API Reference
REST API for visual origin detection, copy detection, and cryptographic proof creation
Overview
SBIX provides a complete visual origin and copy detection API — from origin search to legal-grade proof creation.
Search API
Find the probable origin of an image. Returns the most likely original source across 5.5M+ indexed images from 15+ platforms.
POST
/api/v1/search
Check API
Full forensic analysis. Detects copies, flips, crops, and derivatives. Returns BLOCK / REVIEW / SAFE with geometric proof when available.
POST
/api/v1/check
Ingest API
Enterprise archive onboarding. Push your image archive into SBIX — we fingerprint, index, and certify everything on our side.
POST
/api/v1/ingest
Certify API
Legal-grade proof of existence. eIDAS Qualified timestamp + Tezos blockchain anchor + Evidence Pack.
POST
/api/certify
| API | Purpose | Auth | Use case |
|---|---|---|---|
/api/v1/search |
Origin detection | Bearer | Where was this image first seen? |
/api/v1/check |
Copy detection | Bearer | Is this a copy? Full forensic analysis. |
/api/v1/ingest |
Archive indexing | Bearer + partner | Index your archive once. Check forever. |
/api/v1/scan-public |
Public teaser | None | Free limited scan (10/day per IP) |
/api/certify |
Proof creation | Bearer | eIDAS Qualified timestamp + blockchain |
/api/v1/verify/{proof_id} |
Proof validation | None | Public verification — share with anyone |
Index coverage
5.5M+ fingerprints across 15+ platforms: Teia, Objkt, fxhash, Wikipedia, NASA, Met Museum, Smithsonian, Europeana, Rijksmuseum, DPLA, Internet Archive, and more. Growing daily via active crawlers.
| Anchoring Layer | Technology | Legal basis |
|---|---|---|
| Qualified Timestamp | RFC-3161 via AlfaSign (EU Trusted List) | Art. 41 eIDAS — court-admissible, 27 EU states |
| Blockchain | Tezos Mainnet | Tamper-proof, independently verifiable |
| Decentralized Storage | Aleph.im / IPFS | Resilient, censorship-resistant |
Authentication
All authenticated endpoints require a Bearer token in the Authorization header. The public endpoints (/api/v1/scan-public, /api/v1/verify/{proof_id}, /verify/{proof_id}) require no authentication.
Authorization Header
Authorization: Bearer sbix_live_xxxxxxxxxxxxxxxx
Keep your API key secret. Never expose it in client-side code or public repositories.
To get an API key: log in to your Dashboard → API Keys → Generate New API Key. The key is shown only once.
Key Format
sbix_live_<64 hex characters>
Example:
sbix_live_7efbd6230039b2dd745b1c4334ef1713a770f245204476a5b881eef0b32c4fc6Search — Visual Origin Engine
Find the probable origin of an image. Lightweight pipeline — no copy verifier, no DINOv2. Fast, scalable, API-first. Returns the most likely original source or null if uncertain.
POST
https://certify.sbix.io/api/v1/search
Auth required
When to use /search vs /check
Use
/search for origin detection — fast, scalable, no deep analysis. Use /check for copy detection with geometric proof — slower, more precise, returns BLOCK/REVIEW/SAFE.
Request
| Parameter | Type | Required | Description |
|---|---|---|---|
file |
multipart | Yes* | Image file (jpg, png, gif, webp). Max 20MB. |
image_url |
string | Yes* | Direct image URL (alternative to file upload) |
* Provide either file or image_url.
cURL Example
File upload
curl -X POST https://certify.sbix.io/api/v1/search \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "file=@artwork.png"Response
200 OK — Origin found
{
"success": true,
"data": {
"origin": {
"proof_id": "teia_127061",
"platform": "teia",
"first_seen": "2021-03-12T00:00:00Z",
"origin_score": 0.73,
"confidence": 73,
"decision": "LIKELY_ORIGINAL",
"source_url": "https://ipfs.io/ipfs/QmPrW..."
