logo
Snappt alternative

A fabricated pay stub qualifies a tenant who would fail real income verification — and your intake flow has no structural check on the file

Property managers and proptech platforms accept pay stubs and bank statements as income proof. Applicants fabricate them in Microsoft Word, or edit a real document to raise the salary figure, export to PDF, upload. The file looks right. OCR extracts the right numbers. No existing tool in most rental pipelines checks whether the PDF was issued by a real payroll engine or assembled on a desktop. htpbe? provides that structural check — as a self-serve REST API your engineering team integrates in a day.

~3 sec
per document
35 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

htpbe? analyzes the structural layer of the PDF file — producer, xref, metadata, image streams. We don't replace identity verification or income-source connections. We catch the forged or edited PDF the applicant uploaded. Snappt has its own approach and customer base; this page describes how htpbe? fits a different buyer pattern (engineering teams shipping rental application flows), not a feature-by-feature audit of Snappt.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

How rental income fraud gets through current intake flows

Three real fraud mechanics we catch at the structural PDF layer.

01

Pay stub edited to inflate gross pay

Applicant downloads a real ADP pay stub showing $3,400/month. They open it in any PDF editor, change the figure to $5,800, save. The xref chain shows a second cross-reference table — structural evidence of a post-issuance edit that visual review and OCR both miss. The inflated figure passes the income-to-rent ratio check.

02

Pay stub fabricated in Word using a real employer's template

No employer involved. The applicant creates a pay stub in Microsoft Word using the company logo from LinkedIn, types the desired salary, exports to PDF. The producer field shows Microsoft Word — not ADP, Paychex, Gusto, or Workday. Real employer pay stubs always carry the payroll engine's producer signature.

03

Bank statement with edited balances

Applicant downloads a Chase Online Banking statement showing a $1,200 balance. They open it in any PDF editor, add fictitious direct deposits, raise the balance to $8,400, re-export. The running balance arithmetic breaks at the inserted transaction — structural evidence the file was tampered with after the bank issued it.

How htpbe? is positioned

$15/mo
starter plan, 30 requests included — public pricing on /pricing
~3 sec
per PDF analyzed via API
No sales call
self-serve sign-up, API key in under a minute

Why the current rental intake flow misses this

OCR reads the income figure. It does not read whether the file carrying it came from a real payroll engine.

The structural layer is the gap most proptech stacks do not yet close.

OCR-based income extraction (AWS Textract, Google Document AI, FormFree, Plaid Income) reads what is printed on the document — it cannot detect that the underlying PDF was created in Word or edited after the payroll engine issued it. Identity verification (Persona, Onfido, Alloy) confirms who the applicant is — it does not inspect the PDF the applicant uploaded for structural fraud. Manual review by a leasing agent reads the document visually — it cannot see the second xref table or the producer-field mismatch. htpbe? closes this specific gap: it reads the structural layer of every submitted PDF and flags fabricated or edited documents before they influence a rental decision.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo
How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown
Document types

PDFs we analyze for proptech and rental application flows

Every type listed below is analyzed at the structural file layer — not the rendered image.

Pay stub PDFBank statement PDFEmployment letter PDFW-2 PDF (US)Tax return PDFUtility bill PDF (proof of address)Asset / gift letter PDF
What htpbe? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature analysis

Authentic pay stubs, bank statements, and employer letters carry institutional producer signatures (payroll engines, banking systems, HRMS). When the producer field shows Microsoft Word, LibreOffice, or a generator-tool fingerprint, the document was authored on a desktop — flagged accordingly.

Incremental update detection

Edits to a real PDF (changed amounts, dates, names) leave incremental update markers in the xref chain. htpbe? flags these as MODIFIED at high confidence even when the visual layout looks pristine.

Digital signature chain validation

Many large employers and banks digitally sign their PDFs. htpbe? validates the signature chain and flags invalidated or removed signatures — a core indicator of post-issuance tampering.

Image-stream artefact detection

Lifted-and-pasted logos, signatures, and headers leave compression and object-structure artefacts that differ from authentic embedded content. The image-stream metadata exposes paste operations.

Cross-document fingerprint analysis

When multiple "different" employer letters from the same applicant pool share font subset prefixes, image hashes, or producer signatures, the API surfaces the shared fingerprints — useful for catching collusion or rental-fraud rings.

Single-session creation pattern

Applicant-fabricated PDFs are typically produced in one shot — CreationDate equals ModDate, single xref, no incremental update history. Real institutional production systems often carry richer history.

Integrate in minutes

A Snappt alternative your engineers can ship today

Buyers can skip this section — developers, the integration is two HTTP calls.

Step 1 — submit the PDF

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer $HTPBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage/applicant-pay-stub.pdf"}'

Step 2 — read the verdict

{
  "id": "s1n2a3p4-5p6t-7a8l-9z0t-a1b2c3d4e5f6",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Two cross-reference tables — incremental update",
    "Modification date 8 days after creation date",
    "Spreadsheet producer detected"
  ],
  "producer": "Microsoft Excel",
  "creator": "ADP Workforce Now",
  "creation_date": 1707091200,
  "modification_date": 1707782400,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

Original came from ADP Workforce Now (institutional payroll). 8 days later it was opened in Microsoft Excel and re-saved, adding a second xref. Verdict: modified at high confidence. The applicant edited a real ADP pay stub after issuance — likely to bump the salary figure for the rental application.

Get your API key — free test keys includedFull API documentation

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

No. We deliberately don't describe ourselves that way. Snappt is an operator-focused rental fraud platform with its own UI and customer base. htpbe? is a developer-first REST API for the underlying PDF forensics — the structural layer Snappt and similar platforms also analyze, plus their workflow on top. If you want a workbench, look at managed platforms. If you want a primitive your team integrates into your own rental flow, htpbe? is the right shape.
Plans start at $15/mo (30 requests) and go to $499/mo (1,500 requests) with public pricing on /pricing. Enterprise unlimited is a contract conversation. We don't publish competitor pricing here — Snappt's pricing is on their site or via their sales team — but transparent self-serve pricing is one of the deliberate differences in our positioning.
For PDF-layer fraud (pay stubs, bank statements, employer letters, tax returns, utility bills, asset letters) — yes, the structural-forensics layer is the same. We don't do identity matching, photo-ID biometrics, or rental-history checks; if your fraud signal needs those, pair htpbe? with an identity platform (Persona, Onfido) or use a managed proptech platform that bundles them.
Yes. Sign up for the free tier — test API keys are included on every plan, including free. Run our test PDF fixtures through your integration without consuming live quota. When you're ready, the live keys work the same way against any public PDF URL. No card on free tier.
Related

Related solutions and guides

Solution

Tenant Screening

Full proptech vertical positioning — fraud-ops angle for property managers.

Read more
Technical guide

Fake Pay Stub Detection

The primary document type in rental fraud — focused tech-page treatment.

Read more
Technical guide

Bank Statement Fraud Detection

Bank statement forensics for income and asset verification.

Read more

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs