TPSClear
Install on HubSpotInstall
Menu
For developers

UK TPS/CTPS screening as an API.

UK TPS/CTPS screening behind a REST API, live today. Built for RevOps and product engineers who would rather integrate than re-implement TPS plumbing. Keys are issued on request, yours within one working day.

Request an API keySee pricing
Listed on the HubSpot App MarketplaceFree to install. Screening starts once you subscribe

What it does

Single and bulk lookups

One endpoint, one or many numbers per request. Sync responses for normal volumes, async jobs for very large batches.

Webhook callbacks for re-screens

Register a target URL and we will notify you whenever a number you have previously screened changes status on the TPS or CTPS register. No polling.

Audit-ready response logs

Every screen result is stored and addressable by id. Pull it back later in a format the ICO is happy to look at.

Quick example

Base URL: https://api.tpsclear.co.uk

Request

POST https://api.tpsclear.co.uk/v1/screen
Authorization: Bearer tpsc_live_xxx  # use tpsc_test_* in CI/sandbox
Content-Type: application/json

{
  "phoneNumbers": ["+447777000001", "+447777000002"]
}

Response

{
  "results": [
    {
      "phoneNumber": "+447777000001",
      "tpsListed": false,
      "ctpsListed": false,
      "status": "clean",
      "checkedAt": "2026-05-08T10:21:01Z"
    },
    {
      "phoneNumber": "+447777000002",
      "tpsListed": true,
      "ctpsListed": false,
      "status": "tps-listed",
      "checkedAt": "2026-05-08T10:21:01Z"
    }
  ]
}

Endpoints

You should not need a 200-page reference to screen a phone number.

EndpointPurpose
POST /v1/screenSingle or bulk lookup. Synchronous response with TPS and CTPS status per number.
POST /v1/screen/asyncFor very large batches. Returns a job id immediately, then posts results to your registered webhook when finished.
POST /v1/webhooksRegister a re-screen webhook target. We will call it when a number you have screened previously flips state.
GET /v1/screen/{id}Fetch a past screen result by id for audit purposes.

Every key ships with a reference doc and a Postman collection.

Auth

Bearer tokens in the Authorization header. Tokens are environment-scoped: tpsc_test_* hits a sandbox that returns deterministic fixtures, tpsc_live_* hits the live register data. Tokens can be rotated or revoked at any time on request; revocation takes effect immediately.

Recommended practice

  • Store tokens in your platform's secret manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault, Doppler, or the equivalent on your stack). Never commit tokens to source control.
  • Use the test token in CI and staging. Live tokens belong only in production runtime environments.
  • Rotate on staff changes. If a token leaks, revoke first, debug after.

Rate limits and cost

No per-lookup charge on any plan. Every plan includes API access with the same engine; the difference is each plan's fair-use volume. Limits are expressed in lookups, not requests, so a bulk call of 500 numbers counts as 500 against your plan's fair use.

To keep the service stable for everyone, abnormal automated traffic may be rate-limited, and sustained bursts beyond fair use return 429 with a Retry-After header so clients back off cleanly. We also return X-RateLimit-Remaining and X-RateLimit-Reset headers on every response. There is no surprise invoice.

Audit trail

Every screen call, sync or async, single or bulk, is persisted with its full result set, the timestamp it was checked, and the token that made the call. Results are retained for a minimum of twelve months. Pull any prior result back via GET /v1/screen/{id} in a format aligned with how the ICO expects evidence of consent-checking to be presented.

Why this matters. Under PECR you need to demonstrate you screened, not just claim it. An addressable log of every check, with timestamps, is the cleanest way to do that.

Build vs buy

You can absolutely build TPS screening yourself. There is no official TPS register API, only a licensed daily file; we explain the landscape in TPS register API: what's available and how to use it. You will need a DMA licence, an SFTP fetch on the daily file, a normaliser, a comparator, retention rules, and a re-screen scheduler. Most teams do this once, regret it, and hand it to a third party on the second renewal.

Read the full build-vs-buy breakdown.

Other CRM integrations

If you would rather not write a single line of integration code, TPSClear runs natively inside HubSpot today; Salesforce, Dynamics 365, Pipedrive, Zoho and Capsule integrations are in build. The API covers everything else right now.

See native CRM integrations.

Keys are issued by hand so every integration gets a sanity check. Tell us what you are building and yours will be in your inbox within one working day.

Request an API key

A rough number is fine (for example, 5,000 or 250k).

So we know whether CTPS matters to you.

Same pricing as the CRM apps: plans from £95/month, billed monthly, cancel any time.