},
"copies_detected": 17,
"trust_index": 62,
"db_size": 5500000,
"checked_at": "2026-03-31T15:00:00Z"
}
}200 OK — Origin null (uncertain)
{
"success": true,
"data": {
"origin": null,
"copies_detected": 0,
"trust_index": 0,
"db_size": 5500000,
"checked_at": "2026-03-31T15:00:00Z"
}
}Origin Decision Values
| Decision | Score | Meaning |
|---|---|---|
LIKELY_ORIGINAL |
≥ 0.60 | Strong signal — this is probably the original source. |
POSSIBLE_ORIGINAL |
0.38–0.60 | Moderate signal — likely original but unconfirmed. |
UNCERTAIN |
< 0.38 | Insufficient signal — origin returned as null. |
Check — Full Copy Detection
Full forensic analysis pipeline. Detects copies, flips, rotations, crops, and derivatives against 5.5M+ indexed images. Returns BLOCK / REVIEW / SAFE with geometric proof when available.
POST
https://certify.sbix.io/api/v1/check
Auth required
Pipeline (6 steps)
| # | Step | Description |
|---|---|---|
| 1 | Fingerprint | pHash + dHash + aHash + 8 geometric variants (original, flip_h, flip_v, rot90, rot180, rot270, flip_h+rot90, flip_v+rot90) |
| 2 | VRC HNSW | Search 5.5M+ fingerprints — O(log N) approximate nearest neighbor |
| 3 | Copy Verifier | ORB + RANSAC geometric verification — requires source_url on candidate |
| 4 | DINOv2 Embedding | Semantic similarity — detects crops, screenshots, partial copies of certified originals |
| 5 | Trust Index | TI = 0.35·T + 0.25·F + 0.25·N (temporal, fingerprint uniqueness, network trust) |
| 6 | VRC-lite | Local origin candidate scoring — present only on REVIEW |
Request
| Parameter | Type | Required | Description |
|---|---|---|---|
file |
multipart | Yes* | Image file (jpg, png, gif, webp, tiff). Max 20MB. |
image_url |
string | Yes* | Direct image URL (alternative to file upload) |
include_weak |
bool | No | Include weak matches (distance 17–20). Default: false |
max_distance |
int | No | Override max distance threshold (default 16, max 20) |
* Provide either file or image_url.
Decision Values
| Decision | Verdict | Meaning |
|---|---|---|
BLOCK |
STRONG_COPY / EXACT_COPY | Geometric proof confirmed (ORB/RANSAC) or exact fingerprint match. Do not list. |
REVIEW |
POSSIBLE_COPY / SIMILAR | Strong similarity without geometric proof. Manual review recommended. |
SAFE |
ORIGINAL_LIKELY | No significant match found. Safe to list. |
cURL Examples
File upload
curl -X POST https://certify.sbix.io/api/v1/check \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "file=@artwork.png"
Image URL
curl -X POST https://certify.sbix.io/api/v1/check \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"image_url": "https://ipfs.io/ipfs/QmXxx..."}'Response — BLOCK
200 OK
{
"success": true,
"data": {
"decision": "BLOCK",
"verdict": "STRONG_COPY",
"alert": "COPY",
"confidence": 100,
"risk": "high",
"trust_index": 25,
"decision_reason": "copy_verifier confirmed_copy (401 inliers, ir=0.98)",
"best_match": {
"proof_id": "teia_837192",
"platform": "teia",
"distance": 9,
"similarity_percent": 89.1,
"match_via": "original",
"retrieval_lane": "vrc",
"source_url": "https://ipfs.io/ipfs/QmS9fXRz3SEVqpLib4LYFWJS3GxhBLFJU6J5sWJXmWNkVA",
"first_indexed_at": "2022-06-14T10:00:00Z"
},
"verification_summary": {
"decision": "confirmed_copy",
"score": 100.0,
"transform": "original"
},
"origin": null,
"copies_detected": 3,
"db_size": 5500000,
"checked_at": "2026-03-31T15:00:00Z"
}
}Response — SAFE
200 OK
{
"success": true,
"data": {
"decision": "SAFE",
"verdict": "ORIGINAL_LIKELY",
"alert": "CLEAN",
"confidence": 95,
"risk": "none",
"trust_index": 44,
"decision_reason": "no significant match found",
"best_match": null,
"origin": null,
"copies_detected": 0,
"db_size": 5500000,
"checked_at": "2026-03-31T15:00:00Z"
}
}
source_url — key to geometric verification
When a candidate has a
source_url (direct image URL), the copy verifier downloads and compares geometrically via ORB+RANSAC → BLOCK with proof. Without source_url, the verifier is blind → REVIEW at most.
