SDK

Go SDK

Official Go SDK for the Truthlock platform. Idiomatic Go with full context propagation, typed request/response structs, automatic retries, and comprehensive error handling.

Installation Quick Start Configuration API Methods Error Handling Examples

Installation

Public module: The Go SDK is available as a public Go module. No special configuration required.

Terminalbash

go get github.com/truthlocks/sdk-go@latest

Quick Start

main.goGo

package main

import (
    "context"
    "fmt"
    "log"

    truthlock "github.com/truthlocks/sdk-go"
)

func main() {
    // 1. Create client
    client := truthlock.NewClient(truthlock.Config{
        BaseURL:  "https://api.truthlocks.com",
        TenantID: "your-tenant-id",
        APIKey:   "tl_live_...",
    })

    ctx := context.Background()

    // 2. Create and trust an issuer
    issuer, err := client.Issuers.Create(ctx, &truthlock.CreateIssuerRequest{
        Name:        "My Organization",
        LegalName:   "My Organization Inc.",
        DisplayName: "My Org",
    })
    if err != nil {
        log.Fatal(err)
    }

    if _, err := client.Issuers.Trust(ctx, issuer.ID); err != nil {
        log.Fatal(err)
    }

    // 3. Register a signing key
    _, err = client.Keys.Register(ctx, issuer.ID, &truthlock.RegisterKeyRequest{
        KID:          "key-2026",
        Alg:          truthlock.AlgEd25519,
        PublicKeyB64: "your-public-key-base64url",
    })
    if err != nil {
        log.Fatal(err)
    }

    // 4. Mint an attestation (with optional email delivery)
    attestation, err := client.Attestations.Mint(ctx, &truthlock.MintRequest{
        IssuerID: issuer.ID,
        KID:      "key-2026",
        Alg:      truthlock.AlgEd25519,
        Schema:   "degree",
        Claims: map[string]interface{}{
            "student_name":    "Jane Doe",
            "institution":     "State University",
            "degree_type":     "Bachelor of Science",
            "field_of_study":  "Computer Science",
            "graduation_date": "2026-05-15",
        },
        RecipientEmail: "jane.doe@example.com", // optional
    })
    if err != nil {
        log.Fatal(err)
    }

    fmt.Printf("Attestation ID: %s\n", attestation.ID)
    fmt.Printf("Log index: %d\n", attestation.LogIndex)

    // 5. Verify
    result, err := client.Verify.VerifyOnline(ctx, &truthlock.VerifyRequest{
        AttestationID: attestation.ID,
    })
    if err != nil {
        log.Fatal(err)
    }

    if result.Verdict == truthlock.VerdictValid {
        fmt.Println("Attestation verified successfully")
    }
}

Configuration

Configuration structGo

client := truthlock.NewClient(truthlock.Config{
    // Required
    BaseURL:  "https://api.truthlocks.com",  // API base URL
    TenantID: "your-tenant-id",              // From Console > Settings
    APIKey:   "tl_live_...",                 // From Console > API Keys

    // Optional
    Timeout:    30 * time.Second,  // Request timeout (default: 30s)
    MaxRetries: 3,                 // Auto-retry with backoff (default: 3)
    HTTPClient: &http.Client{},    // Custom HTTP client
})

Field	Type	Description
`BaseURL`	string	API endpoint. Use sandbox-api.truthlocks.com for testing.
`TenantID`	string	Your tenant UUID from the Truthlocks Console.
`APIKey`	string	API key starting with tl_live_ or tl_test_.
`Timeout`	time.Duration	Per-request timeout. Default: 30s.
`MaxRetries`	int	Max retries for 429/5xx errors. Default: 3.
`HTTPClient`	*http.Client	Custom HTTP client for proxy, TLS, etc.

API Methods

All methods accept a context.Context as the first argument for cancellation and deadline propagation. See the API Reference for full request/response types.

Issuers

Method	HTTP	Description
`client.Issuers.Create(ctx, req)`	POST	Create a new issuer organization
`client.Issuers.Get(ctx, id)`	GET	Get issuer by UUID
`client.Issuers.List(ctx)`	GET	List all issuers for the tenant
`client.Issuers.Trust(ctx, id)`	POST	Mark issuer as trusted
`client.Issuers.Suspend(ctx, id, reason)`	POST	Temporarily suspend an issuer
`client.Issuers.Revoke(ctx, id, reason)`	POST	Permanently revoke an issuer

Keys

Method	HTTP	Description
`client.Keys.Register(ctx, issuerId, req)`	POST	Register an Ed25519 signing key
`client.Keys.List(ctx, issuerId)`	GET	List all keys for an issuer
`client.Keys.Rotate(ctx, kid, req)`	POST	Rotate a signing key
`client.Keys.ReportCompromise(ctx, kid)`	POST	Report a key as compromised

