🚀 Start Certifying in 2 Minutes

✓ JSON response in <3s ✓ eIDAS TSA + Tezos blockchain ✓ Evidence Pack verifiable offline

Prefer email? contact@sbix.io

Quick Example

curl -X POST https://certify.sbix.io/api/v1/certify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@document.pdf"

# Response (201 Created)
{
  "proof_id": "proof_293a76895d834c2d",
  "file_hash": "7112959b854fb...",
  "tsa_type": "eIDAS Qualified",
  "pdf_url": "/api/v1/certificates/.../pdf"
}

🔌 API Reference

Integrate document certification into your applications

v1.1 ✓ Production Ready

Overview Authentication Endpoints Certify Verify API Certificates Evidence Pack Errors Rate Limits

Overview

The SBIX Certify API allows you to programmatically certify documents with blockchain anchoring and eIDAS qualified timestamps. All endpoints return JSON responses.

Base URLs:

https://certify.sbix.io/api/v1 — Certify API (auth required)
https://verify.sbix.io/api/v1 — Verify API (public, no auth)

🔐

Secure

TLS 1.3, API key auth

🇪🇺

eIDAS

EU qualified timestamps

⛓️

Blockchain

Tezos + Aleph anchoring

🔍

Public Verify

Free verification API

Quick Start

cURL • Certify a file

# Certify a file in one request
curl -X POST https://certify.sbix.io/api/v1/certify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@document.pdf"

Authentication

The Certify API requires authentication using a Bearer token. The Verify API is public and requires no authentication.

Header (Certify API only)

Authorization: Bearer sbix_live_xxxxxxxxxxxxxxxx

⚠️ Keep your API key secret!

Never expose your API key in client-side code or public repositories.

Getting Your API Key

Log in to your Dashboard
Go to API Keys section
Click "Generate New API Key"
Copy the key immediately (shown only once)

API Key Format

Format

sbix_live_<64_hex_characters>

Example:
sbix_live_7efbd6230039b2dd745b1c4334ef1713a770f245204476a5b881eef0b32c4fc6

Test Your Key

cURL

curl https://certify.sbix.io/api/v1/auth/me \
  -H "Authorization: Bearer YOUR_API_KEY"

Endpoints

🔍 Verify API — Public (No Auth Required)

Base URL: https://verify.sbix.io/api/v1

Method	Endpoint	Description
GET	`/api/v1/`	API info & endpoints list
GET	`/api/v1/health`	Health check
GET	`/api/v1/verify/{proof_id}`	Verify a certificate
POST	`/api/v1/verify/hash`	Find certificate by file hash
POST	`/api/v1/verify/file`	Upload file to check if certified
GET	`/api/v1/proof/{proof_id}`	Get full proof JSON
GET	`/api/v1/proof/{proof_id}/pdf`	Download PDF certificate
GET	`/api/v1/proof/{proof_id}/tsr`	Download TSA token (.tsr)

🔐 Certify API — Authenticated

Base URL: https://certify.sbix.io/api/v1

Method	Endpoint	Description
GET	`/api/v1/auth/me`	Current user info
POST	`/api/v1/auth/keys`	Create new API key
DELETE	`/api/v1/auth/keys/{id}`	Revoke API key
POST	`/api/v1/certify`	Certify a file
GET	`/api/v1/certificates`	List certificates
GET	`/api/v1/certificates/{id}`	Get certificate details
GET	`/api/v1/certificates/{id}/pdf`	Download PDF certificate
GET	`/api/v1/certificates/{id}/proof`	Download proof.json
GET	`/api/v1/certificates/{id}/evidence-pack`	Download Evidence Pack Pro+

🔍 Verify API (Public)

The Verify API allows anyone to verify certificates without authentication. Perfect for third-party integrations, auditors, and verification tools.

✓ No authentication required

100 requests/hour per IP. CORS enabled for browser integrations.

Verify by Proof ID

GET https://verify.sbix.io/api/v1/verify/{proof_id}

cURL

curl https://verify.sbix.io/api/v1/verify/proof_bb0593e0d35c434f

Response • 200 OK

{
  "success": true,
  "timestamp": "2025-12-23T06:55:15.095852+00:00",
  "data": {
    "proof_id": "proof_bb0593e0d35c434f",
    "valid": true,
    "message": "Certificate valid and anchored",
    "certificate": {
      "filename": "document.pdf",
      "file_hash": "2791eb4ae2ae809fdb1137b735c0317786d6bb813bbe2f774a4b70746b3a75d2",
      "merkle_root": "18316573f66b993b...",
      "timestamp": "2025-12-22T10:55:31.928184Z"
    },
    "anchoring": {
      "tezos": { "anchored": true, "tx": "oo...", "url": "https://tzkt.io/oo..." },
      "aleph": { "anchored": true, "hash": "...", "url": "https://explorer.aleph.im/..." },
      "tsa": { "timestamped": true, "timestamp": "2025-12-22T10:55:32Z", "eidas_qualified": true }
    },
    "verification": {
      "url": "https://verify.sbix.io/verify/proof_bb0593e0d35c434f",
      "pdf_url": "https://verify.sbix.io/api/v1/proof/proof_bb0593e0d35c434f/pdf"
    }
  }
}

