PepAssure REST API
Programmatic access to vendor rankings, COA verification, and peptide data. Built for labs, research platforms, and quality tooling.
Quick Start
Your First API Call
1Get your API key
Upgrade to the Enterprise plan, then visit Dashboard → Settings → API Access to generate your key. Keep it secret.
2Make a request
curl https://api.pepassure.com/v1/vendors \
-H "Authorization: Bearer pvs_live_sk_YOUR_KEY"3Handle the response
{
"data": [
{ "slug": "novapeptides", "score": 96, "verified": true },
{ "slug": "peptideworks", "score": 93, "verified": true }
],
"total": 47
}Authentication
API Keys
All API requests require a Bearer token in the Authorization header. Keys are scoped to your account and never expire unless rotated.
Request header format
Authorization: Bearer pvs_live_sk_1234567890abcdefSecurity
Never expose API keys in client-side code or public repositories. Rotate immediately if compromised. Use server-side proxies for browser-based applications.
Rate Limits
Limits by Plan
Enterprise
10,000 / hour
~2.8 req/sec sustained
Enterprise + (custom)
Unlimited
Contact sales
Rate limit headers are returned on every response:
X-RateLimit-Limit: 10000
X-RateLimit-Remaining: 9874
X-RateLimit-Reset: 1712793600Endpoints
REST Reference
/v1/vendorsList all verified vendors, sorted by PVS score
Example request
curl https://api.pepassure.com/v1/vendors \
-H "Authorization: Bearer pvs_live_sk_..."Example response
{
"data": [
{
"slug": "novapeptides",
"name": "NovaPeptides",
"score": 96,
"purity": "99.4%",
"verified": true,
"tier": "pro",
"location": "USA",
"pillars": {
"coa": 98,
"purity": 99,
"sentiment": 94,
"transparency": 95,
"experience": 92
}
}
],
"total": 47,
"page": 1
}/v1/vendors/{slug}Get full details for a specific vendor
Example request
curl https://api.pepassure.com/v1/vendors/novapeptides \
-H "Authorization: Bearer pvs_live_sk_..."Example response
{
"slug": "novapeptides",
"name": "NovaPeptides",
"score": 96,
"score_history": [85, 87, ... 96],
"coa_count": 142,
"sentiment": 94,
"peptide_catalog": ["BPC-157", "TB-500", ...],
"recent_coas": [...],
"verified_at": "2024-02-01T10:00:00Z"
}/v1/peptidesList all peptides in the library with vendor counts
Example request
curl https://api.pepassure.com/v1/peptides?category=GLP-1 \
-H "Authorization: Bearer pvs_live_sk_..."Example response
{
"data": [
{
"slug": "semaglutide",
"name": "Semaglutide",
"category": "GLP-1",
"vendor_count": 5,
"molecular_weight": "4113.58 g/mol"
}
]
}/v1/peptides/{slug}/vendorsGet all vendors that sell a specific peptide, ranked by score
Example request
curl https://api.pepassure.com/v1/peptides/bpc-157/vendors \
-H "Authorization: Bearer pvs_live_sk_..."Example response
{
"peptide": "bpc-157",
"vendors": [
{ "slug": "novapeptides", "score": 96, "rank": 1 },
{ "slug": "corepeptide", "score": 89, "rank": 2 }
]
}/v1/coa/verifyEnterprise onlySubmit a COA PDF for verification against our database
Example request
curl -X POST https://api.pepassure.com/v1/coa/verify \
-H "Authorization: Bearer pvs_live_sk_..." \
-F "file=@coa.pdf" \
-F "peptide=BPC-157" \
-F "batch_id=BPC-2024-0412"Example response
{
"verification_id": "ver_abc123",
"status": "verified",
"confidence": 0.98,
"peptide_match": true,
"purity_claim": "99.4%",
"purity_verified": true,
"notes": []
}/v1/searchFull-text search across vendors and peptides
Example request
curl "https://api.pepassure.com/v1/search?q=BPC-157" \
-H "Authorization: Bearer pvs_live_sk_..."Example response
{
"vendors": [{"slug": "novapeptides", "score": 96}],
"peptides": [{"slug": "bpc-157", "name": "BPC-157"}]
}Webhooks
Real-Time Events
Register webhook endpoints to receive real-time notifications when events happen on your vendors. Payloads are signed with HMAC-SHA256 using your webhook secret.
score.changedvendor.tier_upgradedcoa.approvedcoa.rejectedreview.newreview.replyExample payload
{
"id": "evt_abc123",
"type": "score.changed",
"created": 1712793600,
"data": {
"vendor_slug": "novapeptides",
"previous_score": 95,
"new_score": 96,
"delta": 1,
"pillar_changes": {
"coa": 0,
"sentiment": 2
}
}
}Errors
HTTP Status Codes
Bad Request
Invalid parameters or malformed request
Unauthorized
Missing or invalid API key
Forbidden
Endpoint requires Enterprise tier
Not Found
Vendor or peptide doesn't exist
Rate Limited
Too many requests — see X-RateLimit headers
Server Error
Something went wrong on our end
Error response format
{
"error": {
"code": "invalid_api_key",
"message": "The provided API key is not valid.",
"status": 401
}
}Ready to build?
API access is included in the Enterprise plan. Get in touch to learn more or upgrade today.