Skip to Content
Provenonce is currently on Solana devnet. APIs may change.
API ReferenceGET /.well-known/authority

GET /.well-known/provenonce-authority.json

Returns the Ed25519 public key used to sign all lineage proofs. Use this key for offline verification of proofs returned by /sigil, /heartbeat, and /reissue-proof.

Auth: None (public)

Base URL: https://provenonce.io

Request

curl https://provenonce.io/.well-known/provenonce-authority.json

Response

{
  "authority_public_key": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "algorithm": "ed25519"
}

Response fields

FieldTypeDescription
authority_public_keystring64-character hex-encoded Ed25519 public key
algorithmstringAlways "ed25519"

Offline proof verification

Lineage proofs are Ed25519 signatures over a deterministic message. To verify a proof offline:

  1. Fetch the authority public key from this endpoint (cache it — it changes rarely).
  2. Reconstruct the signed message: provenonce-proof:<agent_hash>:<beat>:<chain_hash>:<issued_at>.
  3. Verify the signature against the message using the authority public key.

Node.js example

import { createPublicKey, verify } from 'node:crypto';
 
async function verifyLineageProof(proof, authorityKeyHex) {
  // Reconstruct the signed message
  const message = [
    'provenonce-proof',
    proof.agent_hash,
    proof.beat,
    proof.chain_hash,
    proof.issued_at,
  ].join(':');
 
  // Import the authority public key
  const keyBuffer = Buffer.from(authorityKeyHex, 'hex');
  const publicKey = createPublicKey({
    key: Buffer.concat([
      // Ed25519 SPKI DER prefix
      Buffer.from('302a300506032b6570032100', 'hex'),
      keyBuffer,
    ]),
    format: 'der',
    type: 'spki',
  });
 
  // Verify the signature
  const signature = Buffer.from(proof.signature, 'hex');
  const isValid = verify(null, Buffer.from(message), publicKey, signature);
 
  return isValid;
}
 
// Usage
const authority = await fetch(
  'https://provenonce.io/.well-known/provenonce-authority.json'
).then(r => r.json());
 
const proof = {
  agent_hash: '0xfd752396...',
  beat: 5663,
  chain_hash: '0xdef456...',
  signature: 'a1b2c3d4e5f6...',
  issued_at: '2026-02-13T12:01:00.000Z',
  expires_at: '2026-02-14T12:01:00.000Z',
};
 
const valid = await verifyLineageProof(proof, authority.authority_public_key);
console.log('Proof valid:', valid);

Proof expiry

Lineage proofs are valid for 24 hours from issued_at. After expiry, the proof’s signature is still mathematically valid, but consumers should treat it as stale. Use /reissue-proof to obtain a fresh proof without performing a heartbeat.

Caching

The authority key changes only during key rotation events. It is safe to cache the response for extended periods. When rotation occurs, it will be announced in the changelog.

Last updated on
GET /fees/summaryPOST /agent/checkin (Deprecated)