Informational only. Not medical advice.INFORMATIONAL PLATFORM ONLY — NOT MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT
Informational only. Not medical advice.INFORMATIONAL PLATFORM ONLY — NOT MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT
Every request to a /api/v1/* data endpoint requires an API key. Create one from your account, then send it as a Bearer token:
Disclosed Labscurl https://disclosedlabs.com/api/v1/vendors \
-H "Authorization: Bearer dlk_your_key_here"
Keys start with dlk_. We store only a SHA-256 hash — the plaintext is shown once at creation, so save it. Lost a key? Revoke it and mint a new one. The /meta and /openapi.json endpoints are open (no key) for discovery.
The API is free in exchange for a visible dofollow link to disclosedlabs.com on any page or app that surfaces our data. A dofollow link is a normal <a href="https://disclosedlabs.com"> — not marked rel="nofollow", sponsored, or ugc.
Add your site URL to a key in the dashboard. A weekly crawl spot-checks the link and marks the key Verified or Missing. The check is best-effort and never blocks your requests — but persistent non-attribution is grounds for revoking a key under the Terms. Every API response also carries an X-Attribution-Required header and an attribution note in meta as a reminder.
The free tier allows 60 requests per minute per key; Enterprise raises this to 600 req/min and drops the attribution requirement. Each response includes:
| Header | Meaning |
|---|---|
X-RateLimit-Limit | Requests allowed per window |
X-RateLimit-Remaining | Requests left in the current window |
X-RateLimit-Reset | Epoch seconds when the window resets |
Exceed the limit and you'll get 429 with a Retry-After header. Back off until the window resets.
List endpoints:
{
"data": [ /* ...resources... */ ],
"pagination": { "nextCursor": "clx...", "hasMore": true, "limit": 20 },
"meta": { "apiVersion": "v1", "attribution": "Data from https://disclosedlabs.com ..." }
}
Detail endpoints return a single object in data. Errors:
{ "error": { "code": "rate_limited", "message": "..." }, "meta": { "apiVersion": "v1" } }
Error codes: unauthorized (401), forbidden (403), not_found (404), bad_request (400), conflict (409), rate_limited (429).
All list endpoints use cursor pagination. Pass limit (default 20, max 100). When pagination.hasMore is true, pass pagination.nextCursor back as the cursor query param for the next page:
curl "https://disclosedlabs.com/api/v1/coas?limit=50&cursor=clx123" \
-H "Authorization: Bearer dlk_your_key_here"
Cursors are stable under inserts, so you won't see duplicates or gaps while paging.
If you run a vendor listed on Disclosed Labs, you can manage your own prices and deals via the API. From the API keys page, create a key scoped to your vendor (the option appears only for vendors you manage). That key gains the write:prices scope for POST/PUT/DELETE /api/v1/vendors/{slug}/products and PATCH /api/v1/vendors/{slug}/deals. Read the reference for the request bodies.
Each product must reference a catalogued peptide. Pass peptideSlug — list every valid slug at GET /api/v1/peptides — or pass a name/code and we'll resolve it (e.g. GET /api/v1/resolve?name=GLP-3 → retatrutide). Un-catalogued names are rejected so the shared price corpus stays clean.