Developers
VeriTrust Developer API.
Use VeriTrust from secure backends, Python scripts, Jupyter notebooks, and automation workflows. The API currently supports Deepfake Detection, Phishing Detection, Link Intelligence, and usage lookup.
Create API keys from the dashboard. Raw keys are shown once during creation; list responses only show masked keys.
Authentication
Send your key in the Authorization header. Do not call these endpoints directly from frontend JavaScript.
Authorization: Bearer vtg_live_YOUR_API_KEY
curl "https://YOUR_DOMAIN/api/v1/usage" \
-H "Authorization: Bearer vtg_live_YOUR_API_KEY"
Scopes
New keys default to deepfake:scan, phishing:scan, link:scan, and usage:read.
deepfake:scan- use Deepfake APIphishing:scan- use Phishing APIlink:scan- use Link Intelligence APIusage:read- read API usage
Rate Limits And Error Format
MVP keys default to 100 requests per day unless your workspace plan sets a different limit. Every API v1 response includes a request_id.
{
"ok": false,
"request_id": "vt_req_xxxxx",
"error": {
"code": "INVALID_INPUT",
"message": "Please provide a valid URL or text containing a URL."
}
}
Error codes: MISSING_API_KEY, INVALID_API_KEY, REVOKED_API_KEY, INSUFFICIENT_SCOPE, RATE_LIMITED, INVALID_INPUT, INVALID_MODEL, MODEL_ERROR, and INTERNAL_ERROR.
Deepfake API
POST /api/v1/deepfake accepts multipart/form-data with an image file, optional model, and optional crop=true.
curl -X POST "https://YOUR_DOMAIN/api/v1/deepfake" \
-H "Authorization: Bearer vtg_live_YOUR_API_KEY" \
-F "image=@sample.jpg" \
-F "model=fast" \
-F "crop=true"
Phishing API
POST /api/v1/phishing accepts JSON with text and optional model. Use fast, mailguard, robust, or cortex.
curl -X POST "https://YOUR_DOMAIN/api/v1/phishing" \
-H "Authorization: Bearer vtg_live_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"text":"Your account will be blocked. Verify your password now.","model":"fast"}'
Link Intelligence API
POST /api/v1/link-check accepts JSON with url, optional context, and optional model. Use swift for VeriTrust Swift. VeriTrust Sentinel is locked and coming soon.
curl -X POST "https://YOUR_DOMAIN/api/v1/link-check" \
-H "Authorization: Bearer vtg_live_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://secure-bank-verify-example.com/login",
"model": "swift"
}'
Usage API
GET /api/v1/usage returns daily API usage and the authenticated key metadata. Link Intelligence calls are recorded as scan_type = "link" with endpoint /api/v1/link-check.
Python Example
import requests
API_KEY = "vtg_live_YOUR_API_KEY"
BASE_URL = "https://YOUR_DOMAIN"
payload = {
"url": "https://secure-bank-verify-example.com/login",
"model": "swift"
}
response = requests.post(
f"{BASE_URL}/api/v1/link-check",
headers={"Authorization": f"Bearer {API_KEY}"},
json=payload,
timeout=60
)
data = response.json()
print(data["result"]["label"])
print(data["result"]["risk_level"])
print(data["result"]["confidence"])
print(data["result"]["summary"])
Jupyter Notebook Example
import os
import requests
from IPython.display import display, Markdown
API_KEY = os.getenv("VERITRUST_API_KEY")
BASE_URL = "https://YOUR_DOMAIN"
url = "https://secure-bank-verify-example.com/login"
response = requests.post(
f"{BASE_URL}/api/v1/link-check",
headers={"Authorization": f"Bearer {API_KEY}"},
json={"url": url, "model": "swift"},
timeout=60
)
data = response.json()
display(Markdown(f"""
## VeriTrust Link Intelligence
**URL:** {url}
**Verdict:** {data["result"]["label"]}
**Risk:** {data["result"]["risk_level"]}
**Confidence:** {data["result"]["confidence"]:.2%}
{data["result"]["summary"]}
"""))
Security Best Practices
Never expose VeriTrust API keys in frontend JavaScript, public GitHub repositories, or shared notebooks. Use environment variables or server-side calls.
- Store keys in environment variables or a secret manager.
- Rotate and revoke keys from the dashboard when access changes.
- Use the narrowest scope set that fits your integration.
- Do not log raw API keys or paste them into public notebooks.