Get current security trust block
https://app.speybooks.com/api/v1/public/trustReturns the latest security audit trust block: the grade, score, module counts, and audit date produced by the SpeyBooks Security Test Harness, served read-only from its single-writer source (AX-TRUST-001). This is the same data rendered in the footer badge on speybooks.com and docs.speybooks.com, so the badge and this endpoint cannot disagree.
Authentication
Public, no authentication required. No API key or session is consulted; these endpoints are public by design.
Response Fields
securityGrade: audit grade, one ofA+,A,B,C,F(there is no D grade)score: weighted audit score, 0 to 100lastAuditDate: audit date, ISOYYYY-MM-DD(UTC)passed/total: modules passed and modules runfailures/warnings: module failures and warningssthReportDate: report timestamp, ISO UTCauditSlug: slug of the published audit report on/insights/, when one exists; omitted otherwiseageSeconds: age of the report at serve time, computed per request fromsthReportDatestale:truewhenageSecondsexceeds the 48-hour freshness threshold
Freshness Semantics
Staleness is flagged, never hidden (AX-TRUST-002). A 200 response with
stale: true means the audit data is valid but older than
the freshness threshold; it is the API being honest about
its data, not a fault. Consumers should decide their own
rendering policy. SpeyBooks' own pages withhold the grade
and show "verification pending" when the block is stale.
The audit runs daily, so under normal operation
ageSeconds stays below 86,400 and stale is false.
The 48-hour threshold allows for one missed run plus slack.
Errors
A 500 with a generic message means the trust data is
missing or failed validation, which is a different signal
from staleness: monitoring can distinguish "data old"
(200, stale: true) from "data broken" (500). The
endpoint never serves a grade that failed validation
against the committed grade model.
Caching
Responses carry Cache-Control: public, s-maxage=300.
Deliberately no stale-while-revalidate: serving a
possibly-outdated price for an hour is acceptable, serving
a possibly-outdated trust claim is not. The 5-minute cache
window sits far inside the 48-hour freshness threshold, so
caching cannot mask staleness.
The audit report: when auditSlug is present, the
full module-by-module report is published at
https://speybooks.com/insights/{auditSlug}/. The slug is
omitted on audit runs that have not yet published a report;
the most recent published report remains the reference.
A perfect score is not guaranteed: the example above is illustrative and shows two warnings. SpeyBooks publishes whatever the harness measures; a grade below the visibility floor is withheld from the footer badge but still served here (AX-TRUST-002), because the API reports facts and the badge applies presentation policy.
Rate limiting: no explicit limit; the 5-minute cache means rapid polling yields identical results. Poll daily at most; the underlying data changes once per day.
Response
Show response fields
trustobjectShow child attributes
ageSecondsintegerauditSlugstringfailuresintegerlastAuditDatestringpassedintegerscoreintegersecurityGradestringstalebooleansthReportDatestringtotalintegerwarningsinteger