For developers

UK TPS/CTPS screening as an API.

DMA-licensed list cleaning behind a clean REST API, live today. Real-time single and bulk lookups, async jobs for very large batches, webhooks for re-screen events, and an audit trail your compliance officer can hand to the ICO. Built for RevOps and product engineers who would rather integrate than re-implement TPS plumbing. Keys are issued on request — yours within one working day.

Request an API key See pricing

DMA-licensed list cleaner PECR-alignedReal-time + audit trailListed on the HubSpot marketplace

Operated by Voll Studios Ltd, registered in England (09302803).

What it does

Single and bulk lookups

One endpoint, one or many numbers per request. Sync responses for normal volumes, async jobs for very large batches.

Webhook callbacks for re-screens

Register a target URL and we will notify you whenever a number you have previously screened changes status on the TPS or CTPS register. No polling.

Audit-ready response logs

Every screen result is stored and addressable by id. Pull it back later in a format the ICO is happy to look at.

Quick example

Base URL: https://api.tpsclear.co.uk

Request

POST https://api.tpsclear.co.uk/v1/screen
Authorization: Bearer tpsc_live_xxx  # use tpsc_test_* in CI/sandbox
Content-Type: application/json

{
  "phoneNumbers": ["+447777000001", "+447777000002"]
}

Response

{
  "results": [
    {
      "phoneNumber": "+447777000001",
      "tpsListed": false,
      "ctpsListed": false,
      "status": "clean",
      "checkedAt": "2026-05-08T10:21:01Z"
    },
    {
      "phoneNumber": "+447777000002",
      "tpsListed": true,
      "ctpsListed": false,
      "status": "tps-listed",
      "checkedAt": "2026-05-08T10:21:01Z"
    }
  ]
}

Endpoints

A small surface on purpose. You should not need a 200-page reference to screen a phone number.

Endpoint	Purpose
`POST /v1/screen`	Single or bulk lookup. Synchronous response with TPS and CTPS status per number.
`POST /v1/screen/async`	For very large batches. Returns a job id immediately, then posts results to your registered webhook when finished.
`POST /v1/webhooks`	Register a re-screen webhook target. We will call it when a number you have screened previously flips state.
`GET /v1/screen/{id}`	Fetch a past screen result by id for audit purposes.

Every key ships with a reference doc and a Postman collection.

Auth

Bearer tokens in the Authorization header. Tokens are environment-scoped: tpsc_test_* hits a sandbox that returns deterministic fixtures, tpsc_live_* hits the real DMA file. Tokens can be rotated or revoked at any time on request; revocation takes effect immediately.

Recommended practice

Store tokens in your platform's secret manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault, Doppler, or the equivalent on your stack). Never commit tokens to source control.
Use the test token in CI and staging. Live tokens belong only in production runtime environments.
Rotate on staff changes. If a token leaks, revoke first, debug after.

Rate limits and cost

One price, unlimited lookups under fair use. We do not meter and there is no per-lookup charge. Limits are expressed in lookups, not requests, so a bulk call of 500 numbers counts as 500 against fair use.

To keep the service stable for everyone, abnormal automated traffic may be rate-limited, and sustained bursts beyond fair use return 429 with a Retry-After header so clients back off cleanly. We also return X-RateLimit-Remaining and X-RateLimit-Reset headers on every response. There is no surprise invoice.

Audit trail

Every screen call, sync or async, single or bulk, is persisted with its full result set, the timestamp it was checked, and the token that made the call. Results are retained for a minimum of twelve months. Pull any prior result back via GET /v1/screen/{id} in a format aligned with how the ICO expects evidence of consent-checking to be presented.

Why this matters. Under PECR you need to demonstrate you screened, not just claim it. An addressable log of every check, with timestamps, is the cleanest way to do that.

Build vs buy

You can absolutely build TPS screening yourself. You will need a DMA licence, an SFTP fetch on the daily file, a normaliser, a comparator, retention rules, and a re-screen scheduler. Most teams do this once, regret it, and hand it to a third party on the second renewal.

Read the full build-vs-buy breakdown.

Other CRM integrations

If you would rather not write a single line of integration code, TPSClear runs natively inside several major CRMs. The API is for everything that lives outside one of those.

See native CRM integrations.

Keys are issued by hand so every integration gets a sanity check. Tell us what you are building and yours will be in your inbox within one working day.

Same price as the CRM apps: £295/month, billed monthly, cancel any time.