Sanad · Developers
PricingDocsContact

Sanad Verify API

Verify any registered entity's compliance posture — pay per call.

Same model as UIDAI Aadhaar Auth API and DigiLocker B2B. Bearer keys, wallet-based prepaid billing, P5-patent authority-bounded responses. ₹100 in signup credits per new key — 50 free status calls.

checking session
See pricing

Quickstart

Every endpoint is a single GET (or POST for audit-pack). Pass Authorization: Bearer sk_live_… and the wallet is debited atomically.

Status pull (₹2)

curl https://sanad.cognoshift.in/api/v1/verify/status/<entity_id> \
  -H "Authorization: Bearer sk_live_..."

# Returns:
# { "verdict": "GREEN", "score_percent": 87, "as_of": "...",
#   "signature": "...", "key_id": "sanad-verify-2026" }

Detailed posture (₹20)

curl https://sanad.cognoshift.in/api/v1/verify/posture/<entity_id> \
  -H "Authorization: Bearer sk_live_..."

# Returns the full categorised posture matrix + Merkle evidence root.

District rollup (₹500) — Authority-bound keys only

curl https://sanad.cognoshift.in/api/v1/verify/rollup/<authority_id> \
  -H "Authorization: Bearer sk_live_..."

# Returns the same shape as /api/authority/aggregate.
# 403 OUT_OF_SCOPE if your key's bound_authority_id mismatches.

Audit pack (₹2,000) — idempotency-required

curl -X POST https://sanad.cognoshift.in/api/v1/verify/audit-pack/<entity_id> \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"idempotency_key": "01J...", "since": "2026-04-01"}'

JavaScript

const res = await fetch(
  "https://sanad.cognoshift.in/api/v1/verify/status/" + entityId,
  { headers: { Authorization: "Bearer " + process.env.SANAD_KEY } }
);
const { verdict, score_percent, signature, key_id } = await res.json();
// Verify signature offline against /api/v1/verify/public-key

Full design: VERIFY_API_DESIGN.md . Public verification key: /api/v1/verify/public-key.

Patent P5 — authority-bounding

Keys can be bound to an authority. A bound key can ONLY query entities under that authority's jurisdiction; cross-boundary requests return 403 OUT_OF_SCOPE. Defence-in-depth: app-layer pre-check + DB trigger refusing cross-boundary log inserts. This is the patent-protected primitive that separates Sanad Verify from generic compliance APIs.

Questions? hello@sanad.in · On GeM listing soon · CIN U85499HR2025PTC130446