Online document execution, notarization, and delivery

SignSealShip

Proof Passport API

Seal an executed document. Prove it anywhere.

Submit a finished PDF and receive a Cloud KMS seal, independent timestamp evidence, a custody record, signed events, and a public verification URL—through one partner API.
  • KMS-backed seal
  • Signed webhooks
  • Public verification

WHAT IT IS

A single API for cryptographic proof you don't have to build

Building tamper-evident sealing, trusted timestamping, and a public verification surface in-house is months of cryptography work and a key-management liability. The Proof Passport API is that stack behind one authenticated call — the exact pipeline that already seals real orders on SignSealship.

TAMPER-EVIDENT SEAL

Google Cloud KMS signature

Your document is sealed with an asymmetric signature whose private key never leaves Google Cloud KMS — a CMS/PKCS#7 signature visible in Adobe Acrobat's signature panel, with /ByteRange tamper-evidence. Change one byte after sealing and every verifier can tell.

INDEPENDENT TIME

RFC 3161 trusted timestamp

We request a trusted-timestamp token from an independent time-stamping authority over the sealed document's SHA-256. It's an archivable, independently verifiable attestation that the sealed bytes existed at that moment — not our word for it.

BITCOIN ANCHOR

OpenTimestamps (pending → anchored)

The sealed hash is submitted to public OpenTimestamps calendars, producing a detached .ots proof anyone can verify or upgrade with standard tooling. We say exactly what it is: honest-but-pending until a Bitcoin block confirms it — never a claim we haven't earned.

CHAIN OF CUSTODY

Custody record + verify code

Every sealed document gets a 128-bit random verification code and a custody record: the pre-seal document hash, the post-seal hash, and when it was sealed. Possession of the code (or the sealed file) is the authorization to see it.

PUBLIC VERIFICATION

A URL anyone can check

You receive a public verification URL for each passport. Your customer, their counterparty, or a court can confirm the seal and its evidence without a SignSealShip account and without trusting you — the artifact proves itself.

SIGNED WEBHOOKS

passport.sealed events

Register a webhook and receive an HMAC-SHA256-signed passport.sealed event the moment a document is sealed. The signing secret is shown to you once; we store only its hash, so a breach of our database never yields a key that forges deliveries.

HOW IT WORKS

Four moving parts, one request

01

POST your executed PDF

Send the finished, signed document to /api/passport/seal with your partner API key. Up to 35MB. We never retain the upload beyond producing the sealed artifact.

02

We seal & gather evidence

The same KMS sealer behind our own orders signs your PDF; we compute the document and sealed hashes and request RFC 3161 + OpenTimestamps evidence over the sealed hash.

03

You get a passport back

The response carries the passport ID, verify code, public verify URL, sealed SHA-256, and the timestamp evidence. A signed webhook fires too, if you've registered one.

04

Anyone can verify it

The sealed PDF verifies in Adobe Acrobat on its own, and the verify URL shows the custody record — no account, no SignSealShip login, no trust required.

THE SHAPE OF A CALL — ILLUSTRATIVE

# Seal an executed PDF
POST /api/passport/seal
Authorization: Bearer <your-partner-key>
Content-Type: multipart/form-data;  file=@executed.pdf

# → 200
{
  "passportId": "…",
  "verifyCode": "…",
  "verifyUrl":  "https://signsealship.com/api/passport/verify/…",
  "sealedSha256": "…",
  "timestamps": {
    "rfc3161":        { "authority": "…", "timestampedAtUtc": "…" },
    "openTimestamps": { "calendar": "…", "status": "pending" }
  }
}

Placeholders shown for shape only — no real keys or credentials appear here or anywhere in our docs. Your API key is issued to you once, privately, and stored on our side only as a hash.

HONEST BOUNDARIES

What the Proof Passport API is not

  • A signing tool — you bring the already-executed document; we seal and prove it.
  • A legal opinion — the evidence is cryptographic fact, not advice on your document's legal sufficiency.
  • A place we store your customers' data — passport rows hold hashes and a verify code, never document content or PII.

CLOSING ROOMS API

One live-status page per closing, three calls to build it

A Verified Closing Room bundles a deal's orders — documents, signers, seals, and shipping — behind one shareable link. Create a room with your partner key, attach the orders whose codes you already hold, and hand every party the same link. Statuses are read live from the order records; evidence badges never claim more than the record holds.

THREE CALLS, ONE ROOM — ILLUSTRATIVE

# 1 — Create a room (partner key required)
curl -X POST https://signsealship.com/api/rooms \
  -H "Authorization: Bearer sss_pk_<your-partner-key>" \
  -H "Content-Type: application/json" \
  -d '{ "name": "1428 Maple St — Refinance", "reference": "TC-88412" }'
# → { "roomCode": "<40-hex>", "url": "https://signsealship.com/rooms/<40-hex>" }

# 2 — Attach an order you hold the public code for
curl -X POST https://signsealship.com/api/rooms/<roomCode>/orders \
  -H "Authorization: Bearer sss_pk_<your-partner-key>" \
  -H "Content-Type: application/json" \
  -d '{ "orderCode": "<order-public-code>", "label": "Seller deed package" }'

# 3 — Share the room. The link is the key — parties need no account.
#     https://signsealship.com/rooms/<roomCode>
curl https://signsealship.com/api/rooms/<roomCode>   # same live JSON, for your systems

Placeholders shown for shape only — no real keys or room codes appear in our docs. Rooms use the same partner key as the Proof Passport API.

The room link is a bearer credential. One link grants deal-wide visibility: every attached document's status, masked signer progress, evidence badges, and tracking — plus drill-down into each order page. Share it with the parties to the deal and no one else; never post it or embed it anywhere public. If a link leaks, rotate it with POST /api/rooms/{roomCode}/rotate — the old link stops working immediately. Per-party scoped links are on the roadmap.

Seal a Closing Passport for the whole room

A Closing Passport is a versioned, KMS-sealed evidence manifest for the room: a canonical, deterministic snapshot of every attached document's cryptographic facts — original and sealed hashes, envelope verify codes, custody-certificate hashes — hash-chained to the versions before it and verifiable by anyone at a public link, without trusting us. Its honest limits: document statuses in the manifest are our attestation at snapshot time, not independent evidence, and the passport says nothing about payment state, delivery confirmation, or any document that wasn't attached to the room — the manifest's own coverage statement spells this out.

SEAL A PASSPORT — ILLUSTRATIVE

# Seal the next Closing Passport version (partner key required)
curl -X POST https://signsealship.com/api/rooms/<roomCode>/passport \
  -H "Authorization: Bearer sss_pk_<your-partner-key>"
# → mints the next version — a dated snapshot, never an overwrite — and
#   returns its public verify link:
#   https://signsealship.com/v/room/<verifyCode>
# Repeat calls create new versions by design (quota: 20 versions per room).

Placeholders shown for shape only. Each version is chained to the previous one by manifest hash; the verify page recomputes the chain on every view.

Want a key? Tell us what you'd seal.

Access is granted per partner, by hand, to teams building something real. Describe your use case and we'll set you up with an API key and a webhook signing secret — each shown exactly once.

Request API access

SignSealShip is a technology platform, not a law firm, and does not provide legal advice. Notarizations are performed by independent commissioned notaries or approved RON provider partners. RON availability varies by state and document type.