🚀 Start Certifying in 2 Minutes

✓ EXACT/COPY/SIMILAR/CLEAN in <200ms ✓ 38,000+ images indexed (Teia, Wikimedia, IA) ✓ eIDAS + Tezos blockchain proof
Get API Key → See Pricing
Enterprise? contact@sbix.io
Quick Example 
curl -X POST https://certify.sbix.io/api/v1/check \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@artwork.png"

# Response
{
  "alert": "EXACT",
  "trust_index": 0,
  "decision_reason": "best_match=EXACT distance=0 platform=teia",
  "best_match": { "similarity_percent": 100.0,
                  "verify_url": "https://verify.sbix.io/verify/teia_871500" }
}

🔌 API Reference

Integrate document certification into your applications

v6.2 ✓ Production Live
Overview Authentication Endpoints 🎯 Check (Marketplace) Certify Retrieve Evidence Pack Verify Errors

Overview

The SBIX Certify API creates cryptographic proof-of-existence for your data. One API call delivers triple-anchored evidence: eIDAS Qualified Timestamp, Tezos Mainnet blockchain, and Aleph.im/IPFS decentralized storage.

Base URL:
https://certify.sbix.io
🔐

Secure

TLS 1.3, Bearer token auth

🇪🇺

eIDAS

EU qualified timestamps

⛓️

Blockchain

Tezos Mainnet + Aleph.im

🔍

Public Verify

No-auth verification portal

What You Get Per API Call

Layer Technology Legal Value
Qualified Timestamp RFC-3161 via QTSA.eu (EU Trusted List) Article 41 eIDAS — court-admissible in 27 EU states
Blockchain Tezos Mainnet Tamper-proof, independently verifiable
Decentralized Storage Aleph.im / IPFS Resilient, censorship-resistant

Quick Start

cURL • Certify a hash 
# Certify a SHA-256 hash in one request
curl -X POST https://certify.sbix.io/api/certify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"leaves":["e3b0c44298fc1c149afbf4c8996fb924..."], "leaves_hashed": true}'

Authentication

All API calls require a Bearer token in the Authorization header. The public verification portal (/verify/{proof_id}) requires no authentication.

Authorization Header 
Authorization: Bearer sbix_live_xxxxxxxxxxxxxxxx
⚠️ Keep your API key secret!

Never expose your API key in client-side code or public repositories.

Getting Your API Key

  1. Log in to your Dashboard
  2. Go to API Keys section
  3. Click "Generate New API Key"
  4. Copy the key immediately (shown only once)

API Key Format

Format 
sbix_live_<64_hex_characters>

Example:
sbix_live_7efbd6230039b2dd745b1c4334ef1713a770f245204476a5b881eef0b32c4fc6

Endpoints

🎯 Image Check API — Marketplace

The pre-listing endpoint. One call, instant answer: original or copy.
MethodEndpointDescription
POST /api/v1/check Image copy detection — EXACT / COPY / SIMILAR / CLEAN
POST /api/v1/scan-public Free public scan — no auth, rate limited 10/day per IP

🔐 Certify API — Authenticated

Base URL: https://certify.sbix.io
Method Endpoint Description
POST /api/certify Create a proof (main endpoint)
GET /api/proof/{proof_id} Retrieve proof details
GET /api/export/proof/{proof_id}.json Download proof JSON file
GET /api/v1/certificates/{proof_id}/evidence-pack Download Evidence Pack (8-file ZIP)

🔍 Public Verification — No Auth Required

✓ No authentication required — share these URLs with anyone
Method Endpoint Description
GET /verify/{proof_id} Public verification page (human-readable)
GET /api/v1/verify/{proof_id} Public verification API (JSON response)
GET /api/v1/health Health check (service status)

🎯 POST /api/v1/check — Marketplace Trust Index

The product endpoint for marketplace integrations. Call this before every listing to detect copies. Returns a structured verdict in under 200ms against an index of 38,000+ images across Teia, Wikimedia, Internet Archive and more.

POST https://certify.sbix.io/api/v1/check
Auth required — Bearer token. No rate limit for API key holders.

Request

ParameterTypeRequiredDescription
file multipart Yes* Image file upload (jpg, png, gif, webp, tiff). Max 20MB.
image_url string Yes* URL of the image (alternative to file upload)
include_weak bool No Include weak matches (distance 17–20). Default: false
max_distance int No Override max distance threshold (default 16, max 20)

* Provide either file or image_url.

cURL Example

cURL — file upload 
curl -X POST https://certify.sbix.io/api/v1/check \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "file=@artwork.png"
cURL — image URL 
curl -X POST https://certify.sbix.io/api/v1/check \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"image_url": "https://ipfs.io/ipfs/QmXxx..."}'

Response — CLEAN (original)

