Verification

The verification endpoint lets you confirm that a signed document is authentic by checking its SHA-256 hash against inSigner’s records.

Verify a document

POST /api/v1/verify

Checks both the original document hash and the signed document hash. Returns whether a matching document exists in your organization.

Required scope: documents.read

Request body

Field	Type	Required	Description
hash	string	✅	64-character hex SHA-256 hash of the document

curl

# First, compute the SHA-256 hash of the document
SHA256=$(shasum -a 256 document.pdf | awk '{print $1}')

# Then verify it
curl -X POST https://app.insigner.co/api/v1/verify \
  -H "Authorization: Bearer isk_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"hash\": \"$SHA256\"}"

JavaScript

import { createHash } from 'crypto';
import { readFileSync } from 'fs';

// Compute hash
const fileBuffer = readFileSync('document.pdf');
const hash = createHash('sha256').update(fileBuffer).digest('hex');

// Verify
const res = await fetch('https://app.insigner.co/api/v1/verify', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer isk_YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ hash })
});
const { data } = await res.json();

if (data.verified) {
  console.log(`✅ Document verified: ${data.documentName}`);
  console.log(`   Hash match: ${data.hashMatch}`);
} else {
  console.log('❌ Document not found');
}

Python

import hashlib
import requests

# Compute hash
with open("document.pdf", "rb") as f:
    hash_value = hashlib.sha256(f.read()).hexdigest()

# Verify
res = requests.post(
    "https://app.insigner.co/api/v1/verify",
    headers={"Authorization": "Bearer isk_YOUR_API_KEY"},
    json={"hash": hash_value}
)
result = res.json()["data"]

if result["verified"]:
    print(f"✅ Document verified: {result['documentName']}")
    print(f"   Hash match: {result['hashMatch']}")
else:
    print("❌ Document not found")

Verified response

{
  "data": {
    "verified": true,
    "documentId": "cm5x9abc123",
    "documentName": "Sales Agreement Q3",
    "status": "completed",
    "completedAt": "2026-05-29T14:30:00.000Z",
    "hashMatch": "signed"
  }
}

Field	Description
verified	true if a matching document was found
documentId	The document ID
documentName	The document name
status	Current document status
completedAt	When signing was completed
hashMatch	"original" if matching the original PDF, "signed" if matching the signed PDF

Not found response

{
  "data": {
    "verified": false,
    "documentId": null,
    "documentName": null,
    "status": null,
    "completedAt": null,
    "hashMatch": null
  }
}

Tip

Use the hashMatch field to determine if the file you checked is the original upload ("original") or the completed signed version ("signed").