How much does the TestedClear API cost?

Sandbox is free with 1,000 verifications per month for testing. Starter is $499/month for 10,000 verifications with $0.05/call overage. Growth is $1,999/month for 100,000 verifications with $0.02/call overage and an optional BAA add-on. Enterprise is custom pricing for high-volume partners and includes BAA, SLA, and dedicated support.

Does TestedClear sign a BAA?

BAAs are available for partners who handle PHI (telehealth platforms, employer wellness, insurance portals, etc.). Included at Enterprise. Available as a $499/month add-on at the Growth tier. Pure dating-app integrations typically do not need a BAA because verification status is patient-directed disclosure rather than a HIPAA-covered transaction.

How does badge expiration work?

Every verified credential has a recommended retest date based on the user's testing schedule (quarterly, biannual, or annual). Once that date passes, the API automatically returns verified: false until the user retests. Partners do not need to handle expiration logic — the freshness guarantee is enforced by the API.

Can I embed a verification badge without using the API?

Yes. The Badge Embed feature returns a small HTML badge via iframe and counts toward your monthly call quota at the same rate. This is the simplest integration path for low-volume use cases or for adding verification visuals to a profile page without writing custom UI.

Developer API

What is the TestedClear API?

A real-time verification endpoint for STI testing credentials. One API call with a user's share token returns the verification status, panel, issuer, and recommended-retest date. Auto-expiration means a verified result is always current. Sandbox is free; paid tiers from $499/mo with optional BAA.

Add live STI verification to your platform

One API call. Pass your API key in the X-API-Key header. Returns live verification status that auto-expires when the user is due for retest — so a verified badge always means something current.

Partner with us →See the API

Quick start Verify endpoint Response schema Errors & status codes Auto-expiration Rate limits & pricing Badge embed (free)Badge Display API OAuth for linked apps Privacy Partnerships

Partnership inquiry

Interested in a native integration? We work with dating apps on co-branded rollouts.

rob@testedclear.com →

Quick start

Apply for an API key below. Pass it in the X-API-Key header with every request.

bash

GET https://testedclear.com/api/v1/verify?token=USER_TOKEN
X-API-Key: tc_live_your_key_here

javascript

const res = await fetch(
  'https://testedclear.com/api/v1/verify?token=USER_TOKEN',
  { headers: { 'X-API-Key': 'tc_live_your_key_here' } }
)
const { verified, panel, tested_date, retest_by } = await res.json()

if (verified) {
  showVerifiedBadge({ panel, tested_date, retest_by })
} else {
  showRetestPrompt()
}

Verify endpoint

GET/api/v1/verify

Parameter	Required	Description
`token`	Yes	Public URL token from the user's TestedClear link
`format`	No	json (default) or badge (HTML embed)

Response schema

json

// 200 OK — verified and within testing window
{
  "verified": true,
  "panel": "Full STI Panel",
  "tested_date": "2026-04-01",
  "retest_by": "2026-07-01",
  "issuer_type": "clinic",
  "status": "current"
}

// 200 OK — retest window has passed
{
  "verified": false,
  "reason": "retest_due",
  "retest_by": "2026-04-01"
}

// 200 OK — user revoked their credential
{
  "verified": false,
  "reason": "revoked"
}

// 404 Not Found — token does not match any credential
{
  "verified": false,
  "reason": "invalid_token"
}

All non-error responses return verified as a boolean — that is the only field you need to gate access on. Treat any non-200 status (other than 404) as a transient failure and retry.

Errors & status codes

Errors are returned as JSON with an error field and the status code in the HTTP response.

Status	When it happens
`400`	Missing the `token` query parameter.
`401`	Missing `X-API-Key` header, or key format is not `tc_live_`, `tc_test_`, or `tc_badge_`, or key is not recognized.
`403`	Key has been suspended, or your application status is not approved.
`404`	Token does not match any credential in our system.
`429`	Sandbox monthly limit reached (1,000 calls). Upgrade to a paid tier.
`500`	Server error. Retry with exponential backoff.

Every error response includes docs and apply URLs so that unfamiliar consumers of the API get pointed to the right place.

Auto-expiration

This is the key differentiator

The API returns verified: false automatically when the user's recommended retest date passes — no action needed from you or the user. A verified badge always means currently within testing window.

