a reference code can be provided to TrustedForm for later reference

Fields

In addition to providing the cert data, the following fields are available on a claim:

id The claim identifier

age Theage of the claim (The time in seconds since the user's last event on the page, minus the time the claim was made)

page_id The unique identifier for the page where the cert was generated

warnings An array of string warnings revealing any potential problems with the cert or claim

reference The reference provided when the certificate was claimed

vendor The vendor name provided when the certificate was claimed

fingerprints The lead fingerprints provided when the certificate was claimed

matching those that matched a fingerprint collected at the time of consumer signup

non_matching those that did not match any fingerprint collected at the time of consumer signup

share_url - Shareable url to view the claim. See " How do you share a TrustedForm certificate? " for more information.

created_at The time the claim was created in UTC, ISO8601 format

expires_at The time the claim will expire your account in UTC, ISO8601 format

masked A boolean indicating whether the certificate is masked

masked_cert_url A URL with the masked certificate of the claim

cert The certificate object for this claim

token Uniquely identifies this certificate

ip The consumer's public IP address

location The URL of the page hosting our JavaScript. Query strings hidden for privacy reasons

parent_location If the page was framed, the parent frame's URL

framed true or false, depending on whether the form is hosted on a framed page

browser A human-friendly version of user_agent

operating_system A human-friendly version of the user's operating system

user_agent The consumer's browser user-agent

snapshot_url The URL of our snapshot of the offer page as seen by the consumer at the time of signup

created_at The time the consumer loaded the vendor's form in UTC, ISO8601 format (the time thecertificatewas created)

event_duration Thetime in milliseconds the user took to complete the form. Matches Time On Page on the certificate page.

expires_atThe date and time the certificate will no longer be available for further claims

share_url A shareable URL that allows customers to send TrustedForm certificates to third parties on an as-needed basis

scans A hash of the snapshot scans performed

found those that were found on the page snapshot

not_found those that were not found on the page snapshot

warnings An array of strings indicating possible issues with the certificate

geo A hash of geolocation data based on the IP address

lat Latitude

lon Longitude

city City name

state State or Province name

postal_code Mailing address postal code

country_code Country code

time_zone Time zone name per the Olson Database

claims An array of claim records for this certificate and account, including this claim

id The claim identifier

age Theage of the claim (The time in seconds since the user's last event on the page, minus the time the claim was made)

page_id The unique identifier for the page where the cert was generated

warnings An array of string warnings revealing any potential problems with the cert or claim

reference The reference provided when the certificate was claimed

vendor The vendor name provided when the certificate was claimed

fingerprints The lead fingerprints provided when the certificate was claimed

matching those that matched a fingerprint collected at the time of consumer signup

non_matching those that did not match any fingerprint collected at the time of consumer signup

share_url -Shareable url to view the claim. Seethe knowledge base article " How do you share a TrustedForm certificate? "

created_at The time the claim was created in UTC, ISO8601 format

expires_at The time the will expire your account in UTC, ISO8601 format

masked A boolean indicating whether the certificate is masked

masked_cert_url A URL with the masked certificate of the claim

cert The certificate record for this claim - see the Certificate documentation for additional details on the data available in this field

scans A hash of the snapshot scans performed

found those that were found on the page snapshot

not_found those that were not found on the page snapshot

warnings An array of strings indicating possible issues with the certificate. At the moment, only used for Page Scanning.

Creating a claim

When a claim is made against a cert, a new claim record is stored in TrustedForm.

Retrieving a claim

After you have created a claim, you can retrieve it using an HTTP GET call. Specify the Accept header in order to get JSON.

NOTE: This query willonly give you claims forthe last three days

Listing claims

NOTE: This query willonly give you claims forthe last three days.

Claims are listed in chronological order. The following parameters can be used to filter the list.

limit max number of claims to return (must be less than 100)

before_id return claims older than that referenced by this ID

page_id return claims only for this page

desc=true return claims in reverse chronologicalorder

Updating claims

Claims cannot be updated.

Deleting claims

Claims are automatically deleted by TrustedForm based on the retention threshold setting on your account. Claimscannot be individually deleted.

You can change the claim retention threshold by logging into the TrustedForm application with your browser, or,by using the Account API to change the claim_dtl as shown below.

Setting a reliable timeout for pulling snapshots

Mostusers who pull the snapshot via the API immediately after claiming the TrustedForm certificate won't need to set a timeout to pull the snapshot successfully. However, if you are experiencing a 404 status code when trying to pull the snapshot immediately after claiming the certificate - setting a 1 minute timeout before making another request to the API for the recently claimedcertificatewill allow for a successful request and avoid the 404 status code.

While we make simple for you to create and configure new campaigns, there are times where you may prefer us to do it. This type of request is considered Professional Services work, so you will be billed at an hourly rate according to your contract.

Email your request to [email protected]. Include the name of the campaign in the subject of your email.

Your email should include the following basic information:

Campaign name

Recipient (Buyer) name

Recipient technical contact information. It is helpful if we can reach out directly to your contact with any questions related to the setup.

Acceptance criteria (clearly specify any validation rules that need to be implemented). For example "campaign should only accept leads from users 18 or older in the state of CA"

Volume caps

Type of lead delivery (HTTP POST, FTP, real-time email, etc.)

Attach the lead delivery specifications (the lead recipient should provide)

Attach any creative (images, ad copy, etc.)

If the campaign requires real-time automated delivery via HTTP POST, the lead delivery specs (also known as the posting info) should include the following:

Submission URL (i.e. http://some-server.com/post-leads)

HTTP Method (GET or POST)

List of required field parameters

List of all possible server responses. At the minimum, you must include a sample response for an accepted lead and a sample response for a rejected lead. If these are not available, then we cannot configure LeadConduit to interpret the server response and all leads will be considered accepted by the recipient's server.

Publishers may find it useful to have a callback fire after the TrustedForm script has inserted the certificate URL into the form. TrustedForm supports this option by calling the global function named trustedFormCertIdCallback with a single argument, the TrustedForm certificate ID. The trustedFormCertUrlCallback is also available if you want the full certificate URL rather than just the ID.

In order to implement this callback, you must define the function trustedFormCallback before loading the TF script.

For example, this script will pop up an alert box with ID of the TrustedForm Certificate.

// the callback <script type="text/javascript"> function trustedFormCertIdCallback(certificateId) { alert("Certificate ID: " + certificateId); } function trustedFormCertUrlCallback(certificateUrl) { alert("Certificate URL: " + certificateUrl); } </script> // the TrustedForm script wrapped in a function <script type="text/javascript"> (function() { /*Place the core TrustedForm Script here

Obtain the core script by signing up at

https://activeprospect.com/products/trustedform-script/

*/

})(); </script>

Please note, these callbacks are only fired once, regardless of how many forms the TF inserts the certificate URL into.

