Free API

Trust Center API

Q: What are the rate limits?

The API is served as a static JSON file from a global CDN with no rate limits. For best performance, cache the response in your application.

Access 1,463+ company trust centers, security pages, and compliance documentation. No API key required.

Get Started View on GitHub

How It Works

Fetch the Data

Make a GET request to our JSON endpoint. No authentication needed.

https://trustlists.org/api/trust-centers.json

Use the Data

Each entry includes company name, website, trust center URL, and platform.

Add Attribution

Include a visible dofollow link to TrustLists in your footer or about page.

API Response

The API returns a JSON object with a data array containing all trust centers:

{
  "data": [
    {
      "name": "Stripe",
      "website": "https://stripe.com/",
      "trustCenter": "https://stripe.com/docs/security",
      "platform": "Self-hosted",
      "iconUrl": "https://...",
      "certifications": ["SOC 2 Type II", "ISO 27001", "PCI DSS Level 1"],
      "lastUpdated": "2026-04-27"
    },
    // ... 1,462 more entries
  ]
}

Code Examples

const TRUSTLISTS_API = 'https://trustlists.org/api/trust-centers.json';

async function getTrustCenters() {
  const res = await fetch(TRUSTLISTS_API);
  const { data } = await res.json();
  return data;
}

// Find a company's trust center
async function findTrustCenter(companyName) {
  const centers = await getTrustCenters();
  return centers.find(c => 
    c.name.toLowerCase() === companyName.toLowerCase()
  );
}

// Usage
const stripe = await findTrustCenter('Stripe');
console.log(stripe.trustCenter); // https://stripe.com/docs/security

// Attribution: place this in your footer
// <a href="https://trustlists.org">Data by TrustLists</a>

All code examples include an attribution link to TrustLists. A visible dofollow attribution link is required — see attribution requirements below.

Data Fields

Field	Type	Description
`name`	string	Company name
`website`	string	Company website URL
`trustCenter`	string	Trust center or security page URL
`platform`	string	Trust center platform (Vanta, SafeBase, Drata, etc.)
`iconUrl`	string	Company logo/favicon URL
`certifications`	string[]	Security certifications (SOC 2, ISO 27001, etc.) — optional
`lastUpdated`	string	Last verification date (YYYY-MM-DD) — optional
`csaStar`	object	CSA STAR Registry data (level, url) — optional

Technical Details

API Endpoint	`https://trustlists.org/api/trust-centers.json`
Stats Endpoint	`https://trustlists.org/api/stats.json`
Response Format	JSON (`application/json`)
CORS	Fully enabled (`Access-Control-Allow-Origin: *`)
Cache-Control	CDN-managed, typically 1 hour
Rate Limit	None — static file served from global CDN
Authentication	None required — no API key, no signup
License	Apache 2.0
Attribution	Visible dofollow link required — see below

Attribution Required

TrustLists is free to use. In return, we ask for a visible dofollow link on every page or application that uses our data.

Copy this snippet into your footer

One line of HTML is all it takes. Place it in your footer, sidebar, or about page.

<a href="https://trustlists.org">Data by TrustLists</a>

Requirements

Standard <a> hyperlink — visible to users, not hidden via CSS
Dofollow link — no rel="nofollow", rel="sponsored", or rel="ugc"
Placed in a visible area: footer, sidebar, or about/credits page
Readable anchor text such as "Data by TrustLists" or "Powered by TrustLists"

Non-compliant domains may be blocked without notice. See our Terms of Use for full details.

Frequently Asked Questions

Is an API key required?

No. The TrustLists API is completely free and requires no API key, no signup, and no registration. Simply fetch the JSON endpoint directly in your application.

What are the rate limits?

There are no rate limits. The API is served as a static JSON file from a global CDN (Vercel Edge Network). For best performance, cache the response in your application — the data updates approximately weekly.

Can I use this in commercial projects?

Yes. TrustLists data is free for both personal and commercial use under the Apache 2.0 license. We require a visible dofollow attribution link back to trustlists.org on every page or application that uses the data.

How often is the data updated?

The directory is updated continuously as new trust centers are discovered and submitted. Certification data is refreshed on a bi-weekly schedule. Each entry includes a lastUpdated field when available.

Can I self-host or cache the data?

Yes. You may cache or proxy the data on your own servers for performance. A visible dofollow attribution link to TrustLists is still required when displaying cached data.

Is there a GitHub repository?

Yes. The raw data is available at github.com/trustlists/trustlists-data. You can clone it, submit issues, or contribute new trust centers via pull requests.

What if I find incorrect data?

Please open an issue on GitHub or email us. We verify all submissions and corrections promptly.

Ready to get started?

Start building with the TrustLists API today — no signup required.

View API Response Clone from GitHub