vialaudit
The Roundup

affiliate disclosure · We earn affiliate commission on some vendor links. Audits, scores, and rankings are independent — vendors do not pay for placement and do not see drafts. read more →

how-to · Editorial · 7 min read

How to verify a Janoshik COA: a four-step check

A vendor publishing a Janoshik certificate is a good signal. A buyer verifying it against the public database is the actual signal. Here is the four-step check that takes ninety seconds.

published · · today

Why this matters

A vendor that publishes a Janoshik certificate has cleared the lowest bar of public-record peptide quality. That is not the same as the COA being trustworthy. Three of the patterns we documented in the Janoshik 7,164-tests purity analysis involved vendor-published COAs that did not match the source-of-truth public database — either because the COA was for a different batch, the figures were edited, or in the worst case the certificate was fabricated entirely.

The verification check below is the buyer-side defense against each of those patterns. It takes ninety seconds and requires no special tools.

The four-step check

Step 1 — find the Janoshik order ID on the COA

A real Janoshik certificate has a specific identifier in the upper section of the document. Look for a string that includes one of:

  • A QR code in the corner of the certificate (typical on PDFs generated from 2024 onward)
  • An order ID — typically a hyphenated alphanumeric string (e.g., the format used by Janoshik public-tests entries)
  • A sample receipt date — the date Janoshik logged the sample, which appears on the public entry as well

If the certificate has no QR code, no order ID, and no sample-receipt date, you cannot verify it. Stop here. A COA without these identifiers cannot be matched to a public-database entry; treat the certificate as unverifiable regardless of the vendor reputation.

if the COA has no order ID or QR code: stop

Step 2 — check Janoshik's public tests database

Open the Janoshik public tests database in a browser. The public database is the source-of-truth: it contains every test that the vendor has authorized for public listing. The filter UI lets you search by:

  • Vendor name (most useful filter for cross-checking a published COA)
  • Compound (retatrutide, tirzepatide, BPC-157, etc.)
  • Date range (match to the certificate's sample-receipt date)

If the COA has a QR code, scanning it should land you on the specific public-database entry directly. If you are working from a printed PDF or screenshot, search by vendor + compound + approximate date.

Step 3 — match three fields exactly

The match check is on three fields that should agree between the vendor-published certificate and the Janoshik public-database entry:

  1. Compound identity — the compound name and any peptide-sequence identifier on the COA must match the public-database entry. A vendor-stated retatrutide COA that lands on a tirzepatide entry in the public database is a fabrication.
  2. Purity figure — the headline purity percentage on the COA must match the figure in the public database. The acceptable tolerance is zero: these should be identical numbers.
  3. Sample-receipt date — the date Janoshik logged the sample should match within ±1 day across timezone differences. A significant date mismatch (more than 2–3 days) is a flag.

If all three fields match exactly, the COA is verified at the level of the public-database entry.

three-field match: compound, purity, date

Step 4 — confirm batch-to-vial linkage

The most subtle pattern in COA fabrication is the valid-COA-wrong-batch pattern: a vendor publishes a real Janoshik certificate for a real batch they tested, but the vials they ship are from a different, untested batch. The COA verifies cleanly in step 3, but it does not correspond to the product in the buyer's hand.

The buyer-side check for this is to confirm that the batch identifier on the vial matches the batch identifier on the COA. Most disciplined vendors print or sticker the batch ID on the vial label or on the box. If the vial has no batch ID, or the batch ID does not match the COA's batch field, the COA does not certify the product the buyer received.

This is the step that separates buyers who verify COAs in principle from buyers who verify the specific shipment they received. Both checks matter; this one is the harder one.

What the verification check catches

The four-step check catches each of the three patterns we documented:

| Pattern | Caught by | |---|---| | Fabricated certificate (no public-database entry) | Step 2 + Step 3 | | Edited certificate (figures don't match public entry) | Step 3 | | Valid certificate, wrong batch (COA doesn't match vial) | Step 4 |

The patterns the four-step check does not catch:

  • Cherry-picked certificate — the vendor tested a single high-purity batch and uses that one COA across multiple shipments. The COA verifies cleanly, but the average product purity may be lower than the certificate suggests. The defense against this pattern is independent retesting on a separate batch — i.e., what our audit cycle does, and what the Janoshik 7,164-tests analysis documents at scale.
  • Vendor-stated purity figures elsewhere on the site — marketing pages sometimes claim higher purity than the linked COA. Step 3 checks the COA against the public database; it does not check the marketing language against the COA. Always read the COA, not the marketing copy.

When a vendor doesn't publish on Janoshik

Some vendors use other third-party labs (Finnrick Analytics, ARL Bio, or specialty pharma testing services). The structural verification protocol is the same: locate the lab's public-record source if one exists, match three fields exactly, confirm batch-to-vial linkage.

The challenge is that lab transparency policies vary. Janoshik's public-tests database is the most accessible. Other labs may publish selectively or only on request. A vendor using a less-transparent lab is not automatically a bad signal — but the verification floor is harder to reach, and the buyer-side burden is correspondingly higher.

What we read

For this guide we used: Janoshik Analytical's public-tests database; the Janoshik COA format documentation in vendor onboarding materials; the COA-fabrication patterns documented in the Peptide Sciences postmortem (the counterfeit-detection event in March 2026 specifically); and contemporaneous r/Peptides threads describing buyer-side verification practices.

Sources

read next

More from the desk

how-toHow peptide vendors fail: a taxonomyEight failure modes, ranked by how often they appear in public Janoshik data and how hard they are for a buyer to catch before ordering.11 minhow-toPeptide reconstitution: a research guideBacteriostatic water, syringe selection, dose math, storage. The reference we wish existed when we started.15 minnews503A and the PCAC: how compounding restrictions reshaped the legal GLP-1 marketThe 2024 and 2026 Pharmacy Compounding Advisory Committee votes did not close any peptide vendor. They closed the legal compounded telehealth channel — and that closure is what pushed demand toward the research-peptide market in the first place.10 min
the roundup · monthly

Receipts in your inbox. Once a month.

New audits, expired coupons pruned, lab notes from vials still on the bench. No marketing. No lifestyle copy. Unsubscribe in one click.

14,200 subscribers· 0 sponsored items· 11 issues since launch