Changelog
Notable changes to the BizVerify API. For the machine-readable API schema, see the OpenAPI spec.
2026-06-16
Section titled “2026-06-16”- Agent-discovery metadata so the API is self-describing for AI agents and tooling. New read-only endpoints: an MCP Server Card at
/.well-known/mcp/server-card.json, an A2A Agent Card at/.well-known/agent-card.json, an RFC 9727 API Catalog at/.well-known/api-catalog, and an Agent Skills index at/.well-known/agent-skills/index.json(with per-skillSKILL.mddocuments). The API root (GET /) now advertises these via RFC 8288Linkheaders and serves a Markdown overview to clients that sendAccept: text/markdown. These additions are purely discovery metadata — existing endpoints, request/response shapes, and authentication are unchanged, and SDKs need no update.
2026-06-15
Section titled “2026-06-15”POST /v1/verifyfor Kentucky (us-ky) at thedeeplevel could return the details of an unrelated business; it now consistently returns the correct entity. As part of this fix, thejurisdiction_idreturned for Kentucky entities is now a stable, unique per-record identifier — so a Kentuckyjurisdiction_id(and its corresponding cachedentity_id) may differ from a value stored previously.quickverification andPOST /v1/searchwere unaffected. No response shape or field changes; SDKs need no update.POST /v1/verifyfor Florida (us-fl) at thedeeplevel could fail withENTITY_NOT_FOUNDeven when the business existed and matched; deep verification now reliably retrieves the full record for a matched Florida entity. No response shape or field changes.- Massachusetts (
us-ma): when the current official record is temporarily unavailable,POST /v1/searchandPOST /v1/verifynow return503 DATA_SOURCE_UNAVAILABLEand are not charged, instead of returning an empty (but billed) result. Genuine no-match searches still return an empty result set as before.
2026-06-14
Section titled “2026-06-14”Changed
Section titled “Changed”POST /v1/verify: when a jurisdiction’s data source can’t complete a synchronous lookup, the API now returns a precise status —503 DATA_SOURCE_UNAVAILABLEor504 DATA_SOURCE_TIMEOUT— or falls back to an asynchronous verification job, instead of a generic500. Asynchronous job results (check_job_status) and theverification.failedwebhook now carry a matching category in theirerrormessage, so a temporary-outage failure is distinguishable from a timeout. No request shape or field changes; existing success responses are unaffected.
2026-06-13
Section titled “2026-06-13”Changed
Section titled “Changed”GET /v1/entity/:idnow returns the full business record directly at the top level — includingregistered_agent(an object with its address),officers,principal_address, andfiling_history_summary— instead of a nested wrapper, and addslast_verified_atplus asnapshotscount (retrieve the snapshots themselves viaGET /v1/entity/:id/history). This aligns the cached-entity response with the verification response shape. Breaking change for any client that read the previous nested structure. The official Node, Python, and Go SDKs are updated to match.- Renamed two response timestamp fields for clearer, consistent naming.
GET /v1/entity/:idnow returnslast_verified_at(when the entity was last refreshed against the official record), and each snapshot fromGET /v1/entity/:id/historynow returnsverified_at. This is a breaking change for any client that read the previous field names.
2026-06-12
Section titled “2026-06-12”force_refreshonPOST /v1/verifyis now applied only todeepverifications, as documented. Onquickverifications (including adeeprequest that falls back toquickwhere deep is unavailable) the flag is ignored, so a recent stored result may be returned. Quick verifications remain 1 credit.
2026-06-11
Section titled “2026-06-11”Changed
Section titled “Changed”webhook_urlonPOST /v1/verifymust now resolve to a publicly reachable address. URLs pointing to private or reserved networks are rejected with a400 VALIDATION_ERROR, and the same check is applied again before each webhook delivery.POST /v1/verifynow handles the optionalIdempotency-Keyheader safely under concurrency. A retry carrying the same key still replays the original response without charging again, but a second request sent while the first is still being processed now returns409 IDEMPOTENCY_CONFLICTinstead of being processed (and charged) twice — retry once the first request completes. The header is documented in the OpenAPI schema and limited to 128 characters; longer values are rejected with400 VALIDATION_ERROR.
2026-06-03
Section titled “2026-06-03”Changed
Section titled “Changed”- MCP tool descriptions now state each tool’s credit cost, authentication requirements, and usage guidance — improves tool selection for AI agents.
