Archive web pages as tamper-evident, signed evidence

A plain screenshot says "trust me." When a price, a disclosure or a contract page is the thing in dispute, you need a capture you can prove wasn't edited. That's signed evidence.

Why a normal screenshot isn't enough

Anyone can open an image in an editor. For audits, content disputes, pricing/TOS change tracking or compliance reviews, a PNG on its own has no chain of integrity — there's nothing that proves it shows what the page actually returned, on the date it claims.

What "signed evidence" means

A signed evidence API returns the artifact plus a canonical manifest carrying:

• the artifact's SHA-256 hash,
• capture metadata (requested URL, final URL after redirects, HTTP status, timestamp, viewport, engine versions),
• an Ed25519 signature over the canonical (sorted-key) manifest.

Change one byte of the manifest and signature verification fails. That's what "tamper-evident" means in practice.

Capture the evidence

curl --request POST \
  --url https://screenshot-e-pdf-render.p.rapidapi.com/v1/evidence \
  --header 'X-RapidAPI-Key: YOUR_KEY' \
  --header 'X-RapidAPI-Host: screenshot-e-pdf-render.p.rapidapi.com' \
  --header 'Content-Type: application/json' \
  --data '{ "url": "https://example.com/terms", "response_mode": "archive", "quality_profile": "forensic" }' \
  --output evidence.zip

The ZIP contains artifact, manifest.json, signature.txt and public-key.json. Use quality_profile: "forensic" for a lossless PNG with no determinism normalisation.

Verify it — offline, without trusting the vendor

The public key is also at GET /v1/meta/evidence-public-key. To verify: recompute the artifact's SHA-256, rebuild the canonical manifest (sorted keys, signature fields removed), and Ed25519-verify against the signature. Open-source verifiers exist in Node, Python and PHP, so verification never depends on the API provider.

A practical compliance workflow

1. List your critical pages: pricing, terms, disclosures, promotional claims, regulated landing pages.
2. Capture them on a schedule (cron, n8n, a Lambda) and store the ZIPs in your own storage.
3. When something changes, run a visual diff between two dates to show what changed.
4. Keep your own retention and access policy around the archive.

Honest scope

Signed evidence is a tamper-evident technical capture — a verifiable record of what a page returned at a point in time. It's excellent for internal audit, dispute handling and change management. It is not a turnkey legal or notarial certification; for regulated use, pair it with your own retention, supervision and (where needed) legal review. Avoid "court-proof" claims; "tamper-evident" and "offline-verifiable" are what you can actually stand behind.

Try it

RenderShot's /v1/evidence returns a signed ZIP (or inline JSON), with standard and forensic profiles. Free tier, no card.

Start free →Signed Evidence API details

More: Visual regression in CIScreenshot API for e-commerceAll posts