API documentation

JSON over HTTPS. Every verdict is confidence-scored; insufficient_evidence is a valid answer, never an error. Tiers gate freshness, history depth, and redistribution.

Authentication

# Pass your key as a Bearer token
curl https://api.veridex.example/v1/lookup/tor/185.220.101.1 \
  -H "authorization: Bearer $VERIDEX_API_KEY"

Point lookups

GET /v1/lookup/package/:ecosystem/:name   # malicious-package check
GET /v1/lookup/tor/:ip                     # Tor node check
GET /v1/lookup/:type/:value                # ip | domain | sha256 | url

# → { "verdict": "block|monitor|enrich|insufficient_evidence",
#     "confidence": 0.0-1.0, "classification": "...", "sources": [...] }

Batch lookups

POST /v1/lookup/batch
{ "lookups": [
    { "feed": "packages", "type": "package", "value": "npm/left-pad" },
    { "type": "domain", "value": "evil.example" }
] }

Bulk feeds

GET /v1/feeds/:feed/manifest    # version pointer + sha256 + sizes
GET /v1/feeds/:feed/latest      # full NDJSON snapshot (honours If-None-Match → 304)
GET /v1/feeds/:feed/delta       # adds/removes since the previous version

Client libraries

Python + CLI

pip install veridex
veridex scan package-lock.json   # non-zero exit if a dependency is flagged

TypeScript

npm install @veridex/client
import { VeridexClient, isMalicious } from "@veridex/client";
const v = await new VeridexClient({ apiKey }).lookupPackage("pypi", "colourama");

Verdict tiers

block (high confidence) · monitor · enrich · insufficient_evidence. Confidence decays with the age of the last observation.