Verfi
TCPA consent verification for lead generation. Use when adding consent capture to web forms, verifying lead consent before contact, claiming/managing consent...
Description
name: verfi description: TCPA consent verification for lead generation. Use when adding consent capture to web forms, verifying lead consent before contact, claiming/managing consent sessions, pulling proof for disputed leads, or integrating with the Verfi API. Covers SDK installation, API authentication, session lifecycle (create → claim → verify → proof), and compliance workflows.
Verfi — Consent Verification for Lead Gen
Verfi captures verifiable proof of consumer consent. Publishers add a script tag to capture sessions; buyers verify consent via API before contacting leads.
When to Use This Skill
- Adding consent capture to a web form
- Checking if a lead has valid TCPA consent
- Claiming sessions for long-term retention
- Pulling machine-readable proof for disputes
- Integrating Verfi into an existing lead gen pipeline
Quick Start
1. Capture Consent (Publisher)
Add the SDK to any page with a form:
<script src="https://sdk.verfi.io/v1/verfi.js" data-key="pk_YOUR_PUBLIC_KEY" async></script>
The SDK auto-detects forms, records interactions (mouse, clicks, keystrokes, scroll), and generates a Verfi ID (VF-xxxxxxxx) on form submission.
2. Verify Consent (Buyer)
curl -H "Authorization: Bearer sk_YOUR_SECRET_KEY" \
https://api.verfi.io/tenant/v1/sessions/VF-a1b2c3d4/proof
Returns consent status, interaction metrics, form data, device info, and tamper verification. All PII is SHA-256 hashed.
3. Claim Session
curl -X POST -H "Authorization: Bearer sk_YOUR_SECRET_KEY" \
https://api.verfi.io/tenant/v1/sessions/VF-a1b2c3d4/claim
Starts 3-year retention. Unclaimed sessions expire in 72 hours.
Authentication
Two key types:
| Key | Format | Use |
|---|---|---|
| Public | pk_... |
SDK script tag (client-side) |
| Secret | sk_... |
API calls (server-side, Bearer token) |
Secret keys have scopes: sessions:claim, sessions:unclaim, sessions:search, sessions:proof, sessions:expiration.
Generate keys in the Verfi dashboard under Integration > API Keys.
API Endpoints
Base URL: https://api.verfi.io/tenant/v1
All endpoints require Authorization: Bearer sk_... header.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /sessions |
— | List claimed sessions (paginated) |
| GET | /sessions/{verfiID} |
sessions:search |
Look up session, verify PII hashes |
| GET | /sessions/{verfiID}/proof |
sessions:proof |
Machine-readable proof data |
| POST | /sessions/{verfiID}/claim |
sessions:claim |
Claim session (3-year retention) |
| POST | /sessions/{verfiID}/unclaim |
sessions:unclaim |
Release session (30-day retention) |
| PUT | /sessions/{verfiID}/expiration |
sessions:expiration |
Update expiration date |
Full API reference: see references/api-reference.md
Common Workflows
Publisher: Add Consent Capture to a Form
- Get a public API key from the Verfi dashboard
- Add the SDK script tag to the page (before
</body>) - The SDK auto-records sessions — no form modifications needed
- Each form submission creates a session with a unique Verfi ID
- Pass the Verfi ID alongside the lead data to buyers
Buyer: Verify and Claim a Lead
- Receive lead with Verfi ID from publisher
- Call
GET /sessions/{verfiID}/proofto check consent - Verify
consent.given === trueandconsent.tcpa_compliant === true - Optionally verify PII binding with
GET /sessions/{verfiID}?email={hash}&phone={hash} - Call
POST /sessions/{verfiID}/claimto start retention - Contact the consumer with documented consent proof
Dispute: Pull Proof for a Challenged Lead
- Look up the Verfi ID associated with the disputed lead
- Call
GET /sessions/{verfiID}/prooffor machine-readable proof - Proof includes: consent language, interaction timeline, form data, device info, tamper detection
- Share the
proof_urlfor a human-readable proof page - Integrity hash verifies the proof hasn't been tampered with
Audit: Bulk Verify Consent Across a Lead List
- Call
GET /sessionsto list all claimed sessions - For each session, call
GET /sessions/{verfiID}/proof - Flag sessions where
consent.given === falseorverification.tamper_detected === true - Unclaim any sessions that don't meet compliance requirements
MCP Server
For MCP-compatible agents (Claude Desktop, Cursor, Windsurf):
{
"mcpServers": {
"verfi": {
"command": "npx",
"args": ["-y", "@verfi/mcp-server"],
"env": { "VERFI_API_KEY": "sk_..." }
}
}
}
OpenAPI Spec
Auto-discoverable at: https://api.verfi.io/.well-known/openapi.json
Compatible with OpenAI GPT Actions, LangChain, CrewAI, and any framework that generates tools from OpenAPI specs.
Troubleshooting
| Problem | Fix |
|---|---|
| SDK not recording sessions | Check public key is correct, script loads without errors |
| 401 Unauthorized | Verify secret key, check Authorization: Bearer sk_... format |
| 403 Insufficient permissions | API key missing required scope — update in dashboard |
| Session not claimable (409) | Session already claimed or status isn't "recorded" |
Proof shows consent.given: false |
Form may not have consent language/checkbox detected by SDK |
Reviews (0)
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!