API operational
Partner referral fulfillment, built for code.
Drop a lead into one HTTPS endpoint. We handle authentication, idempotency, HubSpot pipeline placement, call dispatch, and webhook delivery back to your system.
Quick start
Every partner gets a scoped service JWT. POST a lead with a UUID you generate (the correlation_id) and we return a lead identifier + audit trail. Retries with the same correlation_id are safe.
curl -X POST https://api.1visionusa.com/api/v1/partners/<your-slug>/leads \
-H "Authorization: Bearer <your-service-jwt>" \
-H "Content-Type: application/json" \
-d '{
"correlation_id": "<your-uuid>",
"customer": {
"first_name": "Jane",
"last_name": "Doe",
"phone": "+15555550100",
"email": "jane@example.com"
},
"offer": {
"type": "home_security_adt",
"monthly_amount_cents": 4999,
"term_months": 36
}
}'What you get
Stable, versioned contract
OpenAPI 3.1 spec published. Path-versioned (/api/v1, /api/v2). 90-day deprecation notice on every breaking change.
Defensive by default
HS256 service JWTs with kid rotation, jti replay defense, per-partner scope enforcement, IETF rate-limit headers.
Idempotent writes
Body-supplied correlation_id is the idempotency key. Same key + same body returns the cached response. No double-creates.
Append-only audit
Every state change hashed and chained — prev_row_hash links every event. Tamper-evident for compliance reviews.
Real-time webhooks
Subscribe to lead.* events. HMAC-signed delivery with exponential backoff. Dead-letter queue for manual replay.
No vendor lock-in
Standard Postgres, standard JWTs, standard webhooks. Open OpenAPI 3.1 spec — your engineers can read it cold.
Stack
Vercel edge runtime · Next.js · TypeScript · PostgreSQL (Supabase) · HubSpot as the system of record · Twilio for call dispatch · Modal for async workers.