Introduction

Welcome to the Trustority API documentation. Our API helps you detect scam websites and protect your users by analyzing URLs and returning detailed trust scores.

💡

Base URL: https://trustority.dev/api/v1

What You Can Do

Check if any website is trustworthy or a potential scam
Get detailed analysis including domain age, SSL status, and content patterns
Receive a trust score from 0 (dangerous) to 100 (trustworthy)
Report scam websites to help protect others

Quick Start

Get started in 3 simple steps:

Step 1: Get Your API Key

Step 2: Make Your First Request

curl -X POST https://trustority.dev/api/v1/check \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"url": "https://example.com"}'

Step 3: Get the Response

{
  "score": 85,
  "risk_level": "safe",
  "risk_label": "Trustworthy",
  "summary": "example.com appears to be a legitimate website."
}

Authentication

All API requests require authentication using your API key. Include it in the request header:

X-API-Key: ts_your_api_key_here

⚠️

Keep your API key secret! Never expose it in client-side code or public repositories.

Without Authentication

You can make limited requests without an API key (10/day from your IP), but we recommend registering for reliable access.

Check URL

Analyze any URL and get a comprehensive trust score.

POST /api/v1/check

Request Body

Parameter	Type	Required	Description
`url`	string	Yes	The URL to analyze (with or without https://)

Example Request

curl -X POST https://trustority.dev/api/v1/check \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ts_your_api_key" \
  -d '{"url": "https://amazon.com"}'

Example Response

200 OK

{
  "url": "https://amazon.com",
  "domain": "amazon.com",
  "score": 90,
  "risk_level": "safe",
  "risk_label": "Trustworthy",
  "summary": "amazon.com appears to be a legitimate and trustworthy website.",
  "checks": {
    "domain": {
      "domain_age_days": 11403,
      "creation_date": "1994-11-01",
      "whois_private": false
    },
    "ssl": {
      "has_ssl": true,
      "ssl_valid": true,
      "issuer": "Amazon"
    },
    "dns": {
      "has_mx_records": true,
      "has_a_record": true
    },
    "content": {
      "accessible": true,
      "has_contact_info": true,
      "suspicious_patterns": []
    },
    "blacklist": {
      "on_blacklist": false,
      "is_trusted": true
    }
  },
  "deductions": [
    {
      "check": "no_contact",
      "points": 10,
      "reason": "No contact information found"
    }
  ],
  "cached": false,
  "response_time_ms": 523,
  "checked_at": "2026-01-20T10:30:00Z"
}

Check Domain

Simplified endpoint - just pass the domain in the URL path.

GET /api/v1/check/{domain}

Example

curl https://trustority.dev/api/v1/check/google.com \
  -H "X-API-Key: ts_your_api_key"

Get Usage

Check your current API usage and limits.

GET /api/v1/usage

Example Request

curl https://trustority.dev/api/v1/usage \
  -H "X-API-Key: ts_your_api_key"

Example Response

{
  "tier": "pro",
  "daily_limit": 1000,
  "used_today": 145,
  "remaining": 855,
  "resets_at": "2026-01-21T00:00:00Z"
}

Report Scam

Report a website as a scam to help protect the community.

POST /api/v1/report

Request Body

Parameter	Type	Required	Description
`url`	string	Yes	The scam website URL
`reason`	string	No	Why you believe it's a scam

Example

curl -X POST https://trustority.dev/api/v1/report \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ts_your_api_key" \
  -d '{"url": "https://fake-bank-login.com", "reason": "Phishing site impersonating a bank"}'

Trust Score

Every URL check returns a trust score from 0 to 100:

Score Range	Risk Level	Meaning
80-100	Safe	Trustworthy website, safe to use
60-79	Caution	Mostly safe but has minor concerns
40-59	Suspicious	Several red flags, investigate further
20-39	High Risk	Multiple warning signs, likely unsafe
0-19	Dangerous	Almost certainly a scam, avoid

Risk Levels

The risk_level field provides a simple classification:

safe - Website is trustworthy
caution - Proceed with some care
suspicious - Be careful, investigate more
high_risk - Likely a scam
dangerous - Avoid this website

Checks Explained

We analyze multiple factors to determine trust:

Domain Analysis

Check	What We Look For	Why It Matters
Domain Age	When the domain was registered	Scam sites are often very new
WHOIS Privacy	Whether owner info is hidden	Scammers often hide their identity
Registrar	Who registered the domain	Some registrars are favored by scammers

SSL Certificate

Check	What We Look For
Has SSL	Whether the site uses HTTPS
Valid Certificate	Whether the certificate is properly issued
Self-Signed	Whether it's a self-signed certificate
Expiration	When the certificate expires

DNS Records

Check	What We Look For
A Record	Whether the domain resolves to an IP
MX Records	Email server configuration
SPF/DMARC	Email authentication records

Content Analysis

Check	What We Look For
Suspicious Patterns	Scam phrases like "You've won!"
Urgency Tactics	Pressure language like "Act now!"
Contact Info	Whether contact details are provided
Privacy Policy	Whether legal pages exist

Deductions

The deductions array shows exactly why points were subtracted:

Issue	Points Deducted
Domain less than 7 days old	-40
Domain less than 30 days old	-25
No SSL certificate	-30
Invalid SSL certificate	-20
On known blacklist	-50
Scam pattern in domain	-30
WHOIS privacy enabled	-10
No contact information	-10
Suspicious content detected	-5 to -25

Registration

Create a free account to get your API key:

Go to trustority.dev/register
Enter your email and password
Your API key will be shown on the dashboard

✅

Free tier includes 100 requests/month - no credit card required!

