Developers
API changelog
Every change to the Partner API lands here, dated. Email is reserved for what needs your attention — breaking changes, security issues, and terms updates. API reference · Integration guide
Change policy
- Additive changes— new endpoints, new optional parameters, new response fields — ship anytime, changelog-only. Don't rely on field order or on unknown fields being absent.
- Breaking changes are announced by email and here at least 6 monthsbefore they take effect (12 if you're in production on the old behavior), with a migration guide and
Sunsetheaders on affected responses. - Terms changes are emailed at least 30 days before the effective date.
- Security issues — immediate email, no waiting.
- Added
Beta integration environment
- https://beta.api.proofofhuman.fm/v1 is the pre-production endpoint for integration testing: the same contract and authentication as production on isolated infrastructure with separate API keys, a separate registry, and disposable test proofs.
- Beta and production keys are different secrets and never interchangeable. Ask for a beta key alongside your production key, point staging at the beta base URL, and switch to production at go-live.
- No production request or response behavior changed.
- Changed
TypeScript SDK 2.4.1 — quickstart and partner monitoring
- The generated reference, SDK README, curl samples, and AI-agent context now lead with one-file credentialed WAV verification and retain the legacy audio + .poh fallback.
- The integration guide now covers request IDs, safe client telemetry, health/quota checks, retries, and recommended alerts. PoH operations now tracks one-file versus legacy verification verdicts per opaque client ID.
- No request or response field changed; existing integrations are unaffected. This ships as an SDK documentation patch.
- Added
TypeScript SDK 2.4.0 — interpretation policy provenance
- Ready process notes can include policyVersion so integrations can identify the fixed presentation policy that produced the report-only summary.
- The field is optional and backward-compatible; credential validity and grade calculations are unchanged.
- Added
TypeScript SDK 2.3.0 — one-file credentialed audio
- POST /verify now accepts uploadId without poh for a PoH credentialed WAV; the legacy audio + .poh body remains supported.
- POST /uploads accepts purpose=verify for a 65 MiB slot, GET /proofs/{proofId}/asset retrieves an owned credentialed deliverable, and responses can include embeddedCredential.
- Added
TypeScript SDK 2.2.0 — local device seals
- Verification can return local_seal when an intact artist-device seal was never registered with PoH. Treat unknown future verdict values as failed verification.
- This distinguishes an opt-out/local proof from tampering without accepting it as PoH-issued.
- Added
TypeScript SDK 2.0.1
- client.health() liveness check; PoHError.requestId on failures; require()/CommonJS support fixed (the SDK now bundles its one dependency — zero runtime deps).
- 2.0.0 carries the deployedAt unix-seconds change below — no other API surface change. npm install @proof-of-human/ts-sdk@^2.
- Added
Durable audit trail for key lifecycle events
- Every key rotation and expiry now leaves a durable, append-only audit record on your account.
- No API surface change — your integration is unaffected.
- Changed
Request IDs on every response · unix timestamps
- Every API response now carries an X-Request-Id header — quote it when reporting an issue.
- GET /health deployedAt is now unix epoch seconds (was an ISO string). SDK 2.0.0 surfaces requestId on errors.
- Added
Partner key self-service + TypeScript SDK
- GET /partner/keys, POST /partner/keys/rotate (72h grace, Idempotency-Key), GET /partner/usage.
- @proof-of-human/ts-sdk on npm, generated from the same model as the API.