Skip to main content

Endpoint

POST /verify
Content-Type: application/json
Authorization: Bearer <api-key>
/verify independently verifies a Parmana attestation. Verification confirms:
  • Signature validity
  • Runtime compatibility
  • Schema compatibility
  • Provenance integrity
  • Release integrity
This allows any system to verify a Parmana decision without trusting the original runtime.

Why Verification Exists

Authorization is only useful if it can be independently verified. 
Decision

Attestation

Verification
Verification allows external systems to answer:
Did Parmana actually produce this decision?
and
Can the evidence be trusted?

Core Principle

Parmana does not ask verifiers to trust a decision. Parmana provides evidence that can be independently verified. 
Decision

Signed Attestation

Independent Verification

Request Body

{
  "attestation": {
    "...": "..."
  }
}

Example Request

{
  "attestation": {
    "executionId": "claim-001",
    "policyId": "claims-approval",
    "policyVersion": "1.0.0",
    "signature": "..."
  }
}

What Parmana Verifies

Signature Verification

Verifies that the attestation was signed by Parmana. 
Signature

Valid?

Runtime Verification

Verifies runtime compatibility. 
Runtime Hash

Known Runtime

Schema Compatibility

Verifies schema compatibility. 
Schema Version

Supported?

Provenance Verification

Verifies provenance metadata. 
Bundle

Manifest

Trust Root

Release Verification

Verifies release integrity. 
Release Manifest

Trusted Release

Successful Response

{
  "valid": true,
  "signatureVerified": true,
  "runtimeVerified": true,
  "schemaCompatible": true,
  "bundleVerified": true,
  "releaseVerified": true,
  "trustRootVerified": true
}

Response Fields

FieldDescription
validOverall verification result
signatureVerifiedAttestation signature valid
runtimeVerifiedRuntime verification passed
schemaCompatibleSchema version supported
bundleVerifiedProvenance bundle verified
releaseVerifiedRelease verification passed
trustRootVerifiedTrust root verification passed

Verification Outcomes

Fully Verified

{
  "valid": true
}
All verification checks passed.

Signature Failure

{
  "valid": false,
  "signatureVerified": false
}
Attestation signature invalid.

Runtime Failure

{
  "valid": false,
  "runtimeVerified": false
}
Runtime could not be verified.

Provenance Failure

{
  "valid": false,
  "bundleVerified": false
}
Provenance chain verification failed.

Example — curl

curl -X POST https://your-runtime/verify \
  -H "Authorization: Bearer $PARMANA_API_KEY" \
  -H "Content-Type: application/json" \
  -d @attestation.json

Independent Verification

Verification can be performed: 
Runtime
Verifier Service
CLI
External Auditor
Compliance Team
without trusting the original runtime instance.

Trust Chain

Trust Root

Release Manifest

Runtime

Attestation

Verification
Every layer can be independently validated.

Error Responses

400 Bad Request

{
  "error": "Invalid attestation"
}

401 Unauthorized

{
  "error": "Unauthorized"
}

422 Verification Failed

{
  "error": "Verification failed"
}

500 Internal Error

{
  "error": "Verifier failure"
}

How Verification Fits Into Parmana

Verified Signals

Policy Evaluation

Signed Attestation

Independent Verification

Trustworthy Evidence
Parmana’s goal is not merely to make decisions. Parmana’s goal is to make decisions independently verifiable.