Service level

API & data service-level commitments

This page sets expectations for the public endpoints SupplierSpy exposes. Published commitment — not a signed contract — so that operators depending on SupplierSpy data know what to count on.

Last updated: 2026-04-17

Endpoints covered

/api/leaderboard — ranked JSON of all 17 suppliers with scores per dimension.
/api/supplier/:slug — JSON for one supplier.
/api/latest — the most recent signed snapshot.
/api/leaderboard.csv — spreadsheet-friendly CSV export.
/dataset.jsonl — JSONL dataset, one supplier per line.
/feed.xml — Atom 1.0 site-activity feed.
/alerts/feed.xml — Atom 1.0 alerts feed (score / rank movements).

Uptime target

99.9%

monthly availability

< 45 min

maximum monthly downtime at target

Baseline inherited from the Cloudflare Workers SLA. Measured at our edge; brief regional Cloudflare incidents are counted against this target. If you observe sustained downtime, email hello@supplierspy.com and we will investigate.

Data freshness target

< 6h

snapshot delta for 95% of queries

< 24h

snapshot delta for 99.9% of queries

The refresh pipeline runs every 6 hours. Supplier review signals (Trustpilot, Shopify App Store, Capterra) and stock quotes are re-scraped on that cadence. Hand-curated fact rows are reviewed when flagged via /dispute/<slug> or /corrections.

Rate limits

No application-level rate limits. Cloudflare's edge may return 429 Too Many Requests on egregious traffic (e.g. sustained multi-thousand requests per second from one IP). If you need to pre-clear a high-volume IP range for scheduled dataset pulls, email hello@supplierspy.com with your source IP range and expected request rate — we'll almost certainly just say yes.

For lower-volume bulk use, prefer /dataset.jsonl (single file, fetched once) over looping /api/supplier/:slug 17 times.

Support

Best-effort via hello@supplierspy.com. No paid support tier exists yet. Response windows:

Factual corrections: acknowledged within 48h, published to /corrections within 14 days if upheld.
API questions: acknowledged within 48h, answered as quickly as bandwidth allows.
Security reports: see /security — acknowledged within 48h, high-severity fixes within 30 days.

Failure modes

If the Worker is down and the live endpoints are unreachable, the signed-snapshot archive is the canonical source of truth. Every snapshot is published at /snapshots/<date>.json with a companion signature file.

Each snapshot is also content-addressed; the IPFS CIDs are recorded in /snapshots and can be fetched via any public IPFS gateway if supplierspy.com itself is unreachable. Signatures verify against the published public key at /.well-known/jwks.json.

What this page isn't

This is not a legally binding SLA. It is a published commitment — a pragmatic description of what we aim to deliver, documented so procurement teams have a number to reference. A formal SLA, with service credits and remedies, is available on API-tier contracts (roadmap). Until that exists, treat the numbers on this page as operational targets we work to hold ourselves to.