CertScore.ai Pulse API beta
Retrieve a quick, evidence-backed CertScore.ai summary for a public URL. Pulse API beta is designed for AI agents, developer tools, CLIs, and humans that need a compact scan summary with links to the durable full report.
CertScore.ai Pulse uses automated runtime analysis of public websites to detect review signals around pre-consent tracking, third-party requests, consent enforcement gaps, cookie activity, accessibility issues, and disclosure inconsistencies.
CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate.
For AI agents
Try CertScore.ai GPT beta
Paste a public website URL and get a CertScore.ai Pulse summary inside ChatGPT. Automated observations for review, not legal advice or a compliance determination.
Open CertScore.ai GPT betaIf you are an agent with OpenAPI actions or HTTP tools, start here before trying ad hoc fetches. CertScore.ai Pulse works best when agents call Summary JSON or markdown for user-facing summaries and reserve Evidence JSON for evidence-heavy review.
Basic HTTP agent quick start: 1. If you do not support OpenAPI actions, call: GET https://certscore.ai/api/v1/pulse?url=<public URL>&format=markdown&detail=standard 2. For a quick check, call: GET https://certscore.ai/api/v1/pulse?url=<public URL>&format=markdown&detail=tiny 3. For structured evidence, call: GET https://certscore.ai/api/v1/pulse?url=<public URL>&format=json&detail=evidence 4. If you receive HTTP 202, read the returned statusUrl or poll: GET https://certscore.ai/api/v1/pulse/status/<jobId> 5. If the request fails before status/body/headers are visible, open: https://certscore.ai/api-pulse-agent-guide.txt
Recommended calls: - User-facing summary: GET /api/v1/pulse?url=https://kbdlab.io&format=markdown&detail=standard - Quick machine triage: GET /api/v1/pulse?url=https://kbdlab.io&detail=tiny - Evidence/deeper review: GET /api/v1/pulse?url=https://kbdlab.io&detail=evidence - Connectivity check: GET /api/v1/pulse-self-test - Health check: GET /api/v1/pulse-health Summary JSON is best for concise agent output. Markdown is best for conversational summaries. Tiny is best for badges, triage, and routing. Evidence JSON is best for evidence review and coverage diagnostics. Self-test is best for deployment and agent connectivity checks.
OpenAPI / GPT Action beta quick start: 1. If you support OpenAPI actions/tools, import: https://certscore.ai/api/v1/openapi.chatgpt.json 2. Call getPulseForUrl with: url: <public URL> format: markdown detail: standard scanFrom: eu_ie wait: 35 3. Use detail=tiny for quick checks. 4. Public GPT Action beta access uses latest-mode summaries. Use Evidence JSON or the linked CertScore.ai report when users need more support. 5. If API fetch fails before headers/body/status are visible, call checkPulseConnectivity once. 6. If checkPulseConnectivity succeeds, treat the scan failure as a transient client/action transport error and retry or use the markdown endpoint. 7. If checkPulseConnectivity also fails without CertScore.ai diagnostic headers, do not infer CertScore.ai returned an error. Report it as a client/network fetch limitation and read /api-pulse/agent and /api-pulse-agent-guide.txt.
Agent fetch limitations: Some agent environments may fail before receiving an HTTP response because of DNS, sandbox, TLS, proxy, or fetch-layer limitations. If a request fails before exposing an HTTP status, response body, or x-certscore-* diagnostic headers, do not conclude CertScore.ai Pulse is unavailable. First try /api/v1/pulse-self-test, /api/v1/pulse-health, /api-pulse-agent-guide.txt, /.well-known/certscore-pulse, and /api/v1/openapi.chatgpt.json.
Developer hub
Pulse v1 remains the compatibility entry point. For the resource-oriented CertScore.ai API v2, TypeScript SDK, MCP server, examples, and machine-readable discovery links, use the developer hub. For structured Pre-consent Cookies & Trackers table data, use API v2 instead of parsing Pulse prose or report HTML.
