Build with
The Truth.
Integrate the VORA Protocol's decentralized asset anchoring, perceptual similarity engine, and cryptographic verification into your own applications.
01 / Quick Start
Create Account
Sign up for the VORA Protocol dashboard to access our developer nodes.
Generate API Key
Navigate to API Settings and create a production secret key (vora_sk_live_...).
First Request
Execute your first verification using the REST API endpoints documented below.
02 / Authentication
The VORA API uses Bearer authentication. All requests must be made over HTTPS and include your secret API key in the Authorization header.
Authorization: Bearer vora_sk_live_xxxxxxxxx03 / Endpoints
/api/proof/[signature_id]Retrieve Proof Metadata
Fetches full audit logs and immutable metadata associated with a specific asset signature. Now includes machine-readable AI licensing fields.
curl https://voraprotocol.com/api/proof/123 \ -H "Authorization: Bearer vora_sk_live_xxx"
{
"signature_id": "123",
"timestamp": "2026-03-11T23:25:53Z",
"license": "Creative Commons BY-NC",
"ai_license_type": "forbidden",
"machine_readable": {
"training_allowed": false,
"commercial_allowed": false,
"attribution_required": true
},
"creator": "Archon Media",
"verification_url": "https://voraprotocol.com/p/123"
}/api/license-checkAutomated AI Governance
Programmatically verify if an asset allows AI training or commercial ingestion. Essential for crawler compliance.
curl -X POST https://voraprotocol.com/api/license-check \
-H "Content-Type: application/json" \
-d '{"signature_id": "123", "intended_use": "ai_training"}'{
"signature_id": "123",
"intended_use": "ai_training",
"allowed": false,
"reason": "AI Training Forbidden by Creator",
"license_type": "forbidden"
}/api/verify-imageDetect Visual Similarity
Upload an image to compare its perceptual fingerprint against the VORA global registry. Detects AI alterations and copyright infringements.
curl -X POST https://voraprotocol.com/api/verify-image \ -H "Authorization: Bearer vora_sk_live_xxx" \ -F "file=@asset.jpg"
{
"match_found": true,
"similarity": 0.98,
"original_asset": {
"signature_id": "456",
"owner": "Archon Media Corp"
}
}/api/verify-metadataInternal Signature Check
Verifies the internal VORA cryptographic signature embedded in an image's EXIF/XMP regions.
curl -X POST https://voraprotocol.com/api/verify-metadata \ -H "Authorization: Bearer vora_sk_live_xxx" \ -F "file=@signed_asset.png"
{
"is_valid": true,
"v_signature_id": "789",
"anchored_at": "2026-02-15T09:00:00Z"
}/api/c2pa/manifestGenerate Unsigned C2PA Manifest
Creates an unsigned C2PA-compliant JSON-LD manifest for existing Vora proofs. Includes hash verification and license assertions for content authenticity workflows.
curl -X POST https://voraprotocol.com/api/c2pa/manifest \
-H "Content-Type: application/json" \
-d '{
"proofId": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"assetName": "my-image.jpg",
"creator": "VED KUMAR",
"licenseType": "Creative Commons BY-NC",
"aiTrainingAllowed": false,
"commercialUseAllowed": false
}'{
"@context": "https://c2pa.org/schemas/c2pa-v2.json",
"version": "2.0",
"claim_generator": "VORA Protocol v1.0.8",
"format": "JSON-LD",
"assertions": [
{
"label": "c2pa:hash.sha256",
"data": "1b5dbf229bd905ad1ca1e0ed2d1031e98d4a77ece431efb1dc5839eb70f65476"
},
{
"label": "c2pa:license",
"data": {
"license_type": "Creative Commons BY-NC",
"attribution_required": true,
"commercial_forbidden": true,
"ai_training_forbidden": true
}
}
],
"claim": {
"proof_id": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"timestamp": "2026-03-25T08:00:00.000Z",
"creator": "VED KUMAR",
"asset_name": "my-image.jpg"
},
"signature": null
}/api/proof/[signature_id]/c2paRetrieve C2PA Manifest
Fetches a cached C2PA-compliant manifest for an existing proof. Includes 24-hour caching with Redis fallback for optimal performance.
curl https://voraprotocol.com/api/proof/d8ab537a-2ebe-4ea9-9b0c-3734ecf99451/c2pa
{
"status": "success",
"manifestVersion": "2.0",
"signature_id": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"manifest": {
"@context": "https://c2pa.org/schemas/c2pa-v2.json",
"version": "2.0",
"claim_generator": "VORA Protocol v1.0.8",
"format": "JSON-LD",
"assertions": [
{
"label": "c2pa:hash.sha256",
"data": "1b5dbf229bd905ad1ca1e0ed2d1031e98d4a77ece431efb1dc5839eb70f65476"
},
{
"label": "c2pa:license",
"data": {
"license_type": "Creative Commons BY-NC",
"attribution_required": true,
"commercial_forbidden": true,
"ai_training_forbidden": true
}
}
],
"claim": {
"proof_id": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"timestamp": "2026-03-23T15:01:31.856506+00:00",
"creator": "VED KUMAR",
"asset_name": "asset.jpg"
},
"signature": null
},
"retrievedAt": "2026-03-25T08:16:01.649Z",
"signed": false,
"verificationUrl": "https://voraprotocol.com/verify?id=d8ab537a-2ebe-4ea9-9b0c-3734ecf99451"
}04 / C2PA Manifest APIs
Phase 1: Unsigned Manifests
C2PA manifests are currently UNSIGNED. Phase 2 will include X.509 certificate-based cryptographic signing for full Content Credentials compliance.
