Verify API

Verify agent receipts, check trust scores, generate compliance reports. The SDK produces receipts. The API verifies them.

Base URL: https://nobulex.com/api/verify

Try it now

The verify endpoint and tamper demo are live. No API key needed for the free tier.

# See a live tamper detection
curl https://nobulex.com/api/verify?action=demo

# Verify a receipt (POST)
curl -X POST https://nobulex.com/api/verify \
  -H "Content-Type: application/json" \
  -d '{"agent_id":"test","action_type":"tool:search","scope":"q=hello","timestamp_ms":1720000000000,"action_ref":"your_hash_here"}'

# Check an agent's trust score
curl "https://nobulex.com/api/verify?action=score&agent_id=test"

Verify a receipt

POST/verify

Verify a single receipt's Ed25519 signature and recompute its action_ref from the preimage fields. Returns VALID or INVALID with reasons.

Request

curl -X POST https://nobulex.com/api/verify \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "my-agent",
    "action_type": "tool:search",
    "scope": "query=weather",
    "timestamp_ms": 1720000000000,
    "action_ref": "a3f7c2..."
  }'

Response

{
  "verdict": "VALID",
  "action_ref": "a3f7c2...",
  "action_ref_recomputed": "a3f7c2...",
  "action_ref_match": true,
  "signature_valid": true,
  "agent_id": "my-agent",
  "action_type": "tool:search",
  "tier": "pro",
  "remaining": 9999
}

Verify a chain

POST/verify/chain

Verify a sequence of receipts: each signature individually, plus hash-chain integrity (each receipt links to the previous). Pro tier required.

Request

# Chain and bundle require the full verify-api server
# (packages/verify-api/server.py, port 7749)
curl -X POST http://localhost:7749/verify/chain \
  -H "Content-Type: application/json" \
  -H "X-API-Key: nbx_pro_your_key" \
  -d '{
    "public_key": "8bdd8b...",
    "receipts": [ ...array of receipt objects... ]
  }'

Response

{
  "chain_valid": true,
  "receipt_count": 4,
  "results": [
    {"sequence": 1, "action_ref": "a3f7...", "signature_valid": true, "chain_link_valid": true},
    {"sequence": 2, "action_ref": "b2e8...", "signature_valid": true, "chain_link_valid": true}
  ]
}

Compliance bundle

POST/verify/bundle

Submit a bundle of receipts and get a compliance report: trust score, grade, compliance flags, verified/failed breakdown. This is the artifact you hand a regulator. Pro tier required.

Request

curl -X POST http://localhost:7749/verify/bundle \
  -H "Content-Type: application/json" \
  -H "X-API-Key: nbx_pro_your_key" \
  -d '{
    "bundle_id": "audit-2026-Q3",
    "receipts": [ ...array of receipt objects... ]
  }'

Response

{
  "bundle_id": "audit-2026-Q3",
  "verification_timestamp": "2026-07-12T18:05:45Z",
  "summary": {
    "total_receipts": 6,
    "verified": 6,
    "failed": 0,
    "trust_score": 65,
    "grade": "B",
    "allow_count": 5,
    "deny_count": 1
  },
  "compliance_flags": [
    "1 action(s) were denied/blocked by policy"
  ],
  "verified_receipts": [...],
  "failed_receipts": []
}

Trust score

GET/agent/{agent_id}/score

Get an agent's trust score computed from all previously verified receipts.

Response

{
  "agent_id": "my-agent",
  "score": 70,
  "grade": "B",
  "receipts_verified": 7,
  "allow_count": 6,
  "deny_count": 1
}

Rate limits

TierDaily limitChainBundlePrice
Free100NoNo$0
Pro10,000YesYes$99/mo
ScaleUnlimitedYesYes$499/mo

Rate-limited requests return 429 with a reset_at timestamp and an upgrade link.

Free-tier requests to chain/bundle endpoints return 403 with an upgrade link.

SDKs

# Python
pip install nobulex
from nobulex import Agent
a = Agent("my-agent")
r = a.act(action_type="tool:search", scope="query=weather")
print(r.action_ref)  # content-derived, recomputable
print(a.verify_receipt(r))  # True

# TypeScript
npm install @nobulex/core

Try it live