CertScore.ai
Open navigation menu
Developer docs

CertScore API

Discover the CertScore API, TypeScript SDK, and MCP server for evidence-backed website risk API workflows, privacy scan API use cases, cookie compliance scan API checks, and AI agent integrations.

CertScore outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination.

Start here

One public integration surface for humans and agents.

Quickstart

Create a scan, poll status, retrieve findings, and review public-safe scan resources.

API reference

Resource routes, status behavior, error shape, rate limits, and public-safe evidence rules.

TypeScript SDK

Use ergonomic resource clients for scans, findings, and domains.

MCP server

Connect agents to CertScore tools for public website risk-signal review.

Examples

Copyable curl, SDK, and agent workflows for common integration paths.

Canonical links

Machine-readable discovery

API v2 OpenAPIUniversal AI manifestLLM guideFull LLM guideSitemap

API v2

Resource-oriented routes

MethodRoutePurpose
POST/api/v2/scansCreate or reuse a public scan through the resource API.
GET/api/v2/scans/{scanId}Retrieve the public-safe scan resource.
GET/api/v2/scans/{scanId}/statusCheck scan or job status without inferring from partial evidence.
GET/api/v2/scans/{scanId}/findingsList already-projected public findings for a scan.
GET/api/v2/scans/{scanId}/findings/{findingId}Retrieve one public-safe finding and capped evidence summary.
GET/api/v2/domains/{domain}/latestFind the latest eligible public scan for a domain.
GET/api/v2/openapi.jsonFetch the machine-readable API v2 contract.
GET/api/v2/healthCheck API v2 discovery health.

Agent workflow

Recommended request sequence

1. GET https://certscore.ai/api/v2/health
2. GET https://certscore.ai/api/v2/openapi.json
3. POST https://certscore.ai/api/v2/scans
4. GET https://certscore.ai/api/v2/scans/{scanId}/status
5. GET https://certscore.ai/api/v2/scans/{scanId}/findings
6. GET https://certscore.ai/api/v2/domains/{domain}/latest

The API, SDK, and MCP server expose already-projected public-safe artifacts. They do not create findings from raw scanner evidence or turn display text into policy conclusions.

Search phrases

How this surface should be described

CertScore APIwebsite risk APIprivacy scan APIcookie compliance scan APIMCP server for website compliance reviewautomated public-web risk signalsevidence-backed website scan API