Authentication
This endpoint uses Bearer Token authentication with a shared secret.
Setup
The API secret must be configured via the environment variable:
{PARTNER}_LEAD_POST_API_SECRET=your_secret_key_here
Replace {PARTNER} with the partner identifier in uppercase (e.g., GRIFFIN_LEAD_POST_API_SECRET).
Making Authenticated Requests
Include the secret in the Authorization header:
Authorization: Bearer YOUR_SECRET_KEY
Required Headers
Content-Type: application/json
Authorization: Bearer YOUR_SECRET_KEY
Security Considerations
- Tokens are validated using timing-safe string comparison to prevent timing attacks
- Keep your API secret secure and never expose it in client-side code
- Rotate secrets periodically and update them in your environment configuration
Authentication Errors
For detailed error examples, see the Error Handling section.
| Status Code | Response | Reason |
|---|---|---|
401 | {"message": "Unauthorized"} | Missing or invalid Bearer token |