Skip to content
Integrations

Integrations to connect your platform to your entire stack

From your buyers’ CRMs to AI agents submitting requests, connect your own OXIAE platform to the tools your publishers, buyers and team already use in minutes, and keep building with a clear API. Provenance and consent travel along with every integration by default, so your operation is not just faster but also demonstrably GDPR-compliant.

Ways to integrate

Choose the integration that fits your lead operation, or combine them. Whether you want to connect a handful of publisher forms or drive your entire lead network programmatically: every route delivers the same, auditable data stream into your platform. Provenance and consent always travel along.

The building blocks to connect anything

Your OXIAE platform gives you open building blocks, so you can connect it yourself to any CRM, automation tool or system your publishers and buyers already use.

  • REST API
  • Webhooks
  • Iframes
  • AI Agent API

How an integration works

Setting up an integration in your own platform is a matter of four clear steps. You always start in a sandboxed environment and only go live once you’ve seen the result in black and white.

01

Authenticate

Generate a scoped API key or run through the OAuth flow. You decide which permissions the integration gets: read only, deliver only, or both.

02

Map fields

Map the platform fields to the fields in your system, a publisher’s, or a buyer’s. Provenance (source, campaign, label) and consent (text, timestamp, IP) each get their own dedicated place, so consent travels along demonstrably.

03

Test in the sandbox

Send test leads through your integration in an isolated sandbox. You see exactly which payload arrives and verify every mapping is correct before any real data flows through your platform.

04

Go live

Happy with the result? Switch the integration live with a single toggle. From that moment requests flow through your platform in real time, with retries and a full audit trail as a safety net.

Connecting to your CRM

For the CRM systems your buyers use most, here is exactly how you connect them yourself: call our REST API or subscribe to our webhooks, then push the data into the CRM using its own API. In every case the payload includes not only the contact details, but also the provenance and the consent evidence, so you and your buyer can prove where a lead came from and that valid consent is in place.

HubSpot

Pull accepted leads from our REST API or subscribe to our webhooks, then create or update the contact and deal in HubSpot yourself, using HubSpot’s own API, exactly the way your setup requires.

What syncs

You decide what syncs: contact, deal, pipeline and stage, built on top of HubSpot’s own API.

Consent & provenance

Every payload includes provenance (source, campaign, label) and consent evidence (text, timestamp, IP), ready for you to store in whichever HubSpot properties you choose.

Pipedrive

Turn every accepted request into a Person and a Deal in Pipedrive yourself, combining our REST API or webhooks with Pipedrive’s own API. You choose the pipeline, stage and owner.

What syncs

You build the sync: Person and Deal creation, with the pipeline, stage and owner you assign.

Consent & provenance

Provenance (source, campaign, label) and consent evidence travel in every payload, so you can map them to custom fields on the Deal yourself.

Salesforce

Write leads into Salesforce yourself, to the Lead object or straight to Contact and Opportunity, by combining our REST API or webhooks with Salesforce’s own API and your own validation rules.

What syncs

You control what syncs and how, on top of your own Salesforce setup and object model.

Consent & provenance

Provenance and consent evidence (text, timestamp, IP) are included in every payload, ready for you to store in the fields you choose for a full audit trail.

What the data looks like

A few concrete examples say more than a specification. Below you can see how to fetch a lead from your platform, how a lead payload with consent and provenance is structured, and how a signed webhook arrives at your endpoint.

Request + lead payload REST
# Fetch a lead via the REST API
curl https://api.oxiae.com/v1/leads/lead_8f21 \
  -H "Authorization: Bearer sk_live_…"

