2 min read
Capture consent, then submit
Record the visitor's cookie consent (via POST /public/v1/consent) and the enquiry's own consent, then POST the enquiry:
await fetch('https://hub.credicorp.co.uk/public/v1/enquiries', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ name, email, message, consent: true })
});See the endpoint reference for the field shape.
Run anti-abuse before submitting
The endpoint is unauthenticated, so put the heavyweight defences on your side before the call: a honeypot field, a time-trap (reject sub-second submissions), and a per-IP cap. This mirrors how Credicorp's own marketing lead controller guards the endpoint. The handler then adds its own per-IP rate limit and strict validation.
Handle the fail-open response
The endpoint is fail-open: it never blocks the visitor on a storage failure and returns no stored data. So show your success state on a 2xx acknowledgement, and do not depend on reading the enquiry back — you cannot. Missing consent or required fields returns a 422.
Frequently asked questions
Do I have to capture consent?
Yes. The enquiries endpoint requires consent — submit without it and you get a 422. Capture the visitor's consent on the form and pass it in the body; also record cookie consent via the consent endpoint.
Why can't I read the enquiry back?
The public enquiries endpoint is write-only — it records a lead and acknowledges it but never returns stored enquiries. Reading leads is a staff capability, not a public one.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.