Getting Started with Capturing Consent On Your Leads

Guide overview

Summary:
This guide provides step-by-step instructions to capture leads on your Properties API Platform by integrating TrustedForm solutions that verify domain ownership, collect consumer consent through multiple SDKs (Web, Social, Mobile), automatically retain certificates, and optionally deliver leads to buyers.

Learning objectives:

• Confirm your domain ownership to ensure proper certificate attribution.
• Implement the TrustedForm Certify Web SDK—including advanced settings, customization options, and troubleshooting—to capture consumer session data.
• Learn how TrustedForm for Facebook lead ads works and what makes these certificates unique.
• Integrate the (Beta) TrustedForm Certify Mobile SDK for Android and iOS to capture in-app leads.
• Enable Auto‑Retain (or use alternative methods via the LeadConduit API) to store certificates automatically.
• Transmit the TrustedForm Certificate URL along with your lead data for later verification.
• Optionally configure lead delivery to buyers with complete certificate data for added compliance and transparency.

Quick start workflow

1. Confirm domain ownership
2. Implement TrustedForm Certify Web SDK on your website
3. Understand how TrustedForm for Facebook lead ads works
4. (Beta) Implement TrustedForm Certify Mobile SDK
5. Enable Auto‑Retain / Alternative Retain methods
6. Send the TrustedForm Certificate URL with your lead data
7. (Optional) Deliver leads to buyers

Step‑by‑step instructions

Step 1. Confirm domain ownership

• Goal:
  Prove that you own the domains where your leads are captured so that certificates are properly attributed and advanced features such as Auto‑Retain can be enabled.

• Context:
  Verifying your domain ownership involves adding a unique TXT record to your DNS settings via your ActiveProspect account. This step is critical to both secure certificate retention and to allow for first‑party lead attribution.

Instructions:

1. Log in to your ActiveProspect account and navigate to the Domains section under “My Account.”
2. Click “Add Domains” and list each root domain or subdomain where your lead forms reside.
3. For each domain, click the “Verify Ownership” link to display a unique verification code.
4. Open your DNS registrar’s management console and add a new TXT record to the root domain with the unique verification code as its value.
5. (Optional) If you plan to capture leads across multiple subdomains, select the “Verify all subdomains” option.
6. Return to your ActiveProspect account and click “Begin Verification.”
7. Refresh the Domains page to confirm that each domain displays a status of “Verified” or “Confirmed.”

Expected result:
Your domains will show a verified status, ensuring that all certificates generated from these sites are properly attributed and are eligible for features like Auto‑Retain.

Step 2. Implement TrustedForm Certify Web SDK on your website

• Goal:
  Embed the TrustedForm Certify Web SDK on your lead capture pages so that each visitor session generates a unique certificate capturing consent details.

• Context:
  The TrustedForm Certify Web SDK automatically injects hidden fields (by default named “xxTrustedFormCertUrl”, “xxTrustedFormToken”, and “xxTrustedFormPingUrl”) into your form. Advanced configuration options include specifying custom field names, using callback functions, and ensuring proper script execution order.

Instructions:

1. Insert the TrustedForm Certify JavaScript snippet into the HTML of your lead capture page, ideally just before the closing </body> tag.
   • Optionally, add the defer attribute to delay execution until after the page has fully parsed.
2. Verify that your website or form building platform supports runtime injection of hidden fields. If not, create a custom hidden field (e.g., “custom-field-25”) and update the script’s configuration accordingly.
3. (Optional – Advanced Settings)
   • Utilize the provided callback function to retrieve and process the certificate URL in dynamic environments.
   • Adjust any script parameters or HTML attributes as needed to suit your site’s architecture.
4. Test the configuration by loading the page and using your browser’s “Inspect” tool to confirm that the hidden fields appear and are populated with a certificate URL starting with “https://cert.trustedform.com/”.
5. Submit a test form to verify that the certificate URL is included in the payload sent to your CRM or API endpoint.

Expected result:
When the page loads, the TrustedForm SDK injects the necessary hidden fields into the form. Upon submission, the form data contains a valid certificate URL that verifies the consumer’s session.

