Integrations to connect your platform to your entire stack
From your buyers’ CRMs to AI agents submitting requests, connect your own OXIAE platform to the tools your publishers, buyers and team already use in minutes, and keep building with a clear API. Provenance and consent travel along with every integration by default, so your operation is not just faster but also demonstrably GDPR-compliant.
Ways to integrate
Choose the integration that fits your lead operation, or combine them. Whether you want to connect a handful of publisher forms or drive your entire lead network programmatically: every route delivers the same, auditable data stream into your platform. Provenance and consent always travel along.
API & webhooks
Push requests in and out of your platform in real time, with a clear REST API and webhooks that trigger instantly.
View API & webhooksCRM integrations
Push accepted leads into your buyers’ CRM, HubSpot, Salesforce, Pipedrive or any other, yourself, using our REST API and signed webhooks, with provenance and consent included in every payload.
View CRM integrationsForms & landing pages
Let publishers submit requests under their own brand and watch them land directly in your platform.
View Forms & landing pagesPartner portal
Manage publishers, delivery and quality across all your supplying partners in one place in your own platform.
View Partner portalCall tracking
Connect telephony to your lead flow and trace every call back to source, publisher and campaign.
View Call trackingAI Agent API
Let AI agents submit or retrieve requests to and from your platform securely and in a structured way.
View AI Agent APIZapier / Make
Connect your lead flow to Zapier, Make or thousands of other tools yourself, using our REST API and signed webhooks, no native connector required.
View Zapier / MakeThe building blocks to connect anything
Your OXIAE platform gives you open building blocks, so you can connect it yourself to any CRM, automation tool or system your publishers and buyers already use.
- REST API
- Webhooks
- Iframes
- AI Agent API
How an integration works
Setting up an integration in your own platform is a matter of four clear steps. You always start in a sandboxed environment and only go live once you’ve seen the result in black and white.
Authenticate
Generate a scoped API key or run through the OAuth flow. You decide which permissions the integration gets: read only, deliver only, or both.
Map fields
Map the platform fields to the fields in your system, a publisher’s, or a buyer’s. Provenance (source, campaign, label) and consent (text, timestamp, IP) each get their own dedicated place, so consent travels along demonstrably.
Test in the sandbox
Send test leads through your integration in an isolated sandbox. You see exactly which payload arrives and verify every mapping is correct before any real data flows through your platform.
Go live
Happy with the result? Switch the integration live with a single toggle. From that moment requests flow through your platform in real time, with retries and a full audit trail as a safety net.
Connecting to your CRM
For the CRM systems your buyers use most, here is exactly how you connect them yourself: call our REST API or subscribe to our webhooks, then push the data into the CRM using its own API. In every case the payload includes not only the contact details, but also the provenance and the consent evidence, so you and your buyer can prove where a lead came from and that valid consent is in place.
HubSpot
Pull accepted leads from our REST API or subscribe to our webhooks, then create or update the contact and deal in HubSpot yourself, using HubSpot’s own API, exactly the way your setup requires.
What syncs
You decide what syncs: contact, deal, pipeline and stage, built on top of HubSpot’s own API.
Consent & provenance
Every payload includes provenance (source, campaign, label) and consent evidence (text, timestamp, IP), ready for you to store in whichever HubSpot properties you choose.
Pipedrive
Turn every accepted request into a Person and a Deal in Pipedrive yourself, combining our REST API or webhooks with Pipedrive’s own API. You choose the pipeline, stage and owner.
What syncs
You build the sync: Person and Deal creation, with the pipeline, stage and owner you assign.
Consent & provenance
Provenance (source, campaign, label) and consent evidence travel in every payload, so you can map them to custom fields on the Deal yourself.
Salesforce
Write leads into Salesforce yourself, to the Lead object or straight to Contact and Opportunity, by combining our REST API or webhooks with Salesforce’s own API and your own validation rules.
What syncs
You control what syncs and how, on top of your own Salesforce setup and object model.
Consent & provenance
Provenance and consent evidence (text, timestamp, IP) are included in every payload, ready for you to store in the fields you choose for a full audit trail.
What the data looks like
A few concrete examples say more than a specification. Below you can see how to fetch a lead from your platform, how a lead payload with consent and provenance is structured, and how a signed webhook arrives at your endpoint.
