Skip to main content

ProofLink API

ProofLink is iTechSmart’s cryptographic audit trail: every autonomous action is sealed as a SHA-256 hash-chained receipt on a public, append-only ledger (genesis 2026-05-26). Version 2.0 receipts additionally carry Ed25519 signatures over canonical bytes and compliance mappings (NIST AI RMF, EU AI Act Article 12, ISO 42001, SOC 2). The entire verification API is public — no authentication — because a ledger you cannot independently check proves nothing.

ResourceURL
Base URLhttps://verify.itechsmart.dev
Human UIverify.itechsmart.dev (paste any receipt ID)
Gateway mirrorapi.itechsmart.dev/v1/ledger and /v1/receipt/{id}

GET /api/stats

Ledger totals and chain integrity in one call.

curl https://verify.itechsmart.dev/api/stats

Response (live, 2026-07-01):

{
  "total_receipts": 77191,
  "chain_intact": true,
  "breaks": 0,
  "last_hash": "bf5bc8f0f3cd52ab4b4a694c1d3dd80195ea3f3e674157e45c25abbd21120aed",
  "last_timestamp": "2026-07-01T23:48:20.217553+00:00",
  "last_position": 77190,
  "genesis_timestamp": "2026-05-26T18:12:53.552120+00:00",
  "self_heals": 1143,
  "platform_fixes": 91
}

GET /api/receipts

Paginated receipt list, newest first. Query parameters: limit (page size) and page (0-based).

curl "https://verify.itechsmart.dev/api/receipts?limit=1&page=0"

Response (live sample):

{
  "total": 77200,
  "page": 0,
  "limit": 1,
  "has_more": true,
  "chain_intact": true,
  "receipts": [
    {
      "receipt_id": "b4d82adfdb1fb1e6",
      "chain_position": 77199,
      "previous_hash": "be9e07207e3758256bca3ec1e8fa715533ca330be081a52d82c332208fc779f9",
      "sha256": "b4d82adfdb1fb1e6d93a02c65f7ebc6ee2e61d056fee277f9194288bcefc961d",
      "timestamp": "2026-07-01T23:48:48.066664+00:00",
      "human_input": "ZERO",
      "type": "platform_health_check",
      "subject": "prometheus",
      "outcome": "CRITICAL — prometheus alert (firing)",
      "verify_url": "https://verify.itechsmart.dev/b4d82adfdb1fb1e6",
      "version": "2.0",
      "verified": true
    }
  ]
}

GET /api/verify/{receipt_id}

Verify a single receipt. The ID matches by prefix against the receipt ID or SHA-256 hash. GET /api/receipt/{id} is an alias.

curl https://verify.itechsmart.dev/api/verify/55d919bf7f1949c1

Response for a v2.0 receipt (live sample; canonical_bytes and compliance lists truncated):

{
  "found": true,
  "receipt": {
    "receipt_id": "55d919bf7f1949c1",
    "chain_position": 77202,
    "previous_hash": "159e4d7b262b2e1e10ecaff485e1381dd117aecc81d2b80c1925e55160f0b3a1",
    "sha256": "55d919bf7f1949c10ec1e74bd4107d1de8548f592b99363d346734ed1a206a1d",
    "timestamp": "2026-07-01T23:48:57.110577+00:00",
    "human_input": "ZERO",
    "type": "platform_health_check",
    "subject": "prometheus",
    "version": "2.0",
    "schema_version": "2.0",
    "signature": {
      "algorithm": "Ed25519",
      "public_key": "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97",
      "value": "3e3eb441de0d420b6ef2d90a015f29a8..."
    },
    "canonical_bytes": "7b22616374696f6e223a22...",
    "scitt_compatible": true,
    "transparency_log": "verify.itechsmart.dev/api/receipts",
    "vc_type": ["VerifiableCredential", "AIActionReceipt"],
    "compliance_mappings": {
      "nist_ai_rmf": ["GOVERN-1.1", "MAP-2.1", "MEASURE-2.5"],
      "eu_ai_act": ["Article-12(1)", "Article-12(2)", "Article-12(4)"],
      "iso_42001": ["8.4", "9.1"],
      "soc2": ["CC7.2", "CC7.3"]
    }
  }
}

Unknown IDs return {"found": false, "receipt": null} (HTTP 200). For v2.0 receipts the server also verifies the Ed25519 signature over the stored canonical bytes and re-derives the signed fields to detect tampering; signature and tamper fields are included when applicable.

