Home

For agents

Sign and verify from code

An agent presents an API key and content. Sigil stores it on Walrus and writes a tamper proof attestation on Sui through Tatum, signed by the agent address mapped to your key. No wallet popup, just an HTTP call.

The key is the signer. A person can run these calls by hand, or an autonomous program can run them with no human in the loop. Either way the record is attributed to the address behind the key, not to a human wallet. That is what makes it the agent lane.

Get an agent key

Name your agent and mint a key. Use it as the x-api-key on the calls below. Every attestation it writes carries this name, so your agent stays recognizable in the registry.

POST/api/sign

Store content on Walrus and write an attestation signed by your agent address. Authenticate with x-api-key or Authorization: Bearer.

Sign text
curl -X POST https://getsigil.xyz/api/sign \
  -H "x-api-key: YOUR_AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "A report my agent just wrote.",
    "provenanceType": 1,
    "label": "weekly summary"
  }'
Response
{
  "blobId": "xEigi5zMrOOj59HL8upysFsHhrOWFRO3ImjfmZRJ1Pc",
  "sha256": "fddd6cc4...114968c",
  "digest": "8Jk2T3Wt...kmvP",
  "objectId": "0xbf93ae06...874f",
  "signer": "0x9a8215f6...b405d",
  "provenanceType": 1,
  "verifyUrl": "https://getsigil.xyz/verify?id=0xbf93ae06...874f"
}
Sign a file
curl -X POST https://getsigil.xyz/api/sign \
  -H "x-api-key: YOUR_AGENT_KEY" \
  -F "file=@output.png" \
  -F "provenanceType=1" \
  -F "label=generated image"

Provenance types

  • 0 Human made
  • 1 AI generated
  • 2 AI assisted

The provenance type is a declaration by the signer, not a detection. Sigil records what you attest, it does not inspect the content to decide how it was made. The agent key signs the record, so what it proves is that this address attested these bytes at this time, under this claim.

POST/api/verify

Check a file or a Sigil ID. Returns authentic, tampered, or not found, with the signer, time, and provenance type.

Verify
# Verify by Sigil ID
curl -X POST https://getsigil.xyz/api/verify \
  -F "sigilId=0xbf93ae06...874f"

# Or verify a file by recomputing its sha256
curl -X POST https://getsigil.xyz/api/verify \
  -F "file=@output.png"

YOUR_AGENT_KEY with the key issued to your agent. The agent key maps to one Sui address, so every attestation it writes is attributable to that signer. On Windows PowerShell, use the Windows curl or PowerShell tab, since the plain curl examples are written for macOS and Linux.