InvoanceInvoance
Log inGet access
Document Anchoring
How it worksDocument Anchoring

How Document Anchoring creates tamper-evident proof

Document Anchoring binds a document's SHA-256 hash to a timestamp and organizational identity — proving the document existed in its exact form at a specific moment. The document itself never leaves your infrastructure.

View developer docsProduct overview

Key principle: your document never leaves your infrastructure

You hash the document locally. Only the hash is submitted. Invoance never sees, stores, or processes the original document. This is a fundamental privacy guarantee — the proof is entirely hash-based. Your documents remain in your control while you gain cryptographic integrity verification.

$ sha256sum contract.pdf
e3b0c44298fc1c149afbf4c8996fb924...

Any cryptographic hash function produces a deterministic 256-bit fingerprint. Invoance operates entirely on hashes. The original document is never transmitted, stored, or analyzed by Invoance systems.

What you send

When anchoring a document, you submit the locally computed hash alongside optional context. The API endpoint accepts minimal required fields plus arbitrary metadata.

POST /v1/document/anchor
{
  "hash": "e3b0c44298fc1c149afbf4c8996fb924...",
  "filename": "contract-v3-final.pdf",
  "reference": "Master Services Agreement — Acme Corp",
  "metadata": {
    "department": "legal",
    "version": "3.0",
    "signers": ["alice@acme.com", "bob@partner.com"]
  }
}
hash

Your locally computed SHA-256 hash. This is the fingerprint of your document bytes.

filename

Human-readable identifier for reference. Helps you locate the anchor record later.

reference

Human-readable label describing the document. E.g., contract name, invoice number, or document title.

metadata

Arbitrary JSON context. Department, version, signers, cost center — any data you want associated with the anchor.

What happens on ingestion

When you submit a hash, Invoance executes a deterministic flow: receive, validate, deduplicate, sign, store, and confirm. Each step is atomic and immutable.

1
Hash received, timestamp recorded
Ingestion timestamp is captured in UTC to microsecond precision. This timestamp becomes part of the signed payload.
2
Duplicate detection
Query the ledger for this exact hash under your tenant. If found, 409 Conflict is returned with original anchor details. Prevents accidental double-anchoring.
3
Ed25519 signature created
Payload (hash + timestamp + metadata) is signed with your tenant's Ed25519 private key. Signature proves organizational attribution and integrity.
4
Record written to append-only storage
Signed record written once to Postgres. No updates, no deletes. Append-only guarantees immutability and produces an audit trail.
5
Public verification URL generated
Unique URL is created for independent verification. Any third party can verify the anchor without authentication.

What you receive

The API response confirms the anchor with all required fields for future verification and audit purposes.

200 OK
{
  "id": "doc_x7y8z9a0",
  "hash": "e3b0c44298fc1c149afbf4c8996fb924...",
  "filename": "contract-v3-final.pdf",
  "signature": "a1b2c3d4e5f6...",
  "timestamp": "2025-03-15T14:32:07.123456Z",
  "verification_url": "https://www.invoance.com/proof/document/doc_x7y8z9a0",
  "status": "anchored"
}
id

Unique anchor identifier. Use this to reference the anchor in your systems.

hash

Echo of your submitted hash. Confirms the hash Invoance anchored.

signature

Ed25519 signature over hash + timestamp. Verifier uses your tenant's public key to confirm authenticity.

timestamp

ISO 8601 timestamp of ingestion. Proof that the document existed at this exact moment.

verification_url

Public URL for third-party verification. No authentication required. Verifier can independently confirm integrity.

How verification works

Verification is straightforward: compute the hash of your original document and compare against the anchored hash. If they match, the document has not been altered since anchoring.

1
Obtain the original document
You have the file on disk. No Invoance access or credentials required.
2
Compute SHA-256 locally
Hash the document bytes. Any standard cryptographic library produces the same result deterministically.
3
Fetch the anchored record
GET the public verification URL. Invoance returns hash, signature, timestamp, and public key.
4
Compare hashes
If your computed hash matches the anchored hash, the document has not changed. If different, the document was altered.
5
Verify Ed25519 signature (optional)
Use the tenant's public key to verify the signature. Confirms organizational attribution and record integrity.
The verifier needs the original document and the verification URL — nothing else. No API keys, no authentication, no Invoance account. The proof is self-contained.

