01 / API REFERENCE

LudeProof API

The API exposes the notary, verification and signals engine over REST. It is available on the Business plan. Create a key in the dashboard under API keys and send it as a bearer token. All endpoints accept multipart/form-data with a file field (20 MB limit) and return JSON.

Authentication

Authorization: Bearer lp_live_...

Keys are shown once at creation and stored hashed. Rotate by deleting and recreating.

POST /api/v1/notarize

Registers the file: computes its SHA 256 fingerprint and anchors a trusted timestamp.

curl -X POST https://ludeproof.com/api/v1/notarize \
  -H "Authorization: Bearer $KEY" \
  -F "[email protected]"

{
  "id": "doc_x1y2...",
  "sha256": "9f86d0...",
  "timestamp": { "provider": "FreeTSA (RFC 3161)", "time": "2026-07-07T10:12:03Z" },
  "verifyUrl": "https://ludeproof.com/verify/doc_x1y2...",
  "certificateUrl": "https://ludeproof.com/api/certificate/doc_x1y2..."
}

POST /api/v1/verify

Checks a file, or a bare sha256 form field, against the registry. Returns every matching registration and its timestamp.

{
  "sha256": "9f86d0...",
  "match": true,
  "registrations": [
    { "id": "doc_x1y2...", "registeredAt": "2026-07-07T10:12:03Z", "timestamp": "2026-07-07T10:12:03Z" }
  ]
}

POST /api/v1/check

Runs the signals report and returns findings plus the risk score.

{
  "sha256": "9f86d0...",
  "riskScore": 42,
  "riskBand": "elevated",
  "findings": [
    { "severity": "signal", "code": "pdf.dates", "title": "Modified after creation", "detail": "..." }
  ]
}

Errors

401 { "error": "invalid_key" }
402 { "error": "quota_exceeded", "detail": "Monthly check quota reached." }
413 { "error": "file_too_large" }
422 { "error": "no_file" }

What a result means

LudeProof reports evidence, not verdicts. A verification match proves the exact bytes were registered at the stated time. A signals report lists observations from the file's own metadata and structure. Neither certifies that a document's contents are true.