MCP preview
CertScore.ai MCP is a developer-preview stdio server for teams that want to run Pulse checks inside AI development, security, and ops workflows. It uses the same evidence-backed Pulse surface: automated public-web observations for review, with stable scan and finding IDs.
create_scan
Deprecated compatibility alias of scan_site. Use scan_site for new integrations. Returns completed-limited no-go disposition and reason-specific guidance when applicable.
scan_site
Recommended first call. Starts or reuses a public-web scan, reports freshness and anonymous quota decisions, and waits up to 45 seconds by default. If still running, use get_scan_status; otherwise use get_scan_bundle. Completed no-go scans retain completed_limited status and reason-specific guidance.
get_scan
Retrieve the API v2 public-safe scan resource, including completed-limited no-go disposition, reason-specific guidance, and timing when available.
get_scan_status
Retrieve terminal status, including completed_limited no-go disposition and reason-specific guidance. Pass jobId only before a stable scanId is available.
get_report
Retrieve a summary Pulse report, including customer-safe no-go messaging when coverage is completed-limited. Use get_evidence for the larger bounded packet.
get_evidence
Retrieve the bounded structured Evidence JSON packet for a stable scan ID. Excludes raw cookie values, raw bodies, sensitive payloads, full DOM, and unredacted query values.
get_scan_bundle
Recommended second call after scan_site. Returns the canonical scan state, compact report summary, findings, bounded evidence summary, and pre-consent inventory in one agent-friendly response.
export_findings
Return structured findings plus completed-limited no-go disposition and guidance for downstream review or ticketing workflows.
list_findings
List API v2 public-safe findings already projected for a scan.
get_pre_consent_cookies_trackers
Retrieve the public-safe Cookies & Trackers (Pre-consent) report table as compact JSON for a scan.
explain_finding
Explain one projected finding with public evidence, caveats, reviewer next steps, and reason-specific no-go context when applicable.
get_latest_domain_scan
Retrieve the latest eligible API v2 public-safe scan for a domain.
get_latest_domain_pre_consent_cookies_trackers
Retrieve the public-safe Cookies & Trackers (Pre-consent) table from the latest eligible scan for a domain.
The first preview is intentionally narrow: create a scan, check status, retrieve a report, export findings, and explain a specific finding. Account browsing and drift comparison tools are not part of the initial MCP scope.
Local stdio preview: CERTSCORE_API_KEY=<token> pnpm mcp:certscore Optional: CERTSCORE_BASE_URL=https://certscore.ai CERTSCORE_REQUEST_TIMEOUT_MS=300000 Live smoke: CERTSCORE_API_KEY=<token> pnpm mcp:certscore:smoke Generate preview key: pnpm db:migrate pnpm mcp:certscore:generate-key -- --name "CertScore.ai MCP preview"
Example MCP client config:
{
"mcpServers": {
"certscore": {
"command": "pnpm",
"args": ["mcp:certscore"],
"cwd": "/path/to/CertScore.ai",
"env": {
"CERTSCORE_API_KEY": "YOUR_TOKEN",
"CERTSCORE_BASE_URL": "https://certscore.ai"
}
}
}
}Recommended workflow: call `scan_site` with a public URL. It waits for completion by default. Only poll `get_scan_status` if a non-terminal job is returned, then use `list_findings` or `explain_finding` for review and ticketing. Fetch report, evidence, and cookie inventory resources only when the task needs them.
Preview keys are scoped to `pulse:read`, `pulse:scan`, and `mcp`; CertScore.ai validates bearer tokens before request attribution and rate-limit policy, without changing evidence, concern, finding, or projection logic.
Operators should apply the integration-key migration, generate a scoped preview key, and run authenticated MCP smoke before promoting the preview beyond internal use.
Quick start
GET https://certscore.ai/api/v1/pulse?url=https://kbdlab.io
If a completed eligible scan exists within the 24-hour reuse window, the API returns that completed Pulse. If no completed scan exists within that UTC-normalized window, the API may queue a new scan and return HTTP 202 with `jobId`, `statusUrl`, `nextCheckUrl`, and any `scanId` available for the queued scan.
Copy/paste examples
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&detail=tiny"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&detail=evidence"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&format=markdown"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&freshness=refresh"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&forceNewScan=true"
curl "https://certscore.ai/api/v1/pulse?url=https://kbdlab.io&wait=35"
curl "https://certscore.ai/api/v1/pulse/status/<jobId>"
curl "https://certscore.ai/api/v1/pulse-self-test"
curl "https://certscore.ai/api/v1/pulse-health"
Parameters
url
Public URL or domain to summarize. Use this for first-time or latest-domain lookup.
scanId
Existing public eligible scan ID. Use this later for an immutable scan-backed Pulse response.
jobId
Existing Pulse job ID. Use this to resolve or check an async Pulse request.
format
`json` or `markdown`. Defaults to `json`.
