SDKs
Hashproof SDKs
Thin clients around the v1 HTTP API with idiomatic helpers for signing, resolving, and verifying. TypeScript-first; Python is in development.
TypeScript / JavaScript
Zero runtime dependencies. Works in Node, Bun, edge runtimes, and modern browsers (with the same fetch shim).
npm install @hashproof/sdk
# or
pnpm add @hashproof/sdkSign and verify, end-to-end:
import { Hashproof } from '@hashproof/sdk';
const client = new Hashproof({ apiKey: process.env.HASHPROOF_API_KEY! });
// Sign
const file = await Bun.file('./photo.jpg').arrayBuffer();
const signed = await client.sign(new Blob([file]), {
title: 'Field photo, 2026',
});
console.log(signed.manifestId);
// Verify
const v = await client.verify(new Blob([file]));
if (v.trustStatus !== 'trusted') {
throw new Error('Untrusted provenance');
}Python
Async client built on httpx. Python 3.10+.
pip install hashproof
# or
poetry add hashprooffrom hashproof import Hashproof
import asyncio
async def main() -> None:
client = Hashproof(api_key="hpsk_live_xxxxx")
# Sign
with open("./photo.jpg", "rb") as f:
signed = await client.sign(f.read(), title="Field photo, 2026")
print(signed.manifest_id)
# Verify
with open("./photo.jpg", "rb") as f:
v = await client.verify(f.read())
if v.trust_status != "trusted":
raise RuntimeError("Untrusted provenance")
asyncio.run(main())CLI
One-shot verification of any file from the command line. No install step if you have npx.
npx hashproof verify ./photo.jpg
# => { hasProvenance: true, source: 'embedded', trustStatus: 'trusted' }
# Or globally:
npm install -g hashproof
hashproof sign ./photo.jpg --api-key "$HASHPROOF_API_KEY"Don't see your language?
The HTTP API is the source of truth. Every SDK above is a thin wrapper around it; you can build the same shape against any language. Start from the API reference, and let us know at engineering@hashproof.ai if there is a stack you would like us to ship a client for.