{ "openapi": "3.1.0", "info": { "title": "OpenOrigins API", "version": "1.0.0", "description": "REST API for embedding C2PA-based content provenance into applications. Verify, anchor, and retrieve cryptographic manifests for digital media (photos, videos, documents).", "contact": { "name": "OpenOrigins Developer Support", "url": "https://www.openorigins.com/developers", "email": "developers@openorigins.com" }, "license": { "name": "Proprietary", "url": "https://www.openorigins.com/terms" }, "termsOfService": "https://www.openorigins.com/terms" }, "servers": [ { "url": "https://api.openorigins.com/v1", "description": "Production" }, { "url": "https://sandbox.api.openorigins.com/v1", "description": "Sandbox (request access via /developers)" } ], "externalDocs": { "description": "Full developer documentation", "url": "https://openorigins.gitbook.io/openorigins-v1" }, "tags": [ { "name": "Verification", "description": "Verify the authenticity and provenance of digital assets" }, { "name": "Anchoring", "description": "Apply cryptographic timestamps and provenance metadata" }, { "name": "Manifests", "description": "Retrieve C2PA manifests and chain-of-custody records" } ], "paths": { "/verify": { "post": { "tags": ["Verification"], "summary": "Verify an asset", "description": "Verify the authenticity, origin, and integrity of a digital asset by URL or hash. Returns the C2PA manifest if present and a verification result.", "operationId": "verifyAsset", "security": [{ "bearerAuth": [] }], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VerifyRequest" } } } }, "responses": { "200": { "description": "Verification result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VerifyResponse" } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" } } } }, "/anchor": { "post": { "tags": ["Anchoring"], "summary": "Anchor an asset", "description": "Apply a cryptographic timestamp and provenance manifest to an existing digital asset. Returns the asset ID and manifest URL.", "operationId": "anchorAsset", "security": [{ "bearerAuth": [] }], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AnchorRequest" } } } }, "responses": { "201": { "description": "Anchored asset", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AnchorResponse" } } } }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" } } } }, "/manifests/{assetId}": { "get": { "tags": ["Manifests"], "summary": "Retrieve a manifest", "description": "Retrieve the C2PA manifest and full chain-of-custody record for a previously anchored asset.", "operationId": "getManifest", "security": [{ "bearerAuth": [] }], "parameters": [ { "name": "assetId", "in": "path", "required": true, "schema": { "type": "string" }, "description": "OpenOrigins asset identifier" } ], "responses": { "200": { "description": "Manifest record", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Manifest" } } } }, "404": { "description": "Asset not found" }, "401": { "$ref": "#/components/responses/Unauthorized" } } } } }, "components": { "securitySchemes": { "bearerAuth": { "type": "http", "scheme": "bearer", "bearerFormat": "JWT", "description": "OAuth 2.0 bearer token. Request credentials at https://www.openorigins.com/developers" } }, "schemas": { "VerifyRequest": { "type": "object", "properties": { "asset_url": { "type": "string", "format": "uri", "description": "Public URL of the asset to verify" }, "asset_hash": { "type": "string", "description": "SHA-256 hash of the asset content (alternative to asset_url)" } } }, "VerifyResponse": { "type": "object", "required": ["verified", "asset_id"], "properties": { "verified": { "type": "boolean" }, "asset_id": { "type": "string" }, "captured_at": { "type": "string", "format": "date-time" }, "manifest": { "$ref": "#/components/schemas/Manifest" } } }, "AnchorRequest": { "type": "object", "required": ["asset_url"], "properties": { "asset_url": { "type": "string", "format": "uri" }, "metadata": { "type": "object", "additionalProperties": true } } }, "AnchorResponse": { "type": "object", "required": ["asset_id", "manifest_url"], "properties": { "asset_id": { "type": "string" }, "manifest_url": { "type": "string", "format": "uri" }, "anchored_at": { "type": "string", "format": "date-time" } } }, "Manifest": { "type": "object", "description": "C2PA-compliant provenance manifest", "properties": { "asset_id": { "type": "string" }, "standard": { "type": "string", "example": "C2PA" }, "captured_at": { "type": "string", "format": "date-time" }, "captured_by": { "type": "string" }, "signatures": { "type": "array", "items": { "type": "object", "additionalProperties": true } }, "chain_of_custody": { "type": "array", "items": { "type": "object", "additionalProperties": true } } } } }, "responses": { "Unauthorized": { "description": "Missing or invalid credentials", "content": { "application/json": { "schema": { "type": "object", "properties": { "error": { "type": "string" } } } } } }, "RateLimited": { "description": "Rate limit exceeded", "content": { "application/json": { "schema": { "type": "object", "properties": { "error": { "type": "string" }, "retry_after": { "type": "integer" } } } } } } } } }