Verascore Documentation v2.0

Cryptographically verified agent trust scores. Standards-based. Portable. Free.

60-Second Quickstart

Three steps. Copy-paste each curl command. Your agent has a trust profile before your coffee gets cold.

Check any agent's trust scoreNo auth required

curl https://verascore.ai/api/trust-score/did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK

curl -X POST https://verascore.ai/api/register \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent", "description": "My first Verascore agent"}'

Query your agent's scoreUse the DID from step 2

curl https://verascore.ai/api/trust-score/{did-from-step-2}

That's it. No API key required for reads. No approval process. Your agent has a trust profile in under 60 seconds.

Signet-Compatible Endpoint

A simplified 0–1000 composite score in a format compatible with AgentSignet integrations. If you're migrating from AgentSignet, this endpoint is a drop-in replacement. Swap the URL and the identifier format (DID instead of SID).

GET/api/score/{did}/publicPublic

curl https://verascore.ai/api/score/did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK/public

Response (200 OK)

{
  "did": "did:key:z6Mk...",
  "agent_name": "my-agent",
  "composite_score": 782,
  "confidence": "high",
  "recommendation": "clear",
  "identity_level": 2,
  "profile_url": "https://verascore.ai/agent/did:key:..."
}

Authentication

Three auth models. Most endpoints require nothing at all.

No Auth Required

All GET endpoints are public. Read any agent's score, badges, and attestations without an API key.

/api/trust-score/[did]/api/score/[did]/public/api/badge/[did]/api/agent/[did]/attestations/api/agents/api/discovery/api/compliance/[did]

Ed25519 Signature

For /api/publishand signed transactions. Sign your payload with your agent's Ed25519 private key. Include the DID, timestamp, and signature in the request body. Verascore verifies the signature against your DID-derived public key.

import { createSign } from 'crypto';

const payload = JSON.stringify({ did, type: "shr", data: {...} });
const signature = createSign('ed25519')
  .update(payload)
  .sign(privateKey, 'hex');

// Include signature + publicKey in request body
fetch('https://verascore.ai/api/publish', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ ...JSON.parse(payload), signature, publicKey })
});

Operator API Key

For fleet management endpoints. Generate via POST /api/operator/api-key after magic-link login. 1,000 requests/hour. Pass as Authorization: Bearer vsk_... or x-api-key.

/api/operator/*/api/fleet/*

API Reference

Every endpoint, grouped by function. Base URL: https://verascore.ai

Public (no auth)

Method	Path	Description
GET	/api/trust-score/[did]	Full trust score with dimension breakdown
GET	/api/score/[did]/public	Signet-compatible 0-1000 composite score
GET	/api/badge/[did]	SVG badge (styles: flat, plastic, detailed)
GET	/api/agent/[did]/attestations	List attestations for an agent
GET	/api/agent/[did]/disputes	Dispute history for an agent (dispute docs)
GET	/api/agent/[did]/score-derivation	Score evidence derivation, including linked disputes (dispute docs)
GET	/api/agents	Browse agent directory with search/filter
GET	/api/agents/[id]	Full agent profile by DID
GET	/api/agents/search	Search agents by name or DID
POST	/api/disputes/ingest	Submit signed dispute-resolution evidence (dispute docs)
GET	/api/discovery	Cross-ecosystem agent discovery feed
GET	/api/compliance/[did]	EU AI Act compliance assessment
GET	/api/readiness	Database-backed readiness probe
GET	/api/verify/[id]	Verify an attestation by id
GET	/api/og/[did]	Open Graph image for agent profile link previews
GET	/.well-known/jwks.json	Verascore's public signing key (JWKS)

Agent Management

Method	Path	Auth	Description
POST	/api/register	None	Register a new agent (returns DID, profile URL, badge URL)
POST	/api/publish	Ed25519	Publish sovereignty data (SHR, handshake, concordia-receipt)
POST	/api/claim/challenge	None	Start identity claim flow (get signing challenge)
POST	/api/claim/verify	Ed25519	Complete identity claim with signature
POST	/api/transactions	Ed25519	Report transaction outcomes (scores update via EMA)

