On this page

Jump to any section using the links below

When an external partner, vendor, or system needs to read or write leads in one specific campaign only, the recommended method is to create a campaign-scoped API token.
This ensures that the partner only has access to the leads that belong to the relevant campaign and source.

This guide explains:

• how to prepare the campaign for external access

• how to create a filter for the vendor

• how to generate a restricted API token

• how to share the correct documentation and endpoint details

1. Add a source value for the partner (Selects)

To ensure the API token only accesses the correct leads, begin by defining a source value that identifies this partner’s data.

1. Open the campaign

2. Go to Selects

3. Find the select list used for lead sources (e.g. Source, Vendor, Lead origin)

4. Add a new option representing the partner
   Examples:

   • Partner ABC

   • Vendor North

   • External booking provider

5. Save

This source value will later be used in a campaign filter to restrict the token’s access.

2. Create a campaign filter for the partner

Campaign filters let you define exactly which leads the external system may access.
This is the core of API scoping.

1. Open the campaign

2. Go to Filters

3. Click New filter

4. Give the filter a clear name (e.g. Partner ABC – API access)

5. Add a condition:

   • Select field = the partner’s source value

6. Save the filter

This filter now represents the data slice that the partner is allowed to read or write.

3. Create a campaign-scoped API token

Now that the filter is ready:

1. Open the campaign

2. Go to API documentation (new UI)

3. Navigate to API Tokens

4. Click New API token

5. Name the token clearly
   Examples:

   • Partner ABC – read only

   • Vendor North – read/write

6. Set permissions:

   • Read – partner can GET leads

   • Write – partner can CREATE or UPDATE leads

7. Under Campaign filter, choose the filter created in Step 2

8. Save the token

The token is now restricted to exactly the leads defined in the campaign filter.

4. Share the correct API resources with the partner

Partners need two items:

A. The public API documentation URL

This shows:

• available fields

• allowed values

• create/update schemas

• status slugs

• select values

• relation options

• endpoint structure

You can copy this URL by clicking the link icon next to the token.

B. The API token value

Click Show next to the token to reveal and copy the string.

Provide these two pieces of information to the partner.

5. What the partner will see

Because the token is filtered, the partner’s API documentation will automatically show only the fields, selects, and statuses that belong to the selected campaign.

This makes it easy for the external developer to build valid requests, because the schema always matches the actual campaign structure.

They can then:

• GET leads

• CREATE leads

• UPDATE leads

• Work with files, select fields, statuses, relations, etc.

Depending on the permissions you selected.

6. Security notes

• Each vendor should have their own API token

• Tokens should never be reused across campaigns

• Rotate or revoke tokens if necessary

• Avoid giving write access unless required

• Keep filters strict — only include the partner’s data segment

• Document externally which fields are required for a valid lead

7. Recommended: Include source when posting leads

Partners should always include the correct source select value when creating new leads.

Example pattern:

  "select_field_values": {
    "select_partner": "SELECT_PARTNER"
  }

This ensures new leads automatically fall inside the correct filter scope.

8. API reference links

For full technical reference:

• General API documentation:
  https://leadvalidator.dk/docs/

• OpenAPI spec (YAML):
  https://leadvalidator.dk/docs/download/openapi.yaml/hubhus-openapi.yaml

• Postman collection:
  https://leadvalidator.dk/docs/download/collection.json/hubhus-postman-collection.json

These match the structure visible in the campaign-specific public documentation.

Learning outcome

After reading this you should understand:

• How to restrict API access for a specific partner

• How to prepare campaigns with select values for external systems

• How to create campaign filters for correct segmentation

• How to generate a scoped read/write token

• How to share the correct documentation and endpoint details safely

? Common searches

api setup • api integration • webhook setup • api authentication

? Also known as

project • workspace • pipeline • integration

Related articles

Configuring search settings
How do I filter leads by specific criteria?
How do I set up a new campaign?
How do I share a direct link for customer self-registration?
Creating a quotation line generator with visual presentation