Each callback is strictly optional and can safely be ignored. If the callback functions are not defined, then the callback feature is ignored by the TrustedForm script.

You can add items to and remove items from your list via API:

AddingList Items

Response

You can addmultiple items in a single call:

Setting an item's timestamp

Optionally you may use the `timestamp` property to set the timestamp of the item on the list. A wide variety of formats are accepted, but ISO8601 is recommended. If the `timestamp` provided cannot be understood, then an HTTP 422 will be returned and the value(s) will not be added. If a timestamp is not provided, the current system time will be used.

A Note About MD5Hashing

For data security all Lists store their data in MD5-hashed form. The system will do its best to do the right thing when adding values to a List. If you submit a non-hashed value, SuppressionList will automatically hash it before adding it to the List. If you submit a string that looks like an md5 hash (32 characters long using only 0-9 and a-f), SuppressionList will add that value directly to the List without re-hashing it.

Standardizing data

Upon receiving a item to add toa List or a term to query, SuppressionList will take the following steps:

Strip leading and trailing whitespace from the query string

Downcase all characters in the query string

MD5 hash the query string before performing the add or query.

Note that punctuation is not removed, only whitespace. So phone number formats, for example, are not standardized. We recommend that you standardize all data before adding it to a list as well as before querying.

Remove Items From a List

Use an HTTP DELETE request to https://app.suppressionlist.com/lists/list_id/items with the items you'd like to remove contained in a param named 'values'.

Response

You can removemultiple items in a single call:

Next article:

Querying Lists

Overview

Per the TrustedForm EULA, the TrustedForm service may not be used to capture sensitive consumer data. Examples of sensitive data include credit card numbers, bank account numbers, social security numbers (SSNs), and driver license numbers. If you place the TrustedForm script on a site that collects sensitive data, you must flag these fields.

How Do I Protect Fields with Sensitive Data Flagging?

TrustedForm allows you to flag any or all sensitive fields of consumer data. When this feature is used, we apply a cryptographic hash to the flagged fields making it infeasible for anyone, including us, to store, retrieve, reverse-engineer, or utilize the data that was volunteered by the End User in that flagged data field.

When a TrustedForm video replay is viewed, the data in a flagged field will be seenonly as a series of asterisks. In order for you to protect sensitive data and still have a recognizable certificate for compliance, we recommend only flagging fields that truly collect sensitive data.

Implementation

Flagging Individual Fields as Sensitive Data

By default, fields data collected in form inputs is not considered sensitive by the TrustedForm script. If you use the TrustedForm script as provided and do not flag any fields as sensitive, the script will capture any fields filled out while the script is active on the page.

To protect data, flag the individual, sensitive fields as follows:

data-tf-sensitive="true"

An example field would look like:

<input type="text" name="ssn" data-tf-sensitive="true" />

Flagging Images as Sensitive Data

By default, all images on the page are captured as part of the video replay. If you wish to hide an image on the page, you may use thedata-tf-sensitive="true"attribute on the image tag. The image will be replaced by a placeholder that indicates it has been hidden by you.

An example image would look like:

<img src="graphic.jpg" data-tf-sensitive="true" />

Treating All Fields asSensitive Data

TrustedForm also supports the ability to treat all fields as sensitive data. When this option is selected, you can flag individual fields that you don't want to be treated as sensitive.

In order to switch to this option, toggle theinvertFieldSensitivity variable in the TrustedForm script to true.

When theinvertFieldSensitivity variabletoggle is enabled, you must explicitly mark fields you want TrustedForm to capture:

<input type="text" name="phone" data-tf-sensitive="false" />

//--//

TrustedForm Certificates have a claim period of 72 hours. TrustedForm clients can claim the certificate which retains a copy of the certificate in the client account. The default retention period for TrustedForm accounts is 5 years.

For clients who don't have the capability to make an authenticated API call when receiving a lead, ActiveProspect offers LeadConduit, which can be easily configured to automatically claim certificates.

Check out the full overview of the TrustedForm 'Certificate of Authority'.

TrustedForm Data Security

We're serious about data security at ActiveProspect.

Weregularly review our practices and decisions to ensure we strike the proper balance of securing the data entrusted to us while providing the functionality that you rely on as a customer. ActiveProspect developed a system that hides each TrustedForm Certificate from the public. This includes automated systems such as search engines, while making it readily available to the appropriate parties (those with access to the associated lead data).

How We Do This

During the standard claim period (72 hours, beginning at the time the certificate is issued), we provide a unique URL for every generated certificate, where it can be reviewed by anyone who knows the link. During this time, TrustedForm credentials are not required to review a TrustedForm Certificate. To ensure that certificates can't be found by an unauthorized person or malicious party, we use SHA1, a cryptographic hash function, to generate a unique URL for each and every certificate. Each URL contains a unique 40+ character hexadecimal string. This makes the chances of guessing a TrustedForm Certificate URL effectively impossible. The level of effort required to try to break into our system far outweighs what little data they could possibly gather. Since there is a unique certificate for each individual lead record, discovering a certificate only potentially reveals data from a single lead.

To illustrate this point, let's say that a party bent on stealing data decides to implement a brute force attack to guess a certificate URL in order to harvest the data captured on a form for a single lead. The combination of the massive number of possible permutations of certificate URLs with the short window of time they are accessible (72 hours), effectively makes this an impossible task. The probability of guessing a valid certificate address during the 72 hours that the URL is available is 0.0000000000000000000000000001530044%*. Furthermore, this probability is unrealistically high because it assumes they would be able to run a massive number of checks against our system undetected, even though that would act like a DDoS attack on our servers.

Then, they would have to start all over to find a second one.

*If youre interested, here is the math behind those odds:

The certificate URL includes a unique string comprised of 40+ hexadecimal characters, so in that three day window, theyd have to check 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 combinations (16^40: there are 16 valid hex characters and a total of 40 characters in that string).

We're also assuming that they run an astronomical number of checks against our system (1M a second), and for the sake of argument, that they don't trip any of our monitoring alarms, causing us to block them, they would make 259.2M checks over three days. (86,400 seconds in a day * 3 days * 1M)

We generate over 8.6 million certs in three days, so if all of this came together, the probability that they would accurately guess just one certificate URL while it is available is 0.000000000000000000000000000001530044.

They would then need to start over. And it entirely possible that we create a URL with a unique ID that they've previously checked and found to be invalid, so they could never reduce their test set by discarding IDs that were previously invalid.

What are TrustedForm Masked Certificates?