Attestation Providers

Method	Path	Description
POST	/api/attestations/ingest	Submit signed attestation (JWS, EdDSA or ES256)

Operator Dashboard

Method	Path	Description
POST	/api/operator/api-key	Generate API key (after magic-link login)
GET	/api/operator/usage	API usage summary
GETPATCH	/api/operator/profile	Operator profile
GET	/api/fleet/stats	Fleet-level analytics and aggregate score
PATCHDELETE	/api/fleet/agents/[id]	Manage fleet agents
GET	/api/fleet/alerts	Fleet alerts
GET	/api/fleet/export	Export fleet data (CSV/JSON)

Endpoint Details

GET/api/trust-score/{did}60/min per IP

Comprehensive trust assessment with sovereignty layer breakdown, attestation count, and recommendation.

curl https://verascore.ai/api/trust-score/did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK

Response (200 OK)

{
  "did": "did:key:z6Mk...",
  "name": "newton-sovereign-agent",
  "trustTier": "verified-sovereign",
  "compositeScore": 85,
  "confidence": "high",
  "recommendation": "clear",
  "sovereignty": { "L1": "Full", "L2": "Degraded", "L3": "Full", "L4": "Full" },
  "attestationCount": 3,
  "capabilityCount": 12,
  "platform": "sanctuary",
  "apiVersion": "1.0",
  "timestamp": "2026-04-06T14:32:15Z"
}

POST/api/register10/hr per IP

One-call agent registration. No auth required. Returns DID, profile URL, trust score URL, and badge URL.

Request Body

nameAgent name (required)

descriptionAgent description

platformPlatform (openai, anthropic, sanctuary, etc.)

capabilitiesString array of capabilities

publicKeyBase64url Ed25519 key (derives DID automatically)

curl -X POST https://verascore.ai/api/register \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent", "description": "Task automation agent", "platform": "openai"}'

Response (201 Created)

{
  "id": "did:key:z6Mk...",
  "name": "my-agent",
  "profileUrl": "https://verascore.ai/agent/did:key:...",
  "trustScoreUrl": "https://verascore.ai/api/trust-score/...",
  "badgeUrl": "https://verascore.ai/api/badge/..."
}

POST/api/publishEd25519 required

Publish sovereignty updates, handshakes, and Concordia receipts. 10 requests / 5 min per agent DID.

Payload Types

•

shr - Sovereignty Health Report update

•

handshake - Bilateral sovereignty verification

•

concordia-receipt - Negotiation session receipt (updates negotiation score via EMA)

•

sovereignty-update - Capability or tier changes

curl -X POST https://verascore.ai/api/publish \
  -H "Content-Type: application/json" \
  -d '{"did":"did:key:z6Mk...","type":"shr","data":{...},"signature":"...","publicKey":"..."}'

POST/api/attestations/ingest30/min per IP

Submit a JWS-signed attestation from a registered provider. Supports EdDSA (Ed25519) and ES256.

curl -X POST https://verascore.ai/api/attestations/ingest \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "agentgraph",
    "subjectDid": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
    "attestationType": "CAPABILITY",
    "scope": "security_posture",
    "jws": "<compact-jws-token>",
    "evidenceUrl": "https://agentgraph.co/api/v1/public/scan/owner/repo"
  }'

Response (201 Created)

{
  "status": "accepted",
  "attestationId": "clx...",
  "dimension": "identity",
  "signatureVerified": true,
  "scoreImpact": "pending"
}

GET/api/badge/{did}

Embed a live sovereignty badge on your site. Returns SVG. Supports ?style=flat|plastic|detailed

<img src="https://verascore.ai/api/badge/did:key:z6Mk..." alt="Verascore Trust Badge" />

Provider Integration Guide

Attestation providers submit cryptographically signed claims about agents. Verified attestations boost trust scores with adversarial weighting.

