Public REST API for certificate verification and the CertiComply catalog. JSON in, JSON out, CORS enabled, OpenAPI 3.0 spec available. Free for low-volume use; partner API keys for production integrations.
{
"data": {
"certNumber": "CC-2026-CA-000147",
"status": "valid",
"holderName": "Maria Garcia",
"course": {
"title": "California Food Handler Certification",
"slug": "california-food-handler"
},
"issueDate": "2026-04-23",
"expiresAt": "2028-04-23",
"state": "CA",
"approvalNumber": "CA-FH-2024-001",
"verifyUrl": "http://localhost:3000/verify/CC-2026-CA-000147",
"verifiedAt": "2026-04-25T12:34:56Z"
}
}All endpoints live under http://localhost:3000/api/v1. Responses use the envelope { data, meta? } on success and { error: { code, message } } on failure.
Verify a CertiSeal-issued certificate
List published courses (filterable by vertical and state)
Fetch one course with state approvals
List industry verticals with marketing metadata
List license types (filterable by vertical and jurisdiction)
CertiSeal verification and catalog reads are public. Rate-limited to 60 req/min/IP for verify, 120 req/min/IP for catalog. Plenty for most production embeds.
Higher rate limits, partner endpoints, and longer-term SLAs require an API key. Pass it as X-API-Key or Authorization: Bearer.
Every endpoint sits under /api/v1/. We commit to no breaking changes within v1. Major changes ship as v2 with the previous version maintained for at least 12 months.
HTTP 200 for success, 4xx for client errors with a typed error code (not_found, invalid_request, rate_limited, etc.). 5xx for server errors - please retry with exponential backoff.
Tell us a bit about your integration and we'll come back with an API key, rate limits, and a sample integration. Most partners are integrated in a day.