Quickstart

This guide takes you from zero to a verified signed image in under 5 minutes.

Prerequisites

A Verbitas API key. Get one at verbitas.io/onboard.
curl and jq installed, or any HTTP client.

Set your key in the environment:

export VERBITAS_API_KEY=vb_live_YOUR_KEY_HERE

Step 1: Get an image to sign

Use any JPEG or PNG. For this example:

curl -o sample.jpg https://picsum.photos/800/600

Step 2: Sign the asset

curl -X POST https://api.verbitas.io/v1/sign \
  -H "Authorization: Bearer $VERBITAS_API_KEY" \
  -H "Idempotency-Key: $(python3 -c 'import uuid; print(uuid.uuid4())')" \
  -F "[email protected]" \
  -F "recipe=image-genai-v1" \
  -F 'metadata={"generator":"example","model":"demo"}' \
  | jq .

Response (synchronous, file < 5 MB):

{
  "asset_id": "a_01j...",
  "watermark_id": "w_01j...",
  "manifest_uri": "https://m.verbitas.io/manifests/a_01j.../manifest.c2pa",
  "verifier_url": "https://v.verbitas.io/v/a_01j...",
  "anchor": { "batch_id": "b_01j...", "status": "queued" }
}

Save the asset_id:

ASSET_ID=a_01j...   # replace with your actual asset_id

For files > 5 MB, the API returns 202 { "job_id": "..." }. Poll for completion:

curl -H "Authorization: Bearer $VERBITAS_API_KEY" \
  https://api.verbitas.io/v1/jobs/$JOB_ID | jq .status

Step 3: Verify the signed asset

Verify by asset ID (no file upload required):

curl -X POST https://api.verbitas.io/v1/verify \
  -H "Authorization: Bearer $VERBITAS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"asset_id\": \"$ASSET_ID\"}" \
  | jq '{status, confidence}'

Expected response:

{
  "status": "verified_manifest_intact",
  "confidence": 0.97
}

Or verify by uploading the signed file:

curl -X POST https://api.verbitas.io/v1/verify \
  -H "Authorization: Bearer $VERBITAS_API_KEY" \
  -F "asset=@signed_sample.jpg" \
  | jq '{status, confidence}'

Step 4: View the result in the UI

Open the verifier_url from the sign response in a browser:

https://v.verbitas.io/v/a_01j...

The verifier page shows the full manifest, all signals, and a plain-language explanation. It never says “real” or “fake” — only the explainable state code and what it proves.

What the verification result means

Status	Meaning
`verified_manifest_intact`	C2PA signature is valid, signer is trusted, manifest was not tampered with
`verified_manifest_and_watermark_match`	As above, plus the embedded watermark ID matches the manifest record
`no_provenance`	No manifest or watermark found
`manifest_tampered`	Manifest was present but has been altered since signing

See the full Verification States reference for all 16 codes.

Python SDK equivalent

pip install verbitas

import verbitas

client = verbitas.Client()  # reads VERBITAS_API_KEY from env

result = client.sign("sample.jpg", recipe="image-genai-v1",
                     metadata={"generator": "example", "model": "demo"})
print(result.verifier_url)

verification = client.verify(asset_id=result.asset_id)
print(verification.status)

Next steps

API Reference: Sign — all parameters, response fields, error codes
API Reference: Verify — verification result schema
Concepts: Provenance & C2PA — what the manifest records
Guides: Your First Sign — end-to-end walkthrough with full context