Documentation — Verity AI
Verity AI /Docs
Getting Started

Verity AI Documentation

A REST API for product authentication. Submit images; receive a structured decision, confidence score, and verifiable certificate.

Quickstart
Authenticate your first product in minutes.
API Reference
Full endpoint docs, parameters, schemas.
Shopify
Native integration, no code required.
Agentic Commerce
Machine-readable output for AI agents.
Access required. The API is available to approved enterprise operators. Apply for access.

Overview

Verity sits between your commerce workflows — listing intake, checkout, returns — and provides a product-level trust signal. Returns a decision (authentic, counterfeit, or inconclusive), a confidence score (0.00–1.00), anomaly flags, and a permanent certificate URL. No SDKs required — a single curl call gets you to a decision.

Base URL

endpoint
https://api.verityai.app/v1
Getting Started

Quickstart

Make your first authentication call in under five minutes.

  1. Get your API key
    Log in to the Verity Dashboard → Settings → API Keys. Copy your secret key — it won't be shown again.
  2. Authenticate a product
    curl https://api.verityai.app/v1/authenticate \
  -X POST -H "Authorization: Bearer $VERITY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"brand":"ganni","category":"dress","images":["https://cdn.example.com/front.jpg"]}'
    const res = await fetch('https://api.verityai.app/v1/authenticate',{
  method:'POST',
  headers:{'Authorization':`Bearer ${process.env.VERITY_API_KEY}`,'Content-Type':'application/json'},
  body:JSON.stringify({brand:'ganni',category:'dress',images:['https://cdn.example.com/front.jpg']})
}).then(r=>r.json());
console.log(res.decision); // "authentic"
    res = requests.post("https://api.verityai.app/v1/authenticate",
  headers={"Authorization":f"Bearer {api_key}"},
  json={"brand":"ganni","category":"dress","images":["https://cdn.example.com/front.jpg"]})
print(res.json()["decision"]) # "authentic"
  3. Read the response
    200 OK · decision: "authentic"2.1s
    {"id":"auth_01j9xkp4mq2n8r7v","decision":"authentic","confidence":0.97,
  "flags":[],"certificate_url":"https://verify.verityai.app/cert/auth_01j9xkp4",
  "processed_at":"2026-02-23T08:22:31Z"}
  4. Act on the decision
    Route on decision: approve listings, gate refunds, feed your rules engine. Embed certificate_url in listings or receipts — it's permanent and publicly verifiable.
Getting Started

Authentication

All requests require a Bearer token in the Authorization header. Both verity_sk_live_* (production) and verity_sk_test_* (no quota consumed) key formats are supported.

header
Authorization: Bearer verity_sk_live_••••••••••••••••
Keep your key secret. Never expose it in client-side code or commit it to version control. Use environment variables. Rotate keys every 90 days from the dashboard.
Core API

POST /authenticate

The primary endpoint. Submit product images with brand and category metadata; receive a structured decision synchronously.

POSThttps://api.verityai.app/v1/authenticate

Request body

ParameterTypeDescription
images
REQUIRED		string[]Array of public image URLs. 1–8 images. JPEG, PNG, WEBP. Min 400×400px.
brand
REQUIRED		stringBrand slug from the supported catalogue. Lowercase, hyphen-separated. e.g. "louis-vuitton"
category
REQUIRED		stringProduct category. e.g. "dress", "sneakers", "handbag".
metadata
OPTIONAL		objectKey-value pairs returned verbatim. Use for internal IDs. Max 16 keys, 256 chars/value.
threshold
OPTIONAL		floatMin confidence for a definitive decision. Below this returns "inconclusive". Range 0.50–0.99. Default: 0.80.
webhook_url
OPTIONAL		stringIf set, full response is also POSTed here after processing. See Webhooks.

Response fields

id
string
Unique event ID, prefixed auth_. Use to retrieve certificates and link audit events.
decision
string · enum
The outcome. Drive downstream logic from this field.
authenticcounterfeitinconclusive
confidence
float · 0.00–1.00
Model confidence. Use for custom thresholds in your rules engine.
flags
string[]
Anomalies detected. Empty on a clean pass.
hardware_anomalystitching_anomalytypography_anomalyai_generatedlabel_mismatch
certificate_url
string · URL
Permanent public record. Issued on "authentic" only. Embed in listings, receipts, or agent chains.
processed_at
ISO 8601
UTC timestamp for compliance logging.
model_version
string
Model used. Include in support requests.

Example

curl https://api.verityai.app/v1/authenticate \
  -X POST -H "Authorization: Bearer $VERITY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"brand":"ganni","category":"dress","images":["https://cdn.example.com/front.jpg"],"metadata":{"listing_id":"lst_8821"},"threshold":0.85}'
const res = await fetch('https://api.verityai.app/v1/authenticate',{
  method:'POST',
  headers:{'Authorization':`Bearer ${process.env.VERITY_API_KEY}`,'Content-Type':'application/json'},
  body:JSON.stringify({brand:'ganni',category:'dress',images:['https://cdn.example.com/front.jpg'],metadata:{listing_id:'lst_8821'},threshold:0.85})
}).then(r=>r.json());
if(res.decision==='authentic'){/* approve, embed res.certificate_url */}
res = requests.post("https://api.verityai.app/v1/authenticate",
  headers={"Authorization":f"Bearer {api_key}"},
  json={"brand":"ganni","category":"dress","images":["https://cdn.example.com/front.jpg"],
        "metadata":{"listing_id":"lst_8821"},"threshold":0.85}).json()
if res["decision"] == "authentic": db.update_listing(certificate_url=res["certificate_url"])
200 OK2.3s
{"id":"auth_01j9xkp4mq2n8r7v","decision":"authentic","confidence":0.97,
  "flags":[],"brand":"ganni","category":"dress",
  "metadata":{"listing_id":"lst_8821"},
  "certificate_url":"https://verify.verityai.app/cert/auth_01j9xkp4",
  "processed_at":"2026-02-23T08:22:31Z","model_version":"cv-3.1"}
Core API

GET /certificate/:id

Retrieve a full authentication record by event ID. Useful for audit trails and dispute resolution. The public certificate page at verify.verityai.app/cert/:id requires no authentication and can be linked directly from listings. For a lightweight boolean validity check, use GET /v1/verify/:id — returns {"valid":true,"decision":"authentic"}.

