Skip to main content

Welcome to Truthlocks

Enterprise-grade attestation infrastructure for issuing, managing, and verifying cryptographically signed digital credentials at scale.

What is Truthlocks?

Truthlocks is a cloud-native platform that enables organizations to issue tamper-proof digital attestations. Whether you’re issuing academic credentials, professional certifications, identity verification tokens, or compliance attestations, Truthlocks provides the cryptographic infrastructure to make claims verifiable anywhere, by anyone.

Cryptographic Integrity

Every attestation is signed with Ed25519 keys and recorded in an append-only transparency log. Tampering is mathematically impossible.

Trust Registry

Issuers are activated immediately on creation and can optionally apply for higher trust tiers through a review process. Verifiers can trust that attestations come from legitimate sources.

Real-time Verification

Verify any attestation in milliseconds with a single API call. Get cryptographic proof of validity, revocation status, and issuer trust level.

Enterprise Security

Multi-tenant isolation, RBAC with fine-grained permissions, complete audit trails, and SOC 2 Type II compliance ready infrastructure.

Two ways to use Truthlocks

Truthlocks serves both organizations issuing credentials at scale and individual creators proving authorship of their work.

For organizations (B2B)

Register an issuer, manage signing keys, and mint attestations for credentials like diplomas, certifications, and compliance records. Verifiers can check any attestation with a single API call.

For individual creators (B2C)

Protect your original content — photos, code, designs, documents — with a single API call. Hash your file client-side, submit the hash, and receive a shareable proof URL. Your signing identity is provisioned automatically on first use. The consumer mint endpoint returns content_hash, protected_at, and a verify_url in the response, so you can confirm exactly what was protected and share the proof immediately without a follow-up call. Anyone can view the proof page or fetch its metadata via the public proof metadata endpoint — no authentication required.

B2B quickstart

Issue your first enterprise attestation in under 5 minutes.

Content protection guide

Protect your first file and share a proof link.

Use cases

Truthlocks is designed for any scenario where you need to issue verifiable claims that third parties can trust without contacting the issuer directly.

Content protection

  • Creative work: Prove authorship of photos, designs, music, and video with timestamped cryptographic proofs
  • Source code: Establish provenance for code files and repositories
  • AI-generated content: Record provenance metadata for AI outputs

Education & credentials

  • Academic degrees: Issue transcripts and diplomas that employers can verify instantly
  • Professional certifications: AWS, Google Cloud, CFA — all verifiable on-demand
  • Continuing education: Track and verify CPE credits for licensed professionals

Identity & access

  • Age verification: Prove users are 18+ without revealing exact birthdate
  • Employment verification: Confirm current employment status for background checks
  • KYC/AML attestations: Share verification status across platforms

Machine identity

The Machine Agent Identity Protocol (MAIP) is generally available. MAIP gives your AI agents, pipelines, and automated systems a verifiable identity with cryptographic receipts, trust scoring, and a full audit trail.
  • Agent registry: Register AI agents with unique identifiers and Ed25519 keypairs. Manage the full lifecycle — create, update, suspend, and revoke — via the agents API
  • Session-based authorization: Create short-lived, scope-bound sessions with automatic expiry and least-privilege tool access controls. See agent authorization
  • Trust scores: Compute continuous 0–100 trust scores based on receipt history, compliance status, and peer attestations. See trust scores
  • AI orchestration: Coordinate multi-agent tasks using sequential, parallel, hierarchical, or competitive execution patterns with built-in cost tracking and safety guardrails. See AI orchestration
  • Cross-tenant delegation: Offer and accept bilateral trust delegations between tenants with configurable depth limits and receipt chains. See cross-tenant delegation
  • Integrations: Integrations for Slack, GitHub Action, Linear, Notion, VS Code, JetBrains, Neovim, MCP Server, multi-backend event streaming, and AI model connectors for LangChain, LlamaIndex, CrewAI, and more. Browse all available connectors on the Integrations Hub or see the MAIP integrations guide

Anti-fraud & risk

The Anti-Fraud Identity Firewall is generally available. It provides a centralized pipeline for ingesting, normalizing, and querying fraud-detection signals across your identity infrastructure, with real-time webhook notifications for all signal types.
  • Risk signal ingestion: Feed fraud-detection signals from any source — device fingerprinting, IP reputation, email verification, or your own rules — via POST /v1/risk/signals. Supports idempotent retries and six entity types (user, issuer, session, device, ip, attestation).
  • Event normalization: Submit raw identity events (failed logins, invalid signatures, deepfake suspects) via POST /v1/risk/events and have them automatically mapped to risk signals with pre-calibrated scores
  • Risk & Fraud console: Browse, filter, and inspect all ingested signals with color-coded score badges in the Risk & Fraud > Signals console page
  • Deepfake and impersonation detection: Scan images, videos, documents, and attestations for manipulation indicators via POST /v1/risk/deepfake/scan. Scans that exceed the risk threshold automatically create a risk signal. See the deepfake detection guide
  • Account takeover detection: Monitor login velocity per subject and automatically flag account takeover attempts via POST /v1/risk/ato/evaluate. The platform tracks failed logins in a rolling one-hour window and creates alerts and risk signals when thresholds are crossed. See the ATO detection guide
  • Velocity and anomaly scoring: Track action frequency across rolling time windows (1 m, 5 m, 1 h, 24 h) via POST /v1/risk/velocity/record. The platform computes a weighted velocity score biased toward burst detection and auto-ingests risk signals when the score reaches 60 or above. See the velocity scoring guide
  • Device fingerprinting: Track device-level fraud indicators like emulators and spoofed attributes
  • IP reputation scoring: Flag VPNs, proxies, and datacenter IPs with risk scores
  • Behavioral analysis: Detect velocity anomalies and suspicious session patterns

Compliance & governance

  • Regulatory compliance: Prove compliance with GDPR, HIPAA, SOX
  • Supply chain: Attest to origin, handling, and quality of goods
  • Financial services: Issue and verify trade confirmations and settlements

Architecture Overview

Truthlocks is built as a set of microservices deployed on AWS ECS Fargate, designed for horizontal scalability and high availability. 
┌─────────────────────────────────────────────────────────────┐
│                        API Gateway                          │
│                  (Rate Limiting, Auth, Routing)             │
└─────────────────────────────────────────────────────────────┘

        ┌─────────────────────┼─────────────────────┐
        ▼                     ▼                     ▼
┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│  Attestation │     │    Trust     │     │  Governance  │
│   Service    │     │   Registry   │     │   Service    │
└──────────────┘     └──────────────┘     └──────────────┘
        │                     │                     │
        └─────────────────────┼─────────────────────┘

                    ┌──────────────────┐
                    │  Signing Service │
                    │  (Ed25519 Keys)  │
                    └──────────────────┘


                    ┌──────────────────┐
                    │ Transparency Log │
                    │  (Append-only)   │
                    └──────────────────┘

Getting started

Choose the path that matches your use case:
1

Sign up

Create an account at verify.truthlocks.com.
2

Protect content

Upload a file on the Protect page or call the consumer mint API. Your signing identity is created automatically.
3

Share your proof

Use the verify_url from the response to share a public proof page that anyone can view without logging in.

Next Steps

Quick Start

Issue your first attestation in under 5 minutes with our step-by-step guide.

Core Concepts

Understand tenants, issuers, attestations, and the verification model.

API Reference

Explore all endpoints with an interactive playground — build requests, switch environments, and send them from the docs.