detail
`summary`, `evidence`, `tiny`, `quick`, `standard`, or `full`. Defaults to `summary`. `quick` is an alias for `tiny`.
freshness
`latest` or `refresh`. Defaults to `latest`.
scanFrom
`eu_ie`. Selects the geo execution context for newly queued public scans. Defaults to `eu_ie`.
geo
Alias for `scanFrom`; accepts `eu_ie`.
forceNewScan
`true` or `1` bypasses the 24-hour recent-scan reuse check. It does not bypass throttles or validation.
wait
Integer seconds from 0 to 80. This is only the maximum HTTP hold window for the current request; total queue plus scan time can be longer when workers are busy.
Detail levels
detail=summary
Default agent-friendly JSON artifact with executive metrics, surfaced results, key counts, and links.
detail=evidence
Bounded structured evidence packet for review. Includes projected findings, GDPR/ePrivacy checklist rows, tracker/cookie inventories, timing summaries, and safety notes without raw payloads.
detail=tiny
Quick compact summary for badges, CLI output, widgets, and simple agents.
detail=quick
Alias for `detail=tiny`. Responses normalize to the tiny shape.
detail=standard
Backward-compatible report projection for quick evidence-backed summaries.
detail=full
Structured public report projection with more findings, review lenses, vendor/domain summaries, policy surfaces, fingerprinting context, interruptions, coverage diagnostics, and benchmark context. It does not expose raw internal artifacts.
Response examples
200 completed tiny JSON
{
"type": "certscore_pulse",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.3",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "tiny"
},
"domain": "kbdlab.io",
"scanId": "scan_abc123",
"scanStatus": "completed",
"summary": {
"headline": "Automated scan surfaced consent-timing and third-party collection review signals.",
"score": 72,
"riskLevel": "review_recommended"
},
"topFindings": [
{
"id": "pre_consent_tracking_detected",
"label": "Tracking started before consent",
"criticality": "critical",
"confidence": "strong"
}
],
"coverage": {
"status": "partial",
"summary": "Automated public-web scan completed with coverage limitations."
},
"links": {
"canonicalPulseUrl": "https://certscore.ai/pulse/kbdlab.io",
"jsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"markdownUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&format=markdown",
"summaryJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=summary",
"evidenceJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=evidence",
"fullJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=full",
"fullReportUrl": "https://certscore.ai/scan/scan_abc123",
"docsUrl": "https://certscore.ai/api-pulse",
"findingsReferenceUrl": "https://certscore.ai/findings"
},
"feedback": {
"prompt": "Was this Pulse useful?",
"email": "[email protected]",
"feedbackUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123",
"positiveUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=useful",
"negativeUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=not_useful"
},
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate."
}200 completed standard JSON
{
"type": "certscore_pulse",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.3",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "standard"
},
"request": {
"pulseRequestId": "pulse_req_123",
"url": "https://kbdlab.io",
"normalizedUrl": "https://kbdlab.io/",
"domain": "kbdlab.io",
"detail": "standard",
"format": "json",
"freshness": "latest",
"waitSeconds": 0,
"resolutionMode": "reused_existing_scan"
},
"scan": {
"scanId": "scan_abc123",
"scanStatus": "completed",
"completedAt": "2026-05-18T23:15:31Z"
},
"timestamps": {
"createdAt": "2026-05-18T23:14:22Z",
"startedAt": "2026-05-18T23:14:31Z",
"completedAt": "2026-05-18T23:15:31Z",
"generatedAt": "2026-05-18T23:15:32Z",
"lastUpdatedAt": "2026-05-18T23:15:31Z"
},
"freshness": {
"status": "fresh",
"ageSeconds": 4,
"ageHours": 0.001,
"maxRecommendedAgeHours": 168
},
"summary": {
"headline": "Automated scan surfaced consent-timing and third-party collection review signals.",
"score": 72,
"riskLevel": "review_recommended",
"humanSummary": "Automated scan surfaced consent-timing and third-party collection review signals."
