TrustedForm Integration
Connect TrustedForm to Lead Distro AI to validate consent certificates at ingest, claim certs for proof of consent, and detect email or phone data mismatches before a lead is distributed.
What This Integration Does
Connects your own TrustedForm (ActiveProspect) account to Lead Distro AI so every incoming lead that carries a TrustedForm certificate URL is validated in real time at ingest. When a lead arrives with a trustedform_cert_url, Lead Distro AI claims (retains) the certificate for your records and verifies that the email and phone on the lead match what the consumer actually typed on the original form.
This is a bring-your-own-key integration. You connect your own TrustedForm API key, you pay ActiveProspect directly for each certificate claimed, and Lead Distro AI calls your account on your behalf. There is no reseller markup, and certificates are retained under your TrustedForm account so the proof of consent belongs to you.
What Is TrustedForm
TrustedForm, by ActiveProspect, is the industry standard for documenting consumer consent at the moment a lead is generated. A small script on the lead form records the consumer's interaction (the page they were on, the consent language they saw, how long they spent, the email and phone they entered) and issues a tamper-evident certificate. Each certificate lives at a URL like https://cert.trustedform.com/ and is passed along with the lead.
A raw certificate URL is just a pointer. To turn it into durable, defensible proof you have to claim (retain) the certificate through the TrustedForm API. Claiming snapshots the certificate to your account so it survives even after the short retention window on the original URL expires. That claim step is exactly what Lead Distro AI automates for you at ingest.
Why It's Helpful
- Proof of consent for TCPA. A claimed TrustedForm certificate is the evidence that a specific person, at a specific time, saw your consent language and submitted the form. If a buyer (or a regulator) ever questions a lead, you have a defensible record instead of a he-said-she-said.
- Catch fraud and mismatched data. TrustedForm fingerprints the email and phone entered on the form. Lead Distro AI compares those fingerprints against the email and phone on the lead, so a swapped phone number or a recycled certificate shows up as a mismatch before the lead is ever sold.
- Protect your buyers and your reputation. Filtering out leads whose certificate fails to claim or whose data does not match keeps low-quality and non-consented leads out of your distribution flow, which keeps return rates down and buyer trust up.
- Buyers increasingly require it. Many legal and high-value verticals will only accept leads accompanied by a valid TrustedForm certificate. Validating at ingest means you only ever pass certified leads to those buyers.
TrustedForm validation reduces TCPA and lead-quality risk but is not legal advice or guaranteed compliance. Use it alongside express written consent, suppression lists, and TCPA litigator scrubbing (see the Blacklist Alliance integration), and consult an attorney for your vertical and jurisdiction.
How Lead Distro AI Integrates With TrustedForm
The integration runs inside the ingest pipeline using the TrustedForm Certificate API v4. The flow is fully automatic once it is set up:
- A supplier sends a lead that includes a
trustedform_cert_urlfield (the certificate URL captured on the lead form). - Lead Distro AI confirms the URL is a real TrustedForm certificate (it must start with
https://cert.trustedform.com/). - If your organization has a TrustedForm API key connected, Lead Distro AI POSTs to the certificate URL with a retain operation (to claim it) and a match_lead operation carrying the lead's email and phone.
- TrustedForm responds with whether the claim succeeded and which fields (email, phone) match the data the consumer originally entered.
- Lead Distro AI stores the full result on the lead under
signal_data.trustedform, where it is visible on the lead detail page and fed into AI lead scoring as a quality signal.
The phone number is normalized before matching (non-digits stripped, leading US country code removed) so a formatting difference between your lead and the form submission does not cause a false mismatch.
Required vs Optional Certificates
Whether a failed certificate rejects the lead is controlled by the trustedform_cert_url field in your campaign's field mapping:
- Optional field (default). The certificate is still claimed and the match result is recorded and passed to buyers, but a failed claim or a data mismatch does not block the lead. The signal is captured for scoring and for the buyer to evaluate.
- Required field. If the certificate fails to claim, or the email or phone does not match the certificate, the lead is rejected at ingest with a
400and a clear reason (for examplephone mismatchorcert claim failed). The rejection is logged to lead activity so you can audit it.
