eIDAS Disclosure: All verification outputs from this API are labelled “Platform-Verified Integrity Check” and do not constitute a Qualified Electronic Signature (QES) or Advanced Electronic Signature (AdES) under eIDAS Regulation (EU) 910/2014. Relying parties should treat verification results as integrity evidence. QTSP/AdES integration is planned for a future release.

Explore by category

Authentication
Register, login, refresh tokens, step-up MFA, DNS verification.
Documents
Upload, list, retrieve, and manage document lifecycle.
Relationships
Revoke, supersede, amend, and cross-reference documents.
Audit Log
Tamper-evident log with hash-chaining. Export as JSONL or PDF.
Verification
Public endpoint — verify any document by HMAC ID.
Webhooks
Subscribe to async events with signed delivery payloads.
API Keys
Create, rotate, and revoke programmatic access keys.
Billing
Stripe subscription setup and customer portal access.

Quick examples

# 1. Register your company
curl -X POST https://api.verified.tools/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Engineering",
    "slug": "acme-engineering",
    "domain": "acme.com.au",
    "country_code": "AU",
    "business_id_type": "ABN",
    "business_id_value": "51824753556",
    "admin_email": "admin@acme.com.au",
    "admin_password": "Str0ng!Password"
  }'

# 2. Upload a document (step-up token required)
curl -X POST https://api.verified.tools/api/v1/documents \
  -H "Authorization: Bearer <your-step-up-jwt>" \
  -H "Idempotency-Key: $(uuidgen)" \
  -F "file=@contract-v1.pdf"

# 3. Verify a document (public — no auth)
curl -H "Accept: application/json" \
  https://verified.tools/verify/<hmacId>
import { createReadStream } from 'fs';
import FormData from 'form-data';

// 1. Authenticate
const loginRes = await fetch('https://api.verified.tools/api/v1/auth/login', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ email: 'admin@acme.com.au', password: 'Str0ng!Password' }),
});
const { access_token } = await loginRes.json();

// 2. Step-up MFA (required for upload)
const mfaRes = await fetch('https://api.verified.tools/api/v1/auth/step-up', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${access_token}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ code: '123456' }), // TOTP from authenticator
});
const { access_token: stepUpToken } = await mfaRes.json();

// 3. Upload document
const form = new FormData();
form.append('file', createReadStream('./contract-v1.pdf'));

const uploadRes = await fetch('https://api.verified.tools/api/v1/documents', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${stepUpToken}`,
    'Idempotency-Key': crypto.randomUUID(),
    ...form.getHeaders(),
  },
  body: form,
});
const { document_id, verification_url } = await uploadRes.json();
console.log(`Verification URL: ${verification_url}`);
import requests, uuid

BASE = "https://api.verified.tools/api/v1"

# 1. Authenticate
r = requests.post(f"{BASE}/auth/login",
    json={"email": "admin@acme.com.au", "password": "Str0ng!Password"})
token = r.json()["access_token"]

# 2. Step-up MFA (required for upload)
r = requests.post(f"{BASE}/auth/step-up",
    headers={"Authorization": f"Bearer {token}"},
    json={"code": "123456"})  # TOTP from authenticator
step_up_token = r.json()["access_token"]

# 3. Upload document
with open("contract-v1.pdf", "rb") as f:
    r = requests.post(
        f"{BASE}/documents",
        headers={
            "Authorization": f"Bearer {step_up_token}",
            "Idempotency-Key": str(uuid.uuid4()),
        },
        files={"file": ("contract-v1.pdf", f, "application/pdf")},
    )

data = r.json()
print(f"Verification URL: {data['verification_url']}")
Loading API reference…