How Invoance creates permanent, verifiable proof

Invoance anchors business records using the same cryptographic primitives that secure SSH keys, TLS connections, and digital currencies. Every record is hashed with SHA-256, signed with Ed25519, timestamped at ingestion, and written to append-only storage. The result is tamper-evident, independently verifiable, and permanent.

This page explains the technical mechanics behind every Invoance product. If you need to satisfy an auditor, regulator, or compliance review — this is what you share.

Cryptographic primitives

Every Invoance product uses the same five cryptographic primitives. These are structural guarantees — they hold regardless of which product you use, what plan you're on, or how you access the API.

SHA-256 hashing

Every payload — event, document, AI input, AI output — is hashed with SHA-256 before signing. Any alteration to the original data produces a completely different hash. This is the mathematical foundation of tamper detection.

Ed25519 signing

Every hash is signed with an Ed25519 key bound to your organization. The signature proves the record originated from your tenant and has not been altered. Ed25519 is the same algorithm used by SSH, Signal, and TLS 1.3.

Append-only storage

Records are written to an append-only Postgres database. This is enforced at the database level — not by application policy. No admin, no API, no override can delete or modify a record after ingestion.

Immutable timestamps

The timestamp is recorded at the moment Invoance receives the data and is included in the signed payload. It cannot be backdated, adjusted, or overwritten after the fact.

Public verification

Every record produces a public verification URL. Any third party — auditor, regulator, counterparty, court — can verify the record independently without an Invoance account or API key.

The anchoring flow

Regardless of which product you use, the anchoring flow follows the same four-stage process. The data model differs — the cryptographic mechanics are identical.

Submit

Send data to the Invoance API — an event payload, document hash, AI attestation bundle, or trace operation.

Hash

Invoance computes SHA-256 over the submitted data. For documents, you compute the hash locally — Invoance verifies it.

Sign

The hash is signed with your tenant's Ed25519 private key. The timestamp is included in the signed payload.

Write

The signed record is written to the append-only ledger. A public verification URL is generated. The record is now immutable.

SUBMIT → HASH (SHA-256) → SIGN (Ed25519) → WRITE (APPEND-ONLY)

How each product works

Each product applies the same cryptographic foundation to a different data model. Select a product to see the complete technical walkthrough — API calls, response schemas, verification flow, and compliance mapping.

Event Ledger

Full walkthrough

POST /v1/events

Send any business event — payment, approval, delivery, config change — and receive a permanent, cryptographically signed record in return.

Submit a structured event payload via REST API

Invoance computes SHA-256, signs with Ed25519, records ingestion timestamp

Receive event ID and timestamp — the record is now immutable

Retrieve or verify the record at any time via public URL

Document Anchoring

Full walkthrough

POST /v1/document/anchor

Hash any document locally, submit the hash. Invoance binds it to a timestamp and organizational identity — proving the document existed unchanged at that moment.

Compute SHA-256 of the document bytes locally

Submit the hash and a human-readable reference to the API

Invoance signs the anchor with Ed25519 and writes to the ledger

Anyone can verify the document's integrity via public URL — no account needed

AI Attestation

Full walkthrough

POST /v1/ai/attestations

Anchor AI inputs, outputs, and model metadata as tamper-evident records at the moment of generation — proving exactly what the model received and produced.

Generate AI output through your existing pipeline — nothing changes upstream

Submit input, output, and model metadata to the attestation endpoint

Invoance hashes input and output separately, signs the full bundle

Retrieve the attestation record with all hashes, signature, and public verification URL

Traces

Full walkthrough

POST /v1/traces

Group independently anchored events into a single sealed process proof. When complete, the trace is permanently closed with a composite cryptographic hash covering every event.

Create a named trace — a grouping container for related events

Anchor events to the trace via trace_id — each independently hashed and signed

Seal the trace — composite SHA-256 computed over all event hashes, Ed25519 signed

Export the proof bundle — JSON for machines, PDF for auditors, verifiable by anyone

How verification works

Every Invoance record can be independently verified — by anyone, without authentication, without contacting Invoance. Verification resolves against cryptography, not a server assertion.

Obtain the original data

The verifier needs the original document, event payload, or AI output — whatever was anchored.

Recompute the hash

Apply SHA-256 to the original data. Any standard cryptographic library produces the same result.

Compare against the anchored hash

If the recomputed hash matches the anchored hash, the data has not been altered since anchoring.

Verify the signature

Using the organization's public key and the Ed25519 signature, verify the record was issued by the stated organization.

Confirm the timestamp

The timestamp is part of the signed payload. If the signature verifies, the timestamp is authentic — it cannot have been altered independently.

Offline verification is possible. The public key, hash, and signature are all that's needed. No network request to Invoance is required. This is what "independently verifiable" means.

What Invoance proves and does not prove

Invoance proves

The data existed in its exact form at the anchored timestamp.

The data has not been altered since anchoring.

The record was issued by the stated organization.

The timestamp was recorded at ingestion and is immutable.

The record can be independently verified without trusting anyone.

Outside scope

—Whether the data is accurate, truthful, or legitimate.

—Legal validity or admissibility in any jurisdiction.

—That a specific person authored or approved the data.

—Anything that occurred before the data was anchored.

—The correctness of AI model outputs or decisions.

Invoance provides a technical integrity guarantee. It answers "has this changed?" and "who issued this?" — not "is this true?" Those are different questions requiring different tools.

