Interactive console
Groth16 proof route
Hash recompute verifier
Developers
Blind Policy API

A browser-testable API surface for teams integrating Blind Verification into lending, compliance, grants, or internal approval systems.

Interactive API console

Try the verification API from the browser.

This console calls the same Blind Policy endpoints used by the product page. Private inputs are accepted only by the proof endpoint; the public verification endpoint checks the proof package.

Endpoint map
GET
/api/v1/proof-workflows/blind-policy/status

Provider status, circuit name, proof rules, and live endpoint map.

GET
/api/v1/proof-workflows/blind-policy/sample

Safe sample payload and public proof package for integration testing.

POST
/api/v1/proof-workflows/blind-policy/prove

Runs a private policy over submitted inputs and issues a proof only when the policy is satisfied.

POST
/api/v1/proof-workflows/blind-policy/verify

Verifies Groth16, recomputes the public proof package hash, checks expiry, and returns match or mismatch.

POST
/api/v1/proof-workflows/blind-policy/onchain-receipt

Verifies the proof package, stores receipt hashes through the Solana receipt path, and returns Explorer links.

Technical Verification Notes

What `/prove` returns and what `/verify` checks.

Current circuit

`private_dao_blind_policy_overlay.circom` with public signals: policyId, policyCommitment, inputCommitment, satisfiedClaim.

Constraints proved

Membership must be true; three records must be positive; capacity, liability, and risk gates must pass; Poseidon binds policy and input commitments.

Witness generation

The server writes temporary private witness input, runs the compiled WASM witness generator, then calls `snarkjs groth16 prove`.

Proving key

`private_dao_blind_policy_overlay_final.zkey` stays server-side and is not returned in API responses.

Verification key

The current Groth16 verification key is fixed for groth16-v1. verificationKeyHash: 05aeb7e27479d7f1551b0c2e18134c58f760de43f2ff085a8ea2e82f212209eb.

Replay protection

`proofId`, `nonce`, `issuedAt`, `expiresAt`, `circuitVersion`, `policyVersion`, `policyCommitment`, and `inputCommitment` are included in the hashed public package.

Policy immutability

Changing policyVersion creates a new policy salt and a different policyCommitment. Old receipts do not silently upgrade.

Versioning

Supported now: circuitId `private_dao_blind_policy_overlay`, circuitVersion `groth16-v1`.

Solana receipt registry

After `/verify` passes, `/onchain-receipt` attempts an Anchor PDA receipt. If the Anchor program is unavailable, the same hashes are written into a Solana Memo receipt transaction. The response labels the storage mode.

Future work

Full Groth16 pairing verification on Solana, PLONK, STARK, and recursive proofs are not claimed by this endpoint.

Required proof package fields
proofIdnonceissuedAtexpiresAtcircuitIdcircuitVersionpolicyVersionpolicyCommitmentinputCommitmentverificationKeyHashoriginalProofHashgroth16Proof
Example
const response = await fetch("/api/v1/proof-workflows/blind-policy/prove", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    workflowId: "customer-credit-case-001",
    privateInputs: {
      organizationId: "northstar-credit",
      subjectId: "customer-redacted-4381",
      membershipVerified: true,
      records: [{ amountUsd: 8800 }, { amountUsd: 9400 }, { amountUsd: 9200 }],
      riskScore: 84,
      liabilitiesUsd: 2400
    }
  })
});
const onchain = await fetch("/api/v1/proof-workflows/blind-policy/onchain-receipt", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ publicProofPackage })
});

// Returns:
// onchainReceipt.signature
// onchainReceipt.transactionExplorerUrl
// onchainReceipt.receiptAccountExplorerUrl