Masked Certificates are exact copies of full certificates, except the source information (page URL, screenshot and snapshot) have been masked. They still contain essential information about the origin of the lead, so lead buyers can independently verify lead authenticity and compliance with either full or masked certificates.

How can I provide masked certificates to my lead buyers?

This feature is only available to paid account holders. When a paid account holder claims a full TrustedForm Certificate they will receive a Masked Certificate URL as one of the data elements in the response. Masked Certificates have their own unique Certificate ID that is separate and distinct from the original full Certificate ID. Simply pass the Masked Certificate to your lead buyer instead of the full Certificate.

Does this feature require a different TrustedForm script?

No, the script is the same. The script only issues full certificates. We utilize a single universal script that is publicly available on our website. Youdon'thave to register for an account with us in order to use the script.

How do I implement?

A masked certificate is generated for every claim. You can obtain the URL to it from the masked_cert_url field of the response JSON when you claim a certificate. Capture this value and store it with the lead data. You can then send it to any buyer instead of the original full certificate.

My site utilizes a shared lead model (same lead sold to multiple buyers). Can I share the source with some buyers and hide it from others?

Yes. You must first claim the certificate via your TrustedForm account. You will then capture the masked certificate URL from our API. For the buyers for whom you want to reveal source information, you will send them the full TrustedForm Certificate URL. For the buyers for who you want to hide the source information, you will send them the masked certificate URL.

How can I tell if I have received a Masked TrustedForm Certificate from a lead seller?

You can tell by visually inspecting the Certificate. A masked Certificate will say Masked Certificate of Authenticity at the top. The Page URL will be masked and the screenshot and snapshot will be unavailable. You can also determine programmatically at the time of claim by checking the masked field in the JSON response. The claim response will indicate whether the Cert you are claiming is masked.

I received a masked certificate from a lead provider, can I still scan the page snapshot to verify my required TCPA language was present on the page?

Yes. The page scan feature still works.

My lead vendor gives me masked certificates. If I get a consumer complaint and need to see the full certificate, what do I do?

You will have to contact your lead vendor to request the full certificate. Send the lead vendor the masked certificate and they will be able to access the corresponding full certificate in their account. Your lead vendor must be storing their Certificates in their TrustedForm account for this to work. If they have allowed their Certificates to expire, they can no longer be accessed.

If I send a lead buyer a masked certificate, and later I need to provide them the full certificate how do I find the full certificate based on the masked certificate?

If you hold the full certificate in your account, and view a masked certificate (while logged into your account), it will reveal the corresponding full Certificate.

My lead vendor gives me masked certificates. How can I be sure that my lead vendors are storing the original full certificates in their account in case they are needed in the future?

This is best accomplished with a legal agreement between you and your lead vendor. Simply require them to store the full certificates for the time period you need. Our storage costs are very reasonable.

I will only accept full certificates from my lead vendors, how do I block masked certificates?

Whenever you claim a certificate via the TrustedForm API, it will respond back with a flag that indicates whether or not this certificate is masked. When masked = true, you simply need to reject that lead. This can be easily configured using rules in your LeadConduit account.

Will masked certificates generated for leads originating from the same site have the same masked Page URL?

Yes. This allows a buyer to identify leads generated on the same site without revealing the real URL of that site.

What does a Masked Certificate Look Like?

Here is what a masked certificate looks like:

And here's what the video replay page looks like:

Q :Is there a way to make TrusteForm required within a campaign?

A : Yes! The custom script below will make TrustedForm required in your LeadConduit Classic campaigns.

Please Note : There is no way to change the word Optional to Required on the Posting Instructionsin LeadConduit Classic (something that we've fixed in the new LeadConduit platform).

For sources capturing real-time responses, when the lead is rejected because it doesn't contain a TrustedForm cert URL, they'll see the reason in real-time and hopefully adjust their delivery accordingly.

If a publisher posts a lead to a campaign using the script below, it will be rejected with the following reason :

Missing Required TrustedForm Certificate

Additionally, if the source is registered with a free LeadConduit Classic account, they have access to reporting about the leads they've submitted to your campaigns and can see a full list of rejection reasons.Here's the custom script to make TrustedForm required :

if ((lead.xxTrustedFormCertUrl == null)||(lead.xxTrustedFormCertUrl == '')){ lead.invalidate("Missing Required TrustedForm Certificate");}

This is part of the LeadConduit Classic API. Read an overview, or review common API parameters.

Resources

The "pre-qualification" API allows you to find out which of a list of campaigns are currently accepting leads - that is, active campaigns that have not exceeded volume caps. The purpose of this API call is to dynamically determine which offers are worth displaying to a consumer in real time.

A "full access" API key must be used for this API call (see the overview for more about API keys).

GET https://api.leadconduit.com/prequal

Given a list of campaign IDs, this API call will return a list of the IDs of campaigns which:

are currently active

are accepting leads at the current time of day

have not exceeded volume caps for the designated lead source

Parameters

campaign_id[] repeat this parameter for each campaign you want to pre-qualify

source_id the ID of the source that would be providing the leads. using the campaign owner's AccountId returns results based on teh campaign's overall cap

Response

Issuing a request to the campaigns API returns a simple JSON array of campaign ID strings.

An example request (note that the square bracket pair ([]) is encoded for curl (%5B%5D)):

Learn about calculating and using a lead fingerprint in TrustedForm. For general information, check out Lead Fingerprinting.

TrustedForm will attempt to capture lead fingerprints with every certificate, allowing a consumer to be uniquely and anonymously tied to a certificate. TrustedForm stores each phone number and email address as a SHA1 hash based on the fields filled out on the offer form. Because these hashed values are hexadecimal strings, they do not collect or store personally identifiable information (PII).

Table of Contents:

Overview

Let TrustedForm calculate the fingerprint for you

LeadConduit and lead fingerprints

Calculate fingerprints yourself

Overview

As a certificate is generated, the TrustedForm script watches the form for changes, and as the consumer enters information, it is examined for information that looks like a phone number or email address. Data identified as a phone number or email address will be converted into a SHA1 hash and stored as part of the certificate.

As part of the TrustedForm claim, you may either allow TrustedForm to calculate the fingerprints based on your lead fields, or you may calculate the fingerprints yourself, sending them in the optional fingerprint parameter (if you are claiming certificates directly via the API). If at least one of the fingerprints does not match, you will receive a warning in the claim response.

Let TrustedForm calculate the fingerprint for you

TrustedForm will calculate the fingerprints on your behalf when you pass some basic lead data in the claim call. TrustedForm will evaluate the included data and calculate SHA1 hashes of any phone numbers and email addresses, discarding the lead data once the hash is calculated.

