Public API · free while in preview

The Trust Layer API.

One call returns the full trust picture of any AI agent — on-chain or off-chain: Trust Score, Agent Credit, Meta-Bureau consensus across independent sources, sanctions screens, accountability status, and an indicative EU AI Act tier. Built for verify-before-execute.

⚡ Quickstart — one call, full verdict

curl https://trustifer.com/api/v1/trust/0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
{
  "verdict": "PROCEED",                 // machine-actionable
  "status": "active",
  "trust":  { "score": 8.9, "scale": "1-10", "band": "Strong", "confidence": "High" },
  "bureau": { "consensus": 80, "band": "Exceptional",
              "corroboration": "corroborated", "independentGroups": 4,
              "reasonCodes": ["Corroborated by 4 independent source groups …"] },
  "euAiAct": { "risk": "minimal", "label": "Minimal risk" },
  "links":  { "badge": "…/api/badge/0xd8dA…", "passport": "…/passport/0xd8dA…" }
}

Works with any EVM address or agent domain. Sanctioned / killed / blacklisted subjects return DO_NOT_ENGAGE — safety findings are never averaged away.

🛡 Trust Firewall verify-before-execute, enforced — our flagship

Don't just look up trust — enforce it on every action. One POST before each payment/hire/data-share returns a deterministic, credit-aware decision with an Ed25519-signed receipt for your audit trail. Sanctioned, blacklisted, or killed counterparties are BLOCKED at the floor — no policy can override safety.

curl -X POST https://trustifer.com/api/v1/firewall/check \
  -H "Content-Type: application/json" \
  -d '{"subject":"0xCounterparty…","action":"payments.send","amountUsd":400}'
{
  "decision": "LIMIT",            // ALLOW · LIMIT · REVIEW · BLOCK
  "limitUsd": 250,                // credit-aware ceiling (card-network style)
  "reasons": ["Consensus 58 in limit band (<60) — authorized up to $250",
              "Thin credit file — tier tightened by 10"],
  "consensus": 58, "status": "active",
  "signature": "ed25519…",        // verify: POST /api/v1/firewall/receipt
  "expiresAt": "…+5min"           // decisions are point-in-time
}

Tighten (never loosen) the default policy per call: policy: { blockBelow, limitUsd, requireApprovalAboveUsd, treatUnknownAs: "block" }. Free in preview · metered keys + org policies at launch.

📚 Endpoints keyless preview works · get a free key for higher limits

POST/api/v1/firewall/checkflagship

TRUST FIREWALL — per-action authorization: { subject, action, amountUsd, policy? } → ALLOW / LIMIT (USD ceiling) / REVIEW / BLOCK + reasons + Ed25519-signed receipt. Safety floors can never be loosened by policy.

POST/api/v1/firewall/receipt

Verify any firewall receipt — re-canonicalizes and checks the Ed25519 signature against did:web:trustifer.com#key-1. Auditors & insurers can prove a check happened without trusting our word.

GET/api/v1/trust/{subject}core

THE one-call verdict — Trust Score + Credit + Meta-Bureau consensus + status + EU AI Act tier + machine verdict (PROCEED / PROCEED_WITH_LIMITS / DO_NOT_ENGAGE).

GET/api/v1/diligence/{subject}premium

DEEP DUE-DILIGENCE DOSSIER — the complete signed background check: identity · trust pillars · credit · per-source bureau evidence · reputation · incidents · lineage · authorizations · EU AI Act · drift. Human-readable at /diligence/{subject}. Free in preview, paid at launch.

GET/api/v1/competence/{subject}

PROOF-OF-COMPETENCE — “is this agent good at its job?” 0–100 from verified real-world outcomes (success rate · reliability · dispute & claim integrity · experience · on-chain validations · drift). The third pillar: safe × solvent × competent.

GET/api/bureau/{subject}

Full Meta-Bureau assessment — per-source scores, evidence, corroboration, outliers, reason codes.

GET/api/bureau

The bureau network — every trust source we aggregate (live · ready · planned).

GET/api/passport/verify?address={subject}

Verify an issued passport credential — signature, revocation, on-chain anchor.

GET/api/badge/{subject}

Embeddable SVG badge — live-scored, cache-friendly. Drop it in a README.

GET/api/passport/export/{subject}interop

Interop export — our verified assessment in the open agent-passport.json (Cubitrek v0.1) shape.

POST/api/v1/watch

Register a webhook watch { subject, url } → returns your HMAC secret. Fires on ≥5-pt consensus moves, status changes (blacklist / kill / flag), and impersonation alerts on your identity.

GET/api/v1/clonewatch/{subject}

IMPERSONATION SCREEN — is this subject cloning a protected identity? Homoglyph + typosquat + name-similarity detection, lineage-aware (registered family ≠ fraud). Likely hits file reported incidents + alert the real owner; firewall gates them at REVIEW.

GET/api/feeds

External connector network status — which feeds corroborate the bureau right now.

POST/api/v1/register

REGISTER AN AGENT — verify ownership (KYA gate) → write the declared profile → return the unified golden record (declared vs verified). Optional { ref, partner } attribution. Declared data is isolated from scoring.

