API Documentation — ScamsTester Developer API

Introduction

The ScamsTester API provides programmatic access to our website trust database, allowing developers to retrieve trust scores, detailed reports, and safety assessments for any domain. The API follows REST conventions, returns JSON responses, and supports both free and premium access tiers.

All API requests are served over HTTPS from the base URL:

https://api.scamstester.com/v1/

Authentication

All API requests require an API key passed in the request header. You can generate an API key by registering for a free developer account at developers.scamstester.com.

Include your API key in every request using the Authorization header:

GET /v1/check/example.com
Host: api.scamstester.com
Authorization: Bearer your_api_key_here
Content-Type: application/json
        

API keys are scoped to your account and rate-limited according to your plan tier. Never expose your API key in client-side code or public repositories. If a key is compromised, you can regenerate it instantly from your developer dashboard.

Endpoints

GET /v1/check/{domain}

Returns a comprehensive trust report for the specified domain, including the composite trust score, safety classification, category breakdown, and key findings.

// Request
GET https://api.scamstester.com/v1/check/upwork.com

// Response
{
  "domain": "upwork.com",
  "trust_score": 91,
  "classification": "safe",
  "last_updated": "2026-04-12T08:30:00Z",
  "categories": {
    "domain_infrastructure": 95,
    "security_encryption": 92,
    "business_legitimacy": 94,
    "financial_practices": 88,
    "user_experience": 85,
    "community_sentiment": 90,
    "external_reputation": 93
  },
  "ssl": {
    "valid": true,
    "issuer": "DigiCert Inc",
    "type": "OV",
    "expires": "2027-01-15"
  },
  "domain_age_days": 7284,
  "business_registered": true,
  "blacklisted": false,
  "report_url": "https://scamstester.com/check/upwork-com"
}
        

GET /v1/score/{domain}

Returns a lightweight response with only the trust score and classification. Ideal for high-volume lookups where you don't need the full report.

// Request
GET https://api.scamstester.com/v1/score/truezobs.com

// Response
{
  "domain": "truezobs.com",
  "trust_score": 12,
  "classification": "danger",
  "last_updated": "2026-04-10T14:22:00Z"
}
        

GET /v1/search

Search the ScamsTester database by keyword or partial domain match. Returns paginated results sorted by relevance.

// Request
GET https://api.scamstester.com/v1/search?q=freelance&page=1&limit=10

// Response
{
  "query": "freelance",
  "total_results": 47,
  "page": 1,
  "limit": 10,
  "results": [
    {
      "domain": "upwork.com",
      "trust_score": 91,
      "classification": "safe"
    },
    {
      "domain": "freelancer.com",
      "trust_score": 84,
      "classification": "safe"
    },
    {
      "domain": "fiverr.com",
      "trust_score": 89,
      "classification": "safe"
    }
  ]
}
        

Query Parameters for /v1/search

`q`	Search query string (required). Minimum 2 characters.
`page`	Page number for pagination (default: 1).
`limit`	Results per page, 1–50 (default: 10).
`classification`	Filter by score range: `safe`, `caution`, or `danger`.
`sort`	Sort order: `relevance`, `score_asc`, `score_desc`, `updated`.

Response Format

All responses are returned as JSON with UTF-8 encoding. Successful responses include an HTTP 200 status code. The response body structure varies by endpoint but always includes the domain field for identification.

Timestamps follow ISO 8601 format (YYYY-MM-DDTHH:mm:ssZ) in UTC. Boolean values are returned as JSON true/false. Numeric scores are integers in the range 0–100.

Rate Limits

API requests are rate-limited based on your subscription tier. Rate limit headers are included in every response to help you manage usage:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1744761600
        

Free

100 requests / day

All endpoints, JSON responses, community support.

Pro — $49/mo

5,000 requests / day

Bulk lookups, webhook alerts, priority support, historical data.

Enterprise — Custom

Unlimited requests / day

Dedicated infrastructure, SLA guarantee, custom endpoints, account manager.

Error Codes

The API uses standard HTTP status codes. Error responses include a JSON body with error and message fields:

{
  "error": "rate_limit_exceeded",
  "message": "Daily request limit reached. Upgrade your plan or wait until reset.",
  "status": 429
}
        

`200`	Success — request processed and data returned.
`400`	Bad Request — invalid domain format or missing required parameters.
`401`	Unauthorized — missing or invalid API key.
`403`	Forbidden — API key does not have access to this endpoint or tier.
`404`	Not Found — domain not in our database. Submit a review request via the website.
`429`	Rate Limited — daily request quota exceeded. Check `X-RateLimit-Reset` header.
`500`	Internal Server Error — temporary issue on our end. Retry with exponential backoff.
`503`	Service Unavailable — API is undergoing maintenance. Check our status page.

SDKs & Libraries

We provide official SDK libraries to simplify integration in popular languages. All SDKs are open source and available on GitHub.

JavaScript / Node.js

// Install via npm
npm install @netverify/sdk

// Usage
const ScamsTester = require('@netverify/sdk');

const client = new ScamsTester('your_api_key');

const report = await client.check('upwork.com');
console.log(report.trust_score);    // 91
console.log(report.classification); // "safe"
        

Python

# Install via pip
pip install netverify

# Usage
from netverify import ScamsTesterClient

client = ScamsTesterClient(api_key="your_api_key")

report = client.check("upwork.com")
print(report.trust_score)     # 91
print(report.classification)  # "safe"
        

cURL

curl -X GET "https://api.scamstester.com/v1/check/upwork.com" \
  -H "Authorization: Bearer your_api_key" \
  -H "Content-Type: application/json"
        

Additional SDKs are available for PHP, Ruby, Go, and Java. Visit our GitHub organization for the full list of repositories, documentation, and code examples.

Webhooks (Pro & Enterprise)

Pro and Enterprise tier users can configure webhooks to receive real-time notifications when a monitored domain's trust score changes significantly. Webhook payloads are sent as HTTP POST requests with JSON bodies:

{
  "event": "score_change",
  "domain": "example.com",
  "previous_score": 72,
  "new_score": 34,
  "previous_classification": "safe",
  "new_classification": "caution",
  "timestamp": "2026-04-14T16:45:00Z"
}
        

Best Practices

Cache responses — Trust scores don't change every minute. Cache results for at least 1 hour (free tier) or 15 minutes (Pro/Enterprise) to minimize unnecessary API calls.
Use the score endpoint for bulk lookups — If you only need the trust score and classification, use /v1/score/{domain} instead of the full check endpoint for faster responses and lower bandwidth.
Handle rate limits gracefully — Monitor the X-RateLimit-Remaining header and implement exponential backoff when approaching your limit.
Validate domain input — Strip protocols (https://) and trailing paths before passing domains to the API. The API accepts bare domain names only (e.g., example.com).
Secure your API key — Store keys in environment variables or secure vaults. Never commit API keys to version control or embed them in client-side JavaScript.

Enterprise & Custom Solutions

Enterprise plans include dedicated infrastructure, guaranteed uptime SLAs, custom endpoint development, batch processing APIs, and a dedicated account manager. Enterprise pricing is based on volume and requirements.

For enterprise inquiries, partnership proposals, or custom integration support, please contact our team with details about your use case and expected volume. We typically respond within one business day.