What shipped.

Hashproof v0.1 beta

Hashproof opens in closed beta today. The v0.1 API implements the core C2PA 2.1 surfaces, served as one HTTP service. What's live: managed ES256 signing, Merkle batch inclusion proofs, soft-binding pHash resolution with a 10-bit default Hamming threshold (configurable on JSON and GET lookups), one-call verification with structured trust-status, and a dashboard for API key management + live usage. Free tier is 1,000 manifests/mo and 10k verifications/mo, no credit card. Sign up through the landing page; we'll open the gate as capacity permits.

• Sign up →
• Pricing →

C2PA 2.1 spec coverage complete

The core C2PA 2.1 surfaces each have a corresponding endpoint or SDK primitive. Highlights: ingredient manifests with provenance DAG traversal, soft-binding assertions (pHash + fingerprint), training-data assertions for AI lineage, and hard-binding with embedded manifests.

• API reference ↗

Merkle batch inclusion proofs

Stored manifests are batched into a Merkle tree on anchoring runs. Each batched manifest exposes an inclusion proof via the /v1/manifests/:id/proof endpoint, verified against the recorded batch root.

Soft-binding pHash resolver (public beta)

POST a binary that has been re-encoded, cropped, or watermarked, and we return ranked manifest candidates from stored manifests, ordered by Hamming distance with confidence scores. The default threshold is 10 bits on a 64-bit 2D-DCT pHash, tuned against a Cloudinary-style re-encoding gauntlet. Configurable per request on JSON and GET fingerprint lookups; the multipart upload path uses the default.

• Verify endpoint docs ↗

Supabase Auth live on hashproof.ai

The dashboard now supports Google + GitHub OAuth and email/password through Supabase Auth. Sessions refresh automatically; the dashboard uses the session JWT to call api.hashproof.ai, so no secret is ever shipped to the browser. API keys remain the recommended path for server-to-server traffic.