Developer Reference

API Documentation

Use CraftedTrust to search the registry, read public trust data, and trigger scans before agents connect to MCP servers.

Trust scores, findings, and scan results are decision support, not guarantees. Use them to narrow risk faster, then apply your own operational controls and review standards.

Overview

CraftedTrust exposes one simple public developer surface: search the MCP registry, fetch public server trust data, and trigger public scans. Paid publisher steps such as Assisted Review and certification live on For Publishers, not in the public API pricing story.

Surface	What it is for
Registry API	Search, stats, public server profiles, reports, and trust assets.
MCP interface	Let agents check trust before they connect to a server.
Publisher workflow	Use the public site for Free Scan, Assisted Review, Standard Certified, and Premium Certified.

Access model

Keep the public evaluator side simple:

Access	What is included
Public	Registry search, public server profiles, reports, badge assets, public research, and docs.
Rate-limited public	Public scans via `POST /scan`.
API key	Higher read volume and authenticated integrations.
Publisher checkout	Assisted Review and certification purchases through the publisher workflow.

Authentication

Most public read endpoints do not require authentication. If you need higher limits for product integrations, include an API key in the X-API-Key header.

curl -H "X-API-Key: your_api_key_here" \ https://mcp.craftedtrust.com/api/v1/stats

Rate limits

Tier	Limit	Window
Public scan	5 scans per hour per IP	1 hour
Public reads	100 requests per hour per IP	1 hour
API key	1,000 requests per hour	1 hour

Rate-limited responses return 429 Too Many Requests with a Retry-After header.

Base URL

https://mcp.craftedtrust.com/api/v1

MCP server interface

Add CraftedTrust as an MCP server so your agent can check trust before opening a new tool connection.

Claude Desktop

{ "mcpServers": { "craftedtrust": { "url": "https://mcp.craftedtrust.com/api/v1/mcp" } } }

Any Streamable HTTP MCP client

{ "mcpServers": { "craftedtrust": { "url": "https://mcp.craftedtrust.com/api/v1/mcp", "description": "Search and verify MCP servers before use" } } }

Available tools

Tool	Description
check_trust	Look up a trust score, grade, findings summary, and certification state by URL or package name.
scan_server	Trigger a public scan and return current findings.
search_registry	Search the registry by name, URL, or publisher.
get_stats	Return high-level registry statistics.

Trust-gating pattern

The simplest safe pattern is: check trust first, then decide whether to connect.

# Step 1: Check the server before connecting result = call_tool("craftedtrust", "check_trust", { "server_url": "https://mcp.example.com/mcp" }) # Step 2: Refuse clearly risky servers if result["grade"] in ("D", "F"): return f"Refused: {result['url']} scored {result['grade']} ({result['score']}/100)" # Step 3: Continue with the MCP connection connect_to_server("https://mcp.example.com/mcp")

Get ecosystem-wide statistics for indexed servers, certifications, and scan activity.

curl "https://mcp.craftedtrust.com/api/v1/stats"

Search the registry by name, URL, publisher, score, or certification state.

Param	Type	Description
q	string	Search query.
sort	string	`relevance`, `score-high`, `score-low`, `recent`, or `name`.
certified	string	`true`, `standard`, or `premium`.
grade	string	`A`, `B`, `C`, `D`, or `F`.

curl "https://mcp.craftedtrust.com/api/v1/search?q=github&sort=score-high&certified=standard"

Get the public trust profile for a specific server.

curl "https://mcp.craftedtrust.com/api/v1/server/https%3A%2F%2Fmcp.example.com"

{ "url": "https://mcp.example.com", "name": "Example MCP Server", "trustScore": 82, "grade": "B", "trustSummary": "Well-documented server with clear transport and auth posture.", "publisherName": "Example Inc.", "certificationStatus": "standard", "lastScanned": "2026-04-08T14:00:00Z" }

Get the current downloadable report or evidence summary for a server.

curl "https://mcp.craftedtrust.com/api/v1/server/https%3A%2F%2Fmcp.example.com/report"

Get a trust asset for embedding in docs, READMEs, or directories.

curl "https://mcp.craftedtrust.com/api/v1/server/https%3A%2F%2Fmcp.example.com/badge?style=compact"

Trigger a public scan. This is the same free public scan that powers the publisher entry step.

curl -X POST https://mcp.craftedtrust.com/api/v1/scan \ -H "Content-Type: application/json" \ -d '{ "server_url": "https://mcp.example.com/mcp" }'

Start a certification application for a publisher-managed server. Use For Publishers for the simplest self-serve path and current pricing.

curl -X POST https://mcp.craftedtrust.com/api/v1/certify \ -H "Content-Type: application/json" \ -d '{ "server_url": "https://mcp.example.com/mcp", "tier": "standard", "contact_email": "team@example.com" }'

Response codes

Code	Meaning
200	Success.
400	Bad request or invalid parameters.
401	Missing or invalid API key.
404	Server not found.
429	Rate limit exceeded.
500	Internal error.

Trust scoring

CraftedTrust scoring is meant to be easy to read in buyer workflows. Results are organized around explainable signals such as transport, authentication, declared behavior, risky tool patterns, documentation quality, and publisher verification evidence.

Output	Meaning
Trust score	Numeric summary used to compare server posture over time.
Grade	Fast buyer-facing shorthand from A to F.
Certification status	`none`, `standard`, or `premium`.
Findings summary	Short explanation of what most affected the result.
Last scanned	Recency marker for public trust decisions.