HR Document Verification API
A fabricated offer letter is cheap. A fraudulent hire is not. Reference letters, prior offer letters, and employment verification PDFs pass visual background checks every day. A single API call detects the structural edits that are invisible to the eye — before the candidate is onboarded.
Scope
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We complement background-check services; we don’t replace them. Background checks verify employment history against databases and employer responses. HTPBE verifies the PDFs a candidate uploads at the structural layer, independent of employer verification.
1 in 8 applicants misrepresents credentials. Documents are how they do it
Background-check platforms verify employment history against employer databases — when the employer exists and responds. Document uploads are typically reviewed visually, and a well-made edit passes. A real reference letter with the salary or title modified is visually indistinguishable from the original.
Self-produced PDFs mimicking prior employer letterheads are more common than outright fabrications. An applicant takes a legitimate employment letter from a previous job, opens it in a PDF editor, and changes the compensation figure or job title. The result looks authentic — the file structure does not. Credential fraud also extends to forged certificates and diplomas.
The average replacement cost for a fraudulent hire exceeds $17,000. At scale, credential fraud in hiring is a direct financial risk, not just an HR compliance issue.
Common hiring document fraud patterns
- Prior offer letter opened in a PDF editor with salary or title inflated
- Self-produced PDF mimicking a known employer’s letterhead and formatting
- Real reference letter with dates, role, or tenure modified
- Employment verification letter with income or status figures changed
- Salary certificate edited to show higher compensation than paid
What the API detects in employment documents
Five forensic layers analyzed on every document — results in under 3 seconds
Producer signature validation
Authentic corporate exports carry recognizable producer signatures from HR systems (Workday, SAP SuccessFactors, BambooHR) or office tools. Self-produced or re-saved PDFs don’t match the claimed issuer.
Incremental update detection
Any post-creation edit leaves a structural fingerprint in the xref table. A reference letter with two xref tables was modified after the original corporate export.
Font and object consistency
Edited fields produce detectable font subset prefix shifts and object-layout anomalies. Title or salary substitutions show up clearly in the structural layer.
Digital signature verification
Digitally signed employment letters and contracts are checked for post-signature modifications. Signature bypass is flagged at certainty-level confidence.
Text layer vs. raster agreement
Replaced text in a rendered document (letterhead template with edited fields) breaks agreement between the text and visual layers — a clear forgery signal.
Modification date vs. document date
A reference letter with a ModDate years after the stated employment end date was modified long after original issuance — a high-confidence fraud signal.
Built for talent operations and background-check platforms
Integrate at the application stage or use the free tool for manual review
Catch offer letters where compensation or job title was altered before submission
Detect reference letters that were modified after the original issuer created them
Flag employment verification documents produced by consumer tools, not HR systems
Identify salary certificates where income figures were edited to pass compensation screening
Integrate into any ATS (Greenhouse, Lever, Workday, BambooHR) via webhook at upload
Every document produces a named-marker audit trail for HR compliance records
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Integrate in minutes
Two calls: POST the PDF URL, then GET the forensic verdict. No SDK required.
Request
curl -X POST https://api.htpbe.tech/v1/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-storage.com/reference-letter.pdf"}'Result (GET /v1/result/{id})
{
"id": "f6a7b8c9-d0e1-2345-fabc-678901234567",
"status": "modified",
"modification_confidence": "high",
"modification_markers": [
"Multiple cross-reference tables (incremental updates)"
],
"creator": "Microsoft Word",
"producer": "Microsoft Word",
"creation_date": 1672531200,
"modification_date": 1745625600,
"has_digital_signature": false,
"xref_count": 2,
"has_incremental_updates": true
}The creation_date in January 2023 with a modification_date in April 2025 on a reference letter means the document was edited more than two years after original creation. The xref_count: 2 confirms a post-creation editing session. This pattern is characteristic of an old document retrieved and modified to match a current job application.
Pricing
Self-serve plans. No sales call, no procurement process.
Starter
$15/mo
30 checks/mo
Manual spot-checks for senior or sensitive roles
Growth
$149/mo
350 checks/mo
Active recruiting teams with regular hiring volume
Pro
$499/mo
1,500 checks/mo
Background-check platforms and high-volume HR operations
Enterprise (unlimited, on-premise available) — see full pricing and docs
API key on signup. Free test environment on every plan. No card required.
Frequently Asked Questions
How does this compare to traditional background-check services?
Background-check services verify employment, education, and criminal history against databases and employer responses. HTPBE verifies the PDFs a candidate uploads at the structural layer. They complement each other — background check handles the facts, HTPBE handles the documents.
Does it detect diploma or degree forgery?
For digital PDFs, yes — the structural layer reveals edits and non-authentic exports. For scanned or photographed diplomas, results depend on the source material; structural analysis is weaker on pure rasters. See /use-cases/fake-certificate-detection/fake-diploma-detection for the diploma-specific guide.
Can this integrate with Greenhouse, Lever, Workday, or BambooHR?
Yes. The API is stack-agnostic. Any ATS that accepts uploaded PDFs and can make an outbound HTTPS call can integrate via webhook or custom action. Most teams wire it into the document upload step.
What if a real reference letter is scanned and re-uploaded?
A scan-to-PDF workflow typically produces a clean scanner export with no incremental update trail — that returns INTACT. Edits applied after scanning are what get flagged.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.
Integrate HR document verification in any stack
Two API calls — submit the employment document PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.
# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
-H "Authorization: Bearer htpbe_live_..." \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}
# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
-H "Authorization: Bearer htpbe_live_..." \
| jq '.status'