VERITAS API docs

Every claim has a stable 16-hex-char id, 2+ primary sources, an HMAC-SHA256 signature, and a JSON envelope at /api/v1/claims/<id>.json. No auth needed for v0 read endpoints.

# Browse the full catalog
curl https://sourcescore.org/api/v1/claims.json | jq '.count, .claims[0]'

# Fetch a specific claim (e.g. GPT-4 release date)
curl https://sourcescore.org/api/v1/claims/09eea8fb1a8ccebf.json

# Search for claims about a topic
curl "https://sourcescore.org/api/v1/search?q=llama&limit=5"

# Verify a natural-language claim
curl -X POST https://sourcescore.org/api/v1/verify \
  -H 'Content-Type: application/json' \
  -d '{"claim": "Llama 3.1 was released in July 2024"}'

// Browse catalog
const catalog = await fetch('https://sourcescore.org/api/v1/claims.json')
  .then(r => r.json());
console.log(`${catalog.count} verified claims`);

// Fetch by id
const claim = await fetch(
  'https://sourcescore.org/api/v1/claims/09eea8fb1a8ccebf.json'
).then(r => r.json());
console.log(claim.citedAs);

// Verify a natural-language claim
const verification = await fetch(
  'https://sourcescore.org/api/v1/verify',
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      claim: 'Llama 3.1 was released in July 2024',
    }),
  },
).then(r => r.json());

if (verification.bestMatch) {
  console.log('Verified:', verification.bestMatch.statement);
} else {
  console.log('Not verified by SourceScore.');
}

import requests

# Browse catalog
catalog = requests.get(
    'https://sourcescore.org/api/v1/claims.json'
).json()
print(f'{catalog["count"]} verified claims')

# Fetch by id
claim = requests.get(
    'https://sourcescore.org/api/v1/claims/09eea8fb1a8ccebf.json'
).json()
print(claim['citedAs'])

# Verify a natural-language claim
verification = requests.post(
    'https://sourcescore.org/api/v1/verify',
    json={'claim': 'Llama 3.1 was released in July 2024'},
).json()

if verification.get('bestMatch'):
    print('Verified:', verification['bestMatch']['statement'])
else:
    print('Not verified by SourceScore.')

Full list of every verified claim (light per-claim summary).

{
  "apiVersion": "v1",
  "methodology": "https://sourcescore.org/methodology/",
  "generated": "2026-05-16T11:07:02.574Z",
  "count": 26,
  "claims": [
    {
      "id": "ad17e76a8baad7a1",
      "vertical": "ai-ml",
      "subject": "Transformer architecture",
      "predicate": "introduced_in_paper",
      "object": "Attention Is All You Need (Vaswani et al., 2017)",
      "statement": "Transformer architecture introduced in paper: Attention Is All You Need (Vaswani et al., 2017).",
      "confidence": 1,
      "signatureShort": "3e28e071",
      "detailUrl": "https://sourcescore.org/api/v1/claims/ad17e76a8baad7a1.json"
    }
  ]
}

Full claim record with sources, excerpts, HMAC signature, and ready-to-paste citation. The signature attests the envelope came from SourceScore and wasn’t tampered in transit.

{
  "apiVersion": "v1",
  "methodology": "https://sourcescore.org/methodology/",
  "canonical": "https://sourcescore.org/claims/09eea8fb1a8ccebf/",
  "claim": {
    "vertical": "ai-ml",
    "subject": "GPT-4",
    "predicate": "released_on",
    "object": "2023-03-14",
    "statement": "GPT-4 released on: 2023-03-14.",
    "confidence": 1,
    "sources": [
      {
        "url": "https://openai.com/index/gpt-4-research/",
        "title": "GPT-4",
        "publisher": "OpenAI",
        "publishedDate": "2023-03-14",
        "accessedDate": "2026-05-16",
        "type": "official-blog",
        "excerpt": "We've created GPT-4, the latest milestone..."
      }
    ],
    "publishedAt": "2026-05-16T00:00:00Z",
    "lastVerified": "2026-05-16",
    "methodologyVersion": "veritas-v0.1",
    "tags": ["gpt-4", "openai", "release", "2023"],
    "id": "09eea8fb1a8ccebf"
  },
  "signature": {
    "algorithm": "HMAC-SHA256",
    "signedBy": "did:web:sourcescore.org",
    "signedAt": "2026-05-16T00:00:00.000Z",
    "signature": "fa4e121cda0e5dfd24b70fbf3ebaab85f65b116141c2a15335a9297f2328b729"
  },
  "citedAs": "GPT-4 released on: 2023-03-14. — SourceScore Claim 09eea8fb1a8ccebf (verified 2026-05-16, signed fa4e121c…). https://sourcescore.org/claims/09eea8fb1a8ccebf/"
}

Query parameter q (2-500 chars), optional limit (default 20, max 50). v0 uses keyword-overlap scoring across subject / object / statement / predicate / tags. Semantic similarity via embeddings ships Day 30+.

curl "https://sourcescore.org/api/v1/search?q=llama&limit=3"

{
  "apiVersion": "v1",
  "methodology": "https://sourcescore.org/methodology/",
  "query": "llama",
  "count": 3,
  "results": [
    {
      "id": "c1a2b3d4e5f6a7b8",
      "subject": "Llama 3.1",
      "predicate": "released_on",
      "object": "2024-07-23",
      "statement": "Llama 3.1 released on: 2024-07-23.",
      "confidence": 1,
      "signatureShort": "5b27aa11",
      "detailUrl": "https://sourcescore.org/api/v1/claims/c1a2b3d4e5f6a7b8.json"
    }
  ]
}

Submit a claim in plain English; receive the best matching catalog record or notVerified: true. Threshold is configurable via minConfidence (default 0.85). Response is HMAC-signed when the edge has access to the signing secret — your client can prove you got the same answer SourceScore signed.

