Skip to main content

Trigger a verification

POST /verify
Implemented in packages/api/src/routes/verify.ts. Validates businessTransactionId (required, and must match the same UUID pattern used by POST /execute), then calls application.verify(businessTransactionId)VerificationService.verify in packages/runtime/src/services/verification-service.ts.
curl -X POST http://localhost:3000/verify \
  -H "Content-Type: application/json" \
  -d '{ "businessTransactionId": "b6f1c8de-1a2b-4c3d-8e9f-0a1b2c3d4e5f" }'
VerificationService.verify re-hashes the stored Execution Trust Record with VerificationCrypto.verify (packages/crypto/src/VerificationCrypto.ts) and compares it against the persisted trustRecordHash. A new, immutable Verification record is created and appended to the trust record either way — status is VERIFIED or FAILED depending on the hash comparison.
Response 200 — the newly created Verification. Response 400
{ "error": "businessTransactionId is required." }
or
{ "error": "businessTransactionId must be a valid UUID." }

Get the latest Verification

This is not GET /verify/:id. packages/api/src/app.ts mounts packages/api/src/routes/verify-get.ts (which defines router.get("/:id", ...)) under the path /verification, not /verify:
app.use("/verify", verifyRoutes);           // POST / only
app.use("/verification", verificationRoutes); // GET /:id
The real, working endpoint is:
GET /verification/:id
This is confirmed by the route’s own integration test (packages/api/test/verification-api.test.ts), which calls GET /verification/txn-001. Treat any reference elsewhere to GET /verify/:id as describing intent, not the mounted route.
curl http://localhost:3000/verification/b6f1c8de-1a2b-4c3d-8e9f-0a1b2c3d4e5f
verify-get.ts loads the trust record via application.getTrustRecord(id) and returns record.verifications.at(-1) — the most recently appended Verification, not a specific one by its own verificationId. Response 200 — the latest Verification. Response 404
{ "error": "Execution Trust Record not found." }
or
{ "error": "Verification not found." }

SDK equivalents

const verification = await client.verify(businessTransactionId);
Both SDKs’ “verify” call is a read of the latest Verification, not a way to trigger POST /verify directly. TypeScript’s VerificationApi.verify() (typescript/src/client/VerificationApi.ts) sends GET /verification/${businessTransactionId} — it correctly targets the real mounted path, matching what’s described above rather than the /verify/:id shape you might expect from the method name. Neither SDK exposes a method that calls POST /verify — in practice, verification is triggered as a side effect of execute(), and these SDK calls are for reading the result afterward.

Verification

The concept this endpoint reads and writes.

Replay

A related but distinct integrity check — see that page for how it differs from verification.

Error Model

Canonical vs. actual error shapes for these routes.

Receipt Verification Guide

Using verification as a precondition for receipt generation.