Example

In the following example, we include the phone_1, phone_2 and email fields in the claim request (see Claim API for details on this request). The name of the submitted fields is not relevant, and none of the fields are stored after being used in the lead fingerprint calculation.

LeadConduit and lead fingerprints

If you are a LeadConduit client, you may add the TrustedForm enhancement step to your flow. The TrustedForm enhancement step will automatically submit email and phone number fields to TrustedForm to calculate lead fingerprints. For more information on adding TrustedForm to LeadConduit, check out this walkthrough.

How to calculate fingerprints yourself

Calculate SHA1 hex digest of a phone number:

Remove all non-digit characters (512-555-5785 becomes 5125555785)

Trim any leading and trailing whitespace

Take the SHA1 hex digest

Calculate SHA1 hex digest of an email:

Downcase (convert to lowercase)

Trim any leading and trailing whitespace

Take the SHA1 hex digest

Example

Given the following lead data, you'll calculate the fingerprints: fname=Tom&lname=Jones&[email protected]+&ph1=512-789-1111&ph2=512.555.5785&aff_id=123

"512-789-1111"

Remove all non-digit characters and trim whitespace - 5127891111

Calculate SHA1 - 12864b281c728bdca0f2102dba31308e1014fe4a

"512.555.5785"

Remove all non-digit characters and trim whitespace - 5125555785

Calculate SHA1 - 921e1dbc260148681f6f14a966c3e3242a4d3912

"[email protected]

Downcase the email - [email protected]

Trim any leading and trailing whitespace - [email protected]

Calculate SHA1 - 03537b0556fa5ea9042b264d49def5c3457b4ed2

Include each fingerprint in its own fingerprint parameter:

Need more help?

Reach out to our support team at [email protected] and they will be happy to help you with Lead Fingerprints.

These are instructions for submitting leads into a LeadConduit flow using the default integration

Posting URL Format

LeadConduit posting URLs have a consistent format. There are two parts of the URL that vary:

https://app.leadconduit.com/flows/{{FLOW ID}}/sources/{{SOURCE ID}}/submit

Flow ID The 24 character flow ID generated by LeadConduit that uniquely identifies the flow receiving your lead.

Source ID The 24 character source ID generatedby LeadConduit that identifies the source of the lead.

NOTE: The Flow and Source IDs are very important to ensure the lead goes into the correct flow and is attributed to the correct source. The sample URL above will not work because it contains placeholders for flow ID and source ID. The actual URL with real Flow and Source IDs must be obtained by the LeadConduit account holder for the appropriate Flow/Source combination.

Request Method

LeadConduit supports receiving leads using a GET or POST request. We strongly recommend using POST.

Request Headers

The two headers shown below are required when submitting leads using the POST method. The Content-Type header may be omitted for GET requests.

Accept: application/jsonContent-Type: application/x-www-form-urlencoded

You may also submit leads using the XML or JSON Content-Type if you use our standard format. Please contact [email protected] for more information.

Supported Fields

Each flow contains a unique set of acceptable fields. Please check with the administrator of the account to learn more. To view all of the common fields in the generic integration, please view the collection of fields here.

About Data Types

Thesupported fieldstable lists each field supported by LeadConduit. Each field has an associated type, which is used to help make sense out of the data you provide.

If a field is provided with a value that cannot be interpreted as the expected type, no error will be given unless the LeadConduit account holder has explicitly configured the flow to do so.

Nevertheless, your leads have the best chance of making it through the system when the data provided in each field is comprehensible to LeadConduit.

Data Type

Description

Examples

string

Any string data which can include alphanumeric characters, whitespace, special characters, new lines, etc.

JohnI would like some information on your product0123

number

Any string which can be parsed to a number

10009,998.99

date, dob

Most strings which are reasonably recognizable as a date

1995-12-25 (recommended)Dec 25, 199512/25/1995

ssn

A US Social Security Number. Data submitted in this field transient. It is never stored or logged by LeadConduit.

123-45-6789123 45 6789123456789

postal code

A US, UK, or Canadian postal code

7875178751-4424AA11A 1AA

state

A US State abbreviation, or international locality

TXQuebec

range

A numeric range, with a high and low boundary. A non-range is also acceptable provided is a number

1 to 101-1010+10

gender

Gender of the consumer

MaleFemaleOtherMFO

phone

A US phone number in a common format (optional extension must be preceded by the x character). To specify the type of the phone number append h for home, w for work, or m for mobile to the number.

1-512-789-1111512-789-1111 x1234(512) 789-1111h5127891111m(512) 789-1111w

email

An email address

[email protected][email protected]

Real-time feedback

When a lead is submitted, LeadConduit provides real-time feedback in the HTTP response body. This feedback identifies which one of three possible outcomes occurred. The outcome is derived from a series of actions and rule evaluations that take place while the lead is processed through the flow. The process of each flow is different because it is based on the individual needs of the LeadConduit account holder.

The possible outcomes are:

Success The lead was accepted by the buyer.

Failure The lead was not accepted by the buyer. The reason field explains why.

Error An unexpected problem occurred and lead handling was unable to proceed normally. The lead was not accepted. The reason field provides more detail.

Real-time feedback in the response always contains the 24 character LeadConduit lead identifier. If possible, capture this value in your system. It can be used to track down discrepancies or help troubleshoot problems.

HTTP Response Codes

You can expect a HTTP 201 for every correctly handled lead submission.

It is possible that you may also receive an HTTP 502, 503, or 504 response if the system is under extremely high load. This is a transient condition, and you should retry sending the lead submission request again in a few seconds.

Any other status code in the 400 or 500 range should be reported to [email protected]. Please be sure to include the full HTTP request information (GET vs. POST, URL, and parameters being sent).

Sample Lead Submissions

The examples in this section show lead submissions from the command line using the ubiquitous curl utility.

The below example shows the successful submission of a lead:

The below example shows the submission of a lead that failed because it was a duplicate:

When mapping values and fields in a custom Json outbound integration, use "dot notation" to define where each value being mapped should be placed in the request body.

(This article assumes that you understand the basics of how Json documents are structured. There are numerous resources and tutorials online that cover the basics of Json data structures.)

Json documents consist of hierarchically organized collectionof Json objects, propertiesand arrays.Use dot notation to map the structural path to each value you need to send to the recipient of your LeadConduit flow's Custom Json outbound step.

It's probably easiest to see how dot notation works by looking at an example.Here's a typical json request body:

Note that it consists of a json object that consists ofseveral root-level json properties (Named "lead", "phones", "leadEmail", "address", "passcode", and "programTypeCode") each of which may have as their values either a simple value (as do "leadEmail", "passcode", "programTypeCode"), or a collectionof child properties(as do "lead" and "address") or an array of child objects(as does "phones").