JavaScript Integration Example
JavaScript — pre-listing check
async function checkBeforeListing(imageFile) {
const formData = new FormData();
formData.append('file', imageFile);
const res = await fetch('https://certify.sbix.io/api/v1/check', {
method: 'POST',
headers: { 'Authorization': 'Bearer YOUR_API_KEY' },
body: formData
});
const { data } = await res.json();
if (data.decision === 'BLOCK') {
return { action: 'block', reason: data.verdict, match: data.best_match };
}
if (data.decision === 'REVIEW') {
return { action: 'review', confidence: data.confidence };
}
return { action: 'allow' };
}Ingest — Enterprise Archive Onboarding
Push your image archive into SBIX. We fingerprint, index, and certify everything on our side. You don't need to change your pipeline — just give us access to your CDN URLs.
POST
https://certify.sbix.io/api/v1/ingest
Partner auth required
The Getty / Marketplace model
Ingest once → SBIX indexes your archive → Any future
/check call will detect copies of your images with geometric proof. No ongoing integration required on your side.
Request
| Parameter | Type | Required | Description |
|---|---|---|---|
asset_id |
string | Yes | Your internal asset identifier (e.g. "teia_999999") |
image_url |
string | Yes | Direct image URL — must be publicly accessible |
platform |
string | Yes | Your platform identifier (e.g. "getty", "teia", "objkt") |
first_seen_at |
string | No | ISO 8601 timestamp of first publication (improves origin scoring) |
Auth Scopes Required
Partner API only. Ingest requires scope
ingest and is_partner=1. Contact contact@sbix.io to get a partner API key.
cURL Example
Single asset ingest
curl -X POST https://certify.sbix.io/api/v1/ingest \
-H "Authorization: Bearer YOUR_PARTNER_KEY" \
-H "Content-Type: application/json" \
-d '{
"asset_id": "getty_123456789",
"image_url": "https://media.gettyimages.com/photos/123456789.jpg",
"platform": "getty",
"first_seen_at": "2020-01-15T10:00:00Z"
}'Response
201 — Indexed
{
"success": true,
"status": "indexed",
"proof_id": "getty_123456789",
"message": "Asset fingerprinted and indexed successfully"
}200 — Already indexed
{
"success": true,
"status": "already_indexed",
"proof_id": "getty_123456789",
"message": "Asset already in index"
}Certify — Create a Proof
Accepts one or more data items, builds a Merkle tree, timestamps the root with an eIDAS Qualified TSA (AlfaSign — EU Trusted List), and anchors it on Tezos Mainnet and Aleph.im.
POST
https://certify.sbix.io/api/certify
Auth required
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
leaves |
string[] | Yes | Array of items to certify (hashes or text). Max 10,000 items. |
leaves_hashed |
boolean | No | If true, leaves are already SHA-256 hex hashes (skip re-hashing) |
filename |
string | No | Label for the proof (e.g. original filename) |
case_reference |
string | No | Legal case reference (e.g. "CASE-2026-001") |
Merkle batching — whether you send 1 leaf or 10,000, exactly 1 timestamp token is consumed. Ideal for high-volume workflows.
