API Reference
The ProofLedger API lets integrators submit SHA-256 hashes for dual-chain anchoring (Polygon and Bitcoin), retrieve proof status, and verify proofs independently. Authentication-required endpoints are reserved for the BUSINESS plan; a public, no-auth verify endpoint is available to any third party who needs to confirm a proof.
1. Overview
All requests are made against https://proofledger.io. All responses are JSON, UTF-8 encoded. The API is versioned under /api/v1/; breaking changes will ship under a new version prefix.
The v1 API exposes three endpoints:
| Method | Path | Purpose | Auth |
|---|---|---|---|
| POST | /api/v1/proof |
Submit a SHA-256 hash for anchoring | BUSINESS key |
| GET | /api/v1/proof/:id |
Retrieve proof status and anchor details | BUSINESS key |
| GET | /api/v1/verify |
Verify any proof by SHA-256 hash | Public |
The API is intended for integrations where evidence is produced at scale — claims-intake systems, forensic pipelines, inspection apps, CMS watermarking hooks. For occasional single-file work, the web dashboard at dashboard.html is usually simpler.
2. Authentication & Access
a. API keys are BUSINESS-tier only
Proof submission and retrieval require an API key. Keys are issued from the Account page, and are only available to accounts on the BUSINESS plan. Free, Creator, Pro, and pay-as-you-go accounts cannot generate keys.
Upgrade at pricing.html or contact support@proofledger.io for enterprise volumes.
b. Creating a key
- Sign in to your account.
- Scroll to the API Keys section.
- Enter a label (e.g. “Claims Intake”) and click Create Key.
- Copy the key immediately — it is shown once and cannot be retrieved later.
Keys look like sk_ab12cd34_.... Store them as you would any secret: environment variable, secrets manager, or vault. Never commit keys to source control and never send them in query strings.
c. Sending the key
Pass the key as a Bearer token in the Authorization header:
Authorization: Bearer sk_ab12cd34_yourLongSecretHere
d. Revoking a key
Keys can be revoked at any time from the Account page. Revoked keys stop authenticating within a few seconds. If a key is compromised, revoke it immediately and issue a new one — past proofs remain valid regardless.
3. Submit a Proof
POST /api/v1/proof
Submit a SHA-256 hex digest for anchoring. Returns immediately with a proof ID; chain confirmation happens asynchronously.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
sha256 | string | yes | 64-character SHA-256 hex digest (lowercase or uppercase). |
filename | string | no | Optional label (≤500 chars). Helps identify the proof in your dashboard. |
bitcoin_requested | boolean | no | If true, queue for Bitcoin anchoring (daily Merkle batch). Consumes one BUSINESS-tier Bitcoin anchor credit (100/month included). |
Example request
# 1. Hash the file locally — never send the file itself. sha256sum site-inspection.pdf # a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2 # 2. Submit the hash. curl -X POST https://proofledger.io/api/v1/proof \ -H "Authorization: Bearer sk_YOUR_KEY_HERE" \ -H "Content-Type: application/json" \ -d '{ "sha256": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2", "filename": "site-inspection.pdf", "bitcoin_requested": true }'
Example response (201 Created)
{
"id": 42,
"sha256": "a1b2c3d4...f0a1b2",
"filename": "site-inspection.pdf",
"status": "approved",
"created_at": "2026-04-21T14:22:03.000Z",
"bitcoin_requested": true,
"btc_payment_status": "INCLUDED",
"duplicate_of": null,
"certificate_url": "/cert/42",
"verification_url": "/verify.html?hash=a1b2c3d4...f0a1b2"
}
The proof is accepted and queued for on-chain anchoring. Poll GET /api/v1/proof/:id or call the public verify endpoint to see the Polygon tx hash appear (typically under a minute) and Bitcoin txid appear (daily batched anchor).
duplicate_of pointer to the earliest known record. This is the expected behavior for evidence use cases where the first anchor time is the legally significant one.
4. Retrieve a Proof
GET /api/v1/proof/{id}
Returns the proof's full anchor state, including blockchain transaction hashes and public explorer URLs. Callers can only retrieve proofs they own.
