Skip to main content
POST
/
v1
/
receipt-types
/
{name}
/
signing-policy
Set signing policy
curl --request POST \
  --url https://api.truthlocks.com/v1/receipt-types/{name}/signing-policy \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "allowed_algorithms": [
    "<string>"
  ],
  "require_hsm": true
}
'
{
  "name": "<string>",
  "signing_policy": {}
}
Sets or updates the signing policy for a receipt type. The policy controls which issuers can mint receipts and which signing algorithms are permitted. If no policy is configured, all trusted issuers with any algorithm are permitted. To read the current policy, use GET /v1/receipt-types/{name}/signing-policy.

Path parameters

name
string
required
Receipt type name, optionally versioned: payment_receipt or payment_receipt@1.0.0.

Request

allow_any_issuer
boolean
required
If true, any trusted issuer meeting the min_trust_tier may mint receipts of this type.
allowed_issuer_ids
string[]
UUIDs of explicitly permitted issuers. Used when allow_any_issuer is false.
min_trust_tier
string
Minimum trust tier: any, self_issued, verified_org, or regulated_issuer. Defaults to any.
allowed_algs
string[]
Allowed signing algorithms (e.g. ["Ed25519"]). Empty array means all algorithms are permitted.

Response

receipt_type
string
The receipt type name.
allow_any_issuer
boolean
Whether any trusted issuer can mint.
allowed_issuer_ids
array
Whitelisted issuer UUIDs.
min_trust_tier
string
Minimum trust tier required.
allowed_algs
array
Permitted signing algorithms.
updated_at
string
ISO 8601 timestamp of last update.

Authorizations

X-API-Key
string
header
required

API key for machine-to-machine authentication

Path Parameters

name
string
required

Receipt type name

Body

application/json
allowed_algorithms
string[]
required

List of allowed signing algorithms

require_hsm
boolean

Require HSM-backed keys

Response

Signing policy updated

name
string
signing_policy
object