API Reference
Programmatic access to CredScore's cached wallet verdicts via the v1 API.
The CredScore v1 API is live. It exposes cached wallet verdicts to any tool that can send an HTTP request. Auth is a Bearer token you mint in your account settings.
Base URL: https://www.credscore.us/api/v1
Authentication
Every request sends an Authorization header:
Authorization: Bearer cs_live_<your-key>
Mint a key on the /account page. Keys are shown once at creation. Store them in your secret manager the same way you'd store a Stripe secret key. Revoke a compromised key from the same page.
Rate limit
60 requests per key per minute, tracked per Vercel edge instance. The response includes X-CredScore-Ratelimit-Remaining. When you hit the limit, the endpoint returns 429 RATE_LIMITED — retry after the next minute rolls over.
Endpoint: GET /api/v1/analyze?wallet={address}
Returns the cached CredScore verdict for a wallet. The endpoint reads from shared_analyses (verdicts anyone in the CredScore user base has published) first, then falls back to analysis_audit_log (verdicts your own account has run). If the wallet has never been analyzed on CredScore, source is "none" and the response points you to /desk to seed one.
Sample request:
curl -H "Authorization: Bearer cs_live_..." \ "https://www.credscore.us/api/v1/analyze?wallet=0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
Sample response:
{ "wallet": "0xd8da6bf26964af9d7eed9e03e53415d37aa96045", "score": 92, "tier": "low", "posture": "proceed", "engineVersion": "2026-06-20", "verdictUrl": "https://www.credscore.us/v/AbCdEf12", "source": "shared", "analyzedAt": "2026-06-20T14:22:11Z" }
Error responses
- 400 INVALID_WALLET — the wallet param isn't 0x + 40 hex. - 401 MISSING_API_KEY / INVALID_KEY — no key or a revoked/wrong key. - 429 RATE_LIMITED — 60/minute limit hit. - 500 AUTH_LOOKUP_FAILED — auth store is unreachable. Retry.
Endpoint: POST /api/v1/analyze/batch
Bulk-screens up to 100 wallets in a single request. Table stakes for exchange compliance integrations that need to screen every incoming deposit's from-address in one round-trip.
Body: JSON { "wallets": ["0x…", "0x…"] }
Sample request:
curl -X POST -H "Authorization: Bearer cs_live_..." \ -H "Content-Type: application/json" \ -d '{"wallets":["0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045","0xf3701f445b6bdafedbca97d1e477357839e4120d"]}' \ "https://www.credscore.us/api/v1/analyze/batch"
Response: { "count": N, "results": [...] } — one result object per input, in the same order. Each result is the same shape as GET /api/v1/analyze, or { "input", "error", "message" } for invalid entries. A batch of 50 wallets charges 50 requests against the 60/min rate limit, so plan your batches accordingly.
Roadmap
- POST /api/v1/analyze/run — fresh engine runs (subscription-gated, coming next). - Webhook subscriptions on watchlist alerts.
Enterprise integrations, dedicated rate limits, and volume-based pricing are all on the table — email wade@credscore.us to talk.