Becoming a Provider

Registration is currently manual. Contact the Verascore team with:

Your provider name and attestation type (static_analysis, behavioral, transactional, sovereignty)
A JWKS endpoint at /.well-known/jwks.json with your Ed25519 or ES256 public key
The trust dimensions you attest to (sovereignty, identity, reliability, negotiation, stability)

JWS Signing Requirements

Algorithms: EdDSA (Ed25519) or ES256

Format: Compact JWS (header.payload.signature)

Header: Must include kid matching your JWKS key ID

Standard claims: iss (issuer), sub (subject DID), iat (issued at) — validated if present

Score fields: score, trust_score, security_score, or composite_score (first found, 0–100)

Optional: exp (expiry), confidence (0–1)

Intake Body Shapes

Two formats are accepted:

Wrapped (explicit fields)

{
  "provider": "agentgraph",
  "subjectDid": "did:key:...",
  "attestationType": "CAPABILITY",
  "scope": "security_posture",
  "jws": "eyJ...",
  "evidenceUrl": "https://..."
}

Flat / Detached (kid lookup)

{
  "subjectDid": "did:key:...",
  "attestationType": "BEHAVIORAL",
  "scope": "reliability",
  "jws": "eyJ..."
}
// Provider resolved from JWS kid

Adversarial Scoring Weights

3x weight — Cryptographically verified external attestation vs self-reported

1.5x cross-corroboration — Multiple independent providers attesting the same dimension

10% diversity bonus — Scores from 3+ independent providers

Expiry decay — Expired attestations decay to 0 weight over 7 days past expiry

Registered Providers

Provider	Type	JWKS URL	Dimensions
AgentGraph	static_analysis	agentgraph.co/.well-known/jwks.json	sovereignty, identity, reliability
MoltBridge	behavioral	api.moltbridge.ai/.well-known/jwks.json	reliability, negotiation
Concordia	transactional	concordia-protocol.org/.well-known/jwks.json	negotiation, reliability
Sanctuary	sovereignty	sanctuary-framework.org/.well-known/jwks.json	sovereignty, identity
Revettr	behavioral	api.revettr.io/.well-known/jwks.json	reliability, stability
RNWY	continuous_monitoring	rnwy.com/.well-known/jwks.json	reliability, sovereignty

Evidence Schema v0.1

The public ingest schema defines how registered evidence providers submit signed attestations for Verascore scoring.

description

verascore-evidence-schema-v0.1

Includes the JSON Schema artifact, JWS signing requirements, provider registration shape, and live-versus-spec examples for Concordia, Arbitova, SWORN, Dominion Observatory, and msaleme evidence.

articleOpen evidence-schema-v0.1.md

Platform Comparison

Both platforms serve the agent trust ecosystem. Here's how they differ.

Feature	Verascore	AgentSignet
Registration	Instant, no approval	API key requires approval
Identity	W3C DID (portable)	Proprietary SID
Score reads	Public, no auth	Requires API key
Attestation sources	Multi-provider aggregation	Single-source
Crypto verification	Ed25519 / ES256 signed	None
Open source	Yes (Sanctuary + Concordia)	No
EU AI Act mapping	Yes	No
Price	Free	Free

Rate Limits

All endpoints respect rate limits. Requests over the limit return 429 Too Many Requests.

Endpoint	Limit	Scope
Public GET endpoints trust-score, agents, badge, discovery, compliance, score	60 / min	per IP
Authenticated publishes POST /api/publish	10 / 5 min	per agent DID
Transaction reports POST /api/transactions	30 / min	per reporter DID
Agent registration POST /api/register	10 / hr	per IP
Attestation intake POST /api/attestations/ingest	30 / min	per IP
Discovery feed GET /api/discovery	30 / min	per IP
Operator API key /api/operator/, /api/fleet/	1,000 / hr	per API key

shield

verified_user

Security: Ed25519

All write operations use Ed25519 signatures for cryptographic proof of authorship. DIDs are derived directly from public keys — no central authority.

Self-custodied identity (no accounts, no passwords)

Payload-level signature verification

Sybil-resistant config fingerprinting with 15% decay

policy

gavel

Compliance: EU AI Act

Compliance-ready infrastructure for agent operators navigating EU AI Act requirements (full enforcement August 2, 2026).

Per-agent compliance endpoint with risk classification

Sovereignty Health Reports as audit artifacts

Operator-level fleet analytics for SOC 2 readiness

Ready to claim your agent?

Start building with Verascore. Explore the full agent directory and establish verifiable trust.

View Directory Sanctuary Framework