VeriBureau API
Two APIs: Dashboard API (v1) for business dashboard — tokens, reviews, disputes. Data API (v2) for developers — company profile, sanctions, trust score, search.
All responses are JSON. v1: cookie session or X-VB-API-Key. v2: Authorization: Bearer vb_api_....
Dashboard API (v1) — Public Endpoints
Base: https://veribureau.net/api/v1
/healthService health and version check.
curl https://veribureau.net/health
{
"status": "ok",
"service": "VeriBureau API",
"version": "1.0",
"principles": {
"one": "No proof — no review",
"two": "Weight = f(history)",
"three": "Every event is immutable"
}
}/statsPlatform-wide statistics. Cached for 5 minutes. Returns live counts.
curl https://veribureau.net/api/v1/stats
# Response (example; actual values are live):
{"businesses": 2500, "reviews": 150, "countries": 49, "industries": 25}/businesses/:slugPublic business profile including Trust Score, trend, review count.
curl https://veribureau.net/api/v1/businesses/your-business
{
"id": "b19a3114-...",
"name": "Your Business",
"slug": "your-business",
"industry": "TELECOM",
"country": "UA",
"city": "Odesa",
"cbs": 72.5,
"trend": "UP",
"reviewCount": 15,
"responseRate": 80,
"certificationStatus": "NONE",
"createdAt": "2025-12-01T..."
}/businesses/:slug/badgeDynamic SVG trust badge. Embed on your website.
Query parameters:
size — micro | standard (default) | detailed | banner
theme — light (default) | dark
# Standard badge
<img src="https://veribureau.net/api/v1/businesses/your-business/badge" height="56" />
# Micro badge, dark theme
<img src="https://veribureau.net/api/v1/businesses/your-business/badge?size=micro&theme=dark" height="32" />
# Detailed badge with review count
<img src="https://veribureau.net/api/v1/businesses/your-business/badge?size=detailed" height="72" />/reviews/business/:slugAll published reviews for a business, newest first.
curl https://veribureau.net/api/v1/reviews/business/your-business
{
"business": {"name": "Your Business", "cbs": 72.5},
"reviews": [
{
"id": "r1a2b3c4-...",
"overallScore": 85,
"text": "Excellent service, fast delivery.",
"weight": 0.354,
"industryScores": {"Delivery Speed": 90, "Support": 80},
"response": {
"text": "Thank you for your feedback!",
"createdAt": "2026-01-15T..."
},
"createdAt": "2026-01-14T..."
}
]
}/tokens/:token/verifyCheck if a Proof Token is valid and unused.
curl https://veribureau.net/api/v1/tokens/VB-M5X2K-A8B3CD/verify
# Valid token:
{"valid": true, "business": {"name": "...", "industry": "IT"}}
# Used token:
{"valid": false, "reason": "Token already used"}
# Expired token:
{"valid": false, "reason": "Token expired"}
# Not found:
{"valid": false, "reason": "Token not found"}/tokens/:token/qrQR code for review link (SVG). Also available as PNG at /qr.png
# SVG (scalable)
<img src="https://veribureau.net/api/v1/tokens/VB-M5X2K-A8B3CD/qr" width="200" />
# PNG (raster)
<img src="https://veribureau.net/api/v1/tokens/VB-M5X2K-A8B3CD/qr.png" width="200" />/audit/verifyVerify cryptographic audit chain integrity. Save the rootHash — if it changes retroactively, the chain was tampered with.
curl https://veribureau.net/api/v1/audit/verify
{
"rootHash": "8b8c530b3ef2cf4f...",
"totalRecords": 84,
"lastId": 84,
"valid": true,
"timestamp": "2026-03-...",
"instruction": "Save this hash. If it ever changes retroactively, the chain has been tampered with."
}Authenticated Endpoints
Include your API key in the X-VB-API-Key header.
/businesses/registerAUTHRegister a new business. Sends a 6-digit verification code to email.
curl -X POST https://veribureau.net/api/v1/businesses/register \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Corp",
"slug": "acme-corp",
"industry": "IT",
"country": "US",
"email": "admin@acme.com",
"city": "New York",
"website": "https://acme.com"
}'
# Response:
{"pending": true, "message": "Verification code sent to your email"}
# Then verify:
curl -X POST https://veribureau.net/api/v1/businesses/verify-registration \
-H "Content-Type: application/json" \
-d '{"email": "admin@acme.com", "code": "123456"}'
# Response:
{
"id": "...",
"name": "Acme Corp",
"slug": "acme-corp",
"apiKey": "vb_live_...",
"message": "Save your API key. It will not be shown again."
}Required fields: name, slug, industry, country, email. Optional: city, website, description. Valid industries: see protocol page.
