Open data & API

HasTrust publishes its scam-domain blocklist and per-domain trust verdicts as open data. Free for research, blocklists, security tooling and journalism — attribution required (CC BY 4.0, see below).

Scam-domain blocklist

Every domain our assessments currently rate Avoid — the highest-confidence slice of the corpus. Updated continuously as new checks run; responses are cached for 5 minutes. CORS is enabled, so you can call it straight from a browser or extension.

GET https://hastrust.com/api/blocklist{ "domains": ["example-scam.shop", "…"] }

Plain JSON, one flat array — trivial to convert to hosts/adblock format.

Trust lookup — single domain

The extension's own endpoint. Returns the cached verdict when we have one (trust score 0–100, label, assessment URL); otherwise an instant domain-age signal plus a link that runs the full check.

GET https://hastrust.com/api/quick?domain=example.comcurl -s 'https://hastrust.com/api/quick?domain=temu.com'

License & attribution

All data is licensed CC BY 4.0. Use it in any project, commercial or not — credit “HasTrust” with a link to hastrust.com where the data is shown or documented.

Fair use

Cache responses for at least 5 minutes and fetch server-side for anything high-volume — don't proxy every visitor through the API. Need bulk access, historical snapshots or a different format? Get in touch — we're happy to help researchers.

How verdicts are made

Methodology, signal weights and the fairness floor for new shops are documented on How we score. Assessments are refreshed continuously; the newest ones are in the RSS feed.