Skip to content
Integrations

Connect OXIAE requests to your own systems

From your own CRM to your data warehouse, connect the requests that come in via OXIAE to the tools your team and your buyers already use in minutes, and keep building with a clear API. Provenance and consent travel along with every integration by default, so your flow is not just faster but also demonstrably GDPR-compliant.

Ways to integrate

Choose the integration that fits your way of working, or combine them. Whether you want to connect a handful of forms or receive requests programmatically: every route delivers the same, auditable data stream into your own systems. Provenance and consent always travel along.

The building blocks to connect anything

OXIAE gives you open building blocks, so you can connect requests yourself to any CRM, automation tool or system your team and your buyers already use.

  • REST API
  • Webhooks
  • Iframes
  • Zapier / Make

How an integration works

Setting up an integration is a matter of four clear steps. You always start in a sandboxed environment and only go live once you’ve seen the result in black and white.

01

Authenticate

Generate a scoped API key or run through the OAuth flow. You decide which permissions the integration gets: read only, deliver only, or both.

02

Map fields

Map the fields from the OXIAE payload to the fields in your own system. Provenance (source, campaign, label) and consent (text, timestamp, IP) each get their own dedicated place, so consent travels along demonstrably.

03

Test in the sandbox

Send test requests through your integration in an isolated sandbox. You see exactly which payload arrives and verify every mapping is correct before any real data flows.

04

Go live

Happy with the result? Switch the integration live with a single toggle. From that moment requests flow through in real time, with retries and a full audit trail as a safety net.

Connecting to your CRM

For the CRM systems your buyers use most, here is exactly how you connect them yourself: call our REST API or subscribe to our webhooks, then push the data into the CRM using its own API. In every case the payload includes not only the contact details, but also the provenance and the consent evidence, so you and your buyer can prove where a lead came from and that valid consent is in place.

HubSpot

Pull accepted leads from our REST API or subscribe to our webhooks, then create or update the contact and deal in HubSpot yourself, using HubSpot’s own API, exactly the way your setup requires.

What syncs

You decide what syncs: contact, deal, pipeline and stage, built on top of HubSpot’s own API.

Consent & provenance

Every payload includes provenance (source, campaign, label) and consent evidence (text, timestamp, IP), ready for you to store in whichever HubSpot properties you choose.

Pipedrive

Turn every accepted request into a Person and a Deal in Pipedrive yourself, combining our REST API or webhooks with Pipedrive’s own API. You choose the pipeline, stage and owner.

What syncs

You build the sync: Person and Deal creation, with the pipeline, stage and owner you assign.

Consent & provenance

Provenance (source, campaign, label) and consent evidence travel in every payload, so you can map them to custom fields on the Deal yourself.

Salesforce

Write leads into Salesforce yourself, to the Lead object or straight to Contact and Opportunity, by combining our REST API or webhooks with Salesforce’s own API and your own validation rules.

What syncs

You control what syncs and how, on top of your own Salesforce setup and object model.

Consent & provenance

Provenance and consent evidence (text, timestamp, IP) are included in every payload, ready for you to store in the fields you choose for a full audit trail.

What the data looks like

A few concrete examples say more than a specification. Below you can see how to fetch a request from OXIAE, how a lead payload with consent and provenance is structured, and how a signed webhook arrives at your endpoint.

Request + lead payload REST
# Fetch a lead via the REST API
curl https://api.oxiae.com/v1/leads/lead_8f21 \
  -H "Authorization: Bearer sk_live_…"

