Coming soon · Private design partners
BAINK Receipts. The evidence layer for AI-assisted banking decisions.
Hosted canonicalization, signing, signed webhooks, and verification for BAINK Evidence Bundles. Send a bundle. Get a digest, a signed receipt, and a structured verification result. Keep sensitive decision data in your environment.
The thin waist
Evidence Bundle → Canonical Digest → Signed Receipt → Verification Result
Hosted convenience. Local truth. Everything verifiable through this API is also verifiable with the open-source Rust verifier — no network egress, no lock-in. The moat is being the trusted receipt layer, not secrecy.
What v0 does
Four primitives. Nothing else.
Canonicalization
Deterministic digest of any BAINK bundle, with schema validation and warnings before you ask us to sign anything.
Signed receipts
Ed25519, org-scoped, anchored to the BAINK Ledger™. The commercial primitive — institutional proof-of-process.
Structured verification
Per-check report: schema, hash chain, signature, profile requirements, approvals, policy bindings.
Signed webhooks
HMAC-SHA256 deliveries for receipt.issued and receipt.verified — same scheme you can verify locally.
Playground · live
POST api.baink.dev/v1/canonicalize
Send a bundle. Get a deterministic digest, schema validity, and warnings. No signing, no auth, no retention.
Press send to call the endpoint.
POST https://api.baink.dev/v1/canonicalize · no body retention
Webhooks sandbox
Two events. One signing scheme. Verify locally.
Trigger signed receipt.issued and receipt.verified events against any URL you control. Every delivery is signed with HMAC-SHA256 over timestamp.body — the same scheme your verifier will check.
Tip: use webhook.site to inspect headers and body live.
Public sandbox · no auth · payloads not stored · only public hosts allowed (localhost / RFC1918 ranges blocked). The hosted endpoint is convenience — signatures can be verified locally with the open-source Rust verifier.
Endpoint preview
Illustrative. Shape may change before GA.
Developer wedge. Submit a bundle, get a canonical digest and schema validation. No signing.
POST https://api.baink.dev/v1/canonicalize
Authorization: Bearer baink_sk_live_...
Content-Type: application/json
{
"profile": "BAINK-CM-0.1",
"bundle": {
"header": {},
"decision": {},
"inputs": [],
"steps": [],
"policy_bindings": [],
"approvals": []
}
}
200 OK
{
"profile": "BAINK-CM-0.1",
"schema_version": "0.1",
"canonicalization_version": "baink-c14n-0.1",
"bundle_digest": "sha256:0a1b...",
"valid_schema": true,
"warnings": []
}Issue a signed receipt for a valid bundle digest. Ed25519, org-scoped, anchored.
POST https://api.baink.dev/v1/receipts
Authorization: Bearer baink_sk_live_...
Content-Type: application/json
{
"profile": "BAINK-CM-0.1",
"bundle_digest": "sha256:0a1b...",
"issuer_org_id": "org_7Q...",
"external_reference": "loan_12345"
}
200 OK
{
"receipt_id": "rcpt_01HXY...",
"bundle_digest": "sha256:0a1b...",
"profile": "BAINK-CM-0.1",
"issued_at": "2026-05-24T18:32:00Z",
"signature": {
"alg": "ed25519",
"key_id": "baink_signing_key_2026_01",
"value": "..."
},
"verification_url": "https://api.baink.dev/v1/receipts/rcpt_01HXY..."
}Verify a bundle, a receipt, or both. Returns structured per-check results — not just pass/fail.
POST https://api.baink.dev/v1/verify
Authorization: Bearer baink_sk_live_...
Content-Type: application/json
{ "bundle": { }, "receipt": { } }
200 OK
{
"verified": true,
"profile": "BAINK-CM-0.1",
"checks": {
"schema_valid": true,
"hash_chain_valid": true,
"receipt_signature_valid": true,
"profile_requirements_met": true,
"approval_roles_present": true,
"policy_bindings_present": true
},
"bundle_digest": "sha256:0a1b...",
"receipt_id": "rcpt_01HXY...",
"verified_at": "2026-05-24T18:36:00Z"
}Public verification metadata. No bundle contents — banks keep their sensitive data.
GET https://api.baink.dev/v1/receipts/rcpt_01HXY...
200 OK
{
"receipt_id": "rcpt_01HXY...",
"bundle_digest": "sha256:0a1b...",
"profile": "BAINK-CM-0.1",
"issued_at": "2026-05-24T18:32:00Z",
"issuer_org_id": "org_7Q...",
"signature": {
"alg": "ed25519",
"key_id": "baink_signing_key_2026_01",
"value": "..."
},
"status": "active"
}Trigger a signed receipt.issued or receipt.verified event to a URL you control. Try it live in the sandbox above.
POST https://api.baink.dev/v1/webhooks/test
Content-Type: application/json
{
"event": "receipt.issued",
"target_url": "https://api.your-app.com/webhooks/baink",
"secret": "whsec_...",
"receipt_id": "rcpt_demo_01"
}
→ POST https://api.your-app.com/webhooks/baink
BAINK-Event-Id: evt_01HXY...
BAINK-Event-Type: receipt.issued
BAINK-Timestamp: 1716580000
BAINK-Signature: t=1716580000,v1=<hex hmac-sha256>
Content-Type: application/json
{ "id": "evt_01HXY...", "type": "receipt.issued", "data": { "receipt": { ... } } }Confirm a webhook came from BAINK. Returns per-check results: format, freshness, signature match.
POST https://api.baink.dev/v1/webhooks/verify
Content-Type: application/json
{
"secret": "whsec_...",
"signature": "t=1716580000,v1=<hex>",
"payload": "<raw request body as string>"
}
200 OK
{
"valid": true,
"checks": {
"signature_format": true,
"timestamp_fresh": true,
"signature_match": true
},
"computed_signature": "..."
}Out of scope for v0
Discipline is the feature.
The hosted API does not own the bundle. The open standard does. v0 certifies, anchors, and verifies — nothing more.
- − Full bundle storage
- − Policy editor
- − Examiner portal
- − Insurer scoring
- − Webhook retry queue
- − User-facing dashboard
Trust model
Bearer keys. Org-scoped. Ed25519 receipts. HMAC-signed webhooks.
- + API keys are issued per organization and per environment.
- + Receipts are Ed25519; verification public keys are published per org.
- + Webhook deliveries are HMAC-SHA256 over
timestamp.body. - + Every receipt and verification event is recorded in the BAINK Ledger™.
The hosted API is convenient. The local Rust verifier is authoritative.
Who it's for
For vendors
Add BAINK receipts to your product in an afternoon. Ship a badge banks can verify.
For banks
Keep sensitive decision data in your environment. Share only receipts and hashes.
For insurers
Evaluate whether AI-assisted decisions produce structured, tamper-evident evidence.
For developers
One install. Canonicalize, sign, and verify with the same primitives as the open verifier.
Until then, you can already…
Apply for sandbox access
Sandbox credentials for funded AI banking teams.
Tell us where to deliver signed receipt events and which event types you'll consume. We issue sandbox keys within one business day and read every application.
View pricing →Trademark notice
BAINK™, BAINKING™, BAINK Assure™, BAINK Ledger™, BAINK Binder™, and BAINK Verified™ are trademarks of the BAINK Working Group. The BAINK Evidence Standard is an open protocol licensed under Apache-2.0.