To map a value to a root-level property like "leadEmail", the path in this case would simply be the property name: leadEmail

To map a value to a child property, like "FirstName" which is a child of the root-level property "lead", the path would be lead.FirstName

When a property has as its value an array of one or more child objects, such as "phones" which has as its value an array of one or more json objects each of which has two properties ("PhoneNumber" and "PhoneType"), each element of the array is representeda numeric subscript that relates the components. For instance, to map phone_1, the path for that element's PhoneNumber would be phones.0.PhoneNumber and the path for that element's phoneType would be phones.0.PhoneType.Similarly, for phone_2 the paths would be phones.1.PhoneNumber and phones.1.PhoneType. Subscripts must be assigned sequentiallybeginning with zero.

Here is an example of what the mappings for the above Json request body would look like in LeadConduit:

This is part of the LeadConduit Classic API. Read an overview, or review common API parameters.

LeadConduit Classic used to provide a field called Node ID. If you continue to use node IDs, even though they are no longer exposed in the LeadConduit Classic UI, you may need to see a list of all the node IDs of your sources. You can fetch a list of the node IDs of all your sources using this API call. Either a "limited" or "full access" API key can be used for these API calls (see the overview for more about API keys).

Resources

GET https://api.leadconduit.com/sources/node_ids

Parameters

The node ID API accepts no parameters.

Response

count the number of node IDs returned

items the details of each node

An example request:

When mapping values and fields in a custom XML outbound integration, use "dot notation" to define where each value being mapped should be placed in the request body.

(This article assumes that you understand the basics of how XML documents are structured. There are numerous resources and tutorials online that cover the basics of XML data structures.)

XML documents consist of hierarchically organized sets of tagged values.Use dot notation to map the structural path to each value you need to send to the recipient of your LeadConduit flow's Custom XML outbound step.

It's probably easiest to see how dot notation works by looking at an example.Here's a typical XML request body:

Note that it consists of a root object <root>...</root> that is a wrapper for several child XML objects (<lead>, <phones>, <leadEmail>, <address>, <passcode>, and <programTypeCode>) each of which may wrap a simple value (as do <leadEmail>, <passcode>, <programTypeCode>), or child objects (as do <lead> and <address>) or an array of child objects (as does <phones>).

To map a value to a simple object like <leadEmail>, set the recipient field type to "Xml Path", and map the path by simply linking the names of each wrapping object with a dot, beginning with the outermost and working inward: root.leadEmailor, for FirstName: root.lead.FirstName

When there are multipleinstances of same-namedobjects inside the same wrappers, such as <phones> of which there are two distinct but similar instances, each of which has as its value an setof one or more childobjects (<PhoneNumber> and <PhoneType>), treat the <phones> objects as an array of complex objects. Represent eachby a numeric subscript that relates the components of each instance. For instance, to map phone_1, the path for that object'sphoneNumber would be root.phones.0.PhoneNumber and the path for that object's phoneType would be root.phones.0.PhoneType.Similarly, for phone_2 the paths would be root.phones.1.PhoneNumber and root.phones.1.PhoneType. Subscripts must be assigned sequentially beginning with zero.

Here is an example of what the mappings for the above XML request body would look like in LeadConduit:

XMLattributes are mapped using an "@" before the attribute name. Here's what the <phones> objects above would look like if the PhoneType was an attribute instead of a child object.

And here is how that section would be mapped:

This is part of the LeadConduit Classic API. Read an overview, or review common API parameters.

Resources

The campaigns API allows you to pull a list of all the campaigns which are visible in your account. Either a "limited" or "full access" API key can be used for these API calls (see the overview for more about API keys).

GET https://api.leadconduit.com/campaigns

Parameters

The campaigns list API accepts no parameters.

Response

Issuing a request to the campaigns API returns a JSON data structure with 2 keys:

count the number of campaigns returned

items the details (LeadConduit Classic ID and name) of each campaign

An example request:

Related: accessing a campaign's fields

You can get list of campaign fields by calling the following resource, where #{campaign_id} should be replaced with the ID of the specific campaign:

GET https://api.leadconduit.com/campaigns/#{campaign_id}/fields

See more details of accessing a campaign's fields.

This is part of the LeadConduit Classic API. Read an overview, or review common API parameters.

Resources

The campaigns API allows you to query a list of all the fields defined on a specific campaign. Either a "limited" or "full access" API key can be used for these API calls (see the overview for more about API keys).

GET https://api.leadconduit.com/campaigns/#{campaign_id}/fields

This resource lists the fields in the given campaign, including essential information about each one (see example response, below).

GET https://api.leadconduit.com/campaigns/#{campaign_id}/fields/#{field_id}/select_options

This resource will return the valid, acceptable values for the given field, if it's a "Text - List" field that provides those options. Requesting select options for other field types, such as "Email", will return an empty JSON array.

Parameters

The campaign fields API accepts no parameters.

Response

Issuing a request to the campaigns API returns a JSON data structure with 2 keys:

count the number of fields returned

items the details of each field. Each item represents a field. The variant attribute describes the field type: FirstName, LastName, Email, Phone, StreetAddress, City, State, ZipCode, Date, etc.

An example request:

This is part of the LeadConduit Classic API. Read an overview, or review common API parameters.

Resources

The campaigns API allows you to pull a list of all the source (affiliate) accounts or sites or lead recipients (advertisers) which are visible in your account. Either a "limited" or "full access" API key can be used for these API calls (see the overview for more about API keys).

GET https://api.leadconduit.com/sources

GET https://api.leadconduit.com/recipients

Parameters

campaign_id optional, when provided the API only returns the sources or recipients for the campaign specified

Response

The responses for sources and recipients are the same, and include 2 keys:

count the number of sources or recipients returned

items the details (LeadConduit Classic ID and name) of each source or recipient record

A sample request:

Every time file is uploaded to a list, a new Job is created to track processing of the file. Jobs can be queried tocheck on status.

List Jobs

Get all the jobs that are processing or have been processed for a List. The jobs are returned in reverse chronologicalorder (most recent jobs first). Use an HTTP GET request to:

https://app.suppressionlist.com/lists/{{list_id}}/jobs:

Get Job Details

If you want to monitor the progress of a job, you can fetch the details. Use an HTTP GET request to:

https://app.suppressionlist.com/lists/{{list_id}}/jobs/{{job_id}}:

The following statuses will be reported:

starting The job is preparing to start. Nothing has been done yet to process the upload file.

working The job is in progress.

killed The job was in progress but it was killed. See the killed_by_user_name to see who killed it.

completed The entire upload file was processed.

