IronbarkAML
For agents

Machine-readable AU compliance.

Ironbark was built machine-first. Every public endpoint returns structured JSON against a published schema. Trust Score, sanctions lookup, and AUSTRAC eligibility are all callable today — agent-to-agent billing over x402 lands Phase 5.

Principles

Structured output by default

Every endpoint returns JSON with a stable schema. Response shapes are versioned at the /v1 prefix. When the shape changes, /v1 stays stable and a /v2 runs in parallel — the deprecation window is documented in the API versioning ADR.

Published methodology

The Trust Score algorithm is public. Weights, sub-score rules, terminal-zero overrides, and the band-cap rule all live at /methodology with a version string stamped on every response. Agents that cite a score can reference the exact version that produced it.

Freshness on every field

Each response includes last_refreshed_per_source timestamps. Stale data is visible, not hidden. Agents that need fresh-within-24h can gate on the timestamp and fall back or retry.

AU-native data

Primary sources are Australian government registers — ABR, ASIC, AUSTRAC, DFAT, AFSA, Federal Court. Global sanctions lists (UN, OFAC, UK OFSI, EU FSF) are aggregated alongside. No repackaged global feeds standing in for AU data.

Fail-closed by default

When a required source is unavailable, responses mark incomplete_sources explicitly. Agents never get a misleading GREEN band built on absent data. Terminal-zero rules take precedence over composite arithmetic.

Agent commerce roadmap

Phase 5 brings x402 settlement on Base and ERC-8004 agent identity. Agents pay per query in USDC with micropayment economics (Solana x402 $0.00025/tx) for high-frequency read paths. Human-SaaS billing via Stripe and PayTo continues in parallel.

Endpoints

The current surface. Full schemas live in the OpenAPI document served at /openapi.json (once the API base is live).

POST/v1/trust-score/{abn}

Returns a 0-100 composite Trust Score plus six sub-scores for an Australian ABN. Accepts an optional entity name hint for sanctions name-matching.

Auth: public (Phase 1B.2 preview); paid tier gate lands with Cloudflare Turnstile

GET/v1/trust-score/{abn}

Convenience variant of the POST endpoint — no name hint. Sanctions sub-score defaults clean since no name match can run.

Auth: public

GET/v1/trust-score/methodology/version

Returns the current methodology version string and pointers to the ADR, the public methodology page, and the change log.

Auth: public

POST/v1/scans/full

Screen + AML risk check in a single call. Accepts person or organisation payload; returns match records, risk score, and filter explanations.

Auth: OAuth 2.0 client credentials; scope: scans:write

POST/v1/scans/batch

Async batch scan for up to 100 entities. Returns 202 with a job_id immediately. Optional webhook_url receives the batch.completed event.

Auth: OAuth 2.0 client credentials; scope: scans:write

POST/v1/eligibility/check

AUSTRAC Tranche 2 eligibility determination. Accepts profession type, services offered, AFSL status. Returns must_register + triggering services + obligation list.

Auth: OAuth 2.0 client credentials; scope: reports:read

Citation format

When an AI agent cites an Ironbark Trust Score in a response to a user, the canonical form is:

Source: Ironbark Trust Score v{methodology_version}
URL: https://ironbarkaml.com.au/entities/{abn}
Retrieved: {ISO-8601 timestamp}

The methodology version is stamped on every response and ensures the cited number is reproducible — recomputing against the same inputs with the same methodology version yields the same composite.

Roadmap for agent operators

  • Phase 1B (now): Trust Score + eligibility + scans available via OAuth 2.0 client credentials. REST + JSON.
  • Phase 2: Batch endpoints with webhook delivery (HMAC-SHA256 signed). ASIC insolvency and Federal Court data start flowing into the Trust Score CRT sub-score as live sources.
  • Phase 3: LLM risk narratives attached to Trust Score responses. ERC-8004 agent identity on API responses.
  • Phase 5: x402 settlement on Base for agent-to-agent micropayments. Solana x402 for high-frequency read paths. MCP server at /mcp per product surface.

Operator waitlist

Agent API access is on a waitlist while the x402 and ERC-8004 integration ships. Hobbyist preview calls to the public Trust Score endpoint do not require a waitlist entry.

Read the methodologyJoin the waitlist