Endpoints
API reference
All TrustShield integrations should call the configured backend base URL and route through your trusted server. Endpoint examples show expected request structure, response shape, headers, status codes, and implementation samples.
/api/public/analyze/urlURL Trust
Evaluates a URL for phishing, suspicious redirects, domain risk, and trust indicators.
Headers
- Authorization: Bearer <api_key>
- Content-Type: application/json
Status codes
Request body
{
"url": "https://example.com/login"
}Response body
{
"trustScore": 86,
"verdict": "trusted",
"recommendation": "allow",
"riskLevel": "low",
"signals": ["valid_tls", "no_suspicious_redirects"],
"explanation": "No high-risk indicators were detected."
}curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/url \
-H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com/login"}'/api/public/analyze/qrQR Trust
Analyzes QR payloads before users open links, payment intents, or embedded actions.
Headers
- Authorization: Bearer <api_key>
- Content-Type: application/json
Status codes
Request body
{
"qrText": "upi://pay?pa=merchant@example&am=499"
}Response body
{
"trustScore": 71,
"verdict": "review",
"recommendation": "verify_payee",
"decodedType": "payment",
"signals": ["payment_intent_detected", "unknown_payee"]
}curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/qr \
-H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d '{"qrText":"upi://pay?pa=merchant@example&am=499"}'/api/public/analyze/messageMessage Trust
Detects scam intent, urgency patterns, impersonation attempts, and embedded risky links.
Headers
- Authorization: Bearer <api_key>
- Content-Type: application/json
Status codes
Request body
{
"message": "Your KYC expires today. Verify at https://example.com"
}Response body
{
"trustScore": 38,
"verdict": "suspicious",
"recommendation": "do_not_open",
"signals": ["urgency_language", "embedded_link", "brand_impersonation"]
}curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/message \
-H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d '{"message":"Your KYC expires today. Verify at https://example.com"}'/api/public/analyze/paymentPayment Trust
Checks payment intents and suspicious UPI-style flows before users approve a transfer.
Headers
- Authorization: Bearer <api_key>
- Content-Type: application/json
Status codes
Request body
{
"paymentUri": "upi://pay?pa=unknown@example&am=2499"
}Response body
{
"trustScore": 42,
"verdict": "needs_verification",
"recommendation": "confirm_payee",
"signals": ["unknown_payee", "high_value_request"]
}curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/payment \
-H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d '{"paymentUri":"upi://pay?pa=unknown@example&am=2499"}'/api/public/analyze/browserBrowser Trust
Provides browser-session risk context for navigation, credential forms, redirects, and downloads.
Headers
- Authorization: Bearer <api_key>
- Content-Type: application/json
Status codes
Request body
{
"url": "https://example.com/login",
"pageSignals": ["password_form", "brand_keyword"]
}Response body
{
"trustScore": 44,
"verdict": "review",
"recommendation": "warn_before_submit",
"signals": ["password_form_detected", "domain_context_required"]
}curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/url \
-H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com/login"}'/api/public/analyze/apkAPK Trust
Evaluates Android package metadata, permissions, signing context, and known-risk indicators.
Headers
- Authorization: Bearer <api_key>
- Content-Type: multipart/form-data
Status codes
Request body
Form field: file=<application.apk>Response body
{
"trustScore": 68,
"verdict": "review",
"recommendation": "inspect_permissions",
"signals": ["sensitive_permissions_detected"]
}curl $NEXT_PUBLIC_API_BASE_URL/api/public/analyze/apk \
-H "Authorization: Bearer $TRUSTSHIELD_API_KEY" \
-F "file=@application.apk"