Skip to main content

Verification & API

Verify certificates and integrate verification into your systems.

Verifying a Certificate

Every TrueCert certificate includes a unique verification token — a string like Anyone can verify a certificate at:

https://truecert.co/api/verify/?token=<64-character-hex-token>

The verification page shows the certificate holder's name, assessment taken, score, and date — no account required.

Verification API

For programmatic verification, use the JSON API endpoint:

Request
GET /api/verify/?token=<64-character-hex-token>&format=json
cURL Example
curl -s "https://truecert.co/api/verify/?token=YOUR_TOKEN_HERE&format=json" | python3 -m json.tool

Replace YOUR_TOKEN_HERE with the 64-character hex token from the certificate.

Response (Valid Token)
{
  "valid": true,
  "expired": false,
  "privacy_level": "full",
  "holder": "Jane Smith",
  "certification": "AWS Cloud Practitioner",
  "category": "Cloud",
  "skill_level": 1,
  "level_label": "Fundamentals",
  "score": "87.5%",
  "passed_date": "2026-02-15",
  "token_expires": "2026-04-16",
  "verified_at": "2026-03-11T10:30:00+00:00"
}
Response (Invalid Token)
{
  "valid": false,
  "error": "Token not found."
}
The verification token itself acts as authentication — it's a 64-character hex string that is practically impossible to guess. Only someone who has been given the token by the certificate holder can verify it.

Privacy Levels

Certificate holders can control how much information is disclosed via verification:

LevelWhat's Shown
Full Name, assessment, score, date, all details
Masked Assessment and pass/fail status only — name and score hidden

Token Expiry

Verification tokens have configurable expiry periods:

  • 30 days — Short-term sharing (job applications)
  • 60 days — Standard (default)
  • 90 days — Extended sharing

Certificate holders can generate new tokens at any time from their dashboard. The underlying certificate never expires — only the sharing token does.

How It Works in Practice

  1. A candidate passes an assessment and receives a certificate with a verification token
  2. The candidate shares the token with an employer, recruiter, or includes it on their resume/LinkedIn
  3. The employer visits the verification page or calls the API with the token
  4. TrueCert confirms the certificate's authenticity, score, and date

The token is a 64-character hex string — it cannot be guessed and can only be shared by the certificate holder.

Open Badges 2.0

All TrueCert certifications are issued as Open Badges 2.0 credentials, the international standard for digital credentials maintained by 1EdTech (formerly IMS Global).

Open Badges are verifiable, portable, and recognized by LinkedIn, Credly, and thousands of platforms worldwide. Each badge contains embedded metadata about the issuer, criteria, and evidence of achievement.

API endpoints:

  • /badges/api/issuer.json — Issuer profile
  • /badges/api/class/{cert-slug}.json — Badge class (per certification)
  • /badges/api/assertion/{hash}.json — Assertion (per earned credential)

Validate any TrueCert badge at the IMS Global Open Badge Validator. This ensures that verification is secure without requiring the verifier to create an account.

Assessment Invites Billing & Plans
FAQ For Companies For Recruitment Contact Support