Developer docs
CertScore API
Discover the CertScore API, TypeScript SDK, and MCP server for evidence-backed website risk API workflows, privacy scan API use cases, cookie compliance scan API checks, and AI agent integrations.
CertScore outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination.
Start here
One public integration surface for humans and agents.
Create a scan, poll status, retrieve findings, and review public-safe scan resources.
Resource routes, status behavior, error shape, rate limits, and public-safe evidence rules.
Use ergonomic resource clients for scans, findings, and domains.
Connect agents to CertScore tools for public website risk-signal review.
Copyable curl, SDK, and agent workflows for common integration paths.
Canonical links
Machine-readable discovery
API v2
Resource-oriented routes
| Method | Route | Purpose |
|---|---|---|
| POST | /api/v2/scans | Create or reuse a public scan through the resource API. |
| GET | /api/v2/scans/{scanId} | Retrieve the public-safe scan resource. |
| GET | /api/v2/scans/{scanId}/status | Check scan or job status without inferring from partial evidence. |
| GET | /api/v2/scans/{scanId}/findings | List already-projected public findings for a scan. |
| GET | /api/v2/scans/{scanId}/findings/{findingId} | Retrieve one public-safe finding and capped evidence summary. |
| GET | /api/v2/domains/{domain}/latest | Find the latest eligible public scan for a domain. |
| GET | /api/v2/openapi.json | Fetch the machine-readable API v2 contract. |
| GET | /api/v2/health | Check API v2 discovery health. |
Agent workflow
Recommended request sequence
1. GET https://certscore.ai/api/v2/health
2. GET https://certscore.ai/api/v2/openapi.json
3. POST https://certscore.ai/api/v2/scans
4. GET https://certscore.ai/api/v2/scans/{scanId}/status
5. GET https://certscore.ai/api/v2/scans/{scanId}/findings
6. GET https://certscore.ai/api/v2/domains/{domain}/latestThe API, SDK, and MCP server expose already-projected public-safe artifacts. They do not create findings from raw scanner evidence or turn display text into policy conclusions.
Search phrases
How this surface should be described
CertScore APIwebsite risk APIprivacy scan APIcookie compliance scan APIMCP server for website compliance reviewautomated public-web risk signalsevidence-backed website scan API
