Verify Attestation

POST /v1/verify Verify a previously created hybrid attestation. Returns the validity status of both the ECDSA and PQC signatures. Authentication: Secret key required (qs_sec_*)

Request

{
  "attestationId": "att_abc123def456"
}

Alternatively, you can verify by providing the raw components:

{
  "message": "0x48656c6c6f20576f726c64",
  "ecdsaSignature": "0x3045022100...",
  "ecdsaPublicKey": "0x04a1b2c3d4...",
  "pqcSignature": "0x7a8b9c0d1e...",
  "pqcPublicKey": "0x1a2b3c4d5e...",
  "algorithm": "ml-dsa-65"
}

Parameters (by Attestation ID)

Field	Type	Required	Description
`attestationId`	string	Yes	The attestation ID returned from `/v1/sign/hybrid`

Parameters (by Raw Components)

Field	Type	Required	Description
`message`	string	Yes	Original message (hex-encoded)
`ecdsaSignature`	string	Yes	ECDSA signature (hex-encoded)
`ecdsaPublicKey`	string	Yes	ECDSA public key (hex-encoded)
`pqcSignature`	string	Yes	PQC signature (hex-encoded)
`pqcPublicKey`	string	Yes	PQC public key (hex-encoded)
`algorithm`	string	Yes	PQC algorithm used

All fields must be hex-encoded. Accept both 0x-prefixed and raw hex strings.

Response `200 OK`

{
  "data": {
    "valid": true,
    "ecdsaValid": true,
    "pqcValid": true,
    "attestationId": "att_abc123def456",
    "algorithm": "ml-dsa-65",
    "chain": "ethereum",
    "verifiedAt": "2026-01-15T10:35:00Z"
  },
  "meta": {
    "requestId": "req_xyz789",
    "timestamp": "2026-01-15T10:35:00Z"
  }
}

Response Fields

Field	Type	Description
`valid`	boolean	`true` if both signatures are valid
`ecdsaValid`	boolean	ECDSA signature verification result
`pqcValid`	boolean	PQC signature verification result
`attestationId`	string	Attestation identifier
`algorithm`	string	PQC algorithm used
`chain`	string	Associated blockchain
`verifiedAt`	string	ISO 8601 verification timestamp

Errors

Code	Description
`AUTH_001`	Missing API key
`AUTH_003`	Publishable key used (Secret key required)
`PQC_002`	Invalid key format
`PQC_004`	Signature verification failed
`RATE_001`	Rate limit exceeded

Example

# Verify by attestation ID
curl -X POST https://api.qsafe.dev/v1/verify \
  -H "Authorization: Bearer qs_sec_live_sk_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "attestationId": "att_abc123def456"
  }'

API Reference

KMS Managed (v1.5)

Verify Attestation

Verify Attestation

Request

Parameters (by Attestation ID)

Parameters (by Raw Components)

Response `200 OK`

Response Fields

Errors

Example

API Reference

KMS Managed (v1.5)

​Verify Attestation

​Request

​Parameters (by Attestation ID)

​Parameters (by Raw Components)

​Response 200 OK

​Response Fields

​Errors

​Example

Verify Attestation

Request

Parameters (by Attestation ID)

Parameters (by Raw Components)

Response `200 OK`

Response Fields

Errors

Example