Developer reference
Verify Responsible AI Australia certification
A free, public API and MCP server for verifying whether an Australian business holds Responsible AI Australia certification. No authentication, no API key. Query by ABN, website domain, certification ID or business name. For the why behind this, see agent-ready certification.
Fastest path
Build it with your AI coding agent
Using Claude Code, Codex, Cursor or a similar agent? Hand it one of these prompts. Each tells the agent to read this site's machine-readable docs first, so it builds against the live API instead of guessing.
Using Claude Code? Add the MCP server in one command.
claude mcp add --transport http responsible-ai-australia https://www.responsibleaiaustralia.com.au/api/mcp
Verify a business in your app
Add a certification check to a vendor or supplier profile.
Add Responsible AI Australia certification verification to this project.
First, fetch and read these to learn the API (free, public, no auth):
- https://www.responsibleaiaustralia.com.au/llms.txt
- https://www.responsibleaiaustralia.com.au/developers
- https://www.responsibleaiaustralia.com.au/openapi.json
Then implement a verifyResponsibleAI(domainOrAbn) helper that calls
GET /api/v1/verify (by ?domain= or ?abn=) and returns
{ certified, status, tier, certId, expiresAt, registerUrl }.
Rules:
- Treat status "active" as currently certified.
- Treat "not_found" as "has not applied", not a negative signal.
- Cache each result for up to 5 minutes.
Then show a "Responsible AI Certified (<tier> tier)" badge on the vendor
profile page when status is "active", linking to registerUrl.
Add tests using certId RAIA-2026-0009.Give your agent the MCP server
A native verification tool for any MCP-capable agent.
Add the Responsible AI Australia MCP server to this project so the agent can verify certifications natively. It is HTTP transport, stateless, no auth: https://www.responsibleaiaustralia.com.au/api/mcp It exposes three tools: verify_certification, list_certified_businesses and get_credential. Add it to the project's MCP config, then demonstrate verifying a business by domain.
Gate vendor onboarding or procurement
Badge or block vendors based on live certification.
In our vendor onboarding flow, add a Responsible AI certification check. Read https://www.responsibleaiaustralia.com.au/developers for the API. When a vendor is added with a website domain, call GET /api/v1/verify. - If status is "active": store certId, tier and expiresAt, and show a verified badge. - If "not_found": show nothing, do not flag them negatively. Add a daily background job to re-check stored vendors, since certifications expire (12 months) and can be revoked.
Cryptographically verify a credential
Zero-trust: check the signature and revocation yourself.
I want to cryptographically verify a Responsible AI Australia credential,
not just trust the JSON API. Read
https://www.responsibleaiaustralia.com.au/developers.
Implement verifyCredential(certId) that:
1. Fetches the signed credential from /api/v1/credentials/{certId}
(a W3C Verifiable Credential, VC-JWT, signed with Ed25519).
2. Verifies the JWT signature against the issuer DID document at
/.well-known/did.json.
3. Checks it is not revoked via the bitstring status list at
/api/v1/status-list.
Return { valid, status, tier, expiresAt } and write tests.Add your own live trust badge
For businesses that are already certified.
We are certified by Responsible AI Australia (certId: RAIA-XXXX-XXXX). Add the live trust seal to our site footer: a single async script tag from https://www.responsibleaiaustralia.com.au/embed/badge.js with data-cert-id set to our certId. It renders the badge for humans and structured data for machines, and hides itself automatically if the certification ever lapses. Read /developers if you need details.