GEThttps://api.verityai.app/v1/certificate/:id
cURL
curl https://api.verityai.app/v1/certificate/auth_01j9xkp4mq2n8r7v \
  -H "Authorization: Bearer $VERITY_API_KEY"
Core API

Errors & Status Codes

Errors return JSON with a machine-readable code and human-readable message.

error shape
{"error":{"code":"invalid_image_url","message":"Image returned 403.","param":"images[1]"}}
200
Success — decision returned.
400
Bad Request — missing or invalid params. Check error.param.
401
Unauthorized — invalid or missing API key.
403
Forbidden — plan does not support this brand or feature.
429
Rate Limited — see Rate Limits.
500
Server Error — retry with exponential backoff.
503
Service Unavailable — retry after 2s.

Error codes

CodeDescription
missing_required_fieldRequired field missing.
invalid_image_urlImage URL unreachable. Ensure all URLs are public.
unsupported_brandBrand not in supported catalogue.
image_too_smallImage below 400×400px minimum.
quota_exceededMonthly quota reached.
invalid_api_keyKey malformed or revoked.
Core API

Rate Limits

Rate limits apply per API key. Every response includes limit headers.

response headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 986
X-RateLimit-Reset: 1709020800
Retry-After: 60  # only on 429
Specific limits are defined in your service agreement. Contact [email protected] for limit increases.
Integrations

Shopify Integration

Install Verity into your Shopify store. Authentication fires at listing creation or checkout — no custom development required.

  1. Install the Verity app
    Shopify Admin → Apps → App Store → search “Verity AI” → Install.
  2. Connect your API key
    Paste your verity_sk_live_* key in app settings. The app validates and displays your quota.
  3. Configure your workflow
    Select trigger: product creation, checkout, or return initiation. Set counterfeit action: auto-reject, hold for review, or notify.
  4. Embed the trust badge
    Enable from the theme editor. Authenticated listings display a badge linking to the public certificate.
For headless Shopify, use the REST API directly and handle badge rendering in your storefront layer.
Integrations

Returns Workflows

Gate refunds by comparing a returned item against its listing. Two calls: one at listing, one at return.

Node.js · returns gate
// At listing — store result.id in your OMS
const listing = await authenticate({images:listingImages,brand,category,metadata:{listing_id}});

// At return
const ret = await authenticate({images:returnImages,brand,category,metadata:{order_id,return_id}});

if(ret.confidence >= 0.80 && ret.decision === 'authentic'){
  await oms.approveRefund(order_id);
}else{
  await oms.flagForReview(order_id,{flags:ret.flags});
}
Full audit trail. Each call produces a timestamped certificate — a two-event record per return defensible for dispute resolution.
Integrations

Agentic Commerce NEW

Verity's JSON output is consumable directly by AI agents. The structured response — decision, confidence, certificate URL, flags — is parseable by any LLM without additional tooling. Demonstrated in the Mastercard AI Payment Agent environment.

OpenAI tool definition
{"type":"function","function":{
  "name":"authenticate_product",
  "description":"Authenticate a product. Returns decision, confidence, and certificate URL.",
  "parameters":{"type":"object","required":["brand","category","images"],
    "properties":{"brand":{"type":"string"},"category":{"type":"string"},
      "images":{"type":"array","items":{"type":"string","format":"uri"}}}
  }}}
Compatible with any LLM provider supporting function/tool calling — Anthropic Claude, OpenAI GPT-4o, Google Gemini.
Integrations

Webhooks BETA

Receive authentication events pushed to your endpoint. Supply a webhook_url in your request, or configure a global endpoint in the dashboard.

EventDescription
authentication.completedDecision produced. Includes full response object.
authentication.failedProcessing failed. Includes error details.
certificate.revokedA certificate was revoked.

Every webhook includes a Verity-Signature header — HMAC-SHA256 signed with your webhook secret.

Node.js · verify signature
import crypto from 'crypto';
function verify(rawBody,sig,secret){
  const exp=crypto.createHmac('sha256',secret).update(rawBody).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(exp),Buffer.from(sig));
}
Resources

Changelog

2026-02-01NEW
GET /verify endpoint

Lightweight certificate validation for agent chains. Boolean validity in under 200ms.

2026-01-14
Webhooks (beta)

Subscribe to authentication.completed and authentication.failed. HMAC-SHA256 signatures included.

2025-11-28
Model v3.1

Accuracy improvements. Added metadata and threshold parameters.

Resources

Support

Direct engineering support for active integrations. No tickets. No automated responses.

Email
[email protected] — response within one business day.
Request Access
Apply for access. Deployments scoped and supported from day one.
Include your event ID (auth_*), first 12 chars of your API key, and error.code.
NextPOST /authenticate