Verify a domain or licence number
GET /v1/check
Public endpoint. Pass ?domain= or ?license_number=, not both.
Rate limit: 10 requests / IP / hour (unauthenticated). Authenticated callers skip the IP gate and use their plan quota.
Response: { query, match, alternatives, confidence }. See the
confidence-scoring guide at https://igregulator.io/docs/confidence for
match-type semantics.
Headers on every response: X-RateLimit-Limit, X-RateLimit-Remaining,
X-RateLimit-Reset, X-Upgrade-URL.
Parameters
Section titled “ Parameters ”Query Parameters
Section titled “Query Parameters ”Example
bet365.comExample
039028-R-319297-013Retrospective lookup. Reconstructs the matched licence’s status as it stood on this UTC date from transition history — e.g. “was this operator licensed at the time of a transaction three months ago”. match.status stays current; the historical value is returned under a top-level as_of object.
Example
2026-03-01Responses
Section titled “ Responses ”Lookup result (may indicate confidence: "none").
object
object
object
high = domain matched exactly in our registry. medium = domain root matched a trading name or operator name (we can identify the operator but not prove the domain is theirs). low = the domain root is a generic gambling term (casino.com, poker.com), so we refuse to name an operator.
Populated for domain_exact matches only. direct = licensee runs the domain; white_label = licensee authorises a third-party brand on the domain. null for fuzzy matches.
object
Mirror of match.confidence, or none when no match.
Present only when match is null. generic_term: the label is an ultra-generic gambling word (e.g. casino.com) we cannot map to one operator. no_record_found: a specific query we checked against every covered register and did not find. Lets a caller phrase the answer precisely instead of treating every miss as “unlicensed”.
Present only when match is null — the jurisdiction codes actually checked, so a “not licensed” claim stays scoped to our coverage. Example: [“AN”,“CW”,“KH”,“MGA”,“TGC”,“UKGC”].
Point-in-time status, present only when ?as_of= was supplied. Answers ONLY within the observation window: we never extrapolate a status before tracking_since (the first time we recorded the licence).
object
The resolved instant (UTC). Bare YYYY-MM-DD inputs resolve to end-of-day.
observed: the date is within our window, status is known. before_tracking: the date predates when we started watching — status is null, NOT a guess. no_such_license: we have no history for this licence. no_license_resolved: a fuzzy /v1/check match with no specific licence to time-travel.
Licence status as of the date, or null when not observed.
The history transition in effect at the date — when this status was last confirmed relative to the query.
object
Lower bound of our knowledge — when we first observed this licence.
Single-resource provenance envelope — answers “where did this come from and how fresh is it?” for one record.
object
ISO-8601 timestamp when iGregulator’s scraper last fetched this record.
ISO-8601 timestamp when the regulator updated the data on their register, not when our scraper fetched it. Always null today across every jurisdiction — our schema doesn’t persist per-record upstream modification time. Will populate for UKGC (the one regulator that exposes it via the ZIP’s last_updated field) once the scraper migration lands; remains null for MGA, CGA, KGC (no upstream timestamp).
URL of the source register page or dump. Null when not attributable to a single URL.
authoritative — direct from an official regulator dump (e.g. UKGC ZIP). scraped — parsed from regulator HTML/PDF (MGA, CGA, KGC). derived — computed match, not a direct lookup (fuzzy match on /v1/check, no direct source row).
{ "scraped_at": "2026-04-19T03:00:00Z", "source_modified_at": null, "source_url": "https://www.gamblingcommission.gov.uk/downloads/business-licence-data.zip", "confidence_hint": "authoritative"}{ "query": { "domain": "paddypower.com" }, "match": { "confidence": "medium", "match_type": "trading_name_fuzzy", "operator": "Power Leisure Bookmakers Limited", "operator_slug": "power-leisure-bookmakers-limited", "jurisdiction": "UKGC", "license_number": "039028-R-319297-013", "status": "active", "expires_at": null, "domain_association": null }, "alternatives": [ { "operator": "PPB Counterparty Services Limited", "operator_slug": "ppb-counterparty-services-limited", "matched_name": "paddy power", "similarity": 1 } ], "confidence": "medium", "_meta": { "scraped_at": "2026-04-19T16:42:10.000Z", "source_modified_at": null, "source_url": null, "confidence_hint": "derived" }}Invalid query / parameters.
object
Human-readable error summary.
HTTP-status-level class. Stable enum; branch on details.reason for finer control. Current values: invalid_query, invalid_slug, invalid_license_id, invalid_jurisdiction_code, invalid_pagination, not_found, auth_required, auth_invalid, auth_revoked, payment_required, quota_exceeded, rate_limited, server_error.
object
Machine-readable refinement of the top-level code. Stable vocabulary; branch on this in clients. Examples: invalid_input, missing_required_parameter, conflicting_parameters, operator_not_found, license_not_found, jurisdiction_not_found, route_not_found, api_key_missing, malformed_header, api_key_invalid, api_key_revoked, quota_exceeded, internal_error.
Present only when the error maps to a specific request input field (query param, path param, body key). Omitted for errors that aren’t field-scoped (e.g. rate_limited, auth_revoked).
Optional human-readable / agent-actionable hint describing how to resolve the error.
{ "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored."}{ "error": "API key has been revoked", "code": "auth_revoked", "details": { "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored." }}Rate limit reached. Public endpoints: 10 req / IP / hour. Authenticated: per plan tier. Retry after the window surfaced in X-RateLimit-Reset.
object
Human-readable error summary.
HTTP-status-level class. Stable enum; branch on details.reason for finer control. Current values: invalid_query, invalid_slug, invalid_license_id, invalid_jurisdiction_code, invalid_pagination, not_found, auth_required, auth_invalid, auth_revoked, payment_required, quota_exceeded, rate_limited, server_error.
object
Machine-readable refinement of the top-level code. Stable vocabulary; branch on this in clients. Examples: invalid_input, missing_required_parameter, conflicting_parameters, operator_not_found, license_not_found, jurisdiction_not_found, route_not_found, api_key_missing, malformed_header, api_key_invalid, api_key_revoked, quota_exceeded, internal_error.
Present only when the error maps to a specific request input field (query param, path param, body key). Omitted for errors that aren’t field-scoped (e.g. rate_limited, auth_revoked).
Optional human-readable / agent-actionable hint describing how to resolve the error.
{ "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored."}{ "error": "API key has been revoked", "code": "auth_revoked", "details": { "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored." }}Headers
Section titled “Headers ”Unix epoch seconds.
Unexpected server error.
object
Human-readable error summary.
HTTP-status-level class. Stable enum; branch on details.reason for finer control. Current values: invalid_query, invalid_slug, invalid_license_id, invalid_jurisdiction_code, invalid_pagination, not_found, auth_required, auth_invalid, auth_revoked, payment_required, quota_exceeded, rate_limited, server_error.
object
Machine-readable refinement of the top-level code. Stable vocabulary; branch on this in clients. Examples: invalid_input, missing_required_parameter, conflicting_parameters, operator_not_found, license_not_found, jurisdiction_not_found, route_not_found, api_key_missing, malformed_header, api_key_invalid, api_key_revoked, quota_exceeded, internal_error.
Present only when the error maps to a specific request input field (query param, path param, body key). Omitted for errors that aren’t field-scoped (e.g. rate_limited, auth_revoked).
Optional human-readable / agent-actionable hint describing how to resolve the error.
{ "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored."}{ "error": "API key has been revoked", "code": "auth_revoked", "details": { "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored." }}