POST /v1/attest
The core endpoint. Appends a signed, indexed record to the authenticated company’s attestation chain. The record’s hash is computed over index | timestamp | canonicalize(payload) and signed with the company’s Ed25519 private key.
Requires authentication. Rate limit: 100 requests/minute per API key (see Rate Limits).
Request body
companyId is not accepted in the request body. It is derived authoritatively from the API key and embedded in the stored payload automatically. Passing it in the body (as the TypeScript SDK does for legacy reasons) is harmless — the server ignores it and uses the authenticated company.
Response 201 — AttestationRecord
DelegationInfo fields:
Error responses
Example — simple attestation
Example — attested action with delegation