API reference

Eight endpoints. No key.

Every route is public, read-only (GET), unauthenticated and CORS-enabled for any origin. The full schema lives at /openapi.json.

Base

Where it lives

Interactive docs

docs.dsa-api.com/docs — Swagger UI

Schema

/openapi.json — full OpenAPI

Not a source of truth. This is a community mirror. The authoritative register is the European Commission page. Every response carries X-Source-URL and X-Disclaimer headers.
Endpoints

The whole surface

GET/v1/trusted-flaggers

List and filter designated flaggers.

ParameterDescription
countryTwo-letter code, repeatable (e.g. ?country=SK&country=FR).
areaArea of expertise, repeatable. See the enum on the Data page.
dsc_countryFilter by the coordinator's country.
statusactive (default) or all.
designated_after / _beforeISO date bounds on designation.
qSubstring match on name or address.
limit / offsetPagination. limit ≤ 200.
GET/v1/trusted-flaggers/lookup

Resolve a single flagger by email, domain or website — handy for checking whether an inbound report comes from a designated body.

GET/v1/trusted-flaggers/{id}

A single flagger by its stable UUID.

GET/v1/trusted-flaggers/{id}/history

Every change event recorded for one flagger.

GET/v1/changes

Changelog of created / updated / removed / restored events across the register.

ParameterDescription
sinceISO timestamp. Defaults to 30 days ago.
limit / offsetPagination. limit ≤ 500.
GET/v1/stats

Aggregate counts by country, area of expertise and DSC country.

GET/v1/health

DB-backed readiness check.

GET/v1/version

App version and environment.

Example

Active flaggers in Slovakia

# request
curl https://api.dsa-api.com/v1/trusted-flaggers?country=SK

# response
[
  {
    "name": "Ochráň ma",
    "country_code": "SK",
    "dsc_name": "Rada pre mediálne služby | Council for Media Services",
    "areas_of_expertise": ["cyber_violence", "illegal_speech", "self_harm", "protection_of_minors", "public_security", "scams_fraud"],
    "designation_date": "2025-12-17",
    "website": "https://ochranma.sk",
    "status": "active"
  }
]

The full field list is documented on the Data page.

Limits & headers

Fair use, no key

Rate limits

  • 60 requests / minute per client IP
  • 5000 requests / day per client IP
  • Over the limit returns 429 with a Retry-After header
  • X-RateLimit-Limit and X-RateLimit-Window-Seconds on every /v1/ response

Provenance headers

  • X-Source-URL — the upstream EU page
  • X-Disclaimer — the mirror notice
  • X-Data-Updated-At — last successful scrape

Prefer flat files?

Skip the API entirely and read the open dataset straight from Git — JSON, CSV and a full changelog.