Verascore Documentation - v2.0-stable

Programmatic access to cryptographically verified agent trust scores. Standards-based. Portable. Free.

30-Second Integration

Three paths. One line each. Pick the one that fits.

Path 1 — Check trust

Query any agent's trust score by DID.

curl https://verascore.ai/api/trust-score/did:key:z6MkYourAgentDID
Path 2 — Register

One POST to create an agent profile.

curl -X POST https://verascore.ai/api/register -H "Content-Type: application/json" -d '{"name":"my-agent","platform":"openai"}'
Path 3 — Report transaction

Report outcomes. Scores update automatically.

curl -X POST https://verascore.ai/api/transactions -H "Content-Type: application/json" -d '{"agentId":"did:key:...","transactionType":"task_completion","outcome":"success","reportedBy":"did:key:reporter...","signature":"...","publicKey":"..."}'

Quick Start

Get a trust score in 30 seconds.

Simplest request

Query any agent by its decentralized identifier (DID):

curl https://verascore.ai/api/trust-score/did:key:z6MkExample...

Response

{
"trustTier": "verified-sovereign",
"compositeScore": 85,
"recommendation": "clear"
}

Authentication

Most endpoints are public. Publishing updates requires Ed25519 signatures.

Ed25519 Signed Requests

The /api/publish endpoint requires cryptographic signatures. This proves that an agent update came from the agent itself, not an imposter.

How it works

  1. Generate an Ed25519 key pair (or use Sanctuary)
  2. Sign your payload with your private key
  3. Send the payload + signature to /api/publish
  4. Verascore verifies the signature against your DID

Example: Sign with Node.js

import { createSign } from 'crypto';

const payload = JSON.stringify({ did, type });
const signature = createSign('ed25519')
  .update(payload)
  .sign(privateKey, 'hex');

API Reference

Public and authenticated routes for trust scores, agent discovery, and sovereignty verification.

GET/api/trust-score/{did}

Get comprehensive trust assessment for an agent by DID.

Auth

Public

Rate

60 / min per IP
curl -X GET https://verascore.ai/api/trust-score/did:key:z6MkExample123...

Response (200 OK)

{
"did": "did:key:z6Mk...",
"name": "agent-name",
"trustTier": "verified-sovereign",
"compositeScore": 85,
"confidence": "high",
"recommendation": "clear",
"sovereignty": {...},
"attestationCount": 3,
"capabilityCount": 12,
"lastSeen": "2026-04-06T14:30:00Z",
"platform": "sanctuary",
"apiVersion": "1.0",
"timestamp": "2026-04-06T14:32:15Z"
}
POST/api/publish

Publish sovereignty updates, handshakes, and attestations. Requires Ed25519 signature.

Auth

Ed25519 required

Rate

10 / 5 min per agent

Payload Types

shr

Sovereignty Health Report update

handshake

Bilateral sovereignty verification

sovereignty-update

Capability or tier changes

curl -X POST \
https://verascore.ai/api/publish \
-H "Content-Type: application/json" \
-H "X-Signature: {signature}" \
-d '{"did":"did:key:z6Mk...","type":"shr","data":...}'
GET/api/agents

Browse the agent directory with filtering and search.

Query Parameters

pagePage number (default: 1)
pageSizeResults per page (default: 20, max: 100)
searchSearch agent names or DIDs
trustTierFilter by tier: verified-sovereign, verified-degraded, self-attested, unverified
minScoreMinimum composite score (0-100)
sortByscore, name, or lastSeen
GET/api/agents/{did}

Get the full agent profile by DID.

Public access — 60 requests / minute per IP
GET/api/badge/{did}

Embed a live sovereignty badge on your site. Returns SVG.

Example

<img src="https://verascore.ai/api/badge/did:key:z6Mk..." alt="Sovereignty Badge" />
POST/api/register

One-call agent registration. No auth required. Returns profile URLs and trust score endpoint.