Quickstart
One HTTP call
# Verify by website domain curl "https://www.responsibleaiaustralia.com.au/api/v1/verify?domain=example.com.au" # Or by certification ID, ABN, or business name curl "https://www.responsibleaiaustralia.com.au/api/v1/verify?certId=RAIA-2026-0009" curl "https://www.responsibleaiaustralia.com.au/api/v1/verify?abn=16675184291" curl "https://www.responsibleaiaustralia.com.au/api/v1/verify?name=Example"
A 200 returns JSON
{
"certified": true,
"status": "active",
"certId": "RAIA-2026-0009",
"businessName": "Example Pty Ltd",
"abn": "16675184291",
"domain": "example.com.au",
"tier": "Govern",
"issuedAt": "2026-02-01T00:00:00.000Z",
"expiresAt": "2027-02-01T00:00:00.000Z",
"registerUrl": "https://www.responsibleaiaustralia.com.au/businesses/<id>",
"credentialUrl": "https://www.responsibleaiaustralia.com.au/api/v1/credentials/RAIA-2026-0009",
"issuer": {
"name": "Responsible AI Australia",
"did": "did:web:www.responsibleaiaustralia.com.au",
"register": "https://www.responsibleaiaustralia.com.au/businesses"
}
}From JavaScript
const res = await fetch(
"https://www.responsibleaiaustralia.com.au/api/v1/verify?domain=example.com.au"
);
const result = await res.json();
if (result.certified && result.status === "active") {
console.log(`${result.businessName} is certified (${result.tier} tier).`);
}Endpoints
/api/v1/verifyVerify a business. Provide exactly one of abn, domain, certId or name as a query parameter. Returns a verification result; 400 if none is given.
/api/v1/businessesThe full public register as { count, businesses[] }, each business in the same shape as a verification result.
/api/v1/credentials/{certId}The signed Australian AI Trust Credential: a W3C Verifiable Credential as a VC-JWT, signed with Ed25519 by did:web:www.responsibleaiaustralia.com.au. 404 for an unknown certification ID.
/api/v1/status-listA W3C Bitstring Status List credential for checking whether a credential has been revoked.
/.well-known/did.jsonThe issuer DID document, with the public key used to verify signed credentials.
Verification result
Returned by /api/v1/verify and, per business, by /api/v1/businesses.
| Field | Type | Description |
|---|---|---|
certified | boolean | Whether a current certification exists. |
status | string | One of active, expired, revoked or not_found. |
certId | string | Certification ID, e.g. RAIA-2026-0009. |
businessName | string | Legal or trading name of the business. |
abn | string | Australian Business Number, digits only. |
domain | string | null | Registered website domain, if provided. |
tier | string | null | Commit, Embed or Govern. |
tierDescription | string | null | Plain-language description of the tier. |
issuedAt | date-time | When the certification was issued (ISO 8601). |
expiresAt | date-time | null | When it expires. Certifications are valid 12 months. |
registerUrl | uri | Public register profile for the business. |
credentialUrl | uri | Signed credential (AATC) endpoint for this certId. |
issuer | object | Issuer name, did:web identifier and register URL. |
Status values
activeCertification is current and valid.expiredThe business was certified, but the 12-month validity has lapsed.revokedThe certification was withdrawn before its expiry date.not_foundNo certification on record. The business may simply not have applied; absence is not a negative judgement.
MCP server
Claude and any MCP-capable agent can use the register as a native tool. Streamable HTTP transport, stateless, no authentication. Add the server to your client configuration:
{
"mcpServers": {
"responsible-ai-australia": {
"url": "https://www.responsibleaiaustralia.com.au/api/mcp"
}
}
}| Tool | Arguments | Description |
|---|---|---|
verify_certification | abn | domain | certId | name | Verify a business and return status, tier and validity. |
list_certified_businesses | none | Return the full public register of certified businesses. |
get_credential | certId | Fetch the signed AATC (VC-JWT) for a certification. |
Caching, discovery & standards
- No authentication. Every endpoint here is free and public. Please query considerately.
- Freshness. Verification responses are cached for up to five minutes. For a procurement decision, do not treat a result as fresh beyond that; for a definitive revocation check, verify the credential against the bitstring status list.
- Discovery. Machine-readable entry points: /.well-known/ai-plugin.json, OpenAPI spec, llms.txt and the DID document.