Skip to main content

POST /v1/attest

The core endpoint. Appends a signed, indexed record to the authenticated company’s attestation chain. The record’s hash is computed over index | timestamp | canonicalize(payload) and signed with the company’s Ed25519 private key. Requires authentication. Rate limit: 100 requests/minute per API key (see Rate Limits).

Request body

companyId is not accepted in the request body. It is derived authoritatively from the API key and embedded in the stored payload automatically. Passing it in the body (as the TypeScript SDK does for legacy reasons) is harmless — the server ignores it and uses the authenticated company.

Response 201AttestationRecord

DelegationInfo fields:

Error responses

Example — simple attestation

Example — attested action with delegation