InvoanceInvoance
Log inStart free
Developers
Search docs…⌘K
Getting started
OverviewConceptsAuthenticationCreate an API key
API reference
EndpointsErrors
Resources
EventsDocumentsAI AttestationsTraces
SDKs
PythonNode.jscURL
Verification
How it works
Support
API FAQ

Authentication

The Invoance API uses organization-scoped API keys to authenticate requests. Keys are hashed before storage, plaintext is never persisted after issuance.

API keys

All protected endpoints require a valid API key passed as a Bearer token. Keys are scoped to a single organization and grant access based on their assigned scope.

Authorization header
Authorization: Bearer invoance_live_XXXXXXXXXXXXXXXXXXXXXXXX

# Alternative header (both accepted, only one required)
X-API-Key: invoance_live_XXXXXXXXXXXXXXXXXXXXXXXX

Key format

invoance_live_XXXXXXXXXXXXXXXXXXXXXXXX
OpaqueKeys are randomly generated and contain no derivable information about the tenant or scope.
Hashed at restThe plaintext key is shown once at creation. Invoance stores only a secure hash, it cannot be recovered.
Non-transferableKeys are bound to a single organization. They cannot be used across tenants.
Immediately revocableRevoked keys are rejected on the next request with no propagation delay.

Scopes

Each API key is assigned one or more scopes at creation time. Requests using a key without the required scope are rejected with 403 Forbidden.

readRequired for all retrieval endpoints. Allows fetching ledger entries, attestations, and event records.
GET /v1/document/:idGET /v1/ai/attestations/:idGET /v1/events/:id
writeRequired for all ingestion endpoints. Allows anchoring documents, creating attestations, and recording events.
POST /v1/document/anchorPOST /v1/ai/attestationsPOST /v1/events

Enforcement

HTTPS onlyAll requests must be made over HTTPS. Plain HTTP is rejected immediately.
Org-scopedKeys are scoped to a single organization. Cross-tenant access is not possible.
Immediate revocationRevoked or inactive keys are rejected on the next request with no cache delay.
IP allowlistingOptional per-key IP allowlists can be configured from the dashboard.
Rate limitingAll API key requests are subject to per-plan rate limits. Exceeded limits return 429.

Unauthenticated endpoints

Public verification endpoints do not require an API key. These endpoints are read-only, rate-limited, and designed for independent third-party verification of anchored records.

# No authentication required
GET https://invoance.com/proof/event/{event_id}
GET https://invoance.com/proof/document/{event_id}
GET https://invoance.com/proof/ai/{attestation_id}
GET https://invoance.com/.well-known/invoance-platform-key

Related

Endpoints

Full API reference with request and response schemas.

Errors

HTTP status codes and error code reference.

Invoance

Neutral digital proof infrastructure for business. Tamper-evident, independently verifiable records.

Subscribe to our newsletter

Products
Platform
How It Works
Developers
Verify
Resources
Help & Legal
Products
  • Event Ledger
  • Document Anchoring
  • AI Attestation
  • Traces
Platform
  • Why Invoance
  • For Compliance Teams
  • For Finance Teams
  • Pricing
How It Works
  • Overview
  • Event Ledger
  • Document Anchoring
  • AI Attestation
Developers
  • Overview
  • Endpoints
  • Authentication
  • Concepts
Verify
  • Verify Document
  • Verify AI Attestation
  • Verify Event
  • Verify Trace
Resources
  • All Resources
  • SOC 2 Guide
  • HIPAA Guide
  • ISO 27001 Guide
Help & Legal
  • Support
  • Status
  • Verification Help
  • FAQ

Invoance provides technical verification and proof infrastructure for digital records. Invoance does not issue legal, financial, or regulatory advice.

Records anchored through Invoance are cryptographically signed and tamper-evident by design. Invoance does not verify the accuracy, legality, or authenticity of document contents, only that a record existed in a specific form at a specific time. Verification links are publicly resolvable and do not require authentication. Invoance does not act as a custodian of funds, a legal authority, or a regulated financial entity. Use of Invoance does not constitute legal compliance. Consult qualified counsel for your specific obligations.

© 2025 – 2026 Invoance, Inc. All rights reserved.••