logo
Free PDF Check

Document Fraud Detection API

Built for fraud ops at lending, insurance & compliance teams

HTPBE? is a REST API that detects post-creation modifications in PDF documents. One POST call returns a structured verdict — intact, modified, or inconclusive — with named modification markers explaining exactly what was detected. Self-serve integration. No sales call. Free test keys on all plans. From $15/mo.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

What the API Detects

Three real fraud mechanics we catch at the structural PDF layer.

01

Metadata manipulation

The API checks creation and modification timestamps, creator and producer application fields, and cross-references them against known tool signatures. Timestamp gaps, spoofed fields, and producer mismatches are returned as named markers in the response.

02

Structural manipulation

The API examines the PDF’s internal cross-reference tables and update chain length. Each post-creation edit session appends a new section to the file structure. The API returns the exact number of revision layers detected.

03

Digital signature bypass

The API detects whether a document was signed, whether the signature remains valid, and whether a signature was removed after it was applied. Post-signature modification and signature removal are both returned as high-confidence markers.

04

Tool-based forgery fingerprints

HTPBE? maintains a database of known PDF tool signatures covering hundreds of generators and editors. When the producer field matches a known editing tool on a document that should reflect institutional software, the API returns the tool name and classification as part of the verdict.

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature mismatch

The PDF claims to come from one tool but the binary structure points to another. The first signal of post-export editing.

Incremental update trail

Every save after the original creates an incremental update. Long chains mean multiple editing sessions on the same file.

Multiple xref tables

Each editing session adds a new cross-reference table. Genuine institutional PDFs have one. Tampered PDFs have several.

Modification timestamp gap

A real PDF has matching CreationDate and ModDate. Months between them is a high-confidence forgery signal.

Digital signature validation

When a digital signature exists, we verify the coverage map. Modifications after signing return certain-confidence verdicts.

Font and object consistency

Edited text introduces new font subsets or objects with origin patterns inconsistent with the rest of the document.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

What does the API response look like?

The API returns JSON with three key fields: “status” (intact / modified / inconclusive), “modification_confidence” (certain / high / none), and “modification_markers” (an array of named strings describing each finding, such as DIFFERENT_DATES, MODIFICATIONS_AFTER_SIGNATURE, or KNOWN_EDITOR_IN_PRODUCER). Full schema and example responses are documented at htpbe.tech/api.

How long does analysis take?

Most PDFs are analyzed in under 3 seconds. The API is synchronous — the response returns once analysis is complete. There is no polling or webhook required. For very large or structurally complex files near the 10 MB limit, analysis may take up to 9 seconds.

Can I test without a live key?

Yes. Test keys are available on all plans including free accounts. Test keys accept a set of predefined test URLs that return deterministic responses for all verdict types — intact, modified, and inconclusive. This lets you build and test your integration completely before sending any real documents.

What document types does it support?

The API supports any standard PDF file up to 10 MB. It works on bank statements, invoices, payslips, contracts, certificates, tax returns, insurance documents, and any other PDF-format document. It does not support image files (JPEG, PNG) or password-protected PDFs. It performs binary forensic analysis, so the document must be a proper PDF file — not an image embedded in a PDF container.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →