Flat JSON, one endpoint per use case. Base URL https://www.thesubspace.io/api/v1
The Subspace API runs deterministic checks per domain against 36 public sources. Every response is a flat JSON object you can map directly to columns in Clay, Airtable, or your CRM. No nested arrays to flatten, no score magic numbers you can't back out.
You can authenticate, query /v1/enrich?domain=stripe.com, and have usable data in 30 seconds. The rest of this reference covers the surface area.
Authenticate by passing your API key in the x-api-key header. All endpoints support CORS for browser-based requests.
curl "https://www.thesubspace.io/api/v1/enrich?domain=stripe.com" \ -H "x-api-key: YOUR_API_KEY"
Rate limits are per-IP and reset every minute. Every response includes x-ratelimit-remaining. Cached responses do not count against your monthly allotment.
| Plan | RPM | Monthly calls |
|---|---|---|
| Open Access | 60 | Unlimited |
Flat enrichment endpoint optimized for Clay and other enrichment platforms. Returns cost-center tiers, boolean feature flags, and per-signal evidence as top-level fields for direct column mapping — no nested objects.
If the domain is not in the database, it is automatically processed on-demand (first request may take 10–15 seconds).
/api/v1/enrichOpen Accesscurl "https://www.thesubspace.io/api/v1/enrich?domain=stripe.com" \ -H "x-api-key: YOUR_API_KEY"
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Yes | Company domain (e.g. stripe.com). Accepts full URLs. |
include | string | No | Set to jobs to attach the company's job listings (title, location, URL). Adds jobs array, pagination metadata (jobs_returned, jobs_total, jobs_has_more, jobs_next_offset), and jobs_confidence + jobs_source. Costs 2 credits for verified ATS sources. |
jobs_limit | integer | No | Page size when include=jobs. Default 50, max 500. |
jobs_offset | integer | No | Page offset when include=jobs. Default 0. Pass jobs_next_offset from the prior response to walk pages. |
jobs_seen_after | string | No | ISO timestamp; only return jobs Subspace first observed at or after this time. Filters on first_seen_at — monotonic and never null, unlike upstream posted_at. Use for incremental syncs (e.g. n8n recurring polls). |
career_url | string | No | Override career page URL when using include=jobs. |
Walk all listings for a company, then poll for new ones:
# page 1 /api/v1/enrich?domain=stripe.com&include=jobs&jobs_limit=50 # follow jobs_next_offset until jobs_has_more is false /api/v1/enrich?domain=stripe.com&include=jobs&jobs_limit=50&jobs_offset=50 # next sync — only what's new since your last poll /api/v1/enrich?domain=stripe.com&include=jobs&jobs_seen_after=2026-04-30T00:00:00Z
Example response for stripe.com. Field list may extend over time in additive fashion — existing field names and types are stable.
{
"domain": "stripe.com",
"company_name": "Stripe",
"operating_status": "active",
"ats_provider": "greenhouse",
"company_size": "enterprise",
"company_location": "us",
"company_type": "saas_product",
"hiring_actively": true,
"total_jobs": 285,
"fresh_jobs_30d": 241,
"ghost_job_rate": 12,
"confidence": "high",
"job_quality": "excellent",
"job_board_growing": true,
"salary_transparent": true,
"it_infrastructure_tier": "Enterprise",
"it_infrastructure_budget": "Active",
"engineering_product_tier": "Enterprise",
"sales_marketing_tier": "Growth",
"hr_hiring_tier": "Growth",
"legal_compliance_tier": "Enterprise",
"finance_revops_tier": "Growth",
"telecom_remote_tier": "Growth",
"corporate_dev_tier": "Growth",
"cdn_enterprise": true,
"waf_active": true,
"security_posture_mature": true,
"dmarc_enforcing": true,
"email_security_gateway": true,
"has_changelog": true,
"shipping_actively": true,
"has_status_page": true,
"is_spending_on_ads": true,
"ad_spend_heavy": true,
"international_presence": true,
"has_trust_center": true,
"has_soc2": true,
"has_compliance_program": true,
"h1b_filer": true,
"billing_model": "saas_payments",
"has_enterprise_sso": true,
"has_enterprise_uc": true,
"possible_acquisition": false,
"recent_funding": true,
"sec_public_filer": false,
"github_active": true,
"saas_stack_premium": true,
"credits_consumed": 1
}GET /api/v1/companies — filter + paginate across all tracked companies. Backs index and rollup views. Cursor-paginated; pass meta.next_cursor from the prior response to fetch the next page.