GET/api/v1/referral

Referral loop — ?creator={email|crt_id} returns a shareable code + link + verified-referral stats; ?leaderboard=1 returns top referrers. A referral counts only once the referred agent is approved.

POST/api/v1/partners

PARTNER / LAUNCHPAD track — apply { name, code?, contact } → vetted → public partner code + “Register with Trustifer” widget. GET ?code= for status/stats, ?leaderboard=1 for rankings. The code attributes; it never bypasses ownership.

🤖 Trustifer for Agents — pay-per-call x402 · premium pulls, no account

Autonomous agents pay a few cents in USDC on Base (gasless, via the open x402 standard) to pull a premium product before they transact — no signup, no key. Basic trust/firewall checks stay free; only premium pulls charge. Trustifer is its own x402 facilitator (neutral, no third party).

# 1. Call a premium endpoint → HTTP 402 + payment requirements
curl https://trustifer.com/api/v1/diligence/0xAGENT
# → 402 { x402Version, accepts:[{ scheme:"exact", network:"base",
#         asset:USDC, maxAmountRequired:"500000", payTo, … }] }

# 2. Pay with any x402 wallet (gasless EIP-3009), retry with the header:
curl https://trustifer.com/api/v1/diligence/0xAGENT \
  -H "X-PAYMENT: <signed-payment>"
# → 200 signed dossier + X-PAYMENT-RESPONSE (settlement proof)

Discover priced endpoints + schema at /.well-known/x402. Pricing: deep due-diligence $0.50 · signed credit report $0.25 · basic trust/firewall free. Works with any x402 wallet (Bankr, Coinbase…). Prefer a plan? Use a metered API key instead. (Charging activates at launch — free in preview today.)

🔔 Signed webhooks — know the moment trust changes

curl -X POST https://trustifer.com/api/v1/watch \
  -H "Content-Type: application/json" \
  -d '{"subject":"0xYourAgent…","url":"https://your-app.com/hooks/trustifer"}'

# → { "id":"wch_…", "secret":"whsec_…" }   ← store the secret (shown once)

Every delivery is signed: X-Trustifer-Signature: sha256=HMAC-SHA256(secret, rawBody). Fires on ≥5-point consensus moves or any status change (flagged · blacklisted · killed). Checks run daily in preview — higher frequencies ship with API tiers at launch.

🛡 Speaks your standards OWASP LLM Top-10 · NIST AI RMF · MITRE ATLAS

Trustifer pillarWeightOWASP LLM Top-10NIST AI RMFMITRE ATLAS
Identity & AuthenticityHighLLM05 Supply-chain · LLM03 Training-data provenanceGOVERN 1 · MAP 1 (context & actors)Reconnaissance · Resource Development (impersonation)
Safety & ComplianceCriticalLLM01 Prompt Injection · LLM02 Insecure OutputMANAGE 2 (risk treatment) · GOVERN 4Initial Access · Defense Evasion
Track Record & TenureHigh—(operational maturity)MEASURE 2 (trustworthiness over time)
Counterparty & NetworkModerateLLM05 Supply-chain (third parties)MAP 3 (third-party risk)Lateral Movement (contagion)
Reputation & OutcomesHighLLM09 Overreliance (verified efficacy)MEASURE 1 (performance evidence)Impact (failure history)
Behavioral IntegritySupportingLLM08 Excessive AgencyMEASURE 3 (drift & anomaly tracking)Persistence · Privilege Escalation patterns
Transparency & GovernanceSupportingLLM10 Model Theft (disclosure posture)GOVERN 2-3 (accountability & disclosure)

Mapping is indicative: Trustifer pillars aggregate verified evidence; the frameworks define control objectives. A strong pillar score signals evidence toward the mapped controls — it is not a certification. Full scoring math, hard rules & dispute process: /methodology · challenge any score: /disputes.

🔌 One passport, any rail

🧾
EU AI Act tier — built in

Every assessment carries an indicative risk classification (minimal / limited / high / unacceptable) derived from authorized scopes & status.

📄
Open-spec export

Consume us in the open agent-passport.json (v0.1) shape via /api/passport/export — our verified scores inside the community format.

💳
Payment-rail ready

Built for agentic commerce stacks — Visa Trusted Agent Protocol, Mastercard Agent Pay, x402, Google AP2. We detect Web Bot Auth key directories as verification evidence for off-chain agents.

🤖 MCP server — trust inside your agent

Give Claude Code, Cursor, or any MCP host three tools — get_trust_verdict · get_bureau_assessment · watch_agent — so your agent verifies counterparties before executing. Zero dependencies.

# Claude Code
claude mcp add trustifer -- node sdk/mcp/server.mjs

# any MCP config
{ "mcpServers": { "trustifer": { "command": "node", "args": ["sdk/mcp/server.mjs"] } } }

LangChain / CrewAI: call GET /api/v1/trust/{subject} from a custom tool — one HTTPS request, no auth needed in preview. npm package & hosted MCP endpoint: at launch.

API keys & SLAs at launch

Building on the trust layer?

The API is free while in preview. Leave your email for keys, rate-limit tiers, the MCP server, and SDK releases.