> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Submit Document for Verification

> Submit a document for AI and human verification with integrity hashing

Submits a document to the verification pipeline for automated AI analysis followed by optional human review. The platform extracts content, computes integrity hashes, runs anomaly detection, and produces a verification determination.

Documents are processed asynchronously. The response includes a `document_id` that you can use to poll for results via the [Get Document](/api-reference/machine-identity/documents/get) endpoint, or subscribe to the `document.verified` webhook event.

The platform supports PDF, images (PNG, JPEG, TIFF), and structured data files (JSON, XML). Maximum file size is 50 MB after base64 encoding.

### Authentication

Requires `X-API-Key` header or Bearer JWT token. Tenant-scoped via `X-Tenant-ID`.

### Request Body

<ParamField body="agent_id" type="string" required>
  The identifier of the agent submitting the document for verification. Must be
  registered and active within the tenant. Format: `maip-agent:ULID`.
</ParamField>

<ParamField body="document_type" type="string">
  Classification of the document. Helps the AI pipeline select the appropriate
  extraction model. Common values: - `contract` -- legal contracts and
  agreements - `invoice` -- financial invoices - `certificate` -- certificates,
  licenses, or credentials - `report` -- compliance or audit reports -
  `identity` -- identity documents (passport, driver's license) - `other` --
  unclassified documents
</ParamField>

<ParamField body="file_name" type="string">
  Original file name with extension. Used for display and to infer content type
  when not explicitly set.
</ParamField>

<ParamField body="document_hash" type="string">
  Client-computed SHA-256 hex digest of the original file bytes (before base64
  encoding). If provided, the platform verifies the hash matches the uploaded
  content. Recommended for integrity assurance.
</ParamField>

<ParamField body="document_b64" type="string" required>
  The document content as a base64-encoded string. Maximum 50 MB after encoding.
</ParamField>

### Response

<ResponseField name="document_id" type="string">
  Unique identifier for the document verification record. Format:
  `maip-doc:ULID`.
</ResponseField>

<ResponseField name="status" type="string">
  Initial processing status. Always `processing` on submission.
</ResponseField>

<ResponseField name="extraction_hash" type="string">
  The platform-computed SHA-256 hex digest of the uploaded document bytes.
</ResponseField>

<ResponseField name="created_at" type="string">
  ISO 8601 timestamp of when the document was submitted.
</ResponseField>

### Processing Pipeline

<Steps>
  <Step title="Upload and Hash">
    Document is received, decoded, and SHA-256 hashed. If `document_hash` was
    provided, it is validated against the computed hash.
  </Step>

  <Step title="AI Extraction">
    Content is extracted using OCR and document understanding models. Key fields
    are identified based on `document_type`.
  </Step>

  <Step title="Anomaly Detection">
    AI models scan for signs of tampering, forgery, inconsistencies, and
    metadata anomalies.
  </Step>

  <Step title="AI Verdict">
    An automated determination is produced with a confidence score.
  </Step>

  <Step title="Human Review (optional)">
    If confidence is below threshold or the document type requires it, the
    document is routed to a human reviewer.
  </Step>

  <Step title="Receipt Minted">
    A MAIP receipt is minted recording the final verification determination.
  </Step>
</Steps>

<Warning>
  The `document_b64` field must contain only the base64-encoded document
  content. Do not include data URI prefixes (e.g.,
  `data:application/pdf;base64,`).
</Warning>