Killing a Running Job

If you decide you want to cancel a job that's in progress, you can kill it. Killing a job will immediately stopprocessing the uploaded file. Any entries added to the list prior to killing the job will not be automaticallyremoved from the list.

Use an HTTP POST request to:

https://app.suppressionlist.com/lists/{{list_id}}/jobs/{{job_id}}/kill:

If you submit a lead a campaignvia HTTP you will receive an XML response from our server. This document describes that response and how to interpret it.

What does the LeadConduit Classic server response tell you?

The response indicates all of the possible outcomes of submitting a lead to a campaign. A response does NOT indicate the final disposition of the posted lead (whether or not you will be paid). That is determined by the final recipient of the lead.

There are several parts to our server response: the result, reason, leadId, and URL. The result will be included in every response, while other parts may be omitted, as appropriate. For a technical description of our response format, please refer to the Document Type Definition (DTD) included in the DOCTYPE declaration of the response ( https://classic.leadconduit.com/dtd/response-v2-basic.dtd ).

The result tag

A result is shown with every server response. The code word shown inside the result tag indicates the outcome of your lead post:

Result

Meaning

How to Interpret

success

lead was submitted successfully

We received the lead. Do not resubmit.

queued

lead was submitted successfully, but no further processing occurred

We received the lead. Do not resubmit.

failure

lead was invalid

There is a problem with the lead. Do not resubmit without first correcting the problem(s) described in the reason tag(s). Some issues, like a duplicate lead, cannot be corrected.

error

the request was malformed (i.e. missing a parameter)

There is a problem with your HTTP request. Do not resubmit the same request again without first correcting the problem(s) described in the reason tag(s).

The reason tag(s)

One or more reason tags may be returned in each server response. If there are a several problems with the lead you've posted, each problem will be shown inside its own reason tag. Reason tags are only provided in the event that some problem has occurred (on failure and error responses). Generally speaking, if you submit the same lead again without first correcting these problems, you will receive the same response from our server. For this reason, we require that you do not re-post the same lead that generates a failure or error response without first correcting the problems shown in the reason tags.

The leadId tag

The leadId tag contains our record identifier for the lead you have submitted into LeadConduit. All leads that are posted to our system, regardless of whether the post generates a success or failure response, get a leadId. Generally speaking, if you have a question about a lead you will need to refer to it using the value contained in the leadId tag.

If no leadId tag is provided in the response, the lead could not be created in our system. Sometimes this happens because an error occurs on our end or because the lead-handling component of our system was offline for maintenance. When this happens, you will receive a queued response and no further action is necessary on your part. When our system comes back online, your post will be automatically handled and a new lead will be created in our system. Other times, the problem may be related to the way you posted the lead. You can recognize that this has occurred because an error response is given. Take a look at the specified reason tags to figure out why the lead could not be created in our system.

The url tag

The url tag contains a hyperlink to the lead submitted to a campaign. You can copy and paste this link into your web browser in order to view the details of the lead (you will be required to log into LeadConduit Classic first). The <![CDATA[...]]> information that wraps the hyperlink is included in the url tag for the benefit of software that parses the XML in our response. This is not part of the hyperlink itself.

Some real world examples

A good lead is posted:

An invalid lead. As the reason tags detail, this lead is invalid because it didn't meet the campaign's requirements. Do not resubmit this lead without first correcting the email address and providing the lead's phone number.

A lead posted while LeadConduit Classic is offline. Notice that there is no leadId in the response. The reason tag shows why the lead was queued. The lead will be processed when the system is back online.

The request is missing a required system parameter. As the posting instructions detail, xxAccountId and xxCampaignId (and xxSiteId, in some cases) are required. Leads cannot be handled without those parameters, so no leadId is contained in the response.

Response Versions

LeadConduit Classic's current response is in its second version, "v2". The first response version ("v1") has been phased out. This document is a reference for the v2 response only. More information about our v1 response is available upon request. Each campaign's posting documents, available within LeadConduit Classic, reflect the v2 response format. While some older campaigns may still be operating with the v1 response, it is strongly recommended to update these to the newer and much improved v2 posting process.

Creating a new List

Before you can add items to your List, you must create it. Lists have the following attribute:

name The name of the List. Use any name that makes sense to you.

To create a List, use the SuppressionList dashboard or send an HTTP POST request to

Getting a catalog of all your Lists

See what Lists you have in your account.

Use the SuppressionList dashboard or send an HTTP GET request to https://app.suppressionlist.com/lists:

Removing a List

Use the SuppressionList dashboard or send an HTTP DELETE request to https://app.suppressionlist.com/lists/{{list_id}}:

Once you have removed a List, it is gone forever. If a third-party system is making calls to the API to check this List,SuppressionList will respond withHTTP 404.

Next article:

Adding and removing List items

When a visitor lands on a page hosting the TrustedForm JavaScript, a new certificate record is created in TrustedForm.

The following fields are available for every certificate record issued by TrustedForm

token Uniquely identifies this certificate

ip The consumer's public IP address

location The URL of the page hosting our JavaScript. Query strings hidden for privacy reasons

parent_location If the page was framed, the parent frame's URL

framed true or false, depending on whether the form is hosted on a framed page

browser A human-friendly version of user_agent

operating_system A human-friendly version of the user's operating system

user_agent The consumer's browser user-agent

snapshot_url The URL of our snapshot of the offer page as seen by the consumer at the time of signup

created_at The time the consumer loaded the vendor's form in UTC, ISO8601 format

event_duration Thetime in milliseconds the user took to complete the form

expires_at The date and time the certificate will no longer be available for further claims

share_url A shareable URL that allows customers to send TrustedForm certificates to third parties on an as-needed basis

geo A hash of geolocation data based on the IP address

lat Latitude

lon Longitude

city City name

state State or Province name

postal_code Mailing address postal code

country_code Country code

time_zone Time zone name per the Olson Database

claims An array of claim records for this certificate. (See Claim documentation for information about certificate claiming):

id The claim identifier

age Theage of the claim (The time in seconds since the user's last event on the page, minus the time the claim was made)

page_id The unique identifier for the page where the cert was generated

warnings An array of string warnings revealing any potential problems with the cert or claim

reference The reference provided when the certificate was claimed

vendor The vendor name provided when the certificate was claimed

fingerprints The lead fingerprints provided when the certificate was claimed

matching those that matched a fingerprint collected at the time of consumer signup

non_matching those that did not match any fingerprint collected at the time of consumer signup

share_url - Shareable url to view the claim. Seethe knowledge base article " How do you share a TrustedForm certificate? "

created_at The time the claim was created in UTC, ISO8601 format

expires_at The time the will expire your account in UTC, ISO8601 format

masked A boolean indicating whether the certificate is masked

masked_cert_url A URL with the masked certificate of the claim

cert The certificate record for this claim - see the Certificate documentation for additional details on the data available in this field

scans A hash of the snapshot scans performed

found those that were found on the page snapshot

not_found those that were not found on the page snapshot

warnings An array of strings indicating possible issues with the certificate. At the moment, only used for Page Scanning.

