Verify API
Verify agent receipts, check trust scores, generate compliance reports. The SDK produces receipts. The API verifies them.
Base URL: https://nobulex.com/api/verify
Try it now
The verify endpoint and tamper demo are live. No API key needed for the free tier.
# See a live tamper detection
curl https://nobulex.com/api/verify?action=demo
# Verify a receipt (POST)
curl -X POST https://nobulex.com/api/verify \
-H "Content-Type: application/json" \
-d '{"agent_id":"test","action_type":"tool:search","scope":"q=hello","timestamp_ms":1720000000000,"action_ref":"your_hash_here"}'
# Check an agent's trust score
curl "https://nobulex.com/api/verify?action=score&agent_id=test"
Verify a receipt
POST/verify
Verify a single receipt's Ed25519 signature and recompute its action_ref from the preimage fields. Returns VALID or INVALID with reasons.
Request
curl -X POST https://nobulex.com/api/verify \
-H "Content-Type: application/json" \
-d '{
"agent_id": "my-agent",
"action_type": "tool:search",
"scope": "query=weather",
"timestamp_ms": 1720000000000,
"action_ref": "a3f7c2..."
}'
Response
{
"verdict": "VALID",
"action_ref": "a3f7c2...",
"action_ref_recomputed": "a3f7c2...",
"action_ref_match": true,
"signature_valid": true,
"agent_id": "my-agent",
"action_type": "tool:search",
"tier": "pro",
"remaining": 9999
}
Verify a chain
POST/verify/chain
Verify a sequence of receipts: each signature individually, plus hash-chain integrity (each receipt links to the previous). Pro tier required.
Request
# Chain and bundle require the full verify-api server
# (packages/verify-api/server.py, port 7749)
curl -X POST http://localhost:7749/verify/chain \
-H "Content-Type: application/json" \
-H "X-API-Key: nbx_pro_your_key" \
-d '{
"public_key": "8bdd8b...",
"receipts": [ ...array of receipt objects... ]
}'
Response
{
"chain_valid": true,
"receipt_count": 4,
"results": [
{"sequence": 1, "action_ref": "a3f7...", "signature_valid": true, "chain_link_valid": true},
{"sequence": 2, "action_ref": "b2e8...", "signature_valid": true, "chain_link_valid": true}
]
}
Compliance bundle
POST/verify/bundle
Submit a bundle of receipts and get a compliance report: trust score, grade, compliance flags, verified/failed breakdown. This is the artifact you hand a regulator. Pro tier required.
Request
curl -X POST http://localhost:7749/verify/bundle \
-H "Content-Type: application/json" \
-H "X-API-Key: nbx_pro_your_key" \
-d '{
"bundle_id": "audit-2026-Q3",
"receipts": [ ...array of receipt objects... ]
}'
Response
{
"bundle_id": "audit-2026-Q3",
"verification_timestamp": "2026-07-12T18:05:45Z",
"summary": {
"total_receipts": 6,
"verified": 6,
"failed": 0,
"trust_score": 65,
"grade": "B",
"allow_count": 5,
"deny_count": 1
},
"compliance_flags": [
"1 action(s) were denied/blocked by policy"
],
"verified_receipts": [...],
"failed_receipts": []
}
Trust score
GET/agent/{agent_id}/score
Get an agent's trust score computed from all previously verified receipts.
Response
{
"agent_id": "my-agent",
"score": 70,
"grade": "B",
"receipts_verified": 7,
"allow_count": 6,
"deny_count": 1
}
Rate limits
| Tier | Daily limit | Chain | Bundle | Price |
|---|---|---|---|---|
| Free | 100 | No | No | $0 |
| Pro | 10,000 | Yes | Yes | $99/mo |
| Scale | Unlimited | Yes | Yes | $499/mo |
Rate-limited requests return 429 with a reset_at timestamp and an upgrade link.
Free-tier requests to chain/bundle endpoints return 403 with an upgrade link.
SDKs
# Python
pip install nobulex
from nobulex import Agent
a = Agent("my-agent")
r = a.act(action_type="tool:search", scope="query=weather")
print(r.action_ref) # content-derived, recomputable
print(a.verify_receipt(r)) # True
# TypeScript
npm install @nobulex/core