KMS Verify

curl --request POST \
  --url https://api.example.com/v1/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "public_key": "<string>",
  "message": "<string>",
  "signature": "<string>",
  "algorithm": "<string>"
}
'

POST

verify

KMS Verify

curl --request POST \
  --url https://api.example.com/v1/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "public_key": "<string>",
  "message": "<string>",
  "signature": "<string>",
  "algorithm": "<string>"
}
'

Overview

KMS verification uses the same /v1/verify endpoint as BYOK. Pass the KMS key ARN as the public_key parameter — the server detects the ARN format and routes to KMS verification.

Verification does not require Pro plan. Any authenticated user can verify signatures.

Request

public_key

string

required

KMS key ARN (starts with arn:aws:kms:)

message

string

required

Original message (hex or UTF-8)

signature

string

required

Signature from KMS Sign (hex-encoded)

algorithm

string

required

Algorithm used for signing

Response

{
  "valid": true,
  "algorithm": "ml-dsa-65",
  "nist_level": 3,
  "verified_at": "2026-03-15T12:00:00Z"
}

KMS Sign

API Reference

KMS Managed (v1.5)

KMS Verify

Overview

Request

Response

API Reference

KMS Managed (v1.5)

​Overview

​Request

​Response

Overview

Request

Response