ChronoVerify

Docs: first verdict in five minutes

Everything a pipeline integrator needs, in the order you need it: one keyless call, what the JSON means, what your pipeline should do with each verdict, then a key for production. The deeper background lives on the method page; this page is the shortest correct path to a working integration.

1Your first verdict, no key needed

The verify endpoint is open for evaluation, rate limited per IP. This call checks a live sample image with known ground truth:

curl -X POST https://chronoverify.com/v1/verify \
  -F "url=https://chronoverify.com/samples/sample_camera.jpg"

Or upload a file of your own:

curl -X POST https://chronoverify.com/v1/verify \
  -F "file=@photo.jpg"

The response (trimmed) looks like this:

{
  "verdict": "consistent",
  "confidence": 0.72,
  "summary": "Metadata layers agree and no editing signals fired.",
  "capture_time": { "value": "2026-03-14T09:21:30", "source": "exif" },
  "capture_device": { "make": "ChronoTest", "model": "CT-1" },
  "location": { "present": false },
  "c2pa": { "present": false, "validated": false },
  "signals": [
    { "name": "jpeg_quality_estimate", "layer": "pixel",
      "direction": "neutral", "detail": "..." }
  ],
  "integrity": { "sha256": "9f2c...", "format": "JPEG" }
}

Six fields carry most integrations: verdict and confidence drive routing, capture_time and capture_device and location are the recovered evidence, and integrity.sha256 is a reproducible file fingerprint you can store for audit and dedup. signals lists every check that ran, each with a layer, a direction, and a plain-language detail, so a reviewer can see why the verdict happened. The full field-by-field contract is in the verdict JSON Schema.

2What your pipeline should do with each verdict

There are exactly five verdicts. ChronoVerify is conservative by design: a manipulation verdict requires two independent pixel signals to corroborate, and Content Credentials count as validated provenance only when the signature verifies against the official C2PA and CAI trust lists.

VerdictWhat it meansRecommended pipeline action
provenance_confirmed The file carries C2PA Content Credentials that validate cryptographically against the official trust list. Fast-track. This is the strongest evidence the API can return.
consistent Capture time, device, and metadata layers agree, and no editing signals fired. Pass with normal handling. Store capture_time and sha256 with the record.
metadata_anomaly The file contradicts itself, for example a capture time in the future or layers that disagree. Route to human review with the signals details attached.
manipulation_indicated At least two independent pixel-forensic signals corroborate localized editing. Route to human review or hold. Do not auto-reject on this alone: the verdict is triage, not proof.
inconclusive No evidence survives in the file. Typical for screenshots and social media copies, which strip metadata on upload. Treat as absence of evidence, not guilt. Ask for the original file; never punish the submitter for the platform's stripping.

You can watch every one of these verdicts happen against six sample images with known ground truth, which also make a safe test corpus for your integration tests.

3Go to production

Get a key. Buy credits on the pricing page ($5 minimum, pay as you go, or a flat monthly plan). Your key, starting with cv_live_, is shown once on the welcome screen right after payment; usage and balance live on your dashboard. Send it as a Bearer token:

curl -X POST https://chronoverify.com/v1/verify \
  -H "Authorization: Bearer cv_live_..." \
  -F "file=@photo.jpg"

Limits and formats. JPEG (including iPhone HDR gain-map files), PNG, WEBP, TIFF, HEIC and HEIF, BMP, and GIF, up to 40 megapixels. The keyless path is for evaluation; keyed requests get production rate limits. Requests that fail are never billed.

Errors worth handling.

StatusMeaningHandling
400The url could not be fetched as a direct image (redirects and bot-blocking hosts are not followed, an SSRF safeguard).Download the image yourself and upload it as file instead.
401Missing or invalid API key.Check the Bearer header.
413Image exceeds 40 megapixels.Resize before sending; verdict quality does not require full resolution.
415Not a supported image format.Convert to JPEG or PNG and retry.
429Rate limit reached.Back off and retry after the window resets.

Beyond one-off verdicts. Add -F "permalink=true" to store the verdict (never the image) at a shareable unlisted URL, useful for audit trails and handing evidence to a reviewer. For a signed PDF audit record of a verification, call POST /v1/report with the same file and your key; anyone can validate the record later at /tools/report. Images are analyzed in memory and never stored unless you opt into a permalink.

4Skip the boilerplate

Maintained clients and agent integrations, all optional:

Machine-readable surface, if you are wiring this up programmatically: /openapi.json (OpenAPI spec), /v1/verify.schema.json (verdict schema), /v1/onboarding (onboarding as JSON), and /llms.txt (site map for language models).

What it does and does not tell you

ChronoVerify is provenance-first, not a deepfake classifier. A clean verdict confirms that provenance is intact, not that the scene in the photo is true, and pixel-forensic signals degrade on recompressed or stripped copies. The integrity layer (hash and signature) is cryptographic and reproducible; the verdict layer is probabilistic and labeled as such. The method page covers each layer's failure modes honestly.

Run the first curl above, or try the verifier in your browser first.

Open the free verifier