JSON • 200 OK
{
  "success": true,
  "data": {
    "alert": "CLEAN",
    "is_original": true,
    "confidence": 95,
    "trust_index": 95,
    "decision_reason": "no_match found in index",
    "best_match": null,
    "matches": [],
    "thresholds": { "exact": 5, "close": 10, "similar": 16, "weak": 20,
                    "max_distance_used": 16, "include_weak": false },
    "db_size": 38501,
    "checked_at": "2026-03-04T11:28:13Z"
  }
}

Response — EXACT (copy detected)

JSON • 200 OK — Real test output
{
  "success": true,
  "data": {
    "alert": "EXACT",
    "is_original": false,
    "confidence": 0,
    "trust_index": 0,
    "decision_reason": "best_match=EXACT distance=0 platform=teia proof_id=teia_871500",
    "best_match": {
      "proof_id": "teia_871500",
      "platform": "teia",
      "filename": "Cost",
      "match_type": "EXACT",
      "distance": 0,
      "similarity_percent": 100.0,
      "first_indexed_at": "2026-03-04T11:35:29Z",
      "verify_url": "https://verify.sbix.io/verify/teia_871500"
    },
    "matches": [ ... ],
    "thresholds": { "exact": 5, "close": 10, "similar": 16, "weak": 20,
                    "max_distance_used": 16, "include_weak": false },
    "db_size": 38501,
    "checked_at": "2026-03-04T11:43:37Z"
  }
}

Alert Values

AlertDistanceTrust IndexMeaning
EXACT0–50–20 Identical or near-identical image found. Block listing.
COPY6–1020–60 Very close match. Probable copy. Flag for review.
SIMILAR11–1660–85 Visual similarity detected. May be coincidental.
CLEANnone95 No match found in index. Likely original.

JavaScript Integration Example

JavaScript — pre-listing check 
async function checkBeforeListing(imageFile) {
  const formData = new FormData();
  formData.append('file', imageFile);

  const res = await fetch('https://certify.sbix.io/api/v1/check', {
    method: 'POST',
    headers: { 'Authorization': 'Bearer YOUR_API_KEY' },
    body: formData
  });

  const { data } = await res.json();

  if (data.alert === 'EXACT') {
    // Block listing — show verify_url to user
    return { allowed: false, reason: data.decision_reason,
             proof: data.best_match.verify_url };
  }
  if (data.alert === 'COPY') {
    // Flag for manual review
    return { allowed: false, reason: 'Similar image detected', flag: true };
  }
  // SIMILAR or CLEAN — allow with trust_index
  return { allowed: true, trust_index: data.trust_index };
}
Index coverage

38,000+ images indexed: Teia (7,600+), Wikimedia Commons (26,000+), Internet Archive, Tzall, Objkt. Growing continuously.

POST /api/certify

The main endpoint. Accepts one or more data items, builds a Merkle tree, timestamps the root with an eIDAS Qualified TSA, and anchors it on Tezos Mainnet.

POST https://certify.sbix.io/api/certify

Parameters

Parameter Type Required Description
leaves string[] Yes Array of data to certify (hashes or text). Max 10,000 items.
leaves_hashed boolean No If true, leaves are already SHA-256 hex hashes (skip re-hashing)
filename string No Label for the proof (e.g., original filename)
case_reference string No Legal case reference (e.g., "CASE-2026-001")
requester_name string No Identity of the person requesting certification
requester_hash_only boolean No If true, only stores a hash of requester_name (privacy mode)
💡 Merkle Batching

Whether you send 1 leaf or 10,000 leaves, exactly 1 timestamp token is consumed. The Merkle tree compresses N items into 1 root. Ideal for batching large volumes.

Request — Single hash

cURL 
curl -X POST https://certify.sbix.io/api/certify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "leaves": ["e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"],
    "filename": "contract_v3.pdf",
    "leaves_hashed": true
  }'

Request — Batch (multiple items)

cURL 
curl -X POST https://certify.sbix.io/api/certify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "leaves": [
      "hash_of_document_1",
      "hash_of_document_2",
      "hash_of_document_3"
    ],
    "filename": "daily_batch_2026-02-01",
    "case_reference": "AUDIT-Q1-2026",
    "leaves_hashed": true
  }'

Response (201 Created)

JSON 
{
  "message": "Proof successfully generated",
  "proof_id": "proof_9cec4ed9a95e4ed8",
  "merkle_root": "6e8f29ea62064465c81ff096609953345a8475f0cb53324833e7ea7a0604593f",
  "timestamp": "2026-02-01T13:24:55.348703Z",
  "tsa_type": "eIDAS Qualified",
  "eidas_qualified": true
}

Response Headers

Header Description
Location/certify/proof/{proof_id}
ETagMerkle root hash
SBIX-Signaturev1={hmac_signature}
SBIX-TSA-TypeeIDAS Qualified or Local
🔁 Idempotency

Pass an Idempotency-Key header to prevent duplicate certifications. Same key within 24h returns the cached result.

