Verify an Execution Trust Record
Deterministically re-validates the complete Execution Trust Record for businessTransactionId: recomputed hash vs. stored hash, signature verification, and authorization binding on every APPROVED Execution. All checks always run; failures are joined into one message. Appends a new immutable Verification to the record.
Authorizations
Caller API key issued by scripts/generate-api-key.ts. Sent as Authorization: Bearer . Verified against a stored SHA-256 hash in constant time by packages/api/src/auth/StaticKeyAuthenticator.ts. Required on every route except GET /health. See /api-reference/authentication.
Body
Request payload for POST /verify. businessTransactionId is required and must be a valid UUID; both are rejected with a 400, with distinct messages depending on which check fails.
Business Transaction to verify.
Response
Verification completed (status VERIFIED or FAILED, see the response schema; a 200 does not by itself mean verification succeeded).
Immutable result of verifying an entire Execution Trust Record: recomputed hash matches the stored hash, signature verifies, and every APPROVED Execution carries a non-empty authorizationId. All checks always run and are reported together in message; a failure in one does not skip the others.
Unique Verification identifier.
Business Transaction being verified.
Verification result.
VERIFIED, FAILED UTC timestamp when verification completed.
Hash of the verified Execution Trust Record, proving exactly which record was verified.
Human-readable verification summary: either the success message, or every failed check's message joined with "; ".