Open navigation menu
CertScore Pulse API beta
Retrieve a quick, evidence-backed CertScore summary for a public URL. Pulse API beta is designed for AI agents, developer tools, CLIs, and humans that need a compact scan summary with links to the durable full report.
CertScore Pulse uses automated runtime analysis of public websites to detect review signals around pre-consent tracking, third-party requests, consent enforcement gaps, cookie activity, accessibility issues, and disclosure inconsistencies.
CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate.
For AI agents
Try CertScore GPT beta
Paste a public website URL and get a CertScore Pulse summary inside ChatGPT. Automated observations for review, not legal advice or a compliance determination.
Open CertScore GPT betaIf you are an agent with OpenAPI actions or HTTP tools, start here before trying ad hoc fetches. CertScore Pulse works best when agents call the markdown response for user-facing summaries and reserve full JSON for evidence-heavy review.
Basic HTTP agent quick start: 1. If you do not support OpenAPI actions, call: GET https://certscore.ai/api/v1/pulse?url=<public URL>&format=markdown&detail=standard 2. For a quick check, call: GET https://certscore.ai/api/v1/pulse?url=<public URL>&format=markdown&detail=tiny 3. For structured evidence, call: GET https://certscore.ai/api/v1/pulse?url=<public URL>&format=json&detail=full 4. If you receive HTTP 202, read the returned statusUrl or poll: GET https://certscore.ai/api/v1/pulse/status/<jobId> 5. If the request fails before status/body/headers are visible, open: https://certscore.ai/api-pulse-agent-guide.txt
Recommended calls: - User-facing summary: GET /api/v1/pulse?url=https://kbdlab.io&format=markdown&detail=standard - Quick machine triage: GET /api/v1/pulse?url=https://kbdlab.io&detail=tiny - Evidence/deeper review: GET /api/v1/pulse?url=https://kbdlab.io&detail=full - Connectivity check: GET /api/v1/pulse-self-test - Health check: GET /api/v1/pulse-health Markdown is best for conversational summaries. Tiny is best for badges, triage, and routing. Full is best for evidence review and coverage diagnostics. Self-test is best for deployment and agent connectivity checks.
OpenAPI / GPT Action beta quick start: 1. If you support OpenAPI actions/tools, import: https://certscore.ai/api/v1/openapi.chatgpt.json 2. Call getPulseForUrl with: url: <public URL> format: markdown detail: standard wait: 35 3. Use detail=tiny for quick checks. 4. Public GPT Action beta access uses latest-mode summaries and does not expose full detail or refresh scans. 5. If API fetch fails before headers/body/status are visible, call checkPulseConnectivity once. 6. If checkPulseConnectivity succeeds, treat the scan failure as a transient client/action transport error and retry or use the markdown endpoint. 7. If checkPulseConnectivity also fails without CertScore diagnostic headers, do not infer CertScore returned an error. Report it as a client/network fetch limitation and read /api-pulse/agent and /api-pulse-agent-guide.txt.
Agent fetch limitations: Some agent environments may fail before receiving an HTTP response because of DNS, sandbox, TLS, proxy, or fetch-layer limitations. If a request fails before exposing an HTTP status, response body, or x-certscore-* diagnostic headers, do not conclude CertScore Pulse is unavailable. First try /api/v1/pulse-self-test, /api/v1/pulse-health, /api-pulse-agent-guide.txt, /.well-known/certscore-pulse, and /api/v1/openapi.chatgpt.json.
Quick start
GET https://certscore.ai/api/v1/pulse?url=https://kbdlab.io
If a completed eligible scan exists within the 24-hour reuse window, the API returns that completed Pulse. If no completed scan exists within that UTC-normalized window, the API may queue a new scan and return HTTP 202 with `jobId`, `statusUrl`, `nextCheckUrl`, and any `scanId` available for the queued scan.
