Download OpenAPI specification:Download
Claiming a certificate will allow you to verify its legitimacy, view it online, access its data via our API, and refer to the snapshot that was taken of the page as seen by the consumer, for up to 30 days. And you can easily configure your account to keep certificates for as long as you like, for a small additional fee.
The "claim period" is the time in which a TrustedForm Certificate must be claimed or extended by a TrustedForm Account holder. If it's not, it will expire.
Within the claim period, TrustedForm Certificates are visible to anyone with access to the TrustedForm Certificate URL. After this period, TrustedForm Certificates are only accessible by the TrustedForm account holders that claimed them.
By default, Web Certs have a 72-hour (3 days) window in which they can be claimed. This window is automatically expanded to 90 days if we detect the form's submission.
If you have need to extend Certs beyond the default 3-day window, you have a couple options:
ActiveProspect provides TrustedForm Check-in to allow TrustedForm account holders to extend the claim period of certificates beyond the standard claim period. Checking a certificate in extends the claim period without the need to either claim the certificate or have "Extended Claims" enabled on the publishing account.
When you enable extended claims, Certificates you claim will automatically be extended and available to be claimed up to 90 days.
Reach out to your account representative to enable extended claims.
The TrustedForm Ping API is meant to be used by lead buyers purchasing leads using the "ping/post" model. This API gives buyers access to that data with the intention that it will be called when the buyer is evaluating a ping request from a seller. The buyer can then use the returned data to set an appropriate bid price.
The Ping API does not replace the TrustedForm Claim process. The Ping API cannot be used to verify or store consent for TCPA compliance. It does not support page scanning, fingerprinting, replay, or certificate storage.
Please refer to the Getting Started with Claiming for details on claiming a certificate.
TrustedForm uses HTTP Basic Authentication
with the username API and your API key as the password.
For example: API:1f1b96c9150d8050e858c043d543bb4eadae0e6f
| Security Scheme Type | HTTP |
|---|---|
| HTTP Authorization Scheme | basic |
Account holders using TrustedForm Insights who are receiving certified leads can use the following request to retrieve TrustedForm metadata for the lead contained in a TrustedForm certificate.
| cert_id required | string Certificate ID |
DataServiceRequest
string When using the data service on a certificate, you may pass an optional email (or email_1, email_2, etc) parameter. TrustedForm will extract the email value and perform fingerprinting against the available data. | |
| fingerprint | string Calculated lead fingerprint values using the email and phone number received in the lead data accompanying the certificate. Each fingerprint value is an SHA1 hash of an email or phone value. Each fingerprint value should be provided in a fingerprint parameter. If none of the fingerprints you provide match a fingerprint collected on the certificate, then "none of the provided fingerprints match" will be included in the warnings field and outcome will be "failure". This indicates that the lead data collected on the form does not match the lead data that you received. |
| forbidden_scan_terms | string Use this parameter to perform a scan of the page for text that must not be present. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is found in the HTML document, then "string found in snapshot" will be included in the warnings key of the response and the outcome with be "failure". This parameter may be included multiple times |
| forbidden_scan_terms[] | Array of strings Use this parameter to perform a scan of the page for text that must not be present. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is found in the HTML document, then "string found in snapshot" will be included in the warnings key of the response and the outcome with be "failure". This parameter may be included multiple times |
| phone_1 | string When using the data service on a certificate, you may pass an optional phone (or phone_1, phone_2, etc) parameter. TrustedForm will extract the phone number value and perform fingerprinting against the available data. |
| required_scan_terms | string Use this parameter to perform a scan of the page for required text. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is not found in the HTML document, then "string not found in snapshot" will be included in the warnings key of the response and the outcome will be "failure". This parameter may be included multiple times |
| required_scan_terms[] | Array of strings Use this parameter to perform a scan of the page for required text. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is not found in the HTML document, then "string not found in snapshot" will be included in the warnings key of the response and the outcome will be "failure". This parameter may be included multiple times |
| scan_delimiter | string You can provide your own delimiter to use when wrapping wildcards or
tempate variablies. Your choice of delimiter must be homogeneous (i.e.
