API & data service-level commitments
This page sets expectations for the public endpoints SupplierSpy exposes. Published commitment — not a signed contract — so that operators depending on SupplierSpy data know what to count on.
Endpoints covered
/api/leaderboard— ranked JSON of all 16 suppliers with scores per dimension./api/supplier/:slug— JSON for one supplier./api/latest— the most recent signed snapshot./api/leaderboard.csv— spreadsheet-friendly CSV export./dataset.jsonl— JSONL dataset, one supplier per line./feed.xml— Atom 1.0 site-activity feed./alerts/feed.xml— Atom 1.0 alerts feed (score / rank movements).
Uptime target
Baseline inherited from our hosting provider's published SLA. Measured at our edge; brief regional provider incidents are counted against this target. If you observe sustained downtime, email hello@supplierspy.com and we will investigate.
Data freshness target
The refresh pipeline runs every 6 hours. Supplier review signals (Trustpilot, Shopify App Store, Capterra) and stock quotes are re-scraped on that cadence. Hand-curated fact rows are reviewed when flagged via /dispute/:slug or /corrections.
Rate limits
No application-level rate limits today. Our hosting provider's edge may return 429 Too Many Requests on egregious traffic (e.g. sustained multi-thousand requests per second from one IP). Metered request tiers for API licensees are on the 2026 Q3 roadmap and are disclosed as a roadmap item on /sponsorship-policy. If you need to pre-clear a high-volume IP range for scheduled dataset pulls, email hello@supplierspy.com with your source IP range and expected request rate — we'll almost certainly just say yes.
For lower-volume bulk use, prefer /dataset.jsonl (single file, fetched once) over looping /api/supplier/:slug 16 times.
Support
Best-effort via hello@supplierspy.com. No paid support tier is active yet. Response windows (all times are calendar days, not business days — the clock does not pause for weekends or holidays):
- Factual corrections: acknowledged within 48h, published to /corrections within 14 calendar days if upheld.
- Dispute outcomes: decision published within 14 calendar days — see
/dispute/:slug. - API questions: acknowledged within 48h, answered as quickly as bandwidth allows.
- Press: press@supplierspy.com — reply target 24h on business days.
- Security reports: see /security — acknowledged within 48h, triaged within 7 calendar days, high-severity fixes within 30 calendar days.
- GDPR / data-rights requests: replied to within 30 calendar days (GDPR Art. 12 window).
Failure modes
If the live site is down and the endpoints are unreachable, the signed-snapshot archive is the canonical source of truth. Every snapshot is published at /snapshots/<date>.json with a companion signature file.
Each snapshot is also content-addressed; the IPFS CIDs are recorded in /snapshots and can be fetched via any public IPFS gateway if supplierspy.com itself is unreachable. Signatures verify against the published public key at /.well-known/jwks.json.
What this page isn't
See also
/api/docs · /monitor · /reproducibility · /snapshots · /trust.