01 / API REFERENCE
LudeProof API
The API exposes the notary, verification and signals engine over REST. It is available on the Business plan. Create a key in the dashboard under API keys and send it as a bearer token. All endpoints accept multipart/form-data with a file field (20 MB limit) and return JSON.
Authentication
Authorization: Bearer lp_live_...Keys are shown once at creation and stored hashed. Rotate by deleting and recreating.
POST /api/v1/notarize
Registers the file: computes its SHA 256 fingerprint and anchors a trusted timestamp.
curl -X POST https://ludeproof.com/api/v1/notarize \
-H "Authorization: Bearer $KEY" \
-F "[email protected]"
{
"id": "doc_x1y2...",
"sha256": "9f86d0...",
"timestamp": { "provider": "FreeTSA (RFC 3161)", "time": "2026-07-07T10:12:03Z" },
"verifyUrl": "https://ludeproof.com/verify/doc_x1y2...",
"certificateUrl": "https://ludeproof.com/api/certificate/doc_x1y2..."
}POST /api/v1/verify
Checks a file, or a bare sha256 form field, against the registry. Returns every matching registration and its timestamp.
{
"sha256": "9f86d0...",
"match": true,
"registrations": [
{ "id": "doc_x1y2...", "registeredAt": "2026-07-07T10:12:03Z", "timestamp": "2026-07-07T10:12:03Z" }
]
}POST /api/v1/check
Runs the signals report and returns findings plus the risk score.
{
"sha256": "9f86d0...",
"riskScore": 42,
"riskBand": "elevated",
"findings": [
{ "severity": "signal", "code": "pdf.dates", "title": "Modified after creation", "detail": "..." }
]
}Errors
401 { "error": "invalid_key" }
402 { "error": "quota_exceeded", "detail": "Monthly check quota reached." }
413 { "error": "file_too_large" }
422 { "error": "no_file" }What a result means
LudeProof reports evidence, not verdicts. A verification match proves the exact bytes were registered at the stated time. A signals report lists observations from the file's own metadata and structure. Neither certifies that a document's contents are true.