/api/v1/companies?verdict=actively_hiring&min_jobs=20&order_by=last_activity_at&order_dir=desc&limit=50
Filters: sector, verdict, min_jobs, max_jobs, has_hiring. Order by total_jobs, ghost_index, or last_activity_at.
GET /api/v1/search?q=… — full-text search across companies and job listings. Use type=companies, type=jobs, or type=both (default).
/api/v1/search?q=platform%20engineer&type=jobs&limit=25
GET /api/v1/companies/{domain}/trace — the complete trace payload in one call: cost centers, every signal with its confidence envelope, coverage summary, hiring rollup, and the aggregate confidence_summary (High/Medium/Low counts). A consumer can build their own trace UI from this single endpoint — no direct DB access required.
/api/v1/companies/stripe.com/trace
Reads the most recent stored trace. To refresh, POST /api/trace and poll the returned job id.
Every signal we emit carries an evidence-strength envelope — the audit trail that makes each observation independently verifiable. Three tiers: High, Medium, Low. Rendering one of these next to a claim is what separates our output from black-box competitors. See docs/ARCHITECTURE-CONFIDENCE-LAYER.md.
{
"id": "analytics-cdn-unobservable",
"name": "Analytics stack not observable from the CDN edge",
"sentiment": "neutral",
"confidence": {
"tier": "high",
"reasons": [
"direct_http_200",
"multi_path_consistent",
"fresh_<6h"
],
"sourceUrls": [
"https://www.example.com/",
"https://app.example.com/",
"https://docs.example.com/"
],
"collectionMethod": "direct_http",
"observedAt": "2026-04-23T14:22:10Z"
}
}Tiers are defensible; decimals aren't — we never expose a numeric 0-1 score externally. Reason codes are machine-readable and never encode sentiment. They describe how sure we are, not whether the finding is good or bad news.
Every company is analyzed across 8 cost centers that map to corporate P&L line items. Each center is derived from publicly observable digital infrastructure — DNS, HTTP headers, HTML, and job data — and surfaced as a categorical tier (Enterprise / Growth / Startup / Inactive) plus the raw signals that drove it. Evidence confidence lives on the individual signals, not on the aggregate.
it_infrastructureIT & InfrastructureCDN, WAF, email security, MX records, SaaS packages
engineering_productEngineering & ProductCSP headers, changelogs, subdomains, SSO, schema.org
sales_marketingSales & MarketingAd pixels, hreflang, tag manager, redirects
hr_hiringHR & HiringJob board activity, ATS provider, ghost job rate, posting velocity
legal_complianceLegal & ComplianceTrust center, H-1B filings, WARN Act, vendor wallet
finance_revopsFinance & RevOpsBilling/payment vendor detection from CSP + HTML
telecom_remoteTelecom & Remote WorkDNS SRV records for enterprise UC providers
corporate_devCorporate DevelopmentM&A detection via MX/NS parent matching
All 105 fields returned by the /enrich endpoint. Boolean fields are ideal for Clay filters and outreach personalization.
