InvoanceInvoance
Log inStart free
Developers
Search docs…⌘K
Getting started
OverviewConceptsAuthenticationCreate an API key
API reference
EndpointsErrors
Audit Logs
Quick startEvent schemaExporting eventsSDK reference
AI Attestations
Quick startAttestation schemaVerification & proofSDK reference
Events
OverviewSDK reference
Documents
OverviewSDK reference
Traces
OverviewSDK reference
SDKs
PythonNode.jsGoJavaRubyRust.NETPHPcURL
Verification
How it works
Support
API FAQ

Documents API

Anchor any document to the append-only ledger by its SHA-256 hash. Invoance signs a canonical payload with your tenant's private key and returns a verifiable proof. Optionally store the original bytes (encrypted) for later retrieval, and verify a document's integrity at any time.

All endpoints require API key authentication via the x-api-key header. Anchoring a document counts against your existing quota.

Overview

sha256(document) → POST /document/anchor → GET /document/:id → POST /document/:id/verify

You anchor a document by submitting its SHA-256 hash. The document itself never has to leave your infrastructure, only the hash is required. If you want Invoance to keep a copy for later retrieval, pass the original bytes (base64) and they are stored encrypted. Anchoring the same hash again returns 409 Conflict with the existing event details.

To prove a document is unchanged later, hash it again and compare against the anchored hash, either via the verify endpoint or against the public proof page. A matching hash is cryptographic proof the bytes are identical to what was anchored.

Endpoints

POST/document/anchor
Anchor a document

Anchors a document hash into the append-only ledger. The server signs a canonical payload using the tenant's private key and returns a verifiable proof. Optionally pass trace_id to attach the document to an open trace. If the same document hash is anchored again, the API returns 409 Conflict with the existing event details.

To store the original for later download, add original_bytes_b64 (base64 of the file). Without it, only the hash is anchored.

Request
POST /document/anchor
Authorization: Bearer invoance_live_xxx
Idempotency-Key: <uuid>
Content-Type: application/json

{
  "document_hash": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3…",
  "document_ref":  "Invoice #1042",
  "event_type":    "invoice",
  "metadata":      { "department": "finance" },
  "trace_id":      "9549c332-…"  // optional, attach to a trace
}
Response
{
  "event_id":      "9549c332-a52b-4202-8298-ddbf975ab0d5",
  "created_at":    "2026-02-07T12:04:11Z",
  "document_hash": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3…",
  "status":        "accepted"
}
GET/document
List documents

Returns a paginated list of document events for the authenticated tenant. Supports filtering by date range and document reference. Maximum 500 results per page, cached for 30 seconds.

Request
GET /document?page=1&limit=50&date_from=2026-01-01&document_ref=Invoice
Authorization: Bearer invoance_live_xxx
Response
{
  "documents": [
    {
      "event_id":      "9549c332-a52b-…",
      "document_ref":  "Invoice #1042",
      "document_hash": "a94a8f…",
      "event_type":    "invoice",
      "has_original":  true,
      "created_at":    "2026-02-07T12:04:11Z"
    }
  ],
  "page":     1,
  "limit":    50,
  "total":    142,
  "has_more": true
}
GET/document/:event_id
Retrieve a document event

Retrieves an immutable ledger record including cryptographic signatures and metadata. Read-only. Requires the read scope.

Request
GET /document/9549c332-a52b-…
Authorization: Bearer invoance_live_xxx
Response
{
  "event_id":          "9549c332-a52b-…",
  "tenant_id":         "org_01…",
  "document_ref":      "Invoice #1042",
  "document_hash":     "a94a8f…",
  "signature_b64":     "…",
  "signed_payload_b64":"…",
  "public_key_b64":    "…",
  "has_original":      true,
  "metadata":          { "department": "finance" },
  "created_at":        "2026-02-07T12:04:11Z"
}
GET/document/:event_id/original
Download original document

Returns the original document file as raw bytes. Only available if the document was anchored with original_bytes_b64. Response is application/octet-stream. Cached server-side for 5 minutes.

Returns 404 if the document was anchored hash-only (no original stored).

Request
GET /document/9549c332-a52b-…/original
Authorization: Bearer invoance_live_xxx
Accept: application/octet-stream
Response
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Disposition: inline

<raw document bytes>
POST/document/:event_id/verify
Verify document hash

Compares a submitted SHA-256 hash against the anchored document hash. Returns whether the hash matches. No authentication is required for public proof verification, but this API-scoped endpoint requires a valid key.

Request
POST /document/9549c332-a52b-…/verify
Authorization: Bearer invoance_live_xxx
Content-Type: application/json

{
  "document_hash": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3…"
}
Response
{
  "event_id":       "9549c332-a52b-…",
  "match_result":   true,
  "document_ref":   "Invoice #1042",
  "anchored_hash":  "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3…",
  "submitted_hash": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3…",
  "anchored_at":    "2026-02-07T12:04:11Z"
}

SDK reference

Every official SDK exposes the documents namespace under client.documents — anchor, list, get, download the original, and verify, in all eight languages.

View the Documents SDK reference

Verification

To prove a document is unaltered, re-compute its SHA-256 hash and compare it against the anchored hash. A match is cryptographic proof the bytes are byte-for-byte identical to what was anchored, and the Ed25519 signature on the ledger record proves it was signed by your tenant key at the recorded time. Use POST /document/:id/verify for an API-scoped check, or the public proof page for anyone to verify without an API key.

Verification never requires the original bytes, only the hash. You can verify a document you anchored hash-only just as easily as one whose original Invoance stored.

Verification

How to verify document hashes and Ed25519 signatures, via the API or the public proof page.

SDK reference

client.documents.anchor(), .anchorFile(), .list(), .get(), .getOriginal(), .verify(), Python, Node.js, Go, Java, Ruby, Rust, .NET, PHP, cURL.

Invoance

Neutral digital proof infrastructure for business. Tamper-evident, independently verifiable records.

Subscribe to our newsletter

Products
Platform
How It Works
Developers
Verify
Resources
Help & Legal
Products
  • Event Ledger
  • Document Anchoring
  • AI Attestation
  • Audit Logs
Platform
  • Why Invoance
  • For Compliance Teams
  • For Finance Teams
  • Pricing
How It Works
  • Overview
  • Event Ledger
  • Document Anchoring
  • AI Attestation
Developers
  • Overview
  • Endpoints
  • Authentication
  • Concepts
Verify
  • Verify Document
  • Verify AI Attestation
  • Verify Event
  • Verify Trace
Resources
  • All Resources
  • SOC 2 Guide
  • HIPAA Guide
  • ISO 27001 Guide
Help & Legal
  • Support
  • Status
  • Verification Help
  • FAQ

Invoance provides technical verification and proof infrastructure for digital records. Invoance does not issue legal, financial, or regulatory advice.

Records anchored through Invoance are cryptographically signed and tamper-evident by design. Invoance does not verify the accuracy, legality, or authenticity of document contents, only that a record existed in a specific form at a specific time. Verification links are publicly resolvable and do not require authentication. Invoance does not act as a custodian of funds, a legal authority, or a regulated financial entity. Use of Invoance does not constitute legal compliance. Consult qualified counsel for your specific obligations.

© 2025 – 2026 Invoance, Inc. All rights reserved.••