Rate limits & pricing

Usage is metered per-month per-key. Each successful call counts as one unit. Calls that return 4xx errors do not count against usage.

Tier	Monthly	Included calls	Overage per call
Sandbox	Free	1,000	Hard cap · test environment only
Starter	$499	10,000	$0.05
Growth	$1,999	100,000	$0.02 · BAA available ($499/mo add-on)
Enterprise	Custom	Custom	BAA included · SLA · dedicated support

Sandbox is capped — once you hit 1,000 calls in a month, the endpoint returns 429 until the 1st of next month. Paid tiers allow overage and bill automatically through Stripe.

Need more than Growth?

Custom pricing for high-volume partners. Includes BAA, SLA, dedicated support, and integration help. Contact sales →

Badge embed (free)

The simplest integration — an iframe that renders a small verified badge. Uses format=badge on the standard verify endpoint and counts toward your monthly call quota.

html

<iframe
  src="https://testedclear.com/api/v1/verify?token=USER_TOKEN&format=badge"
  width="220" height="60" frameborder="0"
  style="border:none;border-radius:10px;"
></iframe>

Badge Display API

For integrations that want richer badge options (SVG, HTML with display name, JSON for native rendering), use the dedicated Badge Display endpoint. Requires a tc_badge_ key — a separate key class from the verify-API tc_live_ key.

GET/api/v1/badge

Parameter	Required	Description
`token`	Yes	Public URL token from the user's TestedClear link
`format`	No	json (default), html, or svg

javascript

// JSON — render your own badge UI
const res = await fetch(
  'https://testedclear.com/api/v1/badge?token=USER_TOKEN',
  { headers: { 'X-API-Key': 'tc_badge_your_key_here' } }
)
const { verified, display_name, panel, tested_date, retest_by, badge_url } = await res.json()

// SVG — drop-in image tag
// <img src="https://testedclear.com/api/v1/badge?token=USER_TOKEN&format=svg" />

The JSON response includes display_name when the user has set one — useful for rendering a personalized badge alongside a user's profile.

OAuth for linked apps

For apps that want verification status tied to a specific TestedClear user account (rather than a shareable link), use the OAuth 2.0 authorization code flow. The user consents in their TestedClear account, your app receives a long-lived access token, and you can then check verification status without the user ever sharing a link with you.

OAuth is a separate integration pathway — contact rob@testedclear.com to onboard as a partner and receive a client_id and client_secret.

1. Redirect the user to authorize

bash

GET https://testedclear.com/api/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &redirect_uri=https://yourapp.com/callback
  &response_type=code
  &state=RANDOM_CSRF_TOKEN

The redirect_uri must exactly match one of the URIs registered with your partnership. After the user consents, they're redirected back with ?code=...&state=... appended.

2. Exchange the code for an access token

bash

POST https://testedclear.com/api/oauth/token
Content-Type: application/json

{
  "grant_type": "authorization_code",
  "code": "AUTH_CODE_FROM_CALLBACK",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "redirect_uri": "https://yourapp.com/callback"
}

Auth codes expire after 10 minutes and are one-shot — they can only be exchanged once. Store the resulting access_token securely on your server.

3. Check verification status

bash

GET https://testedclear.com/api/oauth/me
Authorization: Bearer ACCESS_TOKEN

json

// Verified
{
  "verified": true,
  "panel": "Full STI Panel",
  "tested_date": "2026-04-01",
  "retest_by": "2026-07-01",
  "issuer_type": "clinic"
}

// Retest due
{
  "verified": false,
  "reason": "retest_due",
  "retest_by": "2026-04-01"
}

// No active credential
{
  "verified": false,
  "reason": "no_active_credential"
}

The OAuth endpoint returns the same verification shape as the verify API but tied to the user who consented — no token-sharing required. Same auto-expiration semantics apply.

Privacy

✓ ReturnedVerification status, test panel, test date, retest-by date

✗ Never returnedPhone number, name, email, raw results, user ID

Partnerships

We work with dating apps on deeper integrations — native badge display, user auth flows, and co-branded verification experiences.

Apply for API access

Free tier available. Enterprise pricing for high-volume integrations.