Quick Start
Fetch any trader's public rating with a single GET request. No authentication required for public endpoints.
Rating Tiers
The DBN Rating is an ELO-inspired character rating tracking trading discipline, execution quality, and risk management — not just win rate. See the Rating methodology white paper for full details.
| Tier | Rating Range | Description |
|---|---|---|
| Unranked | < 1200 | Below starting threshold — behavioral regression detected |
| Novice | 1200 – 1399 | Starting level — learning fundamentals |
| Intermediate | 1400 – 1599 | Consistent execution emerging |
| Proficient | 1600 – 1799 | Unlocks minimal interface density |
| Advanced | 1800 – 1999 | Marketplace publish gate unlocked |
| Expert | 2000 – 2199 | Green verified badge on marketplace |
| Master | 2200+ | Gold verified badge — top-tier trader |
Endpoints
Returns a cryptographically signed rating payload for any trader. The signature can be independently verified, making this suitable for prop firm applications and third-party embedding.
Parameters
| Name | Type | Description |
|---|---|---|
| handle | string | Trader's public handle (URL path parameter) |
Authentication
None required. Unauthenticated requests are rate-limited to 60/min per IP. Provide an API key via the X-API-Key header for 1,000/min.
Example Request
Response
Signature format: ECDSA P-256 over the SHA-256 digest of the canonical JSON payload (all fields except signature, verifyUrl, and publicKeyUrl). Base64url-encoded.
Independently verifies a previously issued signed rating. Use this to confirm that a rating payload has not been tampered with and is still current.
Query Parameters
| Name | Type | Description |
|---|---|---|
| signature | string | The signature value from the original response (required) |
Example Request
Response
Freshness: fresh is true if the signature was issued within the last 24 hours. ratingCurrent is true if the signed rating still matches the trader's current rating.
Returns the full rating breakdown including behavioral scores, Lock calibration status, and per-component rating analysis. Only accessible with the trader's own JWT — you cannot view another trader's detail endpoint.
Authentication
Required. Pass a valid JWT in the Authorization: Bearer header. The JWT must belong to the handle being queried.
Example Request
Response
Error Responses
| Status | Code | Description |
|---|---|---|
| 401 | string | Missing or invalid JWT |
| 403 | string | JWT does not match the requested handle |
| 404 | string | Handle not found |
Authentication
The Rating API supports two authentication methods. Public endpoints work without auth but have lower rate limits.
API Keys
For applications that need higher throughput on public endpoints. Pass via the X-API-Key header.
Generate API keys from your Account Settings page. Keys are prefixed with dbn_rk_live_ (production) or dbn_rk_test_ (sandbox).
JWT Bearer Tokens
Required for the /detail endpoint. Obtain a JWT by signing in via the DBN auth flow.
Security: Never expose JWTs in client-side code or public repositories. JWTs expire after 1 hour. Use refresh tokens to obtain new access tokens.
Rate Limiting
| Auth Method | Limit | Window | Scope |
|---|---|---|---|
| No auth | 60 | per minute | Per IP address |
| API Key | 1,000 | per minute | Per key |
| JWT Bearer | 300 | per minute | Per user |
Rate limit status is returned in response headers:
Exceeding the limit returns 429 Too Many Requests with a Retry-After header in seconds.
Response Format
All responses are JSON with Content-Type: application/json. Successful responses return HTTP 200. Errors follow a consistent structure:
| Status | Meaning |
|---|---|
| 200 | Success |
| 400 | Bad request — missing or malformed parameters |
| 401 | Unauthorized — missing or invalid credentials |
| 403 | Forbidden — valid auth but insufficient permissions |
| 404 | Not found — handle does not exist |
| 429 | Rate limited — retry after the specified window |
| 500 | Internal server error |
Embeddable Widget
Display your verified rating on any website with a single script tag. The widget auto-verifies the signature on load and links back to your public profile.
Embed Code
Widget Options
| Attribute | Type | Description |
|---|---|---|
| data-handle | string | Your trader handle (required) |
| data-theme | string | dark or light (default: dark) |
| data-compact | boolean | Show rating number only, no tier badge |
| data-verify | boolean | Show green checkmark when signature is valid (default: true) |
Key Rotation
API keys can be rotated at any time from your Account Settings. When you rotate a key:
- A new key is generated immediately
- The old key remains valid for a 24-hour grace period
- After 24 hours, the old key returns
401 - You can have at most 3 active keys at any time
Best practice: Rotate keys on a regular schedule (e.g., quarterly). Store keys in environment variables, never in source code.
CORS & Browser Usage
The Rating API supports CORS for browser-based requests. All origins are allowed for the public /v1/rating/:handle and /verify endpoints. The /detail endpoint restricts origins to drivebynumbers.com.