{"openapi":"3.1.0","info":{"title":"CertifiedData API","version":"1.0.0","description":"Public API for the CertifiedData certificate authority. Provides certificate retrieval, machine verification, signed payload download, and public registry access. No authentication required for verification endpoints.","contact":{"name":"CertifiedData Trust Infrastructure","url":"https://certifieddata.io/trust-center","email":"trust@certifieddata.io"},"license":{"name":"Public","url":"https://certifieddata.io/certificate-policy"}},"servers":[{"url":"https://certifieddata.io","description":"Production"}],"paths":{"/api/certificates/{certId}":{"get":{"summary":"Retrieve certificate","description":"Fetch the full certificate record for a given certificate ID. Returns the canonical certifieddata.cert.v1 JSON payload including metadata, artifact hash, and Ed25519 signature.","operationId":"getCertificate","tags":["Certificates"],"parameters":[{"name":"certId","in":"path","required":true,"description":"Certificate UUID","schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Certificate found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Certificate"},"example":{"schema_version":"certifieddata.cert.v1","certification_id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","timestamp":"2026-03-16T00:00:00.000Z","issuer":"CertifiedData.io","dataset_hash":"sha256:a3f8b2c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1","algorithm":"ctgan","rows":100000,"columns":42,"signature":"ed25519:MEUCIQDexample..."}}}},"404":{"description":"Certificate not found"}}}},"/api/certificates/{certId}/signed-payload":{"get":{"summary":"Download signed payload","description":"Returns the exact canonical JSON that was signed by the CertifiedData Ed25519 key. Use this to independently verify the signature using any standard Ed25519 library. Response is plain application/json (not attachment).","operationId":"getSignedPayload","tags":["Certificates"],"parameters":[{"name":"certId","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Signed manifest payload","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SignedManifest"}}}},"404":{"description":"Certificate not found"}}}},"/api/certificates/{certId}/download":{"get":{"summary":"Download signed manifest (attachment)","description":"Returns the raw signed manifest as an attachment file. Content-Type: application/certifieddata.manifest+json. Identical payload to /signed-payload but served with Content-Disposition: attachment.","operationId":"downloadCertificate","tags":["Certificates"],"parameters":[{"name":"certId","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Certificate manifest file","content":{"application/certifieddata.manifest+json":{"schema":{"$ref":"#/components/schemas/SignedManifest"}}}}}}},"/api/verify":{"post":{"summary":"Verify certificate","description":"Verifies a certificate by ID. Optionally accepts an artifact hash to confirm file integrity alongside signature validity. No authentication required.","operationId":"verifyCertificate","tags":["Verification"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["certificate_id"],"properties":{"certificate_id":{"type":"string","format":"uuid","description":"Certificate UUID to verify"},"artifact_hash":{"type":"string","description":"Optional SHA-256 hash of the artifact file (sha256:hex format)"}}}}}},"responses":{"200":{"description":"Verification result","content":{"application/json":{"schema":{"$ref":"#/components/schemas/VerificationResult"},"example":{"verified":true,"status":"ISSUED","certificate_id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","issuer":"CertifiedData.io","issued_at":"2026-03-16T00:00:00.000Z","signature_alg":"Ed25519","artifact_hash_match":true}}}}}}},"/api/verify/hash":{"post":{"summary":"Verify by hash only","description":"Fast hash-only verification. Accepts a certificate ID and SHA-256 hash; returns whether the hash matches the recorded artifact hash and whether the certificate signature is valid. Returns schema version metadata.","operationId":"verifyByHash","tags":["Verification"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["cert_id","sha256"],"properties":{"cert_id":{"type":"string","format":"uuid"},"sha256":{"type":"string","description":"SHA-256 hex of the artifact (with or without sha256: prefix)"}}}}}},"responses":{"200":{"description":"Hash verification result","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HashVerificationResult"},"example":{"verified":true,"hash_matched":true,"signature_valid":true,"schema_version":"certifieddata.cert.v1","is_supported":true,"is_deprecated":false,"issuer":"CertifiedData.io","timestamp":"2026-03-16T00:00:00.000Z","error":null}}}}}}},"/.well-known/signing-keys.json":{"get":{"summary":"Active