API Documentation

RESTful API architecture designed for enterprise integration. Comprehensive authentication, rate limiting, and webhook support.

API Architecture

Built for scale with versioned endpoints, idempotency support, and predictable error handling.

RESTful Design

Standard HTTP methods, JSON payloads, semantic resource naming conventions.

Event-Driven

Webhook notifications with HMAC signature verification and guaranteed delivery.

Client Libraries

Official SDKs for Node.js, Python, Java, Go, PHP, and Ruby environments.

Sandbox Mode

Full-featured test environment with synthetic data for development and testing.

Core API Endpoints

Modular API surface covering identity verification, credential management, and digital signatures.

Identity Verification

POST /v1/verifications

Create verification session

GET /v1/verifications/:id

Retrieve verification status

POST /v1/documents

Upload identity document

POST /v1/biometrics

Submit biometric data

GET /v1/verifications/:id/report

Download verification report

Digital Signing

POST /v1/signatures

Create signature request

GET /v1/signatures/:id

Retrieve signature status

POST /v1/signatures/:id/sign

Execute signature operation

POST /v1/documents

Upload document for signing

GET /v1/signatures/:id/certificate

Download signature certificate

Audit & Compliance

GET /v1/audit-logs

Query audit trail

GET /v1/audit-logs/:id

Retrieve specific log entry

POST /v1/reports/compliance

Generate compliance report

GET /v1/certificates/:id/verify

Verify certificate validity

GET /v1/evidence/:id

Download evidence package

Authentication

API key authentication with bearer token authorization. Keys scoped to specific permissions with automatic rotation support.

Request Headers

Include your API key in the Authorization header using the Bearer scheme for all API requests.

Authorization: Bearer sk_live_...

Rate Limiting

Standard tier: 100 requests/minute. Enterprise tier: Custom rate limits with burst capacity. Rate limit headers included in responses.

Idempotency

Use Idempotency-Key header for safe retries on POST requests. Same key returns cached response for 24 hours.

// Example: Create Verification

curl -X POST https://api.qa-trust.io/v1/verifications \

-H "Authorization: Bearer sk_live_..." \

-H "Content-Type: application/json" \

-H "Idempotency-Key: unique_key_123" \

-d '{

"user_id": "user_789",

"document_type": "passport",

"callback_url": "https://..."

}'"}

// Response: 201 Created

{

"id": "ver_abc123",

"status": "pending",

"upload_url": "https://...",

"expires_at": "2025-01-15T12:00:00Z"

}

Event Types

verification.completed

verification.failed

verification.expired

signature.created

signature.signed

signature.completed

certificate.expiring

Delivery Guarantees

• HMAC-SHA256 signature verification
• Automatic retry with exponential backoff
• Configurable retry attempts (max 10)
• Delivery logs and status monitoring
• Event replay for failed deliveries

Webhook Integration

Event-driven architecture with guaranteed webhook delivery. Configure endpoints to receive real-time notifications for verification and signature events.

Signature Verification

Each webhook includes HMAC signature in qa-trust-signature header. Verify using your webhook secret to ensure authenticity of incoming events.

Event Filtering

Subscribe to specific event types per endpoint. Configure multiple webhook URLs for different event categories or environments.

Monitoring

Dashboard provides real-time webhook delivery status, retry attempts, and failure reasons. Debug with full request/response logs.

Official Client Libraries

Production-ready SDKs with type safety, automatic retries, and comprehensive error handling.

Node.js

npm install @qa-trust/sdk

TypeScript support with Promise and async/await patterns

Python

pip install qa-trust-python

Python 3.8+ with async/await support

Java

com.qa-trust:qa-trust-java

Java 11+ with Maven and Gradle support

Go

go get github.com/qa-trust/go

Go 1.19+ with context support

PHP

composer require qa-trust/php

PHP 8.0+ with PSR-7 compatibility

Ruby

gem install qa-trust-ruby

Ruby 2.7+ with Rails integration

Developer Support

Technical documentation, integration assistance, and dedicated support channels for enterprise customers.

Documentation

Complete API reference, integration guides, and best practices documentation.

Code Examples

Production-ready code samples and integration patterns for common use cases.

Technical Support

Dedicated technical account managers and priority support channels for enterprise.