POST /api/v1/verify
Content-Type: application/json

{
  "claim": "Llama 3.1 was released in July 2024",
  "vertical": "ai-ml",
  "minConfidence": 0.85
}

{
  "apiVersion": "v1",
  "methodology": "https://sourcescore.org/methodology/",
  "query": "Llama 3.1 was released in July 2024",
  "matches": [
    {
      "claim": {
        "id": "c1a2b3d4e5f6a7b8",
        "subject": "Llama 3.1",
        "predicate": "released_on",
        "object": "2024-07-23",
        "statement": "Llama 3.1 released on: 2024-07-23.",
        "confidence": 1,
        "signatureShort": "5b27aa11",
        "detailUrl": "https://sourcescore.org/api/v1/claims/c1a2b3d4e5f6a7b8.json"
      },
      "matchScore": 0.42,
      "rationale": "Keyword overlap on: llama, released, 2024."
    }
  ],
  "bestMatch": { "id": "c1a2b3d4e5f6a7b8", ... },
  "signature": {
    "algorithm": "HMAC-SHA256",
    "signedBy": "did:web:sourcescore.org",
    "signedAt": "2026-05-16T13:42:11.000Z",
    "signature": "..."
  }
}

{
  "apiVersion": "v1",
  "methodology": "https://sourcescore.org/methodology/",
  "query": "GPT-5 reaches AGI in 2025",
  "matches": [],
  "notVerified": true,
  "signature": { "algorithm": "HMAC-SHA256", ... }
}

Returns the verification methodology (signing model, source-type rules, confidence calibration), pricing tier table, and endpoint index. Single canonical source of truth — referenced by /pricing/ + Stripe Products metadata + this docs page.

v0 — no authentication. All read endpoints (catalog, per-claim, search, verify) are public and rate-limited only by Cloudflare network-level DDoS protection. CORS is permissive (Access-Control-Allow-Origin: *); browser, server, and LLM-agent callers all work.

Day 8+ — API keys + per-tier rate limits. When authentication is required, send your key as a Bearer token:

curl https://sourcescore.org/api/v1/claims/ad17e76a8baad7a1.json \
  -H 'Authorization: Bearer sk_live_...'

API keys are issued at signup, scoped to a single Stripe Customer. Free-tier users can rotate keys via the dashboard; paid tiers can issue multiple keys per tier (see pricing).

v0: Cloudflare DDoS protection caps ~1,000 req/min per IP. No explicit per-key limits yet.

Day 8+ (per-tier, per-key):

• free: 1,000 claims/mo included, overage €0.0000/claim, 99% uptime SLA.
• indie: 50,000 claims/mo included, overage €0.0010/claim, 99.5% uptime SLA.
• startup: 500,000 claims/mo included, overage €0.0005/claim, 99.5% uptime SLA.
• scale: 5,000,000 claims/mo included, overage €0.0002/claim, 99.9% uptime SLA.

Excess requests respond with HTTP 429. The X-RateLimit-Remaining and X-RateLimit-Reset response headers expose your per-key quota state.

Every per-claim envelope contains a signature over a canonical projection of the claim. To verify locally, recompute the same canonical form, HMAC it with the shared secret, and compare.

v0 signing model: HMAC-SHA256 with a shared secret held only by SourceScore. Consumers verify by fetching the same claim from /api/v1/claims/<id>.json — the server signs at request-time, so signatures match for unmodified claims. The signature’s value is detecting in-transit tampering.

v1 (Y2): migrates to W3C Verifiable Credentials with Ed25519 keys for offline verification. Consumers verify against did:web:sourcescore.org without contacting the API. The signedBy field stays did:web:sourcescore.org across the migration.

All errors return a JSON envelope:

{
  "error": "Body must be JSON.",
  "detail": "Unexpected token } at position 17."  // optional
}

Common status codes:400 bad input; 404 claim id not found; 405 wrong method; 429 rate-limited; 503 catalog index temporarily unavailable.

Drop-in guides for grounding LLM responses in signed VERITAS claims, with copy-paste runnable examples:

• LangChain — retrieve-then-cite + generate-then-verify patterns
• LlamaIndex — custom Retriever + NodePostprocessor for verification
• OpenAI tool-calls — native function-calling that auto-grounds when uncertain
• Vercel AI SDK — Next.js streamText + tool() patterns for TypeScript apps
• DSPy — Stanford's compound-AI-system framework; custom Retrieve + verify-post-processor modules
• All integrations →

Community support: open an issue on gitlab.com/acevault-lab/sourcescore-api (SDK + docs repo, public).

Paid tier email support: [email protected] (SLA per tier).