Open Protocol · v1.2.0

Cryptographic trust
for every API response.

OpenProof adds ECDSA signatures to API responses so any client can verify data integrity — provably, without trusting the transport layer.

Get started Read the spec
API response · data
{
  "symbol": "ETH",
  "price": 2081.41,
  "change_24h": -4.71
}
API response · _trust envelope
{
  "call_id":      "op_abc123def456",
  "endpoint":     "/v1/price/ETH",
  "payload_hash": "sha256:9f86d0...",
  "timestamp":    1711234567,
  "signer":       "0x41A024...",
  "signature":    "0x3ad7f1..."
}
The _trust envelope proves the response came from the claimed signer and the data field was not modified after signing.
Protocol

How OpenProof works

Four deterministic steps. No certificate authorities. No trusted intermediaries.

01

Canonical JSON

Response data is serialized with sorted keys and no whitespace — ensuring identical payloads always produce identical hashes.

02

SHA-256 hash

A SHA-256 hash is computed. Any modification — even a single character — produces a completely different hash.

03

ECDSA signature

The hash is signed with secp256k1 (Ethereum-compatible). The signer's public address is included in the envelope.

04

Verify anywhere

Anyone can recover the signer address from the signature and compare it to the declared signer. No API call required.

Features

Built for the agentic web

Every decision an AI agent makes is only as trustworthy as the data it received.

Tamper-evident

Any modification to response data — by a proxy, CDN, or man-in-the-middle — invalidates the signature immediately.

Replay protection

Every response carries a unique call_id and timestamp. Duplicate responses and stale data are automatically rejected.

Zero latency overhead

Signing is in-process with no external calls. Adds less than 1ms to any response time.

Language agnostic

Reference implementations in Python and TypeScript. Any language with ECDSA support can implement OpenProof.

Auditable decisions

Every signed response is a cryptographic receipt. Agents can prove exactly what data informed each decision.

No PKI required

Uses Ethereum-compatible ECDSA. Any wallet address is a valid signing identity. No certificate authorities.

Get started

Verify in three lines

Install the verification library. Works with any OpenProof-compliant API.

$ npm install openproof-verify click to copy
// Verify any OpenProof-compliant API response const { verifyResponse } = require('openproof-verify') const response = await fetch('https://your-api.com/v1/data') const json = await response.json() const result = verifyResponse(json) // → { valid: true, signer: '0x...', signed_at: 1711234567 } if (result.valid) { console.log('✓ Verified — signed by', result.signer) } else { console.error('✗', result.reason) }
Ecosystem

OpenProof-compliant APIs

APIs that include a verified _trust envelope on every response.

Agent Registry
agent-registry.yantrix.ai
Agent Session
agent-session.yantrix.ai
Relay
relay.yantrix.ai
Capability Discovery
capability-discovery.yantrix.ai
Settlement Record
settlement-record.yantrix.ai
Your API
openproof.io/implement

Start verifying responses today.

OpenProof is MIT licensed and free for any use. Implement it in your API in under an hour.

npm install openproof-verify Read the spec →
Contact

Questions or feedback?

Tell us how you are using OpenProof, report an issue, or suggest a feature. We read every message.

support@yantrix.ai Open a GitHub issue