Guide overview
Summary:
This guide walks lead buyers through the complete API integration process for TrustedForm—from reviewing our developer documentation and retrieving your API key to setting up custom API requests (or native integrations) to retain certificates, storing certificate URLs in your CRM, receiving TrustedForm Certificates, and filtering leads based on Verify results.
Learning objectives:
- Understand how to access and use TrustedForm’s developer documentation to learn API operations.
- Retrieve and securely store your API key for authenticated API calls.
- Configure API requests or native integrations to retain certificates and perform lead matching.
- Store TrustedForm Certificate URLs in your CRM for auditing and compliance.
- Verify certificates using the TrustedForm Verify operation and filter leads based on consent compliance.
Quick start workflow
- Receive TrustedForm Certificate URLs
- Verify consent
- Maintain a list of the consent languages you approve for use in lead generation
- Retain TrustedForm Certificates
- Optimize your lead acquisition strategy
Step‑by‑step instructions
Step 1. Receive TrustedForm Certificate URLs
- Goal: Retrieve TrustedForm Certificates with you leads.
- Context: Trustedform Certificates are digital records containing pertinent details about lead generation events. Their URLs serve as the endpoint for most API calls and enable you to perform the tasks necessary to practice consent-based marketing.
Instructions:
- Send your lead providers instructions on how to create TrustedForm Certificates.
- Let them know that you require a TrustedForm Certificate URL to be sent as a field with every lead.
- Request a test lead be sent to you and confirm that it has a TrustedForm Certificate URL.
- Make sure you are logged into your ActiveProspect Account.
- Visit the TrustedForm Certificate URL and you should see a button that says “Retain Certificate”.
- Click the “Retain Certificate” button and investigate the certificate to familiarize yourself with how the lead was generated.
Expected result:
You confirm that leads are being generated with valid TrustedForm Certificates that give you adequate visibility to understand the origin of the leads.
Step 2. Verify consent
- Goal: Establish a reliable process to determine if a lead has consented to be contacted.
- Context: Obtaining prior express written consent before sending marketing communications is the most dependable way to stay compliant with telemarketing laws. TrustedForm Verify enables you to programmatically confirm that specific requirements are met, strengthening your compliance practices and reducing the risk of litigation.
Instructions:
- Visit the TrustedForm Verification Criteria page
- Check all of the requirements that you would like to enforce when verifying that a lead has consented to be contacted.
- Setup you lead intake to use the TrustedForm Certificate API to run the Verify operation on all incoming leads and report the outcome. If you are using a 3rd party system with a pre-built integration with TrustedForm, refer to their documentation for further instructions. If you are using a system that was built in-house, ask your development team to integrate this into your processes.
Expected result:
When leads are processed you are able to see the outcome of the Verify operation.
Step 3. Maintain a list of the consent languages you approve for use in lead generation
- Goal: Leverage TrustedForm’s Consent Language Manager as the authoritative guide for the disclosures your lead sources are permitted to show to ensure adequate consent.
- Context: Consent language is the text shown to a lead to confirm they have agreed to be contacted. When purchasing leads, you will encounter many variations of this language, and it is your responsibility to ensure your leads only see the ones that meet regulatory requirements. The Consent Language Manager helps you track these variations and categorize them as approved or rejected, giving you confidence that the consent language used to generate your leads is compliant.
Instructions:
- Ask your lead providers to send test leads from every form they use. Then review the consent language that appears in the unreviewed section of your Consent Language Manager and mark each one as approved or rejected based on your business’s compliance requirements.
- Alternatively, gather all the consent languages that will be used to generate your leads from your lead providers and manually add each one to the Consent Language Manager. Note: This method is prone to errors as lead providers will often provide the wrong text because it has been updated since they last checked.
- Periodically (e.g. once a week) review any new consent languages that appear in the unreviewed section of your Consent Language Manager in case any updates have been made.
Expected result:
Your Consent Language Manager accurately reflects your businesses stance on which variations are allowed to be used to generate leads vs prohibited.
Step 4. Retain TrustedForm Certificates
- Goal: Store TrustedForm Certificates so you can access them for the entire period during which legal action may still be brought after a lead is created.
- Context: In the event of a complaint or litigation, a TrustedForm Certificate provides evidence of how a lead was generated. When a consumer’s consent was properly obtained, this certificate is often the strongest tool for discouraging plaintiffs, getting a case dismissed, or prevailing in court.
Instructions:
- Use the TrustedForm Certificate API to run the Retain operation on every lead that you plan to contact. When practicing consent-based marketing, this means that you do not contact leads who have not given their explicit consent to be contacted. If you are using a third-party system with a pre-built integration with TrustedForm, refer to their documentation for further instructions. If you are using a system that was built in-house, ask your development team to integrate this into your processes.
- Save the TrustedForm Certificate URL for each lead in your CRM system or designated database. This URL is how you will locate the TrustedForm Certificate generated for that lead.
