InvoanceInvoance
Log inStart free
Developers
Search docs…⌘K
Getting started
OverviewConceptsAuthenticationCreate an API key
API reference
EndpointsErrors
Audit Logs
Quick startEvent schemaExporting eventsSDK reference
AI Attestations
Quick startAttestation schemaVerification & proofSDK reference
Events
OverviewSDK reference
Documents
OverviewSDK reference
Traces
OverviewSDK reference
SDKs
PythonNode.jsGoJavaRubyRust.NETPHPcURL
Verification
How it works
Support
API FAQ

Events API

Record any business event in an append-only ledger. Each event is canonicalized, hashed, and signed with your tenant's Ed25519 key at ingestion, then appended to an immutable ledger you can verify at any time.

All endpoints require API key authentication via the Authorization: Bearer header. Events are immutable, they cannot be modified or deleted once ingested.

Overview

A compliance event captures who did what, when, and under what authority. When you POST an event, Invoance canonicalizes the payload, computes a SHA-256 payload_hash, signs it with your per-tenant key, and appends the record to the ledger. Nothing about the record can change afterwards, the audit tables reject updates and deletes at the database level.

POST /events (ingest) → GET /events/:id (retrieve) → POST /events/:id/verify (prove)

The event_id is server-generated. Ingestion is idempotent, submit the same event with an Idempotency-Key and the ledger returns the original record instead of creating a duplicate. Pass an optional trace_id to group an event into a sealed trace bundle.

Endpoints

POST/events
Ingest event

Records any business event in the append-only ledger, who did what, when, and under what authority. Immutable, timestamped, and cryptographically signed at ingestion. Retained according to the specified policy.

event_type is required. payload is arbitrary JSON. Pass an optional trace_id to attach the event to a trace, and an Idempotency-Key header to make retries safe.

Request
POST /events
Authorization: Bearer invoance_live_xxx
Idempotency-Key: policy-8472-approval
Content-Type: application/json

{
  "event_type":      "policy.approval",
  "event_time":      "2026-02-07T12:00:00Z",
  "payload": {
    "policy_id":     "pol_8472",
    "approved_by":   "risk_committee",
    "decision":      "approved"
  }
}
Response
{
  "event_id":   "evt_01HX…",
  "ingested_at":"2026-02-07T12:04:11Z"
}
GET/events
List events

Returns a paginated list of ledger events for the authenticated tenant. Supports filtering by date range and event type. Maximum 500 results per page, cached for 30 seconds.

Query params: page (default 1), limit (default 50, max 500), event_type, plus optional date-range filters.

Request
GET /events?page=1&limit=50&event_type=policy.approval
Authorization: Bearer invoance_live_xxx
Response
{
  "events": [
    {
      "event_id":        "evt_01HX…",
      "event_type":      "policy.approval",
      "payload_hash":    "a3f2b1c9d4e8f7…",
      "event_hash":      "f8a1c3d2e5b9f4…",
      "retention_policy":"regulatory",
      "ingested_at":     "2026-02-07T12:04:11Z",
      "event_time":      "2026-02-07T12:00:00Z"
    }
  ],
  "page":     1,
  "limit":    50,
  "total":    312,
  "has_more": true
}
GET/events/:event_id
Retrieve event

Returns an immutable event record including the full payload and all cryptographic hashes. Read-only. Requires the read scope. Records are append-only and cannot be modified or deleted.

Request
GET /events/evt_01HX…
Authorization: Bearer invoance_live_xxx
Response
{
  "event_id":        "evt_01HX…",
  "tenant_id":       "org_01…",
  "event_type":      "policy.approval",
  "payload": {
    "policy_id":     "pol_8472",
    "approved_by":   "risk_committee",
    "decision":      "approved"
  },
  "event_time":      "2026-02-07T12:00:00Z",
  "retention_policy":"regulatory",
  "access_tier":     "active",
  "api_key_id":      "key_01…",
  "user_id":         null,
  "ingested_at":     "2026-02-07T12:04:11Z",
  "payload_hash":    "a3f2b1c9d4e8f7…",
  "request_hash":    "c7d4e9a1b2f3c8…",
  "event_hash":      "f8a1c3d2e5b9f4…",
  "idempotency_key": null
}
POST/events/:event_id/verify
Verify event hash

Compares a submitted hash or raw payload against the anchored event hashes. You can submit either a pre-computed payload_hash or the raw payload object, the server will canonicalize and hash it for you.

Request
POST /events/evt_01HX…/verify
Authorization: Bearer invoance_live_xxx
Content-Type: application/json

{
  "payload_hash": "a3f2b1c9d4e8f7…"
}
Response
{
  "event_id":       "evt_01HX…",
  "match_result":   true,
  "matched_field":  "payload_hash",
  "anchored_hash":  "a3f2b1c9d4e8f7…",
  "submitted_hash": "a3f2b1c9d4e8f7…",
  "anchored_at":    "2026-02-07T12:04:11Z",
  "method":         "hash"
}

SDK reference

Every official SDK exposes the events namespace under client.events — typed methods for ingest, get, list, and verify, in all eight languages.

View the Events SDK reference

Verification

Every event carries a SHA-256 payload_hash and an Ed25519 signature over its canonical bytes. To prove an event has not changed, hash your copy of the payload and compare, either by POSTing to /v1/events/:id/verify (the server canonicalizes and compares for you) or by validating the signature offline against your tenant's published public key.

Verification is trust-minimizing: the signature check needs no trust in the server's answer, and the public key is retrievable independently. See the full verification guide for the canonicalization rules and offline signature checks.

Verification guide

Canonicalization rules, hash comparison, and offline Ed25519 signature validation.

SDK reference

client.events.ingest(), .get(), .list(), .verify(), Python, Node.js, Go, Java, Ruby, Rust, .NET, PHP, cURL.

Invoance

Neutral digital proof infrastructure for business. Tamper-evident, independently verifiable records.

Subscribe to our newsletter

Products
Platform
How It Works
Developers
Verify
Resources
Help & Legal
Products
  • Event Ledger
  • Document Anchoring
  • AI Attestation
  • Audit Logs
Platform
  • Why Invoance
  • For Compliance Teams
  • For Finance Teams
  • Pricing
How It Works
  • Overview
  • Event Ledger
  • Document Anchoring
  • AI Attestation
Developers
  • Overview
  • Endpoints
  • Authentication
  • Concepts
Verify
  • Verify Document
  • Verify AI Attestation
  • Verify Event
  • Verify Trace
Resources
  • All Resources
  • SOC 2 Guide
  • HIPAA Guide
  • ISO 27001 Guide
Help & Legal
  • Support
  • Status
  • Verification Help
  • FAQ

Invoance provides technical verification and proof infrastructure for digital records. Invoance does not issue legal, financial, or regulatory advice.

Records anchored through Invoance are cryptographically signed and tamper-evident by design. Invoance does not verify the accuracy, legality, or authenticity of document contents, only that a record existed in a specific form at a specific time. Verification links are publicly resolvable and do not require authentication. Invoance does not act as a custodian of funds, a legal authority, or a regulated financial entity. Use of Invoance does not constitute legal compliance. Consult qualified counsel for your specific obligations.

© 2025 – 2026 Invoance, Inc. All rights reserved.••