Integration Guides

Connect TrustVerify AI
to Your Stack

Step-by-step guides for connecting TrustVerify AI to your existing procurement, security, and collaboration tools. All integrations use the REST API with OAuth 2.0 Bearer tokens.

Salesforce
Pull vendor scores into your Salesforce Vendor records. Auto-create tasks on score drops. Filter vendor views by TrustScore threshold.
Jump to guide →
ServiceNow
Auto-create incidents when vendors breach policy thresholds. Route by severity. Auto-close on recovery. GRC module integration included.
Jump to guide →
Slack
Real-time score-drop alerts in your security or procurement channels. Slash commands to query any vendor. Weekly digest summaries.
Jump to guide →
🏞

Salesforce Integration

Sync TrustScores into Salesforce Vendor records, auto-create follow-up tasks, and build dynamic views filtered by risk threshold. Requires Salesforce Professional or above and a TrustVerify Professional or Enterprise plan.

STEP 01

Create a Connected App in Salesforce

In Salesforce Setup, navigate to Apps → App Manager → New Connected App. Enable OAuth Settings, add the callback URL https://api.trustverify.ai/oauth/salesforce/callback, and select scopes: api, refresh_token, offline_access.

Tip: Save your Consumer Key and Consumer Secret — you'll need them in the next step.
STEP 02

Configure the Integration in TrustVerify AI

Go to Settings → Integrations → Salesforce in your TrustVerify dashboard. Enter your Consumer Key, Consumer Secret, and your Salesforce instance URL.

REST API — Configure Salesforce Integration
POST https://api.trustverify.ai/v1/integrations/salesforce
Authorization: Bearer <your_access_token>
Content-Type: application/json

{
  "consumer_key": "3MVG9...your_consumer_key",
  "consumer_secret": "your_consumer_secret",
  "instance_url": "https://yourorg.my.salesforce.com",
  "sync_field": "TrustVerify_Score__c",
  "sync_frequency": "daily"
}
STEP 03

Add a Custom Field to the Vendor Object

In Salesforce Setup, go to Object Manager → Vendor → Fields & Relationships → New. Create a Number field named TrustVerify Score with API name TrustVerify_Score__c (0 decimal places, min 300, max 850). Optionally add TrustVerify_Grade__c (Text, 3 chars) and TrustVerify_Updated__c (Date/Time).

STEP 04

Set Up Automated Score Sync via Webhook

Register a TrustVerify webhook that fires on score.updated events and calls your Salesforce org's REST API to update the Vendor record.

Python — Webhook Handler (Flask)
from flask import Flask, request, jsonify
import hmac, hashlib, requests

app = Flask(__name__)
WEBHOOK_SECRET = "your_trustverify_webhook_secret"
SF_INSTANCE = "https://yourorg.my.salesforce.com"
SF_TOKEN = "your_salesforce_access_token"

@app.route("/trustverify/webhook", methods=["POST"])
def handle_trustverify_event():
    # Verify HMAC-SHA256 signature
    sig = request.headers.get("X-TrustVerify-Signature", "")
    expected = hmac.new(
        WEBHOOK_SECRET.encode(), request.data, hashlib.sha256
    ).hexdigest()
    if not hmac.compare_digest(sig, f"sha256={expected}"):
        return jsonify({"error": "invalid_signature"}), 401

    event = request.get_json()
    if event["type"] != "score.updated":
        return jsonify({"ok": True})

    vendor_id = event["vendor_id"]
    new_score = event["trust_score"]
    grade = event["grade"]

    # Update the Salesforce Vendor record
    sf_vendor_id = lookup_sf_vendor(vendor_id)  # your mapping logic
    requests.patch(
        f"{SF_INSTANCE}/services/data/v59.0/sobjects/Vendor__c/{sf_vendor_id}",
        headers={"Authorization": f"Bearer {SF_TOKEN}"},
        json={
            "TrustVerify_Score__c": new_score,
            "TrustVerify_Grade__c": grade,
            "TrustVerify_Updated__c": event["updated_at"]
        }
    )
    return jsonify({"ok": True})
STEP 05

Create a List View Filtered by TrustScore

In Salesforce, go to Vendors → New List View. Add filter: TrustVerify Score is less than 650. Name it "Vendors Requiring Review". Share with your procurement and security teams. This view auto-updates as scores change.

Tip: You can also create a Dashboard tile showing the count of vendors below 600, giving your CISO a live risk gauge.
🎫

ServiceNow Integration

Auto-create incidents and GRC tasks when vendor scores breach policy thresholds. Route to the right team by severity. Auto-close tickets when scores recover. Requires ServiceNow ITSM and a TrustVerify Professional or Enterprise plan.

STEP 01

Create a ServiceNow Integration User

In ServiceNow, create a dedicated service account for TrustVerify AI. Assign the itil role for incident creation and sn_risk.user for GRC task creation. Generate a Basic Auth credential or OAuth Client.

Warning: Do not use your admin account. Use a scoped service account with minimum required roles for the principle of least privilege.
STEP 02

Register the Inbound Webhook

In TrustVerify AI, register a webhook targeting your ServiceNow MID Server or a direct inbound REST endpoint. Subscribe to alert.created and vendor.blocked events.

REST API — Register ServiceNow Webhook
POST https://api.trustverify.ai/v1/webhooks
Authorization: Bearer <your_access_token>

{
  "url": "https://yourinstance.service-now.com/api/trustverify/inbound",
  "events": ["alert.created", "vendor.blocked", "score.dropped"],
  "enabled": true
}

// Response includes webhook secret for HMAC verification
{
  "id": "wh_abc123",
  "secret": "whsec_..."
}
STEP 03

Build the ServiceNow Scripted REST API

In ServiceNow, create a Scripted REST API at path /api/trustverify/inbound. The handler receives TrustVerify webhook events and creates incidents with the appropriate urgency mapping.

