REST API
POST /prove
Generate Web Proof (v2)
POST /api/v2.0/prove
Generate a cryptographic Web Proof by making a notarized HTTP request to the specified URL.
Authentication
Requests require header:
Authorization: Bearer <api-key>: Your API key
Request Body
All field names must be in camelCase. Unknown fields are rejected with a 400 error.
url: HTTPS URL to make a request to and generate a proof for. Only HTTPS URLs are supportedmethod: HTTP method to use for the request. Defaults toGET. Supported values:GET,POST,PUT,DELETE,PATCH,HEAD,CONNECT,OPTIONS,TRACEheaders: Array of HTTP headers formatted as"Header-Name: Header-Value"body: Request body data for POST requests as a stringnotaryUrl: URL of the notary server for TLS notarization. Defaults tohttps://notary.vlayer.xyz/v0.1.0-alpha.12maxRecvData: Optional maximum number of bytes to receive from the server. Must not exceed92160redaction: Optional array of redaction rules for controlling which request headers are included in the Web Proof. Supports two mutually exclusive modes:request.headers: Specify headers to redact (hide) from the proof — all other headers are revealedrequest.headers_except: Specify headers to reveal in the proof — all other headers are redacted
Response Body
Success
{
"apiVersion": "v2.0",
"success": true,
"data": {
"data": "<hex-encoded proof>",
"version": "0.1.0-alpha.12",
"meta": {
"notaryUrl": "https://notary.vlayer.xyz/v0.1.0-alpha.12"
}
}
}apiVersion: API version stringsuccess:truedata.data: Hex-encoded proof datadata.version: TLSN protocol version useddata.meta.notaryUrl: Notary server URL that was used
Error
{
"apiVersion": "v2.0",
"success": false,
"error": {
"code": "INVALID_REQUEST",
"message": "Invalid request: ..."
}
}error.code: Machine-readable error code. Possible values:INVALID_REQUEST— malformed request body (400)INTERNAL_SERVER_ERROR— server-side failure (500)
error.message: Human-readable description. The values returned here may change over time, useerror.codefor stable error indication
Examples
Binance public API call
curl -X POST https://web-prover.production.vlayer.xyz/api/v2.0/prove \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-api-key>" \
-d '{
"url": "https://data-api.binance.vision/api/v3/exchangeInfo?symbol=ETHUSDC",
"headers": []
}'const response = await fetch('https://web-prover.production.vlayer.xyz/api/v2.0/prove', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer <your-api-key>'
},
body: JSON.stringify({
url: 'https://data-api.binance.vision/api/v3/exchangeInfo?symbol=ETHUSDC',
headers: []
})
});
const result = await response.json();
console.log(result);Response:
{
"apiVersion": "v2.0",
"success": true,
"data": {
"data": "014000000000000000899cdccd31337c96bb9e519aa438ed73cdb47dda5c80e995ef0a1c04bf6c563730cde41724dafc1391b1b81acc5d989a7f7add8...",
"version": "0.1.0-alpha.12",
"meta": {
"notaryUrl": "https://notary.vlayer.xyz/v0.1.0-alpha.12"
}
}
}Gmail API call with redaction
This example makes an authenticated Gmail API request while redacting the Authorization header from the proof:
curl -X POST https://web-prover.production.vlayer.xyz/api/v2.0/prove \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-api-key>" \
-d '{
"url": "https://gmail.googleapis.com/gmail/v1/users/me/messages/<email-id>?format=raw",
"headers": [
"Authorization: Bearer <gmail-token>"
],
"redaction": [
{
"request": {
"headers": ["authorization"]
}
}
]
}'const response = await fetch('https://web-prover.production.vlayer.xyz/api/v2.0/prove', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer <your-api-key>'
},
body: JSON.stringify({
url: 'https://gmail.googleapis.com/gmail/v1/users/me/messages/<email-id>?format=raw',
headers: [
'Authorization: Bearer <gmail-token>'
],
redaction: [
{
request: {
headers: ['authorization']
}
}
]
})
});