the beginning and end are the same character(s)), such as
|
{- "email": "user@example.com",
- "fingerprint": "Y6cQVpJhoks3ZidbcADOjXsy4vc=",
- "forbidden_scan_terms": "I do not agree to the terms of service",
- "phone_1": "5125551234",
- "required_scan_terms": "I agree to the terms of service"
}{- "cert": {
- "age_seconds": 33,
- "approx_ip_geo": {
- "city": "Austin",
- "country_code": "US",
- "lat": 30.4548,
- "lon": -97.7664,
- "postal_code": "78729",
- "state": "TX",
- "time_zone": "America/Chicago"
}, - "browser": {
- "full": "Chrome 95.0.4638.69",
- "name": "Chrome",
- "version": {
- "full": "95.0.4638.69",
- "major": "95",
- "minor": "0",
- "patch": "4638.69"
}
}, - "created_at": "2021-11-12T22:06:44Z",
- "domain": "example.com",
- "event_duration_ms": 21110,
- "expires_at": "2021-11-15T22:06:44Z",
- "form_input_method": [
- "typing",
- "autofill"
], - "ip": "8.8.8.8",
- "is_framed": true,
- "is_mobile": false,
- "kpm": 68.2314,
- "operating_system": {
- "full": "Mac OS X 10.15.7",
- "name": "Mac OS X",
- "version": {
- "full": "10.15.7",
- "major": "10",
- "minor": "15",
- "patch": "7"
}
}, - "page_id": "5d8ce3c9502b426f77001ae7",
- "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36",
- "wpm": 77.1234
}, - "fingerprints": {
- "matching": [
- "c4a8e7fe184993964ae81380e91579015306838a",
- "d511850d569bcd7802c30f54de34bb9f2b31eede"
], - "non_matching": [
- "d511850d569bcd7802c30f54de34bb9f2b31eed1"
]
}, - "is_masked": false,
- "outcome": "success",
- "scans": {
- "forbidden_found": [
- "Enim sit amet venenatis"
], - "forbidden_not_found": [
- "Est velit egestas"
], - "required_found": [
- "lorem ipsum dolor"
], - "required_not_found": [
- "Ad qui aperiri"
]
}, - "warnings": [ ]
}When you claim a certificate, TrustedForm returns either a "consent" or
"consent+data" JSON response depending on your subscription. You can
"view" this same response by sending a GET request to the same endpoint.
The following list provides examples of when you might want to use this endpoint:
| cert_id required | string Certificate ID |
| Accept | string Set to |
const fetch = require('node-fetch'); const certId = 'YOUR_cert_id_PARAMETER'; const resp = await fetch( `https://cert.trustedform.com/${certId}`, { method: 'GET', headers: {Accept: 'string'} } ); const data = await resp.text(); console.log(data);
{- "fingerprints": {
- "matching": [
- "c4a8e7fe184993964ae81380e91579015306838a",
- "d511850d569bcd7802c30f54de34bb9f2b31eede"
], - "non_matching": [
- "d511850d569bcd7802c30f54de34bb9f2b31eed1"
]
}, - "is_masked": false,
- "outcome": "success",
- "scans": {
- "forbidden_found": [
- "Enim sit amet venenatis"
], - "forbidden_not_found": [
- "Est velit egestas"
], - "required_found": [
- "lorem ipsum dolor"
], - "required_not_found": [
- "Ad qui aperiri"
]
}, - "warnings": [ ]
}TrustedForm account holders who are receiving certified leads can use the TrustedForm API to claim the certificate provided with each lead. Doing so
To claim a certificate using the TrustedForm API, send an HTTP POST request to the certificate URL sent by your publisher.
Do not make a request unless the URL starts with https://cert.trustedform.com, otherwise you may expose your TrustedForm credentials to someone else
As part of the claiming process, it's often required that certain language either exists or doesn't exist on the page. For example, you may want to ensure certain consent language exists. As another example, you may want to ensure other language does not exist, such as "free iPhone".
You can use the required_scan_terms and forbidden_scan_terms
parameters.
required_scan_terms: Use this parameter to scan for language you want to ensure exist
on the page.forbidden_scan_terms: Use this parameter to scan for language you want to ensure does
not exist on the page.Often, you will want to scan against a variety of possible texts. The TrustedForm Claiming API enables you to do this in three ways:
required_scan_terms[] or forbidden_scan_terms[]You can use a mixture of all three.