/api/c2pa/manifestGenerate Unsigned C2PA Manifest
Creates an unsigned C2PA-compliant JSON-LD manifest from an existing Vora proof. Returns manifest with hash assertions and license metadata.
curl -X POST https://voraprotocol.com/api/c2pa/manifest \
-H "Content-Type: application/json" \
-H "Authorization: Bearer vora_sk_live_xxx" \
-d '{
"proofId": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"assetName": "my-image.jpg",
"creator": "VED KUMAR",
"licenseType": "Creative Commons BY-NC",
"aiTrainingAllowed": false,
"commercialUseAllowed": false
}'{
"@context": "https://c2pa.org/schemas/c2pa-v2.json",
"version": "2.0",
"claim_generator": "VORA Protocol v1.0.8",
"format": "JSON-LD",
"assertions": [
{
"label": "c2pa:hash.sha256",
"data": "1b5dbf229bd905ad1ca1e0ed2d1031e98d4a77ece431efb1dc5839eb70f65476"
},
{
"label": "c2pa:license",
"data": {
"license_type": "Creative Commons BY-NC",
"attribution_required": true,
"commercial_forbidden": true,
"ai_training_forbidden": true
}
}
],
"claim": {
"proof_id": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"timestamp": "2026-03-25T08:00:00.000Z",
"creator": "VED KUMAR",
"asset_name": "my-image.jpg"
},
"signature": null
}/api/proof/[signature_id]/c2paRetrieve C2PA Manifest
Fetches a cached C2PA manifest for an existing proof. Includes 24-hour caching layer for optimal performance.
curl https://voraprotocol.com/api/proof/d8ab537a-2ebe-4ea9-9b0c-3734ecf99451/c2pa
{
"status": "success",
"manifestVersion": "2.0",
"signature_id": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"manifest": {
"@context": "https://c2pa.org/schemas/c2pa-v2.json",
"version": "2.0",
"claim_generator": "VORA Protocol v1.0.8",
"format": "JSON-LD",
"assertions": [
{
"label": "c2pa:hash.sha256",
"data": "1b5dbf229bd905ad1ca1e0ed2d1031e98d4a77ece431efb1dc5839eb70f65476"
},
{
"label": "c2pa:license",
"data": {
"license_type": "Creative Commons BY-NC",
"attribution_required": true,
"commercial_forbidden": true,
"ai_training_forbidden": true
}
}
],
"claim": {
"proof_id": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451",
"timestamp": "2026-03-23T15:01:31.856506+00:00",
"creator": "VED KUMAR",
"asset_name": "asset.jpg"
},
"signature": null
},
"retrievedAt": "2026-03-25T08:16:01.649Z",
"signed": false,
"verificationUrl": "https://voraprotocol.com/verify?id=d8ab537a-2ebe-4ea9-9b0c-3734ecf99451"
}/api/c2pa/sidecar/generateDownload C2PA Sidecar File
Generates and downloads a CBOR-encoded .c2pa sidecar file. Sidecar files are portable provenance containers distributed alongside digital assets.
curl -X POST https://voraprotocol.com/api/c2pa/sidecar/generate \
-H "Content-Type: application/json" \
-H "Authorization: Bearer vora_sk_live_xxx" \
-d '{"proofId": "d8ab537a-2ebe-4ea9-9b0c-3734ecf99451"}' \
-o "asset.jpg.c2pa"Binary file download (CBOR format)
File: asset.jpg.c2pa
Content-Type: application/cbor
Size: ~700 bytes
Sidecar contents (decoded):
{
"manifest": { ... C2PA JSON-LD manifest ... },
"originalFile": "asset.jpg",
"generatedAt": "2026-03-25T08:31:06.000Z",
"c2paVersion": "2.0"
}Honest Disclosure: AI Governance
AI licensing metadata (XMP/EXIF regions) is currently advisory and non-legally binding on the protocol layer. While VORA-compliant crawlers respect these tags, the protocol cannot technically prevent unauthorized scraping. We recommend combining these tags with visible watermarking for maximum protection.
05 / Network Policy
| Subscription Tier | Requests / Day | Concurrent Hooks |
|---|---|---|
| Free Node | 100 | 1 |
| Pro Integration | 10,000 | 50 |
| Studio Infrastructure | 100,000 | Unlimited |
06 / Troubleshooting
Invalid Request
Cause:
Missing required fields or invalid UUID format
Solution:
Ensure proofId is a valid UUID (e.g., d8ab537a-2ebe-4ea9-9b0c-3734ecf99451) and all required fields are included.
Proof Not Found
Cause:
The specified signature_id does not exist in the database
Solution:
Verify the proof ID is correct. Use GET /api/proof/[signature_id] to check if the proof exists.
Unauthorized
Cause:
Missing or invalid API key in Authorization header
Solution:
Include a valid Bearer token: -H 'Authorization: Bearer vora_sk_live_xxx'
Database Connection Failed
Cause:
Supabase connection error or service interruption
Solution:
Check Supabase status. Retry with exponential backoff. Contact support if issue persists.
Frequently Asked Questions
What is the difference between /api/c2pa/manifest and /api/proof/[id]/c2pa?
POST /api/c2pa/manifest generates a new manifest with custom parameters (creator, license). GET /api/proof/[id]/c2pa retrieves a cached manifest for an existing proof with default values.
How long are manifests cached?
Manifests are cached for 24 hours using a dual-layer cache (in-memory + Redis). Subsequent requests within this period return cached responses instantly.
What format are .c2pa sidecar files?
Sidecar files use CBOR (Concise Binary Object Representation) encoding - a binary JSON-like format optimized for size and parsing speed. Use the cbor library to decode.
When will signed manifests be available?
Phase 2 (X.509 certificate signing) is in development. This will enable full C2PA Content Credentials compliance with cryptographic signatures.