API Documentation

Integrate Provelio into your application with our REST API.

Quick Start

1. Get an API Key

Go to Settings > Advanced and create an API key.

2. Create a Certificate

curl -X POST https://api.provelio.org/v1/certificates \
  -H "Authorization: Bearer prv_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "sha256Hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
    "fileName": "document.pdf",
    "fileSize": 2048576
  }'

3. Verify a Certificate

curl https://api.provelio.org/v1/verify/abc123def456

JavaScript Example

const API_KEY = 'prv_live_your_key'
const BASE = 'https://api.provelio.org/v1'

// Hash a file in the browser
async function hashFile(file) {
  const buffer = await file.arrayBuffer()
  const hash = await crypto.subtle.digest('SHA-256', buffer)
  return Array.from(new Uint8Array(hash))
    .map(b => b.toString(16).padStart(2, '0')).join('')
}

// Create a certificate
async function createCertificate(file) {
  const sha256Hash = await hashFile(file)
  const res = await fetch(`${BASE}/certificates`, {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${API_KEY}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      sha256Hash,
      fileName: file.name,
      fileSize: file.size,
      fileType: file.type,
    }),
  })
  return res.json()
}

Python Example

import hashlib
import os
import requests

API_KEY = "prv_live_your_key"
BASE = "https://api.provelio.org/v1"

def hash_file(path: str) -> str:
    sha256 = hashlib.sha256()
    with open(path, "rb") as f:
        for chunk in iter(lambda: f.read(8192), b""):
            sha256.update(chunk)
    return sha256.hexdigest()

def create_certificate(path: str):
    file_hash = hash_file(path)
    resp = requests.post(
        f"{BASE}/certificates",
        headers={"Authorization": f"Bearer {API_KEY}"},
        json={
            "sha256Hash": file_hash,
            "fileName": path.split("/")[-1],
            "fileSize": os.path.getsize(path),
        },
    )
    return resp.json()

Authentication

All API requests require a Bearer token in the Authorization header.

Test keys (prv_test_) create test-mode certificates. Live keys (prv_live_) create real certificates anchored to Bitcoin.

Rate Limits

Endpoint	Limit
GET /v1/certificates	120/min
POST /v1/certificates	30/min
GET /v1/verify/*	30/min

Webhooks

Webhooks notify your server when certificate status changes. Each request includes an X-Provelio-Signature header (HMAC-SHA256 of the body with your webhook secret).

Events: certificate.created, certificate.anchoring, certificate.confirmed, certificate.failed

OpenAPI Specification

Full machine-readable spec: api.provelio.org/v1/openapi.yaml