TrustShield

Developer documentation

REST APIs

Typed JSON and multipart contracts for TrustShield analysis modules.

Endpoints

API reference

All TrustShield integrations should call the configured backend base URL and route through your trusted server. Endpoint examples show expected request structure, response shape, headers, status codes, and implementation samples.

POST/api/public/analyze/url

URL Trust

Evaluates a URL for phishing, suspicious redirects, domain risk, and trust indicators.

Headers

  • Authorization: Bearer <api_key>
  • Content-Type: application/json

Status codes

200 OK400 Validation error401 Unauthorized429 Rate limited500 Service error

Request body

{
  "url": "https://example.com/login"
}

Response body

{
  "trustScore": 86,
  "verdict": "trusted",
  "recommendation": "allow",
  "riskLevel": "low",
  "signals": ["valid_tls", "no_suspicious_redirects"],
  "explanation": "No high-risk indicators were detected."
}
curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/url \
  -H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com/login"}'
POST/api/public/analyze/qr

QR Trust

Analyzes QR payloads before users open links, payment intents, or embedded actions.

Headers

  • Authorization: Bearer <api_key>
  • Content-Type: application/json

Status codes

200 OK400 Validation error401 Unauthorized429 Rate limited500 Service error

Request body

{
  "qrText": "upi://pay?pa=merchant@example&am=499"
}

Response body

{
  "trustScore": 71,
  "verdict": "review",
  "recommendation": "verify_payee",
  "decodedType": "payment",
  "signals": ["payment_intent_detected", "unknown_payee"]
}
curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/qr \
  -H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"qrText":"upi://pay?pa=merchant@example&am=499"}'
POST/api/public/analyze/message

Message Trust

Detects scam intent, urgency patterns, impersonation attempts, and embedded risky links.

Headers

  • Authorization: Bearer <api_key>
  • Content-Type: application/json

Status codes

200 OK400 Validation error401 Unauthorized429 Rate limited500 Service error

Request body

{
  "message": "Your KYC expires today. Verify at https://example.com"
}

Response body

{
  "trustScore": 38,
  "verdict": "suspicious",
  "recommendation": "do_not_open",
  "signals": ["urgency_language", "embedded_link", "brand_impersonation"]
}
curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/message \
  -H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"message":"Your KYC expires today. Verify at https://example.com"}'
POST/api/public/analyze/payment

Payment Trust

Checks payment intents and suspicious UPI-style flows before users approve a transfer.

Headers

  • Authorization: Bearer <api_key>
  • Content-Type: application/json

Status codes

200 OK400 Validation error401 Unauthorized429 Rate limited500 Service error

Request body

{
  "paymentUri": "upi://pay?pa=unknown@example&am=2499"
}

Response body

{
  "trustScore": 42,
  "verdict": "needs_verification",
  "recommendation": "confirm_payee",
  "signals": ["unknown_payee", "high_value_request"]
}
curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/payment \
  -H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"paymentUri":"upi://pay?pa=unknown@example&am=2499"}'
POST/api/public/analyze/browser

Browser Trust

Provides browser-session risk context for navigation, credential forms, redirects, and downloads.

Headers

  • Authorization: Bearer <api_key>
  • Content-Type: application/json

Status codes

200 OK400 Validation error401 Unauthorized429 Rate limited500 Service error

Request body

{
  "url": "https://example.com/login",
  "pageSignals": ["password_form", "brand_keyword"]
}

Response body

{
  "trustScore": 44,
  "verdict": "review",
  "recommendation": "warn_before_submit",
  "signals": ["password_form_detected", "domain_context_required"]
}
curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/url \
  -H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com/login"}'
POST/api/public/analyze/apk

APK Trust

Evaluates Android package metadata, permissions, signing context, and known-risk indicators.

Headers

  • Authorization: Bearer <api_key>
  • Content-Type: multipart/form-data

Status codes

200 OK400 Validation error401 Unauthorized413 Payload too large429 Rate limited

Request body

Form field: file=<application.apk>

Response body

{
  "trustScore": 68,
  "verdict": "review",
  "recommendation": "inspect_permissions",
  "signals": ["sensitive_permissions_detected"]
}
curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/apk \
  -H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
  -F "file=@application.apk"