Buyer integration docs.

Conduit routes qualified, consented leads to your stack in real time. You can receive leads three ways: an internal portal queue, an HTTPS webhook to your CRM, or a managed integration we build with you.

• internal — leads land in the buyer portal queue. No endpoint required.
• webhook — Conduit POSTs JSON to your endpoint_url with an auth header you choose.
• managed — we map fields, sign requests, and operate the integration end-to-end.

Each delivery is logged with status, response code, response body, and attempt count. Failed deliveries can be retried from the admin console.

If you have not configured a custom payload_template, we POST the following JSON shape. Templates can rename, omit, or nest any field.

{
  "lead_id": "9c1e...-uuid",
  "vertical": "solar",
  "score": 78,
  "score_band": "A",
  "first_name": "Jane",
  "last_name": "Doe",
  "email": "jane@example.com",
  "phone": "5551234567",
  "zip": "78701",
  "state": "TX",
  "form_data": { "homeowner": "yes", "monthly_bill": 220 },
  "trustedform_cert_url": "https://cert.trustedform.com/...",
  "jornaya_lead_id": "abcd-1234-...",
  "delivered_at": "2026-05-15T14:22:09.123Z"
}

Respond with HTTP 2xx to accept. Any non-2xx (or a JSON body containing { "accepted": false }) is treated as a reject and may be re-routed to the next eligible buyer.

• accepted_states — array of US state codes. Empty means all states.
• accepted_vertical_ids — restrict to specific verticals.
• min_score — only leads scoring at or above this threshold.
• daily_cap / monthly_cap — hard caps Conduit enforces on your behalf.
• priority — lower numbers route first when multiple buyers are eligible.

Brand sites and embedded forms post to this endpoint. Use it to test the end-to-end pipeline against a brand you have access to.

POST /api/public/leads
Content-Type: application/json

{
  "brand_slug": "acme-solar",
  "consent_acknowledged": true,
  "form_data": {
    "first_name": "Jane",
    "last_name": "Doe",
    "email": "jane@example.com",
    "phone": "555-123-4567",
    "zip": "78701",
    "state": "TX",
    "homeowner": "yes",
    "monthly_bill": 220
  },
  "attribution": {
    "source": "google",
    "medium": "cpc",
    "campaign": "solar-tx-q2",
    "utm": { "utm_term": "solar quotes texas" },
    "referrer": "https://www.google.com/",
    "landing_url": "https://acme-solar.com/quote"
  },
  "trustedform_cert_url": "https://cert.trustedform.com/...",
  "jornaya_lead_id": "abcd-1234-..."
}

Successful responses include { "ok": true, "lead_id": "..." }. Validation errors return 400 with a descriptive errorfield. Payloads larger than 32 KB are rejected with 413.

Once your buyer record has an endpoint_url, an admin can send a synthetic test lead from Admin → Buyers → your buyer → Test delivery. The full request, response status, and body are saved to your delivery log so you can debug field mapping without putting a real consumer at risk.

• All deliveries are HTTPS only. Self-signed certificates are rejected.
• Auth secrets are stored encrypted and referenced by name; they never appear in payloads or logs.
• Consent text, TrustedForm cert, and Jornaya LeadiD are captured and retained for audit.
• PII access is logged and gated by role (admin, compliance, buyer).