Duplicate detection

If a document with the same hash is submitted again for the same tenant, Invoance returns a 409 Conflict. This prevents accidental double-anchoring and enforces uniqueness of document proofs.

409Conflict — document already anchored
{
  "error": "document_already_anchored",
  "message": "This document hash was already anchored.",
  "id": "doc_x7y8z9a0",
  "timestamp": "2025-01-10T09:14:22.456789Z",
  "verification_url": "https://www.invoance.com/proof/document/doc_x7y8z9a0"
}

Why duplicate detection matters:

Prevents double-anchoring: You cannot accidentally anchor the same document twice.
Preserves original timestamp: You cannot re-anchor to obtain a newer timestamp.
Compliance safeguard: Prevents backdating and ensures the first anchor timestamp is the canonical proof of existence.

Compliance mapping

Document anchoring provides cryptographic integrity controls that address requirements across regulatory frameworks and audit standards.

SOC 2
CC6.1, CC6.6

Logical access controls and system integrity verification. Anchoring provides immutable, independently verifiable proof of document integrity.

HIPAA
§164.312(c)(1)

Access controls and audit logging for electronic records. Anchoring timestamps and cryptographically proves document integrity with audit trail.

ISO 27001
A.12.4.1, A.18.1.3

Event logging and protection of records. Append-only storage produces immutable audit trail; Ed25519 signatures prove non-repudiation.

GDPR
Art. 5(1)(f)

Integrity and confidentiality. Hash-based approach ensures data minimization — only the hash is submitted. Original document remains under your control.

eIDAS / Advanced Electronic Signature
Reg. (EU) 910/2014

Invoance provides cryptographic foundation. Qualified timestamp authority (QTA) integration is on the roadmap for qualified electronic signatures.

Document anchoring uses the same cryptographic primitives as all Invoance records — SHA-256, Ed25519, and append-only storage. The proof is verifiable offline and independent of Invoance infrastructure.

Other how-it-works topicsDeveloper documentationProduct overviewEarly access

How Document Anchoring Works — Invoance

Technical walkthrough of how Invoance Document Anchoring binds document hashes to timestamps and organizational identity using SHA-256, Ed25519, and append-only storage. Hash locally, submit the hash, and prove the document existed unchanged at a specific point in time.

Invoance

Neutral digital proof infrastructure for business. Tamper-evident, independently verifiable records.

Subscribe to our newsletter

Products
Platform
How It Works
Developers
Verify
Resources
Help & Legal
Products
  • Event Ledger
  • Document Anchoring
  • AI Attestation
  • Traces
Platform
  • Why Invoance
  • For Compliance Teams
  • Pricing
  • Security
How It Works
  • Overview
  • Event Ledger
  • Document Anchoring
  • AI Attestation
Developers
  • Overview
  • Endpoints
  • Authentication
  • Concepts
Verify
  • Verify Document
  • Verify AI Attestation
  • Verify Event
  • Verify Trace
Resources
  • All Resources
  • SOC 2 Guide
  • HIPAA Guide
  • ISO 27001 Guide
Help & Legal
  • Support
  • Verification Help
  • FAQ
  • Legal Notice

Invoance provides technical verification and proof infrastructure for digital records. Invoance does not issue legal, financial, or regulatory advice.

Records anchored through Invoance are cryptographically signed and tamper-evident by design. Invoance does not verify the accuracy, legality, or authenticity of document contents — only that a record existed in a specific form at a specific time. Verification links are publicly resolvable and do not require authentication. Invoance does not act as a custodian of funds, a legal authority, or a regulated financial entity. Use of Invoance does not constitute legal compliance. Consult qualified counsel for your specific obligations.

© 2025 – 2026 Invoance. All rights reserved.•