{"openapi":"3.1.0","info":{"title":"Signata API","version":"2026-01-01","description":"Cryptographic content provenance & verification. Verify Content Credentials (C2PA + Signata-native), sign your own media, and recover provenance by content hash from the transparency log."},"servers":[{"url":"https://signata.dev"}],"security":[{"ApiKeyAuth":[]},{"BearerAuth":[]}],"paths":{"/api/v1/verify":{"post":{"summary":"Verify an asset's provenance","description":"Accepts raw image bytes (any content type), multipart form-data (`file`), or a JSON body `{ \"url\": \"…\" }`. Returns the full, honest verdict. Requires the `verify:read` scope.","security":[{"ApiKeyAuth":[]}],"requestBody":{"required":true,"content":{"application/octet-stream":{"schema":{"type":"string","format":"binary"}},"multipart/form-data":{"schema":{"type":"object","properties":{"file":{"type":"string","format":"binary"}}}},"application/json":{"schema":{"type":"object","properties":{"url":{"type":"string","format":"uri"}}}}}},"responses":{"200":{"description":"Verification result","content":{"application/json":{"schema":{"$ref":"#/components/schemas/VerificationResponse"},"example":{"api_version":"2026-01-01","verdict":"verified","verdict_label":"Verified provenance","verdict_tone":"verified","summary":"A valid Content Credential is attached, its signature and hard binding check out, and the signer is trusted.","signer":{"name":"Acme Newsroom","identifier":"acme.news","trusted":true,"key_id":"kid_9f1c…","key_thumbprint":"a1b2…"},"binding":{"algorithm":"sha256","matches":true,"claimed_hash":"9f1c…","computed_hash":"9f1c…"},"signature":{"valid":true,"algorithm":"EdDSA","format":"signata"},"ai":{"disclosure":"not_disclosed","generated":false,"edited":false},"claim":{"generator":"Signata/0.1 (acme-cms)","created_at":"2026-01-01T00:00:00Z","actions":[{"action":"c2pa.created","label":"Created","when":"2026-01-01T00:00:00Z"}],"ingredients":[],"assertions":[{"label":"c2pa.actions","kind":"Edit history","summary":"1 action recorded"}]},"recovered_via":"embedded","reasons":["signature_valid","hard_binding_match","signer_trusted:workspace"],"asset":{"hash":"9f1c…","format":"image/png","size":184320},"source":"api","policy":{"actions":["allow","label"],"matched_rule":"Trusted, verified content"},"event_id":"evt_…"}}}},"401":{"$ref":"#/components/responses/Unauthorized"},"429":{"$ref":"#/components/responses/RateLimited"}}}},"/api/v1/sign":{"post":{"summary":"Attach a provenance manifest to an asset","description":"Signs an asset and returns the credentialed bytes + a transparency-log receipt. Requires the `sign:write` scope. `format` may be `signata` (default, isomorphic) or `c2pa` (conformant C2PA).","security":[{"ApiKeyAuth":[]}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SignRequest"}},"multipart/form-data":{"schema":{"type":"object","properties":{"file":{"type":"string","format":"binary"},"options":{"type":"string"}}}}}},"responses":{"200":{"description":"Sign receipt","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SignResponse"}}}},"401":{"$ref":"#/components/responses/Unauthorized"}}}},"/api/v1/provenance/{assetHash}":{"get":{"summary":"Recover provenance by content hash","description":"Looks up the transparency log by SHA-256 binding hash (soft binding); recovers provenance even when embedded metadata was stripped.","parameters":[{"name":"assetHash","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Lookup result","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ProvenanceLookupResponse"}}}}}}},"/.well-known/jwks.json":{"get":{"summary":"Signata verification key set (JWKS)","responses":{"200":{"description":"JWKS"}}}},"/api/health":{"get":{"summary":"Liveness","responses":{"200":{"description":"ok"}}}},"/api/ready":{"get":{"summary":"Readiness (DB reachable)","responses":{"200":{"description":"ready"},"503":{"description":"not ready"}}}}},"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","in":"header","name":"x-signata-api-key"},"BearerAuth":{"type":"http","scheme":"bearer"}},"responses":{"Unauthorized":{"description":"Missing or invalid API key","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"RateLimited":{"description":"Rate limit exceeded","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"schemas":{"Verdict":{"type":"string","enum":["verified","provenance_present_untrusted","tampered","no_provenance","error"],"description":"The honest verdict. `no_provenance` means authenticity is UNKNOWN, never that content is fake."},"SignRequest":{"type":"object","properties":{"asset_base64":{"type":"string","description":"Base64 of the asset bytes."},"url":{"type":"string","format":"uri"},"format":{"type":"string","enum":["signata","c2pa"],"default":"signata"},"identity_id":{"type":"string"},"title":{"type":"string"},"claim_generator":{"type":"string"},"ai":{"type":"object","properties":{"generated":{"type":"boolean"},"edited":{"type":"boolean"},"model":{"type":"string"}}},"authors":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"identifier":{"type":"string"}}}}}},"VerificationResponse":{"type":"object","properties":{"api_version":{"type":"string"},"verdict":{"$ref":"#/components/schemas/Verdict"},"verdict_label":{"type":"string"},"verdict_tone":{"type":"string","enum":["verified","untrusted","tampered","unknown","error"]},"summary":{"type":"string"},"signer":{"type":["object","null"]},"binding":{"type":"object","properties":{"algorithm":{"type":"string"},"matches":{"type":"boolean"},"computed_hash":{"type":"string"}}},"signature":{"type":"object","properties":{"valid":{"type":"boolean"},"format":{"type":"string","enum":["c2pa","signata","none"]}}},"ai":{"type":"object","properties":{"disclosure":{"type":"string"},"generated":{"type":"boolean"},"edited":{"type":"boolean"}}},"recovered_via":{"type":["string","null"],"enum":["embedded","transparency_log",null]},"reasons":{"type":"array","items":{"type":"string"}},"policy":{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string"}}}},"event_id":{"type":"string"}}},"SignResponse":{"type":"object","properties":{"api_version":{"type":"string"},"manifest_id":{"type":"string"},"format":{"type":"string","enum":["signata","c2pa"]},"transparency":{"type":"object","properties":{"seq":{"type":"integer"},"entry_hash":{"type":"string"},"log_root":{"type":"string"}}},"credentialed_asset_base64":{"type":"string"}}},"ProvenanceLookupResponse":{"type":"object","properties":{"api_version":{"type":"string"},"found":{"type":"boolean"},"asset_hash":{"type":"string"},"log_root":{"type":"string"}}},"Error":{"type":"object","properties":{"error":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"},"request_id":{"type":"string"}}}}}}}}