Subtl Domain API

Domain reputation scoring with 7 security checks. One API call returns a trust score, risk level, and detailed breakdown for any domain.

Quick Start

Get up and running in under a minute.

1. Get your API key

Sign up to receive your API key with the stl_ prefix. Free tier includes 100 requests per month.

2. Make your first request

curl "https://domain.subtl.dev/v1/reputation?domain=example.com" \
  -H "Authorization: Bearer stl_your_api_key"

const res = await fetch(
  "https://domain.subtl.dev/v1/reputation?domain=example.com",
  { headers: { "Authorization": "Bearer stl_your_api_key" } }
);
const data = await res.json();
console.log(data.score, data.risk);

import requests

res = requests.get(
    "https://domain.subtl.dev/v1/reputation",
    params={"domain": "example.com"},
    headers={"Authorization": "Bearer stl_your_api_key"}
)
data = res.json()
print(data["score"], data["risk"])

3. Parse the response

The response includes three key fields:

• score — Trust score from 0 (dangerous) to 100 (safe)
• risk — Risk level: safe, moderate, suspicious, or dangerous
• details — Breakdown of all 7 security checks

Authentication

All API requests require a Bearer token in the Authorization header.

Authorization: Bearer stl_your_api_key

API keys use the stl_ prefix followed by a 32-character identifier. Keep your key secure — it provides full access to your account's API quota.

Base URL

https://domain.subtl.dev

All endpoints are prefixed with /v1/. HTTPS is required for all requests.

Rate Limits

Each plan has monthly and per-minute rate limits. See Errors & Rate Limits for full details.

Endpoints

CORS

The API returns Access-Control-Allow-Origin: * for all responses. However, we strongly recommend making API calls from your backend to protect your API key.