Product tour

Five surfaces, one honest source of truth.

Signata is a verify-and-sign platform built on the open C2PA standard. Every surface (API, SDK, transparency log, dashboard, and docs) is driven by one verdict model, so what a developer reads in a JSON response is exactly what a newsroom editor sees on screen.

Surface 01 · Verify

Verify API & SDK

The core read path. Send bytes (a file, a URL, or a hash) and get back a single, stable verification contract. The same engine powers the REST endpoint, the typed SDK, the embeddable badge, and the Verify Studio, so every surface speaks identical language.

  • POST /api/v1/verify, authenticated with x-signata-api-key
  • Signer, edit history, ingredients, and AI disclosure in one response
  • Hard-binding check (SHA-256) reported explicitly, never inferred
  • Recovers provenance by content hash when the embedded manifest is gone
API reference
POST /api/v1/verify200 OK
Verified provenanceAI-generated (disclosed)
{
  "verdict": "verified",
  "signer": { "name": "OpenAI", "trusted": true },
  "ai": { "disclosure": "ai_generated", "generated": true },
  "binding": { "algorithm": "sha256", "matches": true }
}

Surface 02 · Sign

Signing & issuing

Issue Content Credentials on your own media with per-workspace Ed25519 signing identities. Output standard C2PA (interoperable with every C2PA-aware reader) or a compact Signata format. AI products can disclose generation directly in the manifest.

  • Revocable signing identities scoped to a workspace
  • Standard C2PA or compact Signata manifests
  • Honest, machine-readable AI disclosure assertions
  • Built on the official CAI library: real C2PA, not a lookalike
Quickstart

Signing identity

Ed

newsroom-press · prod

key_id 3f9a…be21 · Ed25519

Active
c2pa.created
c2pa.color_adjustments
com.signata.ai-disclosure

Surface 03 · Transparency log

Transparency log

An append-only, hash-chained record of every credential you issue. Because metadata is easily stripped when a file is re-encoded or re-uploaded, the log lets you recover provenance by content hash: an independent record that does not depend on the bytes carrying their manifest.

  • Each entry chains to the previous by hash: tamper-evident
  • Look up provenance with GET /api/v1/provenance/{hash}
  • Survives re-encoding that strips the embedded manifest
  • A log root you can publish and reference externally
Transparency log spec

Transparency log

append-only
seq 4127entry 9c2e…a7f1

chained to prev · root advanced

seq 4128entry b04d…11c9

chained to prev · root advanced

seq 4129entry e7a3…ff20

chained to prev · root advanced

Surface 04 · Dashboard

Dashboard, policies & review queue

Where a team operates provenance. Define policies that map verdicts and AI disclosure to actions (allow, label, disclose, review, block), manage trust lists and signing identities, and work ambiguous cases through a review queue with full role-based access control.

  • Policy engine: first matching rule wins, with a safe fallback
  • Trust lists you control: known issuers are a convenience, not a grant
  • Review queue for untrusted-signer and edge cases
  • RBAC and tenant isolation across the workspace
Open the dashboard

Policy · inbound-media

if verifiedallow
if untrusted signerreview
if AI-generatedlabel + disclose
if tamperedblock

First matching rule wins · fallback labels everything else. No rule ever calls media “fake”.

Surface 05 · Docs

Docs, badge & the open standard

Everything a developer needs, plus an OpenAPI spec and an embeddable verification badge. The documentation is candid about what provenance can and cannot tell you, including a dedicated limits and threat-model section, because honesty is the product.

  • OpenAPI spec and a copy-paste quickstart
  • Embeddable badge that renders the same verdict model
  • Limits & honesty and threat-model pages, linked from everywhere
  • Grounded in the open C2PA / Content Credentials standard
Read the docs

Ready when you are

Put the whole lifecycle to work.

Verify inbound media, sign your own outputs, and keep an independent record, all from one workspace, all on the open standard.