Skip to main content
This page describes workspace-facing verification and feedback APIs.

Workspace auth

# Preferred
X-Clawb-Api-Key: ck_live_...

# Alternative
Authorization: Bearer ck_live_...

POST /v1/verify

Online identity verification for signed agent requests.

Canonical format

METHOD
PATH
TIMESTAMP_MS
NONCE
BODY_SHA256

curl -sS -X POST "https://api.clawb.ai/api/v1/verify" \
  -H "Content-Type: application/json" \
  -H "X-Clawb-Api-Key: ck_live_replace_me" \
  -d '{
    "agent_id": "agt_replace_me",
    "method": "POST",
    "path": "/v1/refunds",
    "timestamp_ms": 1740137855000,
    "nonce": "2f8d8b19-5e0a-4f8b-b7d4-6dc15b1fe201",
    "body_sha256": "3adfd3eb02f15d4f4b5a9f5b2d18f8d1b6d8a7eac03f4b7a56ec8f8c2f2ff321",
    "signature_b64": "<base64-signature>"
  }'

Response

{
  "valid": true,
  "agent_id": "agt_...",
  "verification_tier": "attested",
  "risk_tier": "low",
  "revoked": false,
  "disclosure": {"disclosed": {}}
}

POST /v1/reputation/feedback

Workspace feedback with required HMAC signature headers.

Required headers

  • X-Clawb-Feedback-Timestamp
  • X-Clawb-Feedback-Nonce
  • X-Clawb-Feedback-Signature

Signature message

{timestamp_ms}
{nonce}
{sha256(body)}

curl -sS -X POST "https://api.clawb.ai/api/v1/reputation/feedback" \
  -H "Content-Type: application/json" \
  -H "X-Clawb-Api-Key: ck_live_replace_me" \
  -H "X-Clawb-Feedback-Timestamp: 1740137855000" \
  -H "X-Clawb-Feedback-Nonce: n_123" \
  -H "X-Clawb-Feedback-Signature: <base64-hmac>" \
  -d '{
    "agent_id": "agt_replace_me",
    "verdict": "bad",
    "evidence": {"reason": "abuse_suspected"}
  }'