Complete reference for the Helix Fabric detection API. Submit entities for scanning, retrieve trust verdicts, and query detected signals.
https://api.thomasperryjr.org
v2
All API requests require a Bearer token. Include your API key in the Authorization header.
API keys are provisioned during onboarding. Contact thomas@thomasperryjr.org to request access.
| Plan | Rate Limit | Burst |
|---|---|---|
| Starter | 100 req/min | 150 |
| Professional | 500 req/min | 750 |
| Enterprise | Custom | Custom |
Rate limit headers (X-RateLimit-Remaining, X-RateLimit-Reset) are included in every response.
/api/scan
Submit a domain for synthetic identity scanning. The domain enters the queue-driven scan pipeline and is processed by distributed workers.
{
"domain": "example.com",
"priority": "normal",
"signals": ["web_presence", "c2pa", "ecosystem"],
"webhook_url": "https://your-app.com/webhook"
}
| Parameter | Type | Required | Description |
|---|---|---|---|
| domain | string | Yes | Target domain to scan |
| priority | string | No | "low", "normal" (default), "high" |
| signals | string[] | No | Specific signal types to scan. Default: all |
| webhook_url | string | No | URL to receive scan completion notification |
{
"scan_id": "sc_a1b2c3d4e5f6",
"domain": "example.com",
"status": "queued",
"estimated_completion": "2026-02-20T15:30:00Z",
"poll_url": "/api/status/example.com"
}
/api/status/{domain}
Check the current scan status for a domain. Returns the latest scan state and progress information.
| Parameter | Type | Description |
|---|---|---|
| domain | string | Target domain (e.g., example.com) |
{
"domain": "example.com",
"status": "scanning",
"progress": 0.65,
"workers_active": 3,
"signals_detected": 4,
"started_at": "2026-02-20T15:25:00Z",
"estimated_completion": "2026-02-20T15:30:00Z"
}
Status values: queued, scanning, complete, failed
/api/verdict/{domain}
Retrieve the trust verdict for a scanned domain. Returns the composite trust score, verdict classification, and dimensional breakdown.
| Parameter | Type | Description |
|---|---|---|
| domain | string | Target domain |
{
"domain": "example.com",
"verdict": "refuse",
"trust_score": 0.23,
"synthetic_probability": 0.87,
"dimensions": {
"entity": 0.15,
"compliance": 0.31,
"behavioral": 0.22,
"counterparty": 0.18,
"ethics": 0.29
},
"scanned_at": "2026-02-20T15:30:00Z",
"signal_count": 12
}
Verdict values: allow (≥0.75), require_approval (0.60–0.75), require_review (behavioral <0.50), refuse (<0.60 or hard-fail)
/api/signals/{domain}
List all detected signals for a scanned domain. Returns categorized signals with confidence scores and evidence metadata.
| Parameter | Type | Description |
|---|---|---|
| domain | string | Target domain |
| Parameter | Type | Description |
|---|---|---|
| category | string | Filter: web_presence, c2pa, ecosystem, cross_entity |
| min_confidence | float | Minimum confidence threshold (0.0–1.0) |
{
"domain": "example.com",
"signals": [
{
"id": "sig_f7e8a9b0",
"category": "web_presence",
"type": "domain_age_anomaly",
"confidence": 0.92,
"description": "Domain registered 47 days ago with mature content",
"detected_at": "2026-02-20T15:28:12Z"
},
{
"id": "sig_c3d4e5f6",
"category": "ecosystem",
"type": "reference_loop",
"confidence": 0.85,
"description": "Closed reference cycle with 3 related entities",
"related_entities": ["entity-a.com", "entity-b.com"],
"detected_at": "2026-02-20T15:29:01Z"
}
],
"total": 12
}
| Code | Status | Description |
|---|---|---|
| 400 | Bad Request | Invalid domain format or missing required parameters |
| 401 | Unauthorized | Missing or invalid API key |
| 404 | Not Found | Domain has not been scanned |
| 429 | Too Many Requests | Rate limit exceeded. Check X-RateLimit-Reset header |
| 500 | Internal Error | Server error. Contact support with the X-Request-Id header value |
# Submit a scan curl -X POST https://api.thomasperryjr.org/api/scan \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d '{"domain": "suspect-entity.com"}' # Check verdict curl https://api.thomasperryjr.org/api/verdict/suspect-entity.com \ -H "Authorization: Bearer $API_KEY"
The detection algorithms in this API are grounded in published, peer-reviewed research.