Troubleshooting a TrustedForm Certify Web SDK deployment:
If hidden fields do not appear or are not transmitted, check that:

• JavaScript is enabled and no ad blockers are interfering.
• The script is placed correctly between the <body> and </body> tags.
• The “field” variable in your script configuration matches any custom field names used.
• The browser’s Inspect tool confirms that the DOM includes the injected fields.

Step 3. TrustedForm for Facebook lead ads

• Goal:
  Receive and process TrustedForm Certificates generated from Facebook lead ads, where TrustedForm cannot directly inject a script to record the consumer session.

• Context:
  Facebook lead ads run inside Facebook, and Facebook does not allow third-party scripts, including the TrustedForm Web script.
  To solve this, ActiveProspect has partnered with Facebook to produce a special TrustedForm Certificate only when the lead is retrieved using the Facebook lead ads source integration in LeadConduit, ActiveProspect’s real-time lead processing and optimization engine.

What these certificates include:

• Images of the ad and form supplied by Facebook
• Auto-populated or user-entered form data
• Advertiser details such as Page ID, Ad ID, Campaign ID, and platform
• A simple replay of the ad and form (image ads only)

What they do not include:
Facebook does not provide: IP address, browser data, typing speed, time on page, and click-level interactions.

Instructions (Facebook lead ads integration)

1. Ensure you are retrieving leads from Facebook through LeadConduit’s Facebook lead ads source.
2. Confirm that each retrieved lead includes a TrustedForm Certificate URL automatically generated by the integration.
3. Send that certificate URL along with the lead data to your CRM, API, or downstream buyers.
4. Test by submitting a Facebook lead ads test form, pulling it through LeadConduit, and verifying that a TrustedForm Certificate is produced.

Expected result:
Your system receives a TrustedForm Certificate for each Facebook lead ads submission, containing Facebook-supplied information documenting the lead event.

Step 4. Implement TrustedForm Certify Mobile SDK Beta

• Goal:
  Integrate the (Beta) TrustedForm Certify Mobile SDK into your iOS or Android mobile applications to generate TrustedForm Certificates for in-app lead capture flows.

Important Beta Notice:
The TrustedForm Mobile SDK is currently in beta.
ActiveProspect is not accepting new testers at this time. If you are interested, contact your AP representative to join the waitlist.

How it works:
The Mobile SDK functions like the TrustedForm Web script but is designed specifically for native apps.
Once integrated:

• The SDK generates a TrustedForm Certificate URL for each lead-generating event.
• The certificate includes:
  • Screenshots (if configured by the app)
  • An event log describing actions during the session
  • Metadata that answers When, Where, and Who
• You must pass the Certificate URL along with the lead data you send to your server, CRM, or buyer.

Instructions:

1. Add the TrustedForm Mobile SDK to your mobile application (iOS or Android).
2. Initialize the SDK on the screen where the consumer interacts with your form.
3. After the user submits the form, retrieve the generated TrustedForm Certificate URL.
4. Send that certificate URL along with your lead payload to your downstream systems.
5. Test by completing an in-app lead submission and verifying the certificate URL is generated.

Expected result:
Your mobile app generates a TrustedForm Certificate URL for every recorded in-app lead event. Each mobile certificate contains screenshots (optional), event logs, and metadata documenting the consumer’s consent.

Step 5. Auto‑Retain / Other Retain methods (LeadConduit API Click‑to‑Retain)

• Goal:
  Automatically claim and store TrustedForm Certificates in your account without making separate API calls, ensuring long‑term storage of consumer consent evidence.

• Context:
  TrustedForm Auto‑Retain works with the Certify Web SDK and relies on verified domains and form submissions. If Auto‑Retain is not available, you can alternatively use methods like LeadConduit, API, or Click‑to‑Retain to retain certificates manually.

Instructions:

1. Confirm that your domains have been successfully verified (see Step 1).
2. Log in to your TrustedForm account and navigate to the “Issuing Certificates” page.
3. Scroll to the “Auto‑Retain Confirmed Domains” section.
4. Toggle the Auto‑Retain switch to “Enabled” for each verified domain (ensure subdomains are included if needed).
5. If Auto‑Retain is unavailable, configure alternative methods such as LeadConduit, API, Click‑to‑Retain, or manual API calls to the TrustedForm Retain endpoint.