Expected result:
Every lead record in your CRM is accompanied by a valid TrustedForm Certificate URL to facilitate future audits and meet record-keeping requirements.
Step 5. Optimize your lead acquisition strategy
- Goal: Avoid leads that are unlikely to perform or do not meet your expectations.
- Context: TrustedForm Certificates contain a plethora of metadata collected during the event that can help you refine your filters and enforce requirements to help improve the overall quality of the leads you purchase.
Instructions:
- View your TrustedForm Dashboard to see aggregate statistics about the leads for which you have retained certifcates.
- Use this information to identify any areas of concern that may correlate to poor performance (e.g. high lead age values, IP addresses being used repeatedly, extremely low time on page values )
- Use the TrustedForm Certificate API to run the Insights operation on every incoming lead to retrieve this data in real time and reject any leads exhibiting signals that you do not want to accept. If you are using a third-party system with a pre-built integration with TrustedForm, refer to their documentation for further instructions. If you are using a system that was built in-house, ask your development team to integrate this into your processes.
Expected result:
Your system filters incoming leads based on criteria you have established to protect your overall lead quality.
Validate your setup
To verify your integration is working correctly, perform these checks:
- Submit a test lead that includes a TrustedForm Certificate URL.
- Confirm that the API response from valid leads returns an “outcome” of “success.”
- Check that the certificate URL is correctly stored in your CRM.
- Review TrustedForm dashboard metrics to ensure the reported data aligns with your expectations.
Troubleshooting
| Symptom / Error message | Likely cause | Resolution |
|---|---|---|
| “Unable to authenticate” | Incorrect or missing API key; misconfigured HTTP Basic Authentication credentials | Verify and update your API key in your TrustedForm account settings and confirm the correct HTTP Basic Auth usage. |
| “HTTP 400 Bad Request” or “HTTP 406 Not Acceptable” | Malformed certificate URL or improperly formatted request body | Ensure the certificate URL starts with “https://cert.trustedform.com/” and that your JSON payload adheres to the API schema. |
| “HTTP 402 Payment Required” | Billing or subscription issues with your account | Confirm your account’s billing status and that you have an active TrustedForm subscription. |
| “HTTP 403 Forbidden” | API key authentication failure | Regenerate your API key if necessary and ensure “API” is used as the username with the key as the password. |
| “HTTP 404 Not Found” | Certificate has expired or the URL is invalid | Check that the certificate is within its valid retain period (typically 72 hours) and that the URL is correct. |
| “HTTP 405 Method Not Allowed” | Incorrect HTTP method (e.g., using GET instead of POST) | Use an HTTP POST request as specified in the API documentation. |
| “HTTP 410 Gone” | Certificate has expired and is pending deletion | Do not retry; the certificate is no longer available. |
| “HTTP 500/502/503 Server Error” | Temporary server or network issues | Retry the request after a brief delay; if the error persists, contact TrustedForm support. |
| Timeout errors | Request timeout is too short relative to the server’s response time | Increase your timeout setting and retry the API request. |
Frequently Asked Questions (FAQ)
How do I access TrustedForm’s developer documentation?
Visit https://developers.activeprospect.com/docs/trustedform/ for comprehensive documentation on API operations including Retain, Match Lead, and Verify.
Where can I find my API key?
Log in to your TrustedForm account at https://app.trustedform.com/settings and copy your API key from the API Key section.
How are TrustedForm Certificates generated and delivered?
When a consumer submits a form with TrustedForm Certify installed, a unique certificate URL is embedded in the lead data. The certificate URL should then be sent with the lead data to be consumed in the same way as other fields like name, email or phone. This URL is then used to perform all other operations available through TrustedForm product offerings.
How can I filter leads based on TrustedForm Verify results?
Use the Verify API operation to check if the certificate meets your established consent criteria. Leads with a “success” outcome don’t have any known issues and can be processed, while those with “failure” or “error” outcomes should be flagged or rejected.
Can I use a native integration instead of custom API requests?
Yes, many LMS and lead distribution platforms offer native TrustedForm integrations that automate certificate retention, lead matching, verification and filtering. Refer to your vendor’s documentation for setup details.
Glossary
| Term | Definition |
|---|---|
| API Key | A unique identifier from your TrustedForm account used to authenticate API requests. |
| TrustedForm Certificate URL | A unique URL starting with “https://cert.trustedform.com/” that links to a certificate documenting consumer consent. |
| Retain | The API operation that stores a TrustedForm Certificate for long-term access (typically 5 years) in your account. |
| Match Lead | An API operation that compares provided lead information (email and/or phone) with data in the certificate. |
| Verify | An API operation that checks if a certificate meets your defined requirements related to compliance. |
| Native Integration | A built-in integration provided by platforms (e.g., CRM, LMS) that automates TrustedForm API operations. |
| Consent compliance | The state in which a certificate accurately evidences that the consumer has given explicit consent to be contacted. |
Comments
0 comments
Please sign in to leave a comment.