Copy/paste examples
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&detail=tiny"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&detail=full"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&format=markdown"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&freshness=refresh"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&forceNewScan=true"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&wait=35"
curl "https://certscore.ai/api/v1/pulse/status/<jobId>"
curl "https://certscore.ai/api/v1/pulse-self-test"
curl "https://certscore.ai/api/v1/pulse-health"
Parameters
url
Public URL or domain to summarize. Use this for first-time or latest-domain lookup.
scanId
Existing public eligible scan ID. Use this later for an immutable scan-backed Pulse response.
jobId
Existing Pulse job ID. Use this to resolve or check an async Pulse request.
format
`json` or `markdown`. Defaults to `json`.
detail
`tiny`, `quick`, `standard`, or `full`. Defaults to `standard`. `quick` is an alias for `tiny`.
freshness
`latest` or `refresh`. Defaults to `latest`.
forceNewScan
`true` or `1` bypasses the 24-hour recent-scan reuse check. It does not bypass throttles or validation.
wait
Integer seconds from 0 to 80. This is only the maximum HTTP hold window for the current request; total queue plus scan time can be longer when workers are busy.
Detail levels
detail=tiny
Quick compact summary for badges, CLI output, widgets, and simple agents.
detail=quick
Alias for `detail=tiny`. Responses normalize to the tiny shape.
detail=standard
Default mode. Best for agent use and quick evidence-backed summaries.
detail=full
Structured public report projection with more findings, review lenses, vendor/domain summaries, policy surfaces, fingerprinting context, interruptions, coverage diagnostics, and benchmark context. It does not expose raw internal artifacts.
Response examples
200 completed tiny JSON
{
"type": "certscore_pulse",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.1",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "tiny"
},
"domain": "kbdlab.io",
"scanId": "scan_abc123",
"scanStatus": "completed",
"summary": {
"headline": "Automated scan surfaced consent-timing and third-party collection review signals.",
"score": 72,
"riskLevel": "review_recommended"
},
"topFindings": [
{
"id": "pre_consent_tracking_detected",
"label": "Tracking started before consent",
"criticality": "critical",
"confidence": "strong"
}
],
"coverage": {
"status": "partial",
"summary": "Automated public-web scan completed with coverage limitations."
},
"links": {
"canonicalPulseUrl": "https://certscore.ai/pulse/kbdlab.io",
"jsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"markdownUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&format=markdown",
"fullJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=full",
"fullReportUrl": "https://certscore.ai/scan/scan_abc123",
"docsUrl": "https://certscore.ai/api-pulse",
"findingsReferenceUrl": "https://certscore.ai/findings"
},
"feedback": {
"prompt": "Was this Pulse useful?",
"email": "[email protected]",
"feedbackUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123",
"positiveUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=useful",
"negativeUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=not_useful"
},
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate."
}200 completed standard JSON
{
"type": "certscore_pulse",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.1",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "standard"
},
"request": {
"pulseRequestId": "pulse_req_123",
"url": "https://kbdlab.io",
"normalizedUrl": "https://kbdlab.io/",
"domain": "kbdlab.io",
"detail": "standard",
"format": "json",
"freshness": "latest",
"waitSeconds": 0,
"resolutionMode": "reused_existing_scan"
},
"scan": {
"scanId": "scan_abc123",
"scanStatus": "completed",
"completedAt": "2026-05-18T23:15:31Z"
},
"timestamps": {
"createdAt": "2026-05-18T23:14:22Z",
"startedAt": "2026-05-18T23:14:31Z",
"completedAt": "2026-05-18T23:15:31Z",
"generatedAt": "2026-05-18T23:15:32Z",
"lastUpdatedAt": "2026-05-18T23:15:31Z"
},
"freshness": {
"status": "fresh",
"ageSeconds": 4,
"ageHours": 0.001,
"maxRecommendedAgeHours": 168
},
"summary": {
"headline": "Automated scan surfaced consent-timing and third-party collection review signals.",
"score": 72,
"riskLevel": "review_recommended",
"humanSummary": "Automated scan surfaced consent-timing and third-party collection review signals."
