Certify authorship
from anywhere.
One endpoint turns any block of text into a tamper-evident authorship record: a SHA-256 content hash anchored by an RFC 3161 trusted timestamp, with a public verification page and a downloadable certificate. It is the same engine behind every ScriptShield certificate — now available to build on.
How it works
1. Get a key
Pro users mint an API key in Settings. Keys are shown once and sent as a Bearer token.
2. Certify
POST the text (or a pre-computed hash). We hash it, request a trusted timestamp, and issue a certificate.
3. Verify
Anyone can verify the certificate or download its PDF — no key required.
Authentication
Generate a key under Settings → API Keys (Pro plan). Pass it as a Bearer token on every request. We store only a hash of your key — it is shown in full exactly once, so copy it immediately. Keys can be revoked at any time.
Authorization: Bearer ss_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxCertify a work
POST /api/v1/certify — send either text (hashed server-side) or a pre-computed hash (privacy mode, content never leaves your system).
Request
curl https://scriptshield.app/api/v1/certify \
-H "Authorization: Bearer ss_live_…" \
-H "Content-Type: application/json" \
-d '{
"title": "Chapter One",
"text": "It was a bright cold day in April…",
"work_type": "manuscript",
"jurisdiction": "US"
}'Response · 201 Created
{
"certificate_number": "SS-2026-A1B2-C3D4",
"content_hash": "9f86d081884c7d659a2feaa0c55ad015a…",
"title": "Chapter One",
"jurisdiction": "US",
"issued_at": "2026-06-14T05:55:40.000Z",
"trusted_timestamp": true,
"verify_url": "https://scriptshield.app/verify/SS-2026-A1B2-C3D4",
"certificate_pdf_url": "https://scriptshield.app/api/v1/certificate/SS-2026-A1B2-C3D4"
}| Field | Required | Notes |
|---|---|---|
| title | Yes | Title of the work. |
| text | One of text/hash | Raw content. Canonicalised (NFC + line endings) then SHA-256 hashed. |
| hash | One of text/hash | 64-char SHA-256 hex if you hash client-side. |
| work_type | No | e.g. manuscript, screenplay, business. Defaults to "other". |
| jurisdiction | No | ISO code (US, GB, AU…). Defaults to the account country. |
| logline | No | Optional one-line description. |
Verify & download (public)
These endpoints need no API key — they expose only what is already public on the verification page, so you can render a verification badge or a download link inside any app or storefront.
GET /api/v1/verify/SS-2026-A1B2-C3D4 # JSON: status, hash, timestamp, author
GET /api/v1/certificate/SS-2026-A1B2-C3D4 # the certificate PDFAnyone can also independently verify the RFC 3161 timestamp token with OpenSSL — see the verification methodology for legal teams.
Build an integration
The API is CORS-enabled so it can be called from plugin webviews. Every integration is a thin client over the same /api/v1/certify call:
Canva apps
Certify the text in a design or doc; drop a verification badge onto the page.
Word / Office add-ins
A “Certify this document” button in the ribbon for manuscripts, legal, and academic work.
Shopify & web
Certify original product copy and brand content as human-authored and owned.
Building one of these, or want a partnership? Talk to us about integrations and white-label.
Rate limits & notes
- Certification is limited to 60 requests per hour per key; verification to 60 per minute.
- All
/api/v1responses are JSON (except the certificate PDF) and CORS-enabled. - A ScriptShield certificate is tamper-evident evidence that a specific piece of content existed, unchanged, at a point in time — it is not a copyright registration or legal advice. See the documentation for legal professionals.