logo

Fake Certificate Detection API

Detect fake diplomas, forged professional credentials, and altered certificates of completion. One API call surfaces forensic evidence of PDF modification — before a candidate is hired.

~3 sec
per document
35 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, embossed seals, or physical paper. If your fraud problem is a digitally fabricated or tampered certificate, diploma, or transcript PDF, we’re the most specific tool for it.

When htpbe? returns INCONCLUSIVE on a certificate or diploma, that’s itself a high-confidence fraud signal — real credentials come from registrar systems or accredited verification platforms (National Student Clearinghouse, Parchment, Digitary), never from a desktop tool. Combine with education-verification services where available; htpbe? works on the file layer regardless.

Credential fraud is an unsolved problem in hiring

Research from the University of Portsmouth estimates that recruitment fraud costs UK employers £24 billion annually. In the United States, studies indicate that roughly 40% of resumes contain some form of misrepresentation, and fake credentials are the fastest-growing category.

The core problem is that PDF certificates look authentic when fraudulently modified. Free tools like iLovePDF, SmallPDF, and Adobe Acrobat can change any text in a PDF in under two minutes. The resulting file is visually indistinguishable from the original — but the binary structure tells a different story.

htpbe? does not compare against a database. It analyzes the PDF’s own internal structure for signs of post-issuance modification, which means it works even for certificates from obscure or international institutions where no database record exists.

Most common certificate modifications

  • Name field changed to the applicant’s name
  • Graduation year changed from fail to pass
  • Grade or GPA altered
  • Issuing institution name changed
  • Certificate date changed to appear more recent
  • Real certificate of a different person reused

Forensic signals analyzed in every certificate

No original document required — analysis is fully self-contained

Institutional producer check

Legitimate certificates from universities and professional bodies are generated by institutional document systems. A producer field showing “iLovePDF” or “PDF24” means the certificate was processed by an editing tool after issuance.

Incremental update detection

When a text field in a PDF is edited, the change is appended as an incremental update rather than rewriting the file. htpbe? counts update chain length — genuine certificates have none.

Multiple xref tables

Each editing session adds a new cross-reference table to the PDF. A certificate with multiple xref tables was almost certainly modified after it was originally generated.

Modification date analysis

A certificate’s ModDate should equal its CreationDate if unmodified. A gap of months or years between creation and modification is a primary forgery signal.

Digital signature validation

Accredited institutions often digitally sign certificates. If a signature exists and content was modified after signing, htpbe? returns “modified” with “certain” confidence.

Font and object consistency

Text substitutions in PDF certificates often introduce font subsets that were not part of the original document. htpbe?’s content analysis layer detects inconsistent object origins.

For HR teams and background check platforms

From manual review to automated screening at any scale

Detect when a genuine certificate PDF was edited to change names, grades, or dates

Identify certificates generated by unofficial PDF tools rather than institutional systems

Flag producer/creator mismatches — Microsoft Word output re-processed by an online editor

Catch incremental updates that indicate post-issuance content changes

Integrate into your ATS, HRIS, or background check workflow via REST API

Scale from manual spot-checks to automated screening of thousands of applicants

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

Integrate in minutes

Two calls: POST the PDF URL, then GET the forensic verdict. No SDK, no training data.

Request

bash
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage.com/diploma-john-doe.pdf"}'

Result (GET /v1/result/{id})

json
{
  "id": "3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Known PDF editing tool detected",
    "Different creation and modification dates"
  ],
  "creator": "Microsoft Word",
  "producer": "iLovePDF",
  "creation_date": 1684141200,
  "modification_date": 1725370920,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

What “inconclusive” means for certificates: Certificates generated by consumer desktop tools (Microsoft Word, Google Docs exported to PDF) return inconclusive because their internal structure lacks the institutional metadata needed to detect tampering. This is itself a signal — legitimate institutional certificates are not generated by Word. Use it as a prompt for manual review.

Pricing

Self-serve plans. No sales call, no procurement process.

Starter

$15/mo

30 checks/mo

Manual spot-checks for small hiring teams

Growth

$149/mo

350 checks/mo

Recruiting teams screening daily applicants

Pro

$499/mo

1,500 checks/mo

Background check platforms and staffing agencies

Enterprise (unlimited, on-premise available) — see full pricing and docs

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Frequently Asked Questions

How does it detect a fake diploma without the original?

htpbe? analyzes the internal structure of the PDF — not its visual appearance. Legitimate certificates from universities and professional bodies are generated by institutional document systems. If the file was later opened in iLovePDF, SmallPDF, or Adobe Acrobat and edited, it leaves structural traces: additional xref tables, incremental update records, and a modification date gap. No comparison to an original document is required.

Does it work for certificates from any country?

Yes. The analysis is purely structural — it reads the binary structure of the PDF file, not the text content or template layout. It works for certificates from any institution in any country and in any language. The only requirement is a publicly accessible URL to the PDF file.

What does "inconclusive" mean for a certificate?

A verdict of inconclusive means the certificate was created with consumer software: Microsoft Word, Google Docs, or a desktop PDF printer. These tools do not embed institutional metadata, so the file cannot be analyzed for tampering. For certificates, this verdict is particularly significant — legitimate university diplomas and professional accreditations are not generated by Word. Treat inconclusive as a prompt for manual review.

Can it detect AI-generated fake certificates?

Partially. If an AI-generated certificate PDF was created from scratch using a PDF library (jsPDF, ReportLab), htpbe? may return inconclusive because it was never "modified" — it was fabricated as a new file. However, the producer and creator fields in the response will reveal the generation tool, which is a risk signal for certificates that should come from institutional systems. Many AI-generated fakes are also subsequently edited, which adds detectable structural markers.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs

Related: Bank Statement Fraud Detection API →

Integrate certificate fraud detection in any stack

Two API calls — submit the certificate PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.

bash
# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer htpbe_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}

# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
  -H "Authorization: Bearer htpbe_live_..." \
  | jq '.status'