POST
/v1/verify/proofVerify Proof
Submit a zero-knowledge proof for agent verification.
Description
This endpoint verifies a zero-knowledge proof submitted by an AI agent. The proof must be generated using the nonce from a valid, unexpired challenge.
Upon successful verification, the endpoint returns a confidence score (0-1) indicating the strength of the proof. A score of 0.99 indicates high confidence in the agent's identity.
Headers
| Header | Value | Required |
|---|---|---|
Content-Type | application/json | ✓ |
X-Api-Key | Your API key | ✓ |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
challenge_id | string | ✓ | The challenge ID from the previous step |
proof | string | ✓ | The generated zero-knowledge proof |
agent_signature | string | - | Optional cryptographic signature (optional) |
Example Request
cURL
curl -X POST https://api.zeroproofai.com/v1/verify/proof \
-H "Content-Type: application/json" \
-H "X-Api-Key: your_api_key_here" \
-d '{
"challenge_id": "ch_7x9k2a8f3e1d9c4b",
"proof": "a1b2c3d4e5f6...",
"agent_signature": "sig_9x8y7z..."
}'JavaScript
// Generate proof from challenge nonce
const proof = generateProof(challenge.nonce, agentId, action);
const response = await fetch('https://api.zeroproofai.com/v1/verify/proof', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Api-Key': 'your_api_key_here'
},
body: JSON.stringify({
challenge_id: challenge.challenge_id,
proof: proof,
agent_signature: signature
})
});
const result = await response.json();
if (result.verified) {
console.log('Agent verified!', result.confidence);
// Proceed with transaction
}Response
Success Response (200 OK)
{
"verified": true,
"agent_id": "shop-bot-001",
"action": "purchase",
"confidence": 0.99,
"timestamp": "2025-01-01T12:00:00Z",
"session_id": "ch_7x9k2a8f3e1d9c4b"
}| Field | Type | Description |
|---|---|---|
verified | boolean | Whether the proof was successfully verified |
agent_id | string | The verified agent identifier |
action | string | The action being verified |
confidence | number | Confidence score (0-1), typically 0.99 |
timestamp | string | ISO 8601 timestamp of verification |
session_id | string | Session ID for status checks |
Error Responses
400 Bad Request - Verification Failed
{
"verified": false,
"error": "Proof verification failed",
"reason": "Invalid proof format"
}400 Bad Request - Expired Challenge
{
"error": "Challenge expired",
"verified": false
}400 Bad Request - Challenge Already Used
{
"error": "Challenge already used",
"verified": false,
"previous_status": "verified"
}404 Not Found
{
"error": "Challenge not found",
"message": "Invalid or expired challenge_id"
}401 Unauthorized
{
"error": "Missing API key",
"message": "Provide API key in X-Api-Key header"
}Verification Process
The verification process follows these steps:
- Validates that the challenge exists and hasn't expired (5 minute TTL)
- Checks that the challenge hasn't been used before (one-time use)
- Verifies the cryptographic proof against the challenge nonce
- Returns verification result with confidence score
- Updates the challenge status to 'verified' or 'failed'
Notes
- Each challenge can only be verified once
- Challenges must be used within 5 minutes of creation
- A confidence score of 0.99 indicates successful verification
- Failed verifications are logged but don't affect API limits
- The
session_idcan be used to check verification status later
Next Steps
After successful verification:
- Store the
session_idfor audit purposes - Proceed with the intended action (e.g., process purchase)
- Use Check Status to retrieve verification details later