Retrieving a certificate

A certificate may only be retrieved after it has been claimed. Attempting to retrieve an unclaimed certificatewill result in an HTTP 404 response.

The example below contians both the certificate fields and claim data.

Previously: Delivering Your Leads

Field Mapping

Connects the dots between a Source (Your Form or Lead Vendor), LeadConduit, and the Delivery Destination.

Example: First Name

The lead vendor / your form uses the field namefname

LeadConduit uses the field namefirst_name

The delivery destination (e.g. Marketo) uses the field nameFirstName

Outbound Field Mapping(LeadConduit to Destination)

Outbound Field Mapping is typically configured in the Destination step. This is often a CRM or Marketing Automation platform.

Once you've selected a delivery, click the Edit Field Mappingsbutton.You'll be prompted with a form to connect the LeadConduit standard field or raw value to a field used by the Destination service.

Flow Management

LeadConduit Built-In Integrations

Let's use the First Name+ Marketo example from above.

Because LeadConduit already has a Built-In Integration with Marketo, there are a handful of fields automatically mapped for you behind the scenes, including First Name, so you don't have to include it in your Outbound Field Mapping.

Let's say you also are collecting IP Address, which the LeadConduitBuilt-In Integration with Marketo does not cover. You need to map that field from LeadConduit to Marketo.

On the left is the LeadConduit Standard Field

On the right is the field name for the Destination.

NOTEthe Marketo Custom prefix!

The Outbound Field Mapping section can do a lot of powerful/sneaky field and data manipulation, so the field mapping sectionmakes no assumptions about what you are trying to accomplish.

In this case, we want to connect a LeadConduit field name to a Marketo field name not covered in theLeadConduitBuilt-In Integration. So we have to select "Marketo Custom" first, then type in the field name.

If this were a SalesforceBuilt-In Integration instead, the prefix would be Salesforce Custom.

LeadConduit Custom Integrations

LeadConduit won't always have aBuilt-In Integration for the Delivery you use. When that's the case, you set up a Custom Integration, which was covered in " Delivering your Leads ".

Since this is 100% Custom, you must map all fields from LeadConduit to the Delivery.

However, you won't find a Customprefix here. Instead, you'll find different prefixes depending on which type of delivery form you selected (POST, GET, JSON, XML, SOAP).

Examples:

Custom HTTP Post - Form Field (like the generic example at the top)

Custom GET - Parameter

SOAP - Arg

XML - Xml Path

JSON - JSON Property

Conditional Field Mapping

Sometimes you want to set a condition for the field mapping, so you can set different values based on the input. This is often the case for Campaign IDs. Here's an example:

The Velocify Campaign ID will be 1234 when the source is LendingTree and 5678 when the source is TARDIS.

See Advanced Field Mapping for additional outbound field mapping scenarios.

NOTELeadConduit automatically URL encodes fields on outbound delivery. No additional configuration is needed.

Special Formatting Options

Certain field types offer a rich, built-in set of formatting options. This video explains how to recognize and use such fields.

//--//

Next:

Using your ActiveProspect ID, all of your subscriptions are automatically billed to your payment method on file. Credit cards are accepted for pay as you go plans. Professional and Enterprise plans must pay by ACH. For details on what is included in each plan, see Account Plans.

Updating your Payment Method (Professional and Enterprise Plans)

To update your payment method, follow these steps:

Log in to your SSO account

Navigate to the My Account page

Once on the My Account page, scroll down to the Billing/Payment section

Select the Update Billing/Payment Info button

In the Add ACH Information section, enter your routing and account numbers.

Select an account and ownership type

Add your ACH Billing Address

Onceyou'veentered the required information, click the Add ACH Info button

Fund Wallet using a credit card (Pay As You Go)

When setting up your account, you should be prompted to enter your credit card details with a minimum payment of $10 to be applied to your wallet. If you did not set up your credit card, follow these steps:

Log in to your SSO account

Navigate to the Credit Card Details page

Enter your credit card details, including address and click Add Money to add funds to your wallet

Change or Update Payment Method (Pay As You Go)

Log in to your SSO account

Navigate to the Wallet page

Click the Gear icon next to Payment Method

You may edit your billing information on the Edit Card tab or enter a new credit card in the Replace Card tab. You may also delete your card information by clicking Delete Card.

For more information on Pay As You Go billing, please see Pay As You Go FAQ and Pay As You Go Billing.

Frequently Asked Questions

Q. What service do you use to process my ACH payment? A. We partner with Braintree to securely process your ACH payments.

Q. Can I submit an ACH payment manually? Yes, you can. Once your ACH information is verified, select the Pay Now option from the My Account tab.

Q. Do you store my bank account or credit card information in SSO? No. SSO does not store any of your bank account information - it doesnt even pass through our servers. Banking information is submitted directly to Braintree.

Q. What happens if a payment fails? A. If a payment fails, youll receive an email notification from [email protected] alerting you to the failure. Log in to your account and update your ACH payment information in SSO to prevent any potential interruption of service.

Q. I was prompted to verify my transaction, what do I do? A. If your account could not be verified automatically, you will be prompted to Verify transactions in your bank account. It may take 2-3 business days to post to your account. Upon successful verification, you will see a green banner at the top of your My Account page indicating Bank Information verified.

The format of the response depends on what Accept header is sent with the request. Both XML and JSON are supported formats.

A Successresponse body includes:

1. An "outcome" element with value"success"

2. A "lead" element with a sub-element named "id" that includes the lead's unique LeadConduit identifier.

3. A "price" element with lead pricing, if used. This will default to 0 if not configured.

JSON

{"outcome": "success","lead": {"id":"55c8e255g56r8d5f2e69e1d9"}, "price": 0}

XML

<?xml version="1.0"?><result> <outcome>success</outcome> <reason/> <lead> <id>55c8e255g56r8d5f2e69e1d9</id> </lead>

<price>0</price></result>

Both a Failureand Error response body include:

1. An "outcome" element with value"failure" or "error"

2. A "reason" element that carries the customer-programmable reason for the failure/error

3. A "lead" element with a sub-element named "id" that includes the lead's unique LeadConduit identifier.

JSON

{"outcome":"failure","reason":"Failed email validation","lead": {"id":"55c8e255g56r8d5f2e69e1d9"},"price":0}

XML

<?xml version="1.0"?><result> <outcome>failure</outcome> <reason>Failed email validation</reason> <lead> <id>55c8e255g56r8d5f2e69e1d9</id> </lead>

<price>0</price></result>

Result

Meaning

How to Interpret

success

lead was submitted successfully

LeadConduit received the lead. Do not resubmit.

failure

lead was invalid

There is a problem with the lead. Do not resubmit without first correcting the problem(s) described in the reason tag(s). Some issues, like a duplicate lead, cannot be corrected.

error

the request was malformed (i.e. missing a parameter)

There is a problem with your HTTP request. Do not resubmit the same request again without first correcting the problem(s) described in the reason tag(s).

