Skip to content
Login to Tracers
  • There are no suggestions because the search field is empty.

API

What to expect when using the Tracers Application Programming Interface.  

Introduction 

This document outlines what you can expect when integrating with the Tracers API (also referred to as the Galaxy API). It is intended for customers who have signed a service agreement with Tracers for API access and are preparing to onboard, integrate, and operate against our data services in production. 

The guide covers the access credentials, available endpoints, authentication, request and response formats, rate limits and volume commitments, error handling, and compliance requirements. 

 

Production Credentials 

Production credentials must be kept confidential, rotated according to your organization's security policies, and used exclusively against the production endpoints documented in your onboarding package. 

Important 

All requests sent through production credentials are billable. Our system does not scan for or filter out duplicate requests — if your application sends the same query twice (for example, a user double-clicks “Submit,” or your code automatically retries after a timeout), you will be charged for both requests. Please design your application to avoid sending the same request more than once. 

 

Authentication 

The Tracers API uses token-based authentication. Each request must include valid credentials issued by Tracers. Customers are responsible for: 

  • Storing credentials securely (e.g., a secrets manager, not source control). 
  • Restricting access to credentials to authorized personnel and systems only. 
  • Notifying Tracers immediately if credentials are believed to be compromised so they can be rotated. 

Detailed authentication examples and the current token endpoint are maintained in the live API reference at galaxyapi.readme.io

Available Endpoints 

The Tracers API offers a broad catalog of identity, contact, property, business, and risk data services. The endpoints made available to your account will be limited to those covered by your agreement and permitted-use case. The table below summarizes the major product categories. 

 

Category 

Endpoint(s) 

Typical Use 

Person & Identity 

Person Search, Comprehensive Report, Consumer Insights, ePreFill 

Locate and verify individuals; pre-fill applications. 

Contact & Verification 

Contact Enrichment, Verify Email, Reverse Phone Search, SSN Address Trace 

Append and validate contact data. 

Identity Verification & Fraud 

eIDV, eLeadVerify, KBA, OFAC Search 

Identity proofing, lead validation, sanctions screening. 

Business 

Business Search, FEIN Search, Combined Business Search, Combined Business Teaser 

Business entity lookup and enrichment. 

Property & Assets 

Property Search V2, Eviction Search, Pre-Foreclosure Search, Vehicle Ownership, Auto Search 

Property ownership, parcel data, and vehicle records. 

Risk & Public Records 

Debt Search V2, Criminal Search, Real Time Incarceration, Crim Watch, DEA Search, ProLicense Search 

Liens, judgments, bankruptcies, criminal and licensing records. 

Life Events 

Marriage Search, Divorce Search, Census Search, Workplace Search, Domain Search 

Demographic and life-event data. 

Monitoring 

Data Alerts (Add / Get / Remove / Count), Push Notifications 

Subscribe to changes and receive alerts. 

 

For full request and response schemas, includes, filters, and indicators for each endpoint, refer to the live API reference at galaxyapi.readme.io

Request & Response Format 

  • All requests and responses use JSON over HTTPS. 
  • Each endpoint defines its own JSON request properties, including required identifiers, optional filters, and "includes" that control which result sections are returned. 
  • Responses may legitimately contain no records, partial records, or multiple candidate matches. Your application should be designed to handle each of these cases gracefully. 
  • Field availability varies by data source. Not every field is populated for every record. 

Rate Limits & Volume Commitments 

Rate limiting will be enabled for your account on a monthly basis, sized to the volume commitment specified in your agreement. This means: 

  • Your account is provisioned with a monthly transaction allowance aligned to your contracted volume. 
  • Throughput controls are enforced at the account level to protect platform stability and ensure equitable performance across all customers. 
  • If your traffic temporarily exceeds your committed volume, the API may slow your requests down (“throttling”) or reject some of them outright. 
  • When a request is rejected for being over the limit, your application should wait a short time before trying again — and wait a little longer after each unsuccessful attempt. (Engineers may call this “retry with backoff.”) This prevents your application from hammering the API and gives the system time to recover. 
  • Keep in mind that every retry counts as a separate, billable request. Avoid retrying the same query repeatedly without a clear reason. 
  • If you anticipate a temporary surge (e.g., a marketing campaign, seasonal peak, or new product launch), notify your Tracers account contact in advance so we can plan for it. 

 

Error Handling 

The API uses standard HTTP status codes to communicate the outcome of a request. Common categories include: 

 

Status 

Meaning 

2xx — Success 

The request was processed. The response body contains results, which may include zero records when no match is found. 

400 — Bad Request 

The request payload is malformed or missing required fields. Review the JSON request properties for the endpoint. 

401 / 403 — Unauthorized / Forbidden 

Credentials are missing, invalid, expired, or the account is not entitled to the requested endpoint. 

404 — Not Found 

The endpoint path is incorrect. (Note: a successful search with no matches returns 2xx with an empty result set, not 404.) 

429 — Too Many Requests 

Rate limit exceeded. Back off and retry after a short delay. 

5xx — Server Error 

An unexpected condition occurred. Retry with exponential backoff; if it persists, contact support. 

 

Refer to the Errors page in the live API reference for the authoritative and current list of error codes and bodies. 

Performance & Availability 

  • Endpoints are designed for synchronous request/response use. Typical response times vary by product and the depth of data requested. 
  • Set a reasonable timeout on each request from your application. We recommend starting at 30 seconds. 
  • If a request times out or returns a temporary server error (HTTP 5xx), it is generally safe to try the request again after a short delay. Do not retry client errors (HTTP 4xx, other than 429 “too many requests”) — these indicate a problem with the request itself that retrying will not fix. 
  • Every retry is a separate, billable request. See the duplicates note in Section 2.2. 
  • Planned maintenance windows and any service advisories will be communicated through the contact channel established during onboarding. 
  • Specific availability and response-time targets, if any, are governed by your service agreement. 

Compliance & Permitted Use 

Use of the Tracers API is subject to your signed agreement and to applicable U.S. law. Customers must read and adhere to the official Tracers disclaimer; the key points are summarized below. 

  • Not a Consumer Reporting Agency. Tracers is not a consumer reporting agency and does not provide consumer reports. Information from the API may not be used to determine eligibility for credit, insurance, employment, housing, or any other purpose covered by the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. 
  • Permitted Use Only. All use must comply with your Tracers agreement and with applicable laws including the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. § 6801 et seq., and the Driver's Privacy Protection Act (DPPA), 18 U.S.C. § 2721 et seq. 
  • No Accuracy Warranty. Tracers does not warrant the accuracy of the information returned or the character or integrity of any individual referenced. Records may be inaccurate, incomplete, or not associated with the person you intended to look up. Information should not be used as a substitute for your own due diligence. 

The full disclaimer is published at galaxyapi.readme.io/reference/disclaimer-1 and is incorporated by reference. 

Support 

During onboarding, Tracers will share the appropriate channels for technical support, account management, and incident reporting.

When opening a support request, please provide: 

  • The endpoint and approximate timestamp (UTC) of the issue. 
  • A request ID or correlation ID, if available in the response. 
  • A description of the expected vs. observed behavior. 
  • Whether the issue is reproducible and, if so, steps to reproduce it. 

If you receive an error, please send us:   

  • The full URL to which you are sending your request.  

  • All HTTP headers you are sending.  

  • The full JSON request payload you are sending.  

  • The entire response of the server. 

For credential-related security incidents, contact Tracers immediately so credentials can be rotated.  

Live support is available Monday - Friday 8 AM - 8 PM EST

1-877-723-2689

custserv@tracers.com