},
"topFindings": [
{
"id": "pre_consent_tracking_detected",
"label": "Tracking started before consent",
"criticality": "critical",
"confidence": "strong",
"plainEnglish": "Runtime evidence showed non-essential tracking activity before a consent choice was recorded.",
"evidence": {
"summary": "A non-essential third-party tracking request was observed before the scan recorded a consent choice.",
"observedPhase": "before_consent",
"exampleEvents": [
{
"type": "request",
"vendor": "Example Analytics Vendor",
"urlHost": "analytics.example-vendor.test",
"timestampMs": 1137
}
],
"fullEvidenceUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected"
},
"evidenceDigest": {
"basis": "runtime_observation",
"phase": "before_consent",
"exampleCount": 2,
"examplesShown": 1,
"hasTimingAnchor": true,
"hasVendorAnchor": true,
"hasConsentContext": true
},
"reviewLenses": [
"GDPR / ePrivacy",
"FTC"
],
"anchorUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected",
"nextStep": "Review whether observed vendors are necessary before consent or should be consent-gated."
}
],
"coverage": {
"status": "partial",
"homepageObserved": true,
"summary": "Homepage findings are based on observable public-page evidence.",
"limitations": [
"Automated public-web scan only.",
"Coverage may be affected by bot defenses, geography, consent flow branching, lazy loading, protected routes, authenticated-only areas, or other runtime conditions. Absence of findings should not be interpreted as absence of risk."
]
},
"links": {
"canonicalPulseUrl": "https://certscore.ai/pulse/kbdlab.io",
"jsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"markdownUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&format=markdown",
"fullJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=full",
"fullReportUrl": "https://certscore.ai/scan/scan_abc123",
"docsUrl": "https://certscore.ai/api-pulse",
"findingsReferenceUrl": "https://certscore.ai/findings"
},
"feedback": {
"prompt": "Was this Pulse useful?",
"email": "[email protected]",
"feedbackUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123",
"positiveUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=useful",
"negativeUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=not_useful"
},
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate."
}200 completed full JSON
{
"type": "certscore_pulse",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.1",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "full"
},
"domain": "kbdlab.io",
"scanId": "scan_abc123",
"scanStatus": "completed",
"findings": [
{
"id": "pre_consent_tracking_detected",
"label": "Tracking started before consent",
"criticality": "critical",
"confidence": "strong",
"plainEnglish": "Runtime evidence showed non-essential tracking activity before a consent choice was recorded.",
"evidence": {
"summary": "A non-essential third-party tracking request was observed before the scan recorded a consent choice.",
"observedPhase": "before_consent",
"exampleEvents": [
{
"type": "request",
"vendor": "Example Analytics Vendor",
"urlHost": "analytics.example-vendor.test",
"timestampMs": 1137
}
],
"fullEvidenceUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected"
},
"evidenceDigest": {
"basis": "runtime_observation",
"phase": "before_consent",
"exampleCount": 2,
"examplesShown": 1,
"hasTimingAnchor": true,
"hasVendorAnchor": true,
"hasConsentContext": true
},
"reviewLenses": [
"GDPR / ePrivacy",
"FTC"
],
"anchorUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected",
"nextStep": "Review whether observed vendors are necessary before consent or should be consent-gated."
}
],
"reviewContext": {
"disclaimer": "Findings are organized by privacy, consumer protection, accessibility, and other review contexts. These are automated signals for review, not legal determinations.",
"lenses": [
{
"name": "GDPR / ePrivacy",
"status": "needs_work",
"score": 28,
"contributingFindingIds": [
"pre_consent_tracking_detected"
]
}
]
},
"evidenceHighlights": {
"trackerFootprint": {
"thirdPartyDomainsObserved": 7,
"classifiedTrackerVendors": 2,
"summary": "7 third-party domains observed; 2 classified tracker vendors identified."
},
"policySurfaces": {
"policyUrlCount": 2,
"covered": [
"privacy_policy",
"terms_of_service"
]
}
},
"coverage": {
"status": "partial",
"interruptionCount": 1,
"interruptions": [
{
"label": "Access limited",
"reason": "Protected route encountered outside the public homepage."
