By default, LeadConduit enforces inbound lead security through the following means:
- Unguessable flow and source id combinations are included in the submission URL. Only you and your lead source know this submission URL.
- The URL path is encrypted across the network, is unique to the source/vendor/website submitting leads, and is not shared with any other entity
- The HTTPS used by ActiveProspect enforces the latest TLS protocols
Even given the above built in security measures, some clients may opt to require a username and secret on each lead.
Add the Fields to your Flow
ActiveProspect provides two standard fields for lead sources to submit on each lead.
| Flow Field | Source Submitted Field | Type | Description |
|---|---|---|---|
| API Username | apiuser | string | Username required with lead submission |
| API Secret | apisecret | string | Secret required with lead submission. |
- Edit your flow. Click the Fields tab and click Add/Edit Fields near the top right.
- Enter apiuser in the search bar and click the checkbox to the left of “API Username.” Click Update Fields at top right.
- Repeat this process, searching for apisecret and clicking “API Secret.” Click Update Fields at top right.
- Save your flow at top right.
Check the Values of API Username and API Secret
Your source level acceptance criteria will check the value of apiuser and apisecret in leads as they enter the flow.
1. Edit your flow and click the Sources tab. To the right of the source you want to configure, click Acceptance Criteria.
2. Enter rules to check the value of the API Secret and API Username. Here is an example:
3. Don’t forget to save your flow and send a positive and a negative test lead to verify that the acceptance criteria have been set up correctly.
That’s all there is to it! Your flow now checks the API Username and API Secret on each incoming lead.
Sharing the values with your source
The acceptance criteria set, including the values for the API Username and API Secret, will be included in your Submission Docs. To obscure this value via hashing, please read on, below.
Obfuscating Values in LeadConduit
As normal with LeadConduit, any field sent in with a lead can be viewed, exported, or used in a report. The API Username and API Secret are no different in this respect, and will appear in plain text by default. In order to avoid having the raw value of one or both of the API Username and Secret values exportable and reportable, and included with acceptance criteria described in the Submission Docs, you can request, in a Support ticket, that a hashed value protects that field.
Here is how one of these mappings in the Source looks when properly configured:
Unfortunately this does take loading the transformation in the background, from the api, by ActiveProspect Support, but it only has to be done once for each lead source.
Once your hashed value is set up, you will need to set up the acceptance criteria to match. To find the proper hash value, send through a test lead with the correct apisecret field. Check on LeadConduit for the value shown for API Secret for the test lead, and insert this value in the Acceptance Criteria value (on the right).
Please note that you will have to share the API Secret and/or the API Username privately with the vendor if you are hashing the values.
Comments
0 comments
Please sign in to leave a comment.