Signed Evidence API — prove what a page showed
A screenshot says "trust me." Signed evidence says "verify me." Capture any URL as a tamper-evident record you can check offline — without trusting RenderShot.
What it does
The POST /v1/evidence endpoint renders a URL and returns the artifact plus a canonical manifest carrying its SHA-256 hash and an Ed25519 signature. The default response is a ZIP archive (artifact + manifest.json + signature.txt + public-key.json). Change one byte of the manifest and verification fails — that is the point.
Why it's different
| Capability | RenderShot | Typical screenshot API |
|---|---|---|
| Cryptographic signature (Ed25519) | Yes | No |
| SHA-256 artifact hash in a signed manifest | Yes | No |
| Offline verification (your machine, no vendor) | Yes | No |
| Forensic profile (lossless PNG, no normalisation) | Yes | No |
| Binary ZIP archive (no base64 bloat) | Yes | n/a |
Use cases
- Audit & compliance. Capture pricing, terms, disclosures and disclaimers on a schedule with a verifiable trail.
- Dispute handling. Show what a competitor's or partner's page displayed on a given date.
- Change tracking. Pair evidence with Visual Diff to prove what changed between two dates.
- Brand & content protection. Tamper-evident record of published content.
Capture & verify
curl --request POST \
--url https://screenshot-e-pdf-render.p.rapidapi.com/v1/evidence \
--header 'X-RapidAPI-Key: YOUR_KEY' \
--header 'X-RapidAPI-Host: screenshot-e-pdf-render.p.rapidapi.com' \
--header 'Content-Type: application/json' \
--data '{ "url": "https://example.com/terms", "response_mode": "archive", "quality_profile": "standard" }' \
--output evidence.zip
The public key is also at GET /v1/meta/evidence-public-key. Verify offline with the open-source verifiers (Node / Python / PHP) — verification never depends on RenderShot.
Honest scope
Signed evidence is a tamper-evident technical capture — a verifiable record of what a page returned at a point in time. It is excellent for audits, disputes and change management. It is not a turnkey legal/notarial certification; for regulated use, pair it with your own retention and supervision policy.
FAQ
- What is a signed evidence API?
- It returns a capture plus a SHA-256 + Ed25519-signed manifest you can verify offline — so the capture is tamper-evident.
- Is it legally binding?
- It's a tamper-evident technical record, not a notarial certification. Great for audit/dispute/change tracking; add your own retention policy for regulated use.
- How do I verify it?
- Recompute the SHA-256, rebuild the canonical manifest, Ed25519-verify against the signature using the published public key. Verifiers in Node/Python/PHP are provided.