}
],
"limitations": [
"Full mode is still a public report projection; raw internal artifacts are not included."
]
},
"links": {
"canonicalPulseUrl": "https://certscore.ai/pulse/kbdlab.io",
"jsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"markdownUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&format=markdown",
"fullJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=full",
"fullReportUrl": "https://certscore.ai/scan/scan_abc123",
"docsUrl": "https://certscore.ai/api-pulse",
"findingsReferenceUrl": "https://certscore.ai/findings"
},
"feedback": {
"prompt": "Was this Pulse useful?",
"email": "[email protected]",
"feedbackUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123",
"positiveUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=useful",
"negativeUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=not_useful"
},
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate."
}202 pending/running response
{
"type": "certscore_pulse_status",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.1",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "standard"
},
"jobId": "pulse_job_123",
"scanId": "scan_abc123",
"domain": "kbdlab.io",
"status": "running",
"phase": "runtime_observation",
"message": "Observing public-page behavior and collecting automated evidence signals.",
"elapsedSeconds": 28,
"estimatedWaitSeconds": 45,
"statusUrl": "https://certscore.ai/api/v1/pulse/status/pulse_job_123",
"nextCheckUrl": "https://certscore.ai/api/v1/pulse/status/pulse_job_123",
"reportUrl": "https://certscore.ai/scan/scan_abc123",
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "pending_pulse",
"safeSummaryUse": false,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate."
}200 completed status response
{
"type": "certscore_pulse_status",
"jobId": "pulse_job_123",
"scanId": "scan_abc123",
"domain": "kbdlab.io",
"status": "completed",
"completedAt": "2026-05-18T23:15:31Z",
"resultUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"reportUrl": "https://certscore.ai/scan/scan_abc123",
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate."
}429 throttled response
{
"type": "certscore_pulse_error",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.1",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai"
},
"error": {
"code": "pulse_throttled",
"message": "A Pulse scan for this domain was requested recently. Try again in a few minutes.",
"retryAfterSeconds": 240
},
"feedback": {
"email": "[email protected]"
},
"agentInterpretation": {
"responseClass": "rate_limited",
"safeSummaryUse": false,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate."
}400 invalid URL response
{
"type": "certscore_pulse_error",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.1",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai"
},
"request": {
"url": "not-a-url",
"detail": "standard",
"format": "json"
},
"error": {
"code": "invalid_url",
"message": "Enter a valid public website URL or domain.",
"retryAfterSeconds": null
},
"feedback": {
"email": "[email protected]"
},
"agentInterpretation": {
"responseClass": "api_error",
"safeSummaryUse": false,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate."
}Markdown response
# CertScore Pulse | Field | Value | |---|---| | Domain | kbdlab.io | | Score | 72/100 | | Risk level | Review recommended | | High-priority findings | 1 | | Total observations | 3 | | Scan completed | 2026-05-18T23:15:31Z | | Coverage status | Partial | ## Summary Automated scan surfaced consent-timing and third-party collection review signals. ## Highest-priority findings 1. Tracking started before consent ## Privacy and consent signals - Tracker footprint: 7 third-party domains observed; 2 classified tracker vendors identified. ## Cookie and third-party request activity - Vendor mix: cdn infra 1 · session replay 1 ## Accessibility signals - Accessibility-related findings: 0 ## Disclosure and trust signals - Policy surfaces: 2 policy URLs covered. ## Coverage and limitations Coverage was limited; absence of findings should not be interpreted as absence of risk. ## Links Full report: https://certscore.ai/scan/scan_abc123 ## Disclaimer CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate.
Async and status behavior
Status lifecycle: queued to running to finalizing to completed. Edge or terminal statuses include completed_limited, failed, expired, and rate_limited.
HTTP 202 means the scan or Pulse request is accepted but not complete. Clients should poll `statusUrl` or `nextCheckUrl`. `wait` accepts 0 to 80 seconds and may return a completed Pulse if the scan finishes during that window.
