TPSClear
Menu
For developers

UK TPS/CTPS screening as an API.

DMA-licensed list cleaning behind a clean REST API. Real-time single and bulk lookups, async jobs for very large batches, webhooks for re-screen events, and an audit trail your compliance officer can hand to the ICO. Built for RevOps and product engineers who would rather integrate than re-implement TPS plumbing.

Request API accessSee pricing
DMA-licensed list cleanerPECR-alignedReal-time + audit trailUK Limited Company 09302803

Operated by Voll Studios Ltd, registered in England (09302803).

What it does

Single and bulk lookups

One endpoint, one or many numbers per request. Sync responses for normal volumes, async jobs for very large batches.

Webhook callbacks for re-screens

Register a target URL and we will notify you whenever a number changes status on the TPS or CTPS register. No polling.

Audit-ready response logs

Every screen result is stored and addressable by id. Pull it back later in a format the ICO is happy to look at.

Quick example

Illustrative. Final shapes may shift before general availability.

Request

POST /v1/screen
Authorization: Bearer tpsc_live_xxx
Content-Type: application/json

{
  "phoneNumbers": ["+447777000001", "+447777000002"]
}

Response

{
  "results": [
    {
      "phoneNumber": "+447777000001",
      "tpsListed": false,
      "ctpsListed": false,
      "status": "clean",
      "checkedAt": "2026-05-08T10:21:01Z"
    },
    {
      "phoneNumber": "+447777000002",
      "tpsListed": true,
      "ctpsListed": false,
      "status": "tps-listed",
      "checkedAt": "2026-05-08T10:21:01Z"
    }
  ]
}

Endpoints

A small surface on purpose. You should not need a 200-page reference to screen a phone number.

EndpointPurpose
POST /v1/screenSingle or bulk lookup. Synchronous response with TPS and CTPS status per number.
POST /v1/screen/asyncFor very large batches. Returns a job id immediately, then posts results to your registered webhook when finished.
POST /v1/webhooksRegister a re-screen webhook target. We will call it when a number you have screened previously flips state.
GET /v1/screen/{id}Fetch a past screen result by id for audit purposes.

Full reference docs ship alongside public API access. Beta customers get a private reference and a Postman collection.

Auth

Bearer tokens in the Authorization header. Tokens are environment-scoped: tpsc_test_* hits a sandbox that returns deterministic fixtures, tpsc_live_* hits the real DMA file. You can rotate either at any time and tokens are revocable from the dashboard.

Recommended practice

  • Store tokens in your platform's secret manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault, Doppler, or the equivalent on your stack). Never commit tokens to source control.
  • Use the test token in CI and staging. Live tokens belong only in production runtime environments.
  • Rotate on staff changes. If a token leaks, revoke first, debug after.

Rate limits and cost

Caps are expressed in lookups, not requests, so a bulk call of 500 numbers counts as 500. Each plan tier has a monthly lookup cap and a per-second burst limit. Async jobs do not count against the burst limit. See pricing for tier numbers.

We return X-RateLimit-Remaining and X-RateLimit-Reset headers on every response so you can back off cleanly. Going over the cap returns 429, not a surprise invoice.

Audit trail

Every screen call, sync or async, single or bulk, is persisted with its full result set, the timestamp it was checked, and the token that made the call. Retention is set per plan (final retention windows TBD before general availability, minimum twelve months). Pull any prior result back via GET /v1/screen/{id} in a format aligned with how the ICO expects evidence of consent-checking to be presented.

Why this matters. Under PECR you need to demonstrate you screened, not just claim it. An addressable log of every check, with timestamps, is the cleanest way to do that.

Build vs buy

You can absolutely build TPS screening yourself. You will need a DMA licence, an SFTP fetch on the daily file, a normaliser, a comparator, retention rules, and a re-screen scheduler. Most teams do this once, regret it, and hand it to a third party on the second renewal.

Read the full build-vs-buy breakdown.

Other CRM integrations

If you would rather not write a single line of integration code, TPSClear runs natively inside several major CRMs. The API is for everything that lives outside one of those.

See native CRM integrations.

Request API access

API tokens are issued one-by-one during private beta. Self-serve sign-up lands at general availability. Tell us what you are building and we will get you a token within a working day.

Request API accessSee pricing