logo

Invoice Authenticity Verification API

Detect tampered invoices before payment. A single API call reveals whether a PDF invoice has been modified after generation — catching altered amounts, payee details, and account numbers that eyes miss.

Why altered invoices pass manual review

A fraudster intercepts a legitimate invoice PDF, opens it in a free online editor, changes the bank account number or payment amount, and sends the modified file. Visually, the invoice looks identical — same logo, same layout, same font.

The modification is invisible to the human eye but not to a forensic analyzer. PDF editors leave structural traces: extra xref tables, incremental update records, and metadata timestamps that do not match. HTPBE surfaces these traces automatically.

According to the Association of Certified Fraud Examiners, billing fraud accounts for 43% of all occupational fraud cases. A single prevented fraudulent payment typically covers months of API subscription costs.

Typical invoice fraud scenario

  1. 1Vendor sends a legitimate invoice PDF via email
  2. 2Attacker intercepts or spoofs the vendor’s email account
  3. 3PDF opened in iLovePDF, SmallPDF, or Adobe Acrobat
  4. 4Bank account number or amount edited
  5. 5Modified file forwarded to AP team
  6. 6Payment sent to fraudster’s account

What the API detects in invoice PDFs

Five forensic layers analyzed on every request

Multiple xref tables

An unmodified invoice has one xref table. A second table means content was added after the original save — the most common marker of invoice tampering.

Incremental update chain

PDF editors append changes without rewriting the original bytes. HTPBE counts the update chain length — one update is unusual, two or more is highly suspicious.

Producer/creator mismatch

Genuine invoices are generated by accounting software (QuickBooks, Xero, SAP). If the producer field shows a PDF editor (iLovePDF, SmallPDF, QPDF), the file was processed after generation.

Date inconsistency

CreationDate and ModDate are metadata fields that PDF editors update automatically. A ModDate weeks after CreationDate on an invoice is a direct tampering signal.

Digital signature bypass

If the original invoice was digitally signed and content was added after signing, HTPBE flags it as modified with “certain” confidence — the highest possible verdict.

Tool fingerprint analysis

Every PDF tool leaves a distinct fingerprint in the file structure. HTPBE cross-references against a database of 200+ known tools to detect editing software.

Built for finance teams and AP automation

Integrate into your approval workflow or use the free web tool for manual checks

Catch altered payment amounts, IBAN and account numbers before wire transfer

Detect when a legitimate invoice PDF was opened in an editor and re-saved

Flag invoices where metadata dates contradict the stated invoice date

Identify incremental updates — the primary technique for invisible PDF editing

Integrate into AP automation workflows via a single REST call

Free web tool lets your team verify suspicious invoices manually without writing code

Integrate in minutes

Two calls: POST the PDF URL, then GET the forensic verdict. No SDK required.

Request

bash
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage.com/invoice-2024-1045.pdf"}'

Result (GET /v1/result/{id})

json
{
  "id": "3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Multiple cross-reference tables (incremental updates)"
  ],
  "producer": "Adobe Acrobat 23.0",
  "creation_date": 1730451120,
  "modification_date": 1731606180,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

The verdict is one of three values: intact (no post-creation modifications detected), modified (forensic markers confirm editing), or inconclusive (created with consumer software — structural integrity cannot be verified, itself a risk signal). Each verdict comes with a confidence level and the specific markers that triggered it.

Pricing

Self-serve plans. No sales call, no procurement process.

Starter

$15/mo

30 checks/mo

Manual spot-checks and low-volume workflows

Growth

$149/mo

350 checks/mo

Active AP teams processing invoices daily

Pro

$499/mo

1,500 checks/mo

High-volume AP automation and fintech platforms

Enterprise (unlimited, on-premise available) — see full pricing and docs

Frequently Asked Questions

How does the API detect a tampered invoice?

HTPBE analyzes the binary structure of the PDF file — not the visual content. It looks for cross-reference tables added after the original save, incremental update records, producer fields inconsistent with invoicing software (QuickBooks, Xero, SAP), and modification dates that post-date the stated invoice date. These structural traces cannot be removed without creating a new file from scratch.

Can it catch invoice fraud if the original was never signed?

Yes. Digital signature bypass is just one of several detection signals. HTPBE detects xref table counts, incremental updates, producer mismatches, and date inconsistencies on any PDF — regardless of whether a digital signature was ever applied. Most invoice fraud involves unsigned PDFs edited in iLovePDF, SmallPDF, or Adobe Acrobat.

What does "inconclusive" mean for an invoice?

A verdict of inconclusive means the invoice was created with consumer software (Microsoft Word, Google Docs, or a desktop PDF printer) rather than with dedicated invoicing software. The file structure cannot verify integrity because these tools do not embed institutional metadata. This is itself a risk signal — legitimate vendor invoices from established businesses are generated by accounting systems, not Word.

How many invoice checks per month does a typical AP team need?

A team processing 10 invoices per day uses roughly 200 checks per month. The Growth plan (350 checks/mo at $149) covers a mid-size AP workflow with room for spikes. For teams running automated AP automation with batch processing, the Pro plan (1,500 checks/mo at $499) is more appropriate. The free web tool handles manual spot-checks for any volume.

Also see: PDF verification for Financial Services →

Automate PDF Verification in Your Workflow

REST API with transparent pricing from $15/mo. Self-serve — no sales call required.
Free web tool available for manual checks. Test keys on all plans.

View API Docs