cURL Example
cURL
curl -X POST https://certify.sbix.io/api/certify \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"leaves": ["e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"],
"filename": "artwork_original.png",
"leaves_hashed": true
}'Response (201 Created)
JSON
{
"message": "Proof successfully generated",
"proof_id": "proof_9cec4ed9a95e4ed8",
"merkle_root": "6e8f29ea62064465c81ff096609953345a8475f0cb53324833e7ea7a0604593f",
"timestamp": "2026-03-01T13:24:55.348703Z",
"tsa_type": "eIDAS Qualified",
"tsa_provider": "AlfaSign (AlfaTrust Certification S.A.)",
"eidas_qualified": true,
"verify_url": "https://certify.sbix.io/verify/proof_9cec4ed9a95e4ed8"
}
All-or-nothing guarantee. TSR + proof JSON + PDF + DB commit → HTTP 201. Failure at any step → rollback + deletion → 500. Never HTTP 201 without all 4 artifacts.
Python Example
Python
import requests, hashlib
API_KEY = "sbix_live_your_key_here"
with open("artwork.png", "rb") as f:
file_hash = hashlib.sha256(f.read()).hexdigest()
response = requests.post(
"https://certify.sbix.io/api/certify",
headers={"Authorization": f"Bearer {API_KEY}"},
json={"leaves": [file_hash], "filename": "artwork.png", "leaves_hashed": True}
)
result = response.json()
print(f"Proof ID: {result['proof_id']}")
print(f"Verify: {result['verify_url']}")Retrieve Proofs
GET
/api/proof/{proof_id}
Auth required
Returns the complete proof record: leaves, Merkle tree, TSA token data, blockchain anchors (Tezos TX, Aleph hash), timestamps, and HMAC signature.
cURL
curl https://certify.sbix.io/api/proof/proof_9cec4ed9a95e4ed8 \
-H "Authorization: Bearer YOUR_API_KEY"
Async anchoring — Tezos and Aleph.im anchoring happens asynchronously (typically 30–60 seconds after proof creation). The
tezos_tx and aleph_hash fields may be null on immediate retrieval.
Evidence Pack
Download a court-ready ZIP containing all verification artifacts. Works offline, without an SBIX account, permanently.
GET
/api/v1/certificates/{proof_id}/evidence-pack
Auth required
cURL
curl -o evidence_pack.zip \
https://certify.sbix.io/api/v1/certificates/proof_9cec4ed9a95e4ed8/evidence-pack \
-H "Authorization: Bearer YOUR_API_KEY"| File | Description |
|---|---|
certificate.pdf | Digitally signed certificate with QR code |
proof.json | Full cryptographic proof — all metadata |
timestamp.tsr | Raw RFC-3161 timestamp token (eIDAS Qualified) |
anchors.json | Tezos and Aleph blockchain references |
verify.sh | Bash offline verification script |
verify.py | Python offline verification script (stdlib only) |
verify.md | Step-by-step instructions + eIDAS legal notice |
sha256sums.txt | Integrity checksums for all files |
Public Verification
Every proof has a public verification page — no account, no API key required. Share with third parties, auditors, or courts.
GET
https://certify.sbix.io/verify/{proof_id}
No auth
Example URL
https://certify.sbix.io/verify/proof_bb0593e0d35c434fIndependent Verification (no SBIX)
Verify TSA token with OpenSSL
openssl ts -verify -in timestamp.tsr -data proof.json
Verify Evidence Pack integrity
sha256sum -c sha256sums.txtErrors
Errors return JSON with an error field.
Error Format
{
"error": "bad_request",
"reason": "Description of the problem"
}| Status | Meaning |
|---|---|
200 | Success |
201 | Created — proof generated |
400 | Bad request — missing or invalid parameters |
401 | Unauthorized — missing or invalid API key |
403 | Forbidden — insufficient scope (e.g. ingest requires partner key) |
404 | Not found — proof does not exist |
413 | File too large — max 20MB for Check and Search |
429 | Rate limited — Free: 100/h, Pro: 500/h, Pro+: 1000/h |
500 | Server error |
Need integration help?
For partner access (Ingest API), volume pricing, or technical support — contact us directly.