/businesses/authAUTHAuthenticate with API key. Returns business profile and token stats.
curl -X POST https://veribureau.net/api/v1/businesses/auth \
-H "X-VB-API-Key: vb_live_your_key_here"
{
"id": "...",
"name": "Acme Corp",
"slug": "acme-corp",
"industry": "IT",
"cbs": 72.5,
"trend": "UP",
"reviewCount": 15,
"stats": {
"tokens": {"total": 45, "active": 12, "used": 28, "expired": 5}
}
}/businesses/profileAUTHUpdate business description, website, or city.
curl -X PUT https://veribureau.net/api/v1/businesses/profile \
-H "Content-Type: application/json" \
-H "X-VB-API-Key: vb_live_your_key_here" \
-d '{"description": "We build fiber networks.", "website": "https://acme.com"}'
{"updated": true}/tokens/generateAUTHGenerate one or more Proof Tokens.
curl -X POST https://veribureau.net/api/v1/tokens/generate \
-H "Content-Type: application/json" \
-H "X-VB-API-Key: vb_live_your_key_here" \
-d '{"count": 5, "source": "API"}'
{
"tokens": ["VB-M5X2K-A8B3CD", "VB-N7Y3L-B9C4DE", ...],
"reviewUrls": ["https://veribureau.com/review?token=VB-M5X2K-A8B3CD", ...]
}count: 1-100 (default 1). source: “API” | “DASHBOARD”.
/tokens/sendAUTHGenerate token + send branded review invitation email to customer.
curl -X POST https://veribureau.net/api/v1/tokens/send \
-H "Content-Type: application/json" \
-H "X-VB-API-Key: vb_live_your_key_here" \
-d '{
"customerEmail": "john@example.com",
"customerName": "John",
"orderRef": "ORD-2026-001"
}'
{
"tokenId": "VB-M5X2K-A8B3CD",
"sent": true,
"reviewUrl": "https://veribureau.com/review?token=VB-M5X2K-A8B3CD"
}Required: customerEmail. Optional: customerName, orderRef.
/tokens/listAUTHList all tokens for your business with status and metadata.
curl https://veribureau.net/api/v1/tokens/list \
-H "X-VB-API-Key: vb_live_your_key_here"
{
"tokens": [
{
"token": "VB-M5X2K-A8B3CD",
"status": "ACTIVE",
"source": "EMAIL",
"expiresAt": "2026-06-01T...",
"createdAt": "2026-03-02T..."
}
]
}/reviews/:reviewId/respondAUTHRespond to a customer review. One response per review.
curl -X POST https://veribureau.net/api/v1/reviews/r1a2b3c4-.../respond \
-H "Content-Type: application/json" \
-H "X-VB-API-Key: vb_live_your_key_here" \
-d '{"text": "Thank you for your feedback. We are glad you had a great experience."}'
{"response": {"id": "...", "text": "...", "createdAt": "..."}}/disputesAUTHFile a dispute against a review you believe violates guidelines.
curl -X POST https://veribureau.net/api/v1/disputes \
-H "Content-Type: application/json" \
-H "X-VB-API-Key: vb_live_your_key_here" \
-d '{
"reviewId": "r1a2b3c4-...",
"reason": "FACTUAL_ERROR",
"details": "The reviewer claims we delivered late, but tracking shows on-time delivery."
}'
{"dispute": {"id": "...", "status": "OPEN", "createdAt": "..."}}Valid reasons: FACTUAL_ERROR, NOT_A_CUSTOMER, HARASSMENT, SPAM, OTHER.
/apikey/rotateAUTHRotate your API key. The old key becomes invalid immediately.
curl -X POST https://veribureau.net/api/v1/apikey/rotate \
-H "X-VB-API-Key: vb_live_your_current_key"
{
"apiKey": "vb_live_new_key_here...",
"message": "Save your new API key. The old key is now invalid."
}/verify/domain/startAUTHStart DNS domain verification. Generates a unique TXT record value for your domain.
curl -X POST https://veribureau.net/api/v1/verify/domain/start \
-H "X-VB-API-Key: vb_live_your_key_here"
{
"domain": "yourdomain.com",
"records": {
"required": {
"type": "TXT",
"name": "yourdomain.com",
"value": "veribureau-verify=b19a3114-a1b2c3d4e5f6g7h8",
"purpose": "Domain ownership verification (required)"
},
"optional": [
{
"type": "TXT",
"name": "_veribureau.yourdomain.com",
"value": "v=vb1; id=your-business; status=verified",
"purpose": "Protocol declaration — like DMARC for trust",
"badge": "PROTOCOL_DECLARED"
},
{
"type": "TXT",
"name": "yourdomain.com",
"value": "veribureau-profile=https://veribureau.com/biz/your-business",
"purpose": "Public link to your verified profile",
"badge": "PROFILE_PUBLISHED"
}
]
}
}Requires website to be set via PUT /businesses/profile first. Optional records increase your certification level.
