Skip to main content

REST API Reference

6.1 API Overview

OTR provides a free REST API that allows anyone to query a domain’s trust score. This API is the core interface of the OTR protocol — AI agents and developers use it to retrieve trust data for any merchant. Base URL: https://orbexa.io/api/otr/verify/:domain Key features:
  • Free to use, no API key required
  • Returns complete six-dimension scores with signal details
  • All data is derived from publicly verifiable sources
  • JSON response format

6.2 Verification Endpoint

GET /api/otr/verify/:domain

Query the OTR trust score for a specified domain. Request example: 
curl https://orbexa.io/api/otr/verify/example.com
Path parameters:
ParameterTypeRequiredDescription
domainstringYesThe domain to query (without protocol prefix)

Response Structure

The response is a JSON object containing the following top-level fields: 
{
  "domain": "example.com",
  "name": "Example Store",
  "trust_score": 75,
  "badge": "SILVER",
  "industry": "E-Commerce",
  "dimensions": {
    "V": { "score": 82, "signals": [...] },
    "S": { "score": 68, "signals": [...] },
    "G": { "score": 70, "signals": [...] },
    "T": { "score": 65, "signals": [...] },
    "D": { "score": 72, "signals": [...] },
    "F": { "score": null, "status": "cold_mode" }
  },
  "entity_data": {
    "gleif": { ... },
    "wikidata": { ... },
    "stock": { ... }
  },
  "agent_commerce": {
    "llms_txt": true,
    "agent_json": false,
    "schema_org_product": true,
    "sitemap": true
  },
  "scanned_at": "2026-04-10T12:00:00Z",
  "otr_id": "OTR-xxxx"
}

Response Field Reference

FieldTypeDescription
domainstringThe queried domain
namestringMerchant name (brand name takes priority)
trust_scorenumberComposite trust score from 0 to 100
badgestringPLATINUM / GOLD / SILVER / BRONZE / UNRATED
industrystringIndustry classification
dimensionsobjectScores and signal details for all six dimensions
entity_dataobjectThird-party verified entity information
agent_commerceobjectAI agent commerce capability declarations
scanned_atstringTimestamp of the most recent scan (ISO 8601)
otr_idstringUnique OTR identifier

Dimension Signal Structure

Each dimension contains a signals array with all signals for that dimension: 
{
  "signal_name": "dnssec",
  "status": "detected",
  "value": true,
  "evidence": "DNSSEC is enabled with RRSIG records",
  "source_url": "dns://example.com"
}
FieldTypeDescription
signal_namestringSignal identifier
statusstringdetected / not_found / not_scanned / fetch_failed
valueanySignal value (boolean, string, or number)
evidencestringHuman-readable evidence description
source_urlstringVerifiable data source link

6.3 Well-Known Endpoint

OTR also provides a standard .well-known endpoint that conforms to the Web service discovery specification:

GET /.well-known/otr/verify/:domain

Returns the same data structure as the primary API, following the .well-known URI specification (RFC 8615). 
curl https://orbexa.io/.well-known/otr/verify/example.com

6.4 Rate Limiting

The API has basic rate-limiting protections:
ScenarioLimit
Normal requestsFair use, no hard limit
Batch queriesRecommended 1-second interval
Abusive requestsTemporarily blocked

6.5 Integration Examples

JavaScript / Node.js

async function checkTrust(domain) {
  const response = await fetch(
    `https://orbexa.io/api/otr/verify/${encodeURIComponent(domain)}`
  );
  const data = await response.json();

  console.log(`Domain: ${data.domain}`);
  console.log(`Trust Score: ${data.trust_score}`);
  console.log(`Badge: ${data.badge}`);
  console.log(`V Dimension: ${data.dimensions.V.score}`);
  console.log(`S Dimension: ${data.dimensions.S.score}`);

  return data;
}

// Usage
checkTrust('example.com');

Python

import requests

def check_trust(domain: str) -> dict:
    url = f"https://orbexa.io/api/otr/verify/{domain}"
    response = requests.get(url)
    data = response.json()

    print(f"Domain: {data['domain']}")
    print(f"Trust Score: {data['trust_score']}")
    print(f"Badge: {data['badge']}")

    return data

# Usage
check_trust("example.com")

cURL

# Query and pretty-print the output
curl -s https://orbexa.io/api/otr/verify/example.com | jq .

# Extract only the trust score and badge
curl -s https://orbexa.io/api/otr/verify/example.com | jq '.trust_score, .badge'

6.6 Querying with AI Agents

You can ask AI assistants such as ChatGPT or Claude to query and analyze trust scores on your behalf. Example prompt: 
Please query the OTR trust score for example.com.
Access https://orbexa.io/api/otr/verify/example.com,
then analyze each dimension's score, tell me which areas
need the most improvement, and provide specific action steps.
The AI agent will automatically call the API, parse the results, and deliver personalized optimization recommendations. This is what “bring your own AI” means — you do not need to install any ORBEXA product, just an internet-connected AI assistant.

6.7 Self-Hosted Trust Assessment

If you want to build your own trust assessment system (for example, to evaluate only your own supply chain), the core logic of the OTR protocol is open-source:
  • OTR Protocol Specification: github.com/yb48666-ctrl/OTR-Protocol-by-orbexa
  • All data sources are public: GLEIF, Wikidata, Finnhub, SEC EDGAR, DNS records, SSL certificates, and more
  • You can customize weights and signals to fit your requirements
ORBEXA provides a production-ready implementation, but the protocol itself is open. Anyone can build their own trust assessment system based on the same principles.
Next chapter: MCP Server — Trust Query Tool — Enable AI agents to invoke OTR trust queries directly via the MCP protocol