API Keys

Your API key is shown in your dashboard.

API Key Format

ts_2ed120a3b938fabe07e3510fcd628ae932171405edb8960b

All API keys start with ts_ followed by a unique token.

Regenerating Keys

If your key is compromised, regenerate it from the dashboard. The old key will immediately stop working.

Rate Limits

Rate limits are applied daily and reset at midnight UTC.

Plan	Daily Limit	Monthly Estimate
Free	~3/day	100/month
Starter ($19)	~166/day	5,000/month
Pro ($49)	~833/day	25,000/month
Business ($149)	~3,333/day	100,000/month

Rate Limit Headers

Check these response headers to monitor usage:

Header	Description
`X-RateLimit-Limit`	Your daily request limit
`X-RateLimit-Remaining`	Requests remaining today
`X-RateLimit-Reset`	Unix timestamp when limit resets (midnight UTC)

Example response headers:

HTTP/1.1 200 OK
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 857
X-RateLimit-Reset: 1737417600

Exceeding Limits

If you exceed your limit, you'll receive a 429 error:

{
  "error": "Rate limit exceeded. Used 1000/1000 requests today."
}

Pricing

Free

100 requests/month
All features
Community support

Starter

$19/mo

5,000 requests/month
Email support
Priority processing

Pro

$49/mo

25,000 requests/month
Priority support
Webhook alerts

Business

$149/mo

100,000 requests/month
Dedicated support
SLA guarantee

Upgrade anytime from your billing page.

Code Examples

Python

import requests

API_KEY = "ts_your_api_key"
URL = "https://trustority.dev/api/v1/check"

response = requests.post(
    URL,
    headers={
        "Content-Type": "application/json",
        "X-API-Key": API_KEY
    },
    json={"url": "https://example.com"}
)

data = response.json()
print(f"Score: {data['score']}")
print(f"Risk: {data['risk_label']}")

JavaScript (Node.js)

const axios = require('axios');

const API_KEY = 'ts_your_api_key';

axios.post('https://trustority.dev/api/v1/check', {
    url: 'https://example.com'
}, {
    headers: {
        'Content-Type': 'application/json',
        'X-API-Key': API_KEY
    }
})
.then(response => {
    console.log('Score:', response.data.score);
    console.log('Risk:', response.data.risk_label);
});

JavaScript (Browser Fetch)

const checkUrl = async (url) => {
    const response = await fetch('https://trustority.dev/api/v1/check', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
            'X-API-Key': 'ts_your_api_key'
        },
        body: JSON.stringify({ url })
    });
    return response.json();
};

checkUrl('https://example.com').then(console.log);

PHP

<?php
$apiKey = 'ts_your_api_key';
$url = 'https://example.com';

$ch = curl_init('https://trustority.dev/api/v1/check');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(['url' => $url]));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'X-API-Key: ' . $apiKey
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
$data = json_decode($response, true);

echo "Score: " . $data['score'];
?>

Ruby

require 'net/http'
require 'json'

uri = URI('https://trustority.dev/api/v1/check')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['X-API-Key'] = 'ts_your_api_key'
request.body = { url: 'https://example.com' }.to_json

response = http.request(request)
data = JSON.parse(response.body)

puts "Score: #{data['score']}"

Error Handling

The API uses standard HTTP status codes:

Code	Meaning	Action
`200`	Success	Request completed successfully
`400`	Bad Request	Check your request format
`401`	Unauthorized	Invalid or missing API key
`429`	Too Many Requests	Rate limit exceeded
`500`	Server Error	Contact support

Error Response Format

{
  "error": "Rate limit exceeded",
  "detail": "Used 100/100 requests today. Upgrade for more."
}

Best Practices

Caching

Results are cached for 24 hours. The cached: true field indicates a cached result. You don't need to implement your own caching.

Error Handling

Always check for errors and handle rate limits gracefully:

if response.status_code == 429:
    # Wait and retry, or show user-friendly message
    time.sleep(60)
elif response.status_code == 200:
    data = response.json()
    # Process result

Security

Never expose your API key in client-side code
Use environment variables to store keys
Make API calls from your backend server

Frequently Asked Questions

How accurate is the trust score?

Our scoring system analyzes 10+ factors including domain age, SSL, DNS, and content patterns. While no system is 100% accurate, our scores provide reliable guidance. Use the detailed breakdown to make informed decisions.

Can I check any website?

Yes, you can check any publicly accessible URL. Results may be limited for sites that block automated access.

How long are results cached?

Results are cached for 24 hours. After that, a fresh analysis is performed.

What if I need more requests?

Upgrade your plan from the billing page. For enterprise needs, contact us.

Is there a bulk API?

For bulk checks (50+ URLs), contact us for a custom solution.

Account Settings

Manage your account from the Settings page:

Change Email

Update your email address. You'll need to confirm with your current password.

Change Password

Update your password. Requires entering your current password for verification.

Forgot Password

Lost your password? Click "Forgot password?" on the login page to receive a reset link.

Delete Account

You can permanently delete your account from the settings page. This action:

Removes all your data
Cancels any active subscription
Invalidates your API key
Cannot be undone

Contact Form

Need help? Use our contact form to reach us.

Channel	Contact	Response Time
Contact Form	trustority.dev/contact	24-48 hours
Email	support@trustority.dev	24-48 hours
Dashboard	trustority.dev/dashboard	Self-service

💡

Pro & Business customers receive priority support with faster response times.

Export Your Data

Download your scan history as a CSV file from the settings page.

The export includes:

Date/time of each scan
Domain and URL checked
Trust score and risk level
SSL status
Domain age
Blacklist status

Trustority API Documentation v1.0 | trustority.dev