Verify Receipt - Truthlocks Documentation

Verify receipt

curl --request POST \
  --url https://api.truthlocks.com/v1/receipts/verify \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "receipt_id": "<string>"
}
'

{
  "valid": true,
  "receipt_id": "<string>",
  "checks": {}
}

POST

receipts

verify

Verify receipt

curl --request POST \
  --url https://api.truthlocks.com/v1/receipts/verify \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "receipt_id": "<string>"
}
'

{
  "valid": true,
  "receipt_id": "<string>",
  "checks": {}
}

Verifies a receipt by ID. Returns a verdict indicating the cryptographic validity and current status of the receipt.

Verdicts

Verdict	Meaning
`VALID`	Signature is valid, key was not compromised, receipt is active
`REVOKED`	Receipt has been explicitly revoked
`INVALID_SIGNATURE`	Cryptographic signature verification failed
`KEY_COMPROMISED`	Signing key was marked compromised at or before issuance
`KEY_INACTIVE`	Signing key is no longer active
`NOT_FOUND`	Receipt not found for this tenant

Request

receipt_id

string

required

UUID of the receipt to verify.

Response

receipt_id

string

UUID of the verified receipt.

verdict

string

VALID, REVOKED, INVALID_SIGNATURE, KEY_COMPROMISED, KEY_INACTIVE, or NOT_FOUND.

receipt_type

string

The receipt type name.

issuer_id

string

UUID of the issuer that signed the receipt.

issued_at

string

ISO 8601 timestamp of when the receipt was minted.

verified_at

string

ISO 8601 timestamp of this verification check.

Authorizations

X-API-Key

string

header

required

API key for machine-to-machine authentication

Body

application/json

receipt_id

string

required

Receipt UUID to verify

Response

Verification result

valid

boolean

receipt_id

string

checks

object

Receipt Proof Bundle Search Receipts

​Verdicts

​Request

​Response

Authorizations

Body

Response

Verdicts

Request

Response