AffixIOAFFIXIO
Contact

Developer documentation

AffixIO is verification infrastructure exposed as a REST API. Your application sends policy inputs. AffixIO returns allow or deny with cryptographic proof metadata suitable for audit, downstream enforcement, and Merkle anchoring. This guide covers authentication, core endpoints, zero-knowledge circuits, and integration patterns.

REST API OPENAPI 3.1 NOIR + BARRETTENBERG ML-DSA ATTESTATION MERKLE AUDIT TREE

Overview

AffixIO evaluates yes/no policy questions at system boundaries: payment authorisation, AI agent gates, programme eligibility, physical access, and offline QR verification. The API is stateless at the verifier by default. Each request is independent. Signed outcomes can be stored in your audit log without copying underlying personal data to AffixIO.

Production base URL: https://api.affix-io.com

Quick start

Follow the dedicated quick start guide for a five-step path from health check to Merkle inclusion proof.

  1. Open the live sandbox and confirm Merkle root loads from production.
  2. Call GET /api/health to verify circuit readiness.
  3. Run identity verify or circuit prove/verify with a demo API key from Contact or your partnership onboarding.
  4. Inspect proof_digest and fetch Merkle inclusion via GET /v1/merkle/proof/{digest} or the Merkle verifier tool.
  5. Read the AI Integration guide for self-hosted demo deployment.

Tools and reference

Merkle verifier

Fetch the live audit root, pull inclusion proofs by digest, and verify proofs in the browser without exposing API keys.

 Circuit catalogue

Browse 106+ live Noir zero-knowledge circuits with open-source Barretenberg proving.

 API changelog

Release notes for OpenAPI 1.4.2, new circuits, Merkle endpoints, and PQC attestation paths.

 Errors and rate limits

HTTP status codes, JSON error fields, 10 req/s limit, and retry guidance.

 Integration patterns

AI agent gate, offline QR ticket, and government eligibility recipes.

 Architecture diagrams

Stack placement, request lifecycle, and security review SVG diagrams.

 Postman collection

Import OpenAPI endpoints into Postman for manual testing.

 Status page

Current API health, circuit readiness, and Merkle leaf count from production.

Integration patterns

End-to-end recipes for AI agent gates, offline QR verification, and programme eligibility. Full detail on the integration patterns page.

Sector hubs

Boundary-specific integration paths with field notes, comparison guides, and sandbox flows.

AI agents

Gate autonomous tool calls and delegated actions with signed allow or deny.

 Agentic payments

Transaction eligibility and spend gates for agent-initiated payments.

 Offline tickets

QR scan-to-prove for venues and transport without network dependency at the gate.

 Government

Programme eligibility with Merkle-anchored audit for public sector buyers.

 Age verification

Regulated retail eligibility without PII hoarding at the verifier.

Field notes · Whitepapers · Stateless vs traditional verification

OpenAPI specification

Machine-readable API description for client generation, Postman import, and CI contract tests.

Core endpoints

MethodPathPurpose
GET/api/healthService health, circuit readiness, Merkle root
GET/v1/auth/checkValidate API key
POST/v1/verifyEligibility verification with signed verdict
POST/api/demo/identity-verifyIdentity rules + Noir proof
POST/api/demo/circuit-proveGenerate zero-knowledge proof
POST/api/demo/circuit-verifyVerify proof against live Merkle tree
POST/v1/circuits/{circuitId}/verifyCircuit verify by ID
GET/v1/circuitsList available Noir circuits
GET/v1/merkle/rootCurrent audit Merkle root
GET/v1/merkle/leavesPaginated audit leaves
GET/v1/merkle/proof/{digest}Inclusion proof for proof digest
POST/v1/merkle/verify-proofVerify inclusion proof offline
GET/api/governance-statsAudit statistics and recent activity

Ticket and QR endpoints are available via the CMS proxy in the sandbox. See WP-036 and WP-037 for reproduction walkthroughs.

Authentication

Production requests require a scoped API key. Send either:

  • Authorization: Bearer <api_key>
  • X-API-Key: <api_key>

Use separate keys for sandbox and production. Never embed production keys in client-side code. Proxy through your backend or issue short-lived tokens.

Zero-knowledge circuits

AffixIO uses Noir circuits compiled with Barretenberg for prove and verify operations. The default yesno circuit evaluates binary policy conditions. Identity verification maps rule results to circuit inputs for KYC-style checks without retaining source records at the verifier.

Browse the live catalogue: Noir circuit catalogue. Set requestAttestation: true to receive post-quantum signed attestation on responses where supported. See post-quantum attestation whitepaper for ML-DSA-65 (NIST FIPS 204) context.

Merkle audit tree

Each verified operation can be anchored in an append-only Merkle tree using sha256-sorted-pairs. Auditors fetch inclusion proofs without access to your source systems. Per-response merkle_validation.root reflects tree state at commit time. The global root advances as new leaves append.

Architecture reference: Merkle tree audit architecture.

Environments

EnvironmentURLNotes
Production APIapi.affix-io.comScoped API keys required
Browser sandboxaffix-io.com/sandbox/Proxies live APIs with CORS
Self-hosted demoYour host /demo/Download Demo Web 4.0

Operational status: status page

Integration guides

AI Integration

Agent install command, demo deployment, and full API reference for verification before autonomous actions.

 Demo Web 4.0

Self-hosted operator console with Try it, Setup, My proofs, and Help handbook.

 Offline QR tickets

Scan-to-prove ticket verification for venues and transport operators.

 Partnerships and pilots

Scan-to-prove eligibility for partnership intake without data export.

Architecture

For control plane separation, data flow, tenant isolation, and integration placement in your stack, read the dedicated architecture guide.

Technical architecture documentation · War Room overview · Evaluation guide