InvoanceInvoance
Log inStart free
Developers
Search docs…⌘K
Getting started
OverviewConceptsAuthenticationCreate an API key
API reference
EndpointsErrors
Audit Logs
Quick startIntegrationsEvent schemaExporting eventsSDK reference
AI Attestations
Quick startAttestation schemaVerification & proofSDK reference
Events
OverviewSDK reference
Documents
OverviewSDK reference
Traces
OverviewSDK reference
SDKs
PythonNode.jsGoJavaRubyRust.NETPHPcURL
Verification
How it works
Support
API FAQ
Developers·Endpoints·AI Attestations

AI Attestations

Eight endpoints for signing AI inputs and outputs into immutable attestations, verifying hashes, and serving public proof records and tenant signing keys.

POST/ai/attestationsCreate AI attestation

Submits the raw AI input and output text. Invoance computes SHA-256 hashes, signs the canonical payload with Ed25519 using your tenant key, and writes an immutable attestation record. Optionally pass trace_id to attach the attestation to an open trace. Duplicate content returns the existing attestation with status 'duplicate'.

POST /ai/attestations
Authorization: Bearer invoance_live_xxx
Idempotency-Key: <uuid>
Content-Type: application/json

{
  "type": "output",
  "payload": {
    "input": "What is the company refund policy?",
    "output": "Our refund policy allows returns within 30 days..."
  },
  "context": {
    "model_provider": "openai",
    "model_name": "gpt-4.1",
    "model_version": "2026-01-01"
  },
  "subject": {
    "user_id": "user_7b1c",
    "session_id": "sess_4f9a"
  },
  "trace_id": "9549c332-…"  // optional, attach to a trace
}
GET/ai/attestationsList attestations

Returns a paginated list of attestation records. Supports filtering by date range, attestation type, and model provider. Maximum 500 results per page, cached for 30 seconds.

GET /ai/attestations?page=1&limit=50&attestation_type=output&model_provider=openai
Authorization: Bearer invoance_live_xxx
GET/ai/attestations/:attestation_idRetrieve AI attestation

Retrieves an immutable AI attestation record including cryptographic proof metadata, the signed payload, and Ed25519 signature. Read-only. Requires the read scope.

GET /ai/attestations/9549c332-a52b-…
Authorization: Bearer invoance_live_xxx
GET/ai/attestations/:attestation_id/rawRetrieve raw canonical payload

Returns the original canonical JSON payload that was hashed and signed at ingestion time. This is the exact content stored in object storage. Cached server-side for 5 minutes. Useful for independent hash verification.

GET /ai/attestations/9549c332-a52b-…/raw
Authorization: Bearer invoance_live_xxx
POST/ai/attestations/:attestation_id/verifyVerify attestation hash

Compares a submitted SHA-256 hash against the anchored attestation hashes (input_hash, output_hash, payload_hash). Returns whether any hash matches and which field matched.

POST /ai/attestations/9549c332-a52b-…/verify
Authorization: Bearer invoance_live_xxx
Content-Type: application/json

{
  "content_hash": "8c74176675eed4e2ff88bc0182af…"
}
GET/proof/ai/:attestation_idPublic proof record

Public, no authentication required. Returns the attestation record and the issuing organization's identity, the same data backing the hosted proof page, so auditors can inspect an attestation without an Invoance account. The public_key is served from the tenant's write-once registered signing key, not from the attestation row. IP rate limited to 2 requests/second and 10 requests/minute. Returns 404 ai_attestation_not_found if the attestation does not exist.

GET /proof/ai/9549c332-a52b-…
Content-Type: application/json
POST/proof/ai/:attestation_id/verifyPublic verify (hash + signature)

Public, no authentication and no quota. Compares a submitted SHA-256 hash (64 hex characters, case-insensitive) against the anchored payload_hash, input_hash, and output_hash, and additionally verifies the Ed25519 signature over the signed payload against the tenant's registered public key. IP rate limited to 2 requests/second and 10 requests/minute. Returns 400 invalid_hash for a malformed hash, 404 ai_attestation_not_found if the attestation does not exist.

POST /proof/ai/9549c332-a52b-…/verify
Content-Type: application/json

{
  "content_hash": "8c74176675eed4e2ff88bc0182af…"
}
GET/keys/:domainPublic tenant signing key

Public, no authentication required. Resolves a verified organization domain to its Ed25519 signing public key for independent signature verification. Served at the API root (https://api.invoance.com/keys/{domain}), not under /v1. The public_key is base64url-encoded without padding, a different encoding from the hex used on the proof endpoints. IP rate limited to 5 requests/second and 200 requests/minute. All failures return 404 with a disambiguating error code: domain_not_found, domain_not_verified, or keys_not_yet_provisioned.

GET https://api.invoance.com/keys/acme.com
Content-Type: application/json
Invoance

Neutral digital proof infrastructure for business. Tamper-evident, independently verifiable records.

Subscribe to our newsletter

Products
Platform
How It Works
Developers
Verify
Resources
Help & Legal
Products
  • Event Ledger
  • Document Anchoring
  • AI Attestation
  • Audit Logs
Platform
  • Why Invoance
  • For Compliance Teams
  • For Finance Teams
  • Pricing
How It Works
  • Overview
  • Event Ledger
  • Document Anchoring
  • AI Attestation
Developers
  • Overview
  • Endpoints
  • Authentication
  • Concepts
Verify
  • Verify Document
  • Verify AI Attestation
  • Verify Event
  • Verify Trace
Resources
  • All Resources
  • SOC 2 Guide
  • HIPAA Guide
  • ISO 27001 Guide
Help & Legal
  • Support
  • Status
  • Verification Help
  • FAQ

Invoance provides technical verification and proof infrastructure for digital records. Invoance does not issue legal, financial, or regulatory advice.

Records anchored through Invoance are cryptographically signed and tamper-evident by design. Invoance does not verify the accuracy, legality, or authenticity of document contents, only that a record existed in a specific form at a specific time. Verification links are publicly resolvable and do not require authentication. Invoance does not act as a custodian of funds, a legal authority, or a regulated financial entity. Use of Invoance does not constitute legal compliance. Consult qualified counsel for your specific obligations.

© 2025 – 2026 Invoance, Inc. All rights reserved.••