Skip to content

PRODUCT OVERVIEW

Everything Hashproof does, on one page.

Sign C2PA manifests, resolve them across re-encodes and crops, and verify cryptographic integrity — through one HTTP API. Below: the three core pillars, six secondary capabilities, and the 4-step pipeline they assemble.

Core pillars

MANAGED SIGNING & STORAGE

Sign C2PA manifests at any volume.

Hashproof issues signed C2PA manifests with managed keys, Merkle-anchored proofs, and pHash indexing. Every signed asset is stored with its content-address CID and a verifiable inclusion proof.

  • COSE / Ed25519 + ML-DSA-65 hybrid
  • Merkle-anchored to Base L2
  • IPFS CIDv1 storage
  • Per-tenant key isolation

SOFT-BINDING LOOKUP

Find the manifest after re-encodes and crops.

pHash-based resolution keeps provenance anchored through platform transformations. Hamming-distance thresholds are configurable; the API returns ranked candidates with similarity scores.

  • 2D-DCT perceptual hashing
  • 10-bit Hamming threshold default
  • Multi-candidate response shape
  • Chromaprint audio fingerprinting

CRYPTOGRAPHIC PROOF

Confirm authenticity in one call.

Upload a binary to the verify endpoint. Hashproof returns C2PA chain validation, signature check, trust-list matching, and manifest lineage — including a structured trust-status field ready to render.

  • Signature + chain check
  • Trust-list match
  • Lineage DAG response
  • Forensic view with confidence scores

Secondary capabilities

Six capabilities that don't appear on the landing page. Available on Scale and Enterprise; noted per row.

Compliance reporting

EU AI Act · Aug 2026

Structured EU AI Act Article 50 disclosures generated from signed manifests. One endpoint returns an auditor-ready PDF + JSON package.

Post-quantum signatures

FIPS 204 · NIST PQC

ML-DSA-65 (FIPS 204) hybrid signing alongside classical Ed25519. Rotate primitives without breaking existing manifests.

CMAF streaming

C2PA 2.3 streaming

Per-segment signing for live video via C2PA 2.3 streaming profile. Attach provenance to fragments without re-encoding.

Federation

mTLS · trust-list

Multi-registrar sync between Hashproof nodes over mutual-TLS. Participate in trust-list discovery without running your own registry.

Training-data lineage

Attestry bridge

Register dataset manifests; query whether a given asset was part of a training run. Cross-links provenance with AI training provenance.

Forensic verification

Insurance · newsroom

Ranked candidate lineage with per-edge confidence — for insurance claims, newsroom authentication, and legal discovery.

Architecture

Client traffic terminates at Cloudflare, is authenticated at the Hashproof API, and fans out to four specialized data planes.

Hashproof architecture diagramClient apps call the Hashproof API through Cloudflare edge. The API fans out to Supabase Postgres, Upstash Redis, IPFS, and a Base L2 Merkle anchor.Client app / SDKTypeScript · cURL · PythonCloudflare edgeTLS 1.3 · WAF · DDoSHashproof APIFastify · Railway us-west2PostgresSupabasemanifests, keys, usersRedisUpstashrate limiting, cacheIPFSCIDv1content-addressed storageBase L2Merkle anchorhourly tamper-evidence

The pipeline

Four endpoints, one HTTP API. Signing writes; resolution and verification read.

  1. 01

    Sign

    POST a binary + assertions; receive a signed manifest + CID.

  2. 02

    Store

    Manifest lands in per-tenant storage, hashed into the Merkle tree.

  3. 03

    Resolve

    Given a transformed binary, return ranked manifest candidates.

  4. 04

    Verify

    Return signature, trust, and lineage in one structured response.

Minimal verification

One request returns signature validity, trust-list match, and lineage.

curl -X POST https://api.hashproof.ai/v1/verify \
  -H "x-api-key: $HASHPROOF_API_KEY" \
  -F "file=@/path/to/image.jpg"

# => { "valid": true, "trust": "known", "manifest": { ... }, "lineage": [ ... ] }

Ship provenance this afternoon.

Free tier includes 1,000 signed manifests per month and 10,000 verifications. No credit card.