Developer surfaces

TrustAtlas exposes a versioned, key-authenticated JSON API for GRC and procurement tooling, plus a handful of public endpoints for embedding risk badges, building integrations, and consuming the catalog as RSS.

v1 JSON API (X-API-Key)

Authenticate with X-API-Key: ta_live_…. Issue and revoke keys in your dashboard: https://trustatlas.pages.dev/dashboard/api-keys.

GET https://trustatlas-api.jeffrolson1.workers.dev/api/v1/vendors

GET https://trustatlas-api.jeffrolson1.workers.dev/api/v1/vendors/{slug}

GET https://trustatlas-api.jeffrolson1.workers.dev/api/v1/vendors/{slug}/full — pro tier

GET https://trustatlas-api.jeffrolson1.workers.dev/api/v1/search?q=… — pro tier

OpenAPI 3.1 spec: https://trustatlas-api.jeffrolson1.workers.dev/api/v1/openapi.json

Quick start

curl -H "X-API-Key: ta_live_…" https://trustatlas-api.jeffrolson1.workers.dev/api/v1/vendors?limit=5

Tier limits

Tier Daily request budget Endpoints
free100 / day/vendors, /vendors/{slug}
pro5,000 / dayfree + /vendors/{slug}/full, /search
enterprisecontact salesall of pro + custom integrations

Error responses

Get an API key

Vendor lookup

GET https://trustatlas-api.jeffrolson1.workers.dev/api/vendors/by-domain?domain={hostname}

Returns the vendor record matching a given hostname. Strips www. and protocol. 1-hour edge cache. Used by the Chrome extension and bookmarklets.

curl https://trustatlas-api.jeffrolson1.workers.dev/api/vendors/by-domain?domain=openai.com

SVG badge

GET https://trustatlas-api.jeffrolson1.workers.dev/api/badge/{slug}.svg

Compact SVG risk badge for any vendor. Tier-colored. Best for README files, footers, and email signatures. Add ?variant=large for a bigger version.

<img src="https://trustatlas-api.jeffrolson1.workers.dev/api/badge/openai.svg" alt="TrustAtlas risk score for OpenAI" />

OpenGraph image

GET https://trustatlas-api.jeffrolson1.workers.dev/api/og/vendor/{slug}.svg

1200×630 SVG social-share image for a vendor profile. Renders well on Facebook, LinkedIn, Slack, Discord; Twitter falls back to summary card. Already wired into VendorDetail's Meta component.

Live iframe embeds

GET https://trustatlas.pages.dev/embed/vendor/{slug}

Compact 380×120 interactive card. X-Frame-Options: ALLOWALL so embedding works on any origin. Updates as scores change.

GET https://trustatlas.pages.dev/embed/compare/{slug-a-vs-slug-b}

Side-by-side variant for curated vendor pairs only.

<iframe src="https://trustatlas.pages.dev/embed/vendor/openai" width="380" height="120" frameborder="0" loading="lazy"></iframe>

RSS feeds

All four are valid RSS 2.0 with atom:self links and 30-minute edge cache. Drop them in any reader.

Sitemap and robots

Vendor JSON API (read-only)

GET https://trustatlas-api.jeffrolson1.workers.dev/api/vendors

Paginated vendor list. Supports filters: taxonomy_type, hq_country, risk_tier, verified, page, limit (max 100), sort, order.

GET https://trustatlas-api.jeffrolson1.workers.dev/api/vendors/{slug}

Single vendor detail. Returns the core profile; sub-tables (data handling, security, jurisdiction, governance) are at /{slug}/data-handling, /security, etc.

GET https://trustatlas-api.jeffrolson1.workers.dev/api/stats

Aggregate catalog stats — total, by taxonomy, by tier, by country.

Rate limits. Public endpoints share a generous bucket per IP (currently 60 requests/minute, will adjust based on patterns). Cache-friendly responses (badge, OG, by-domain) include Cache-Control headers — respect them and you'll rarely hit the limit. Bulk consumption beyond reasonable use, or commercial redistribution, requires prior arrangement — email hello@trustatlas.com.