# Example lead payload (consent + provenance included)
{
  "id": "lead_8f21",
  "status": "accepted",
  "contact": {
    "name": "Sanne de Vries",
    "email": "sanne@example.com",
    "phone": "+31 6 12345678"
  },
  "provenance": {
    "source": "google-ads",
    "campaign": "legal-aid-q2",
    "label": "intake-desk",
    "landing_page": "https://request.example.com/start"
  },
  "consent": {
    "given": true,
    "text": "I give permission to be contacted.",
    "timestamp": "2026-03-12T09:41:07Z",
    "ip": "84.12.x.x"
  }
}
Signed webhook Webhook
// Signed webhook payload on your endpoint
// Header: X-OXIAE-Signature: sha256=3a7f…b2e1
{
  "event_id": "evt_5c93",
  "type": "match.found",
  "created": "2026-03-12T09:41:12Z",
  "data": {
    "lead_id": "lead_8f21",
    "buyer_id": "buy_204",
    "provenance": { "source": "google-ads", "campaign": "legal-aid-q2" },
    "consent": { "given": true, "timestamp": "2026-03-12T09:41:07Z" }
  }
}

Integration security

An integration is only as secure as its weakest link. That’s why security in your platform isn’t optional but the default: authentication, integrity and reliable delivery are built in, so data from publishers and to buyers is never lost and never comes from an unknown sender.

API key or OAuth

Authenticate with a scoped API key or via OAuth 2.0. Keys can be restricted per environment and per scope, and revoked at any moment by you as the administrator.

Signed webhooks

Every webhook carries an HMAC-SHA256 signature in the X-OXIAE-Signature header, so your server can verify that the payload genuinely comes from your platform and was not altered in transit.

Retries & idempotency

If an endpoint of yours, a publisher’s or a buyer’s fails, we retry delivery with exponential backoff. Every event carries a unique event_id, so duplicate deliveries can be safely ignored.

IP allowlisting

Restrict inbound API traffic to your own trusted IP addresses and receive webhooks from a fixed, published IP range that you can allowlist in your firewall.

Webhook events

At every key moment in your lead flow, your platform sends an event to your endpoint. Subscribe to the events you need and keep your own systems, and those of publishers and buyers, in sync in real time.

lead.received

A new request has come in via a publisher and passed the first validation.

consent.recorded

The applicant’s consent has been registered with text, timestamp and source.

match.found

The lead has been matched to a buyer via your routing rules.

payout.processed

A payout to a publisher or acceptance by a buyer has been completed and booked in the audit trail.

Build with the API

A developer-friendly foundation to fit your platform exactly into your own lead operation.

REST API

A predictable REST API with clear endpoints, authentication and helpful error messages to drive your platform.

GET /v1/leads

Webhooks

Receive events from your lead operation in real time, signed and replayable, on your own endpoint.

POST /your-endpoint

Documentation

Complete docs with examples, schemas and best practices to get your platform connected fast.

/docs

Frequently asked questions about integrations

The questions we hear most often from lead generators connecting their OXIAE platform to the rest of their stack.

How long does it take to get an integration live?

For a typical connection built on our REST API or webhooks, you can usually be live within a day: authenticate, map the fields you need, test in the sandbox and flip the switch. Custom integrations built by our team are planned in consultation.

Do provenance and consent always travel along?

Yes. Every request you retrieve through our API or receive via our webhooks, including whatever CRM or tool you connect on top of them, carries the source, campaign and consent evidence (text, timestamp and IP) by default. That keeps your lead operation demonstrably GDPR-compliant, even in the systems of your publishers and buyers.

How do I know for sure a webhook really comes from my platform?

Every webhook is signed with an HMAC-SHA256 signature in the X-OXIAE-Signature header. You verify it with your own secret; if the signature doesn’t match, you ignore the payload.

What happens if my endpoint is temporarily down?

We automatically retry delivery with exponential backoff. Every event carries a unique event_id, so you can safely ignore duplicate deliveries and nothing gets lost.

Can I build an integration for a system that isn’t listed?

Absolutely. Every integration, whether it is a CRM, Zapier, Make or an internal system, is something you build yourself via the REST API and webhooks. Prefer we build it for you? Choose a custom integration instead.

What security is built into the API?

You authenticate with a scoped API key or via OAuth 2.0, can restrict inbound traffic with IP allowlisting, and receive webhooks from a fixed IP range. All connections run encrypted over TLS.

Connect your platform in minutes

Book a demo and see how you connect your OXIAE platform to CRMs, forms and AI agents, with provenance and consent delivered by default.