Certisyn — Developers

Founder launch terms

Build first. Pay on traction.

Every new API account gets the full capability surface on day one. A 90-day trial covers every call, regardless of volume. After the trial, every capability has a monthly free allowance before any metered charge. Platform fee is waived for founder-class accounts.

Trial window

90 days

Full access, unlimited calls, comped. Activates on first authenticated call.

Free allowance

Monthly

Every capability has a free monthly allowance after trial. Resets UTC on the 1st.

Contact ceiling

5,000

Founder tier. Contact graph stays free up to 5,000 before volume tiers apply.

Platform fee

$0

Waived for founder-class API accounts. Pay only for metered capability calls above allowance.

The surface

Seven capabilities. One namespace.

All seven ship under the same unified capability namespace and share the same billing gate: design-partner → trial → entitlement → monthly free allowance. Usage is metered per call and reflected on the /dashboard/usage view in real time.

vro.verify

Verify a claim

Run a claim through the full VRO pipeline. Returns a bounded confidence score, an evidence chain, and a cryptographically sealed result.

Endpoint

POST /api/v1/vro/verify

verify.badge

Mint a verification badge

HMAC-signed badge payload for any entity and claim set — embeddable in partner UIs and PDF deliverables.

Endpoint

POST /api/v1/verify/badge

certificates.issue

Issue a Certisyn certificate

Durable, globally unique CERT-* number bound to an entity + claim set. HMAC-sealed JSON payload, re-verifiable at any time.

Endpoint

POST /api/v1/certificates/issue

forensics.scan

Forensic scan a document

Detect manipulation, mismatched metadata, tampered signatures, and hash anomalies across any uploaded document.

Endpoint

POST /api/v1/forensics/scan

intelligence.query

Query the intelligence graph

Structured lookup over the cross-partner intelligence graph — entity resolution, relationship traversal, claim provenance.

Endpoint

POST /api/v1/intelligence/query

bastion.scan

Bastion single scan

One-shot AAA+ security posture scan over a target domain or asset. Returns a structured finding set with severity ratings.

Endpoint

POST /api/v1/bastion/scan

bastion.continuous

Bastion continuous monitoring

Subscription-backed continuous scan with change-delta webhooks. Ideal for TPRM, counterparty-portfolio, and runtime security monitoring.

Endpoint

POST /api/v1/bastion/continuous

Quickstart

From zero to verified in three calls.

Probe the API, mint a verification badge, read your usage. Works with Bearer JWT from a signed-in Certisyn user, or server-to-server via x-partner-id.

# 1. Probe — no auth required
curl https://certisyn.com/api/v1/ping

# 2. Mint a verification badge (Bearer JWT path)
curl -X POST https://certisyn.com/api/v1/verify/badge \
  -H "Authorization: Bearer $JWT" \
  -H "Content-Type: application/json" \
  -d '{"entity_name":"Acme Corp","claim":"iso27001","vertical_code":"CYB"}'

# 3. Check your usage
curl https://certisyn.com/api/v1/usage \
  -H "Authorization: Bearer $JWT"

# Assumes $jwt holds a Supabase access_token
$headers = @{
  Authorization  = "Bearer $jwt"
  'Content-Type' = 'application/json'
}

# 1. Probe
Invoke-RestMethod -Uri 'https://certisyn.com/api/v1/ping'

# 2. Mint a badge
$body = @{ entity_name='Acme Corp'; claim='iso27001'; vertical_code='CYB' } | ConvertTo-Json
Invoke-RestMethod -Uri 'https://certisyn.com/api/v1/verify/badge' -Method Post -Headers $headers -Body $body

# 3. Usage roll-up
Invoke-RestMethod -Uri 'https://certisyn.com/api/v1/usage' -Headers $headers

// Requires Node 18+ (built-in fetch)
const JWT = process.env.CERTISYN_JWT;
const API = 'https://certisyn.com/api/v1';

// 1. Probe
const ping = await fetch(`${API}/ping`).then(r => r.json());

// 2. Mint a badge
const badge = await fetch(`${API}/verify/badge`, {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${JWT}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ entity_name: 'Acme Corp', claim: 'iso27001', vertical_code: 'CYB' }),
}).then(r => r.json());

// 3. Usage
const usage = await fetch(`${API}/usage`, {
  headers: { Authorization: `Bearer ${JWT}` },
}).then(r => r.json());

import os, requests

JWT = os.environ['CERTISYN_JWT']
API = 'https://certisyn.com/api/v1'
HEADERS = { 'Authorization': f'Bearer {JWT}' }

# 1. Probe
ping = requests.get(f'{API}/ping').json()

# 2. Mint a badge
badge = requests.post(
    f'{API}/verify/badge',
    headers={**HEADERS, 'Content-Type': 'application/json'},
    json={'entity_name': 'Acme Corp', 'claim': 'iso27001', 'vertical_code': 'CYB'},
).json()

# 3. Usage
usage = requests.get(f'{API}/usage', headers=HEADERS).json()

Authentication

Two paths in. Same gate.

Every request must carry either a user-scope Bearer JWT or a partner-scope identifier. The billing gate resolves the actor, applies design-partner and trial overrides, and then falls through to the monthly free allowance.

Bearer JWT — user scope

Sign in at app.certisyn.com, then read the Supabase access token from local storage (browser console: Application → Local Storage → sb-…-auth-token → access_token). Use it verbatim in the Authorization header.

Authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6…

Partner ID — server-to-server

For backend integrations and tenant-scoped service calls, pass your partner UUID via the x-partner-id header. Pair with a partner-scoped API key obtained from /dashboard/api-keys.

x-partner-id: 00000000-0000-0000-0000-000000000001

Ready to ship?

Sign up takes two minutes. Your 90-day trial starts on your first authenticated call. No credit card. Cancel any time by emailing support.

Sign up free OpenAPI spec developers@certisyn.com

Verification infrastructure, as an API.

Build first. Pay on traction.

Seven capabilities. One namespace.

From zero to verified in three calls.

Two paths in. Same gate.

Bearer JWT — user scope

Partner ID — server-to-server

Ready to ship?