},
"topFindings": [
{
"id": "pre_consent_tracking_detected",
"label": "Tracking started before consent",
"criticality": "critical",
"confidence": "strong",
"plainEnglish": "Runtime evidence showed non-essential tracking activity before a consent choice was recorded.",
"evidence": {
"summary": "A non-essential third-party tracking request was observed before the scan recorded a consent choice.",
"observedPhase": "before_consent",
"exampleEvents": [
{
"type": "request",
"vendor": "Example Analytics Vendor",
"urlHost": "analytics.example-vendor.test",
"timestampMs": 1137
}
],
"fullEvidenceUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected"
},
"evidenceDigest": {
"basis": "runtime_observation",
"phase": "before_consent",
"exampleCount": 2,
"examplesShown": 1,
"hasTimingAnchor": true,
"hasVendorAnchor": true,
"hasConsentContext": true
},
"reviewLenses": [
"GDPR / ePrivacy",
"FTC"
],
"anchorUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected",
"nextStep": "Review whether observed vendors are necessary before consent or should be consent-gated."
}
],
"coverage": {
"status": "partial",
"homepageObserved": true,
"summary": "Homepage findings are based on observable public-page evidence.",
"limitations": [
"Automated public-web scan only.",
"Coverage may be affected by bot defenses, geography, consent flow branching, lazy loading, protected routes, authenticated-only areas, or other runtime conditions. Absence of findings should not be interpreted as absence of risk."
]
},
"links": {
"canonicalPulseUrl": "https://certscore.ai/pulse/kbdlab.io",
"jsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"markdownUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&format=markdown",
"summaryJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=summary",
"evidenceJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=evidence",
"fullJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=full",
"fullReportUrl": "https://certscore.ai/scan/scan_abc123",
"docsUrl": "https://certscore.ai/api-pulse",
"findingsReferenceUrl": "https://certscore.ai/findings"
},
"feedback": {
"prompt": "Was this Pulse useful?",
"email": "[email protected]",
"feedbackUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123",
"positiveUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=useful",
"negativeUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=not_useful"
},
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate."
}200 completed Evidence JSON
{
"type": "certscore_pulse_evidence",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.3",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "evidence"
},
"domain": "kbdlab.io",
"scanId": "scan_abc123",
"scanStatus": "completed",
"findings": [
{
"id": "pre_consent_tracking_detected",
"label": "Tracking started before consent",
"criticality": "critical",
"confidence": "strong",
"plainEnglish": "Runtime evidence showed non-essential tracking activity before a consent choice was recorded.",
"evidence": {
"summary": "A non-essential third-party tracking request was observed before the scan recorded a consent choice.",
"observedPhase": "before_consent",
"exampleEvents": [
{
"type": "request",
"vendor": "Example Analytics Vendor",
"urlHost": "analytics.example-vendor.test",
"timestampMs": 1137
}
],
"fullEvidenceUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected"
},
"evidenceDigest": {
"basis": "runtime_observation",
"phase": "before_consent",
"exampleCount": 2,
"examplesShown": 1,
"hasTimingAnchor": true,
"hasVendorAnchor": true,
"hasConsentContext": true
},
"reviewLenses": [
"GDPR / ePrivacy",
"FTC"
],
"anchorUrl": "https://certscore.ai/scan/scan_abc123#finding-pre_consent_tracking_detected",
"nextStep": "Review whether observed vendors are necessary before consent or should be consent-gated."
}
],
"reviewContext": {
"disclaimer": "Findings are organized by privacy, consumer protection, accessibility, and other review contexts. These are automated signals for review, not legal determinations.",
"lenses": [
{
"name": "GDPR / ePrivacy",
"status": "needs_work",
"score": 28,
"contributingFindingIds": [
"pre_consent_tracking_detected"
]
}
]
},
"evidenceHighlights": {
"trackerFootprint": {
"thirdPartyDomainsObserved": 7,
"classifiedTrackerVendors": 2,
"summary": "7 third-party domains observed; 2 classified tracker vendors identified."
},
"policySurfaces": {
"policyUrlCount": 2,
"covered": [
"privacy_policy",
"terms_of_service"
]
}
},
"coverage": {
"status": "partial",
"interruptionCount": 1,
"interruptions": [
{
"label": "Access limited",
"reason": "Protected route encountered outside the public homepage."
}
],
"limitations": [
"Full mode is still a public report projection; raw internal artifacts are not included."
]
},
"links": {
"canonicalPulseUrl": "https://certscore.ai/pulse/kbdlab.io",
"jsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"markdownUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&format=markdown",
"summaryJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=summary",
"evidenceJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=evidence",
"fullJsonUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123&detail=full",
"fullReportUrl": "https://certscore.ai/scan/scan_abc123",
"docsUrl": "https://certscore.ai/api-pulse",
"findingsReferenceUrl": "https://certscore.ai/findings"
},
"feedback": {
"prompt": "Was this Pulse useful?",
"email": "[email protected]",
"feedbackUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123",
"positiveUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=useful",
"negativeUrl": "https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_123&rating=not_useful"
},
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate."
