Developer Portal
API explorer, SDK references, and protocol documentation for the Attestik Protocol.
Interactive API Explorer
Try every endpoint live. Click to expand, fill parameters, and send requests.
Wire Format Explorer
Paste raw Attestik frame bytes to parse and inspect the binary structure.
SDK Reference
Integration code for WASM, Rust, and CLI. Same operations, three runtimes.
Use the WASM verifier for in-browser verification. The module is ~180KB gzipped and requires no server round-trip. Install via npm:
npm install @attestik/verify
import init, {
verify_cose_sign1,
parse_cose_sign1,
extract_from_emsg,
extract_from_id3,
compute_l2_hashes,
} from '@attestik/verify';
// Initialize WASM module
await init();
// Verify a COSE_Sign1 attestation against its media segment
const result = verify_cose_sign1(frameBytes, segmentBytes);
console.log(result.overall_state); // 'Verified'
console.log(result.signature_valid); // true
console.log(result.binding_ok); // true
// Parse COSE_Sign1 structure without verification
const info = parse_cose_sign1(frameBytes);
console.log(info.publisher_id); // hex entity ID
console.log(info.stream_id); // hex stream ID
console.log(info.seq); // segment sequence number
console.log(info.frame_type); // 'Full' | 'Delta' | 'Heartbeat'
// Extract attestation from fMP4 emsg boxes
const emsgFrames = extract_from_emsg(fmp4Segment);
// Extract attestation from HLS ID3 timed metadata
const id3Frames = extract_from_id3(tsSegment);
// Compute codec-level (L2) hashes for content binding
const l2 = compute_l2_hashes(segmentBytes);
console.log(l2.slice_hash); // SHA-256 over H.264 slice NAL bodiesTest Vectors
Golden test data for validating your implementation. Use these fixed inputs to verify deterministic outputs.
Fixed Inputs
Expected Outputs
Protocol Reference
Wire format specification, verification states, content binding levels, and frame types.
Wire Format
Every Attestik frame follows a fixed binary layout: 8-byte header, variable-length CBOR payload, and 64-byte Ed25519 signature.
+------------------------------------------+
| COSE_Sign1_Tagged (Tag 18, RFC 9052) |
+------------------------------------------+
| PROTECTED HEADER (CBOR map) |
| alg: EdDSA (-8) |
| content_type: "vnd.attestik.frame" |
+------------------------------------------+
| UNPROTECTED HEADER |
| kid: entity_id bytes(32) |
+------------------------------------------+
| CBOR PAYLOAD (variable length) |
| 0: version : uint (2) |
| 1: frame_type : uint |
| 2: entity_id : bytes(32) |
| 3: seq : uint |
| 4: timestamp : uint |
| 5: content_bind: { |
| 1: l1_hash : bytes(32) // bitstream |
| 2: l2_hash : bytes(32) // codec |
| 3: l3_hash : bytes(32) // pHash |
| 9: l4_grid : {rows,cols,hashes} |
| 10: l5_audio : bytes(32) // chroma |
| } |
| 7: prev_hash : bytes(32) |
+------------------------------------------+
| ED25519 SIGNATURE (64 bytes) |
| Sign(Sig_structure per RFC 9052) |
+------------------------------------------+Verification States
Each segment resolves to one of nine states based on signature validity, content binding level, chain integrity, and registry status.
L1 + L2 + L5 match, signature valid, chain intact. Bit-exact original with full audio binding.
Some segments modified post-stamp. Signature valid on remaining segments, chain broken at modification point.
L3 perceptual hash + L4 spatial blocks match. Content transcoded but structurally intact. Tier 2 classification.
L1 bitstream hash fails but L2 codec-level hash passes. Content semantically unchanged (e.g., re-muxed).
Ed25519 signature valid, but no content binding data present in frame. Publisher authenticated, content not bound.
L3 perceptual match but L4 spatial blocks or L5 audio fingerprint mismatch. Possible localized edit — requires investigation. Tier 3.
Signature invalid or missing. No cryptographic proof of origin or integrity. Tier 4.
Publisher entity has been revoked in the registry. Content may have been valid but publisher key is no longer trusted.
Verification could not complete due to a system error — malformed frame, missing data, or internal failure.
Content Binding Levels
Five binding layers provide graduated resilience. Each layer survives progressively more transformations while detecting different tampering vectors.
SHA-256 of exact segment bytes. Detects any byte-level modification including re-encoding, re-muxing, and metadata changes. The gold standard for pristine verification.
SHA-256 over H.264 slice NAL bodies only. Survives re-muxing, parameter set changes, SEI injection/removal, and container format changes.
DCT-based perceptual hash of decoded video frames. 256-bit 4-quadrant spatial hash resilient to transcoding, bitrate changes, and social platform re-encoding. Global content similarity check.
16×16 spatial block grid with per-block DCT hashes. Detects localized edits like face blur, object removal, text overlay, or muzzle flash deletion while surviving global transcode.
Chromagram-based audio fingerprint via STFT (4096 Hann, 2048 hop). Binary-thresholded 12-bin chroma matrix digested to SHA-256. Detects spliced speech, removed gunshots, and AI-generated audio replacement.
Frame Types
Three frame types balance completeness against size. A typical stream starts with Full, continues with Delta, and uses Heartbeat for keepalive.
Complete attestation frame. Contains publisher key, stream ID, all content binding levels, attestation metadata, and full signature. Sent at stream start and periodically for resynchronization.
Incremental frame with content binding + prev_frame_hash. Maintains hash chain continuity without repeating publisher identity. Requires a preceding Full frame for context.
Minimal keepalive frame for continuous stream verification. Contains only timestamp, sequence number, and prev_frame_hash. Proves stream is still live and controlled by the signer.