Use {{*}} in the consent language you wish to scan for as a wildcard.
For Example, passing "on behalf of {{*}} at the telephone number" will
match "on behalf of Mortgage Acme at the telephone number".
Like using exact language, scans using wildcards can be sent in as an array.
Templating is different than other versions of page scanning in that you must 1) send it as JSON (i.e. Content-type of application/json); 2) provide a list of key/values to use in the template.
If we were to use the example from above, we might use the following templates:
{
"required_scan_terms": [
{
"template": "on behalf of {{company}} at the telephone number",
"variables": [
{"company": "Mortgage Acme"},
{"company": "Acme Mortgage"},
{"company": "Acme Co."}
]
},
{
"template": "on behalf of {{company}} at the {{contact_method}}",
"variables": [
{"company": "Mortgage Acme", "contact_method": "email"},
{"company": "Acme Mortgage", "contact_method": "fax number"},
{"company": "Acme Mortgage", "contact_method": "email"},
{"company": "Acme Co.", "contact_method": "email"}
]
}
]
}When using wildcards in page scans and page scan templates, the default
method is to surround the wildcard or template key with "handlebar" braces
({{}}). If that conflicts with your system, you can provide your own
delimiter to use. Currently, TrustedForm only allows homogeneous delimiters
(i.e. the beginning and end are the same character(s)) such as **, |, or
even +++.
Certificates created with the sandbox flag set to true cannot be
claimed.
| cert_id required | string Certificate ID |
| Content-type required | string Can be either |
Claiming Parameters
string When claiming a certificate, you can pass an optional email (or email_1, email_2, etc) parameter. TrustedForm will extract the email value and perform fingerprinting against the available data. | |
| fingerprints | string When you claim a certificate you can calculate lead fingerprint values using the email and phone number you received in the lead data accompanying the certificate. Each fingerprint value is an SHA1 hash of an email or phone value. Each fingerprint value should be provided in a fingerprint parameter. If none of the fingerprints you provide match a fingerprint collected on the certificate you will receive the "none of the provided fingerprints match" message in the claim warnings field. This indicates that the lead data collected on the form does not match the lead data that you received. |
string or Array of strings or PageScan (object) or Array of PageScan (objects) Use this parameter to perform a scan of the page for text that must not be present. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is not found in the HTML document, then "string found in snapshot" will be included in the warnings key of the claim response. | |
| phone | string When claiming a certificate, you can pass an optional phone (or phone_1, phone_2, etc) parameter. TrustedForm will extract the phone number value and perform fingerprinting against the available data. |
| reference | string When you claim a certificate, you can include an optional parameter reference We will store this value in the certificate's claim record. A use case for the reference parameter is to add your unique lead identifier to the claim record, which will provide a reference point from the claim to the certified lead that you received. This will indicate which lead a certificate belongs to just by examining the certificate data. In the case that your publisher has passed you two leads with the same Certificate URL, this reference parameter will allow you to determine which lead it was originally passed with. |
string or Array of strings or PageScan (object) or Array of PageScan (objects) Use this parameter to perform a scan of the page for required text. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is not found in the HTML document, then "string not found in snapshot" will be included in the warnings key of the claim response. | |
| scan_delimiter | string You can provide your own delimiter to use when wrapping wildcards or
tempate variablies. Your choice of delimiter must be homogeneous (i.e.
the beginning and end are the same character(s)), such as
|
| vendor | string When claiming a certificate, you can pass the optional vendor parameter. This is intended for tracking the name of the company that provided the lead associated with the certificate. We will store this value in the certificate’s claim record. When you use TrustedForm reporting, you can easily filter or group by a vendor. |
{- "email_1": "user@example.com",
- "forbidden_scan_terms": "I do not agree to the terms of service",
- "phone_1": "999-999-0909",
- "reference": "1128238382829",
- "required_scan_terms": "I agree to the terms of service",
- "vendor": "Acme Co."
