Trust API Guide
API endpoints
Each service in the Data Trust Registry has its own entry in the API. These can be found via the Web UX on dt-reg.org, but the more common case these will be found is when the service shares its URL in order to verify its trust level. For example:
- The service can share its URL when applying for an API key
- The service can send its URL as a property when initiating an OAuth flow to ask for user authorization for data access
Entry Information Endpoint
Methods
GET [entry-info endpoint]Request body
The request body must be empty.
Response body
The response body contains the trust information about one entry or service. A company may have multiple services but the company trust information is included in this response.
JSON Representation
{
"trustLevel": 2,
"trustStatus": "verified",
"verifiedDomain": "example.com",
"trustInfo": {
"operatorPrivacyPolicy": "https://www.example.com/privacy-policy",
"termsOfService": [
"https://www.example.com/privacy-policy",
"https://www.example.com/terms-of-service"
],
"dataProtectionOfficer": {
"name": "Data Protection Office",
"address": "123 Example ave etc",
"email": "dpo@example.com"
}
},
"serviceInfo": {
"serviceName": "Example",
"serviceCategories": [
"Multiple"
],
"serviceDescription": "Example enables users to combine photos, videos and links in sharable boards.",
"serviceIcon": "https://example.com/icon.png",
"serviceUrl": "https://example.com/"
},
"operatorInfo": {
"serviceOperatorName": "Example Inc.",
"serviceOperatorUrl": "https://example.com",
"serviceOperatorIcon": "https://example.com/icon.png",
"serviceOperatorSecurityIssueReportUrl": "https://example.com/privacy-policy"
},
"authConnection": {
"oAuthClientId": ‘00000’,
"oauth_client_metadata": {
"redirect_uris": [“https://example.com/api/oauth/redirect”],
"client_name": "Example",
"logo_uri": "https://example.com/icon.png"
}
},
"dataConnection": {
"apiConnectionInfo": {
"apiRootUrl": "https://example.com/api/v1/",
"apiDocsUrl": "https://example.com/docs/welcome"
}
},
"entityDataValidity": {
"validFromDT": "2025-09-01T00:00:00.000Z",
"validUntilDT": "2026-09-01T00:00:00.000Z"
}
}
| Fields | |
|---|---|
trustLevel |
Current values are 0, 1 or 2 but additional levels MAY be introduced. Higher integer values will always be inclusive of the lower trust level requirements. |
status |
For a verified service, this should be “verified”. After learning from our pilot program, we may introduce additional values such as “under investigation” or “warning” that may be less firm than “verified”. |
trustInfo | operatorPrivacyPolicy |
A URL to the main privacy policy offered by the operator of the service. Additional terms of service that may affect privacy may also be found in the termsOfService links. |
trustInfo | termsOfService |
The operator’s general terms of service, and other documents that declare policies around how the service may be used or how the service may use personal data. |
dataProtectionOfficer | name |
Name of the person or office to address data protection requests to as described by EU’s GDPR. May be null or empty. |
dataProtectionOfficer | address |
Full address that data protection documents may be sent to. May be null or empty. |
dataProtectionOfficer | email |
Email address used to reach a Data Protection Officer. |
serviceInfo | serviceName |
Display name of service, suitable for display in UX, e.g. requesting user consent to transfer data to this service or offering a list of services user may transfer data to or from. Service names are NOT unique in the registry, but the combination of company name and service name will be unique. |
serviceInfo | serviceCategories |
Names of service categories that the service may participate in. This might help find appropriate services as the registry grows - for example, finding a list of services that participate in photo album data transfer or music playlist data transfer. The list of possible categories is not yet fixed or limited. |
serviceInfo | serviceDescription |
A description of the service. NOTE this may be available in multiple languages. If so, the values of the description will be in a language map: {‘en’: “Photos” ‘ja’: “写真”} |
serviceInfo | serviceIcon |
URL to a logo suitable for display with the service name. |
serviceInfo | serviceUrl |
URL to the most appropriate page for users to learn more about the service. |
operatorInfo | serviceOperatorName |
Name of the organization responsible for the service. |
operatorInfo | serviceOperatorUrl |
URL to the organization responsible for the service. |
operatorInfo | serviceOperatorIcon |
URL to an icon suitable to represent the service operator when displaying the name to users. |
operatorInfo | serviceOperatorSecurityIssueReportUrl |
URL to a page offering a way to report security issues to the operator of the service |
authConnection | oAuthClientId |
If present, this client_id may be provided in OAuth connection requests. |
authConnection | oauth_client_metadata |
See RFC 7591 |
dataConnection | apiConnectionInfo |
If the service hosts an API where personal data may be requested, this provides information about reaching that API. |
entityDataValidity | validFromDT |
RFC3339 When did this registry entry first get created |
entityDataValidity | validUntilDT |
RFC3339 When is this registry entry valid until. Note this does not imply an entry can be cached until the “validUntilDT” because status may change unexpectedly, but it does mean the entry cannot be relied upon if this date is passed. |