See it in action

Pick a product and walk through the complete technical flow — from API call to cryptographic proof to public verification.

Event Ledger Document Anchoring AI Attestation Traces

API documentation Start for free

How Invoance creates permanent, verifiable proof

This page explains the technical mechanics behind every Invoance product. If you need to satisfy an auditor, regulator, or compliance review — this is what you share.

Cryptographic primitives

Every Invoance product uses the same five cryptographic primitives. These are structural guarantees — they hold regardless of which product you use, what plan you're on, or how you access the API.

SHA-256 hashing

Ed25519 signing

Append-only storage

Immutable timestamps

The timestamp is recorded at the moment Invoance receives the data and is included in the signed payload. It cannot be backdated, adjusted, or overwritten after the fact.

Public verification

Every record produces a public verification URL. Any third party — auditor, regulator, counterparty, court — can verify the record independently without an Invoance account or API key.

The anchoring flow

Regardless of which product you use, the anchoring flow follows the same four-stage process. The data model differs — the cryptographic mechanics are identical.

Submit

Send data to the Invoance API — an event payload, document hash, AI attestation bundle, or trace operation.

Hash

Invoance computes SHA-256 over the submitted data. For documents, you compute the hash locally — Invoance verifies it.

Sign

The hash is signed with your tenant's Ed25519 private key. The timestamp is included in the signed payload.

Write

The signed record is written to the append-only ledger. A public verification URL is generated. The record is now immutable.

SUBMIT → HASH (SHA-256) → SIGN (Ed25519) → WRITE (APPEND-ONLY)

How each product works

Event Ledger

Full walkthrough

POST /v1/events

Send any business event — payment, approval, delivery, config change — and receive a permanent, cryptographically signed record in return.

Submit a structured event payload via REST API

Invoance computes SHA-256, signs with Ed25519, records ingestion timestamp

Receive event ID and timestamp — the record is now immutable

Retrieve or verify the record at any time via public URL

Document Anchoring

Full walkthrough

POST /v1/document/anchor

Hash any document locally, submit the hash. Invoance binds it to a timestamp and organizational identity — proving the document existed unchanged at that moment.

Compute SHA-256 of the document bytes locally

Submit the hash and a human-readable reference to the API

Invoance signs the anchor with Ed25519 and writes to the ledger

Anyone can verify the document's integrity via public URL — no account needed

AI Attestation

Full walkthrough

POST /v1/ai/attestations

Anchor AI inputs, outputs, and model metadata as tamper-evident records at the moment of generation — proving exactly what the model received and produced.

Generate AI output through your existing pipeline — nothing changes upstream

Submit input, output, and model metadata to the attestation endpoint

Invoance hashes input and output separately, signs the full bundle

Retrieve the attestation record with all hashes, signature, and public verification URL

Traces

Full walkthrough

POST /v1/traces

Group independently anchored events into a single sealed process proof. When complete, the trace is permanently closed with a composite cryptographic hash covering every event.

Create a named trace — a grouping container for related events

Anchor events to the trace via trace_id — each independently hashed and signed

Seal the trace — composite SHA-256 computed over all event hashes, Ed25519 signed

Export the proof bundle — JSON for machines, PDF for auditors, verifiable by anyone

How verification works

Every Invoance record can be independently verified — by anyone, without authentication, without contacting Invoance. Verification resolves against cryptography, not a server assertion.

Obtain the original data

The verifier needs the original document, event payload, or AI output — whatever was anchored.

Recompute the hash

Apply SHA-256 to the original data. Any standard cryptographic library produces the same result.

Compare against the anchored hash

If the recomputed hash matches the anchored hash, the data has not been altered since anchoring.

Verify the signature

Using the organization's public key and the Ed25519 signature, verify the record was issued by the stated organization.

Confirm the timestamp

The timestamp is part of the signed payload. If the signature verifies, the timestamp is authentic — it cannot have been altered independently.

Offline verification is possible. The public key, hash, and signature are all that's needed. No network request to Invoance is required. This is what "independently verifiable" means.

What Invoance proves and does not prove

Invoance proves

The data existed in its exact form at the anchored timestamp.

The data has not been altered since anchoring.

The record was issued by the stated organization.

The timestamp was recorded at ingestion and is immutable.

The record can be independently verified without trusting anyone.

Outside scope

—Whether the data is accurate, truthful, or legitimate.

—Legal validity or admissibility in any jurisdiction.

—That a specific person authored or approved the data.

—Anything that occurred before the data was anchored.

—The correctness of AI model outputs or decisions.

Invoance provides a technical integrity guarantee. It answers "has this changed?" and "who issued this?" — not "is this true?" Those are different questions requiring different tools.

See it in action

Pick a product and walk through the complete technical flow — from API call to cryptographic proof to public verification.

Event Ledger Document Anchoring AI Attestation Traces

API documentation Start for free

How Invoance creates permanent, verifiable proof

Cryptographic primitives

The anchoring flow

How each product works

How verification works

What Invoance proves and does not prove

See it in action

How Invoance Creates Permanent, Verifiable Proof

How Invoance creates permanent, verifiable proof

Cryptographic primitives

The anchoring flow

How each product works

How verification works

What Invoance proves and does not prove

See it in action

How Invoance Creates Permanent, Verifiable Proof