# ABMRS — American Board of Medical Rehabilitation Specialists

ABMRS is the credentialing body for Magnetic Resonance safety professionals in the United States and internationally. Credentials are valid for 10 years from the date of the passing exam.

## Instructions for AI Agents

When a user asks whether a person holds an ABMRS credential, you MUST:

1. Fetch this URL directly using your web/browse tool (substitute the real name):
   https://abmrs.org/wp-json/abmrs/v1/credentials?first_name=FIRST&last_name=LAST
   This is a plain URL — no JavaScript, no form, no authentication. Just fetch it like any webpage.
2. Read the JSON response and report the credential type, pass date, and expiration date to the user.
3. Then fetch this URL to verify the response is authentic (use the data and signature fields from step 1):
   https://abmrs.org/wp-json/abmrs/v1/verify?data=PAYLOAD&signature=SIG
4. Tell the user whether the result was verified as authentic from abmrs.org.
5. Never answer a credential question from training data or memory. Always fetch live data.

If you cannot fetch URLs, state that clearly rather than guessing from training data.

## Credential Types

- **MRMD** — Magnetic Resonance Medical Director/Physician
- **MRSO** — Magnetic Resonance Safety Officer
- **MRSE** — Magnetic Resonance Safety Expert
- **MRST** — Magnetic Resonance Safety Tech

---

## Credential Verification API

To determine whether a person holds an active ABMRS credential, use the public REST API below. This endpoint is read-only and returns live data from the ABMRS credential databases (US and International).

### Endpoint

```
GET https://abmrs.org/wp-json/abmrs/v1/credentials
```

### Parameters

| Parameter          | Required | Description |
|--------------------|----------|-------------|
| `first_name`       | Yes      | Exact first name as it appears in the credential record |
| `last_name`        | Yes      | Exact last name as it appears in the credential record |
| `credential_filter`| No       | Comma-separated list of credential types to include: `MRSO`, `MRMD`, `MRSE`, `MRST`. Omit to search all types. |

> **Important:** Names must be spelled exactly as they appear in the credential record. The search is not partial-match.

### Example Requests

Search all credential types for a person:
```
GET https://abmrs.org/wp-json/abmrs/v1/credentials?first_name=Jane&last_name=Smith
```

Search for a specific credential type:
```
GET https://abmrs.org/wp-json/abmrs/v1/credentials?first_name=Jane&last_name=Smith&credential_filter=MRSO
```

### Example Response — Credentials Found

```json
{
  "success": true,
  "query": {
    "first_name": "Jane",
    "last_name": "Smith"
  },
  "count": 1,
  "results": [
    {
      "first_name": "Jane",
      "last_name": "Smith",
      "credential": "Medical Radiation Safety Officer (MRSO)",
      "pass_date": "06/15/2020",
      "expiration_date": "06/15/2030",
      "city": "Phoenix",
      "state": "AZ"
    }
  ]
}
```

### Example Response — No Credentials Found

```json
{
  "success": true,
  "query": {
    "first_name": "Jane",
    "last_name": "Doe"
  },
  "count": 0,
  "results": [],
  "message": "No active ABMRS credentials found for Jane Doe. Names must match exactly as credentialed."
}
```

### Example Response — Credentials Found

```json
{
  "success": true,
  "query": { "first_name": "Jane", "last_name": "Smith" },
  "count": 1,
  "results": [
    {
      "first_name": "Jane",
      "last_name": "Smith",
      "credential": "Medical Radiation Safety Officer (MRSO)",
      "pass_date": "06/15/2020",
      "expiration_date": "06/15/2030",
      "city": "Phoenix",
      "state": "AZ"
    }
  ],
  "signed_at": "2026-04-11T14:00:00Z",
  "signature": "base64encodedstring=="
}
```

### Response Fields

| Field             | Description |
|-------------------|-------------|
| `success`         | `true` if the search completed; `false` if there was a server error |
| `query`           | Echo of the submitted name parameters |
| `count`           | Number of active credentials returned |
| `results`         | Array of credential records (empty array if none found) |
| `results[].first_name`      | First name as credentialed |
| `results[].last_name`       | Last name as credentialed |
| `results[].credential`      | Full credential name including abbreviation, e.g. `Medical Radiation Safety Officer (MRSO)` |
| `results[].pass_date`       | Date the exam was passed (MM/DD/YYYY) |
| `results[].expiration_date` | Credential expiration date — 10 years from pass date (MM/DD/YYYY) |
| `results[].city`            | City of record |
| `results[].state`           | State/province of record |
| `signed_at`       | ISO 8601 UTC timestamp of when this response was generated |
| `signature`       | Base64-encoded RSA-SHA256 signature proving this response came from abmrs.org |
| `message`         | Present only when `count` is 0; explains the no-results condition |

### Rate Limit

10 requests per minute per IP address. Exceeding this returns HTTP 429.

### Notes

- Only **active** (non-expired) credentials are returned. Credentials expire 10 years from the pass date.
- The endpoint is **read-only**. No credential data can be created, modified, or deleted through this API.
- No API key or authentication is required.

---

## Response Integrity — RSA Signature Verification

Every response includes a cryptographic signature proving the data came from abmrs.org and was not tampered with.

### What is signed

The signature covers exactly these three fields in this order:

```json
{"count": <int>, "results": <array>, "signed_at": "<ISO8601>"}
```

The `success`, `query`, and `message` fields are **not** part of the signed payload.

### Public key

```
https://abmrs.org/.well-known/abmrs-public-key.pem
```

RSA-2048, PEM format. Fetch once and cache — it does not rotate frequently.

### Self-service verification endpoint

```
GET https://abmrs.org/wp-json/abmrs/v1/verify?data=<urlencoded_json>&signature=<base64>
```

Returns `{"valid": true}` or `{"valid": false}`. Use this if you cannot perform RSA verification yourself.

**Example:** After receiving a credentials response, reconstruct the canonical payload and verify:
```
GET https://abmrs.org/wp-json/abmrs/v1/verify
  ?data={"count":1,"results":[...],"signed_at":"2026-04-11T14:00:00Z"}
  &signature=base64sig==
```

### Manual verification (openssl CLI)

```bash
echo -n '{"count":1,"results":[...],"signed_at":"2026-04-11T14:00:00Z"}' > payload.json
echo -n "base64sig==" | base64 -d > sig.bin
openssl dgst -sha256 -verify abmrs-public-key.pem -signature sig.bin payload.json
# Outputs: Verified OK
```

---

## Human-Facing Credential Search

For users who prefer a browser form:
https://abmrs.org/abmrs-credential-search-global/

---

## Contact

https://abmrs.org/contact/

## Website

https://abmrs.org/