Introducing the credential graph: an API for verifying any worker, anywhere
When a candidate applies to drive for a delivery service, the platform runs a background check. The candidate's identity, driving record, and sometimes their criminal history are all verified within minutes — by APIs, not by phone calls. The data flows automatically from authoritative sources into the platform's hiring system. No PDFs are emailed. No recruiters are calling DMV offices. The verification is structured, fast, and machine-readable.
Now consider what happens when the same candidate is hired and needs food handler certification within 30 days. The platform either trusts the candidate to upload a PDF, manually checks it, or — most commonly — just doesn't verify at all. The credential is there somewhere, in an inbox, on a phone, eventually in a binder under the host stand. If the state inspector asks, the manager goes hunting.
This is the verification gap. Every other piece of an employee's profile has been digitized and made queryable. Their credentials, the thing that legally matters most, are still being treated like paperwork.
We built the credential graph to close that gap.
What it is
The credential graph is the public API behind every CertiComply
certificate. Every cert we issue carries a unique machine-readable
ID — CC-2026-CA-000147, for example. That ID is the entry point
into a structured verification endpoint that any system can query:
GET /api/v1/certs/CC-2026-CA-000147
The response is JSON, not a PDF:
{
"id": "CC-2026-CA-000147",
"status": "valid",
"learner": { "name": "Maria Garcia" },
"course": {
"title": "Food Handler Safety Certification",
"slug": "food-handler-california"
},
"issuedAt": "2026-04-23",
"expiresAt": "2028-04-23",
"approvalNumber": "CA-FH-2024-001",
"issuingAuthority": "California CDPH",
"verificationUrl": "https://certicomply.com/verify/CC-2026-CA-000147"
}
That endpoint is public. No API key required. No authentication. Any system — an ATS like Greenhouse, an HRIS like Rippling, an AI agent verifying a hire, a state inspector with a QR scanner, a journalist fact-checking a claim — can query it instantly.
Status changes propagate immediately. If a cert is revoked, the API
returns "status": "revoked". If it expires, "status": "expired".
There is no version of the world where a stale PDF says one thing and
the underlying truth says another.
Why this matters
A static certificate is a snapshot in time. It says, on the day it was printed, this person passed this exam. Two years later, that's all it still says — even if the person let their license lapse, the state revoked the credential, or the regulation changed entirely.
A live credential graph says: as of this exact second, here is the status of this credential, who issued it, when it expires, and where to verify it.
For an employer running pre-hire compliance checks, that means a 200-millisecond API call instead of a chain of emails. For an HRIS automating new hire onboarding, it means triggering required training automatically based on which credentials the new employee already holds. For an AI agent asked "is this candidate legally allowed to work this shift?", it means answering with confidence, in real time, citing the issuing authority directly.
For the worker who holds the credential, it means a piece of paper that doesn't have to be carried, mailed, scanned, or photographed. It works the way credit cards work — by reference, queried on demand, always current.
The endpoint family
The credential graph is more than a single verification endpoint. The full API includes:
GET /api/v1/certs/:id— public verification of any certGET /api/v1/credentials/required— the credential graph proper: given a role and a state, what certs are required? (?role=food-handler&state=CA&county=san-diego)GET /api/v1/orgs/:orgId/compliance— real-time compliance snapshot for an organization (requires API key)POST /api/v1/orgs/:orgId/members/:userId/enroll— programmatic enrollment, used by HRIS integrations to assign training on hire
Every endpoint is documented at docs.certicomply.com with
versioned schemas, sandbox keys, and example payloads in five
languages. The OpenAPI spec is published at /api/v1/openapi.json
and updates automatically as we ship.
What this unlocks
The first wave of integrations is the obvious one: HRIS platforms trigger training automatically on hire, ATS platforms verify cert status during onboarding, AI agents check compliance before scheduling shifts. We have integrations live or in development with several major HRIS vendors as of this post; we'll be naming them as the relationships mature.
The second wave is more interesting. Once credentials are queryable, they become composable. A staffing platform can match workers to shifts based not just on who's available, but on who's currently certified for the location and role. An AI assistant can respond to "do I need any new certs to take this travel nursing contract in Florida?" with a real, specific, actionable answer based on live data. A state regulator can pull a real-time view of compliance rates across an entire industry, without waiting for quarterly batch reports.
When credentials are alive, the workforce can be verified at the speed of work — not the speed of paperwork.
What you can do with it today
Every CertiSeal cert ever issued is queryable through the public endpoint, right now. If you've completed a course with us, your verification URL is on the cert PDF, in your dashboard, and embedded in the QR code. Try it. Hit the endpoint with curl. Pass the URL to ChatGPT and ask it to verify the cert. Drop the QR into a hiring tool.
Most certification badges ask you to trust them. CertiSeal is designed so you can check it.
We built this because the future of compliance is public, structured, and instant. Every other modern verification system already works this way. Credentials are next.
The credential graph is live and free to query for any cert ID. Read the full API documentation → · Talk to our partnerships team →