signing keys","description":"Returns the list of active Ed25519 public keys used to sign certificates. Use the key_id in a certificate to look up the correct public key for signature verification.","operationId":"getSigningKeys","tags":["Trust Infrastructure"],"responses":{"200":{"description":"Active signing keys","content":{"application/json":{"schema":{"type":"object","properties":{"keys":{"type":"array","items":{"$ref":"#/components/schemas/SigningKey"}}}}}}}}}},"/v1/registry":{"get":{"summary":"Public artifact registry","description":"Returns a paginated list of registered AI artifacts. Supports filtering by status (certified, unverified), artifact_type (dataset, model, system), and industry.","operationId":"listRegistry","tags":["Registry"],"parameters":[{"name":"status","in":"query","schema":{"type":"string","enum":["certified","unverified"]}},{"name":"artifact_type","in":"query","schema":{"type":"string","enum":["dataset","model","system","output"]}},{"name":"industry","in":"query","schema":{"type":"string"}},{"name":"q","in":"query","schema":{"type":"string"},"description":"Full-text search"},{"name":"visibility","in":"query","schema":{"type":"string","default":"public"}},{"name":"limit","in":"query","schema":{"type":"integer","default":50,"maximum":200}}],"responses":{"200":{"description":"Registry entries","content":{"application/json":{"schema":{"type":"object","properties":{"items":{"type":"array","items":{"$ref":"#/components/schemas/RegistryEntry"}},"total":{"type":"integer"}}}}}}}}}},"components":{"schemas":{"Certificate":{"type":"object","properties":{"schema_version":{"type":"string","example":"certifieddata.cert.v1"},"certification_id":{"type":"string","format":"uuid"},"timestamp":{"type":"string","format":"date-time"},"issuer":{"type":"string","example":"CertifiedData.io"},"dataset_hash":{"type":"string","example":"sha256:a3f8b2c1..."},"algorithm":{"type":"string","example":"ctgan"},"rows":{"type":"integer"},"columns":{"type":"integer"},"inner_artifacts":{"type":"object","additionalProperties":{"type":"object","properties":{"sha256":{"type":"string"}}}},"signature":{"type":"string","example":"ed25519:MEUCIQDexample..."}}},"SignedManifest":{"type":"object","properties":{"schema_version":{"type":"string","example":"certifieddata.manifest.v1"},"payload":{"type":"object"},"signature":{"type":"object","properties":{"alg":{"type":"string","example":"Ed25519"},"key_id":{"type":"string","format":"uuid"},"value":{"type":"string"}}}}},"VerificationResult":{"type":"object","properties":{"verified":{"type":"boolean"},"status":{"type":"string"},"certificate_id":{"type":"string"},"issuer":{"type":"string"},"issued_at":{"type":"string","format":"date-time"},"signature_alg":{"type":"string"},"artifact_hash_match":{"type":"boolean","nullable":true}}},"HashVerificationResult":{"type":"object","properties":{"verified":{"type":"boolean"},"hash_matched":{"type":"boolean"},"signature_valid":{"type":"boolean"},"schema_version":{"type":"string"},"is_supported":{"type":"boolean"},"is_deprecated":{"type":"boolean"},"issuer":{"type":"string"},"timestamp":{"type":"string","format":"date-time","nullable":true},"error":{"type":"string","nullable":true}}},"SigningKey":{"type":"object","properties":{"key_id":{"type":"string","format":"uuid"},"algorithm":{"type":"string","example":"Ed25519"},"public_key":{"type":"string"},"created_at":{"type":"string","format":"date-time"},"status":{"type":"string","enum":["active","retired","revoked"]}}},"RegistryEntry":{"type":"object","properties":{"id":{"type":"string"},"slug":{"type":"string"},"title":{"type":"string"},"summary":{"type":"string","nullable":true},"artifactType":{"type":"string"},"status":{"type":"string","enum":["certified","unverified"]},"certificateId":{"type":"string","nullable":true},"artifactHash":{"type":"string","nullable":true},"rowsCount":{"type":"integer","nullable":true},"industry":{"type":"string","nullable":true},"tags":{"type":"array","items":{"type":"string"}},"verificationUrl":{"type":"string","nullable":true}}}}},"tags":[{"name":"Certificates","description":"Certificate retrieval and signed payload endpoints"},{"name":"Verification","description":"Machine verification of certificates and artifact hashes"},{"name":"Registry","description":"Public artifact registry listing"},{"name":"Trust Infrastructure","description":"Signing keys and trust infrastructure endpoints"}]}