Expected result:
Every certificate (with a form submission detected) generated from a verified domain is automatically ‘auto-retained’ in your account for long‑term storage (typically up to five years) without additional intervention.

Step 6. Send the TrustedForm Certificate URL with your lead data

• Goal:
  Ensure that the unique TrustedForm Certificate URL is transmitted along with your lead data to your CRM or API platform, serving as documented proof of consumer consent.

• Context:
  Every time a lead is captured, the TrustedForm Certify SDK generates a hidden certificate URL field. This URL must be included in the submitted form data to enable later lead verification and retention.

Instructions:

1. Confirm that the TrustedForm Certify SDK (Step 2) is correctly injecting the certificate URL hidden field into your form.
2. In your form’s submission configuration, ensure that the certificate URL field is mapped alongside other lead fields.
3. For custom form builders, verify that the field name (whether default “xxTrustedFormCertUrl” or a custom name) is correctly captured in the submission payload.
4. Test the process by submitting a sample form and checking your API logs or CRM to validate that the certificate URL is included.

Expected result:
Submitted lead data includes a valid TrustedForm Certificate URL, providing essential documentation of the consumer session for compliance and verification purposes.

Step 7. (Optional) Delivering leads to buyers

• Goal:
  For organizations that deliver leads to buyers, configure your system to forward leads only when accompanied by complete TrustedForm Certificate data, ensuring enhanced transparency and regulatory compliance.

• Context:
  Including the TrustedForm Certificate URL and related data (such as match status and verification metrics) with each lead builds buyer confidence and satisfies legal requirements. Customized routing may be applied to filter out leads that do not meet certificate verification criteria.

Instructions:

1. Decide whether your system will directly deliver the certificate URL along with each lead or use it to gate buyer access.
2. In your lead delivery configuration, map the TrustedForm Certificate URL and any relevant appended fields (match status, lead age, etc.) into the outgoing payload.
3. Optionally, set up filters to exclude leads where certificate retention or verification failed.
4. Communicate the presence and importance of the certificate data to your buyers.
5. Test the delivery process using your platform’s tools and examine delivery reports to ensure that leads include complete certificate information.

Expected result:
Leads delivered to buyers contain the TrustedForm Certificate URL and associated verification data, enabling buyers to confirm consumer consent and enhancing trust in the lead’s quality.

Validate your setup

To confirm that your TrustedForm integration is working correctly:

• Run test submissions on every lead capture page and verify that the hidden certificate fields are present and correctly populated.
• Check your API logs or CRM records to ensure that the certificate URL is transmitted in the lead payload.
• Review your TrustedForm dashboard to confirm that retained certificates appear with up‑to‑date metrics (e.g., domain verification, lead age, match status).
• Use browser tools like “Inspect” and the Network tab to trace the form submission and confirm the inclusion of all required fields.
• For optional integrations (Social and Mobile), submit test leads and ensure that each integration’s expected certificate data is captured.

Troubleshooting

Frequently Asked Questions (FAQ)

How do I verify my domain ownership?

Log in to your ActiveProspect account, add your domains under the Domains section, obtain the unique TXT record, update your DNS settings, and begin verification. Once confirmed, your domains will show as “Verified.”

What should I do if the TrustedForm Certify Web SDK does not inject the hidden fields?

Ensure that the JS snippet is correctly placed within the <body> tags, that your browser supports JavaScript without interference from ad blockers, and check that any custom field names match those in your configuration.

How does Auto‑Retain benefit my integration?

Auto‑Retain automatically retrieves and stores certificates from verified domains (with a valid form submission event) without extra API calls, ensuring long‑term storage (typically up to five years) for proof of consent.

What if the certificate URL is missing in the submitted lead data?

Check your form field mapping and ensure that the TrustedForm JS snippet is properly configured to inject and transmit the certificate URL with the rest of your lead data.

Glossary

• verifydomain1.png200 KB