# Trusta > Verified trust infrastructure for software companies. Trusta scans real infrastructure and publishes a live, verifiable trust page — not a PDF, not a questionnaire. ## What Trusta does Trusta replaces static compliance documents with live, computed trust. It connects to your infrastructure (GitHub, CI, cloud providers), runs active verification [collectors](https://trusta.dev/#how-it-works), and publishes a public [trust page](https://trusta.dev/#buyer-view) backed by real evidence. - [Homepage](https://trusta.dev) - [Dashboard](https://app.trusta.dev) - [Security overview](https://trusta.dev/security) - [Privacy policy](https://trusta.dev/privacy) - [Terms of service](https://trusta.dev/terms) ## Public API Base URL: [https://api.trusta.dev](https://api.trusta.dev) Full [OpenAPI spec](https://api.trusta.dev/openapi.json) — machine-readable, no auth required. ### Public endpoints (no authentication required) - `GET /trust/{projectSlug}` — published trust profile for a project - `GET /trust/{projectSlug}/trust.json` — machine-readable trust state - `GET /trust/{projectSlug}/controls` — published trust controls and evidence - `GET /trust/{projectSlug}/signals` — trust signals with timestamps - `GET /trust/domains/{domain}` — look up a trust profile by custom domain - `GET /health` — API liveness check - `GET /openapi.json` — full OpenAPI 3.1 specification ### Authentication Human users authenticate via Cognito OAuth 2.0. Collectors and machine clients use hashed bearer secrets. - [OAuth 2.0 authorization server metadata](https://trusta.dev/.well-known/oauth-authorization-server) - Authorization endpoint: `https://auth.trusta.dev/oauth2/authorize` - Token endpoint: `https://auth.trusta.dev/oauth2/token` - Supported grants: `authorization_code`, `client_credentials`, `refresh_token` ## Trust Pages Every Trusta customer gets a public trust page at `https://trust.{theirdomain}.com`. These pages are publicly accessible without authentication and contain live, timestamped evidence. Example: [https://trust.yourstartup.com](https://trust.yourstartup.com) ## Developer tools - [Developer portal](https://trusta.dev/developers) — API docs, quickstart, auth guide, MCP server - [npm CLI (`trusta`)](https://www.npmjs.com/package/trusta) — connect infrastructure, push evidence, manage collectors - [OpenAPI spec](https://api.trusta.dev/openapi.json) — full REST API definition (OpenAPI 3.1, no auth required) - [MCP server](https://api.trusta.dev/mcp) — Model Context Protocol server (Streamable HTTP), tools: get_trust_profile, get_trust_controls, get_trust_signals, get_trust_json - [OAuth server metadata](https://trusta.dev/.well-known/oauth-authorization-server) — machine-readable auth discovery - [Plugin manifest](https://trusta.dev/.well-known/ai-plugin.json) — agent plugin descriptor ## About - [Security](https://trusta.dev/security) - Contact: [hello@trusta.dev](mailto:hello@trusta.dev) - Security reports: [security@trusta.dev](mailto:security@trusta.dev)