Public Verification
Verify action receipts without authentication — for auditors, regulators, and counterparties.
Verification endpoints are public — no API key or authentication required. This allows anyone (auditors, regulators, counterparties) to independently verify that an action was notarized.
Base URL: https://api.airaproof.com/api/v1
Verify Action
GET /api/v1/verify/action/{action_uuid}No authentication required.
Response (Valid)
{
"valid": true,
"receipt_uuid": "uuid",
"verified_at": "2026-03-26T10:00:00Z",
"public_key_id": "kid_abc123",
"message": "Action receipt exists and signing key is valid.",
"request_id": "req_abc123"
}Response (Invalid)
{
"valid": false,
"receipt_uuid": null,
"verified_at": "2026-03-26T10:00:00Z",
"public_key_id": "unknown",
"message": "Action receipt not found",
"request_id": "req_abc123"
}What Gets Verified
- The action exists in the database
- A cryptographic receipt was generated
- The signing key that signed the receipt is valid and active
- The timestamp is intact
Response Fields
| Field | Type | Description |
|---|---|---|
valid | boolean | Whether the action and its receipt are valid |
receipt_uuid | string/null | Receipt ID if found |
verified_at | string | ISO 8601 timestamp of verification |
public_key_id | string | ID of the signing key used |
message | string | Human-readable verification result |
Sharing Verification Links
Every notarized action has a public verification URL:
https://api.airaproof.com/api/v1/verify/action/{action_uuid}Share this URL with:
- Auditors reviewing your AI operations
- Regulators inspecting compliance
- Counterparties verifying that an agent action was properly recorded
- Legal teams building evidence for litigation or dispute resolution
The verification URL is returned in the action detail response as receipt.verify_url.
Verify Case Receipt
GET /api/v1/verify/{receipt_uuid}No authentication required. Verifies a case receipt by receipt ID.
Offline Verification
For air-gapped or offline environments, you can verify receipts locally:
- Obtain the public key from
GET /api/v1/receipts/signing-keys - Verify the Ed25519 signature against the payload hash
- Optionally verify the RFC 3161 timestamp token
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
import base64
# Load public key
public_key = Ed25519PublicKey.from_public_bytes(base64.b64decode(key_b64))
# Verify signature
public_key.verify(
base64.urlsafe_b64decode(receipt.signature),
receipt.payload_hash.encode(),
)
# If no exception → signature is validPython SDK
from aira import Aira
aira = Aira(api_key="aira_live_xxx")
# No auth needed — works even without an API key
result = aira.verify_action("action-uuid")
print(result.valid) # True
print(result.message) # "Action receipt exists and signing key is valid."