Skip to content

Supply API

v1

The connection publishers, agencies and AI agents use to submit requests to your OXIAE platform.

https://api.oxiae.com/api

Introduction

The Supply API is intended for parties that submit requests to your OXIAE platform: publishers, agencies, forms and AI agents. You submit a request with its provenance and consent, and then look up its status. Every request is attributed to the organization of the key used. All calls go over HTTPS and return JSON, within your own white-label environment. Buyers pick these requests up again through the Demand API.

Authentication

The Supply API uses API keys. Send your key as a Bearer token in the Authorization header (or via X-Api-Key). You manage keys yourself, under your own brand, in Settings → API keys. Each key belongs to a single organization, and requests you submit with that key are attributed to that organization as the source.

curl https://api.oxiae.com/api/supply/leads \
  -X POST \
  -H "Authorization: Bearer oxa_3f9a2b7c8d1e4f60a1b2c3d4" \
  -H "Content-Type: application/json"
Handling keys securely
  • Use keys server-side only, never in a browser or app.
  • Rotate keys periodically and revoke leaked keys immediately.
  • Use one key per integration, so you can revoke in a targeted way.
  • Each key has a rate limit; 120 requests per minute by default.
POST /api/supply/leads

Submit a request

Delivers a single request. You record provenance and consent in the same call, so every lead carries its own evidence. On success you get back the internal id and a public_access_token that you use to look up the status.

Required fields

first_namestring
First name of the requester.
last_namestring
Last name of the requester.
emailstring
Valid email address.
phonestring
Phone number, including country code.
postcodestring
Postal code of the requester.
descriptionstring
The request or question itself (max 5,000 characters).

Optional fields (provenance & consent)

utm_source · utm_medium · utm_campaign · utm_term · utm_contentstring
Provenance: campaign data, recorded with the request.
gclid · partner_id · channel · referrer · landing_pagestring
Provenance: click ID, partner, channel and source URL.
consentboolean
Whether the requester gave consent.
consent_textstring
The exact consent text that was shown.
consent_versionstring
Version identifier of the consent text.
consent_basisenum
Basis: consent, contract, legitimate_interest or legal_obligation.
Request
curl https://api.oxiae.com/api/supply/leads \
  -X POST \
  -H "Authorization: Bearer oxa_3f9a2b7c8d1e4f60a1b2c3d4" \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "Sanne",
    "last_name": "de Vries",
    "email": "sanne@example.com",
    "phone": "+31612345678",
    "postcode": "1011AB",
    "description": "I need help with an employment dispute.",
    "utm_source": "google",
    "utm_campaign": "employment-law",
    "consent": true,
    "consent_text": "I agree that my details may be shared.",
    "consent_basis": "consent"
  }'
Response · 201 Created
{
  "data": {
    "id": 21740,
    "public_access_token": "YQ7ETX",
    "status": "phone_unverified"
  }
}
GET /api/supply/leads/{token}

Check status

Returns the current status and quality assessment of a previously submitted request, based on the public_access_token. You only see requests submitted with your own key; otherwise you get a 404.

Request
curl https://api.oxiae.com/api/supply/leads/YQ7ETX \
  -H "Authorization: Bearer oxa_3f9a2b7c8d1e4f60a1b2c3d4"
Response · 200 OK
{
  "data": {
    "id": 21740,
    "status": "assigned",
    "quality_status": "ok",
    "created_at": "2026-07-07T18:50:09+00:00"
  }
}

Error handling

The API uses standard HTTP status codes. On a validation error you get a 422 with an errors object per field.

401
Missing or invalid API key.
404
Request not found, or not submitted with your key.
422
Validation error; see the errors object.
429
Rate limit reached (120 per minute by default).
Error · 422 Unprocessable Content
{
  "message": "The email field must be a valid email address.",
  "errors": {
    "email": ["The email field must be a valid email address."]
  }
}

Ready to connect?

Book a demo or request API access.