## OpenAPI

````yaml mint-openapi.yaml POST /v1/truth/document/verify
openapi: 3.0.3
info:
  title: Truthlocks API
  description: >
    Truthlocks is a universal verification infrastructure for documents,
    credentials, and digital assets.

    This specification defines the canonical API for interacting with Truthlocks
    services.


    ## Base URLs

    - **Production**: `https://api.truthlocks.com`

    - **Sandbox**: `https://sandbox-api.truthlocks.com`


    ## Authentication

    - **API Keys**: Use `X-API-Key` header for machine-to-machine operations

    - **Bearer Tokens**: Use `Authorization: Bearer <jwt>` for user-initiated
    operations


    ## Tenant Identity

    In production, tenant identity is derived from the authenticated context
    (API key or JWT).

    The `X-Tenant-ID` header is ignored in production to prevent spoofing.
  version: 1.0.0
  contact:
    name: Truthlocks Support
    url: https://truthlocks.com/support
    email: support@truthlocks.com
servers:
  - url: https://api.truthlocks.com
    description: Production API
  - url: https://sandbox-api.truthlocks.com
    description: Sandbox Environment
security:
  - APIKey: []
tags:
  - name: Authentication
    description: API key and token management
  - name: Issuers
    description: Issuer registration and trust management
  - name: Keys
    description: Cryptographic key management for issuers
  - name: Attestations
    description: Attestation lifecycle (mint, revoke, supersede)
  - name: Verification
    description: Attestation verification and proof bundles
  - name: Governance
    description: Issuer governance workflows (admin only)
  - name: Identity
    description: Organization, user, and role management
  - name: Audit
    description: Audit event queries
  - name: Platform
    description: Platform administration (super admin only)
  - name: Platform Review
    description: Staff review workflows for issuer applications
  - name: Tenant Console
    description: Tenant profile and lifecycle endpoints
  - name: Health
    description: Service health and readiness endpoints
  - name: Risk
    description: Risk signal ingestion and fraud detection
  - name: Risk Enforcement
    description: Risk enforcement actions — block, challenge, quarantine, and configuration
  - name: Billing
    description: Billing, subscription, and addon management
  - name: Machine Identity
    description: >-
      Machine Agent Identity Protocol (MAIP) — agent registration, sessions,
      trust, witness, compliance, orchestration, and observability
externalDocs:
  description: Transparency read-only API (separate service spec)
  url: >-
    https://github.com/truthlocks/truthlock/blob/main/docs/transparency/openapi.yaml
paths:
  /v1/truth/document/verify:
    post:
      tags:
        - Machine Identity
      summary: Verify Document Truth
      description: |
        Verifies the truth status of a document by cross-referencing its hash
        against associated truth claims.
      operationId: maip.truth.document.verify
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - document_hash
                - agent_id
              properties:
                document_hash:
                  type: string
                  description: SHA-256 hash of the document
                agent_id:
                  type: string
                  format: uuid
                  description: Requesting agent
                claim_ids:
                  type: array
                  items:
                    type: string
                    format: uuid
                  description: Specific claims to verify against
      responses:
        '200':
          description: Document verification result
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MaipDocumentVerification'
        '400':
          description: Validation error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '401':
          description: Authentication required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '429':
          description: Rate limit exceeded
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
      security:
        - APIKey: []
components:
  schemas:
    MaipDocumentVerification:
      type: object
      properties:
        verification_id:
          type: string
          format: uuid
        document_id:
          type: string
          format: uuid
        document_hash:
          type: string
        status:
          type: string
          enum:
            - pending
            - verified
            - failed
        results:
          type: array
          items:
            type: object
            additionalProperties: true
        verifications:
          type: array
          items:
            type: object
            additionalProperties: true
        claims:
          type: array
          items:
            $ref: '#/components/schemas/MaipTruthClaim'
        created_at:
          type: string
          format: date-time
    ErrorEnvelope:
      type: object
      required:
        - code
        - message
        - http_status
      properties:
        code:
          type: string
          description: Machine-readable error code
          enum:
            - AUTH_REQUIRED
            - AUTH_INVALID
            - PERMISSION_DENIED
            - TENANT_IDENTITY_UNVERIFIED
            - NOT_FOUND
            - VALIDATION_ERROR
            - CONFLICT
            - PAYLOAD_TOO_LARGE
            - RATE_LIMIT_EXCEEDED
            - QUOTA_EXCEEDED
            - SERVICE_UNAVAILABLE
            - INTERNAL_ERROR
        message:
          type: string
          description: Human-readable error message
        http_status:
          type: integer
          description: HTTP status code
        retry_after_ms:
          type: integer
          description: Milliseconds to wait before retrying (for rate limits)
        details:
          type: object
          description: Additional error context
      example:
        code: AUTH_REQUIRED
        message: Authentication required
        http_status: 401
    MaipTruthClaim:
      type: object
      properties:
        claim_id:
          type: string
          format: uuid
        agent_id:
          type: string
          format: uuid
        claim_type:
          type: string
        payload:
          type: object
          additionalProperties: true
        evidence:
          type: array
          items:
            type: object
            additionalProperties: true
        status:
          type: string
          enum:
            - pending
            - verified
            - rejected
            - expired
        receipt_id:
          type: string
          format: uuid
        attestations:
          type: array
          items:
            $ref: '#/components/schemas/MaipAttestation'
        verified_at:
          type: string
          format: date-time
        created_at:
          type: string
          format: date-time
    MaipAttestation:
      type: object
      properties:
        attestation_id:
          type: string
          format: uuid
        witness_id:
          type: string
          format: uuid
        agent_id:
          type: string
          format: uuid
        claim_hash:
          type: string
        signature:
          type: string
        status:
          type: string
          enum:
            - pending
            - accepted
            - rejected
        created_at:
          type: string
          format: date-time
  securitySchemes:
    APIKey:
      type: apiKey
      in: header
      name: X-API-Key
      description: API key for machine-to-machine authentication

````