Skip to content

Verify PDFs from any agent or backend

One REST call runs the full fraud and tamper analysis. POST a PDF with your API key, poll for a structured verdict (a trust_score, a fraud_risk label and the warnings behind it) that maps straight to accept, review or reject.

Get an API key See the skill
Call it from any agent or backend that can make an HTTP request
  • Claude Code
  • Claude Cowork
  • ChatGPT
  • Codex
  • Cursor
  • GitHub Copilot
  • Opencode
  • Gemini CLI
  • Warp
  • n8n

How it works

Submit, poll, read the verdict. Three calls against one endpoint.

  1. 1

    Submit the PDF

    Send the file as multipart/form-data with your API key in the API-KEY header. The bytes go straight to the API, never inlined as base64, nothing to truncate. You get a document_id back instantly.

  2. 2

    Poll, or get a webhook

    Poll for the document_id every few seconds until status leaves "processing" (typically 10-30 seconds). Or skip polling entirely: set a webhook URL on your API key and we POST the result the moment analysis finishes.

  3. 3

    Get a verdict and a decision

    The response is typed JSON: a trust_score, a fraud_risk label and the warnings behind it. Each risk level maps to a clear action (accept, review or reject) so your agent acts on a decision instead of re-deriving one from a raw score.

Get the agent skill

SKILL.md + scripts

A ready-to-use pack, published on GitHub, that teaches an AI agent to verify a PDF against the authenticated v2 document API. It contains a SKILL.md, a bash helper (curl + jq) and a dependency-free Python helper that handle submit, poll and verdict for you, plus a place to save your API key. Every verdict comes back with a one-line recommendation (accept, review, reject or unverifiable), so your agent branches on a decision, not a raw score. Inspect it on GitHub, then point any agent that can read a SKILL.md and run a shell at it. Works with Claude Code, Codex CLI, Opencode, Cursor, ChatGPT and other skill-capable agents.

Pick your agent, then clone the pack into the skill directory it already scans. Claude Code is the default option.

Claude Code

Best default for Claude Code. It looks for project skills under .claude/skills/<name>/SKILL.md.

Install docs 
git clone https://github.com/VerifyPDF/verifypdf-skill .claude/skills/verifypdf

Codex CLI

Codex CLI discovers repo-level skills from .agents/skills/<name>/SKILL.md at the Git repository root.

Install docs 
git clone https://github.com/VerifyPDF/verifypdf-skill .agents/skills/verifypdf

Opencode

Opencode discovers native project skills from .opencode/skills/<name>/SKILL.md.

Install docs 
git clone https://github.com/VerifyPDF/verifypdf-skill .opencode/skills/verifypdf

The pack follows Anthropic's open Agent Skills standard, and the same SKILL.md directory layout is now supported by Codex CLI and Opencode.

Save your key once

Use the VERIFYPDF_API_KEY environment variable, or paste it into the git-ignored key file shipped in the pack.

A decision, not just a score

Get back a trust_score, a fraud_risk label, the warnings behind it, plus a recommendation.action (accept/review/reject) your agent can branch on directly.

Free to test

A test key exercises the whole flow from the filename alone, with no charge and no live quota used.

View on GitHub View SKILL.md

Trust and safety

The same guarantees across every surface: dashboard, REST API and agent traffic.

  • Rate limited so a noisy client cannot crowd out a polite one.
  • Uploaded documents are encrypted in transit and at rest, then deleted from primary and backup storage within 90 days (see our Privacy Policy and DPA).
  • Every request is logged for audit, the same way your dashboard activity is.
  • Your API key authenticates against the same backend your existing integrations use. Quota, prepaid balance and audit logging all apply normally.

FAQ

Create an API key in the Developers section, then submit the file as multipart/form-data with the API-KEY header. You get a document_id back immediately; poll for that document_id until status leaves "processing", then read fraud_risk and warnings from the JSON. No SDK is required, any HTTP client works.

Any computer-generated PDF: bank statements, payslips, tax returns (including W-2s, 1099s and the 1040), invoices and similar financial documents, where accuracy is around 99%. It does not verify scanned documents, photos, screenshots or identity documents such as passports. Send the original PDF rather than a scan or a print-to-PDF copy, so the metadata and structural signals the analysis relies on stay intact.

Each verdict maps to one action. A trusted or low fraud_risk means accept: the document looks authentic. medium means review: a person should check the flagged warnings before accepting (the dashboard shows this band as Needs Attention). high means reject: the PDF shows strong forgery or tampering signals. A password-protected or corrupted document is unverifiable. Ask the sender for an intact, unlocked file and re-submit.

Log into your account at secure.verifypdf.com and open the Developers section. Create a key and send it as the API-KEY header on every request. Document verification API access is available on the Professional and Corporate plans; quota and prepaid balances apply exactly as they do for the dashboard.

Not reliably. A general AI assistant can read the text in a PDF, but it cannot inspect the metadata, document structure and editing traces that reveal tampering, so it will guess. Give the agent the VerifyPDF skill instead: it submits the file to the forensic API and returns a trust_score, a fraud_risk label and an accept, review or reject recommendation the agent can act on.

Because MCP is the wrong transport for a document. A tool call (including MCP) takes model-generated JSON as its input, so a local PDF has to be inlined as a ~50,000-character base64 string that models routinely truncate mid-stream, and a corrupted fragment produces a meaningless verdict. A direct multipart POST sends the raw bytes intact. Any agent that can run a shell or make an HTTP request (Claude Code, Cursor, a Python or Node script) should call the REST API directly, or use the AI agent skill that wraps it.

Yes. Assign a webhook URL to your API key in the Developers section at secure.verifypdf.com. When a document finishes analysis, VerifyPDF POSTs the structured result to that URL with an X-Webhook-Signature header (an HMAC-SHA256 of the raw body keyed with your webhook secret) plus an X-Webhook-Auth header, so you can verify every call is genuine. Webhook URLs must be HTTPS and cannot target private or internal networks.

Yes. Use the public upload form or the interactive demo for a quick smoke test. Direct API access is shown inside the authenticated product once you create an API key.

Stop guessing. Know in 5 seconds.

Upload a PDF. In under 5 seconds, VerifyPDF tells you if it's genuine or forged, with detailed evidence of every modification. Try it free for 15 days, no credit card needed.

Start free trial Watch demo

Trusted

This document is identical to others from this issuer

Match found in our document database
Document integrity verified
No traces of suspicious editing software