CanonProof is infrastructure: hash, forensic checks, explainable indicators, scoring, and a signed certificate with a public verification page.
Upload a file, receive a status + score + indicators, then fetch the certificate JSON for storage or audit trails.
SHA-256 hashing + ES256-signed certificate output. Public verification confirms the certificate is authentic.
Indicators (flags, numeric values, metadata) feed the score. Your app can show “why”, not just a label.
Base URL: https://canonproof.com
In your dashboard, create a key (you’ll only see the full token once). Store it securely.
Call POST /api/v1/client/verifications with multipart/form-data and a file field. You’ll receive a certificateId.
Use GET /api/v1/client/certificates/{certificateId} to retrieve the signed certificate JSON for your audit trail.
These are the real routes in the client API.
POST https://canonproof.com/api/v1/client/verifications
GET https://canonproof.com/api/v1/client/certificates/{certificateId}
GET https://canonproof.com/api/v1/client/usage/remaining
Authorization: Bearer cp_live_… — not just the token.
Pick an endpoint on the left. Switch language tabs on the right.
Returns API keys for the current client user/org.
curl -X GET "https://canonproof.com/api/v1/client/api-keys" \ -H "Authorization: Bearer cp_live_YOUR_KEY"
const res = await fetch("https://canonproof.com/api/v1/client/api-keys", {
method: "GET",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
console.log(await res.json());import os, requests
r = requests.get(
"https://canonproof.com/api/v1/client/api-keys",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
print(r.status_code, r.text)Creates a new API key for your org.
curl -X POST "https://canonproof.com/api/v1/client/api-keys" \
-H "Authorization: Bearer cp_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{ "name": "My integration key" }'const res = await fetch("https://canonproof.com/api/v1/client/api-keys", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.CP_API_KEY}`,
"Content-Type": "application/json"
},
body: JSON.stringify({ name: "My integration key" })
});
console.log(await res.json());import os, requests
r = requests.post(
"https://canonproof.com/api/v1/client/api-keys",
headers={
"Authorization": f"Bearer {os.getenv('CP_API_KEY')}",
"Content-Type": "application/json"
},
json={"name": "My integration key"}
)
print(r.status_code, r.text)Revokes an API key by id.
curl -X DELETE "https://canonproof.com/api/v1/client/api-keys/00000000-0000-0000-0000-000000000000" \ -H "Authorization: Bearer cp_live_YOUR_KEY"
const id = "00000000-0000-0000-0000-000000000000";
const res = await fetch(`https://canonproof.com/api/v1/client/api-keys/${id}`, {
method: "DELETE",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
console.log(res.status);import os, requests
id = "00000000-0000-0000-0000-000000000000"
r = requests.delete(
f"https://canonproof.com/api/v1/client/api-keys/{id}",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
print(r.status_code, r.text)Paged list of certificates created by this API key’s user/org.
curl -X GET "https://canonproof.com/api/v1/client/certificates?page=1&pageSize=25" \ -H "Authorization: Bearer cp_live_YOUR_KEY"
const res = await fetch("https://canonproof.com/api/v1/client/certificates?page=1&pageSize=25", {
method: "GET",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
console.log(await res.json());import os, requests
r = requests.get(
"https://canonproof.com/api/v1/client/certificates",
params={"page": 1, "pageSize": 25},
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
print(r.status_code, r.text)Fetch the sealed + signed certificate payload for audit trails and verification.
curl -X GET "https://canonproof.com/api/v1/client/certificates/cp1_..." \ -H "Authorization: Bearer cp_live_YOUR_KEY"
const res = await fetch("https://canonproof.com/api/v1/client/certificates/cp1_...", {
method: "GET",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
console.log(await res.json());import os, requests
r = requests.get(
"https://canonproof.com/api/v1/client/certificates/cp1_...",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
print(r.status_code, r.text)Downloads an offline verification bundle (e.g., JSON + signature material).