GET /api/chain and GET /api/health

Whole-chain verification and service health:

curl https://verify.itechsmart.dev/api/chain
# {"chain_intact": true, "total": 77204, "breaks": 0}

curl https://verify.itechsmart.dev/api/health
# {"status": "operational", "service": "iTechSmart Public Ledger", "chain_intact": true, "total_receipts": 77204}

GET /api/how-to-verify (new)

A machine-readable verification spec: exactly how canonical_bytes, hash_sha256, the Ed25519 signature, and prev_hash are constructed for each receipt era (v3, v2, v1), the ledger public key with its SHA-256 fingerprint, and a complete reference verifier in Python. If you are building an independent verifier, start here.

curl https://verify.itechsmart.dev/api/how-to-verify

Response highlights (live sample, abbreviated — the full response includes a runnable reference_verifier_python):

{
  "service": "iTechSmart ProofLink public verification spec",
  "ledger_order": "The raw ledger array is newest-first; array order is the true chain order. /api/export returns oldest-first.",
  "eras": {
    "v3 (schema_version \"3.0\", receipts sealed 2026-07-01 onward)": {
      "hash_sha256": "SHA256(canonical_bytes) as lowercase hex.",
      "signature": "Ed25519 over the raw canonical_bytes. Fields: algorithm, public_key, value, signs=\"canonical_bytes\".",
      "verify": "All four checks must pass: (1) SHA256(canonical_bytes)==hash_sha256, (2) canonical re-derivation matches, (3) Ed25519 verifies, (4) prev_hash equals previous entry hash_sha256."
    },
    "v2 (schema_version \"2.0\", legacy)": { "...": "..." },
    "v1 (schema_version absent, legacy)": { "...": "..." }
  },
  "public_key_hex": "21102eaa68ea9ed42c05a2253aa953d33c59b5348ff8659018146e59fb061b97",
  "public_key_fingerprint_sha256": "54a2116e9cea5f51d6db61c4701d62fd3a0cf670b3004c89a5278eeb5507643f",
  "fetch_receipts": "GET /api/export?from=0&to=1000 (paginated, oldest-first) or GET /api/verify/<receipt_id_or_hash_prefix>",
  "reference_verifier_python": "import json, hashlib ..."
}

GET /api/export (new)

Bulk export of raw receipts in true chain order (oldest first) for offline verification — unlike /api/receipts, which is newest-first and summarised. Query parameters: from and to (0-based positions, max 1,000 per page). Each entry satisfies entry[i].prev_hash == entry[i-1].hash_sha256.

curl "https://verify.itechsmart.dev/api/export?from=0&to=1000"

Response (live sample, one receipt shown, canonical_bytes truncated):

{
  "from": 0,
  "to": 1000,
  "count": 1000,
  "total": 77423,
  "order": "oldest_first (true chain order; entry[i].prev_hash == entry[i-1].hash_sha256)",
  "max_page_size": 1000,
  "how_to_verify": "/api/how-to-verify",
  "receipts": [
    {
      "id": "107453ec5eadf445",
      "timestamp": "2026-06-19T17:57:07.226912+00:00",
      "category": "auto_reply_sent",
      "actor": "system:imap-reply-watcher",
      "hash_sha256": "107453ec5eadf445e63ab236176d3b1d4359e77c8c219039fe2272313379bd89",
      "prev_hash": "e0b20dbce35599485e55078c2b0afa0d7ac2f426bf39630da962689d6463043b",
      "schema_version": "2.0",
      "canonical_bytes": "7b22616374696f6e223a22..."
    }
  ]
}

Ledger access via the API gateway

The same ledger is also served by the gateway (useful if you are already authenticated there): GET api.itechsmart.dev/v1/ledger?limit=&offset= and GET api.itechsmart.dev/v1/receipt/{id}. See the UAIO API reference.

Verifying receipts yourself

You do not have to trust this API. The authoritative, machine-readable spec is /api/how-to-verify, which includes a runnable Python reference verifier; the summary below explains the model. Each receipt’s sha256 commits to its content and each entry stores previous_hash, so the chain can be re-walked offline from /api/receipts pages: check that every previous_hash equals the prior entry’s sha256. For v2.0 receipts, canonical_bytes is the hex-encoded JCS-canonical JSON that was signed — verify the Ed25519 signature.value against signature.public_key with any standard library. Receipts are SCITT-compatible and typed as W3C Verifiable Credentials (AIActionReceipt).

Python example (chain walk over one page):

import requests

page = requests.get("https://verify.itechsmart.dev/api/receipts",
                    params={"limit": 100, "page": 0}, timeout=30).json()
rs = page["receipts"]  # newest first
for newer, older in zip(rs, rs[1:]):
    assert newer["previous_hash"] == older["sha256"], "chain break!"
print(f"chain OK across {len(rs)} receipts")