# Example lead payload (consent + provenance included)
{
  "id": "lead_8f21",
  "status": "accepted",
  "contact": {
    "name": "Sanne de Vries",
    "email": "sanne@example.com",
    "phone": "+31 6 12345678"
  },
  "provenance": {
    "source": "google-ads",
    "campaign": "legal-aid-q2",
    "label": "intake-desk",
    "landing_page": "https://request.example.com/start"
  },
  "consent": {
    "given": true,
    "text": "I give permission to be contacted.",
    "timestamp": "2026-03-12T09:41:07Z",
    "ip": "84.12.x.x"
  }
}
Signed webhook Webhook
// Signed webhook payload on your endpoint
// Header: X-OXIAE-Signature: sha256=3a7f…b2e1
{
  "event_id": "evt_5c93",
  "type": "match.found",
  "created": "2026-03-12T09:41:12Z",
  "data": {
    "lead_id": "lead_8f21",
    "buyer_id": "buy_204",
    "provenance": { "source": "google-ads", "campaign": "legal-aid-q2" },
    "consent": { "given": true, "timestamp": "2026-03-12T09:41:07Z" }
  }
}

Integration security

An integration is only as secure as its weakest link. That’s why security at OXIAE isn’t optional but the default: authentication, integrity and reliable delivery are built in, so requests are never lost and never come from an unknown sender.

API key or OAuth

Authenticate with a scoped API key or via OAuth 2.0. Keys can be restricted per environment and per scope, and revoked at any moment by you as the administrator.

Signed webhooks

Every webhook carries an HMAC-SHA256 signature in the X-OXIAE-Signature header, so your server can verify that the payload genuinely comes from OXIAE and was not altered in transit.

Retries & idempotency

If delivery to your endpoint fails, we retry with exponential backoff. Every event carries a unique event_id, so duplicate deliveries can be safely ignored.

IP allowlisting

Restrict inbound API traffic to your own trusted IP addresses and receive webhooks from a fixed, published IP range that you can allowlist in your firewall.

Webhook events

At every key moment in the flow, OXIAE sends an event to your endpoint. Subscribe to the events you need and keep your own systems in sync in real time.

lead.received

A new request has come in via a publisher and passed the first validation.

consent.recorded

The applicant’s consent has been registered with text, timestamp and source.

match.found

The lead has been matched to a buyer via your routing rules.

payout.processed

A payout to a publisher or acceptance by a buyer has been completed and booked in the audit trail.

Build with the API

A developer-friendly foundation to fit OXIAE requests exactly into your own stack.

REST API

A predictable REST API with clear endpoints, authentication and helpful error messages to fetch and submit requests.

GET /v1/leads

Webhooks

Receive events from your flow in real time, signed and replayable, on your own endpoint.

POST /your-endpoint

Documentation

Complete docs with examples, schemas and best practices to get your integration connected fast.

/docs

Frequently asked questions about integrations

The questions we hear most often from teams connecting the requests from OXIAE to the rest of their stack.

How long does it take to get an integration live?

For a typical connection built on our REST API or webhooks, you can usually be live within a day: authenticate, map the fields you need, test in the sandbox and flip the switch. Custom integrations built by our team are planned in consultation.

Do provenance and consent always travel along?

Yes. Every request you retrieve through our API or receive via our webhooks, including whatever CRM or tool you connect on top of them, carries the source, campaign and consent evidence (text, timestamp and IP) by default. That keeps your lead operation demonstrably GDPR-compliant, even in the systems of your publishers and buyers.

How do I know for sure a webhook really comes from OXIAE?

Every webhook is signed with an HMAC-SHA256 signature in the X-OXIAE-Signature header. You verify it with your own secret; if the signature doesn’t match, you ignore the payload.

What happens if my endpoint is temporarily down?

We automatically retry delivery with exponential backoff. Every event carries a unique event_id, so you can safely ignore duplicate deliveries and nothing gets lost.

Can I build an integration for a system that isn’t listed?

Absolutely. Every integration, whether it is a CRM, Zapier, Make or an internal system, is something you build yourself via the REST API and webhooks. Prefer we build it for you? Choose a custom integration instead.

What security is built into the API?

You authenticate with a scoped API key or via OAuth 2.0, can restrict inbound traffic with IP allowlisting, and receive webhooks from a fixed IP range. All connections run encrypted over TLS.

Connect OXIAE to your stack in minutes

Get in touch and see how you connect the requests from OXIAE to your own CRM, forms and systems, with provenance and consent delivered by default.