What a passport holds
- Tamper-evident seal — an asymmetric signature whose private key never leaves Google Cloud KMS: a CMS/PKCS#7 signature visible in any PDF reader’s signature panel, with
/ByteRangetamper-evidence. Change one byte after sealing and every verifier can tell. - Independent time — a trusted-timestamp token from an independent RFC 3161 time-stamping authority over the sealed document’s SHA-256. An archivable attestation that the sealed bytes existed at that moment — not SignSealShip’s word for it.
- Bitcoin anchor — the sealed hash is submitted to public OpenTimestamps calendars, producing a detached proof anyone can verify or upgrade with standard tooling. It is honestly reported as
pendinguntil a Bitcoin block confirms it — never a claim that hasn’t been earned. - Chain of custody — a 128-bit random verification code plus a custody record: the pre-seal document hash, the post-seal hash, and when it was sealed. Possession of the code (or the sealed file) is the authorization to see it.
- Public verification — a URL anyone can check without a SignSealShip account and without trusting you. The artifact proves itself.
What it is not
- A signing tool — you bring the already-executed document; SignSealShip seals and proves it.
- A legal opinion — the evidence is cryptographic fact, not advice on your document’s legal sufficiency.
- A place your customers’ data lives — passport rows hold hashes and a verify code, never document content or PII. The upload is never retained beyond producing the sealed artifact.
Seal a document
POST /api/passport/seal
Requires your partner key. Send the executed PDF as a multipart form part named file, up to 35 MB. The bytes are checked for PDF magic bytes, streamed into memory (never to disk), and discarded after sealing. Rate limited at 12 requests per minute per IP.
The executed PDF, as the multipart part named
file. Maximum 35 MB.The passport’s id (UUID). Use it with
GET /api/passport/{id}.The 128-bit public verification capability code.
Absolute public verification URL,
https://signsealship.com/api/passport/verify/{verifyCode}.SHA-256 (hex) of the exact bytes you uploaded — the pre-seal hash.
SHA-256 (hex) of the sealed PDF SignSealShip produced and stored.
"sealed" once the KMS seal is applied and stored.Independent timestamp evidence over the sealed hash. Either member is
null
when that authority could not be reached — the response never fakes
evidence it didn’t gather.200 OK
400 {"error": "Expected a multipart 'file' PDF part up to 35MB."} for a missing, oversized, or non-multipart upload, 400 {"error": "Uploaded bytes are not a PDF."} when the magic bytes don’t match, 401 for a bad key.
A signed passport.sealed webhook fires on sealing if you have registered one — see webhooks.
Fetch a passport
GET /api/passport/{id}
Requires your partner key. Partner isolation is enforced: a passport is visible only to the partner that created it.
The passport’s UUID from the seal response.
curl
timestamps, plus createdAt:
200 OK
404 {"error": "No such passport."}.
Verify a passport (public)
GET /api/passport/verify/{code}
Public and self-contained: possession of the code is the authorization. Never exposes the partner identity or any other passport. Rate limited at 12 requests per minute per IP. Malformed and unknown codes return the identical generic {"verdict": "unknown"} 404.
The 26-character verify code.
curl
"verified" when the code resolves to a sealed passport.Echo of the code.
SHA-256 (hex) of the sealed PDF — compare against a file in hand.
SHA-256 (hex) of the original uploaded bytes.
When the passport was sealed.
"proof_passport_api" — this record came through the partner API.Whether the sealed artifact is archived and downloadable below.
Download the sealed document (public)
GET /api/passport/verify/{code}/document
Streams the byte-identical sealed PDF as application/pdf. Any holder of the code can fetch it; the file also verifies on its own in any PDF reader’s signature panel — no SignSealShip involvement required. Unknown codes and missing artifacts return the generic {"verdict": "unknown"} 404.
curl
Register a passport webhook
POST /api/passport/webhooks
Requires your partner key. Registers an https endpoint for passport.sealed events; the signing secret is returned exactly once — only its hash is stored. Full payload and signature verification details are on the webhooks page.
Your https webhook endpoint.
curl
200 OK