Domain Trust Score API — /api/v1/domain/trust
Aggregates WHOIS, NS, SPF, DMARC, SSL, ~130 DNSBLs, port scan and traffic signals into a single 0–100 Trust Score with per-dimension breakdown and AI-generated recommendations. Expensive — counts as 5 credits.
What Domain Trust Score does
Aggregates WHOIS, NS, SPF, DMARC, SSL, ~130 DNSBLs, port scan and traffic signals into a Trust Score (0–100) plus a Trust Grade (Low / Medium / High risk) with per-dimension breakdown and AI recommendations. Expensive — counts as 5 credits. Formerly served as /api/v1/domain/health; the old path is a permanent 301 to /api/v1/domain/trust.
- Method GET
- Path /api/v1/domain/trust (legacy alias: /api/v1/domain/health)
- Stability STABLE
- Version v2026-07-15
- Summary Composite Trust Score covering registration, DNS, SSL, email auth, blacklist and reputation.
Request parameters
Pass these as query-string parameters (or, where indicated, in the request headers). Required params marked required.
- domain (required) — string Apex domain to score.
- detailed — boolean, default false Include per-check raw output (5–10x larger payload).
Response schema
All successful responses follow the standard `{ success: true, data: {...} }` envelope. Notable fields on the data object for this endpoint:
- data.domain — object Normalised domain parts.
- data.domainRecord — object Same shape as `/domain/lookup`.
- data.LocalAnalysis.overall — object Deterministic sub-scores: healthScore (Trust Score), reputationScore, phishingRisk (Low/Medium/High). Field name `healthScore` is preserved for API backward compatibility.
- data.AiAnalysis.overall_health_score — number Composite Trust Score (0–100). Field name preserved for backward compat; product surface renders this as 'Trust Score'.
- data.AiAnalysis.risk_level — string Trust Grade — 'Low', 'Medium', or 'High'. Field name preserved for backward compat.
- data.AiAnalysis.security_recommendations — array<object> Prioritised fix list with `title`, `value`, and `analysis`.
Example response
Truncated but representative example for a real Trust Score request:
{
"success": true,
"data": {
"domain": {
"input": "google.com",
"tld": "com",
"sld": "google",
"domain": "google.com"
},
"AiAnalysis": {
"overall_health_score": "92", // Trust Score (0–100)
"risk_level": "Low", // Trust Grade
"reputation_score": "99",
"phishing_risk": "5",
"malware_detection": "Clean",
"security_recommendations": []
},
"LocalAnalysis": {
"overall": {
"healthScore": 92,
"reputationScore": 95,
"phishingRisk": "Low"
}
}
}
}Error codes
Errors return HTTP status codes paired with stable machine-readable codes. Match on the code field rather than the human-readable message.
- 400 VALIDATION_ERROR Invalid domain.
- 503 UPSTREAM_UNAVAILABLE One or more checks timed out — partial results may still be returned.
Implementation tips
Patterns we recommend when integrating this endpoint:
- Run nightly per monitored domain, not on every page view.
- Use `detailed=false` unless you're surfacing per-check evidence to end users.
- Cache Trust Score responses for at least 30 minutes — the underlying signals rarely move faster than that.
Frequently asked questions
- Why 5 credits per call? This endpoint internally calls 6 other tools plus an AI pass for recommendations.
- Why does the response body still use `overall_health_score`? The endpoint was renamed from /domain/health to /domain/trust as part of a rebrand, but the JSON response shape is preserved for backward compatibility. `overall_health_score` is the Trust Score, `risk_level` is the Trust Grade. New keys may be added alongside these in a future minor version.
- Does the old /api/v1/domain/health still work? Yes. It is kept as a permanent alias that hits the same handler with the same response shape. New integrations should use /api/v1/domain/trust.