| Field | Type | Description |
|---|---|---|
| domain | string | Normalized company domain (e.g. stripe.com). |
| company_name | string | Company display name resolved from DNS, career page, or enrichment. |
| operating_status | string | active, slow, or inactive — derived from job posting recency and infrastructure signals. |
| ats_provider | string | Detected ATS platform (greenhouse, lever, workday, icims, etc.). Null if no ATS found. |
| Field | Type | Description |
|---|---|---|
| company_size | string | enterprise, mid, small, or micro — inferred from infrastructure footprint, job count, and vendor stack. |
| company_location | string | us, international, or unknown — based on hreflang tags, H-1B filings, and domain TLD. |
| company_type | string | saas_product, services, or unknown — inferred from billing infra, app store presence, and CSP vendors. |
| Field | Type | Description |
|---|---|---|
| hiring_actively | boolean | True if 5+ jobs and activity within the last 30 days. |
| total_jobs | integer | Total number of active job listings currently tracked. |
| fresh_jobs_30d | integer | Jobs posted or updated in the last 30 days. High ratio to total_jobs = genuine hiring. |
| ghost_job_rate | integer | 0-100 ghost-job rate for hiring listings only. Lower = fewer ghost jobs. Based on posting age, repost patterns, and description staleness. Not a composite company score. |
| confidence | string | high, moderate, or low — reflects data coverage depth (number of signals detected). |
| job_quality | string | excellent, good, poor, or critical — based on description quality, salary transparency, and role specificity. |
| job_board_growing | boolean | True if job listing count is increasing month-over-month. Signals headcount expansion. |
| job_board_shrinking | boolean | True if job listing count is declining. Early warning for hiring slowdown. |
| repost_rate_elevated | boolean | True if jobs are being reposted frequently — may indicate difficulty filling roles or ghost listings. |
| ghost_score_rising | boolean | True if ghost job rate is trending upward. Temporal signal from snapshot comparisons. |
| descriptions_going_dark | boolean | True if job descriptions are being removed or shortened — signals reduced hiring investment. |
| salary_transparent | boolean | True if salary ranges are included in job postings. Indicates compensation transparency. |
| hr_legal_hiring_spike | boolean | True if HR/legal role postings spike vs. other departments — early restructuring signal. |
| Field | Type | Description |
|---|---|---|
| cdn_enterprise | boolean | Enterprise CDN detected (Cloudflare Enterprise, Fastly, Akamai). Indicates significant IT spend. |
| cdn_detected | boolean | Any CDN detected including modern/commodity tiers (Cloudflare Free, Vercel, Netlify). |
| waf_active | boolean | Web Application Firewall actively protecting the site. Enterprise security investment. |
| waf_removed | boolean | WAF was previously detected but is now gone — potential cost-cutting signal. |
| ttfb_fast | boolean | Time to First Byte under 200ms. Indicates optimized infrastructure. |
| ttfb_slow | boolean | TTFB over 800ms. May indicate under-invested infrastructure. |
| ttfb_degrading | boolean | TTFB has worsened compared to previous checks. Infrastructure degradation signal. |
| hsts_active | boolean | HTTP Strict Transport Security header present. Security best practice. |
| security_posture_mature | boolean | Multiple security headers present (HSTS, CSP, X-Frame-Options). Mature security team. |
| Field | Type | Description |
|---|---|---|
| dmarc_enforcing | boolean | DMARC policy set to reject or quarantine. Full email authentication enforced. |
| dmarc_quarantine | boolean | DMARC in quarantine mode — partially enforced, not yet fully locked down. |
| email_provider_enterprise | boolean | Enterprise email platform detected (Google Workspace, Microsoft 365 with gateway). |
| email_security_gateway | boolean | Dedicated email security gateway (Proofpoint, Mimecast, Barracuda). Enterprise-grade. |
| has_mx_records | boolean | MX records present. False may indicate parked domain or pre-launch company. |
| Field | Type | Description |
|---|---|---|
| has_changelog | boolean | Changelog or release notes page detected. Indicates active product development. |
| shipping_actively | boolean | Changelog has recent entries — team is actively shipping product updates. |
| shipping_stalled | boolean | Changelog exists but hasn't been updated recently. Development may have slowed. |
