Five surfaces, one honest source of truth.
Signata is a verify-and-sign platform built on the open C2PA standard. Every surface (API, SDK, transparency log, dashboard, and docs) is driven by one verdict model, so what a developer reads in a JSON response is exactly what a newsroom editor sees on screen.
Surface 01 · Verify
Verify API & SDK
The core read path. Send bytes (a file, a URL, or a hash) and get back a single, stable verification contract. The same engine powers the REST endpoint, the typed SDK, the embeddable badge, and the Verify Studio, so every surface speaks identical language.
- POST /api/v1/verify, authenticated with x-signata-api-key
- Signer, edit history, ingredients, and AI disclosure in one response
- Hard-binding check (SHA-256) reported explicitly, never inferred
- Recovers provenance by content hash when the embedded manifest is gone
{
"verdict": "verified",
"signer": { "name": "OpenAI", "trusted": true },
"ai": { "disclosure": "ai_generated", "generated": true },
"binding": { "algorithm": "sha256", "matches": true }
}Surface 02 · Sign
Signing & issuing
Issue Content Credentials on your own media with per-workspace Ed25519 signing identities. Output standard C2PA (interoperable with every C2PA-aware reader) or a compact Signata format. AI products can disclose generation directly in the manifest.
- Revocable signing identities scoped to a workspace
- Standard C2PA or compact Signata manifests
- Honest, machine-readable AI disclosure assertions
- Built on the official CAI library: real C2PA, not a lookalike
Signing identity
newsroom-press · prod
key_id 3f9a…be21 · Ed25519
Surface 03 · Transparency log
Transparency log
An append-only, hash-chained record of every credential you issue. Because metadata is easily stripped when a file is re-encoded or re-uploaded, the log lets you recover provenance by content hash: an independent record that does not depend on the bytes carrying their manifest.
- Each entry chains to the previous by hash: tamper-evident
- Look up provenance with GET /api/v1/provenance/{hash}
- Survives re-encoding that strips the embedded manifest
- A log root you can publish and reference externally
Transparency log
append-onlychained to prev · root advanced
chained to prev · root advanced
chained to prev · root advanced
Surface 04 · Dashboard
Dashboard, policies & review queue
Where a team operates provenance. Define policies that map verdicts and AI disclosure to actions (allow, label, disclose, review, block), manage trust lists and signing identities, and work ambiguous cases through a review queue with full role-based access control.
- Policy engine: first matching rule wins, with a safe fallback
- Trust lists you control: known issuers are a convenience, not a grant
- Review queue for untrusted-signer and edge cases
- RBAC and tenant isolation across the workspace
Policy · inbound-media
First matching rule wins · fallback labels everything else. No rule ever calls media “fake”.
Surface 05 · Docs
Docs, badge & the open standard
Everything a developer needs, plus an OpenAPI spec and an embeddable verification badge. The documentation is candid about what provenance can and cannot tell you, including a dedicated limits and threat-model section, because honesty is the product.
- OpenAPI spec and a copy-paste quickstart
- Embeddable badge that renders the same verdict model
- Limits & honesty and threat-model pages, linked from everywhere
- Grounded in the open C2PA / Content Credentials standard
Ready when you are
Put the whole lifecycle to work.
Verify inbound media, sign your own outputs, and keep an independent record, all from one workspace, all on the open standard.