Hash-chained, append-only receipts for every API call. Verify what was served, to which key, and when — with cryptographic proof that the record has never been altered.
Each receipt is sealed to the previous one. Any gap, deletion, or modification breaks the chain — and verification catches it immediately.
Any authenticated request to the Audio API automatically generates a trace receipt. No additional parameters needed.
The system computes trace_hash, chains it to the previous receipt, and writes it to an append-only store. The row cannot be updated or deleted.
Call GET /v1/trace/verify with your key. The full chain is traversed and verified in a single response. Valid or broken — no ambiguity.
Chain data is available via the API for export to your SIEM, audit log aggregator, or compliance toolchain.
Every receipt hash commits to the request, the response, and the hash of the receipt before it. Altering any input breaks every downstream hash.
Append-only enforcement is applied at the database layer via a PostgreSQL RULE — not application logic. Even a direct database connection cannot update or delete receipts. The constraint survives application restarts, deployments, and credential rotation.
Verity Trace was designed from the ground up for regulated environments where "we think it wasn't changed" is not an acceptable answer.
PostgreSQL RULE blocks UPDATE and DELETE on the receipts table. Application-level enforcement alone is not sufficient — Verity enforces at the storage layer.
Any modification to a historical receipt — including by a privileged operator — breaks the hash chain. Verification reports the exact index where integrity fails.
Each API key maintains its own independent chain. Multi-tenant environments get clean separation: one key's receipts never touch another's.
Row-level FOR UPDATE locking serializes receipt writes per key. Chain index gaps from race conditions are structurally impossible.
A single authenticated GET /v1/trace/verify traverses the entire chain and returns a deterministic valid/broken result with chain length.
All receipts include timestamp, key ID, request hash, response hash, and chain position. Structured for direct ingestion by SOC 2 and ISO 27001 audit pipelines.
Chain verification requires no additional setup. If your key has made API calls, the chain is already being built.
# Verify chain integrity for your API key curl https://anchor.verityswarm.com/v1/trace/verify \ -H "Authorization: Bearer AW-your-key"
import requests BASE = "https://anchor.verityswarm.com" KEY = "AW-your-key" headers = {"Authorization": f"Bearer {KEY}"} r = requests.get(f"{BASE}/v1/trace/verify", headers=headers) result = r.json() assert result["valid"], f"Chain broken: {result['message']}" print(f"✓ Chain intact — {result['chain_length']} receipts verified")
Verity Trace is not an add-on. Every key — including the free trial — issues and chains receipts automatically.
Activate your key. Trace starts immediately.
100 free calls. Trace receipts included. No credit card, no expiry. Your chain starts with your first request.