| subdomain_footprint | string | rich, moderate, minimal, or bare — number of active subdomains indicates engineering complexity. |
| has_status_page | boolean | Public status page detected (Statuspage, Instatus). Signals operational maturity. |
| has_sso_infra | boolean | SSO infrastructure detected via .well-known or DNS. Enterprise identity management. |
| app_store_presence | boolean | Mobile app recently updated in App Store or Google Play. |
| app_abandoned | boolean | Mobile app exists but hasn't been updated in 12+ months. |
| npm_high_velocity | boolean | npm packages published at high velocity — active open-source or SDK investment. |
| Field | Type | Description |
|---|---|---|
| is_spending_on_ads | boolean | Google, Meta, or LinkedIn ad pixels detected. Active paid acquisition. |
| ad_spend_heavy | boolean | Multiple ad networks or heavy tracking infrastructure. Significant marketing budget. |
| has_tag_manager | boolean | Google Tag Manager or equivalent detected. Organized marketing ops. |
| has_tracking_pixels | boolean | Conversion tracking pixels active (Facebook Pixel, LinkedIn Insight, etc.). |
| first_party_tracking | boolean | Self-hosted analytics (Plausible, Matomo) instead of third-party. Privacy-conscious. |
| international_presence | boolean | Hreflang tags indicate multi-language or multi-region website. Global market presence. |
| hreflang_markets | string | global, eu, apac, moderate, or null — geographic expansion pattern from hreflang tags. |
| website_stable | boolean | No major redirect changes detected. Stable website structure. |
| redirect_cascade_high | boolean | Major URL restructuring detected. Could indicate rebrand, pivot, or site overhaul. |
| Field | Type | Description |
|---|---|---|
| has_trust_center | boolean | Trust center or security page detected. Signals enterprise sales readiness. |
| has_soc2 | boolean | SOC 2 certification mentioned on trust center or security page. |
| has_hipaa | boolean | HIPAA compliance mentioned. Relevant for healthcare-adjacent companies. |
| has_compliance_program | boolean | Any compliance framework detected (SOC 2, HIPAA, ISO 27001). Enterprise buyer signal. |
| legal_docs_recent | boolean | Terms of service or privacy policy recently updated. Active legal team. |
| vendor_spend_verified | boolean | Third-party vendor spend detected via CSP headers or HTML includes. |
| h1b_filer | boolean | Active H-1B visa sponsor based on DOL LCA filings. Indicates US hiring activity. |
| h1b_declining | boolean | H-1B filing volume declining year-over-year. Possible US hiring contraction. |
| warn_notices | string | critical (active WARN filing), historical (past filing), clear (filed but still hiring), or none. |
| Field | Type | Description |
|---|---|---|
| billing_model | string | enterprise_billing (Zuora/Adyen), saas_payments (Stripe/Paddle), checkout_detected, proprietary, or none_detected. |
| has_pricing_page | boolean | Dynamic pricing page with checkout or payment JavaScript detected. |
| has_banking_api | boolean | Direct banking API integration detected (Plaid, MX, Yodlee). FinTech signal. |
| Field | Type | Description |
|---|---|---|
| has_enterprise_sso | boolean | OpenID Connect or SAML SSO configured (Okta, Azure AD, OneLogin). Enterprise identity. |
| has_enterprise_uc | boolean | Enterprise unified communications detected via DNS SRV (Teams, Zoom Phone, RingCentral). |
| has_conferencing | boolean | Vanity conferencing URL detected (e.g. company.zoom.us). Remote-first indicator. |
| Field | Type | Description |
|---|---|---|
| possible_acquisition | boolean | MX/NS records point to a parent company, or M&A news detected via enrichment. |
| infrastructure_independent | boolean | Company runs its own DNS, email, and CDN — no parent company infrastructure detected. |
| defensive_domains_active | boolean | Defensive domain registrations detected (typo-squatting protection). Brand investment. |
| Field | Type | Description |
|---|---|---|
| recent_funding | boolean | Funding round detected via SEC Form D, Crunchbase, or news sources. |
| sec_public_filer | boolean | Company files with the SEC — publicly traded or reporting entity. |
| github_active | boolean | Active GitHub organization with recent commits. Open-source or developer-focused. |
| gov_contractor | boolean | Government contract detected via USASpending or SAM.gov. Public sector revenue. |
| hiring_freeze_reported | boolean | Hiring freeze mentioned in news or press releases. Enrichment-sourced signal. |
