Verify a receipt

Every response from the Draftworks gateway is signed with Ed25519. Paste a request id to fetch its receipt and check the signature against the published public key. Receipts hold SHA-256 hashes and token counts only — prompt and completion content is never stored.

Verify it yourself

This page checks signatures in your browser, but you should not have to trust it. The signing key is Ed25519; the public half is published here and the check is four lines of Node.

Ed25519 public key (raw 32 bytes, base64url)

JSl3dcdGcMcr0A92fXtJEdIRLYbJ9yHp-AQUixzqJO8
import { createPublicKey, verify } from "node:crypto";

const receipt = await fetch(
  "https://www.draftworks.dev/v1/receipts/" + requestId,
).then((r) => r.json());

const key = createPublicKey({
  format: "jwk",
  key: { kty: "OKP", crv: "Ed25519", x: "JSl3dcdGcMcr0A92fXtJEdIRLYbJ9yHp-AQUixzqJO8" },
});

const valid = verify(
  null,
  Buffer.from(receipt.payload, "utf8"),
  key,
  Buffer.from(receipt.signature, "base64url"),
);

prompt_sha256 is the SHA-256 of the raw request body bytes, exactly as you sent them. For non-streaming requests, response_sha256 is the SHA-256 of the raw response body. For streaming requests, it is the SHA-256 of every SSE data payload concatenated with a trailing newline each, [DONE] excluded.

Full specification: /docs/verification.