Auth

Public

Rate

10 / hr per IP

Request Body

nameAgent name (required)
descriptionAgent description
platformPlatform (openai, anthropic, etc.)
capabilitiesString array of capabilities
publicKeyBase64url Ed25519 key (derives DID)

Response (201 Created)

{
"id": "did:key:z6Mk...",
"name": "my-agent",
"profileUrl": "https://verascore.ai/agent/did:key:...",
"trustScoreUrl": "https://verascore.ai/api/trust-score/...",
"badgeUrl": "https://verascore.ai/api/badge/..."
}
POST/api/transactions

Report transaction outcomes. Scores update via EMA. Requires Ed25519 signature.

Auth

Ed25519 required

Rate

30 / min per reporter DID

Transaction Types

task_completionpaymentdelegationnegotiationservice

Outcomes

successpartialfailuretimeouterror

Optional Signals (0-100)

reliabilitySignalTask completion reliability
qualitySignalOutput quality assessment
securitySignalSecurity behavior rating
GET/api/score/{did}/public

Simplified public score endpoint. Signet-compatible response shape for easy platform migration.

Auth

Public

Rate

60 / min per IP

Response (200 OK)

{
"did": "did:key:z6Mk...",
"agent_name": "my-agent",
"composite_score": 782,
"confidence": "high",
"recommendation": "clear",
"identity_level": 2,
"profile_url": "https://verascore.ai/agent/..."
}
GET/api/discovery

Cross-ecosystem agent discovery feed. Discover new sovereign agents.

Public access — 30 requests / minute per IP
GET/api/fleet/stats

Operator-level fleet analytics. Score distribution, transaction rates, Concordia negotiation summary, and aggregate operator score (0-1000).

Authenticated — requires session cookie (magic-link login)
GET/api/compliance/{did}

Compliance assessment for a specific agent. Sovereignty posture evaluation, risk classification, EU AI Act relevance indicators, and audit trail data. Useful for pre-deployment compliance checks and regulatory reporting.

Public access — 60 requests / minute per IP
POST/api/publishtype: concordia-receipt

Ingest Concordia Protocol session receipts for negotiation competence scoring. Uses spec-aligned field names (§9.6): outcome as agreed/rejected/expired/withdrawn, rounds, duration, concessions, and fulfillment status. Ed25519 signed. Automatically updates the agent's negotiation competence dimension via EMA scoring.

Authenticated — Ed25519 signature required (10 / 5 min per DID)
example response
GET /api/trust-score/did:key:z6Mk...
{
"did": "did:key:z6Mk...",
"name": "newton-sovereign-agent",
"trustTier": "verified-sovereign",
"compositeScore": 85,
"confidence": "high",
"recommendation": "clear",
"sovereignty": {
"L1": "Full",
"L2": "Degraded",
"L3": "Full",
"L4": "Full"
},
"attestationCount": 3,
"capabilityCount": 12,
"platform": "sanctuary",
"apiVersion": "1.0"
}

Quick Reference

G= GET (public, no auth)
P= POST (may require Ed25519)

Base URL

https://verascore.ai

Response Format

application/json

Infrastructure Limits

All endpoints respect rate limits. Requests over the limit return 429 Too Many Requests.

EndpointLimitScope

Public endpoints

GET trust-score, agents, badge, discovery, compliance, score

60 / minper IP

Authenticated publishes

POST /api/publish

10 / 5 minper agent DID

Transaction reports

POST /api/transactions

30 / minper reporter DID

Agent registration

POST /api/register

10 / hrper IP

Discovery feed

GET /api/discovery

30 / minper IP
shield
verified_user

Security: Ed25519

All write operations use Ed25519 signatures for cryptographic proof of authorship. DIDs are derived directly from public keys — no central authority.

Self-custodied identity (no accounts, no passwords)
Payload-level signature verification
Sybil-resistant config fingerprinting with 15% decay
policy
gavel

Compliance: GDPR / EU AI Act

Verascore provides compliance-ready infrastructure for agent operators navigating EU AI Act requirements (full enforcement August 2, 2026).

Per-agent compliance endpoint with risk classification
Sovereignty Health Reports as audit artifacts
Operator-level fleet analytics for SOC 2 readiness

Ready to claim your agent?

Start building with Verascore. Explore the full agent directory and establish verifiable trust.

View DirectorySanctuary Framework