Integration Guides
Implement RepSec™ using our API, SDKs & CLI. Quick start, auth, sample calls, webhooks, and resources.
Quick Start
- Get your API key from /account/ (or /my-account/).
- Open the API Reference for endpoints & schemas.
- (Optional) Import Postman: PastWipe_RepSec_API.postman_collection.json.
- Download tools below (SDK / CLI) and run the sample calls.
- Configure webhooks to receive breach/neutralization notifications.
SDKs & CLI
Current release: v0.9.1 (protected downloads; login required).
Access: Partners & Pilot Customers.
Authentication
Send your API key with every request. Optional HMAC signature adds tamper protection.
# Required header
X-PastWipe-Key: <YOUR_API_KEY>
# Optional request signing
X-PastWipe-Signature: <HMAC hex>
# Basic cURL (replace {BASE_URL} and adjust path per /docs-api/)
curl -X POST "{BASE_URL}/v1/attestations" \
-H "Content-Type: application/json" \
-H "X-PastWipe-Key: <YOUR_API_KEY>" \
-d '{ "asset_id":"file-123", "policy":"no-reuse-on-breach" }'
Sample Calls
Create Attestation
POST {BASE_URL}/v1/attestations
{
"asset_id":"file-123",
"hash_alg":"SHA-256",
"hash":"e3b0c44298fc1c149afbf4c8996fb924...",
"policy":"no-reuse-on-breach"
}
Neutralize (apply policy)
POST {BASE_URL}/v1/neutralizations
{
"asset_id":"file-123",
"reason":"revoked_by_owner",
"note":"pilot test"
}
Verify Proof
POST {BASE_URL}/v1/verify
{
"asset_id":"file-123",
"proof":"<paste-proof>"
}
Register Breach Event
POST {BASE_URL}/v1/breaches
{
"event_id":"br-2025-0001",
"scope":"asset",
"asset_id":"file-123",
"timestamp":"2025-11-04T12:00:00Z"
}
Full schemas & responses: see /docs-api/.
Webhooks
Receive JSON events (attestation created, policy applied, breach registered) at your HTTPS endpoint.
X-PastWipe-SignatureExample Payload
{
"type":"breach.registered",
"id":"evt_01HXYZ",
"created":"2025-11-04T12:00:00Z",
"data":{
"event_id":"br-2025-0001",
"scope":"asset",
"asset_id":"file-123"
}
}
Integration Guides
Implement RepSec™ using our API, SDKs & CLI. Quick start, auth, sample calls, webhooks, and resources.
Quick Start
- Get your API key from /account/ (or /my-account/).
- Open the API Reference for endpoints & schemas.
- (Optional) Import Postman: PastWipe_RepSec_API.postman_collection.json.
- Download tools below (SDK / CLI) and run the sample calls.
- Configure webhooks to receive breach/neutralization notifications.
SDKs & CLI
Current release: v0.9.1 (protected downloads; login required).
Access: Partners & Pilot Customers.
Authentication
Send your API key with every request. Optional HMAC signature adds tamper protection.
# Required header
X-PastWipe-Key: <YOUR_API_KEY>
# Optional request signing
X-PastWipe-Signature: <HMAC hex>
# Basic cURL (replace {BASE_URL} and adjust path per /docs-api/)
curl -X POST "{BASE_URL}/v1/attestations" \
-H "Content-Type: application/json" \
-H "X-PastWipe-Key: <YOUR_API_KEY>" \
-d '{ "asset_id":"file-123", "policy":"no-reuse-on-breach" }'
Sample Calls
Create Attestation
POST {BASE_URL}/v1/attestations
{
"asset_id":"file-123",
"hash_alg":"SHA-256",
"hash":"e3b0c44298fc1c149afbf4c8996fb924...",
"policy":"no-reuse-on-breach"
}
Neutralize (apply policy)
POST {BASE_URL}/v1/neutralizations
{
"asset_id":"file-123",
"reason":"revoked_by_owner",
"note":"pilot test"
}
Verify Proof
POST {BASE_URL}/v1/verify
{
"asset_id":"file-123",
"proof":"<paste-proof>"
}
Register Breach Event
POST {BASE_URL}/v1/breaches
{
"event_id":"br-2025-0001",
"scope":"asset",
"asset_id":"file-123",
"timestamp":"2025-11-04T12:00:00Z"
}
Full schemas & responses: see /docs-api/.
Webhooks
Receive JSON events (attestation created, policy applied, breach registered) at your HTTPS endpoint.
X-PastWipe-SignatureExample Payload
{
"type":"breach.registered",
"id":"evt_01HXYZ",
"created":"2025-11-04T12:00:00Z",
"data":{
"event_id":"br-2025-0001",
"scope":"asset",
"asset_id":"file-123"
}
}