DanayaDanaya

API Documentation

Complete reference for the Danaya REST API. All endpoints require authentication unless stated otherwise.

Base URLhttps://danaya-backend-one.vercel.app/api/v1

Authentication

All API requests must include your API key in the X-API-Key header. API keys follow the format rs_live_*.

// Example request header
X-API-Key: rs_live_abc123def456...

You can generate and manage API keys from your Dashboard. Keep your keys secret and never expose them in client-side code.

Seals

Create, list, retrieve, and delete content authenticity seals.

POST/api/v1/seals
Create a seal via API. Send pre-computed SHA-256 hashes or upload images directly. Requires Business or API plan.
// Option 1: JSON body with pre-computed hashes
{
  "name": "My Evidence",
  "hashes": [
    { "hash": "a1b2c3d4e5f6...", "index": 0, "type": "photo" }
  ],
  "location": { "latitude": 48.8566, "longitude": 2.3522 },
  "mediaType": "photo"
}

// Option 2: multipart/form-data with images
images: <binary files>
name: "My Evidence"
location: '{"latitude":48.8566,"longitude":2.3522}'
GET/api/v1/seals
List all seals for the authenticated user. Supports pagination, search, media type filtering, sort order, and AI detection filtering.
// Query parameters
page=1
limit=10
search="inspection"     // Optional: search by name/shortId
mediaType="photo"        // Optional: photo | video | mixed
sortOrder="newest"       // Optional: newest | oldest
isAiGenerated="true"    // Optional: filter by AI detection
GET/api/v1/seals/:shortId
Retrieve full details for a specific seal by its short ID.
{
  "shortId": "RS-7K2M",
  "status": "sealed",
  "hashes": ["sha256:a1b2c3d4..."],
  "location": { "lat": 48.8566, "lng": 2.3522 },
  "createdAt": "2025-06-15T10:30:00Z"
}
DELETE/api/v1/seals/:shortId
Permanently delete a seal. This action cannot be undone.
{
  "message": "Seal deleted successfully"
}

Capture Sessions

Capture sessions allow users to create seals via web browser by scanning a QR code from the dashboard. This enables capturing photos on any device with a browser.

Capture sessions are not available for API-only plans. Sessions expire after 15 minutes and can be reused within that time window.

POST/api/capture-sessions
Create a new capture session. Requires JWT authentication. Returns a session token valid for 15 minutes.
{
  "sessionToken": "abc123def456...",
  "expiresAt": "2025-06-15T10:45:00Z",
  "expiresIn": 900
}
GET/api/capture-sessions/validate/:token
Validate and activate a session. Returns user info if the session is valid.
{
  "user": {
    "email": "user@example.com",
    "name": "John Doe",
    "plan": "pro",
    "sealsThisMonth": 12
  },
  "sessionToken": "abc123def456..."
}
GET/api/capture-sessions/:token
Get session status information without activating it.
{
  "isValid": true,
  "isUsed": false,
  "expiresAt": "2025-06-15T10:45:00Z",
  "remainingSeconds": 720
}
POST/api/capture-sessions/:token/seals
Create a seal using the capture session token as authentication. No JWT required.
{
  "name": "My Photo Evidence",
  "hashes": [
    { "hash": "a1b2c3...", "index": 0, "type": "photo" }
  ],
  "location": { "latitude": 48.8566, "longitude": 2.3522, "accuracy": 10 },
  "deviceInfo": { "platform": "web", "deviceId": "...", "appVersion": "web-1.0" },
  "mediaType": "photo"
}

AI Analysis

Submit media for AI-powered authenticity and manipulation analysis.

POST/api/v1/ai-analysis
Analyze uploaded media for signs of manipulation or AI generation. Accepts multipart/form-data with an 'images' field.
// multipart/form-data
Content-Type: multipart/form-data

// Form field
images: <binary file>

Verification

Verify the authenticity of sealed content. These endpoints are open to everyone and require no account or API key.

GET/api/v1/verify/:shortId
Verify a seal using its unique code (e.g. RS-7K2M). Returns the seal status and details.
{
  "verified": true,
  "shortId": "RS-7K2M",
  "status": "sealed",
  "sealedAt": "2025-06-15T10:30:00Z"
}
POST/api/v1/verify/check
Check whether a file (photo, video) has already been sealed by sending its digital fingerprint.
{
  "hash": "sha256:a1b2c3d4..."
}