2 min read
Endpoint
| Method | POST |
| Path | /public/v1/enquiries |
| Ring | public (unauthenticated write) |
Parameters
A JSON body describing the enquiry — contact details, message and the consent captured on the form. The exact fields mirror the marketing and help-centre request forms; a valid consent capture is required.
Response
A JSON acknowledgement that the enquiry was recorded (into the enquiries table). The endpoint is fail-open: it never blocks the visitor on a storage failure, and it returns no stored data back to the caller. The heavyweight anti-abuse stack — honeypot, time-trap, CSRF and edge cap — runs in the calling site's lead controller before anything reaches this endpoint; the handler adds its own per-IP rate limit, strict validation and consent requirement.
Errors
A 422 for missing required fields or missing consent. A 429 on rate-limit. The surface is intentionally forgiving on storage errors (fail-open) so a transient fault does not lose the visitor.
Frequently asked questions
Is this endpoint authenticated?
No — anonymous lead intake is the point. It is unauthenticated by design but carries its own per-IP rate limit, strict validation and a consent requirement, and the calling site runs honeypot/time-trap/CSRF checks before submitting.
Can I read enquiries back through this endpoint?
No. It is write-only from the public ring — it records a lead and acknowledges it, but never returns stored enquiries. Reading enquiries is a staff/internal capability, not a public one.
Related reading
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.