2026-06-01
Section titled “2026-06-01”- Three new verified jurisdictions: Massachusetts (
us-ma), Wisconsin (us-wi), and Alabama (us-al)
Removed
Section titled “Removed”- Colorado (
us-co) and Wyoming (us-wy) are temporarily unavailable while we work to restore coverage. 19 active jurisdictions total.
2026-05-24
Section titled “2026-05-24”- Root discovery endpoint —
GET /returns a JSON entry point linking to the docs, API reference, OpenAPI spec, MCP endpoint, and health check GET /.well-known/security.txt(RFC 9116) for security researchers
2026-05-05
Section titled “2026-05-05”Changed
Section titled “Changed”POST /v1/searchnow charges credits only for jurisdictions that completed successfully — failed jurisdictions are refunded and listed in the newjurisdictions_failedresponse field.
- Async verification jobs that fail now correctly deliver the
verification.failedwebhook (previously sentverification.completedwith empty data) and auto-refund credits. GET /v1/verify/status/:jobIdnow returns the same response shape as the syncPOST /v1/verifyendpoint and includesentityIdon completed jobs.POST /v1/verifyandPOST /v1/searchreject invalid jurisdictions before charging credits — users with low balances see the validation error rather thanINSUFFICIENT_CREDITS.
Security
Section titled “Security”- OAuth tokens now require the appropriate scope on REST account and billing routes (previously enforced only for MCP):
account:read—GET /v1/account,GET /v1/account/usage,GET /v1/account/data-exportaccount:write—PATCH /v1/account,PUT /v1/account/password,DELETE /v1/account,POST /v1/account/keys,DELETE /v1/account/keys/:keyIdbilling—GET /v1/billing,POST /v1/billing/purchase
- API key auth continues to grant all scopes.
2026-04-18
Section titled “2026-04-18”- California (
us-ca), Nevada (us-nv), New York (us-ny), and Wyoming (us-wy) now verified — 18 active jurisdictions total
2026-04-06
Section titled “2026-04-06”- LLM tool definitions served at
GET /tools/openai.jsonandGET /tools/anthropic.json— auto-generated from MCP schemas bizverify-agentsPython package — LangChain and CrewAI tool wrappers with built-in executionn8n-nodes-bizverify— n8n community node with 9 operations- AI Agents guide — integration docs for all supported platforms
2026-04-02
Section titled “2026-04-02”- Documentation site launched at docs.bizverify.co
- Node.js SDK (
@bizverify/sdk) and Python SDK (bizverify) published
2026-03-28
Section titled “2026-03-28”- MCP server at
POST /mcp— connect BizVerify to Claude, Cursor, VS Code, and other AI tools - OAuth 2.1 + PKCE authentication for MCP clients
- Dynamic Client Registration (RFC 7591)
2026-03-20
Section titled “2026-03-20”- Agent-first API refactor — unified passwordless auth flow (
/v1/auth/request-access,/v1/auth/verify-access) - Standardized error responses with
code,message,details,suggestion - Credit headers (
X-Credits-Remaining,X-Credits-Charged) on all authenticated responses - GDPR data export endpoint (
GET /v1/account/data-export)
Changed
Section titled “Changed”- API docs moved from
/docsto/reference
2026-03-10
Section titled “2026-03-10”- Prometheus metrics endpoint for monitoring
- Audit log for admin actions
- Automated alerting when a jurisdiction’s availability changes
- Better Stack log shipping
2026-03-01
Section titled “2026-03-01”- Admin dashboard at
/internal/dashboard/ - User management (search, credit adjustment, disable/enable)
- Job management (list, retry, refund)
2026-02-28
Section titled “2026-02-28”- Webhook callbacks — receive notifications when jobs complete, fail, or are refunded
- Search pagination (
limit/offsetonPOST /v1/search) - Account management — email update, password change, account deletion (GDPR)
- Jurisdiction gating — non-active jurisdictions rejected before credit deduction
2026-02-15
Section titled “2026-02-15”- Email verification and password reset flows
- OpenAPI 3.1 spec generation with Scalar interactive docs
- CORS configuration
- Auto-refund on job failure
- CI/CD pipeline
2026-02-01
Section titled “2026-02-01”- Initial API launch with 14 verified jurisdictions
- Credit-based billing with Stripe checkout
- Verification coverage across 50 US states and 11 international jurisdictions
- Sentry error monitoring