Pending HTTP 202 responses include `Retry-After` when CertScore can recommend a polling delay. Throttled HTTP 429 responses include `Retry-After` when retry timing is known.
Estimated wait values are approximate. Queue backlog, worker availability, page load time, and scan finalization can make total completion take longer than 80 seconds.
queued -> running -> finalizing -> completed Other statuses: completed_limited, failed, expired, rate_limited Public-safe phase message: "Observing public-page behavior and collecting automated evidence signals."
Freshness and throttling
`freshness=latest` returns the latest eligible completed Pulse when it was completed in the prior 24 hours. If no completed eligible scan exists within that UTC-normalized window, CertScore may queue a new scan.
`freshness=refresh` requests a new scan only when the 24-hour reuse window does not already contain an eligible completed scan. To bypass the 24-hour reuse check, pass `forceNewScan=true`. Scan generation is still limited to one new Pulse scan per normalized domain every five minutes under the 5-minute normalized-domain throttle.
If refresh is throttled but a completed scan exists, CertScore may return the latest completed Pulse with `refresh.requested=true`, `refresh.performed=false`, `refresh.reason="domain_throttle"`, and `refresh.retryAfterSeconds`. If no completed scan exists and scan creation is throttled, the API returns HTTP 429 with `Retry-After`, `error.code="pulse_throttled"`, and support contact guidance at [email protected].
Pulse uses `freshness=latest` and `freshness=refresh`; there is no separate `refresh=true` parameter. Broad `X-RateLimit-*` headers are not emitted unless the route has accurate enforced bucket state.
Durable scan handles
`scanId` is the canonical field name. `scan_id` may appear as a compatibility alias, but new integrations should use `scanId`.
https://certscore.ai/scan/<scanId> https://certscore.ai/api/v1/pulse?scanId=<scanId> https://certscore.ai/api/v1/pulse?scanId=<scanId>&detail=full https://certscore.ai/api/v1/pulse?scanId=<scanId>&format=markdown
Markdown structure
Standard markdown starts with a compact summary table and stable headings so agents can parse it reliably without large JSON blocks.
# CertScore Pulse | Field | Value | |---|---| | Domain | kbdlab.io | | Score | 72/100 | | Risk level | Review recommended | | High-priority findings | 1 | | Total observations | 3 | | Scan completed | 2026-05-18T23:15:31Z | | Coverage status | Partial | ## Summary ## Highest-priority findings ## Privacy and consent signals ## Cookie and third-party request activity ## Accessibility signals ## Disclosure and trust signals ## Coverage and limitations ## Links ## Disclaimer
Feedback
Pulse responses include feedback metadata when available. Direct comments can be sent to [email protected]. Feedback is private and used to improve CertScore Pulse. No star ratings are used.
Supported ratings: `useful`, `not_useful`, `unclear`, `incorrect`, `too_limited`. Helpful reasons include incorrect finding, missing evidence, too much detail, not enough detail, coverage seemed limited, hard to understand, API issue, and other.
POST https://certscore.ai/api/v1/pulse/feedback
Content-Type: application/json
{
"pulseRequestId": "pulse_req_123",
"rating": "useful",
"reason": "not_enough_detail",
"comment": "Optional comment up to 2000 characters.",
"email": "[email protected]"
}The feedback endpoint validates rating and reason values, caps comments at 2000 characters, accepts an optional email field, and may return HTTP 429 when feedback is submitted too frequently for the same Pulse request context.
Interpreting findings
Pulse summarizes already-surfaced public report findings and review context. It does not create findings from raw signals, and absence of findings should not be interpreted as absence of risk. If no major findings are surfaced, Pulse says: “No top automated findings were surfaced in this scan.”
Coverage may be affected by bot defenses, geography, consent flow branching, lazy loading, protected routes, authenticated-only areas, or other runtime conditions. Absence of findings should not be interpreted as absence of risk.
For finding definitions, evidence standards, and reviewer questions, use the CertScore findings reference.
Automated public-web observations for review. Not legal advice, certification, or a compliance determination.