Four steps from your browser to production.
ExistBefore is the public, free showcase of the CertiSigma API. The same hash you compute in your browser today can be attested by your backend tomorrow — same T0 ECDSA signature, same T1 eIDAS qualified timestamp, same T2 Bitcoin anchoring. This page walks you from your first attestation to a production webhook in roughly fifteen minutes.
Step 1 — Attest your first hash from the browser.
Open the ExistBefore home page, drop a file (or paste text), and watch the browser compute SHA-256 locally. The 32-byte digest is the only thing that transits to the API. You receive a T0 attestation in milliseconds and a downloadable PDF certificate.
Open the public attestation page
Want to test with a known input? Use any file under 2 GB. Multiple files at once produce a Merkle bundle attestation (`existbefore-bundle-v1`).
Step 2 — Get a developer API key.
The CertiSigma API key lives server-side only. Never embed it in a browser bundle or a mobile app. Request a key from your CertiSigma dashboard; the free developer tier gives you a few attestations per minute per IP — enough for development and CI integration.
Request an API key Read the API reference
If you arrived here from a "rate limit" warning on the public page, your hash is automatically passed through and pre-filled in the signup form (defense in depth: only validated 64-char hex hashes are forwarded — see VP-141).
Step 3 — Install the SDK or call the API directly.
Pick your language. Every snippet pulls the API key from an environment variable (never hard-coded), uses production-grade error handling, and embeds the full SHA-256 hash. Copy-paste them as a starting point.
Loading…Copy snippets are static text. The page does not execute them. Your API key never reaches this page.
Step 4 — Wire a webhook for T1 and T2 upgrades.
A T0 attestation lands in milliseconds; T1 (eIDAS qualified timestamp) follows within ~1 hour; T2 (Bitcoin anchoring via OpenTimestamps) within 24–48 hours. Subscribe to the upgrade webhook so your system reflects the strongest available proof level the moment it becomes available, instead of polling the registry.
Each upgrade event carries the attestation id, the new level, the timestamp source, and (for T2) the Bitcoin block height. Verify the HMAC signature on every delivery — the docs cover the full payload schema.
After onboarding
- Use the audit page to verify the integrity of every JavaScript bundle this site serves.
- Use the T1 inclusion-proof viewer to inspect the Merkle path that ties an attestation to its qualified timestamp.
- Compare the public free tier with the developer and enterprise tiers on the comparison page.