Platform live · v2.0 APIs

Build with cryptographic proof.

Turn any event — a payment, an AI decision, a credential, a shipment — into a deterministic, Ed25519-signed Proof Artifact that anyone can verify with only the public key. General-purpose proof infrastructure: APIs, SDKs and docs, all in one place.

Ed25519 signatures Deterministic canonicalization Offline verification 4 first-party SDKs
Why PFP

Traditional systems generate records. PFP generates independently verifiable proof.

A record asks you to trust the system that stored it. A Proof Artifact can be verified by anyone, anywhere, using only a public key — even years later, fully offline. General-purpose proof infrastructure for any event that must be trusted without trusting its source.

1Event

Any business or system event

2Proof Generation

Canonicalize · hash · Ed25519 sign

3Proof Artifact

Portable, tamper-evident evidence

4Independent Verification

Verify with only the public key

5Trust

No need to trust the issuer

Onboarding · ~5 minutes

From zero to verified proof in five steps

Try It Live

The full lifecycle, in your browser

Generate a real sandbox key, sign a live Proof Artifact, then independently verify it — Generate → Verify — without writing a line of code.

Live sandbox
Step 1

Generate a sandbox key

A real, scoped, short-lived credential bound to the isolated sandbox tenant. It instantly pre-fills every snippet below. For testing only.

Step 2

Generate your first proof

Execute a real, live proof-generation request with your sandbox key. PFP canonicalizes, hashes and Ed25519-signs the event, returning a verifiable Proof Artifact.

Generate a sandbox key first (Step 1).

Step 3

Verify a proof

Independently verify any Proof Artifact by its ID — no auth, no contacting the issuer. Verification re-derives the canonical hash and checks the Ed25519 signature.

Each step pre-fills the next — finish the whole flow in under a minute.
Quick Start

Your first API call, copy-paste ready

Five steps from zero to a verified Proof Artifact. Generate a sandbox key above to auto-fill these snippets.

~5 min total
  1. 1

    Obtain a sandbox key

    1 min

    Click “Generate Sandbox Key” above, or pull one from the API. The key is a real, scoped, short-lived sandbox credential.

    bash
    # Generate a sandbox key (no auth, rate-limited)
    curl -X POST https://demo.pfprotocol.com/api/demo/sandbox-key
    
    # Export it for the next steps
    export PFP_API_KEY="pfp_sandbox_xxxxxxxxxxxxxxxx"
  2. 2

    Generate your first Proof Artifact

    1 min

    Submit any event. PFP canonicalizes it, hashes it, and returns an Ed25519-signed Proof Artifact.

    bash
    curl -X POST https://demo.pfprotocol.com/api/fea/generate \
      -H "Content-Type: application/json" \
      -H "X-API-Key: $PFP_API_KEY" \
      -d '{
        "idempotency_key": "demo-001",
        "transaction_id": "EVT-1001",
        "timestamp": "2026-06-15T10:00:00Z",
        "amount": 245000,
        "currency": "USD",
        "payer_id": "sha256:7b9c",
        "payee_id": "sha256:a14d"
      }'
    
    # → { "fea_id": "…", "signature": "…", "signature_version": "v2" }
  3. 3

    Verify a Proof Artifact

    1 min

    Anyone can verify a proof with only the public key — no auth, no contacting the issuer. Verification is deterministic and offline-capable.

    bash
    curl https://demo.pfprotocol.com/api/public/verify/<PROOF_ID>
    
    # → { "signature_valid": true, "signature_version": "v2", ... }
  4. 4

    Integrate using an SDK

    1 min

    Use a first-party SDK to generate and independently verify proofs in your language. All four SDKs produce byte-identical canonicalization.

    javascript
    // JavaScript (Node 18+)
    import { PfpClient, verify } from "@pfp/sdk";
    
    const pfp = new PfpClient({ baseUrl: "https://demo.pfprotocol.com", apiKey: "$PFP_API_KEY" });
    const proof = await pfp.generate({ transactionId: "EVT-1001", amount: 245000, currency: "USD" });
    
    // Independent, offline verification with the public key:
    const ok = verify(proof, proof.publicKey);   // → true
  5. 5

    Review verification results

    1 min

    Inspect signature validity, key status, canonical payload hash and the full evidence chain in the public verifier UI or via the API response.

    bash
    # Open the branded public verifier
    https://demo.pfprotocol.com/verify
    
    # Or read structured results directly from the verify response:
    #   signature_valid · signature_version · fea_hash · created_at
SDKs & Tools

SDKs & copy-paste examples

First-party SDKs with identical canonicalization — generate proofs and verify them independently in any language.