/verify/domain/checkAUTHVerify DNS records. Checks ownership, protocol declaration, and profile link.
curl -X POST https://veribureau.net/api/v1/verify/domain/check \
-H "X-VB-API-Key: vb_live_your_key_here"
{
"domain": "yourdomain.com",
"verified": true,
"certificationStatus": "CERTIFIED",
"badges": ["DOMAIN_VERIFIED", "PROTOCOL_DECLARED", "PROFILE_PUBLISHED", "FULLY_CERTIFIED"],
"checks": {
"domainOwnership": {"status": "PASS"},
"protocolDeclaration": {"status": "PASS", "voluntary": true},
"profileLink": {"status": "PASS", "voluntary": true}
},
"logoUrl": "https://www.google.com/s2/favicons?domain=yourdomain.com&sz=128"
}/verify/domain/statusAUTHCurrent domain verification status and DNS records to add.
curl https://veribureau.net/api/v1/verify/domain/status \
-H "X-VB-API-Key: vb_live_your_key_here"
{
"domain": "yourdomain.com",
"domainVerified": true,
"domainVerifiedAt": "2026-03-02T...",
"certificationStatus": "DOMAIN_VERIFIED",
"badges": ["DOMAIN_VERIFIED"],
"logoUrl": "..."
}/verify/domain/lookup/:domainPublic endpoint. Check if any domain has VeriBureau DNS records.
curl https://veribureau.net/api/v1/verify/domain/lookup/example.com
# Domain with VeriBureau:
{
"domain": "example.com",
"hasVeriBureau": true,
"protocolVersion": "vb1",
"slug": "example-corp",
"business": {"name": "Example Corp", "cbs": 72.5, "certificationStatus": "CERTIFIED"}
}
# Domain without VeriBureau:
{
"domain": "random-site.com",
"hasVeriBureau": false,
"protocolVersion": null,
"slug": null,
"business": null
}Error Handling
All errors return JSON with an error field.
# Example error response:
{"error": "Invalid or expired verification code"}
# Rate limit exceeded:
{"error": "Too many requests", "retryAfter": 42}Authentication
Your API key authenticates all non-public requests. Include it in the X-VB-API-Key header.
API keys begin with vb_live_ and are 52 characters long. They are hashed with SHA-256 before storage — VeriBureau never stores your raw API key.
If your key is compromised, rotate it immediately via POST /apikey/rotate. The old key is invalidated instantly. If you lose your key entirely, recover it via email at /dashboard (Recover tab).
Rate Limits
Each endpoint has its own rate limit based on expected usage patterns. Rate limit headers are included in every response:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
Retry-After: 42 # only when 429If you receive a 429 response, wait for the number of seconds indicated in Retry-After before retrying.
Data API (v2)
For developers and compliance. Base: https://veribureau.net/api/v2. Auth: Authorization: Bearer vb_api_.... Generate keys in Dashboard → API Keys. Free tier: 500 calls/month.
/company/:identifierFull company profile. Identifier = slug. Returns claimed business or discovered company (name, industry, country, cbs, trend, reviewCount, etc.).
curl -s -H "Authorization: Bearer vb_api_xxx" "https://veribureau.net/api/v2/company/apple"
# Response: JSON object with business, claimed, openReviews, communityScore, reviewCount/company/:identifier/sanctionsPer-source sanctions status (OFAC, EU, UN, RNBO). Informational only; not legal advice.
curl -s -H "Authorization: Bearer vb_api_xxx" "https://veribureau.net/api/v2/company/apple/sanctions"/company/:identifier/trust-scoreTrust score (CBS), trend, review count. Claimed businesses only.
curl -s -H "Authorization: Bearer vb_api_xxx" "https://veribureau.net/api/v2/company/apple/trust-score"/company/:identifier/reviewsPaginated published reviews. Query: page, limit (default 20, max 100).
curl -s -H "Authorization: Bearer vb_api_xxx" "https://veribureau.net/api/v2/company/apple/reviews?page=1&limit=10"/searchSearch companies. Query: q (min 2 chars), industry, country, limit (default 20, max 50).
curl -s -H "Authorization: Bearer vb_api_xxx" "https://veribureau.net/api/v2/search?q=tech&country=US&limit=20"Errors: 401 (invalid/missing token), 429 (monthly limit exceeded), 404 (not found).