Attestations

Method	HTTP	Description
`client.Attestations.Mint(ctx, req)`	POST	Mint a new signed attestation
`client.Attestations.Get(ctx, id)`	GET	Get attestation by ID
`client.Attestations.List(ctx)`	GET	List attestations with filters
`client.Attestations.Revoke(ctx, id, req)`	POST	Revoke an attestation
`client.Attestations.Supersede(ctx, id, req)`	POST	Replace with a new version
`client.Attestations.GetProofBundle(ctx, id)`	GET	Get cryptographic proof bundle

Verification

Method	HTTP	Description
`client.Verify.VerifyOnline(ctx, req)`	POST	Verify attestation against transparency log

API Keys

Method	HTTP	Description
`client.APIKeys.List(ctx)`	GET	List all API keys
`client.APIKeys.Create(ctx, req)`	POST	Create a new API key
`client.APIKeys.Revoke(ctx, id)`	DELETE	Revoke an API key

Audit

Method	HTTP	Description
`client.Audit.Query(ctx, params)`	GET	Query audit event log
`client.Audit.Export(ctx, req)`	POST	Export audit log as CSV/JSON

Governance

Method	HTTP	Description
`client.Governance.ListRequests(ctx)`	GET	List pending governance requests
`client.Governance.CreateRequest(ctx, req)`	POST	Submit a governance request
`client.Governance.ApproveRequest(ctx, id)`	POST	Approve a governance request
`client.Governance.ExecuteRequest(ctx, id)`	POST	Execute an approved request

Error Handling

API errors are returned as *truthlock.Error, which implements the standard error interface. Use type assertion to access structured error details.

Error handlingGo

attestation, err := client.Attestations.Mint(ctx, req)
if err != nil {
    var tlErr *truthlock.Error
    if errors.As(err, &tlErr) {
        fmt.Printf("Code:    %s\n", tlErr.Code)    // e.g. "ISSUER_NOT_TRUSTED"
        fmt.Printf("Message: %s\n", tlErr.Message) // Human-readable
        fmt.Printf("Status:  %d\n", tlErr.Status)  // HTTP status code

        switch tlErr.Code {
        case truthlock.ErrIssuerNotTrusted:
            // Issuer needs to be trusted before minting
        case truthlock.ErrKeyNotFound:
            // Signing key not registered
        case truthlock.ErrQuotaExceeded:
            // Plan limit reached
        }
    }
    return err
}

Constant	Code	Description
`ErrIssuerNotTrusted`	`ISSUER_NOT_TRUSTED`	Issuer must be trusted before minting
`ErrKeyNotFound`	`KEY_NOT_FOUND`	Signing key not registered
`ErrQuotaExceeded`	`QUOTA_EXCEEDED`	Minting or verification quota exhausted
`ErrInvalidSchema`	`INVALID_SCHEMA`	Schema ID not recognized
`ErrDuplicateIdempotency`	`DUPLICATE_IDEMPOTENCY`	Idempotency key already used
`ErrPayloadTooLarge`	`PAYLOAD_TOO_LARGE`	Payload exceeds 50 MB limit

Examples

Batch Minting with Error Collection

batch.goGo

func mintBatch(ctx context.Context, client *truthlock.Client, employees []Employee) error {
    var errs []error
    for _, emp := range employees {
        _, err := client.Attestations.Mint(ctx, &truthlock.MintRequest{
            IssuerID: issuerId,
            KID:      "key-2026",
            Alg:      truthlock.AlgEd25519,
            Schema:   "employment-verification",
            Claims: map[string]interface{}{
                "employee_name":   emp.Name,
                "employer":        "Acme Corp",
                "position":        emp.Title,
                "department":      emp.Dept,
                "employment_type": "Full-time",
                "start_date":      emp.StartDate,
            },
            RecipientEmail: emp.Email,
        })
        if err != nil {
            errs = append(errs, fmt.Errorf("mint %s: %w", emp.Name, err))
            continue
        }
    }
    return errors.Join(errs...)
}

Context with Timeout

timeout.goGo

// Per-operation timeout (overrides client default)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()

result, err := client.Verify.VerifyOnline(ctx, &truthlock.VerifyRequest{
    AttestationID: attestationID,
})
if err != nil {
    if errors.Is(err, context.DeadlineExceeded) {
        log.Println("Verification timed out")
    }
    return err
}

Custom HTTP Client (proxy, mTLS)

custom-http.goGo

// Use a custom HTTP client for corporate proxy or mutual TLS
client := truthlock.NewClient(truthlock.Config{
    BaseURL:  "https://api.truthlocks.com",
    TenantID: "your-tenant-id",
    APIKey:   "tl_live_...",
    HTTPClient: &http.Client{
        Transport: &http.Transport{
            Proxy: http.ProxyFromEnvironment,
            TLSClientConfig: &tls.Config{
                Certificates: []tls.Certificate{clientCert},
            },
        },
    },
})

Requirements

Go	>= 1.21
Module	github.com/truthlocks/sdk-go
Auth	Public module — no auth required
Dependencies	No external dependencies (stdlib only)