Example request
curl https://proofledger.io/api/v1/proof/42 \
-H "Authorization: Bearer sk_YOUR_KEY_HERE"
Example response
{
"id": 42,
"sha256": "a1b2c3d4...f0a1b2",
"filename": "site-inspection.pdf",
"status": "approved",
"polygon_status": "anchored",
"bitcoin_status": "pending",
"evidence_readiness": "polygon-anchored",
"created_at": "2026-04-21T14:22:03.000Z",
"chain_tx": "0xabc123...",
"chain_name": "polygon-mainnet",
"bitcoin_txid": null,
"bitcoin_anchor_status": "PENDING",
"btc_merkle_root": null,
"btc_payment_status": "INCLUDED",
"public_cert_id": "pl_42_abc",
"certificate_url": "/cert/42",
"explorer_url": "https://polygonscan.com/tx/0xabc123...",
"bitcoin_explorer_url": null
}
Status lifecycle
Immediately after submission, polygon_status is pending and chain_tx is null. The signer service picks up the job within ~30 seconds and broadcasts the transaction; once confirmed on-chain, polygon_status becomes anchored and chain_tx is populated. Bitcoin anchors follow a daily batch cycle, so bitcoin_status may remain pending for up to 24 hours even after payment.
5. Verify a Proof (Public)
GET /api/v1/verify?hash=<sha256>
Public, no-auth endpoint. Returns whether a proof exists for a given hash. Designed for opposing counsel, auditors, expert witnesses, and any third party independently corroborating a ProofLedger record.
Example request
curl "https://proofledger.io/api/v1/verify?hash=a1b2c3d4...f0a1b2"
Example response (found)
{
"found": true,
"proof": {
"id": 42,
"sha256": "a1b2c3d4...f0a1b2",
"filename": "site-inspection.pdf",
"created_at": "2026-04-21T14:22:03.000Z",
"status": "approved",
"polygon_status": "anchored",
"bitcoin_status": "anchored",
"chain_tx": "0xabc123...",
"bitcoin_txid": "def456...",
"public_cert_id": "pl_42_abc",
"user_email": "a***@example.com"
},
"certificate_url": "/cert/42",
"verification_url": "https://proofledger.io/verify.html?hash=...",
"explorer_url": "https://polygonscan.com/tx/0xabc123...",
"bitcoin_explorer_url": "https://blockstream.info/tx/def456..."
}
Example response (not found)
{
"found": false,
"sha256": "a1b2c3d4...f0a1b2"
}
a***@example.com) so a verifier can corroborate ownership in an evidence context without leaking the full address. The full email is never exposed through the public verify endpoint.
6. Rate Limits & Quotas
| Endpoint | Scope | Limit | Window |
|---|---|---|---|
POST /api/v1/proof | Per account | 5,000 | Per calendar month (BUSINESS default) |
POST /api/v1/proof (bitcoin_requested) | Per account | 100 | Per calendar month included; beyond that, btc_payment_status returns REQUIRED |
GET /api/v1/proof/:id | — | Uncapped for legitimate use | — |
GET /api/v1/verify | Per IP | 120 | Per hour (rolling) |
Higher monthly caps are available on request — contact support@proofledger.io with your expected volume and use case.
7. Error Codes
All errors return a JSON body of the form {"error": "..."} with a human-readable message. Use the HTTP status code for programmatic decisions.
| Status | Meaning | Typical cause |
|---|---|---|
400 | Bad Request | Missing or malformed sha256; invalid proof ID. |
401 | Unauthorized | API key missing, malformed, or does not match a known key. |
403 | Forbidden | Key belongs to a non-BUSINESS account, or account is disabled. |
404 | Not Found | Proof ID does not exist or is not owned by the authenticated account. |
429 | Too Many Requests | Monthly proof cap reached (POST /proof) or hourly IP rate limit tripped (GET /verify). |
500 | Server Error | Transient server fault. Retry with exponential backoff. |
8. Independent Verification
In addition to the REST API, every ProofLedger proof can be verified entirely offline — without contacting ProofLedger's servers — using the verify-proof Python package.
pip install verify-proof # Hash a file: verify-proof hash ./evidence.pdf # Verify against a proof JSON downloaded from ProofLedger: verify-proof verify ./evidence.pdf --proof ./proof.json
This is the recommended path for court-submission workflows: a party challenging admissibility can run verify-proof on their own machine against the public blockchain record, independently of whether ProofLedger is online. Source: github.com/Fulcrum-Enterprises/verify-proof.
Ready to integrate?
BUSINESS plan includes 5,000 proofs/month, 100 Bitcoin anchors, and API access.
9. Support
For API questions, integration help, or to request a higher rate limit, contact:
ProofLedger LLC
support@proofledger.io
OpenAPI spec: /openapi.json · Related: Security & Hashing, Evidence Authentication, Evidence Policy