Make trustedform_cert_url a required field for buyers who only accept certified leads, and leave it optional on campaigns where you want the certificate as a quality signal without hard-blocking leads that lack one.
Prerequisites
- A TrustedForm (ActiveProspect) account with API access.
- A TrustedForm API key from your ActiveProspect dashboard (
https://app.trustedform.com/api-keys). - Lead forms that fire the TrustedForm script so each submission produces a certificate URL.
- Your supplier passing that certificate URL into the lead payload (commonly as
trustedform_cert_urlorxxTrustedFormCertUrl).
Step 1 — Connect Your API Key
- In Lead Distro AI, go to Settings → Integrations → TrustedForm.
- Click the card to open the connection dialog.
- Paste your TrustedForm API key and click Save.
- The key is stored encrypted on your organization and is used only to authenticate calls to your own TrustedForm account.
Without an API key connected, certificate URLs are still stored on the lead and passed through to buyers, but they are not claimed or validated. Add your key to turn on automatic cert claiming and email/phone matching.
Step 2 — Map the Certificate Field
- Open the campaign that will receive certified leads and go to Field Mapping.
- Add a field named
trustedform_cert_url. - Set it required if leads without a valid certificate should be rejected, or leave it optional to capture the signal without blocking.
- If your supplier sends the certificate under a different key (for example
xxTrustedFormCertUrl), map that incoming key totrustedform_cert_urlso Lead Distro AI recognizes it.
Lead Distro AI only validates the certificate when trustedform_cert_url exists in the campaign's field mapping. If the field is missing from the mapping, the certificate URL is ignored even when an API key is connected.
Step 3 — Send a Test Lead
Send a test lead that includes a real TrustedForm certificate URL plus the email and phone that were entered on the form. Open the lead detail page and look for the TrustedForm block under the lead's signals. You should see whether the certificate was claimed, the email and phone match results, the form page URL, the time the consumer spent on the page, and the certificate age.
What Gets Captured
| Field | What it tells you |
|---|---|
claimed | Whether the certificate was successfully retained to your account |
field_match.email | Whether the lead email matches the email entered on the form (true / false / unknown) |
field_match.phone | Whether the lead phone matches the phone entered on the form (true / false / unknown) |
page_url | The URL of the form the consumer actually submitted |
event_duration | Seconds the consumer spent on the form page (a fraud and quality signal) |
age_seconds | How old the certificate was when claimed (stale certs can indicate aged or resold leads) |
framed / masked | Whether the form was inside an iframe or had hidden fields (risk signals) |
warnings | Any advisories TrustedForm returned about the certificate |
Pricing
TrustedForm charges your ActiveProspect account directly each time a certificate is claimed, typically in the range of about $0.05 to $0.40 per certificate depending on your plan. Lead Distro AI adds no markup. Because claiming only happens when a lead arrives with a valid certificate URL and your API key is connected, you control spend by choosing which campaigns map the trustedform_cert_url field.
Frequently Asked Questions
How does the TrustedForm integration work in Lead Distro AI?
trustedform_cert_url and your organization has a TrustedForm API key connected, Lead Distro AI claims (retains) the certificate through the TrustedForm Certificate API v4 and matches the lead's email and phone against the data the consumer entered on the form. The full result is stored on the lead and used for scoring. If the certificate field is marked required, a failed claim or a data mismatch rejects the lead at ingest.Do I need my own TrustedForm account?
What happens if I do not connect an API key?
Will a bad certificate reject the lead?
trustedform_cert_url is marked required in the campaign's field mapping. When required, a failed claim or an email/phone mismatch rejects the lead at ingest with a clear reason. When optional, the result is recorded as a signal but the lead still flows through so you (or the buyer) can decide.My supplier sends the certificate as xxTrustedFormCertUrl. Does that work?
xxTrustedFormCertUrl) to the trustedform_cert_url field in your campaign's field mapping. Lead Distro AI validates whatever value lands in trustedform_cert_url, as long as it is a real certificate URL starting with https://cert.trustedform.com/.Does TrustedForm validation slow down ingest?
How is the phone number matched if formats differ?
Is TrustedForm the same as TCPA litigator scrubbing?
Related Articles
If you have any questions, send us an email at support@leaddistro.ai