# Fetch a lead via the REST API
curl https://api.oxiae.com/v1/leads/lead_8f21 \
-H "Authorization: Bearer sk_live_…"
# Example lead payload (consent + provenance included)
{
"id": "lead_8f21",
"status": "accepted",
"contact": {
"name": "Sanne de Vries",
"email": "sanne@example.com",
"phone": "+31 6 12345678"
},
"provenance": {
"source": "google-ads",
"campaign": "legal-aid-q2",
"label": "intake-desk",
"landing_page": "https://request.example.com/start"
},
"consent": {
"given": true,
"text": "I give permission to be contacted.",
"timestamp": "2026-03-12T09:41:07Z",
"ip": "84.12.x.x"
}
} // Signed webhook payload on your endpoint
// Header: X-OXIAE-Signature: sha256=3a7f…b2e1
{
"event_id": "evt_5c93",
"type": "match.found",
"created": "2026-03-12T09:41:12Z",
"data": {
"lead_id": "lead_8f21",
"buyer_id": "buy_204",
"provenance": { "source": "google-ads", "campaign": "legal-aid-q2" },
"consent": { "given": true, "timestamp": "2026-03-12T09:41:07Z" }
}
} Integration security
An integration is only as secure as its weakest link. That’s why security in your platform isn’t optional but the default: authentication, integrity and reliable delivery are built in, so data from publishers and to buyers is never lost and never comes from an unknown sender.
API key or OAuth
Authenticate with a scoped API key or via OAuth 2.0. Keys can be restricted per environment and per scope, and revoked at any moment by you as the administrator.
Signed webhooks
Every webhook carries an HMAC-SHA256 signature in the X-OXIAE-Signature header, so your server can verify that the payload genuinely comes from your platform and was not altered in transit.
Retries & idempotency
If an endpoint of yours, a publisher’s or a buyer’s fails, we retry delivery with exponential backoff. Every event carries a unique event_id, so duplicate deliveries can be safely ignored.
IP allowlisting
Restrict inbound API traffic to your own trusted IP addresses and receive webhooks from a fixed, published IP range that you can allowlist in your firewall.
Webhook events
At every key moment in your lead flow, your platform sends an event to your endpoint. Subscribe to the events you need and keep your own systems, and those of publishers and buyers, in sync in real time.
A new request has come in via a publisher and passed the first validation.
The applicant’s consent has been registered with text, timestamp and source.
The lead has been matched to a buyer via your routing rules.
A payout to a publisher or acceptance by a buyer has been completed and booked in the audit trail.
Build with the API
A developer-friendly foundation to fit your platform exactly into your own lead operation.
REST API
A predictable REST API with clear endpoints, authentication and helpful error messages to drive your platform.
GET /v1/leads
Webhooks
Receive events from your lead operation in real time, signed and replayable, on your own endpoint.
POST /your-endpoint
Documentation
Complete docs with examples, schemas and best practices to get your platform connected fast.
/docs
Custom integration
Prefer not to build the connection yourself? Let our team build a custom integration into your platform, from a buyer’s legacy CRM to your own data warehouse.
View custom integrationsGo to the documentation
Full API reference, webhook schemas, authentication and example code. Everything you need to get your platform connected live today.
Open the docsFrequently asked questions about integrations
The questions we hear most often from lead generators connecting their OXIAE platform to the rest of their stack.
How long does it take to get an integration live?
For a typical connection built on our REST API or webhooks, you can usually be live within a day: authenticate, map the fields you need, test in the sandbox and flip the switch. Custom integrations built by our team are planned in consultation.
Do provenance and consent always travel along?
Yes. Every request you retrieve through our API or receive via our webhooks, including whatever CRM or tool you connect on top of them, carries the source, campaign and consent evidence (text, timestamp and IP) by default. That keeps your lead operation demonstrably GDPR-compliant, even in the systems of your publishers and buyers.
How do I know for sure a webhook really comes from my platform?
Every webhook is signed with an HMAC-SHA256 signature in the X-OXIAE-Signature header. You verify it with your own secret; if the signature doesn’t match, you ignore the payload.
What happens if my endpoint is temporarily down?
We automatically retry delivery with exponential backoff. Every event carries a unique event_id, so you can safely ignore duplicate deliveries and nothing gets lost.
Can I build an integration for a system that isn’t listed?
Absolutely. Every integration, whether it is a CRM, Zapier, Make or an internal system, is something you build yourself via the REST API and webhooks. Prefer we build it for you? Choose a custom integration instead.
What security is built into the API?
You authenticate with a scoped API key or via OAuth 2.0, can restrict inbound traffic with IP allowlisting, and receive webhooks from a fixed IP range. All connections run encrypted over TLS.
Read more
- API & webhooksThe technical foundation: REST endpoints and signed webhooks.
- CRM integrationsConnect your buyers’ CRM, HubSpot, Pipedrive or Salesforce, via our API and webhooks.
- Verification & consentHow provenance and consent are recorded with every request.
- PricingSee what OXIAE costs and what is included in each plan.
Connect your platform in minutes
Book a demo and see how you connect your OXIAE platform to CRMs, forms and AI agents, with provenance and consent delivered by default.