> ## Documentation Index
> Fetch the complete documentation index at: https://leadping.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Requiring TrustedForm

> Send TrustedForm certificate URLs with external Leadping submissions and understand how they support source, consent, and dispute review.

*Revision Date: June 28, 2026*

External lead submissions must include a TrustedForm certificate URL unless Leadping has approved a different intake path for that source.

The certificate connects the submitted lead to the page or flow where the person opted in. It gives your team and Leadping a shared record for source review, consent review, carrier questions, and dispute handling.

TrustedForm is evidence, not automatic permission. A certificate does not make a lead lawful, override an opt-out, approve a message category, or guarantee that calls or texts may be sent.

## Why Leadping asks for it

External lead intake often crosses systems: a publisher form, a tracking layer, a buyer integration, a CRM, and then Leadping. TrustedForm helps keep that chain reviewable by preserving evidence about the opt-in event.

That evidence is useful when your team needs to answer:

* Which form or page produced this lead?
* What disclosure was shown?
* Which phone number or email address was submitted?
* Which seller, brand, product, source, or campaign was involved?
* Was the lead consistent with the source that posted it to Leadping?

## Required field

Send the certificate URL in `trustedFormUrl`.

```json theme={null}
{
  "trustedFormUrl": "https://cert.trustedform.com/example"
}
```

For structured `POST /leads` payloads, place it under `metadata`:

```json theme={null}
{
  "metadata": {
    "trustedFormUrl": "https://cert.trustedform.com/example"
  },
  "contact": {
    "email": "jordan@example.com",
    "phone": {
      "number": "+15555550123"
    }
  },
  "customer": {}
}
```

For flat `POST /leads/intake` payloads, send it as a top-level field:

```json theme={null}
{
  "firstName": "Jordan",
  "phone": "+15555550123",
  "trustedFormUrl": "https://cert.trustedform.com/example"
}
```

The URL must be a valid TrustedForm URL from `trustedform.com`.

## Field placement

| Intake path          | Field location                                |
| -------------------- | --------------------------------------------- |
| `POST /leads`        | `metadata.trustedFormUrl`                     |
| `POST /leads/intake` | Top-level `trustedFormUrl`                    |
| `GET /leads/intake`  | Query-string parameter named `TrustedFormUrl` |

## What the certificate should support

The certificate and related source records should show:

* The consumer took an affirmative opt-in action.
* The sender or brand was visible.
* The phone number, email address, or contact method matches the submitted lead.
* The disclosure shown at opt-in matches the planned outreach.
* The channel is covered, such as SMS or calls.
* The source, publisher, landing page, or partner can be identified.
* The submission date, time, IP address, and user agent can be traced.

The certificate should line up with the submitted payload. If the submitted phone, email, source, landing page, product, or timestamp does not make sense against the certificate and source records, Leadping may reject or hold the lead.

## Intake validation

Leadping can reject or hold a lead when the TrustedForm URL is:

* Missing
* Malformed
* Not hosted by `trustedform.com`
* Expired or unreachable
* Not connected to the submitted contact information
* Inconsistent with the approved source, campaign, or consent path
* Suspicious or tied to a disputed source

If a source repeatedly submits bad certificates, Leadping may pause the source until the intake path is fixed.

## Common implementation problems

Common problems include:

* Sending the field under the wrong name, such as `trusted_form` instead of `trustedFormUrl`
* Sending a screenshot URL instead of the TrustedForm certificate URL
* Sending the same certificate for multiple unrelated leads
* Sending a certificate from a different source, form, or publisher
* Submitting leads after certificates have expired or become unavailable
* Collecting consent that does not name the intended sender or channel
* Posting leads before the source is approved for production traffic

Fix the source integration before retrying the same traffic.

## Retention

Keep TrustedForm certificates and related source records long enough to support audits, disputes, carrier review, and your own compliance requirements.

TrustedForm certificates can expire if retention is not extended. Make retention part of your source onboarding process before sending production leads.

## Related pages

* [Lead Sources](/lead-sources)
* [Sending Leads to Leadping](/sending-leads-to-leadping)
* [Compliance Overview](/compliance)