Postman Collection

Python

pip install pfp-sdk

PyNaCl

View source

JavaScript

npm install @pfp/sdk

Native crypto (no deps)

View source

Java

Maven · com.pfprotocol:pfp-sdk:2.0.0

JDK 17+

View source

.NET

dotnet add package Pfp.Sdk

.NET 8 · BouncyCastle

View source

Quick example — Generate & verify a Proof Artifact

python
import requests

API = "https://demo.pfprotocol.com/api"
KEY = "YOUR_SANDBOX_KEY"

# Generate a Proof Artifact
proof = requests.post(f"{API}/fea/generate",
    headers={"X-API-Key": KEY},
    json={
        "idempotency_key": "py-001",
        "transaction_id": "EVT-1001",
        "timestamp": "2026-06-15T10:00:00Z",
        "amount": 245000, "currency": "USD",
        "payer_id": "sha256:7b9c", "payee_id": "sha256:a14d",
    }).json()

# Independently verify with only the public key
ok = requests.get(f"{API}/public/verify/{proof['fea_id']}").json()
print(ok["signature_valid"])  # True
Verification

Verification examples

Proofs are verifiable by anyone with the public key — over the API or fully offline with an SDK.

Verify via API

bash
# Verify any Proof Artifact by id — public, no auth required
curl https://demo.pfprotocol.com/api/public/verify/<PROOF_ID>

# Response
# {
#   "signature_valid": true,
#   "signature_version": "v2",
#   "fea_payload": { "fea_hash": "…", ... },
#   "created_at": "…"
# }

Verify offline with an SDK

javascript
// Independent, offline verification (JavaScript SDK)
import { verify } from "@pfp/sdk";

// 'proof' is the artifact you received; verify with only its public key.
const result = verify(proof, proof.publicKey);

console.log(result.signatureValid);  // true  → proof is authentic & untampered
console.log(result.keyStatus);       // "active"
For Evaluators

One proof layer, every industry

PFP is general-purpose proof infrastructure. CTOs, CISOs, compliance leaders and regulators can grasp the value in 60 seconds — developers can integrate it the same afternoon.

Industry use cases
Financial Services
Transaction & settlement evidence
AI Governance
Model decisions & inference provenance
Education
Credentials, transcripts & attestations
Telecom
Usage records & consent evidence
Compliance
Audit-ready, tamper-evident records
Government
Public registries & verifiable filings
Healthcare
Consent, custody & event integrity
Supply Chain
Provenance & chain-of-custody proof
Key capabilities
Proof Generation
Deterministic canonicalization + Ed25519 signing.
Proof Verification
Validate hash, timestamp & signature in milliseconds.
Tamper-Evident Evidence
Any change to the data breaks verification.
Independent Validation
Anyone can verify with only the public key.
Multi-Tenant Architecture
Tenant-isolated keys, data & audit trails.
SDK & API Integration
First-party SDKs for Python, JS, Java & .NET.
Trust & Security

Cryptographic signing architecture

Proofs are signed with selectable suites — Ed25519 (default), ES256 (secp256r1) and ES256K (secp256k1). A federated key registry and Bring-Your-Own-Signing let partners use their own keys/signers, while independent verification stays signer-agnostic — all without API or proof-format changes.

Crypto AgilityActive Federated Key RegistryActive Bring-Your-Own-SigningActive Cloud KMSReady External Time AnchoringPlanned
Current Capability
  • Deterministic canonicalization (PFP-JCS) + signing
  • Crypto agility: Ed25519 (default), ES256, ES256K — selectable per request/tenant
  • Independent, offline verification with the public key (any suite)
  • Federated key registry: customer/partner keys (raw/JWK/PEM) with proof-of-possession
  • Bring-Your-Own-Signing: local / remote / cloud-KMS signers per tenant
  • Multi-tenant key isolation; persistent key registry & rotation
Architecture Readiness
  • Cloud KMS ready — AWS Secrets Manager / GCP Secret Manager / Azure Key Vault (config-only switch)
  • Native HSM / cloud-KMS signing path (private key never leaves the boundary) — config-gated
Planned Enhancement
  • Live cloud-KMS native signing enablement (provider credentials)
  • External time anchoring (RFC-3161 / transparency log)

Active signing: Ed25519 · provider "local" (seed-env). Config-only migration to: aws, azure, gcp, local. Readiness and planned items are not active capabilities unless stated as Current.

Platform Status

Live & operational

Real-time health of the API, documentation, SDKs, verification engine and demo environment.

Degraded
API Status
Data + control plane
Operational
Documentation Status
Swagger · ReDoc · OpenAPI
Down
SDK Availability
Python · JS · Java · .NET
Operational
Verification Engine
Ed25519 · deterministic
Operational
Demo Environment
demo.pfprotocol.com
Operational