VerdifaX

Quickstart — curl

When you're evaluating Verdifax for procurement, sometimes the language-specific SDKs aren't enough — you want to know that the raw HTTP surface behaves predictably. This page is for that.

Prerequisites

A running Verdifax orchestrator at http://localhost:9090. Easiest way is the Docker quickstart.

Health probe

curl -s http://localhost:9090/health

{
  "ok": true,
  "service": "verdifax-orchestrator-api",
  "version": "1.0.0",
  "time": "2026-04-30T03:35:04Z"
}

Attestation

curl -s -X POST http://localhost:9090/execute \
  -H "Content-Type: application/json" \
  -d '{
    "payload_text": "hello verdifax",
    "program_id":   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "route_id":     "route-test",
    "registry_record_hash": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
  }'

You'll get a JSON response with ok, run_id, duration_ms, and a manifest object containing all 18 sealed hash fields plus the final ManifestHash.

Authentication

Once API keys are provisioned (open mode is disabled), include the key on every authenticated endpoint:

curl -s http://localhost:9090/runs \
  -H "X-Verdifax-Key: vfx_your_secret_here"

Public endpoints (/health) require no header.

Inspect a previous run

RUN_ID=42

curl -s http://localhost:9090/runs/$RUN_ID \
  -H "X-Verdifax-Key: vfx_..." | python3 -m json.tool

Verify a run independently

The verify endpoint re-derives the manifest hash from the sealed fields and confirms it matches what was originally recorded:

curl -s http://localhost:9090/runs/$RUN_ID/verify \
  -H "X-Verdifax-Key: vfx_..."

{
  "ok": true,
  "verified": true,
  "manifest_hash": "6c1428f81519c5bb...",
  "recomputed_hash": "6c1428f81519c5bb...",
  "verification_at": "2026-04-30T03:35:04Z",
  "verification_kind": "manifest-self-seal"
}

Download the audit PDF

curl -s http://localhost:9090/runs/$RUN_ID/report.pdf \
  -H "X-Verdifax-Key: vfx_..." \
  -o /tmp/verdifax-audit.pdf

The PDF includes the manifest hash, run metadata, sealed manifest fields, regulatory mapping (EU AI Act / HIPAA / SOX), a verification statement, and a QR code linking back to the run detail in the dashboard.

Aggregate stats

curl -s http://localhost:9090/stats \
  -H "X-Verdifax-Key: vfx_..." | python3 -m json.tool

Returns total runs, runs today, last-24h, pass rate, average duration, and a top-10 breakdown by program_id.

Continue