Document Fraud Detection API
HTPBE is a REST API that detects post-creation modifications in PDF documents. One POST call returns a structured verdict — intact, modified, or inconclusive — with named modification markers explaining exactly what was detected.
Self-serve integration. No sales call. Free test keys on all plans. From $15/mo.
What the API Detects
Every PDF carries hidden evidence of its history. Here is what to look for.
Metadata manipulation
The API checks creation and modification timestamps, creator and producer application fields, and cross-references them against known tool signatures. Timestamp gaps, spoofed fields, and producer mismatches are returned as named markers in the response.
Structural manipulation
The API examines the PDF’s internal cross-reference tables and update chain length. Each post-creation edit session appends a new section to the file structure. The API returns the exact number of revision layers detected.
Digital signature bypass
The API detects whether a document was signed, whether the signature remains valid, and whether a signature was removed after it was applied. Post-signature modification and signature removal are both returned as high-confidence markers.
Tool-based forgery fingerprints
HTPBE maintains a database of known PDF tool signatures covering hundreds of generators and editors. When the producer field matches a known editing tool on a document that should reflect institutional software, the API returns the tool name and classification as part of the verdict.
The Easy Way: Use HTPBE
All checks run automatically in seconds — no technical knowledge required.
Get an API key
Sign up at htpbe.tech and retrieve your test key from the dashboard. No credit card required. Test keys work immediately and return deterministic responses for all test scenarios.
POST the PDF URL
Send a POST request to /api/v1/analyze with a JSON body containing the public URL of the PDF to analyze. The API downloads and analyzes the document server-side.
Receive the structured verdict
The response returns a status field (“intact”, “modified”, “inconclusive”), a modification_confidence field (“certain”, “high”, “none”), and a modification_markers array listing every finding by name.
Frequently Asked Questions
What does the API response look like?
The API returns JSON with three key fields: “status” (intact / modified / inconclusive), “modification_confidence” (certain / high / none), and “modification_markers” (an array of named strings describing each finding, such as DIFFERENT_DATES, MODIFICATIONS_AFTER_SIGNATURE, or KNOWN_EDITOR_IN_PRODUCER). Full schema and example responses are documented at htpbe.tech/api.
How long does analysis take?
Most PDFs are analyzed in under 3 seconds. The API is synchronous — the response returns once analysis is complete. There is no polling or webhook required. For very large or structurally complex files near the 10 MB limit, analysis may take up to 9 seconds.
Can I test without a live key?
Yes. Test keys are available on all plans including free accounts. Test keys accept a set of predefined test URLs that return deterministic responses for all verdict types — intact, modified, and inconclusive. This lets you build and test your integration completely before sending any real documents.
What document types does it support?
The API supports any standard PDF file up to 10 MB. It works on bank statements, invoices, payslips, contracts, certificates, tax returns, insurance documents, and any other PDF-format document. It does not support image files (JPEG, PNG) or password-protected PDFs. It performs binary forensic analysis, so the document must be a proper PDF file — not an image embedded in a PDF container.
For Teams
Checking PDFs at scale?
The same tamper detection analysis runs via REST API. Integrate into your lending, accounts payable, or compliance workflow — self-serve from $15/mo, no sales call required.
Who uses this in production
The same detection engine, framed for the teams that rely on it.
Alternative Lending
REST API in underwriting pipelines — bank statements, payslips, tax returns, W-2s.
Insurance Claims
Structured verdicts for every claim document at lodgement — before SIU review.
KYC & Onboarding
Document-integrity layer alongside Persona, Onfido, and Alloy identity verification.