Developer Portal

Trusta exposes its trust data and verification infrastructure through a public REST API, an OpenAPI specification, and an MCP server for AI agent integrations. Everything is designed to be machine-readable and discoverable without contacting us first.

API Reference

Base URL: https://api.trusta.dev

The full OpenAPI 3.1 spec is available at https://api.trusta.dev/openapi.json — machine-readable, no authentication required.

Public endpoints (no auth required)

• GET /trust/{projectSlug} — published trust profile for a project
• GET /trust/{projectSlug}/trust.json — machine-readable trust state
• GET /trust/{projectSlug}/controls — trust controls and evidence
• GET /trust/{projectSlug}/signals — trust signals with timestamps
• GET /trust/domains/{domain} — look up trust profile by custom domain
• GET /openapi.json — full OpenAPI 3.1 specification
• GET /health — API liveness check

Quickstart

Fetch a company's live trust profile with a single HTTP request:

curl https://api.trusta.dev/trust/yourcompany

Or fetch the machine-readable trust state:

curl https://api.trusta.dev/trust/yourcompany/trust.json

MCP Server

Trusta exposes an MCP (Model Context Protocol) server at https://api.trusta.dev/mcp, using Streamable HTTP transport. This lets Claude, ChatGPT, Cursor, and other AI agents call Trusta natively without custom integrations.

Available MCP tools:

• get_trust_profile — retrieve a published trust profile by project slug
• get_trust_controls — list trust controls and evidence for a project
• get_trust_signals — list trust signals with timestamps
• get_trust_json — machine-readable trust state

MCP endpoint: https://api.trusta.dev/mcp

Authentication

Public trust endpoints require no authentication. Authenticated endpoints (project management, evidence ingest) use:

• Human users: Cognito OAuth 2.0 (authorization_code grant)
• Machine clients / collectors: hashed bearer secrets (client_credentials grant)

OAuth 2.0 endpoints:

• Authorization: https://auth.trusta.dev/oauth2/authorize
• Token: https://auth.trusta.dev/oauth2/token
• Server metadata: /.well-known/oauth-authorization-server

CLI

The trusta npm CLI connects your infrastructure, pushes evidence, and manages collectors from the terminal.

npm install -g trusta
trusta --help

AI Agent Discovery

Trusta is designed for AI agent discoverability. Machine-readable resources:

• https://trusta.dev/llms.txt — AI model discovery file
• https://api.trusta.dev/openapi.json — OpenAPI 3.1 spec
• https://api.trusta.dev/mcp — MCP server (Streamable HTTP)
• https://trusta.dev/.well-known/oauth-authorization-server — OAuth 2.0 server metadata

Support

Questions or integration help: hello@trusta.dev

← Back to homepage