Do people need a SwanShare account to verify a credential?

No. Verification is public and free — anyone can check a credential with just its verification ID or the credential file, without an account and without trusting SwanShare.

What actually stops someone forging a credential?

Each credential is signed with your organization's private key using RSA-PSS. Without that key a valid signature can't be produced, and changing even one character breaks the SHA-256 fingerprint — so tampering is always detectable.

Is this really on a blockchain?

Every credential's fingerprint is written to a tamper-evident, hash-chained ledger with proof-of-work. You can additionally anchor batches to a public blockchain (EVM) or OpenTimestamps. We're upfront that the built-in ledger is the default and public-chain anchoring is opt-in.

Can I revoke a credential after issuing it?

Yes. Revoke it in the dashboard and public verification reflects the revoked status immediately and honestly.

Which standards do you support?

Credentials export as W3C Verifiable Credentials and Open Badges 3.0, so they work with other wallets and verifiers — not just SwanShare.

How do e-signatures work?

Upload a multi-page PDF, place signature/date/text fields for each signer, and send tokenized links (no account needed to sign). When everyone signs, the document is sealed with a certificate of completion and anchored to the ledger.

Can anyone verify a sealed document without logging in?

Yes. Go to Verify → Signed document on the homepage (or /verify-document), upload the signed PDF, and SwanShare checks the fingerprint, issuer signature, and ledger anchor — no account required.

API Documentation — SwanShare

Developer API

Issue verifiable credentials from your code

The SwanShare REST API lets you issue tamper-evident, publicly verifiable credentials programmatically — from your LMS, backend, or a tool like Zapier. Every credential is cryptographically signed and instantly verifiable by anyone, with no account.

Base URL

https://www.swanshare.site/api

Authentication

Authenticate with an API key as a Bearer token. Create and manage keys in your dashboard under Settings → API keys. The full key (swan_sk_…) is shown once at creation — store it securely.

Authorization: Bearer swan_sk_your_key_here

Treat keys like passwords. They grant full issuing access for your organization.

Issue credentials

POST/v1/credentials

Issue one credential, or many in a batch by sending an items array. Each credential needs at least recipient_name and title.

Single

curl -X POST https://www.swanshare.site/api/v1/credentials \
  -H "Authorization: Bearer swan_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "recipient_name": "Asha Rao",
    "recipient_email": "[email protected]",
    "title": "Advanced Data Analytics",
    "expires_at": "2027-12-31",
    "fields": { "Score": "A+", "Hours": "120" }
  }'

Batch (a whole cohort)

{
  "items": [
    { "recipient_name": "Asha Rao",  "title": "Advanced Data Analytics" },
    { "recipient_name": "Vikram Singh", "title": "Advanced Data Analytics" }
  ]
}

Response — 201 Created

{
  "ok": true,
  "count": 2,
  "credentials": [
    { "verify_id": "a1b2c3…", "verify_url": "https://www.swanshare.site/verify?id=a1b2c3…" },
    { "verify_id": "d4e5f6…", "verify_url": "https://www.swanshare.site/verify?id=d4e5f6…" }
  ]
}

Fetch a credential

GET/v1/credentials/{verify_id}

Re-run the full verification (signature, hash, ledger inclusion, revocation/expiry) for a credential and get the canonical result.

curl https://www.swanshare.site/api/v1/credentials/a1b2c3… \
  -H "Authorization: Bearer swan_sk_your_key_here"

{
  "valid": true,
  "status": "valid",
  "checks": [ { "name": "Signature", "passed": true, "detail": "…" } ],
  "credential": { "title": "Advanced Data Analytics", "recipient_name": "Asha Rao", "issued_at": "…" },
  "issuer": { "name": "Acme Training Co.", "verified": true }
}

Errors & limits

Errors return a JSON body with an error message and an appropriate status code.

401Missing or invalid API key.
402Monthly plan limit reached (response includes "limit": true). Upgrade to issue more.
400Each credential needs recipient_name and title.

Rate limit: 120 requests / minute per API key.

Webhooks

Register endpoints in Settings → API keys to be notified of events. SwanShare sends a POST with a JSON body and these headers:

X-SwanShare-Event: credential.issued
X-SwanShare-Signature: sha256=<hmac>

Events

credential.issued — one or more credentials were issued
document.signed — all recipients signed a document

Payload

{
  "event": "credential.issued",
  "data": {
    "count": 1,
    "credentials": [
      { "verify_id": "a1b2c3…", "verify_url": "https://www.swanshare.site/verify?id=a1b2c3…" }
    ]
  }
}

Verify the signature

Each request is signed with HMAC-SHA256 over the raw body using your endpoint's signing secret. Recompute it and compare:

import hmac, hashlib

def is_valid(raw_body: bytes, header_sig: str, secret: str) -> bool:
    expected = "sha256=" + hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, header_sig)

Create your first API key