ServiceNow — Scripted REST Handler (JavaScript)
// ServiceNow Scripted REST API — Resource: POST /inbound
(function process(request, response) {
  var body = request.body.data;
  var severity = body.severity;

  // Map TrustVerify severity to ServiceNow urgency
  var urgencyMap = {
    'critical': '1',
    'high': '2',
    'medium': '3',
    'low': '3'
  };

  var incident = new GlideRecord('incident');
  incident.initialize();
  incident.short_description = '[TrustVerify] ' + body.message;
  incident.description = JSON.stringify(body, null, 2);
  incident.urgency = urgencyMap[severity] || '3';
  incident.category = 'security';
  incident.assignment_group = 'AI Vendor Risk Team';
  incident.caller_id = 'trustverify_service_account';
  incident.insert();

  response.setStatus(201);
  response.setBody({ sys_id: incident.sys_id.toString() });
})(request, response);
STEP 04

Auto-Close on Score Recovery (Optional)

Subscribe to score.updated events and, when a vendor's score rises above your threshold (e.g., 650), resolve any open incidents linked to that vendor. Store the TrustVerify vendor_id in a custom field on the ServiceNow incident to enable this lookup.

Tip: Add a Business Rule in ServiceNow that prevents manual closure of TrustVerify-generated incidents while the vendor score is still below threshold. This keeps accountability clear.
💬

Slack Integration

Post real-time score-drop alerts to your security or procurement channels. Query any vendor's current score with a slash command. Receive weekly digest summaries. Requires a Slack workspace and TrustVerify Starter or above.

STEP 01

Create a Slack App

Go to api.slack.com/apps and create a new app from scratch. Under Features → Incoming Webhooks, activate and add a webhook URL pointing to your #vendor-risk channel. Copy the webhook URL.

STEP 02

Register Your Slack Webhook in TrustVerify AI

REST API — Register Slack Webhook
POST https://api.trustverify.ai/v1/webhooks
Authorization: Bearer <your_access_token>

{
  "url": "https://hooks.slack.com/services/T.../B.../...",
  "events": ["score.dropped", "alert.created", "shadow_ai.detected"],
  "format": "slack_block_kit",
  "enabled": true
}
Tip: Setting "format": "slack_block_kit" tells TrustVerify to send Slack-formatted Block Kit payloads directly. Without this, you'll need to transform the raw JSON payload yourself.
STEP 03

Example Alert Format

When a vendor's score drops more than 50 points, TrustVerify posts a formatted Block Kit message to your channel:

Slack Block Kit — Score Drop Alert
{
  "blocks": [
    {
      "type": "header",
      "text": { "type": "plain_text", "text": "⚠️ TrustVerify Alert: Score Drop Detected" }
    },
    {
      "type": "section",
      "fields": [
        { "type": "mrkdwn", "text": "*Vendor:*\nChatFlow Ops" },
        { "type": "mrkdwn", "text": "*Score:*\n~~540~~ → 412 (-128 pts)" },
        { "type": "mrkdwn", "text": "*Reason:*\nAPI key exposed in public repo" },
        { "type": "mrkdwn", "text": "*Policy Triggered:*\nBlock from customer data" }
      ]
    },
    {
      "type": "actions",
      "elements": [
        { "type": "button", "text": { "text": "View Vendor↗" }, "url": "https://app.trustverify.ai/vendors/vendor_abc123" },
        { "type": "button", "text": { "text": "Acknowledge" }, "style": "primary" }
      ]
    }
  ]
}
STEP 04

Add a Slash Command for On-Demand Score Queries

In your Slack App settings, add a slash command /trustscore pointing to a lightweight handler that queries the TrustVerify API and returns a vendor's current score.

Node.js — Slash Command Handler
import express from 'express';
import fetch from 'node-fetch';

const app = express();
app.use(express.urlencoded({ extended: true }));

const TV_TOKEN = process.env.TRUSTVERIFY_TOKEN;

app.post('/slack/trustscore', async (req, res) => {
  const vendorName = req.body.text?.trim();
  if (!vendorName) {
    return res.json({ text: 'Usage: /trustscore <vendor-name>' });
  }

  // Search vendors by name
  const r = await fetch(
    `https://api.trustverify.ai/v1/vendors?search=${encodeURIComponent(vendorName)}&limit=1`,
    { headers: { Authorization: `Bearer ${TV_TOKEN}` } }
  );
  const { data } = await r.json();
  const v = data?.[0];

  if (!v) return res.json({ text: `No vendor found matching “${vendorName}”` });

  const emoji = v.trust_score >= 750 ? '✅' : v.trust_score >= 600 ? '⚠️' : '🔴';
  res.json({
    text: `${emoji} *${v.name}* — TrustScore: *${v.trust_score}* | Change (30d): ${v.score_change_30d > 0 ? '+' : ''}${v.score_change_30d}`
  });
});

app.listen(3000);
STEP 05

Weekly Digest (Optional)

Set up a scheduled job (cron, GitHub Actions, or Zapier) that runs every Monday and posts a summary of your vendor risk posture to #vendor-risk. Pull the GET /v1/reports/vendor-trust endpoint and format as a Block Kit message.

Tip: Limit digest alerts to vendors where the score changed more than 20 points in the past week. Full weekly blasts for 50+ vendors create alert fatigue — use the min_score_change query param.