}202 pending/running response
{
"type": "certscore_pulse_status",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.3",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai",
"format": "json",
"detail": "standard"
},
"jobId": "pulse_job_123",
"scanId": "scan_abc123",
"domain": "kbdlab.io",
"status": "running",
"phase": "runtime_observation",
"message": "Observing public-page behavior and collecting automated evidence signals.",
"elapsedSeconds": 28,
"estimatedWaitSeconds": 45,
"statusUrl": "https://certscore.ai/api/v1/pulse/status/pulse_job_123",
"nextCheckUrl": "https://certscore.ai/api/v1/pulse/status/pulse_job_123",
"reportUrl": "https://certscore.ai/scan/scan_abc123",
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "pending_pulse",
"safeSummaryUse": false,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate."
}200 completed status response
{
"type": "certscore_pulse_status",
"jobId": "pulse_job_123",
"scanId": "scan_abc123",
"domain": "kbdlab.io",
"status": "completed",
"completedAt": "2026-05-18T23:15:31Z",
"resultUrl": "https://certscore.ai/api/v1/pulse?scanId=scan_abc123",
"reportUrl": "https://certscore.ai/scan/scan_abc123",
"capabilities": {
"method": "automated_runtime_analysis",
"observes": [
"pre_consent_tracking",
"third_party_requests",
"consent_enforcement_gaps",
"cookie_activity",
"accessibility_signals",
"disclosure_inconsistencies"
],
"doesNotProvide": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"agentInterpretation": {
"responseClass": "completed_pulse",
"safeSummaryUse": true,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate."
}429 rate-limit response
{
"type": "certscore_pulse_error",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.3",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai"
},
"error": {
"code": "rate_limited",
"message": "This CertScore.ai API key has reached its Pulse request limit. Try again after the retry window or manage your plan.",
"retryAfterSeconds": 240
},
"resolution": {
"label": "Manage plan",
"url": "https://certscore.ai/app/modify-plan"
},
"feedback": {
"email": "[email protected]"
},
"agentInterpretation": {
"responseClass": "rate_limited",
"safeSummaryUse": false,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate."
}400 invalid URL response
{
"type": "certscore_pulse_error",
"meta": {
"apiVersion": "v1",
"schemaVersion": "0.5.3",
"pulseVersion": "2026-05-18",
"projectionVersion": "pulse-public-v1",
"generatedAt": "2026-05-18T23:15:32Z",
"source": "certscore.ai"
},
"request": {
"url": "not-a-url",
"detail": "standard",
"format": "json"
},
"error": {
"code": "invalid_url",
"message": "Enter a valid public website URL or domain.",
"retryAfterSeconds": null
},
"feedback": {
"email": "[email protected]"
},
"agentInterpretation": {
"responseClass": "api_error",
"safeSummaryUse": false,
"requiresHumanReview": true,
"doNotCallThis": [
"legal_advice",
"certification",
"compliance_determination"
]
},
"disclaimer": "CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate."
}Markdown response
# CertScore.ai Pulse | Field | Value | |---|---| | Domain | kbdlab.io | | Score | 72/100 | | Risk level | Review recommended | | High-priority findings | 1 | | Total observations | 3 | | Scan completed | 2026-05-18T23:15:31Z | | Coverage status | Partial | ## Summary Automated scan surfaced consent-timing and third-party collection review signals. ## Highest-priority findings 1. Tracking started before consent ## Privacy and consent signals - Tracker footprint: 7 third-party domains observed; 2 classified tracker vendors identified. ## Cookie and third-party request activity - Vendor mix: cdn infra 1 · session replay 1 ## Accessibility signals - Accessibility-related findings: 0 ## Disclosure and trust signals - Policy surfaces: 2 policy URLs covered. ## Coverage and limitations Coverage was limited; absence of findings should not be interpreted as absence of risk. ## Links Full report: https://certscore.ai/scan/scan_abc123 ## Disclaimer CertScore.ai outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination. Always review the underlying evidence and consult qualified experts where appropriate.
Async and status behavior
Status lifecycle: queued to running to finalizing to completed. Edge or terminal statuses include completed_limited, failed, expired, and rate_limited.
