Claiming Certificates

Claiming Certificates

TrustedForm account holders who are receiving certified leads can use the TrustedForm API to claim the certificate provided with each lead. Doing so

  1. Verifies the legitimacy of the certificate
  2. Stores the certificate for future reference and
  3. Provides programmatic access to the information shown on the certificate

To claim a certificate using the TrustedForm API, send an HTTP POST request to the certificate URL sent by your publisher.

Do not make a request unless the URL starts with https://cert.trustedform.com, otherwise you may expose your TrustedForm credentials to someone else

  • Use a POST request — any other type of request will not claim the certificate
  • Use the Accept: application/json request header
  • Use the Content-Type: application/json or Content-Type: application/x-www-form-url encoded header, and encode the request body accordingly.
  • In the Authorization header, use the API key provided on the "Settings" tab in the TrustedForm Application and the username 'API'.

Page Scanning

As part of the claiming process, it's often required that certain language either exists or doesn't exist on the page. For example, you may want to ensure certain consent language exists. As another example, you may want to ensure other language does not exist, such as "free iPhone". In both cases, you can provide the language to "scan" for using the scan and scan! parameters.

  • scan: Use this parameter to scan for language you want to ensure exist on the page.
  • scan!: Use this parameter to scan for language you want to ensure does not exist on the page.

Often, you will want to scan against a variety of possible texts. The TrustedForm Claiming API enables you to do this in three ways:

  1. Send the variations as a list using scan[] or scan![]
  2. Use wildcards in the consent language.
  3. Use templates.

You can use a mixture of all three.

Wildcards

Use {{*}} in the consent language you wish to scan for as a wildcard. For Example, passing "on behalf of {{*}} at the telephone number" will match "on behalf of Mortgage Acme at the telephone number".

Like using exact language, scans using wildcards can be sent in as an array.

Templating

Templating is different than other versions of page scanning in that you must 1) send it as JSON (i.e. Content-type of application/json); 2) provide a list of key/values to use in the template.

If we were to use the example from above, we might use the following templates:

{
  "scan": [
    {
      "template": "on behalf of {{company}} at the telephone number",
      "variable_maps": [
        {"company": "Mortgage Acme"},
        {"company": "Acme Mortgage"},
        {"company": "Acme Co."}
      ]
    },
    {
      "template": "on behalf of {{company}} at the {{contact_method}}",
      "variable_maps": [
        {"company": "Mortgage Acme", "contact_method": "email"},
        {"company": "Acme Mortgage", "contact_method": "fax number"},
        {"company": "Acme Mortgage", "contact_method": "email"},
        {"company": "Acme Co.", "contact_method": "email"}
      ]
    }
  ]
}

Sandboxed Certificates

Certificates created with the sandbox flag set to true cannot be claimed.

Request
path Parameters
cert_id
required
string

Certificate ID

query Parameters
ping_url
string

Ping URL

header Parameters
Content-type
required
string

Can be either application/json or application/x-www-form-urlencoded.

Request Body schema: application/json
optional

Claiming Parameters

anything_else
string

When data is sent with a parameter other than those listed below, TrustedForm will extract the values and perform fingerprinting against the available data.

fingerprints
string

When you claim a certificate you can calculate lead fingerprint values using the email and phone number you received in the lead data accompanying the certificate. Each fingerprint value is an SHA1 hash of an email or phone value. Each fingerprint value should be provided in a fingerprint parameter.

If at least one of the fingerprints you provide does not match one of those collected on the certificate you will receive the none of the provided fingerprints match in the claim warnings field. This indicates that the lead data collected on the form does not match the lead data that you received.

reference
string

When you claim a certificate, you can include an optional parameter reference We will store this value in the certificate's claim record. A use case for the reference parameter is to add your unique lead identifier to the claim record, which will provide a reference point from the claim to the certified lead that you received.

This will indicate which lead a certificate belongs to just by examining the certificate data. In the case that your publisher has passed you two leads with the same Certificate URL, this reference parameter will allow you to determine which lead it was originally passed with.

string or Array of strings or Page Scan (object) or Array of Page Scan (objects)

Use this parameter to perform a scan of the page for required text. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is not found in the HTML document, then "string not found in snapshot" will be included in the warnings key of the claim response.

This parameter may be included multiple times

string or Array of strings or Page Scan (object) or Array of Page Scan (objects)

Use this parameter to perform a scan of the page for text that must not be present. TrustedForm will then perform a case and whitespace insensitive search for the string. If the string is not found in the HTML document, then "string found in snapshot" will be included in the warnings key of the claim response.

This parameter may be included multiple times

vendor
string

When claiming a certificate, you can pass the optional vendor parameter. This is intended for tracking the name of the company that provided the lead associated with the certificate. We will store this value in the certificate’s claim record. When you use TrustedForm reporting, you can easily filter or group by a vendor.

Responses
200

Created

400

Malformed Certificate URL

401

Unauthorized

404

Certificate not found

405

Attempted to claim a 'sandboxed' certificate

410

The certificate is expired and no longer available to be claimed

422

The certificate has been claimed too many times

post/{cert_id}
Request samples
application/json
{
  • "email_1": "user@example.com",
  • "phone_1": "512-555-1234",
  • "reference": "1128238382829",
  • "scan": "I agree to the terms of service",
  • "scan!": "I do not agree to the terms of service",
  • "vendor": "Acme Co."
}
Response samples
application/json
{}