Dashboard & test mode

The developer dashboard gives you self-serve visibility into your own API key — usage, recent verdicts, and a one-click sandbox key — with no billing, accounts, or setup. Test mode lets you build and CI against Faro deterministically, without spending external API calls or touching the live reputation graph.

The dashboard

Go to farofinance.app/dashboard and paste a self-serve API key (the faro_live_… or faro_test_… key you got at signup). The key is kept in a secure, http-only cookie — it's never written to localStorage and never exposed to client-side JavaScript. Every read is proxied server-side to the API routes below.

The dashboard shows:

Usage — API calls over the last 30 days, with a per-day chart and a breakdown by artifact type.
Recent verdicts — the last verdicts this key produced (normalized node, type, verdict).
Keys — your key prefix and mode, plus a button to mint a sandbox test key.

Dashboard API

These routes are Bearer-authenticated and scoped to the calling key. They power the UI, and you can call them directly too.

Method	Path	Returns
`GET`	`/v1/me`	Key profile: prefix, email, mode, issue time
`GET`	`/v1/me/usage?days=30`	Daily call counts by artifact type
`GET`	`/v1/me/verdicts?limit=10`	Recent verdicts for artifacts this key checked
`POST`	`/v1/me/keys/test`	Issue a sandbox test key for your email

curl https://api.farofinance.app/v1/me \
-H "Authorization: Bearer $FARO_API_KEY"

Test mode

Any key whose mode is test (prefix faro_test_) runs in a sandbox:

verify short-circuits to deterministic fixtures — no Safe Browsing, RDAP, sanctions, LLM, reputation lookup, cache, or write-back. No external cost.
Responses carry an X-Faro-Mode: test header. The VerdictResult shape is otherwise identical to live, so your code paths don't change.
Test keys never write to the reputation graph — POST /v1/reports is accepted as a no-op so you can exercise the path safely.

This makes test mode ideal for local development, examples, and CI: the same artifact always returns the same verdict.

Fixture reference

Verdicts are chosen by the artifact type plus optional magic substrings in the value (case-insensitive). The default for every type is 🟢 green.

Type	Substring in value	Verdict
`url`	`phishing`, `evil`	🔴 red
`url`	`ambiguous`, `yellow`	🟡 yellow
`payee`	`sanctioned`, `blocked`	🔴 red
`payee`	`suspicious`	🟡 yellow
`message`	`scam`, `blocked`	🔴 red
`message`	`otp`, `urgent`	🟡 yellow
any	(none of the above)	🟢 green

curl -X POST https://api.farofinance.app/v1/verify/url \
-H "Authorization: Bearer $FARO_TEST_KEY" \
-H "Content-Type: application/json" \
-d '{"value": "https://evil-phishing.example"}'
# → verdict: "red"  (header: X-Faro-Mode: test)

Quickstart

Get a key and make your first verify call.

Reports

Flag bad actors and false positives.

API reference

Full /v1/me* schema in OpenAPI.

Core concepts

Verdicts, signals, and the reputation graph.