| shutdown_reported | boolean | Company shutdown or wind-down reported in news sources. |
| restructuring_reported | boolean | Restructuring or layoffs reported in news, SEC filings, or WARN notices. |
| Field | Type | Description |
|---|---|---|
| saas_stack_premium | boolean | Premium SaaS tools detected (Salesforce, HubSpot Enterprise, Datadog). High vendor spend. |
| enterprise_sales_tooling | boolean | Sales tooling detected in CSP headers (Gong, Outreach, Salesloft). B2B sales motion. |
| apple_pay_merchant | boolean | Apple Pay merchant verified via .well-known/apple-developer-merchantid-domain-association. |
| mobile_deep_linking | boolean | App deep linking configured (apple-app-site-association or assetlinks.json). |
| has_security_txt | boolean | Security.txt file present. Indicates mature security disclosure process. |
| Field | Type | Description |
|---|---|---|
| {cost_center}_tier | string | Enterprise, Growth, Startup, or Inactive — categorical bucket for each of the 8 cost centers (e.g. it_infrastructure_tier). Derived from signal sentiment across the center. |
| {cost_center}_budget | string | Active, Moderate, Low, or Frozen — categorical budget_status for each cost center. |
| Field | Type | Description |
|---|---|---|
| jobs | array | Array of job objects, each with title, location, and url. Page size controlled by jobs_limit (default 50, max 500). Only present when include=jobs. |
| jobs_returned | integer | Count of jobs in this page (0 to jobs_limit). |
| jobs_total | integer | Total jobs in our DB for this company across all pages (post jobs_posted_after filter). |
| jobs_offset | integer | Echo of the jobs_offset query param used for this page. |
| jobs_limit | integer | Echo of the jobs_limit query param used for this page (after clamping to [1, 500]). |
| jobs_has_more | boolean | True if more pages remain after this one. |
| jobs_next_offset | integer | Offset to pass on the next call. null when there are no more pages. |
| jobs_confidence | string | high (verified ATS API), medium (HTML scrape), or low (no data). Reflects how the jobs were sourced. |
| jobs_source | string | ats_api (direct ATS feed), html_scrape (career page parsed), db_cache (previously scraped), or none. |
| Field | Type | Description |
|---|---|---|
| credits_consumed | integer | Number of API credits consumed. 1 for standard calls, 2 when include=jobs with verified ATS. |
| Field | Type | Description |
|---|---|---|
| signals_confidence | array | Array of signals with embedded confidence envelopes. One entry per emitted signal — even ones that didn't flip a boolean field above. |
| confidence.tier | string | high | medium | low. High = direct probe + multi-path + fresh. Medium = single-source or indirect. Low = aggregator-only, heuristic, WAF-blocked, or stale >72h. |
| confidence.reasons | array | Machine-readable reason codes. Never encode sentiment — describe our certainty in the data, not whether the data is good/bad news. Examples: direct_http_200, multi_path_consistent, fresh_<6h, aggregator_only. |
| confidence.sourceUrls | array | Clickable URLs to re-verify the claim. Empty when n/a (e.g., DNS lookups). |
| confidence.collectionMethod | string | direct_http | dns | certificate | third_party_api | aggregator | manual | heuristic. |
| confidence.observedAt | string | ISO 8601 timestamp of when the observation was captured. Drives freshness reasons. |
| confidence_summary.high | integer | Count of signals at High confidence. |
| confidence_summary.medium | integer | Count at Medium. |
| confidence_summary.low | integer | Count at Low. |
| confidence_summary.not_yet_classified | integer | Signals written before the confidence layer shipped. Will become 0 after the next re-crawl of each domain. |
| confidence_summary.total | integer | Total signals on this response. |
Rate limit: 60 requests per minute per IP address. All error responses follow the same shape:
{ "error": "Description of what went wrong" }| Status | Code | Description |
|---|---|---|
| 400 | missing_param | Missing or invalid domain parameter. |
| 401 | unauthorized | Invalid or missing API key. |
| 404 | not_found | Domain not in dataset (enrich endpoint auto-processes unknown domains). |
| 422 | unprocessable | Domain could not be processed (parked, unreachable). |
| 429 | rate_limited | Rate limit exceeded (60 requests/minute per IP). |
| 500 | server_error | Internal error. Retry with exponential backoff. |
Open access enabled. Works with Clay, Make, Zapier, or any HTTP client.