In one sentence
Personal use of the Trust Index (extension + website) is free; organisations pay for Spaces; developers and companies pay for API and embedding.
Endpoints
Base URL: your GriGsi server (e.g. https://your-domain.com). No auth required for read and vote; optional X-Api-Key for higher limits.
| Method | Path | Description |
|---|---|---|
| GET | /trust?hash=<hash> | Trust for one hash. Add ?details=1 for tierLabel, trustPercent, etc. |
| GET | /api/trust?hash=<hash> | Same as above. |
| GET / POST | /api/trust/batch | Trust for many hashes (max 50). GET: ?hashes=hash1,hash2; POST: JSON { "hashes": ["..."] }. Optional details=1. |
| POST | /vote-hash or /api/vote-hash | Submit vote: JSON { "hash", "vote": 1|−1, "clientId" }. |
Single trust response (200)
{
"hash": "a1b2c3...1",
"plus1": 120,
"minus1": 5,
"weighted_score": 112.5,
"tier": 2,
"totalVotes": 125
}With ?details=1 you also get: tierLabel, trustPercent, uniqueVisits, countries, spanHours, flagged, flagReason.
Hash format: SHA-256("<type>:<normalized_value>") first 32 hex chars + one digit (1=domain, 2=email, 3=phone, 4=iban, 5=string, 6=info_index). Example: domain:example.com → hash ending in 1. Normalize: domain = lowercase, no www/path; email = lowercase; phone = digits only.
Info Noise Index API
Check claims against trusted sources and save results. Used by the Info Noise Index tool and Spaces. Optional header X-Grigsi-Pro: 1 for Pro (unlimited saves).
| Method | Path | Description |
|---|---|---|
| GET | /api/info-index/search?q=<text> | Search for fact-check sources for a claim. Returns { sources: [...] }. q max 300 chars. |
| POST | /api/info-index/results | Save a Info Noise Index result. JSON: { "claimPreview", "summaryText", "snippets", "clientId" }. Free: 10 saves/day per clientId; Pro: unlimited. Returns { ok, resultId, createdAt }. |
| GET | /api/info-index/result/:id | Get saved result by id: { ok, result, claimVotes, snippetVotes }. |
| POST | /api/info-index/vote-claim | Vote on claim (true/false/unclear). JSON: { "resultId", "vote": 1|−1|0, "clientId" }. Returns { ok, counts: { true, false, unclear } }. |
| POST | /api/info-index/vote-snippet | Vote on a snippet (trust/untrust). JSON: { "resultId", "snippetUrl", "vote": 1|−1, "clientId" }. Returns { ok, byUrl }. |
Example: save result
POST /api/info-index/results
Content-Type: application/json
X-Grigsi-Pro: 1 // optional, for unlimited saves
{ "claimPreview": "Claim text...", "summaryText": "Summary...", "snippets": [{ "url": "...", "title": "..." }], "clientId": "opaque-id" }
→ { "ok": true, "resultId": 42, "createdAt": 1234567890 }Example: get result
GET /api/info-index/result/42
→ { "ok": true, "result": { "id", "claimPreview", "summaryText", "snippets", "createdAt" }, "claimVotes": { "true": 5, "false": 1, "unclear": 0 }, "snippetVotes": { "https://...": { "trust": 3, "untrust": 0 } } }Similarity API
The Similarity engine detects lookalike domains and emails (homograph/typosquat). It is used in the extension to warn when a visited domain or email is similar to one you already trust.
Current use: Logic runs in the extension (client-side). A list of your trusted domains/emails is compared locally with the current URL or email; similarity is computed on normalized labels (skeleton/NFKC) with thresholds (e.g. ≥90% almost identical, 80–89% suspicious).
API: A server-side Similarity API (e.g. GET /api/similarity/domains?domain=example.com or POST /api/similarity/check with a list of hashes) can be offered for embedding in your app — same rate limits as Trust API. Contact us for access or when it becomes available.
Rate limits
| Usage | Limit | Notes |
|---|---|---|
| Free (no key) | Low volume | Per IP and per clientId; avoid high-frequency polling. Cache results on your side. |
| Paid (API key) | Starter: ~5k/mo · Growth: ~50k/mo · Scale: custom | Header X-Api-Key: your-key. Higher limits and SLA. See Plans. |
For production embedding or high traffic, use an API plan or call from your backend (server-to-server) to avoid browser CORS and rate limits.
Trust badge (embed)
Show your domain’s trust score on your site. Add a container and load the script (same origin as the GriGsi server, or use your backend to proxy the request).
1. HTML
<div id="grigsi-trust-badge" data-grigsi-domain="example.com"></div>
<script src="https://YOUR-GRIGSI-DOMAIN/js/trust-badge.js"></script>Use data-grigsi-domain (e.g. example.com) or data-grigsi-base to point to another GriGsi server URL if needed.
2. Demo on this site
Free badge: links to GriGsi. Paid/white-label options: see Plans.
CORS
For cross-origin requests from a browser (e.g. your site on another domain), the server may need to allow your origin. Alternatively, call the API from your backend and serve the result to your frontend — no CORS needed.