Documentation
RESTful API for product registration, verification, provenance tracking, and threat intelligence. All responses are JSON. Base URL: https://genuproof.com
/api/brandsRegister a new brand
{ "name": "Luxe Watches", "domain": "luxe.com", "industry": "fashion" }{ "id": "uuid", "name": "...", "plan": "free" }/api/products/registerRegister a single product with cryptographic certificate
{ "brandId": "uuid", "name": "Chronograph 42mm", "sku": "LW-01", "category": "Watches", "manufacturingLocation": "Geneva" }{ "productId": "hex", "verificationCode": "abc123", "hash": "sha256...", "signature": "hmac..." }/api/products/batchRegister up to 50 products in one request
{ "brandId": "uuid", "products": [{ "name": "...", "sku": "..." }, ...] }{ "registered": 50, "products": [...] }/api/products/verify?code=abc123Verify a product by code. Records scan, runs anomaly detection.
{ "authentic": true, "product": {...}, "events": [...], "certificate": { "signatureValid": true, "chainIntegrity": true } }/api/products/eventsAdd a hash-chained provenance event
{ "productId": "hex", "type": "shipped", "actor": "FedEx", "location": "NYC" }{ "hash": "sha256...", "previousHash": "sha256...", "timestamp": "..." }/api/products/transferTransfer product ownership. Creates transfer event, updates status.
{ "productId": "hex", "newOwner": "New Owner LLC", "location": "Miami, FL" }{ "success": true, "hash": "sha256...", "newOwner": "..." }/api/threats?brandId=uuidFetch threat alerts for a brand
{ "threats": [{ "type": "geographic_anomaly", "severity": "high", "details": "..." }] }/api/products/list?brandId=uuidList all products for a brand (via GSI1)
{ "products": [...], "count": 42 }/api/products/qr?code=abc123Generate QR code (PNG or SVG) for a verification code
Binary PNG or SVG image
/api/products/recallRecall a product. Creates recall event, updates status to recalled, generates critical threat alert.
{ "productId": "hex", "reason": "Safety defect in batch #42", "issuedBy": "Quality Assurance" }{ "success": true, "hash": "sha256...", "status": "recalled" }/api/products/search?code=abc123Search products by verification code, product ID, or brand ID
{ "found": true, "product": { "productId": "...", "name": "...", "status": "active" } }/api/products/certificate?code=abc123Export full cryptographic certificate as JSON (product + crypto verification + provenance chain)
{ "version": "1.0", "product": {...}, "cryptography": {...}, "provenance": {...}, "verification": {...} }/api/brands/listList all registered brands
{ "brands": [{ "id": "...", "name": "...", "domain": "..." }], "count": 3 }/api/brands/stats?brandId=uuidReal-time brand statistics (products, scans, threats, status breakdown)
{ "productCount": 42, "activeProducts": 40, "totalScans": 1250, "unresolvedThreats": 2 }/api/audit?limit=30Platform-wide audit log — events, scans, and alerts sorted by time
{ "entries": [{ "type": "event", "action": "shipped", "actor": "FedEx", "timestamp": "..." }] }/api/explore?limit=50Public product gallery — all verified products for consumer browsing
{ "products": [...], "count": 50 }/api/healthPlatform health check — API status, database connectivity, latency
{ "status": "operational", "services": { "api": "healthy", "database": "healthy", "dbLatency": "8ms" } }/api/og?brand=X&product=YDynamic Open Graph image generation for social sharing
1200x630 PNG image
Product Hash: Each product record is canonicalized to JSON and hashed with SHA-256. The hash is then signed with HMAC-SHA256 using a server-side secret. Verification recomputes the hash and checks both the hash match and the HMAC signature.
Provenance Chain: Each supply chain event includes the hash of the previous event. The chain starts with a genesis event whose previousHash is SHA-256 of an empty string. Tampering with any event breaks all subsequent hash links.
Anomaly Detection:Every verification scan records the requester's IP and geolocation. The system checks for geographic anomalies (same product scanned from 3+ countries in 24 hours) and burst patterns (10+ scans per hour).