VeriTrust

Developers

VeriTrust Developer API.

Use VeriTrust from secure backends, Python scripts, Jupyter notebooks, and automation workflows. The API currently supports Deepfake Detection, Phishing Detection, Link Intelligence, and usage lookup.

Create API keys from the dashboard. Raw keys are shown once during creation; list responses only show masked keys.

Authentication

Send your key in the Authorization header. Do not call these endpoints directly from frontend JavaScript.

Authorization: Bearer vtg_live_YOUR_API_KEY
curl "https://YOUR_DOMAIN/api/v1/usage" \
  -H "Authorization: Bearer vtg_live_YOUR_API_KEY"

Scopes

New keys default to deepfake:scan, phishing:scan, link:scan, and usage:read.

  • deepfake:scan - use Deepfake API
  • phishing:scan - use Phishing API
  • link:scan - use Link Intelligence API
  • usage:read - read API usage

Rate Limits And Error Format

MVP keys default to 100 requests per day unless your workspace plan sets a different limit. Every API v1 response includes a request_id.

{
  "ok": false,
  "request_id": "vt_req_xxxxx",
  "error": {
    "code": "INVALID_INPUT",
    "message": "Please provide a valid URL or text containing a URL."
  }
}

Error codes: MISSING_API_KEY, INVALID_API_KEY, REVOKED_API_KEY, INSUFFICIENT_SCOPE, RATE_LIMITED, INVALID_INPUT, INVALID_MODEL, MODEL_ERROR, and INTERNAL_ERROR.

Deepfake API

POST /api/v1/deepfake accepts multipart/form-data with an image file, optional model, and optional crop=true.

curl -X POST "https://YOUR_DOMAIN/api/v1/deepfake" \
  -H "Authorization: Bearer vtg_live_YOUR_API_KEY" \
  -F "image=@sample.jpg" \
  -F "model=fast" \
  -F "crop=true"

Phishing API

POST /api/v1/phishing accepts JSON with text and optional model. Use fast, mailguard, robust, or cortex.

curl -X POST "https://YOUR_DOMAIN/api/v1/phishing" \
  -H "Authorization: Bearer vtg_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text":"Your account will be blocked. Verify your password now.","model":"fast"}'

Usage API

GET /api/v1/usage returns daily API usage and the authenticated key metadata. Link Intelligence calls are recorded as scan_type = "link" with endpoint /api/v1/link-check.

Python Example

import requests

API_KEY = "vtg_live_YOUR_API_KEY"
BASE_URL = "https://YOUR_DOMAIN"

payload = {
    "url": "https://secure-bank-verify-example.com/login",
    "model": "swift"
}

response = requests.post(
    f"{BASE_URL}/api/v1/link-check",
    headers={"Authorization": f"Bearer {API_KEY}"},
    json=payload,
    timeout=60
)

data = response.json()

print(data["result"]["label"])
print(data["result"]["risk_level"])
print(data["result"]["confidence"])
print(data["result"]["summary"])

Jupyter Notebook Example

import os
import requests
from IPython.display import display, Markdown

API_KEY = os.getenv("VERITRUST_API_KEY")
BASE_URL = "https://YOUR_DOMAIN"

url = "https://secure-bank-verify-example.com/login"

response = requests.post(
    f"{BASE_URL}/api/v1/link-check",
    headers={"Authorization": f"Bearer {API_KEY}"},
    json={"url": url, "model": "swift"},
    timeout=60
)

data = response.json()

display(Markdown(f"""
## VeriTrust Link Intelligence

**URL:** {url}  
**Verdict:** {data["result"]["label"]}  
**Risk:** {data["result"]["risk_level"]}  
**Confidence:** {data["result"]["confidence"]:.2%}  

{data["result"]["summary"]}
"""))

Security Best Practices

Never expose VeriTrust API keys in frontend JavaScript, public GitHub repositories, or shared notebooks. Use environment variables or server-side calls.

  • Store keys in environment variables or a secret manager.
  • Rotate and revoke keys from the dashboard when access changes.
  • Use the narrowest scope set that fits your integration.
  • Do not log raw API keys or paste them into public notebooks.