HTTP Response Codes

Result

Meaning

How to Interpret

201

Created

LeadConduit successfully received the lead, independent of the disposition of the lead.

303

Redirected

The caller can also include the redir_url query string parameter and the response will be an HTTP 303 with the Location header set to that redir_url. Typically one might use this for submitting leads from a form to redirect to a thank you page.

406

Not Acceptable

The Content-Type was supported but the caller requested an unsupported response format in the Accept header.LeadConduit will receive the lead in this case and will record an error source event. The flow will not process the lead because LeadConduit cannot respond back to the caller using a format that makes sense to the caller.

415

Unsupported Media Type

An unsupported Content-Type was sent.LeadConduit will receive the lead and will record an error source event, but the flow will not process the lead because the request body cannot be interpreted.

NOTEIn the eventthat a different response is returned beyond these listed here, for example, "host not found" this means LeadConduit never received the lead.

//--//

Prefill

As you use our services (LeadConduit, Marketplace Integrations, SuppressionList or TrustedForm) we draw down your account balance with each transaction. As a part of this sign-up process, you will need to pre-fill your account balance with $10 so you can get started right away.

Auto-refill

Auto-refill is not enabled by default, but we strongly recommend you enable it so you never have to worry about losing your leads. If enabled, the auto-refill feature will automatically charge your card once your balance drops below the specified threshold. For example, you can set up your account to automatically charge $50 every time your balance drops to $10.

Monthly Minimum

There is a $10 monthly minimum, which you can reach with any combination of our services. If you spend less than $10 in a month, well only charge the difference between the minimum and what you used. For example, if you used $8.50 worth of services in July, we would charge you $1.50 on August 1st. If you did not have any transactions in July, we would debityou the full $10 from your existingpreloaded balance.

Am I Required to Pre-Fill My Account When I sign Up?

Yes, we will charge your card $10 when you first sign up.

How much will it cost me to process my leads?

See our article on Transactional Billing for more information.Our products and marketplace integrations are billed transactionally. The cost to process your leads will depend on which products or integrations you decide to use in your lead flow to validate, enhance, and deliver data.

Do I have to have a valid credit card in my account?

Adding a valid credit card and pre-funding your account is required to get started. However, you may remove your credit card at any time after you have funded your account. Click the gear icon next to 'Payment Method' in your Wallet tab.

How does auto-refill work?

Is auto-refill enabled by default?

No. Though we highly recommend setting up auto-refill, we let you choose if that is the right choice for you.

When will my account auto-refill?

You can set your auto-refill threshold in Wallet. Your account will refill once your remaining balance hits that threshold.

How much will be charged when my account is auto-refilled?

You choose the amount of money that we will automatically charge your card to refill your account. The default amount is $50.00, but you can adjust this amount as you see fit.

Do I have to enable auto-refill?

No. If you choose to keep it disabled, we strongly recommend that you set your balance notifications high enough to give you plenty of time to manually refill your balance.

Can I be notified when my balance is running low?

Yes, you can choose to receive an email when your balance reaches a specific dollar amount. This will allow you to know that we are about to refill the account or that it is time to log in and manually refill your balance.

Can I Make a One Time Payment?

Yes, you can manually refill your balance at any time. The Minimum Fill Amount applies in this case, and the available values will be similar to the Auto-Recharge Amount.

What happens if my usage for a month is below $10?

There is a $10 monthly minimum, which you can reach with any combination of our services. If you spend less than $10 in a month, well only charge the difference between the minimum and what you used. For example, if you used $8.50 worth of services in July, we would charge you $1.50 on August 1st. If you did not have any transactions in July, we would debityou the full $10 from your existingpreloaded balance.

What happens if my balance falls to zero and I do not have auto-refill enabled, I have deleted my card or my card is not valid?

LeadConduit will stop processing your leads, TrustedForm will no longer allow new Certificate claims, and SuppressionList will not accept new queries until your account balance is refilled. Should a lead be submitted to LeadConduit during this time period, the system will not accept it and the lead source will receive an error message in real time.

What happens to my stored TrustedForm Certs and lists in SuppressionList if my account runs out of funds?

Because TrustedForm and SuppressionList store items over time, accounts are charged a storage fee each day, calculated on the number of items being stored. If your account has disabled auto-refill or your credit card cannot be processed, it is possible that your account could go into the red as storage fees are charged each day. We know that this data is important to you, so we provide a 30-day window for you to update your credit card. We will store your Certificates and Lists for 30 days following your account reaching a balance of $0. During that period of time, the Certs and Lists will not be accessible to you. We will email you during this period so you will know that you need to refill your account to avoid permanently losing this data.

How Can I Get a Refund?

Contact our support team and well be happy to refund the remaining balance in your account.

//--//

What is TrustedForm Long Term Storage?

If youraccount's Time to Retain Certificatessetting is greater than 30 days, ActiveProspect relocatesyour file to our long term storage servers. This will only occur when a claim is older than 30 days.

This type ofstorage is designed for archives that require long term storage. When an archive is in long termstorage, it is not immediately accessible. To access these archives, they must be retrieved, which usually takes approximately 5 hours.

Please note if an account's 'Time to Retain Certificates' setting is 30 days or less, claims will not be sent to long term storage. The claim will still be removed from our system according to the Time to Retain Certificates setting.

What will happen why I try to access a claimed TrustedForm certificate that is in long term storage?

When younavigate to a claim that is in long term storage, youwill be notified that youhave accessed a certificate with the following message:

"We are retrieving this Certificate of Authenticity from long-term storage. It will take some time until it is available for you to view, typically between three to five hours. If you leave this page open, it will automatically refresh when the certificate is ready. Once retrieved, it will be available for seven days before returning to long-term storage.

If you would like to change the amount of time that your certificates are retained, or if you would like to restore certificates in bulk, please contact our services team."

Once the claim is retrieved, it will display normally.