You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
spec(api): add API Response Filtering section — v2.1.1
Implementations MAY filter sensitive fields from public API responses:
parties, certification_fee amounts, receipt URLs, parsed_fields.
Owner-only endpoints MAY expose full proof after fingerprint ownership check.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: SPEC.md
+19-1Lines changed: 19 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -479,7 +479,25 @@ See [`test-vectors.json`](test-vectors.json) for machine-readable test cases.
479
479
480
480
Implementers MUST pass all test vectors to claim conformance.
481
481
482
-
## 9. Versioning
482
+
## 9. API Response Filtering
483
+
484
+
Implementations MAY filter sensitive fields from public API responses while keeping the internal proof structure intact.
485
+
486
+
When a proof is returned via an **unauthenticated** endpoint:
487
+
488
+
-`parties` (buyer_fingerprint, seller, agent_identity) SHOULD be omitted
489
+
-`certification_fee` amounts and receipt URLs SHOULD be omitted
490
+
-`buyer_reputation_score` and `buyer_profile_url` SHOULD be omitted
491
+
-`provider_payment`: only `type`, `receipt_content_hash`, and `verification_status` SHOULD be retained; `receipt_url` and `parsed_fields` SHOULD be omitted
492
+
493
+
When a proof is returned via an **authenticated owner-only** endpoint:
494
+
495
+
- All fields MAY be included
496
+
- Ownership SHOULD be verified by comparing `sha256(api_key)` against `parties.buyer_fingerprint`
497
+
498
+
**Note:** these filtering rules apply to API responses only. The stored proof structure is not affected; `verify_proof_integrity()` always operates on the full internal proof.
499
+
500
+
## 10. Versioning
483
501
484
502
This spec follows [Semantic Versioning](https://semver.org/).
0 commit comments