Verify Attestation
POST /v1/verify
Verify a previously created hybrid attestation. Returns the validity status of both the ECDSA and PQC signatures.
Authentication: Secret key required (qs_sec_*)
Request
{
"attestationId": "att_abc123def456"
}
{
"message": "0x48656c6c6f20576f726c64",
"ecdsaSignature": "0x3045022100...",
"ecdsaPublicKey": "0x04a1b2c3d4...",
"pqcSignature": "0x7a8b9c0d1e...",
"pqcPublicKey": "0x1a2b3c4d5e...",
"algorithm": "ml-dsa-65"
}
Parameters (by Attestation ID)
| Field | Type | Required | Description |
|---|
attestationId | string | Yes | The attestation ID returned from /v1/sign/hybrid |
Parameters (by Raw Components)
| Field | Type | Required | Description |
|---|
message | string | Yes | Original message (hex-encoded) |
ecdsaSignature | string | Yes | ECDSA signature (hex-encoded) |
ecdsaPublicKey | string | Yes | ECDSA public key (hex-encoded) |
pqcSignature | string | Yes | PQC signature (hex-encoded) |
pqcPublicKey | string | Yes | PQC public key (hex-encoded) |
algorithm | string | Yes | PQC algorithm used |
All fields must be hex-encoded. Accept both 0x-prefixed and raw hex strings.
Response 200 OK
{
"data": {
"valid": true,
"ecdsaValid": true,
"pqcValid": true,
"attestationId": "att_abc123def456",
"algorithm": "ml-dsa-65",
"chain": "ethereum",
"verifiedAt": "2026-01-15T10:35:00Z"
},
"meta": {
"requestId": "req_xyz789",
"timestamp": "2026-01-15T10:35:00Z"
}
}
Response Fields
| Field | Type | Description |
|---|
valid | boolean | true if both signatures are valid |
ecdsaValid | boolean | ECDSA signature verification result |
pqcValid | boolean | PQC signature verification result |
attestationId | string | Attestation identifier |
algorithm | string | PQC algorithm used |
chain | string | Associated blockchain |
verifiedAt | string | ISO 8601 verification timestamp |
Errors
| Code | Description |
|---|
AUTH_001 | Missing API key |
AUTH_003 | Publishable key used (Secret key required) |
PQC_002 | Invalid key format |
PQC_004 | Signature verification failed |
RATE_001 | Rate limit exceeded |
Example
# Verify by attestation ID
curl -X POST https://api.qsafe.dev/v1/verify \
-H "Authorization: Bearer qs_sec_live_sk_abc123..." \
-H "Content-Type: application/json" \
-d '{
"attestationId": "att_abc123def456"
}'