}{- "fingerprints": {
- "matching": [
- "c4a8e7fe184993964ae81380e91579015306838a",
- "d511850d569bcd7802c30f54de34bb9f2b31eede"
], - "non_matching": [
- "d511850d569bcd7802c30f54de34bb9f2b31eed1"
]
}, - "is_masked": false,
- "outcome": "success",
- "scans": {
- "forbidden_found": [
- "Enim sit amet venenatis"
], - "forbidden_not_found": [
- "Est velit egestas"
], - "required_found": [
- "lorem ipsum dolor"
], - "required_not_found": [
- "Ad qui aperiri"
]
}, - "warnings": [ ]
}Check-in supports various actions for a TrustedForm Certificate (e.g. extending the claim period on certificates).
Failing to make the authenticated API call within the standard claim period (72 hours of generating the lead) will result in the irretrievable deletion of the certificate.
| cert_id required | string Certificate ID |
WebCert Parameters
Check-in supports various actions for a TrustedForm Certificate (e.g. extending the claim period on certificates).
Failing to make the authenticated API call within the standard claim period (72 hours of generating the lead) will result in the irretrievable deletion of the certificate.
null{ }Retrieve ping data directly from a Certificate.
When a lead vendor only provides a TrustedForm Certificate URL, Ping data
can be retrieved directly without a Ping URL. Simply append /ping to the
Certificate URL and perform an authenticated POST.
| cert_id required | string Certificate ID |
const fetch = require('node-fetch'); const certId = 'YOUR_cert_id_PARAMETER'; const resp = await fetch( `https://cert.trustedform.com/${certId}/ping`, {method: 'POST'} ); const data = await resp.text(); console.log(data);
{- "cert": {
- "age_seconds": 33,
- "approx_ip_geo": {
- "city": "Austin",
- "country_code": "US",
- "lat": 30.4548,
- "lon": -97.7664,
- "postal_code": "78729",
- "state": "TX",
- "time_zone": "America/Chicago"
}, - "browser": {
- "full": "Chrome 95.0.4638.69",
- "name": "Chrome",
- "version": {
- "full": "95.0.4638.69",
- "major": "95",
- "minor": "0",
- "patch": "4638.69"
}
}, - "created_at": "2021-11-12T22:06:44Z",
- "domain": "example.com",
- "event_duration_ms": 21110,
- "expires_at": "2021-11-15T22:06:44Z",
- "form_input_method": [
- "typing",
- "autofill"
], - "ip": "8.8.8.8",
- "is_framed": true,
- "is_mobile": false,
- "kpm": 68.2314,
- "operating_system": {
- "full": "Mac OS X 10.15.7",
- "name": "Mac OS X",
- "version": {
- "full": "10.15.7",
- "major": "10",
- "minor": "15",
- "patch": "7"
}
}, - "page_id": "5d8ce3c9502b426f77001ae7",
- "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36",
- "wpm": 77.1234
}, - "fingerprints": {
- "matching": [
- "c4a8e7fe184993964ae81380e91579015306838a",
- "d511850d569bcd7802c30f54de34bb9f2b31eede"
], - "non_matching": [
- "d511850d569bcd7802c30f54de34bb9f2b31eed1"
]
}, - "is_masked": false,
- "outcome": "success",
- "scans": {
- "forbidden_found": [
- "Enim sit amet venenatis"
], - "forbidden_not_found": [
- "Est velit egestas"
], - "required_found": [
- "lorem ipsum dolor"
], - "required_not_found": [
- "Ad qui aperiri"
]
}, - "warnings": [ ]
}When a lead vendor only provides a TrustedForm Certificate URL, you can
generate a new Ping URL for the Certificate. Simply append /ping_url to
the Certificate URL and perform an unauthenticated GET.
Each call to this endpoint will generate a new Ping URL, they are all equally valid.
A successful call to this endpoint does not guarantee that the Certificate URL you have provided is valid and unexpired. The standard Certificate expiration window still applies.
| cert_id required | string Certificate ID |
const fetch = require('node-fetch'); const certId = 'YOUR_cert_id_PARAMETER'; const resp = await fetch( `https://cert.trustedform.com/${certId}/ping_url`, {method: 'GET'} ); const data = await resp.text(); console.log(data);