Developer surfaces
TrustAtlas exposes several public endpoints for embedding risk badges, building integrations, and consuming the catalog as RSS. All are rate-limited but unauthenticated; no API key required.
Vendor lookup
GET https://trustatlas-api.jeffrolson1.workers.dev/api/vendors/by-domain?domain={hostname}
Returns the vendor record matching a given hostname. Strips www. and protocol. 1-hour edge cache. Used by the Chrome extension and bookmarklets.
curl https://trustatlas-api.jeffrolson1.workers.dev/api/vendors/by-domain?domain=openai.com
SVG badge
GET https://trustatlas-api.jeffrolson1.workers.dev/api/badge/{slug}.svg
Compact SVG risk badge for any vendor. Tier-colored. Best for README files, footers, and email signatures. Add ?variant=large for a bigger version.
<img src="https://trustatlas-api.jeffrolson1.workers.dev/api/badge/openai.svg" alt="TrustAtlas risk score for OpenAI" />
OpenGraph image
GET https://trustatlas-api.jeffrolson1.workers.dev/api/og/vendor/{slug}.svg
1200×630 SVG social-share image for a vendor profile. Renders well on Facebook, LinkedIn, Slack, Discord; Twitter falls back to summary card. Already wired into VendorDetail's Meta component.
Live iframe embeds
GET https://trustatlas.pages.dev/embed/vendor/{slug}
Compact 380×120 interactive card. X-Frame-Options: ALLOWALL so embedding works on any origin. Updates as scores change.
GET https://trustatlas.pages.dev/embed/compare/{slug-a-vs-slug-b}
Side-by-side variant for curated vendor pairs only.
<iframe src="https://trustatlas.pages.dev/embed/vendor/openai" width="380" height="120" frameborder="0" loading="lazy"></iframe>
RSS feeds
- https://trustatlas.pages.dev/feed/news.xml — vendor-tagged news items from the monitor
- https://trustatlas.pages.dev/feed/score-changes.xml — composite-score moves >5pt
- https://trustatlas.pages.dev/feed/new-vendors.xml — newly cataloged vendors
- https://trustatlas.pages.dev/feed/incidents.xml — recently logged incidents
All four are valid RSS 2.0 with atom:self links and 30-minute edge cache. Drop them in any reader.
Sitemap and robots
- https://trustatlas.pages.dev/sitemap.xml — full sitemap with all vendor profiles, comparisons, glossary, and reports
- https://trustatlas.pages.dev/robots.txt — robots policy with feed advertisements
Vendor JSON API (read-only)
GET https://trustatlas-api.jeffrolson1.workers.dev/api/vendors
Paginated vendor list. Supports filters: taxonomy_type, hq_country, risk_tier, verified, page, limit (max 100), sort, order.
GET https://trustatlas-api.jeffrolson1.workers.dev/api/vendors/{slug}
Single vendor detail. Returns the core profile; sub-tables (data handling, security, jurisdiction, governance) are at /{slug}/data-handling, /security, etc.
GET https://trustatlas-api.jeffrolson1.workers.dev/api/stats
Aggregate catalog stats — total, by taxonomy, by tier, by country.
Cache-Control headers — respect them and you'll rarely hit the limit. Bulk consumption beyond reasonable use, or commercial redistribution, requires prior arrangement — email hello@trustatlas.com.