POST /v1/verify

Verify content against a stored provenance record. No authentication required. Always free.

---

Single verification

POST /v1/verify
Content-Type: multipart/form-data

Form fields

Field	Required	Description
content	Yes	Image file (any format)
token	No	ctv_… token. If omitted, extracted automatically from XMP then watermark

Token extraction order

1. Token provided explicitly → fast path, skip extraction
2. XMP metadata → instant, zero computation
3. Frequency-domain watermark → slower, survives social media re-uploads
4. Nothing found → no_provenance_found

---

Response

{
  "authentic": true,
  "tampered": false,
  "confidence": "high",
  "token_source": "xmp",
  "signals": {
    "watermark_found": true,
    "record_found": true,
    "signature_valid": true
  },
  "provenance": {
    "org": "acme-ai",
    "model": "stable-diffusion-xl",
    "signed_at": "2026-03-29T00:00:00Z"
  }
}

Confidence levels

Confidence	Signals	Meaning
high	Watermark ✓ + Record ✓ + Signature ✓	Full chain intact
medium	Record ✓ + Signature ✓, no watermark	Re-uploaded without watermark, still verifiable
low	Partial signals	Something is off
none	Nothing found	Not signed by Certivu — no claim either way

When authentic: false

A reason field is included:

Reason	Meaning
no_provenance_found	No token, XMP, or watermark detected
record_not_found	Token decoded but record missing from DB
content_tampered	Content hash does not match stored hash
signature_invalid	ML-DSA signature verification failed
invalid_token	Token could not be decoded

---

Batch verification

POST /v1/verify/batch
Content-Type: application/json

Up to 50 items per request.

{
  "items": [
    { "content": "<base64 image>", "token": "ctv_..." },
    { "content": "<base64 image>" }
  ]
}

Returns an array of VerificationResult objects in the same order.

---

Notes

• Verification never requires authentication
• Verification is not rate-limited per plan — IP rate limiting only (abuse prevention)
• Absence of provenance data does not imply human origin