Find by Hash

POST https://verify.sbix.io/api/v1/verify/hash

cURL

curl -X POST https://verify.sbix.io/api/v1/verify/hash \
  -H "Content-Type: application/json" \
  -d '{"hash": "2791eb4ae2ae809fdb1137b735c0317786d6bb813bbe2f774a4b70746b3a75d2"}'

Upload File to Verify

POST https://verify.sbix.io/api/v1/verify/file

cURL

curl -X POST https://verify.sbix.io/api/v1/verify/file \
  -F "file=@document.pdf"

Download Proof Assets

Endpoint	Returns
`GET /api/v1/proof/{proof_id}`	Full proof JSON
`GET /api/v1/proof/{proof_id}/pdf`	PDF certificate (PAdES signed)
`GET /api/v1/proof/{proof_id}/tsr`	TSA token (RFC-3161 .tsr file)

JavaScript Example

JavaScript • Verify in browser

// Verify a certificate from your web app
async function verifyCertificate(proofId) {
  const response = await fetch(
    `https://verify.sbix.io/api/v1/verify/${proofId}`
  );
  const data = await response.json();
  
  if (data.success && data.data.valid) {
    console.log('✅ Certificate is valid!');
    console.log('Timestamp:', data.data.certificate.timestamp);
    console.log('eIDAS:', data.data.anchoring.tsa.eidas_qualified);
  } else {
    console.log('❌ Certificate not found or invalid');
  }
}

verifyCertificate('proof_bb0593e0d35c434f');

Certify a File

Upload a file and create a certificate with blockchain anchoring and TSA timestamp.

POST https://certify.sbix.io/api/v1/certify

Request

cURL

curl -X POST https://certify.sbix.io/api/v1/certify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@document.pdf" \
  -F "case_reference=CASE-2025-001"

Response

JSON • 201 Created

{
  "success": true,
  "data": {
    "message": "File certified successfully",
    "certificate": {
      "proof_id": "proof_293a76895d834c2d",
      "filename": "document.pdf",
      "file_hash": "7112959b854fb6434158bdd5f3a8a1e6f306fbe9ed93efd3dc29ce6dab2f30ed",
      "file_size": 102400,
      "merkle_root": "18316573f66b993b1eadf4e459da55942bcb15a572a12879c5e88a318c04d65c",
      "created_at": "2025-12-19T14:24:34.698370Z",
      "tsa_type": "eIDAS Qualified",
      "eidas_qualified": true,
      "pdf_url": "/api/v1/certificates/proof_293a76895d834c2d/pdf",
      "proof_url": "/api/v1/certificates/proof_293a76895d834c2d/proof"
    }
  }
}

Parameters

Parameter	Type	Required	Description
`file`	File	Yes	The file to certify (max 50MB)
`case_reference`	String	No	Legal case reference (Pro+ only, max 80 chars)

🇪🇺 eIDAS Qualified Timestamp

Pro+ users automatically receive an eIDAS qualified timestamp, which is court-admissible in 27 EU countries.

Certificates

List Certificates

GET /api/v1/certificates

cURL

curl https://certify.sbix.io/api/v1/certificates?page=1&per_page=20 \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

JSON • 200 OK

{
  "success": true,
  "data": {
    "certificates": [
      {
        "proof_id": "proof_293a76895d834c2d",
        "filename": "document.pdf",
        "file_hash": "7112959b854fb6...",
        "status": "completed",
        "created_at": "2025-12-19T14:24:34Z"
      }
    ],
    "pagination": {
      "page": 1,
      "per_page": 20,
      "total": 42,
      "pages": 3
    }
  }
}

Get Certificate Details

GET /api/v1/certificates/{proof_id}

cURL

curl https://certify.sbix.io/api/v1/certificates/proof_293a76895d834c2d \
  -H "Authorization: Bearer YOUR_API_KEY"

Evidence Pack Pro+

Download a court-ready ZIP package containing all verification artifacts.

GET /api/v1/certificates/{proof_id}/evidence-pack

📦 Evidence Pack Contents

📄

certificate.pdf PAdES signed certificate

📋

proof.json Full cryptographic proof

⏱️

timestamp.tsr RFC-3161 TSA response

🔗

anchors.json Blockchain anchoring proof

🐍

verify.py Python verification script

🔧

verify.sh Bash verification script

Error Handling

The API uses standard HTTP status codes and returns JSON error responses.

Error Response Format

{
  "success": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or expired"
  }
}

Status Codes

Code	Meaning
`200`	Success
`201`	Created (certificate)
`400`	Bad Request
`401`	Unauthorized (invalid/missing API key)
`403`	Forbidden (plan limit)
`404`	Not Found
`429`	Rate Limited
`500`	Server Error

Rate Limits

Rate limits are applied per API key (Certify API) or per IP (Verify API).

Certify API (Authenticated)

Plan	Rate Limit	Certificates/Month
Free	100 requests/hour	5
Pro	500 requests/hour	Unlimited
Pro+	1,000 requests/hour	Unlimited + eIDAS

Verify API (Public)

Type	Rate Limit
Per IP	100 requests/hour

Rate Limit Headers

Each response includes rate limit info in headers:

X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Ready to integrate?

Get your API key in 30 seconds and start certifying documents.

Get API Key (free) →