Python Example

Python 
import requests
import hashlib

API_KEY = "sbix_live_your_key_here"

# Hash a file locally
with open("document.pdf", "rb") as f:
    file_hash = hashlib.sha256(f.read()).hexdigest()

# Certify
response = requests.post(
    "https://certify.sbix.io/api/certify",
    headers={"Authorization": f"Bearer {API_KEY}"},
    json={
        "leaves": [file_hash],
        "filename": "document.pdf",
        "leaves_hashed": True
    }
)

result = response.json()
print(f"Proof ID: {result['proof_id']}")
print(f"Verify:   https://verify.sbix.io/verify/{result['proof_id']}")

JavaScript Example

JavaScript / Node.js 
const crypto = require('crypto');
const fs = require('fs');

const API_KEY = 'sbix_live_your_key_here';

// Hash a file
const fileHash = crypto.createHash('sha256')
  .update(fs.readFileSync('document.pdf'))
  .digest('hex');

// Certify
const response = await fetch('https://certify.sbix.io/api/certify', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    leaves: [fileHash],
    filename: 'document.pdf',
    leaves_hashed: true
  })
});

const result = await response.json();
console.log(`Proof: ${result.proof_id}`);

Retrieve Proofs

GET /api/proof/{proof_id}

Retrieve the full proof record including all anchoring details.

GET https://certify.sbix.io/api/proof/{proof_id}
cURL 
curl https://certify.sbix.io/api/proof/proof_9cec4ed9a95e4ed8 \
  -H "Authorization: Bearer YOUR_API_KEY"

Returns the complete proof JSON including leaves, Merkle tree, TSA token data, blockchain anchors (Tezos TX, Aleph hash), timestamps, and HMAC signature. Response is cached as immutable — proofs are permanent.

⏳ Async Anchoring

Tezos and Aleph.im anchoring happens asynchronously (typically 30–60 seconds). The tezos_tx and aleph_hash fields may be null on immediate retrieval.

GET /api/v1/verify/{proof_id}

Public JSON verification endpoint — no authentication required. Returns proof details and verification status.

GET https://certify.sbix.io/api/v1/verify/{proof_id}
cURL 
curl https://certify.sbix.io/api/v1/verify/proof_9cec4ed9a95e4ed8
Response • 200 OK 
{
  "success": true,
  "data": {
    "verified": true,
    "certificate": {
      "proof_id": "proof_9cec4ed9a95e4ed8",
      "file_hash": "e3b0c44...",
      "has_eidas": true,
      "created_at": "2026-02-01T13:24:55Z",
      "blockchain_anchors": {
        "tezos": "oo...",
        "aleph": "Qm..."
      }
    }
  }
}

Evidence Pack

Download a court-ready ZIP package containing all verification artifacts. Everything needed to verify the proof independently, offline, without contacting SBIX.

GET https://certify.sbix.io/api/v1/certificates/{proof_id}/evidence-pack
cURL 
curl -o evidence_pack.zip \
  https://certify.sbix.io/api/v1/certificates/proof_9cec4ed9a95e4ed8/evidence-pack \
  -H "Authorization: Bearer YOUR_API_KEY"
📦 Evidence Pack Contents (8 files)
📄
certificate.pdf A4 certificate with QR code
📋
proof.json Full cryptographic proof
⏱️
timestamp.tsr RFC-3161 TSA token (eIDAS)
🔗
anchors.json Blockchain anchoring details
📖
verify.md Instructions + eIDAS legal notice
🐍
verify.py Python verification (stdlib only)
🔧
verify.sh Bash verification script
🔒
sha256sums.txt Integrity checksums for all files

You can also download the proof JSON directly:

GET https://certify.sbix.io/api/export/proof/{proof_id}.json
💡 Legacy export

/api/export/proof/{proof_id}.zip returns a basic 2-file archive (JSON + CSV). Use the Evidence Pack endpoint above for the full 8-file package.

🔍 Public Verification

Every proof has a public verification page that anyone can access — no account, no API key, no authentication. Share this URL with third parties, auditors, or courts.

✓ No authentication required

Anyone can verify any proof. Zero vendor lock-in.

GET https://verify.sbix.io/verify/{proof_id}
Example URL 
https://verify.sbix.io/verify/proof_bb0593e0d35c434f

The verification page displays proof details, all three anchoring layers (TSA, Tezos, Aleph), and download links for the PDF certificate and TSA token.

Independent Verification

Every proof can be verified without SBIX using standard tools:

Verify TSA token with OpenSSL 
# Verify the RFC-3161 timestamp independently
openssl ts -verify -in timestamp.tsr -data proof.json
Verify file integrity 
# Check all Evidence Pack files
sha256sum -c sha256sums.txt

Error Handling

Errors return JSON with an error field describing the problem.

Error Response Format 
{
  "error": "Description of the problem"
}

Status Codes

Code Meaning
200Success
201Created (proof generated)
400Bad Request (missing or invalid parameters)
401Unauthorized (missing or invalid API key)
404Proof not found
500Server error

Ready to integrate?

Get your API key and start certifying documents with blockchain + eIDAS timestamps.

Contact Us →