HTTP 202 means the scan or Pulse request is accepted but not complete. Clients should poll `statusUrl` or `nextCheckUrl`. `wait` accepts 0 to 80 seconds and may return a completed Pulse if the scan finishes during that window.
Pending HTTP 202 responses include `Retry-After` when CertScore.ai can recommend a polling delay. Throttled HTTP 429 responses include `Retry-After` when retry timing is known.
Estimated wait values are approximate. Queue backlog, worker availability, page load time, and scan finalization can make total completion take longer than 80 seconds.
queued -> running -> finalizing -> completed Other statuses: completed_limited, failed, expired, rate_limited Public-safe phase message: "Observing public-page behavior and collecting automated evidence signals."
Freshness and throttling
`freshness=latest` returns the latest eligible completed Pulse when it was completed in the prior 24 hours. If no completed eligible scan exists within that UTC-normalized window, CertScore.ai may queue a new scan.
`freshness=refresh` requests a new scan when eligible and bypasses the 24-hour reuse check. `forceNewScan=true` is a compatibility override with the same reuse-bypass behavior. Scan generation is still limited to one new Pulse scan per normalized domain every one minute under the 1-minute normalized-domain throttle.
If refresh is throttled but a completed scan exists, CertScore.ai may return the latest completed Pulse with `refresh.requested=true`, `refresh.performed=false`, `refresh.reason="domain_throttle"`, and `refresh.retryAfterSeconds`. If no completed scan exists and scan creation is throttled, the API returns HTTP 429 with `Retry-After`, `error.code="pulse_throttled"`, and support contact guidance at [email protected].
Pulse uses `freshness=latest` and `freshness=refresh`; there is no separate `refresh=true` parameter. Broad `X-RateLimit-*` headers are not emitted unless the route has accurate enforced bucket state.
Durable scan handles
`scanId` is the canonical field name. `scan_id` may appear as a compatibility alias, but new integrations should use `scanId`.
https://certscore.ai/scan/<scanId> https://certscore.ai/api/v1/pulse?scanId=<scanId> https://certscore.ai/api/v1/pulse?scanId=<scanId>&detail=summary https://certscore.ai/api/v1/pulse?scanId=<scanId>&detail=evidence https://certscore.ai/api/v1/pulse?scanId=<scanId>&format=markdown
Markdown structure
Standard markdown starts with a compact summary table and stable headings so agents can parse it reliably without large JSON blocks.
# CertScore.ai Pulse | Field | Value | |---|---| | Domain | kbdlab.io | | Score | 72/100 | | Risk level | Review recommended | | High-priority findings | 1 | | Total observations | 3 | | Scan completed | 2026-05-18T23:15:31Z | | Coverage status | Partial | ## Summary ## Highest-priority findings ## Privacy and consent signals ## Cookie and third-party request activity ## Accessibility signals ## Disclosure and trust signals ## Coverage and limitations ## Links ## Disclaimer
Feedback
Pulse responses include feedback metadata when available. Direct comments can be sent to [email protected]. Feedback is private and used to improve CertScore.ai Pulse. No star ratings are used.
Supported ratings: `useful`, `not_useful`, `unclear`, `incorrect`, `too_limited`. Helpful reasons include incorrect finding, missing evidence, too much detail, not enough detail, coverage seemed limited, hard to understand, API issue, and other.
POST https://certscore.ai/api/v1/pulse/feedback
Content-Type: application/json
{
"pulseRequestId": "pulse_req_123",
"rating": "useful",
"reason": "not_enough_detail",
"comment": "Optional comment up to 2000 characters.",
"email": "[email protected]"
}The feedback endpoint validates rating and reason values, caps comments at 2000 characters, accepts an optional email field, and may return HTTP 429 when feedback is submitted too frequently for the same Pulse request context.
Interpreting findings
Pulse summarizes already-surfaced public report findings and review context. It does not create findings from raw signals, and absence of findings should not be interpreted as absence of risk. If no major findings are surfaced, Pulse says: “No top automated findings were surfaced in this scan.”
Coverage may be affected by bot defenses, geography, consent flow branching, lazy loading, protected routes, authenticated-only areas, or other runtime conditions. Absence of findings should not be interpreted as absence of risk.
For finding definitions, evidence standards, and reviewer questions, use the CertScore.ai findings reference.
Automated public-web observations for review. Not legal advice, certification, or a compliance determination.