curl -L "https://canonproof.com/api/v1/client/certificates/cp1_.../bundle" \ -H "Authorization: Bearer cp_live_YOUR_KEY" \ -o cert-bundle.json
const res = await fetch("https://canonproof.com/api/v1/client/certificates/cp1_.../bundle", {
method: "GET",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
const buf = await res.arrayBuffer();
console.log("bytes:", buf.byteLength);import os, requests
r = requests.get(
"https://canonproof.com/api/v1/client/certificates/cp1_.../bundle",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
open("cert-bundle.json", "wb").write(r.content)
print(r.status_code)Returns remaining, included, credits and used counts for the current subscription window.
curl -X GET "https://canonproof.com/api/v1/client/usage/remaining" \ -H "Authorization: Bearer cp_live_YOUR_KEY"
const res = await fetch("https://canonproof.com/api/v1/client/usage/remaining", {
method: "GET",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
console.log(await res.json());import os, requests
r = requests.get(
"https://canonproof.com/api/v1/client/usage/remaining",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
print(r.status_code, r.text)Multipart upload. Returns verification id + certificate reference (primary integration endpoint).
curl -X POST "https://canonproof.com/api/v1/client/verifications" \ -H "Authorization: Bearer cp_live_YOUR_KEY" \ -F "file=@/path/to/evidence.pdf"
const fs = require("fs");
const fd = new FormData();
fd.append("file", fs.createReadStream("/path/to/evidence.pdf"));
const res = await fetch("https://canonproof.com/api/v1/client/verifications", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.CP_API_KEY}`
},
body: fd
});
const data = await res.json();
console.log(data);import os, requests
with open("/path/to/evidence.pdf", "rb") as f:
r = requests.post(
"https://canonproof.com/api/v1/client/verifications",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"},
files={"file": ("evidence.pdf", f, "application/pdf")}
)
print(r.status_code, r.text)Returns the current status for a verification id.
curl -X GET "https://canonproof.com/api/v1/client/verifications/00000000-0000-0000-0000-000000000000/status" \ -H "Authorization: Bearer cp_live_YOUR_KEY"
const id = "00000000-0000-0000-0000-000000000000";
const res = await fetch(`https://canonproof.com/api/v1/client/verifications/${id}/status`, {
method: "GET",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
console.log(await res.json());import os, requests
id = "00000000-0000-0000-0000-000000000000"
r = requests.get(
f"https://canonproof.com/api/v1/client/verifications/{id}/status",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
print(r.status_code, r.text)Returns the verification result payload (status/score/confidence/indicators summary).
curl -X GET "https://canonproof.com/api/v1/client/verifications/00000000-0000-0000-0000-000000000000/result" \ -H "Authorization: Bearer cp_live_YOUR_KEY"
const id = "00000000-0000-0000-0000-000000000000";
const res = await fetch(`https://canonproof.com/api/v1/client/verifications/${id}/result`, {
method: "GET",
headers: { "Authorization": `Bearer ${process.env.CP_API_KEY}` }
});
console.log(await res.json());import os, requests
id = "00000000-0000-0000-0000-000000000000"
r = requests.get(
f"https://canonproof.com/api/v1/client/verifications/{id}/result",
headers={"Authorization": f"Bearer {os.getenv('CP_API_KEY')}"}
)
print(r.status_code, r.text)This page is designed as a sales+explain API overview, not the full reference.
The API is designed for PI tools, law workflows, insurers, and platforms where auditability matters.
Short answers to unblock evaluation and procurement.
No — CanonProof certifies integrity and authenticity signals of a file and signs the result. It does not determine the truth of claims or events.
Typically: fileId, sha256, status, score/confidence, certificateId, and the publicUrl. Fetch and archive the certificate JSON when you need immutable audit trails.
AI is advisory-only. When available it becomes indicators (e.g., probabilities/confidence) and is never the sole decisive factor.
Yes — the /c/{publicId} link is designed exactly for that. It verifies the certificate signature and shows the result without requiring an account.
Start with Professional Integrity or Advanced Assurance. If you’re a platform, talk to us about enterprise terms.